Close
0%
0%

HardSploit.io

like Metasploit but for Hardware!

Similar projects worth following
HardSploit aims to become an universal auditing tool for Internet of Things and Hardware security

HardSploit

Our goal is to design & produce a tool for hardware pentesting :

  • Internet Of Things
  • Industrial devices
  • Scada systems
  • Basic electronic products of everyday life
HardSploit is a Metasploit like tool but for Hardware Hacking.

HardSploit Project is lead by our Company (Opale Security) and its internal teams :

  • Yann ALLAIN (former CSO of an International Company, CEO of Opale Security, Electronic Engineer, Senior Pentester, BlackHat Speaker & Trainer)
  • Julien M. (Electronic Engineer, Hardware & Software Pentester, BlackHat Speaker & Trainer, Electronic Makers)
  • Gwénolé A. (Software Developper, Open Source Addict, Software Pentester)
How long can we continue to rely on hardware or critical electronic devices without being able to properly assess their security?

The most surprising (disturbing?) fact is that our industrials and our security experts do not mastered design techniques or audit of hardware systems. There is a gap between the threat and the response capacity of the actors in this field.Therefore the risks of attacks on the processed data increase (personal, supervision process of industrial equipment…).

It is clear that something is needed to help the security community to audit and control embedded systems security.

This is what motivated us to create HardSploit : a complete tool box (Hardware + Software), a Framework which aims to:

  • Facilitate the audit of electronic systems for security industry workers (Consultants, Auditors, Pentesters, Product designers etc.)
  • Increase the level of security (and trust!) of new communicating products designed by industry
What we want to achieve with the HardSploit Project
wohs

HardSploit Framework features

Hardsploit is a tool with software and electronic items. It is a technical and modular plateform (using FPGA) to perform security tests on electronic communications interfaces of embedded devices. It's a Framework.

All-in-one tool for Hardware pentest !

Main Functions (HardSploit modules)

The main Hardware security audit functions are

  • Sniffer, Scanner, Proxy, Interact with electronic bus
  • Dump memory
  • ...

Hardsploit Modules will let Hardware pentester to intercept, replay and/or and send data via each type of electronic bus used by the Hardware Target. The Level of interaction that pen-testers will have depend on the electronic bus features...

HardSploit 's modules enable you to analyse all sort of electronic bus (serial and parallel type)

  • JTAG, SPI, I2C's,
  • Parallel address & data bus on chip,
  • and more others to come in the futur (OneWire, UART, etc...)

Assisted visual wiring function

No more stress with that tremendous part of Hardware pen testing : You will know what need to be connected where !

We integrated into the tool an assisted visual wiring function to help you easier connect all wires to the Hardware target:

  • GUI will display the pin organization (Pin OUT) of the targeted chip.
  • GUI will guide you throughout the wiring process between Hardsploit Connector and the target
  • GUI will control a set of LED that will be turn ON and OFF to easy let you find the right Hardsploit Pin Connector to connect to your target
GUI and Software associated

The software part of the project will help conducting an end-to-end security audit. It will be compatible (integrated) with existing tools such as Metasploit. We will offer integration with other API in the future.

Our ambition is to provide a tool equivalent to those of the company Qualys or Nessus(Vulnerability Scanner) or the Metasploit framework but in the domain of embedded / electronic devices.

What is the Current Status of the Project?
  • Hardware design is complete
  • HardSploit Hardware prototype PCB board is nearly complete (last debugging function in progress)
  • Firmware (FPGA VHDL module and low level API) is in progress
  • GUI and Integration in Metasploit Framerwork just begin
  • More information on http://HardSploit.io to follow all the project steps

Crowdfunding campaign launched

https://www.indiegogo.com/projects/hardsploit-like-metasploit-but-for-hardware

We will appreciated...

Read more »

  • New import (I²C / SPI) feature & create your own Hardsploit VHDL modules

    allain02/15/2016 at 12:56 0 comments

    Fellow Hardware Hackers, here are some fresh news about the Hardsploit project !

    Hardsploit Talks:

    As you may have seen, Hardsploit will be presented at:

    • Hack In The Box (HITB) – May 26 2016 10:45 am – 11:45 am – Amsterdam
    • NullCon – 11 / 12th March 2016 – Goa
    • (TRAINING) BlackHat – July 30 / 31 & August 1 / 2 – Mandala Bay / Las Vegas

    It’s a good opportunity for us to meet the community and talk about Hardsploit or security in general. Don’t hesitate to catch us at these events !

    Hardsploit update:

    • API / GUI

    We have updated Hardsploit to add a new bus interaction: Import (I²C / SPI). You can now import the content of a file directly on your I²C or SPI targets, it’s easy as the export action.

    We also have implemented a progress bar for the import / export actions to let you now when Hardsploit complete the task (and how long did it take)

    The documentation is updated to include the new GUI (that was presented end of december) and this new import actions

    If you find any bugs using it (we hope not of course you can alert us on the bug tracker or on github

    • Create your own Hardsploit VHDL modules

    A feature that many of you asked for is live ! You have now the possibility to upload your own VHDL module in the Hardsploit FPGA. You can use the given template available on the Github we advise you to take a look at the readme to understand how it works. For any question related to this template contact us here.

    hardsploit-template

    • Roadmap

    We have updated the roadmap you can find it here, as always.

  • New import (I²C / SPI) feature & create your own Hardsploit VHDL modules

    allain02/15/2016 at 12:55 0 comments

    Fellow Hardware Hackers, here are some fresh news about the Hardsploit project !

    Hardsploit Talks:

    As you may have seen, Hardsploit will be presented at:

    • Hack In The Box (HITB) – May 26 2016 10:45 am – 11:45 am – Amsterdam
    • NullCon – 11 / 12th March 2016 – Goa
    • (TRAINING) BlackHat – July 30 / 31 & August 1 / 2 – Mandala Bay / Las Vegas

    It’s a good opportunity for us to meet the community and talk about Hardsploit or security in general. Don’t hesitate to catch us at these events !

    Hardsploit update:

    • API / GUI

    We have updated Hardsploit to add a new bus interaction: Import (I²C / SPI). You can now import the content of a file directly on your I²C or SPI targets, it’s easy as the export action.

    We also have implemented a progress bar for the import / export actions to let you now when Hardsploit complete the task (and how long did it take)

    The documentation is updated to include the new GUI (that was presented end of december) and this new import actions

    If you find any bugs using it (we hope not of course you can alert us on the bug tracker or on github

    • Create your own Hardsploit VHDL modules

    A feature that many of you asked for is live ! You have now the possibility to upload your own VHDL module in the Hardsploit FPGA. You can use the given template available on the Github we advise you to take a look at the readme to understand how it works. For any question related to this template contact us here.

    hardsploit-template

    • Roadmap

    We have updated the roadmap you can find it here, as always.

  • Hardsploit Online Shop is opened : Pre order launch !

    allain11/23/2015 at 08:19 0 comments

    We are pleased to announce that the Pre Order Period is opened.

    Want to be the first security guy with this fantastic hardware security auditing tool? Don’t hesitate to order one (or more) unit !

    Please go to https://www.shop-hardsploit.com/index.php to order (Shop menu)

    First delivery is scheduled on 15 of décember 2015 : Be quick : Our stock is limited !😉

    Hardsploit Team

View all 3 project logs

Enjoy this project?

Share

Discussions

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates