Attify OS - distributive for testing for penetration of IoT

Few people know that the letter S in the abbreviation IoT means Security.

In this article I will talk about the distribution of Attify OS, intended for testing IoT-devices.

Internet of things

The Internet of Things (IoT) is only at the beginning of its journey, but it is already developing at a tremendous speed, and all the innovations introduced add serious problems related to information security. In the IoT world, the security through obscurity paradigm prevails - until the problem is identified - it doesn't seem to exist. A system that relies on “security through obscurity” may have existing or suspected vulnerabilities, but its owners or developers believe that if the flaws are unknown, then the attacker will not be able to detect them.

Using this concept leads to disastrous consequences - after the discovery of the vulnerability of the device, thousands are attacked and used by attackers.
')
The main difficulties in protecting IoT fall into the following factors:

• they cannot be updated / patched;
• the user does not know / does not want to be updated;
• they are removed from support.

Attify OS

There are many penetration testing distributions, including highly specialized ones, for a specific technology or type of device / vulnerability. AttifyOS is designed to test IoT devices.

Attify contains a firmware analysis toolkit (Firmware Analysis Toolkits) is a toolkit designed to help security researchers analyze and detect vulnerabilities in IoT firmware and embedded devices.

IoT devices and embedded systems use firmware, which often stores a lot of useful and often critical information. These can be hard-coded credentials, triggers for debugging and system information, undocumented features, backdoors, and more.

To make it easier to identify such information, Attify OS contains several extremely useful tools:

Utilities

Binwalk
The main tool for analyzing firmware is the binwalk utility. Binwalk is a fast, easy-to-use tool for analyzing, reverse engineering, and extracting firmware.

Attify Badge tool
Attify Badge GUI utility for interacting with UART, SPI, JTAG, GPIO etc. The utility was developed by Attify OS contributors and is a convenient tool for interaction and is a distinctive feature of this distribution.



Baudrate.py
A small tool written in Python to detect the rate of exchange of serial connections.

Openocd
Popular debugging system for microcontrollers. Open On-Chip Debugger (open debugger for chips). OpenOCD provides tools for debugging (debugging), in-system programming (in-system programming, ISP), in-circuit testing (boundary-scan testing) for embedded systems (microcontrollers, FPGA, etc.).

Flashrom
Universal utility for reading / writing flash-chips.

Spiflash.py
Spiflash programmer written in Python and designed to analyze FlashROM.

Firmware-Mod-Kit (FMK)
Designed to analyze and rebuild firmware.

Firmware Analysis Toolkit (FAT)
A toolkit created to help security researchers analyze and identify vulnerabilities in IoT firmware and embedded devices. The utility is developed by Attify OS contributors.

radare2
Popular utility for reverse engineering. Considered in one of our publications .

IDA Demo
IDA Pro is an interactive disassembler and debugger at the same time. It allows you to turn a binary program code into assembly text, which can be used to analyze the program. The demo version has several limitations.

Dex2jar
Dalvik bytecode translator to JVM bytecode, based on which you can get Java code.

Jadx
Dalvik bytecode decompiler to Java code.

Ropgadget
This tool allows you to identify vulnerabilities in binary files. ROPgadget supports ELF, PE and Mach-O formats on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS platforms.

Gqrx
Gqrx software receiver based on GNU Radio and GUI interface written in Qt.

GNURadio
Software tools that provide developers of software-defined radio systems "building blocks", providing the basic functions of digital signal processing.

Ubertooth-Utils
Platform for the development of wireless technologies (Bluetooth) open source. Ubertooth comes with a BLE (Bluetooth Smart) analyzer.

KillerBee / Attify ZigBee Framework
A tool (and wrapper to it) for analyzing ZigBee and IEEE 802.15.4.

Links to the distribution

Mega / Google Drive