HackMag selected fifteen devices enabling you to pentest everything: from mechanisms to contactless cards. This list does not include trivial tools, like screwdrivers and soldering irons, because everybody chooses them individually. Hopefully, this toolkit would be useful in your penetration testing endeavors.
Raspberry Pi 4
Price: starting from $35
The latest models of Raspberry Pi minicomputers are equipped with ARM quad-core chips, feature 1, 2, or 4 GB of RAM onboard, communicate via Wi-Fi and Bluetooth, and have two micro HDMI ports and four USB slots. In fact, such devices can effectively replace a low-cost office desktop PCs; they are often used in media centers and home servers, as well as in zillions of other projects: from musical instruments to robots. Most importantly, Raspberry Pi can be used as a portable pentesting system. The manufacturer offers a broad range of ready-to-use cases, displays, batteries, and other accessories. No doubt, this minicomputer is a ‘must have’ for a true hacker. And just FYI: the compatibility problem with some USB-C chargers has been fixed in revision 1.2.
Price: € 00-300
Proxmark 3 is your best assistant in attacks targeting contactless cards. It is available in several modifications:
- RDV1 – an old version. It has nearly disappeared from the market by now and has no significant advantages.
- RDV2 – this version has a slot for an external antenna.
- RDV3 – the most popular (and cheap) model on the market. Made-in-China clones are also available; they support the same functions but often malfunction.
- RDV4 – the latest (and most expensive) Proxmark version that includes hardware and software for interaction with smart cards.
Proxmark 3 effectively replaces all similar devices in your toolbox; however, if you intend to deal only with Mifare cards, you may opt to use Chameleon Mini.
If you had ever dealt with smart homes, you are likely aware of the ZigBee protocol. It was created many years ago, but the assortment of ready-to-use network testing devices supporting it is still pretty scarce. Among them, the APImote board preflashed with KillerBee firmware is the top league. The device is sold on the market fully assembled, but specially for soldering fans, the developers have published the KiCad schemes on GitHub.
This kit will be very useful for hackers frequently dealing with embedded systems and smartphones. It consists of 13 adapters connecting nonvolatile memory in BGA cases to various programmers and even to an SD input (which sometimes allows to read the memory without a programmer). The cost of such adapters sold individually may exceed the cost of E-Mate X by several times.
Hackers dealing with magnetic cards are aware that readers for three-stripe cards supporting the write function are five times more expensive than readers unable to write data. The MagSpoof board was designed specially for this purpose: you can write on it data from the three magnetic strips and spoof them. The device effectively replaces a real card. Combined with a magnetic card reader, it allows to test the security of pass entry systems and payment systems.
The world has learned about the O.MG cable from a presentation delivered by its creators at DEFCON 2019. The cable includes a fully featured Rubber Ducky with the Wi-Fi function and makes it possible to remotely enter commands on the connected device from a keyboard. Most importantly, O.MG is visually undistinguishable from a standard power cable. The available modifications include Type-C, micro-USB, and Lightning.
The primary function of logical analyzers is debugging digital schemes. DSLogic analyzers are among the best based on the price to quality ratio. Furthermore, unlike Saleae products, they support open-source projects, e.g. PulseView. Three DSLogic models are available on the official website: Plus, U3Pro16, and U3Pro3 DSLogic 2. If you like soldering, you may search for DSLogic Basic on AliExpress. This model is similar to DSLogic Plus except for a lower price and smaller memory size. Upgrading it would be an excellent challenge for your technical skills.
FaceDancer21 is a mandatory tool for a security specialist frequently dealing with payment terminals. The device supports the following functions:
- Emulate various USB devices. For instance, you can create a device with a certain ID to circumvent the list of permitted connected devices.
- Identify what device types are supported by a specific USB port. This feature is useful when you deal with ATMs and wireless chargers (e.g. if a port of a small computer is used as a wireless charger).
- Fuzzing. This function is handy when you search for 0day vulnerabilities in USB drivers.
- Communication via USB using a Python library.
Because this is an open-source project, the prices may vary depending on the manufacturer’s greed.
Yard Stick One
If you had ever tried to unblock your locked car by replicating the unblocking signal, you will duly appreciate this device. Yard Stick One wireless test tool sends and receives traffic at popular frequencies up to 1 GHz. Its distinctive feature is the CC1111 chip that demodulates and modulates the signal at the hardware level, which increases the reception and transmission quality. To use Yard Stick One, you have to download and install a free utility called RFCat.
NFC Kill is a truly outstanding gadget. Its primary purpose is testing of contactless readers, while its additional functions allow to disable both readers and contactless cards. The tool supports three frequency ranges: Low Frequency (125-134 KHz), High Frequency (13.56 MHz), and Ultra High Frequency (850-930 MHz). NFC Kill is offered in two versions: Standard and Professional. The main difference between them is the possibility to perform tests without physical interaction with the device.
Most probably, you are familiar with Rubber Ducky, a device that emulates a keyboard and automatically enters malicious commands on the victim’s computer. Bash Bunny is a more sophisticated version of Rubber Ducky designed for HID attacks. In addition to the keyboard, it can emulate serial port devices, file storage devices, and USB-Ethernet adapters. Bash Bunny is perfectly suited for Red Team tests and allows to save money and space in your suitcase.
HydraBus is a fully functional replacement for the obsolete BusPirate board. Its main features include:
- an advanced user interface for work with popular hardware interfaces (I2C, SPI, UART, 1-3-wire, and JTAG/SWD);
- combined with PulseView, HydraBus can operate in the logical analyzer mode;
- a special library written in Python simplifies the usage;
- a MicroSD slot allows to save information during work.
Blinking LEDs of some devices (e.g. routers) transmit valuable information, especially during the startup. Sometimes LEDs are connected to data transfer lines (e.g. TX pin of UART bus). The OpticSpy board was developed to retrieve information from this transmission channel without a soldering iron or expensive logical analyzer. All you have to do is install the Python library, connect OpticSpy to your PC via USB, and put its photodiode against the light source. A demo is available on YouTube.
Hunter Cat hit the market in 2019. The device was developed to detect banking and other skimmers. It is very easy-to-use: you insert Hunter Cat into the ATM, then remove it and look at the LED. If it glows green, no skimmers were found; otherwise, it is better not to use this ATM. Hunter Cat is slightly bigger than a standard bank card; its cost is some $35.
USB dongle nRF52840 supports plenty of functions, but two of them deserve special attention. First, you can reflash this device and get a fully functional Bluetooth Low Energy sniffer with a nice plugin for Wireshark. Second, you can use LOGITacker open-source project to transform the dongle into a testing tool for wireless computer peripherals: mouse, keyboard, etc. Its price starts from $18, but you can find cheaper made-in-China clones on AliExpress.