This project serves as a universal setup for penetration testing embedded systems with the use of [Docker](https://www.docker.com/) and other generic utils.
This project serves as a universal setup for penetration testing embedded systems with the use of [Podman](https://www.docker.com/) and other generic utils.
## Goals
- [] Create a **reusable setup** for security assessment of projects
- [] Provide an **exemplary**dockerized system for the purposes of **cybersecurity education**
- [x] Create a **reusable sandbox** for cybersecurity education in embedded systems
- [x] Provide an **exemplary**hands-on module
- demonstrate common attack vectors in embedded systems
- create comprehensive scenarios
- [ ] Acquire **embedded security knowledge**
- create realistic scenarios
## Prerequisities
In order to run this sandbox you'll need:
-[Docker](https://www.docker.com/)
-TODO: required system architecture
-[Podman](https://www.podman.io/) or [Docker](https://www.docker.com/), depending on your platform
-at the time of writing x86_64 (ARM not tested)
For access of the GUI at host you'll need an RDP client.
For access of the GUI at attacker you'll need an RDP client.
## Setup
## Usage
The plan is to create two independent setups with a common base being the [docker-compose.yml](/template/docker-compose.yml) and the [host](/template/host/Dockerfile) container.
**NOTE:** In order to run the sandbox using Docker, replace "podman" with "docker" in each of these commands.
-[BR setup](br/README.md)
-[FI setup](fi/README.md)
Before starting up the sandbox, login to the faculty's GitLab to gain access to the container registry using this command:
```
podman login gitlab.fi.muni.cz:5050
```
### Structure
To fetch the required files and start the sandbox, run:
```
$ podman-compose up -d
```
- host
-[kali-linux](https://www.kali.org/) container
- includes the selection of utils and applications used to examine the target
- target
- preferably a [yocto](https://www.yoctoproject.org/)-based container
- serial connection to facilitate a communication channel with host
- (optional) modules
- mocked peripherals which can simulate communication over IP
If everything goes according to plan, you should see three containers upon running with this command:
```
$ podman-compose ps
```
## Roadmap
In order to shut the sandbox down:
```
$ podman-compose down
```
- [ ] devise a big picture plan to bring the setups together
- [ ] incorporate a serial connection between containers
- [ ] setup the attacker with a comprehensive guide of using the pre-installed tools
- [ ] convert the BR target setup to M4 qemu running the application
- [ ] convert the FI target setup to the one described above
### Attacker
### **Current hurdles**
- setting up a serial connection between the containers
- automatically stopping the boot sequence in U-Boot
- the serial connection has to precede the QEMU boot in order to successfuly land in U-Boot (requires input)
- FI target web application setup
- would be easiest to find something already implemented
- FI target system setup
- best case is finding an image which already has the built yocto distro
To get into the attacker's shell:
## Usage
```
$ podman-compose exec attacker bash
```
To access the attacker's GUI:
In order to build the desired setup (be that either br or fi), navigate to the respective directory:
1. Open your RDP client.
2. Access the client via
```bash
$ ~/<setup> docker-compose build
```
localhost:14000
```
To start the system:
To get the serial console of the target system, run:
```bash
$ ~/<setup> docker-compose up -d
```
root/~# /opt/scripts/startup.sh
```
If everything goes according to plan, you should see the host and target containers (optionally the other services) running with this command:
Please note, that making multiple simultaneous connections is not possible.
```bash
$ ~/<setup> docker-compose ps
```
### Target
In order to shut it down:
For the purposes debugging, it is possible to access the container via this command:
```bash
$ ~/<setup> docker-compose down
```
podman-compose exec target bash
```
To get into the host's shell:
## Sandbox topology
```bash
$ ~/<setup> docker-compose exec host bash
```
## Contributing
In order to make modifications to the target container, please do read this [README](./target/README.md).
To develop a custom hands-on module, please visit this [README](./module-yocto/README.md).
