Awesome Embedded and IoT Security

A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

Botnets like Mirai have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
If you are a beginner, you should have a look at the Books and Case Studies sections.
If you want to start right away with your own analysis, you should give the Analysis Frameworks a try. They are easy to use and you do not need to be an expert to get first meaningful results.

Items marked with :euro: are comercial products.

Contents

Tutorials and Technical Background

Software ToolsSoftware tools for analyzing embedded/IoT devices and firmware.Analysis Frameworks

EXPLIoT - Pentest framework like Metasploit but specialized for IoT.

FACT - The Firmware Analysis and Comparison Tool - Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.

Improving your firmware security analysis process with FACT - Conference talk about FACT :tv:.

FwAnalyzer - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.

HAL – The Hardware Analyzer - A comprehensive reverse engineering and manipulation framework for gate-level netlists.

HomePWN - Swiss Army Knife for Pentesting of IoT Devices.

IoTSecFuzz - Framework for automatisation of IoT layers security analysis: hardware, software and communication.

Killerbee - Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.

PRET - Printer Exploitation Toolkit.

Routersploit - Framework dedicated to exploit embedded devices.

Analysis Tools

Binwalk - Searches a binary for "interesting" stuff, as well as extracts arbitrary files.

cwe_checker - Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support.

emba - Analyze Linux-based firmware of embedded devices.

Firmadyne - Tries to emulate and pentest a firmware.

Firmwalker - Searches extracted firmware images for interesting files and information.

Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.

Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.

Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.

Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools

FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.

Firmware Mod Kit - Extraction tools for several container formats.

The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).

Awesome Embedded and IoT Security

A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

Items marked with :euro: are comercial products.

Software Tools
Analysis Frameworks
Analysis Tools
Extraction Tools
Support Tools
Misc Tools
Hardware Tools
Bluetooth BLE Tools
ZigBee Tools
SDR Tools
RFID NFC Tools
Books
Research Papers
Case Studies
Free Training
Websites
Blogs
Tutorials and Technical Background
YouTube Channels
Conferences
Contribute
License

Software Tools

Software tools for analyzing embedded/IoT devices and firmware.

Analysis Frameworks

EXPLIoT - Pentest framework like Metasploit but specialized for IoT.
FACT - The Firmware Analysis and Comparison Tool - Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
Improving your firmware security analysis process with FACT - Conference talk about FACT :tv:.
FwAnalyzer - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.
HAL – The Hardware Analyzer - A comprehensive reverse engineering and manipulation framework for gate-level netlists.
HomePWN - Swiss Army Knife for Pentesting of IoT Devices.
IoTSecFuzz - Framework for automatisation of IoT layers security analysis: hardware, software and communication.
Killerbee - Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.
PRET - Printer Exploitation Toolkit.
Routersploit - Framework dedicated to exploit embedded devices.

Analysis Tools

Binwalk - Searches a binary for "interesting" stuff, as well as extracts arbitrary files.
cwe_checker - Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support.
emba - Analyze Linux-based firmware of embedded devices.
Firmadyne - Tries to emulate and pentest a firmware.
Firmwalker - Searches extracted firmware images for interesting files and information.
Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools

FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
Firmware Mod Kit - Extraction tools for several container formats.
The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).