K
Kelly b
Unregistered - Pending Approval
Tourist 🚶♂️
Greetings, friends, I will not grovel, I want to tell you about 15 devices that deserve your attention.
Raspberry Pi 4
Price: from 35 dollars
Official site
Raspberry Pi mini computers from the latest lineup run on quad-core ARM chips, are equipped with 1, 2 or 4 GB of RAM, support Wi-Fi and Bluetooth communication, and have two micro HDMI ports and four USB ports. They can almost replace an inexpensive office desktop, are often used to create media centers and home servers, as well as in a host of different projects - from musical instruments to robots. But we are interested in something else: Raspberry can become a portable system for penetration testing. And there are a great many ready-made cases, displays, batteries and other body kit for them on everyone's favorite AliExpress.
Proxmark 3
Price: 100-300 euros
Page on Kickstarter
One of the best assistants for carrying out attacks on contactless cards was and remains a device called the Proxmark3. It is available in several versions.
Price: $ 150
Official site
If you managed to encounter a smart home, then you probably heard about the ZigBee protocol. It is already many years old, but there are not so many ready-made devices for testing network security. Among them is the APImote board, which works in conjunction with the killerbee framework. The device comes ready-made, but for those who like to solder, the developers have posted KiCad diagrams on GitHub .
E-mate x
Price: $ 100
Official site
The E-Mate X set will be a useful gift for those who often work with embedded systems or smartphones. It consists of thirteen adapters from non-volatile memory chips in a BGA package to various programmers and even to an SD-input (which in some cases allows reading memory without a programmer). The cost of analogs with only one of the adapters can exceed the cost of the E-Mate X twice, or even more.
MagSpoof
Price: $ 60
Official site
Many people face the same problem when working with magnetic cards: a reader for three-lane cards with the ability to write sometimes costs five times more than the same reader without the ability to write. It is for such tasks that the MagSpoof board was developed, on which you can write data from three magnetic stripes and spoof them. Thus, the device replaces the real card. And in conjunction with a magnetic card reader, you will save half the money and get a full-fledged device for testing the security of an access or payment system.
O.MG cable
Price: $ 120
Official website
The O.MG cable became famous mainly due to the performance of its developers at DEFCON 2019. This cable is wired with a full-fledged Rubber Ducky with Wi-Fi, which allows you to remotely enter keyboard commands into a connected device. And the main plus of O.MG is that its appearance is indistinguishable from a regular charging cable. There are several options: Type-C, micro-USB, and Lightning.
DSLogic
Price: $ 60-150
Official site
A logic analyzer helps debug digital circuits. And the analyzers of the DSLogic series have established themselves as one of the best in terms of price and quality. Moreover, unlike Saleae products, they support open source projects such as PulseView. There are three DSLogic models available on the official website: Plus, U3Pro16 and U3Pro32. And if you are fond of soldering, then you can search DSLogic Basic on AliExpress. This model is no different from DSLogic Plus, apart from lower price and storage capacity.
FaceDancer21
Price: $ 85
Official site
FaceDancer21 device is a must-have tool for a payment terminal tester. With it, you can do the following things.
Yard stick one
Price: $ 100
Official site
If you have tried to unlock your car by repeating the unlock signal, you will probably appreciate this device. The Yard Stick One allows you to send and receive traffic on popular frequencies (up to 1 GHz). Its distinguishing feature is the use of the CC1111 chip, which allows hardware demodulation or modulation of the signal, which improves the quality of reception and transmission. To work with the Yard Stick, you need to install the free RFCat utility .
NFC Kill
Price: 180/250 dollars
Official website
Few can now be surprised by devices for testing contactless cards. But the NFC Kill device will definitely interest you: first of all, it is intended for fuzzing testing of contactless reading systems. And additional functions allow you to disable both the readers and the contactless cards themselves. The device operates at three frequencies: Low Frequency (125-134 kHz), High Frequency (13.56 MHz) and Ultra High Frequency (850-930 MHz). It comes in two versions: Standard and Professional. The difference between them is the ability to run tests without physically interacting with the device.
Bash bunny
Price: $ 100
Official site
Most likely, you are already familiar with the Rubber Ducky - a device that emulates a keyboard and automatically enters malicious commands into the victim's computer. The Bash Bunny is a more sophisticated HID attack device. In addition to the keyboard, it can emulate any serial device, file storage, and USB to Ethernet adapters. This device is perfect for running Red Team tests and saves money and space in your camping kit.
HydraBus
Price: 75 euros
Official website
HydraBus was originally designed as a complete replacement for the outdated BusPirate board. Here is a list of the main advantages of the HydraBus:
OpticSpy
Price: 65–100 dollars
Official site
Devices such as routers often transmit a lot of valuable information by flashing LEDs, especially when turned on. It happens that such LEDs are connected to a data line, for example, to the TX pin of the UART bus. To receive information from this data transmission channel without soldering and expensive logic analyzers, we developed a board called OpticSpy. To work, you will need to install the Python library, connect OpticSpy to a computer via USB and bring its photodiode to a light source.
Hunter cat
Price: $ 35
Official site
In 2019, an interesting device appeared on the market - the Hunter Cat. It was developed to find banking and other skimmers. Its essence is simple: you insert it into the card collector, pull it out and look at the LED. If it glows green, then the skimmer was not detected, otherwise it is better not to use this ATM. The Hunter Cat is slightly larger than a bank card and costs about $ 35.
nRF52840 dongle
Price: $ 18
Official site
Well, at the end of the list - USB-dongle nRF52840. He has a lot of opportunities, among which two are worth highlighting. First, you can reflash it and get a complete Bluetooth Low Energy sniffer with a nice plugin for Wireshark. Secondly, using the open project LOGITacker, you can turn this dongle into a device for testing wireless computer peripherals: mouse, keyboard and others. The device starts at $ 18, but you can find Chinese clones for less on AliExpress.
Raspberry Pi 4
Price: from 35 dollars
Official site
Raspberry Pi mini computers from the latest lineup run on quad-core ARM chips, are equipped with 1, 2 or 4 GB of RAM, support Wi-Fi and Bluetooth communication, and have two micro HDMI ports and four USB ports. They can almost replace an inexpensive office desktop, are often used to create media centers and home servers, as well as in a host of different projects - from musical instruments to robots. But we are interested in something else: Raspberry can become a portable system for penetration testing. And there are a great many ready-made cases, displays, batteries and other body kit for them on everyone's favorite AliExpress.
Proxmark 3
Price: 100-300 euros
Page on Kickstarter
One of the best assistants for carrying out attacks on contactless cards was and remains a device called the Proxmark3. It is available in several versions.
- RDV1 is an old version of the device, rarely found on the market and does not have much advantages.
- RDV2 - The advantage of this version is the presence of a connector for an external antenna.
- RDV3 is the most popular (and cheapest) model on the market, Chinese clones are available with the same functions, but not always stable operation.
- RDV4 is the latest version of Proxmark, which also includes hardware and software for working with smart cards. The most expensive model on the list.
Price: $ 150
Official site
If you managed to encounter a smart home, then you probably heard about the ZigBee protocol. It is already many years old, but there are not so many ready-made devices for testing network security. Among them is the APImote board, which works in conjunction with the killerbee framework. The device comes ready-made, but for those who like to solder, the developers have posted KiCad diagrams on GitHub .
E-mate x
Price: $ 100
Official site
The E-Mate X set will be a useful gift for those who often work with embedded systems or smartphones. It consists of thirteen adapters from non-volatile memory chips in a BGA package to various programmers and even to an SD-input (which in some cases allows reading memory without a programmer). The cost of analogs with only one of the adapters can exceed the cost of the E-Mate X twice, or even more.
MagSpoof
Price: $ 60
Official site
Many people face the same problem when working with magnetic cards: a reader for three-lane cards with the ability to write sometimes costs five times more than the same reader without the ability to write. It is for such tasks that the MagSpoof board was developed, on which you can write data from three magnetic stripes and spoof them. Thus, the device replaces the real card. And in conjunction with a magnetic card reader, you will save half the money and get a full-fledged device for testing the security of an access or payment system.
O.MG cable
Price: $ 120
Official website
The O.MG cable became famous mainly due to the performance of its developers at DEFCON 2019. This cable is wired with a full-fledged Rubber Ducky with Wi-Fi, which allows you to remotely enter keyboard commands into a connected device. And the main plus of O.MG is that its appearance is indistinguishable from a regular charging cable. There are several options: Type-C, micro-USB, and Lightning.
DSLogic
Price: $ 60-150
Official site
A logic analyzer helps debug digital circuits. And the analyzers of the DSLogic series have established themselves as one of the best in terms of price and quality. Moreover, unlike Saleae products, they support open source projects such as PulseView. There are three DSLogic models available on the official website: Plus, U3Pro16 and U3Pro32. And if you are fond of soldering, then you can search DSLogic Basic on AliExpress. This model is no different from DSLogic Plus, apart from lower price and storage capacity.
FaceDancer21
Price: $ 85
Official site
FaceDancer21 device is a must-have tool for a payment terminal tester. With it, you can do the following things.
- Emulate different USB devices. You can, for example, create a device with a specific ID and bypass the list of allowed connected devices.
- Determine what types of devices the USB port supports. Useful when working with ATMs and wireless chargers (in case wireless charging is a small computer port).
- Fuzz: Convenient for finding 0day in USB drivers.
- Interact over USB using a Python library.
Yard stick one
Price: $ 100
Official site
If you have tried to unlock your car by repeating the unlock signal, you will probably appreciate this device. The Yard Stick One allows you to send and receive traffic on popular frequencies (up to 1 GHz). Its distinguishing feature is the use of the CC1111 chip, which allows hardware demodulation or modulation of the signal, which improves the quality of reception and transmission. To work with the Yard Stick, you need to install the free RFCat utility .
NFC Kill
Price: 180/250 dollars
Official website
Few can now be surprised by devices for testing contactless cards. But the NFC Kill device will definitely interest you: first of all, it is intended for fuzzing testing of contactless reading systems. And additional functions allow you to disable both the readers and the contactless cards themselves. The device operates at three frequencies: Low Frequency (125-134 kHz), High Frequency (13.56 MHz) and Ultra High Frequency (850-930 MHz). It comes in two versions: Standard and Professional. The difference between them is the ability to run tests without physically interacting with the device.
Bash bunny
Price: $ 100
Official site
Most likely, you are already familiar with the Rubber Ducky - a device that emulates a keyboard and automatically enters malicious commands into the victim's computer. The Bash Bunny is a more sophisticated HID attack device. In addition to the keyboard, it can emulate any serial device, file storage, and USB to Ethernet adapters. This device is perfect for running Red Team tests and saves money and space in your camping kit.
HydraBus
Price: 75 euros
Official website
HydraBus was originally designed as a complete replacement for the outdated BusPirate board. Here is a list of the main advantages of the HydraBus:
- provides a complete user interface for working with popular hardware interfaces (I2C, SPI, UART, 1-3-wire, JTAG / SWD);
- HydraBus can be used in conjunction with PulseView to operate in logic analyzer mode;
- there is a Python library that makes it easier to use;
- there is a microSD slot for saving information as you work.
OpticSpy
Price: 65–100 dollars
Official site
Devices such as routers often transmit a lot of valuable information by flashing LEDs, especially when turned on. It happens that such LEDs are connected to a data line, for example, to the TX pin of the UART bus. To receive information from this data transmission channel without soldering and expensive logic analyzers, we developed a board called OpticSpy. To work, you will need to install the Python library, connect OpticSpy to a computer via USB and bring its photodiode to a light source.
Hunter cat
Price: $ 35
Official site
In 2019, an interesting device appeared on the market - the Hunter Cat. It was developed to find banking and other skimmers. Its essence is simple: you insert it into the card collector, pull it out and look at the LED. If it glows green, then the skimmer was not detected, otherwise it is better not to use this ATM. The Hunter Cat is slightly larger than a bank card and costs about $ 35.
nRF52840 dongle
Price: $ 18
Official site
Well, at the end of the list - USB-dongle nRF52840. He has a lot of opportunities, among which two are worth highlighting. First, you can reflash it and get a complete Bluetooth Low Energy sniffer with a nice plugin for Wireshark. Secondly, using the open project LOGITacker, you can turn this dongle into a device for testing wireless computer peripherals: mouse, keyboard and others. The device starts at $ 18, but you can find Chinese clones for less on AliExpress.