Hacking small devices

Tags

, , ,

I’ve become a big fan of very small computers. My desk is currently littered with no fewer than five PCs, but with only a casual glance you could easily miss them.

RPi-300pxThe computers are various models of the Raspberry Pi (RPi) and BeagleBone Black (BBB).

The Raspberry Pi has made a lot of waves, selling in its millions and, in many ways, reviving the spirit of Acorn’s BBC Micro (my first ‘serious’ computer after learning Basic on the Sinclair Spectrum).

The BeagleBone is less famous but in many ways superior – not least in having lower power consumption (although the latest RPi, the B+, has improved on that considerably). The BBB also has more UARTs providing serial comms, which I’ve found useful for a number of projects.

BBB-300pxI’ve been playing with these devices for some time now, on a variety of projects, and have come to the conclusion that they are ideal for hacking experiments.

I review a lot of information security books in Network Security. And the books that focus on hands-on security all have something in common – they start with telling you how to set up a lab environment. This generally involves configuring physical machines as servers and attack targets and/or setting up a number of VMs for the same purpose.

VMs are all very well, but if you want to build a small network of machines, running a bunch of VMs quickly becomes very taxing on the hardware. Doing the same thing with physical machines rapidly becomes expensive (and noisy). Unless you think small.

The advantages of setting up a network with devices like the RPi and BBB are:

  • Low cost. You can pick up a Raspberry Pi B+ for about £23. Allow also for a case, SD card, network cable and power supply (although if you’re handy with wiring, it makes sense to use one powerful PSU and a power distribution board for several devices).
  • Silent. You can have an entire server room and it’ll be quiet as the grave.
  • Low power. An RPi can draw as little as 500mW, although for power supply calculations I’d allow 700-1,500mW depending on how you’re using it.

It’s easy to create a large network, with subnets, at very little cost.

Once you’ve got a target machine set up the way you like it, then you can save the image of the SD card – to replicate on more machines or share with other people. A useful image can be as little as 8GB (much less when zipped). If you b0rk a target machine accidentally, re-imaging the SD takes very little time.

Also, you can swap operating systems or configurations simply by swapping SD cards.

This approach isn’t suitable for every kind of target machine. I wouldn’t like to try running Windows on these machines. (Confession: I wouldn’t like to try running Windows on anything.) But they can fulfil many of your needs. Currently, in my office, I have one RPi running as a wireless AP, to be used for wifi exploits only, and which also acts as a web & ftp server for various hacking experiments. I’ve a BBB running Kali and another being developed as a dropbox, complete with XBee wireless – as detailed in Philip Polstra’s excellent Hacking and Penetration Testing with Low Power Devices.

Indeed, dropboxes are how these devices tend to be used in the security business. I just think they have much wider utility than that, particularly for independent, cash-strapped experimenters like me.

Follow

Get every new post delivered to your Inbox.

Join 202 other followers