Hardware Hacking Expert - Level 2 - Module 1: UART Hacking
- Buy now
- Learn more
- Discussions
About Module 01 – UART Hacking

Syllabus Module 01 – UART Hacking - Module 01.pdf
Class 01 - Why Hack UART?

Class 01 - Why Hack UART?
Class 02 - Identify UART pins

Class 02 - Identify UART pins
Class 03 - Sniffing Log

Class 03 - Sniffing Log
Class 04 - Bypassing Simple Login

Class 04 - Bypassing Simple Login
CrackLoginHash.py
rockyou.txt
Class 05 - UART and the OT World

Class 05 - UART and the OT World
Class 06 - Connecting to OT Comm Line

Class 06 - Connecting to OT Comm Line
Class 07 - Identifying the right wires

Class 07 - Identifying the right wires
ModBusEmulator-Client.py
ModbusEmulator-Server.py
OT_Sniffer.py
Class 08 - From OT to UART

Class 08a - From OT to UART
Class 08b - RS485 to UART Adaptors DIY - part 1
Class 08c - RS485 to UART Adaptors DIY - part 2
Class 09 - Sniffing OT Network

Class 09 - Sniffing OT Network
Class 10 - Reversing OT traffic

Class 10a - Reversing OT traffic - part 1
Class 10b - Reversing OT traffic - part 2
Class 10c - Reversing OT traffic - part 3
OT-Parser.py
CRC-Brute.py
Class 11 - true MITM on OT

Class 11a - true MITM on OT - part 1
Class 11b - true MITM on OT - part 2
Class 11c - true MITM on OT - part 3
Class 11d - true MITM on OT - part 4
Class 11e - true MITM on OT - part 5
OT_MITM.py
ThhMITMxface_Schematics.pdf
MITM_Test.py
ThhWireBug_Rider.STL
ThhWireBug_PCB.STL
ThhWireBug_Schematics.pdf
ThhWireBug_House.STL
Class 12 - Fault Injection in UART Attacks

Class 12 - Fault Injection in UART Attacks
GlitcherTest.py
Class 13 - Bypassing Kill Switch Protection

Class 13 - Bypassing Kill Switch Protection - part 1
Class 13 - Bypassing Kill Switch Protection - part 2
BrutPassword.py
PasswordUARTmaster.elf
rockyou.txt
Class 14 - Bypassing Secure Boot

Class 14a1 - Bypassing Secure Boot - Intro 1
Class 14a2 - Bypassing Secure Boot - Intro 2
Class 14b - Bypassing Secure Boot by Fault Injection
Class 14c - Bypassing Secure Boot by Imposing Single User Login
Class 14d - Bypassing Secure Boot by Firmware Manipulations
JetsonUart0FullLog01.log
Class 15 - Firmware Extraction the UART way

Class 15a - Firmware Extraction the UART way - Intro
Class 15b - Firmware Extraction the UART way - Bootloader Backdoors
Class 15c - Firmware Extraction the UART way - Logfile Resurrection
hex2bin.py

Class 11 - true MITM on OT

Students escalate into full man-in-the-middle attacks on OT networks. The instructor demonstrates designing a device with relays and MAX485 modules that intercepts all traffic between PLCs and clients. Unlike simple sniffers, this device can modify, inject, or block packets in real time. Emphasis is placed on timing challenges, avoiding collisions, and synchronizing injection with GPIO controls. This class connects to the module by moving students from passive observers to active manipulators of OT processes.

Learning Objective
Build and operate a man-in-the-middle device for OT exploitation.

Training Outcomes

Understand MITM hardware design.
Control direction of RS485 communication.
Modify and relay traffic safely.

Hands-On Experience

Assemble MITM devices with relays.
Intercept and alter live traffic.
Test MITM on PLC-client communication.

12 Lessons