Book Review: Hacking and Penetration Testing with Low Power Devices

| February 27, 2015

Hacking and Penetration Testing with Low Power Devices” by Philip Polstra is an excellent read.  The author bases this book on his experiences in both hardware, software and penetration testing and combines the various disciplines to both educate and enlighten the reader.  Ultimately, the subject matter revolves around using the BeagleBone Black and a customized ARM penetration testing Linux distro, which Polstra’s dubbed ‘The Deck,’ to perform various types of hacking activities. It’s described as, “A practical guide to performing penetration tests from a distance with low-cost, battery-powered devices.” Oh yeah… just what the doctor ordered.

Let me open by saying that this book struck my “techie geek” nerve.  Years and years ago, not too long after I became a computer guy, but far before becoming a professional penetration tester, I managed a Radio Shack store (sad to see they’re going away).  I guess you could say I was a maker before it was called that. This book, while discussing pentesting, code, automation and stealth, offers the reader a great experience as he brings them into a world of hardware manipulation, discussions of power consumption, radio communication, and other really cool topics.  It truly embraces the mindset of the hacker in a cross-disciplinary way and acts like a perfect bridge for those currently in the computer hacking arena into the exciting wider world of the maker movement. I’m excited to share this experience with you, so let’s get to it.

Reviewer’s Note – For this type of book, reviews become much more effective for the reader if the reviewer actually gets his hands dirty. Not to get too heavy into how the sausage is made, but if I had some issues getting things working properly, then chances are the reader will as well. So I feel it is important to share some of the behind the scenes hurdles during setup in addition to my detailed thoughts on the book itself.

Setting the Stage

BeagleBone BlackI know I’d promised everyone that this review would come in January, but some initial setup issues caused a major delay. I’d purchased a BeagleBone Black specifically to accompany my reading, and my first attempt at installing ‘The Deck’ was a painful experience with a steep learning curve.  Not that the installation itself was difficult, but rather I wasn’t aware going in that there were multiple versions of ‘The Deck’ out there. The older version I tried first (based on size of my SD card for the filesystem) seemingly had issues with USB.  I’d fire things up, and everything would work great for short bursts of time before my USB wireless adapter would suddenly disappear, and I’d lose connectivity.  As all good techies do, I Googled for some advice. Turns out that version of the deck appears to have had issues with USB power management, as a LOT of people were reporting that the USB ports were powering down. Nobody seemed to have a reliable fix.  I tried just about everything I could find out there, and the problem persisted.  After numerous hours of frustration spanning a few weeks, I spotted that there was a newer release of ‘The Deck’ which required a larger SD card.  So I gave that a shot and lo and behold, I now had a stable USB subsystem!  Now that I had a healthy device and felt I could follow along better, I set off on my journey of exploring ‘Hacking and Penetration Testing with Low Power Devices.’

Dr. Philip Polstra’s website describes him as the following:  “Dr. Polstra is an Associate Professor in the department of Math, Computer Science, and Statistics at Bloomsburg University of Pennsylvania.  When not teaching, creating new electronic devices, performing penetration tests, or providing infosec consulting services he has been known to fly, teach others how to fly, and build aircraft.  He is an accomplished aviator with thousands of hours of flight time in various aircraft and a dozen aviation ratings/certificates, all of which are current.  He is licensed as a commercial pilot, flight instructor, airplane mechanic, aircraft inspector, and avionics technician.”

I’d watched slide decks and video presentations from this author and was particularly entertained by his enthusiasm in the realm of dropboxes and the use of small, portable devices in pentesting.  I’d always thought of a dropbox as a single device that you’d quietly insert into your target environment in order to facilitate access when you couldn’t physically remain on the premises.  But with his work, Dr. Polstra has opened my eyes to the use of not just one but multiple devices in varying ways to not only aid in a pentest but to automate it and gather / attack from multiple angles to more rapidly achieve your goals.  Philip piqued my imagination by including various methods of hiding a dropbox, which I’d not considered before, as well as going as far as using his love for aviation to include remote, flying drones in his work.  While some of these ideas may or may not be useful in every test one might endeavor to work on, they show the true nature of a ‘hacker’ in their ability to employ critical thinking and planning as well as manipulation and stealth.

All of the above aside, the reading is broken into ten chapters.  Beginning with introductory information about ‘The Deck’ and different hardware platforms that have been released in the BeagleBone family, the book progresses into installing and configuring one’s own operating system and adding tools to the mix.  The author then moves into a discussion of power requirements for the devices and various hardware attachments and additions one might like to deploy.  Next, he discusses device communications (including 802.15.4 and XBee radio communications) and how to use those from up to a mile away or more to communicate with your equipment.  He concludes with a few chapters discussing hiding the devices, how one can use them with aerial drones, and the future of ‘The Deck’ and his projects.  Additionally, throughout the reading, Philip gives shortened examples of penetration testing steps one might follow when using these devices to help drive home the value of using them in a real-world test.

Chapter-by-Chapter Details

The Deck Running on a BeagleBone BlackDiving into Chapter One, “Meet the Deck,” Philip explains that this book assumes nothing.  While acknowledging that some of the topics go into significant detail (both technically and just informatively in general), he explains that any reader with a decent understanding of the pentesting process as a whole and some knowledge of coding practice can learn and benefit from the book.  The author goes on to explain the origins of ‘The Deck,’ originally designed to be a tool for USB device forensics, and how it grew into what it is today – a pretty powerful penetration testing distribution. Considering the low-cost hardware it was designed to run on, it is full of useful tools and utilities with room for customization and growth.  Various examples of deployments are introduced, to be explored more fully later on, and he lists some of the tools such as aircrack, Fern Wifi Cracker, Metasploit, Hydra et al.  The chapter closes with brief information on using these devices as dropboxes, desktops, or even as aerial drones with radio communications and remote-controlled capabilities.

Chapter 2, “Meet the Beagles,” is a detailed dive into the various versions of the Beagle family which includes the BeagleBoard-xM, the BeagleBone and the BeagleBone Black.  This chapter progresses into technical details about the history and specifications of each, their costs and the notable differences between them, in order to explain his reasoning for choosing one over the other in terms of size, cost and versatility.  It concludes with a table containing the information for quick reference, and shows why he’s primarily focused his attention on the BeagleBone Black for this book / project.

The next Chapter, “Installing a Base Operating System,” is a foray into what it takes to install or create a working distribution on various hardware types.  While focused on and solidifying Ubuntu and the BeagleBone Black (for purposes of the rest of the book), it explains the thought processes and methodology that go into selecting a proper operating system for a specific deployment type and need.  Dr. Polstra discusses various Linux options that can be installed on an ARM device, as well as some non-Linux options, such as Windows CE, QNX, FreeBSD, StarterWare and Android (yes, it’s based on a Linux Kernel, but for the purposes and this book, it’s considered separately).  The author goes into more detail on the uses and benefits of each OS such as GUI environment availability, ease of module installation, ease of upgrade, etc., and how they play into use in a remote drone / dropbox type of deployment.  Included are screenshots of some of the distros showing how they would appear on an LCD cape (a graphical screen that can be added atop a BeagleBone Black) or on another attached display.  Philip goes on to actually installing Ubuntu using installation scripts developed by Robert C. Nelson onto an SD card, so that the devices can be readied for tools to be installed.

While very informative for those looking to do these things for themselves, this chapter and the next are not a necessity in getting a device prepared and working to go along with some of the later chapters.  The author has installation scripts with the releases of ’The Deck’ which handle the vast majority of installation for the reader, including installing many of the tools that can be used from the device.  These chapters were geared more for the highly tech / linux-savvy users, who may be looking to develop similar solutions for themselves.

Moving on, we reach Chapter 4, “Filling the Toolbox.”  As noted earlier, if you’re using Polstra’s ‘The Deck’ installer, this chapter can mostly be skipped. However, the reader may still benefit from it, if they want to install extra packages or have a better understanding of how things were put together.  Here, the author assumes the audience is building their own toolbox from scratch and dives into configuring repositories, finding and installing packages, compiling and cross-compiling as necessary, debugging and scripting automated installations for entire sets of tools.  The premise here is to help someone who is building their own solution to understand the steps necessary to do so, depending on the operating system employed on the box and the desired tools.

Chapter 5, “Powering the Deck,” is a dive into a better understanding of power utilization on our “low power devices,” and how to accommodate for differing scenarios when using these boxes in pentests.  The author goes into great detail on how various power sources work, the amount energy required for certain typed of devices to operate, and how to utilize different configurations of batteries, solar power and USB power. This is done to ensure that the reader has enough power to operate the system properly, while also enabling the attached devices (network, radio, display ports, capes, etc.) to perform their testing. He also gives solid runtime examples, so that the reader understands how long a specific solution might run when using each type of power source.  Obviously, if one needs a dropbox to function for 2 days, a power source that lasts for 8 hours simply won’t suffice.  So Dr. Polstra did a great job of laying out the options in a way that most readers should be able to grasp.  Finally, the reader is taken through a basic example of a single-dropbox pentest (from discovery, to vulnerability checking, to password cracking and wireless) to begin to show the value of such a solution.

The next chapter, “Input and Output Devices,” discusses the types of devices one might attach to their BeagleBone.  The author discusses display options (LCD capes versus external HDMI), keyboards and mice (should the reader need to use the device as a desktop or power up a device in the car for wardriving or to review data), wireless and radio adapters, hubs and switches.  Philip discusses 802.11 wireless adapters and antennae with details about their frequencies (range of each and strength of transmissions), and how some may be better suited for different scenarios (obviously one wouldn’t want a large antenna on a drop box meant to be hidden under a desk).  For those with the desire for hands on building, the discussion moves into custom layout and wiring of breadboards to make an XBee radio cape.

Dr. Philip Polstra - BeagleBone Black and XBee Cape“Building an Army of Devices,” Chapter 7, follows the end of the previous chapter and progresses into methods to configure the 802.15.4 XBee modems via python scripts and third party utilities, so that you might operate your device as a remote drone from afar.  Detailed information and links to outside resources are provided regarding the 802.15.4 specification and how to configure modems for different topologies (point-to-point and mesh networking).  Additional python scripts are provided to facilitate automated remote control and inter-device communications.  Polstra explains the security aspects involved with radio communications and ensuring the devices are configured for encryption (if desired), while explaining the drawbacks of extra bandwidth and transmission needs to accommodate that encryption.  The author also explains how to setup devices to act as 802.15.4 routers and gateways to extend your reach.  Finally, the chapter concludes with another example pentest, this time utilizing multiple devices / drones.

Chapter 8’s title is pretty self-explanatory, “Keeping Your Army Secret.”  Here, the reader is presented with many examples of methods for hiding a device, whether it be simple placement or hiding one inside of another object such as inside a toy, a common article like a lunchbox, or even a soap dispenser in a public restroom (I’d admittedly never have thought of this one).  The book explains the need to be able to reach a device to update it (here’s another case where wireless or XBee access is nice, so as not to have to physically approach the device and giveaway its whereabouts), as well as the importance of being able to easily remove your devices after an engagement without divulging their whereabouts. This is great advice in the event that you ever need to place a device again, so that the organization doesn’t catch on and watch for you in the future.

Dr. Philip Polstra - DroneIn Chapter 9, the author takes his experience in pentesting and his passion for flying and marries the two.  Here, he explains how he would utilize a ‘hacking drone’ with various types of remote-controlled flying machines (flying wing, quadcopter, etc.).  While this may or may not be something the reader ever does, it’s an interesting foray into the possibilities that such technologies can provide.  For instance, Polstra mentions landing a drone on a business roof, so as quietly to plant a wireless device within network range without ever entering the building, then being able to retrieve the device by simply piloting the drone back to safety.  Sounds like something you’d find in a hi-tech spy movie but still in reality both conceivable and cost effective.

The concluding chapter (Chapter 10 – “Future Directions”) closes with a discussion of progress on ports of ‘The Deck’ and new uses that are being investigated. One such example is using the BeagleBone Black as a USB device with mass storage to exfiltrate data or even be used as a pocket-sized hack in a box (kind of like the “USB swiss army knives”).  The author notes that others might find new and exciting ideas for capes to add further device functionality to the device such as directly attached internal hub / switch capes, directly attached wireless, etc.  The idea being that open source solutions like the BeagleBone Black and ‘The Deck’ will always allow for new innovations in the field of pentesting.

Conclusions on “Hacking and Penetration Testing with Low Power Devices”

The easiest way to summarize my thinking about this book are to start with the author’s own Closing Thoughts.’ Dr, Phil (as he is known by his friends) writes, “This book represents several years of research and experimentation. It has introduced you to a new way of performing penetration tests. My hope is that it has also stimulated your imagination and will encourage you to do your own experimentation with new techniques and devices of your own design.”

This Syngress Publishing title was a really fun, enjoyable foray not only into pentesting but also into building and engineering different solutions with varying pieces and parts to truly end up with creative solutions to real problems. It effectively brought back my inventive “Radio Shack hobbyist” side.  To be honest, I had no idea that the author would get as deep and detailed as he did. Frankly, in the time I’ve had to review it, I didn’t get into and actually build all of the fun projects I’d have liked to.  I can’t wait until I have more time to bust out the soldering iron and have fun! So in the end, “Hacking and Penetration Testing with Low Power Devices” achieved the author’s goal in spades as my imagination is soaring.

Tim Everson, OSCE, OSCP, GPEN, C|EH AKA hayabusa is an avid pentester and security enthusiast / professional who has been involved in IT for nearly 20 years with mixed experiences in pretty much every sector of the industry from SMB to enterprise, manufacturing, education and government. He enjoys reviewing new books and courses to build his knowledgebase and challenge himself as well as to help others find appropriate learning to help them progress in the field. When he’s not tucked behind a computer screen, he’s an avid sport-bike enthusiast, a busy husband and dad, and has a passion for cartoon drawing and computer graphics / animation.

Tags: , ,

Category: Book Reviews

Comments (1)

Trackback URL | Comments RSS Feed

  1. Avatar image Securex says:

    Sounds good. I’ll read it soon, because i’m also interesting in hardware manipulations and radio communication.