IoT Implant Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients.
With an easy-to-use and extensible shell-like environment, IoT-Implant-Toolkit is a one-stop-shop toolkit simplifies complex procedure of IoT malware implantation.
In our research, we have successfully implanted Trojans in eight devices including smart speakers, cameras, driving recorders and mobile translators with IoT-Implant-Toolkit.
Also Read – Unicorn-Bios : Basic BIOS Emulator for Unicorn Engine
How to use?
Make sure you have git, python3 and setuptools installed.
For audio processing and playing, you should install alsa(built-in in linux), sox and ffplay. On ubuntu18.04:
$ sudo apt install sox ffmpeg
Download source code from our Github:
$ git clone https://github.com/arthastang/IoT-Implant-Toolkit.git
Set up environment and install dependencies:
$ cd IoT-Implant-Toolkit/
$ python3 setup.py install
Run the toolkit:
$ python3 -B IoT-Implant-Toolkit.py
Command:
list – List all tools
run – Run a specific tool
exit – Exit
[Implant-Toolkit]>
Three commands supported:
list: list all plugins
run: run a specific plugin with “run [plugin] [parameters]”
exit: exit
Each software tool acts as a plugin which can be easily added into the framework.
There are more than ten plugins in four categories, including topics on serial port debugging, firmware pack&unpack, software analysis, and implanted spy programs.
Existing plugins in our framework:
| Categories | Tools | Descriptions | Reference |
|---|---|---|---|
| Serial port debugging | pyserial | modem control and terminal emulation program | https://github.com/pyserial/pyserial |
| Serial port debugging | baudrate.py | find correct baudrate | https://github.com/devttys0/baudrate |
| Firmware Pack&Unpack | mksquashfs | create and extract Squashfs filesystem | https://github.com/plougher/squashfs-tools |
| Firmware Pack&Unpack | mkbootimg_tools | Unpack&repack boot.img for Android | https://github.com/xiaolu/mkbootimg_tools |
| Firmware Pack&Unpack | cramfs | make cramfs filesystem | https://sourceforge.net/projects/cramfs/files/cramfs/1.1/ |
| Firmware Pack&Unpack | mountimg | mount&unmount ext4 filesystems for Android system.img&data.img | On our github |
| Software Analysis | setools-android | setools for Android with sepolicy-inject | https://github.com/xmikos/setools-android |
| Software Analysis | crosscomplie | crosscompile toolchain for arm | on our Github later |
| Software Analysis | odex unpack | Odex to smali for Android | on our Github |
| Binary implant | spy client&server | a stable spy client and server, source and pre-built bins | on our Github |
| Binary implant | denoise tool | denoise tool for audio porcess | on our Github |
Code structure:
–IoT-Implant_toolkit.py #Startup script
–outputs/ #Default folder of outputs
–toolkit/
|—core/
|—basic/ #Basic plugin class defination
|—cli/ #Shell-like cli defination
|—toollist/ #Auto updating toollist of plugins
|—plugins/
|—firmware/ #Plugins for firmware modification
|—implant/ #Plugins for generate spy programs
|—serialport/ #Plugins for serial port debugging
|—software/ #Plugins for software analysis especially for Android
|—tools/ #Other tools
Create [newplugin].py in corresponding folder(category) and define init attributes to add a new plugin to IoT-Implant-Toolkit.The framework will detect new plugin automatically when startup.
Essential hardware tools for malware implantation research.See pictures in HardwareTools/ .
| Name | Description |
|---|---|
| Soldering Iron | Solder tools |
| Solder Wire | Solder tools |
| Solder Paste | Solder tools |
| Solder Wick | Solder tools |
| Hot Air Gun | Solder tools |
| Reballing Tool | Reballing tool |
| usb to ttl | Debug / Console cable |
| Dupont Wire | Electrical wire |
| EPROM Burner Programmer | Burner Programmer |
We have not added more plugins due to time limitation.
Chart below are tools not fits our framework, but may be useful.
We hope that IoT-Implant-Tookit will be an essential toolkit in malware implantation.
| Categories | Tools | Descriptions | Reference |
|---|---|---|---|
| Firmware Analysis | binwalk | a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images | https://github.com/ReFirmLabs/binwalk |
| Firmware Modify | firmware mod kit | a collection of scripts and utilities to extract and rebuild linux based firmware images | https://github.com/rampageX/firmware-mod-kit |
| Cross Compiler | buildroot | Cross Compiler for arm mips powerpc | https://buildroot.org/ |
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…