Damn Vulnerable IoT Device - The first opensource vulnerable designed IoT device
All details are available on DVID website : http://dvid.eu
This IoT device is designed by my own and published on OpenSource. The main objective is to provide to each interrested people a vulnerable board to improve their skill in IoT hacking.
The board core is composed by a Atmega328p and a OLED screen. For each vulnerabilities, a firmware could be flashed on the Atmega328p in order to offer a specific vulnerable environment.
There is also connection port like UART, Bluetooth, 2,4Ghz and Wifi. In each vulnerability, a specific extension board must be plugged to the board.
Hacking required attacks tools like USBasp and USBuart.
You can buy the board on marketplace (available soon) or build it yourself with Gerber files. The board is shipped with theses three packages :
- Board only and component reference : Naked board only. You must buy all component yourself and solder all component.
- Soldered board without attack component and extention : Soldered board but you must buy all external tools like USBuart, USBasp, extention board.
- Full package : Everything needed (soldered board, external board and attack tools).
If you want to contribute to the project, don't hesitate to open a pull request. By the way, about firmware compilation, you need to compile for atmega328p breadboard 8mhz. In order to do that, just add this board to the /arduino/hardware/arduino/avr/board.txt file
##############################################################
atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock)
atmega328bb.upload.protocol=arduino
atmega328bb.upload.maximum_size=30720
atmega328bb.upload.speed=57600
atmega328bb.bootloader.low_fuses=0xE2
atmega328bb.bootloader.high_fuses=0xDA
atmega328bb.bootloader.extended_fuses=0x05
atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex
atmega328bb.bootloader.unlock_bits=0x3F
atmega328bb.bootloader.lock_bits=0x0F
atmega328bb.build.mcu=atmega328p
atmega328bb.build.f_cpu=8000000L
atmega328bb.build.core=arduino:arduino
atmega328bb.build.variant=arduino:standard
atmega328bb.bootloader.tool=arduino:avrdude
atmega328bb.upload.tool=arduino:avrdude
In order to upload, select "USBAsp" in Tool -> Programmer
and start the upload using Sketch -> Upload Using Programmer
Many thanks to @ghozt, @shoxxdj and @podalirius
- Find The Datasheet - https://shoxxdj.fr/dvid-hardware-find-the-datasheet/
- Find The Datasheet - https://podalirius.net/fr/writeups/dvid-writeup-01-hardware-find-the-datasheet/
- Default Password - https://shoxxdj.fr/dvid-firmware-defaultpassword/
- Default Password - https://podalirius.net/fr/writeups/dvid-writeup-03-firmware-default-password/
- Advertising - https://podalirius.net/fr/writeups/dvid-writeup-04-bluetooth-advertise/
- Characteristics - https://podalirius.net/fr/writeups/dvid-writeup-05-bluetooth-characteristics/
- Characteristics2 - https://podalirius.net/fr/writeups/dvid-writeup-06-bluetooth-characteristics2/
- Find The Datasheet - https://podalirius.net/en/writeups/dvid-writeup-01-hardware-find-the-datasheet/
- Hardcoded Password - https://podalirius.net/en/writeups/dvid-writeup-02-firmware-hardcoded-password/
- Default Password - https://podalirius.net/en/writeups/dvid-writeup-03-firmware-default-password/
- Advertising - https://podalirius.net/en/writeups/dvid-writeup-04-bluetooth-advertise/
- Characteristics - https://podalirius.net/en/writeups/dvid-writeup-05-bluetooth-characteristics/
- Characteristics2 - https://podalirius.net/en/writeups/dvid-writeup-06-bluetooth-characteristics2/
In case of frying your board, you may encounter some issue with new version of chinese component. This part is dedicated to allow you to start to discuss with your component and put it in the ready-to-hack configuration
Last received parcel contains a new version of the AT-09, named MLT-BT05. This new version natively discuss over UART with 115200 baudrate. The DVID can discuss to peripherial with 9600 baudrate. In order to change that, follow those steps:
- Connect your AT-09 to your uart dongle : RX>TX, TX>RX, VCC>VCC and Gnd>Gnd
- Open a serial monitor and type : AT+BAUD4
- If you receive "OK", your BLE peripherial is ready-to-hack
Last received parcel contains a new version of Atmega328p. This version seems to be virgin and allow communication with very slow SCK. In order to modify the internal configuration (fuse), follow those steps:
- Solder (or shortcut) the Jumper #3 on the USBasp flashing dongle
- Type this command to be sure that you can communicates with the broken Atmega328p :
avrdude -v -patmega328p -cusbasp
- If you receive "hfuse reads D9" and "lfuse reads FF", your device is already ready-to-hack
- If not, type this command :
avrdude -v -patmega328p -U lfuse:w:0xE2:m -cusbasp
- You can type again
avrdude -v -patmega328p -cusbasp
to be sure that fuse configuration changed
You can not unsolder or remove shortcut on the Jumper #3. If you don't remove it, flashing process will take 20 more times. You can now flash all firmware on you DVID !