A friend sent me a link to the “PwnPad” correctly thinking I would be interested. I got in touch with the creator (RoboGR00t) to see how I could get one, if there were kits available or a tindie link etc. He said he had one spare if I could solder it up, unfortunately postage to UK was crazy expensive! so we came to an arrangement that a colleague of his would post it to me from UK as they were in the country in a couple of months. We stayed in touch, swapped stories, pentester chat, became friends. A couple of months passed, I had forgotten about this cool toy, then one day it arrived!
Along with a sick T-shirt. So thank you mystery poster, it’s much appreciated.
All of this is to say I was given it to try, play with give feedback, but no-one has asked me to write this, I’m simply doing it because someone might be interested on my thoughts? maybe?
It took me far too long to get this put together and flashed due to other projects taking priority, but I got there eventually!
About
This is a small device based off of the famous arduino chip (Atmega328P) to teach/learn hardware hacking skills. It starts with beginner challenges, basic skills all hardware pentesters should have and quickly ramps up to some more niche or obscure skills.
There are jumpers that when bridged correlate to a binary number to select the challenge that is loaded. Reading the description from the github will help direct you with what the goal(s) are for the selected challenge.
There were some issues, but these are things that will be easy to fix by updating documentation or code. There was an issue with the reset button and jumpers but I believe these have been fixed in V2.
Once I’d built it and flashed the firmware it was a lot of fun to complete. My solutions can be read HERE. Warning, spoilers are there!
Conclusion
I think this has two main use cases:
Self study – If you get one and build it there is very little hand holding, a basic “this is what you are trying to do” and you will have to go and learn what that is or how to do it, then put that theory into practice to get the flag.
Teaching aid – This is where I think it would be most beneficial. When a more experienced tester can walk through this with a junior and be able to answer questions along the way. Each challenge could be a separate lesson so each session a new skill is learnt.
The codebase and challenge selection system mean it’s super easy to add challenges and I expect more will be added in the future. The challenges that exist currently are good to learn the basics of hardware hacking, the 90% of of things you’d typically look to do. I haven’t seen V2 board, but I have heard it fixes some of the hardware problems V1 had (not that they were game breaking, just a little annoying)
I dont know when V2 will be released, but when it is I highly recommend getting one and having a play. I guess the github would be the best place to look for updates, HERE is a link.
Again I’d like to give a massive thanks to RoboGR00T for making this awesome thing and chatting all things nerdy with me 🙂
Thanks again to mystery poster, without you I never would have got to play with this