Setup a VM for IoT and Firmware Analysis

IoT stands for the Internet of Things. It’s a term that we will hear and be confronted more and more in the future. There are progrnosis that we will have up to 50 billion IoT devices  connected over the internet by the year 2020.  I’d say that’s definitive a good time to start making some thoughts about the security. This article will just give a little introduction to the topic and be a possible guide how to setup a virtual machine with some necessary tools to analyze and hack IoT devices.

Below you’ll see some examples like a wireless blood pressure monitor or a smart light bulp, but the list of devices is large. I plan to write more articles in the future howto play with the «bluetooth low energy protocol» to analyze and hack IoT devices. Another interessting part will be the extraction and emulation of firmware binaries. But first let’s setup a VM based on Kali Linux.

You can use any version of Kali Linux or setup a fresh one. I’ll use the light version virtual box image:

After importing the VM into Virtualbox, check the ethernet settings and that you’ve a connection to the internet.

Tools we want to install:

  • binwalk
  • FAT (Firmadyne,QEMU, Firmware mod kit,firmwalker,mitm proxy)
  • Kdiff3
  • Radare2
  • OpenOCD
  • Flashrom
  • Buidroot
  • GDB-Multiarch
  • GNU radio companion /GQRX
  • RTL-SDR Tools
  • Ubertooth, HackRF Tools
  • Zigbee Tools (Killerbee)

Install binwalk:

git clone
cd binwalk
sudo ./
sudo python ./ install
sudo apt-get install python-lzma  :: (for Python 2.x) 
sudo -H pip install git+

Install Firmadyne:

sudo apt-get install busybox-static fakeroot git kpartx 
netcat-openbsd nmap python-psycopg2 python3-psycopg2 snmp uml-utilities 
util-linux vlan qemu-system-arm qemu-system-mips qemu-system-x86 

git clone --recursive

cd ./firmadyne; ./

Edit firmadyne.config and make the FIRMWARE_DIR point to the current location of Firmadyne folder

Install Firmwareanalyse Toolkit:

pip install pexpect
git clone
mv firmware-analysis-toolkit/ .
mv firmware-analysis-toolkit/ .
chmod +x 
chmod +x Adjust the paths to firmadyne and binwalk in and Additionally, provide the root password. Firmadyne requires root privileges for some of its operations. The root password is provided in the script itself to automate the process.

Setup Firmwaremodkit:

sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic
git clone

Find the location of binwalk using which binwalk. Modify the file to change the value of variable BINWALK to the value of /usr/local/bin/binwalk (if that is where your binwalk is installed).

Setup Mitm Proxy

pip install mitmproxy or apt-get install mitmproxy

Setup Firmwalker

git clone

sudo apt-get install git build-essential zlib1g-dev liblzma-dev python-magic
git clone

Install Flashrom 0.99

wget apt-get
make && make install

Install Radar2

sudo apt-get install radar2

Install OpenOCD

sudo apt-get install openocd

Install gdb-multiarch

sudo apt-get install gdb-multiarch

Install gnu-radio / gqrx / rtl-sdr

sudo apt-get install gnuradio gqrx rtl-sdr

Install hackrf / ubertooth

sudo apt-get install hackrf ubertooth

Install Killerbee

apt-get install python-gtk2 python-cairo python-usb python-crypto
python-serial python-dev libgcrypt-dev
sudo apt-get install mercurial
hg clone
cd scapy-com
chmod +x
python install
cd ..
git clone
cd killerbee
python install
cd tools/
chmode +x *

Additional Tools (Arduino and XTCU)

sudo apt-get install arduino arduino-core

For XTCU go to the following URL and download the linux binary:

chmod +x


Kommentar hinterlassen

Schreib einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht.