HardSploit

Our goal is to design & produce a tool for hardware pentesting :

• Internet Of Things
• Industrial devices
• Scada systems
• Basic electronic products of everyday life

HardSploit is a Metasploit like tool but for Hardware Hacking.

HardSploit Project is lead by our Company (Opale Security) and its internal teams :

• Yann ALLAIN (former CSO of an International Company, CEO of Opale Security, Electronic Engineer, Senior Pentester, BlackHat Speaker & Trainer)
• Julien M. (Electronic Engineer, Hardware & Software Pentester, BlackHat Speaker & Trainer, Electronic Makers)
• Gwénolé A. (Software Developper, Open Source Addict, Software Pentester)

How long can we continue to rely on hardware or critical electronic devices without being able to properly assess their security?

The most surprising (disturbing?) fact is that our industrials and our security experts do not mastered design techniques or audit of hardware systems. There is a gap between the threat and the response capacity of the actors in this field.Therefore the risks of attacks on the processed data increase (personal, supervision process of industrial equipment…).

It is clear that something is needed to help the security community to audit and control embedded systems security.

This is what motivated us to create HardSploit : a complete tool box (Hardware + Software), a Framework which aims to:

• Facilitate the audit of electronic systems for security industry workers (Consultants, Auditors, Pentesters, Product designers etc.)
• Increase the level of security (and trust!) of new communicating products designed by industry

What we want to achieve with the HardSploit Project

HardSploit Framework features

Hardsploit is a tool with software and electronic items. It is a technical and modular plateform (using FPGA) to perform security tests on electronic communications interfaces of embedded devices. It's a Framework.

All-in-one tool for Hardware pentest !

Main Functions (HardSploit modules)

The main Hardware security audit functions are

• Sniffer, Scanner, Proxy, Interact with electronic bus
• Dump memory
• ...

Hardsploit Modules will let Hardware pentester to intercept, replay and/or and send data via each type of electronic bus used by the Hardware Target. The Level of interaction that pen-testers will have depend on the electronic bus features...

HardSploit 's modules enable you to analyse all sort of electronic bus (serial and parallel type)

• JTAG, SPI, I2C's,
• Parallel address & data bus on chip,
• and more others to come in the futur (OneWire, UART, etc...)

Assisted visual wiring function

No more stress with that tremendous part of Hardware pen testing : You will know what need to be connected where !

We integrated into the tool an assisted visual wiring function to help you easier connect all wires to the Hardware target:

• GUI will display the pin organization (Pin OUT) of the targeted chip.
• GUI will guide you throughout the wiring process between Hardsploit Connector and the target
• GUI will control a set of LED that will be turn ON and OFF to easy let you find the right Hardsploit Pin Connector to connect to your target

GUI and Software associated

The software part of the project will help conducting an end-to-end security audit. It will be compatible (integrated) with existing tools such as Metasploit. We will offer integration with other API in the future.

Our ambition is to provide a tool equivalent to those of the company Qualys or Nessus(Vulnerability Scanner) or the Metasploit framework but in the domain of embedded / electronic devices.

What is the Current Status of the Project?

• Hardware design is complete
• HardSploit Hardware prototype PCB board is nearly complete (last debugging function in progress)
• Firmware (FPGA VHDL module and low level API) is in progress
• GUI and Integration in Metasploit Framerwork just begin
• More information on http://HardSploit.io to follow all the project steps

Crowdfunding campaign launched

https://www.indiegogo.com/projects/hardsploit-like-metasploit-but-for-hardware

We will appreciated your help

RoadMap & Features

We will soon released our set of fantastic features to simplify most of security audit of embedded devices and Internet of Things stuff…stay tuned…For now, we may disclosed the following roadmap

Hardware features

• All-in-one tool dedicated for Hardware Hacking
• 64 I/O channels
• Adjustable target voltage for level translation: 3,3V & 5V
• FGPA Cyclone II for versatile and powerfull electronic hardware hacking modules
• USB interface for direct connection to GUI
• Easy-to-use GUI & Console mode integrated in the Metasploit Framework

Version Alpha (June 2015)

• low level API (USB connection, Firmware & Module to upload function)
• Hardsploit PCB Board Prototype
• SPI Hardsploit module
• I2C Hardsploit module
• Memory dumping Module
• Central Framework core
• GUI in beta version

Version 1 (octobre 2015)

• I2C, SPI, Sniffer, Scanner and Interact function (Read, Write, etc..)
  • Reading speed of electronic buses is far above what a other tool can exploit thanks to FPGA technology
• Memory dumping (up to 64 connectors are available on Hardsploit to be able to dump most of chip content… even those with parallel bus)
• Assisted visual wiring function
• Metasploit integration beta
• Easy-to-use GUI to simplify interaction with targeted Hardware

Version 2 (Dec 2015)

• Professional trainings that will be held in best of bred international security conferences
• Metasploit integration complete
• JTAG module (Sniffer, Scanner, Interact & brute force function)
• OWASP like group and Web Site for embedded security industry
• an IC database more complete (more Pinout releted to SPI, I2C in the GUI databases)

Version 3 (Q1 2016)

• UART module
• OneWire module
• AutoPown Module

Version 4 (Q2 2016)

• IDE to let you create your own HardSploit Module