SBN

Gaining Shell Access via UART Interface Part 2

This is the 2nd post in IoT-Hacking-Shell-via-UART series. I hope you have gone through the first part. If not, please go through it.

In this post, I will cover Baud Rate, lab setup for performing UART exploitation and how one can identify UART pins for exploitation. This part aims to cover the remaining theory of UART exploitation, and the practical aspect of UART exploitation will be covered in next part.

Let’s Continue.

Baud Rate – Baud Rate is the speed/rate at which two devices communicate with each other over UART Interface. At the hardware level, all the communication and data transfer is handled using clock cycle. Since there is no concept of the clock cycle in UART; all the communication is handled using Baud Rate. Let’s try to understand Baud Rate in simple words. When there is no clock cycle, two devices are programmed in such a way that they will exchange and share data with each other at a particular speed. This speed is technically termed as Baud Rate. If the Baud Rate of both the device is same, they can understand what is being shared between them else they do not understand what is being sent or received and cannot communicate. Thus, knowing Baud Rate beforehand is of utmost importance.

Common Baud Rates used in serial communication are 4800, 9600, 19200, 38400, 57600, 115200, etc. To identify the correct Baud Rate, widely a script written by Craig Heffner is used. The script is named as baud rate.py. The file/script can be downloaded at https://github.com/devttys0/baudrate/blob/master/baudrate.py. This script allows us to change the Baud Rate to a different value while maintaining the existing serial connection with another device.

Tools and Software Needed – To perform UART exploitation, following tools and Software along with their explanation is (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nitesh Malviya. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/NxOGAL1UREU/