├── README.md └── UARTfuzz.ino /README.md: -------------------------------------------------------------------------------- 1 | # UARTFuzz 2 | 3 | Arduino library for fuzzing UART pins and identifying TX port and baud rate. 4 | 5 | ## Instructions 6 | 7 | https://www.mdsec.co.uk/2017/05/hacking-hardware-with-an-arduino/ 8 | -------------------------------------------------------------------------------- /UARTfuzz.ino: -------------------------------------------------------------------------------- 1 | /* 2 | UARTFUZZ 3 | 4 | Author: Alexis Vanden Eijnde 5 | Date: 21/03/2017 6 | 7 | Finds the correct pin transmitting data over serial. 8 | 9 | Switches through Software serial ports until data is found, then attempts to fuzz baud rate. 10 | Output gives the user which pin is TX, and what baud rate. 11 | 12 | */ 13 | 14 | #include 15 | //(Rx,Tx) 16 | SoftwareSerial pin1(9, 2); 17 | SoftwareSerial pin2(10, 3); 18 | SoftwareSerial pin3(11, 4); 19 | SoftwareSerial pin4(12, 5); 20 | SoftwareSerial pinArray[4] = {pin1, pin2, pin3, pin4}; 21 | long baudArray[13] = {300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 28800, 31250, 38400, 57600, 115200}; 22 | int pinArraySize = 4; 23 | int baudArraySize = 13; 24 | int baudBufferSize = 16; //How many chars to display per baud rate; 25 | 26 | void setup() { 27 | // Our main communication channel back to user. 28 | Serial.begin(9600); 29 | while (!Serial) { 30 | ; // wait for serial port to connect. Needed for native USB port only 31 | } 32 | // Start each software serial port 33 | for (int i = 0; i < pinArraySize; i++) { 34 | pinArray[i].begin(9600); 35 | } 36 | Serial.println("[+] Now fuzzing, keep reseting the device intermittently"); 37 | } 38 | 39 | void loop() { 40 | int pin = queryPins(); 41 | fuzzBaud(pin); 42 | //finished fuzzing; wait a little bit and start again. 43 | delay(5000); 44 | } 45 | 46 | // iterates through pins and checks for any data 47 | // runs untill user decides to fuzz baud rate; 48 | int queryPins() { 49 | while (1) { 50 | for (int i = 0; i < pinArraySize; i++) { 51 | pinArray[i].listen(); 52 | delay(10); // breathe a little 53 | while (pinArray[i].available() > 0) { 54 | int tofuzz = reportAndAsk(i); 55 | if (tofuzz) return i; 56 | pinArray[i].flush(); // ¯\_(ツ)_/¯ 57 | break; 58 | } 59 | } 60 | } 61 | } 62 | 63 | // Prints our pin found, and asks user fuzz baud query 64 | // returns 1 if 'y' else 0 65 | int reportAndAsk(int i) { 66 | Serial.print("[+] Data found on pin: "); 67 | Serial.println(i); 68 | Serial.println("[?] Would you like to fuzz baud rate? y/n"); 69 | while (!Serial.available()) ; 70 | char fuzz = Serial.read(); 71 | Serial.print("[+] "); 72 | Serial.println(fuzz); 73 | //todo ternary operator 74 | if (fuzz == 'y') return 1; 75 | return 0; 76 | } 77 | 78 | //read bytes and present them to the user 79 | void fuzzBaud(int pin) { 80 | Serial.println("[+] Fuzzing Baud rate"); 81 | for (int i = 0; i < baudArraySize; i++) { 82 | int bufSize = baudBufferSize; 83 | Serial.print("\n---["); 84 | Serial.print(baudArray[i]); 85 | Serial.println("]---"); 86 | pinArray[pin].end(); 87 | pinArray[pin].begin(baudArray[i]); 88 | //fill buffer 89 | while (bufSize>0) { 90 | while (pinArray[pin].available() > 0) { 91 | Serial.write(pinArray[pin].read()); 92 | bufSize-=1; 93 | } 94 | } 95 | } 96 | } 97 | 98 | --------------------------------------------------------------------------------