Connected devices are part of a scenario in which every device talks to other related devices in an environment to automate home and industry tasks, and to communicate usable sensor data to users, businesses and other interested parties. Because of that the devices that we used is can be categorized as IoT devices and attacker can implat a trojan/malware into IoT devices.
IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like environment, IoT-Implant-Toolkit is a one-stop-shop toolkit simplifies complex procedure of IoT malware implantation.
In our research, we have succcessfully implanted Trojans in eight devices including smart speakers, cameras, driving recorders and mobile translators with IoT-Implant-Toolkit.
A demo video below:
How to use
Make sure you have git, python3 and setuptools installed.
For audio processing and playing, you should install alsa(built-in in linux), sox and ffplay. On ubuntu18.04:
Download source code from our Github:
Set up environment and install dependencies:
Run the toolkit:
Three commands supported：
list: list all plugins
run: run a specific plugin with “run [plugin] [parameters]”
Each software tool acts as a plugin which can be easily added into the framework.
There are more than ten plugins in four categories, including topics on serial port debugging, firmware pack&unpack, software analysis, and implanted spy programs.
Existing plugins in our framework:
|Serial port debugging||pyserial||modem control and terminal emulation program||https://github.com/pyserial/pyserial|
|Serial port debugging||baudrate.py||find correct baudrate||https://github.com/devttys0/baudrate|
|Firmware Pack&Unpack||mksquashfs||create and extract Squashfs filesystem||https://github.com/plougher/squashfs-tools|
|Firmware Pack&Unpack||mkbootimg_tools||Unpack&repack boot.img for Android||https://github.com/xiaolu/mkbootimg_tools|
|Firmware Pack&Unpack||cramfs||make cramfs filesystem||https://sourceforge.net/projects/cramfs/files/cramfs/1.1/|
|Firmware Pack&Unpack||mountimg||mount&unmount ext4 filesystems for Android system.img&data.img||On our github|
|Software Analysis||setools-android||setools for Android with sepolicy-inject||https://github.com/xmikos/setools-android|
|Software Analysis||crosscomplie||crosscompile toolchain for arm||on our Github later|
|Software Analysis||odex unpack||Odex to smali for Android||on our Github|
|Binary implant||spy client&server||a stable spy client and server, source and pre-built bins||on our Github|
|Binary implant||denoise tool||denoise tool for audio porcess||on our Github|
Create [newplugin].py in corresponding folder(category) and define init attributes to add a new plugin to IoT-Implant-Toolkit.The framework will detect new plugin automatically when startup.
Essential hardware tools for malware implantation research.See pictures in HardwareTools/ .
|Soldering Iron||Solder tools|
|Solder Wire||Solder tools|
|Solder Paste||Solder tools|
|Solder Wick||Solder tools|
|Hot Air Gun||Solder tools|
|Reballing Tool||Reballing tool|
|usb to ttl||Debug / Console cable|
|Dupont Wire||Electrical wire|
|EPROM Burner Programmer||Burner Programmer|
We have not added more plugins due to time limitation.
Chart below are tools not fits our framework, but may be useful.
We hope that IoT-Implant-Tookit will be an essential toolkit in malware implantation.
|Firmware Analysis||binwalk||a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images||https://github.com/ReFirmLabs/binwalk|
|Firmware Modify||firmware mod kit||a collection of scripts and utilities to extract and rebuild linux based firmware images||https://github.com/rampageX/firmware-mod-kit|
|Cross Compiler||buildroot||Cross Compiler for arm mips powerpc||https://buildroot.org/|