Top Tools and Resources for Hardware Hackers

As security researchers and penetration testers, we use several tools to analyze and research vulnerabilities in network devices and embedded systems with Internet connectivity, also known as IoT devices. Among the tools we use, there are oscilloscopes, logical analyzers, protocol analyzers, and many more.

The following list contains some of our favorites tools and resources to monitor, analyze and manipulate signals, as well as tools to interact with USB peripherals, Bluetooth devices, RFID tags, radio signals, etc.

Oscilloscopes, Logic Analyzers, and Protocol Analyzers

Tektronix (Standalone)

Tektronix, Inc. is an American company best known for manufacturing test and measurement devices such as oscilloscopes, logic analyzers, and video and mobile test protocol equipment.

Price: 500-40000 USD
Link: http://www.tek.com/oscilloscope

HP/Agilent (Standalone)

HP/Agilent oscilloscopes are high quality tools that provide a visual display of electrical signals and how they change over time.

Price: 500-50000 USD
Link: http://www.agilent.com

Rohde & Schwarz (Standalone)

Rohde & Schwarz is an independent manufacturer of test and measurement equipment for mobile radios and radiocommunications.

Price: 6000-12000 USD
Link: https://www.rohde-schwarz.com

Teledyne LeCroy (Standalone)

Teledyne LeCroy’s oscilloscopes offer a powerful combination of large and informative displays combined with advanced waveshape analysis capabilities – typically tailored to enhance the productivity of engineers in specific applications areas such as serial data test, disk drive test and automotive bus analysis.

Price: 500-30000 USD
Link: http://teledynelecroy.com

Rigol (Standalone)

Rigol has developed a complete line of digital oscilloscopes to help you achieve faster debugging and testing of your newest designs.

Price: 300-10000 USD
Link: http://www.rigolna.com

PropScope (PC-based)

The PropScope is a two-channel oscilloscope that is capable of reading 25 million samples per second with ten bits of resolution over one, two, ten, or twenty volt peak-to-peak waveforms. Power is provided through the USB port requiring only a single cable to connect the PropScope to any laptop or desktop PC.

Price: 200-250 USD
Link: https://www.parallax.com/product/32220

PropScope (PC-based)

The PropScope is a two-channel oscilloscope that is capable of reading 25 million samples per second with ten bits of resolution over one, two, ten, or twenty volt peak-to-peak waveforms. Power is provided through the USB port requiring only a single cable to connect the PropScope to any laptop or desktop PC.

Price: 200-250 USD
Link: https://www.parallax.com/product/32220

PicoScope (PC-based)

A PicoScope (sometimes known as a labscope) turns your laptop or desktop PC into a powerful diagnostic tool.

Price: N/A
Link: https://www.picotech.com

USBee (PC-based)

A USBee Test Pod is a full set of electronics test equipment in a small and easy to use computer connected device. The USBee shows you every level of your design from custom protocol fields and packets riding on your busses to the signals on the wires. USBees provide Mixed Signal Oscilloscope, Logic Analyzer, Protocol Analyzer, Packet Analyzer, Signal Generator and Spectrum Analyzer functions that get you to the root of your design problems quickly and easily.

Price: N/A
Link: http://www.usbee.com/

Saleae (PC-based)

Saleae makes easy-to-use USB Logic Analyzers that can record both digital and analog, and decode protcols like SPI, I2C, Serial, 1-Wire, CAN, Manchester, I2S and more.

Price: 100-600 USD
Link: https://www.saleae.com/


FM (Software Defined Radio)

HackRF

HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral capable of transmission or reception of radio signals from 10 MHz to 6 GHz.

Price: 300-400 USD
Link: https://greatscottgadgets.com/hackrf

bladeRF

bladeRF is a Software Defined Radio (SDR) platform designed to enable a community of hobbyists, and professionals to explore and experiment with the multidisciplinary facets of RF communication.

Price: 400-650 USD
Link: http://www.nuand.com

Crazyradio PA

Crazyradio PA is a long range open USB radio dongle based on the nRF24LU1+ from Nordic Semiconductor.

Price: 30–50 USD
Link: https://www.bitcraze.io/crazyradio-pa/

RfCat

The RFCat USB Radio Dongle is capable of transmitting, receiving, snooping, SpectrumAnalysis on frequencies between 300-928MHz giving the user the ability sniff or attack any wireless data protocols that transmit in those frequency ranges.

Price: 80-100 USD
Link: http://int3.cc/products/rfcat


RFID

RFIDeas pcProx Card Analyzer

Tools to quickly and accurately determine what card technology is currently in use. The pcProx Card Analyzers are designed in the USB Dongle form factor for compactness and portability.

Price: 250–350 USD
Link: https://www.rfideas.com

Proxmark III

The Proxmark is powerful open-source hardware offering the fastest way to get started with RFID and NFC research and development.

Price: 300–450 USD
Link: http://www.proxmark.org/
Link: http://proxmark3.com/
Link: http://www.elechouse.com/elechouse/index.php?main_page=product_info&cPath=90_93&products_id=2264
Extra: ProxBrute (Firmware for Proxmark3 with bruteforce support) http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx, http://www.mcafee.com/us/resources/white-papers/foundstone/wp-proxbrute.pdf


Bluetooth

Ubertooth One

The Ubertooth One is an open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.

Price: 100–150 USD
Link: http://ubertooth.sourceforge.net/


USB

FaceDancer21

The FaceDancer allows a computer (or “host”) to masquerade as a USB “device” to communicate with other USB devices or USB Hosts.

Price: 100–150 USD
Link: http://int3.cc/products/facedancer21


UART, JTAG, SPI, I2C, and GPIO

JTAGulator

JTAGulator is an open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device.

Price: 150-200 USD
Link: http://www.grandideastudio.com/portfolio/jtagulator/

Shikra

The Shikra is meant to be a more reliable replacement for the shortcomings of other tools like the BusPirate. It is an indispensable tool for investigating and reverse engineering embedded systems. It is meant to be a “hardware hacking” swiss army knife to be used for interfacing with embedded devices, debugging them, bit-banging, fuzzing, etc.

Price: 40-60 USD
Link: http://int3.cc/products/the-shikra


Miscellaneous

HardSploit

Hardsploit is a tool to perform security tests on embedded devices. Hardsploit Modules will let Hardware pentester to intercept, replay and/or and send data via each type of electronic bus used by the Hardware Target.

Price: 250-300 USD
Link: http://hardsploit.io/the-project/

Teensy

The Teensy is a complete USB-based microcontroller development system, in a very small footprint, capable of implementing many types of projects. All programming is done via the USB port.

Price: 20–40 USD
Link: https://www.pjrc.com/teensy/


Conclusion

Oscilloscopes, logic analyzers, protocol analyzers, and many other tools in this list are crucial to discover, analyze, and exploit vulnerabilities, so we hope you find these tools useful for your hardware hacking projects.

If you have a tool that you think should be in this list, feel free to let us know in the comments!