Full width home advertisement

Learn How to Hack

Free Hacking Resources

Post Page Advertisement [Top]

Explained - What is Penetration testing , Bug hunting and it's type.

Penetration testing

A typical penetration test which is also known as a pen test or pentest, is an authorized programmed cyberattack on a computer system. It is performed by cyber experts to evaluate the security of a technical system.

The penetration test is performed in order to recognize and detect faults and vulnerabilities present in the system functions. It is also useful to evaluate the efficiency of any third party to interact with the system functions in an illegal manner.

Basics of IoT Device Penetration Testing

While doing penetration testing on smart devices, it must be kept in mind that a proper planned action is better than an unwanted mess. In penetration testing, the hardware of a device and it's firmware plays an integral part. Thus, keeping in mind about the same, one can use a wi-fi switch device.

A wi-fi switch device would work as a mediator of the data and information and the testing program. It allows the user to have control of the entire process.

Which Wi-fi switch to choose?

As mentioned above a wi-fi switch is necessary to carry out the testing. Sonoff Basic, which is a device , often used in Home Automation. It is a wi-fi based wireless switch. This switch enables the user to control their smart devices. It transfer the data through the cloud router.

Specifications of Sonoff :

Power Supply: 90V~250V A
Max. Current: 10A
Wireless Standard: Wi-Fi 2.4GHz b/g/
Security Mechanism: WEP/WPA-PSK/WPA2-PSK
Operating Temperature : 0℃~40℃
Operating Humidity: 5%-95%
Material: ABS
Connector: universal

Information About the Device :

Prior to the start of testing process, it is advisable to check the security details. It is factually important go through the device's hardware and firmware to collect information about the functioning pattern and the embedded software, etc.

The internal hardware components of the device were found to be parts of input and output switches, setting switch, converter, LED chipset (flash), ESP8266, UART Ports, etc.

ESP8266 enables the user interference to be smooth with complete and self-contained Wi-Fi networking solution. It allows the host to run the application or to offload all Wi-Fi networking functions from another application processor.
Sonoff Basic device works on ESP8266 microchip.

UART stands for Universal Asynchronous Receiver/Transmitter. It’s not a communication protocol like SPI and I2C, but a physical circuit in a microcontroller, or a standalone IC. The main function of UART is to transmit and receive serial data. The hardware of the Sonoff device mentioned above has output ports that can be connected to obtain serial data connection.

After Identification of UART pins, establishing the connection of the ports to the USB Converter as follows.

Device USB-TTL Converter
TX       RX
RX       TX

Steps to be followed:-

To activate the flash mode of the device,
Press the RESET button and connect the USB converter to the desktop/laptop.

Connection of Device to machine using TTL-USB converter

For extracting the memory of the device use esp-tool, which is a very quiet handy tool for ESP8266 to perform the operations like reading, writing, erasing the data from/to the device.

Using the following command for a dump the flash memory :
esptool.py -p /dev/ttyUSB0 -b 115200 read_flash 0 0x400000 flash_contents.bin
It will take some time to dump and when it will be done, memory present at the device with Baudrate 115200 will be dumped into flash_contents .bin file. The 0 0x400000 indicates the reading address of memory i.e. up to 4 MB. The address of the port might be change.(in my case it’s /dev/ttyUSB0)

Firmware analysis
After using the esptool with help of UART pinouts, one can get the actual flash of the device.

Binwalk is a tool to analyze and scan firmware images and binaries. Itquickly shows the different partitions, size, encryption, file system used.


The consideration of harder weaknesses in dependent on attack vectors. Many critical information can be discovered through hardware penetration testing and thus must be processed carefully. While testing conducted on Soloff Wi-Fi-Switch, it concludes that the device does not use any encryption that stores the credentials like username and passwords of all previously connected Routers.

No comments:

Post a Comment

Bottom Ad [Post Page]