The essential security auditing tool for Internet of Things devices you'll need in your toolbox

---

Table of contents

1. About the project
2. Getting Started
   • Prerequisites
   • Installation
3. Create your own Hardsploit project
   • Install the Harsploit API
   • Install the Harsploit GUI
   • Start Harsploit
4. Migration guide
5. Technologies used
6. License

About the project Hardsploit is an innovative hardware security testing platform designed to aid security researchers, engineers, and auditors in analyzing and evaluating the security of hardware devices. Featuring a modular design, Hardsploit supports various interfaces like JTAG, SPI, I2C, and UART, allowing for extensive hardware testing and reverse engineering. Main security audit functions: Sniffer (Real-time communication monitoring) Scanner (Automatic detection of JTAG, SPI, I2C, and UART interfaces on target devices.) Injection (Data injection to test device responses.) Memory dumping (Extracting the contents of a chip memory) ... Features: Advanced Firmware Analysis: Detects and analyzes vulnerabilities in firmware. Hardware Exploit Tools: Tools to exploit detected vulnerabilities. Secure Firmware Update: Updates firmware while ensuring security and integrity. Enhanced User Interface: More intuitive and interactive interface. ... Supported communication protocols: UART (Universal Asynchronous Receiver-Transmitter) SPI (Serial Peripheral Interface) I2C (Inter-Integrated Circuit) JTAG (Joint Test Action Group) SWD (Serial Wire Debug) NRF24L01 (Work in progress) ...

Getting Started

This guide will help you quickly get started with Hardsploit, covering the necessary prerequisites and installation steps.

Pre-requisites

To be able to start using Hardsploit, make sure that you have the following prerequisites installed:

• Python v3.9 or later
• A Linux machine (tested on Ubuntu, Kali and Raspberry Pi OS)

Installation

1. Install the Hardsploit GUI.

   pip install hardsploit-gui



2. That's all! Now you can start hardsploit with the following command.

   harsploit

Create your own Hardsploit project

If you want to make your Hardsploit more personal, here is the guide.

Pre-requisites

To be able to develope your project, make sure that you have the following prerequisites:

• Python v3.9 or later
• A Linux machine (tested on Ubuntu, Kali, Debian and Raspberry Pi OS)
• A virtual environment

1. Install the Hardsploit api!

   1. Clone Hardsploit Api.

      git clone "https://github.com/serma-safety-security/hardsploit.git"
   
   

   2. Go in the cloned repository (Here, you can modifie the api)

      cd "Path/To/Hardsploit
   
   

   3. Build the API

      poetry build
   
   

   4. Install the API

      poetry install
   
   

2. Install the Hardsploit gui

   1. Clone Hardsploit GUI.

      git clone "https://github.com/serma-safety-security/hardsploit-gui.git"
   
   

   2. Go in the cloned repository (Here, you can modifie the GUI)

      cd Path/to/hardsploit-gui
   
   

   3. Build the GUI

      poetry build
   
   

   4. Install the GUI

      poetry install



3. Start Hardsploit

   poetry run hardsploit

Migration guide

1. Click on the import button (or ctrl + V)
2. Choose the old database (.sqlite3 file)
3. Then press "Import"

This import button can also be use to import saved component, commands or both. Just select a .json file

To save multiple components, click on the export button.

Technologies used

This project has been developed using the following technologies:

• Python (Programming language used for project development.)
• PySide6 (Python framework for developing graphical user interfaces (GUI).)
• Poetry (Dependency management tool for Python projects.)
• Peewee (A small, expressive ORM (Object-Relational Mapping) library for Python.)

License

Hardsploit is licensed under *LGPLv3*. See the LICENSE file for more information.