As a fledgling hardware hacker, one of my favorite things about conferences is hacking on electronic badges. I’m not much of a CTF player and rarely do I care about the flags intentionally placed in a badge. I am, however, interested in the hardware itself and attempting to find unintentional method of accessing firmware or making potential modifications.
For the last two years or so, I’ve been packing up random tools from my bench and tossing them in my luggage. I got tired of sorting through all my tools before leaving and upon my return home, so I decided to build out a small dedicated travel kit for badge hacking. Probably important to note that I usually check my luggage. If you don’t check, you might want to put a bit more thought into what TSA would allow. I think the only tool over the size limit is the soldering iron, which might be fine with the tip removed, but don’t take my word for it.
I decided to share my load out to help those who may be new to hardware or interested in building something similar. Also, since I’m still relatively new to it, I’d love any feedback from others. I’ve built out 2 BOM’s, one contains the items I consider “must haves” and the second containing the optional items that most likely won’t be required but can be pretty nice.
Check out the BOM here: https://docs.google.com/spreadsheets/d/13yUsgbyqdR-uTF4VaN706SWAdZshy3CyjNz7YjBWk0U/
If you’re looking for a little more reading, continue on for my justification on some items and some additional things that I include in my personal kit that aren’t priced out in the BOMs.
Hardware Modification:
Travel Soldering Iron:
Hakko FX-901 Soldering Iron or Sainsmart Pro32.
Access to a soldering iron may be the most important thing for diving into the hardware of an electronic badge. Many cons have a hardware hacking village, but irons are usually in high demand. Currently my travel kit uses the Hakko FX-901 which is battery powered (using rechargeable AA’s). Being battery powered is nice because you don’t need to find an outlet if you’re hacking about con. The down-side to this iron is it’s weight. It takes 4 AA’s, causing the iron to be not only heavy but unbalanced.
I was introduced to the Sainsmart Pro32 (AKA TS100) just last weekend and it’s currently on it’s way to me. The Pro32 is powered using a 12-24 power supply, has adjustable temperature, and is just about as small and light as you could possibly make a soldering iron. While more expensive, it has more features than the FX-901. I haven’t personally tested this iron yet, but the largest draw-back appears to be the need for an outlet. I expect this will become my iron moving forward, and will update after some testing. The Sainsmart will be listed in the BOM, subject to change after testing. If you go with the FX-901, be sure to add batteries and a charger.
4″ x 6″ PCB:
This might seem like a weird item to add, but it serves it’s purpose. I have 2 of these in my kit to serve as heat resistance surfaces to do my soldering or removal. They also serve as a spot to set the soldering iron down while your working without needing to shut it off.
Compressed Sponges:
Also might seem odd, but I like working with a clean soldering iron. These compressed sponges are very compressed but expand to 3/8″ when wet. The 12 pack measures to roughly 1/2″ while compressed, meaning you’ll have more then enough sponge to keep your iron clean for a while.
Chipquik SMD removal kit:
This is something I’d definitely consider an optional kit component, but at it’s price I had to include it in mine. Chip removal can be very beneficial in PCB reversing or investigating the chips itself (dumping contents or programming). Chipquik’s SMD removal kit’s specially designed alloy lowers the melting temperature of the solder already on board making removal significantly easier.
56 piece driver set:
Another completely optional item. It’s fairly unlikely that you’ll run into an electronic badge that you’ll need a screwdriver set to hack. That said, you might find yourself hacking something other than a badge. I put one of these in my kit because I’ll often end up picking up some random IoT product or electronic kids toy just to hack on with friends while at con.
Small Adjustable Power Supply:
This is optional. You will almost never require it for badge hacking, but if you want your kit to work with other targets, then this becomes a lot more beneficial to have.
Various breakouts, headers, wires, and grabbers:
I carry a pretty diverse list of header pins with different pitches and layouts. Various different types of jumpers (m-m, m-f, f-f, etc), and a bunch of different sized wire grabbers. I could list each individual item out, but honestly, I’m too lazy to look up the links. The BOM will only contain basic jumper wires which should serve the majority of needs. Check out adafruit for various breakout boards. I’ve found they come in pretty handy, and not always for what you expect.
Additional tools:
- 20-30 awg wire stripper
- Small pliers
- Wire snips
- Solder sucker
- Solder wick
- Solder
- Flux pen
- Electrical tape
Signals and Firmware:
Buspirate and FT232H:
The buspirate and FT232H are both multi-purpose tools that can speak multiple different protocol. Each have their advantages and disadvantages over the other. Being that both are fairly inexpensive (for hardware tools), I decided to include both in this kit.
Logic Analyzer:
There are tons of options available for logic analyzers. You can roll your own using an Arduino or RPi, or you can buy something. In my kit, I’m using a Saleae Logic 8 primarily because I already had a spare one. Saleae recently discontinued the 4 channel, and increased their prices, but ~50% discounts are available for non-commercial use with little more than an email.
Multimeter:
If you search amazon for “pocket multimeter” you’ll get a ton of results. I picked up the Victor VC921 cause it was cheap and available for prime shipping (at the time). For badge hacking, you don’t really need something super special. Primarily just checking basic voltages, continuity, and resistance. Anything with decent review should be fine.
JTAGulator:
The JTAGulator is an optional tool as you can usually manually trace out pins to identify JTAG and you can easily use a logic analyzer to identified active UART pins. That said, the JTAGulator makes this process much easier, especially if the badge designer left lots of headers accessible. Also, it’s quite sexy with its hot pink solder mask and large metal-inspired logo.
Various USB cables:
Between all the different tools listed above and many badges now having some USB interfacing, you gotta have cables.
Nice post, thanks! Reminded me of some stuff I have, and highlighted some stuff I need.