{"id":13640590,"url":"https://github.com/Vulcainreo/DVID","last_synced_at":"2025-04-20T02:34:22.525Z","repository":{"id":49596487,"uuid":"168951812","full_name":"Vulcainreo/DVID","owner":"Vulcainreo","description":"Damn Vulnerable IoT Device","archived":false,"fork":false,"pushed_at":"2024-02-12T20:22:55.000Z","size":15094,"stargazers_count":186,"open_issues_count":0,"forks_count":40,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-08-03T01:17:11.713Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Vulcainreo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-02-03T14:06:32.000Z","updated_at":"2024-07-31T12:30:54.000Z","dependencies_parsed_at":"2024-01-19T12:03:50.070Z","dependency_job_id":null,"html_url":"https://github.com/Vulcainreo/DVID","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vulcainreo%2FDVID","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vulcainreo%2FDVID/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vulcainreo%2FDVID/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vulcainreo%2FDVID/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Vulcainreo","download_url":"https://codeload.github.com/Vulcainreo/DVID/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223816658,"owners_count":17207897,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:01:12.605Z","updated_at":"2024-11-09T10:31:27.270Z","avatar_url":"https://github.com/Vulcainreo.png","language":"C","funding_links":[],"categories":["Technologies","Labs and CTFs","Further Learning and Training","C"],"sub_categories":["Firmware","Vulnerable Applications","Wifi Tools"],"readme":"# DVID\nDamn Vulnerable IoT Device - The first opensource vulnerable designed IoT device\n\n**⚠️ This project is currently in development ⚠️**\n\nAll details are available on DVID website : [http://dvid.eu](http://dvid.eu)\n\n# Project overview\n\nThis IoT device is designed by my own and published on OpenSource. The main objective is to provide to each interrested people a vulnerable board to improve their skill in IoT hacking.\n\nThe board core is composed by a Atmega328p and a OLED screen. For each vulnerabilities, a firmware could be flashed on the Atmega328p in order to offer a specific vulnerable environment.\n\nThere is also connection port like UART, Bluetooth, 2,4Ghz and Wifi. In each vulnerability, a specific extension board must be plugged to the board.\n\nHacking required attacks tools like USBasp and USBuart.\n\n# Board\n\nYou can buy the board on marketplace (available soon) or build it yourself with Gerber files.\nThe board is shipped with theses three packages :\n* **Board only and component reference** : Naked board only. You must buy all component yourself and solder all component.\n* **Soldered board without attack component and extention** : Soldered board but you must buy all external tools like USBuart, USBasp, extention board.\n* **Full package** : Everything needed (soldered board, external board and attack tools).\n\n# Contribution\n\nIf you want to contribute to the project, don't hesitate to open a pull request.\nBy the way, about firmware compilation, you need to compile for atmega328p breadboard 8mhz.\nIn order to do that, just add this board to the /arduino/hardware/arduino/avr/board.txt file\n\n```bash\n##############################################################\n\natmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock)\n\natmega328bb.upload.protocol=arduino\natmega328bb.upload.maximum_size=30720\natmega328bb.upload.speed=57600\n\natmega328bb.bootloader.low_fuses=0xE2\natmega328bb.bootloader.high_fuses=0xDA\natmega328bb.bootloader.extended_fuses=0x05\n\natmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex\natmega328bb.bootloader.unlock_bits=0x3F\natmega328bb.bootloader.lock_bits=0x0F\n\natmega328bb.build.mcu=atmega328p\natmega328bb.build.f_cpu=8000000L\natmega328bb.build.core=arduino:arduino\natmega328bb.build.variant=arduino:standard\n\n\natmega328bb.bootloader.tool=arduino:avrdude\natmega328bb.upload.tool=arduino:avrdude\n```\n\nIn order to upload, select \"USBAsp\" in `Tool -\u003e Programmer` and start the upload using `Sketch -\u003e Upload Using Programmer`\n\n# Write-ups\n\nMany thanks to [@ghozt](https://twitter.com/ghozt), [@shoxxdj](https://twitter.com/shoxxdj) and [@podalirius](https://twitter.com/podalirius)\n\n## In french 🇫🇷\n\n### Hardware\n\n* Find The Datasheet - [https://shoxxdj.fr/dvid-hardware-find-the-datasheet/](https://shoxxdj.fr/dvid-hardware-find-the-datasheet/)\n* Find The Datasheet - [https://podalirius.net/fr/writeups/dvid-writeup-01-hardware-find-the-datasheet/](https://podalirius.net/fr/writeups/dvid-writeup-01-hardware-find-the-datasheet/)\n\n### Firmware\n\n* Default Password - [https://shoxxdj.fr/dvid-firmware-defaultpassword/](https://shoxxdj.fr/dvid-firmware-defaultpassword/)\n* Default Password - [https://podalirius.net/fr/writeups/dvid-writeup-03-firmware-default-password/](https://podalirius.net/fr/writeups/dvid-writeup-03-firmware-default-password/)\n\n### Bluetooth\n\n* Advertising - [https://podalirius.net/fr/writeups/dvid-writeup-04-bluetooth-advertise/](https://podalirius.net/fr/writeups/dvid-writeup-04-bluetooth-advertise/)\n* Characteristics - [https://podalirius.net/fr/writeups/dvid-writeup-05-bluetooth-characteristics/](https://podalirius.net/fr/writeups/dvid-writeup-05-bluetooth-characteristics/)\n* Characteristics2 - [https://podalirius.net/fr/writeups/dvid-writeup-06-bluetooth-characteristics2/](https://podalirius.net/fr/writeups/dvid-writeup-06-bluetooth-characteristics2/)\n\n## In english 🇬🇧\n\n### Hardware\n\n* Find The Datasheet - [https://podalirius.net/en/writeups/dvid-writeup-01-hardware-find-the-datasheet/](https://podalirius.net/en/writeups/dvid-writeup-01-hardware-find-the-datasheet)\n\n### Firmware\n\n* Hardcoded Password - [https://podalirius.net/en/writeups/dvid-writeup-02-firmware-hardcoded-password/](https://podalirius.net/en/writeups/dvid-writeup-02-firmware-hardcoded-password/)\n* Default Password - [https://podalirius.net/en/writeups/dvid-writeup-03-firmware-default-password/](https://podalirius.net/en/writeups/dvid-writeup-03-firmware-default-password/)\n\n### Bluetooth\n\n* Advertising - [https://podalirius.net/en/writeups/dvid-writeup-04-bluetooth-advertise/](https://podalirius.net/en/writeups/dvid-writeup-04-bluetooth-advertise/)\n* Characteristics - [https://podalirius.net/en/writeups/dvid-writeup-05-bluetooth-characteristics/](https://podalirius.net/en/writeups/dvid-writeup-05-bluetooth-characteristics/)\n* Characteristics2 - [https://podalirius.net/en/writeups/dvid-writeup-06-bluetooth-characteristics2/](https://podalirius.net/en/writeups/dvid-writeup-06-bluetooth-characteristics2/)\n\n# Part list\n\nPart | Quantity | Total Cost | Buying link\n--- | --- | --- | ---\nBoard | 1 | 3€ | Available soon or build yourself :)\nJumper Double Row Female 2x4P | 2 | 1€ | https://www.banggood.com/30pcs-2_54mm-2x4P-8P-Double-Row-Female-Straight-Pin-Header-Needle-Socket-Pin-Strip-p-1348262.html\nJumper Single Row Male | 4 | 1€ | https://www.banggood.com/10Pcs-40-Pin-2_54mm-Male-Female-SIL-Socket-Row-Strip-PCB-Connector-p-953436.html\n28 pins socket (for atmega328p) | 1 | 0,5€ | https://www.banggood.com/50pcs-28-Pins-IC-DIP-2_54mm-Wide-Integrated-Circuit-Sockets-Adaptor-p-1211042.html\nOled Screen 4Pin white | 1 | 5€ | https://www.banggood.com/1_3-Inch-4Pin-White-OLED-LCD-Display-12864-IIC-I2C-Interface-Module-For-Arduino-p-1067874.html\nAtmega328p | 1 | 3€ | https://www.banggood.com/DIP28-ATmega328PPU-MCU-IC-Chip-With-Arduino-UNO-Bootloader-p-932159.html\n5V to 3V power supply | 1 | 1€ | https://www.banggood.com/5V-To-3_3V-DC-DC-Step-Down-Power-Supply-Buck-Module-AMS1117-800MA-p-933674.html\nStatus led | 1 | 0,5€ | https://www.banggood.com/10pcs-5mm-3000-6000mcd-LED-Bright-Decoration-Torch-Toy-Light-Green-p-73175.html\nTotal |  | 15€ |\n\n# Attack tools and extention board\n\nPart | Quantity | Total Cost | Buying link\n--- | --- | --- | ---\nUsbUART | 1 | 3€ |  https://www.banggood.com/CP2102-USB-To-TTL-Module-p-1263924.html\nUsbASP adapter | 1 | 4€ | https://www.banggood.com/3_3V-5V-USBASP-USBISP-AVR-Programmer-Downloader-ATMEGA8-ATMEGA128-With-Download-Cable-p-1179967.html\nAT-09 BLE module | 1 | 2€ | https://www.banggood.com/AT-09-4_0-BLE-Wireless-bluetooth-Module-Serial-Port-CC2541-Compatible-HM-10-Module-Connecting-Single-Chip-Microcomputer-p-1455191.html\nCSR BLE adapter | 1 | 4€ | https://www.banggood.com/Mini-Wireless-Dongle-CSR-4_0-Bluetooth-Adapter-V4_0-USB-2_03_0-For-Win-7810XP-For-Vista-3264-p-1132661.html\nJumper Wire female female | 1 | 2€ | https://www.banggood.com/120pcs-20cm-Male-To-Female-Female-To-Female-Male-To-Male-Color-Breadboard-Jumper-Cable-Dupont-Wire-Combination-For-Arduino-p-974006.html\nESP8266 | 1 | 2€ | https://www.banggood.com/Upgraded-Version-1M-Flash-ESP8266-ESP-01-WIFI-Transceiver-Wireless-Module-p-979509.html\nTotal |  | 17€ |\n\n\n![](./kit-contents.jpg)\n\n\n# Troubleshooting\n\nIn case of frying your board, you may encounter some issue with new version of chinese component. This part is dedicated to allow you to start to discuss with your component and put it in the ready-to-hack configuration\n\n## Bluetooth AT-09\n\nLast received parcel contains a new version of the AT-09, named MLT-BT05. This new version natively discuss over UART with 115200 baudrate.\nThe DVID can discuss to peripherial with 9600 baudrate.\nIn order to change that, follow those steps:\n* Connect your AT-09 to your uart dongle : RX\u003eTX, TX\u003eRX, VCC\u003eVCC and Gnd\u003eGnd\n* Open a serial monitor and type : AT+BAUD4\n* If you receive \"OK\", your BLE peripherial is ready-to-hack\n\n## Atmega328p\n\nLast received parcel contains a new version of Atmega328p. This version seems to be virgin and allow communication with very slow SCK.\nIn order to modify the internal configuration (fuse), follow those steps:\n* Solder (or shortcut) the Jumper #3 on the USBasp flashing dongle\n* Type this command to be sure that you can communicates with the broken Atmega328p : `avrdude -v -patmega328p -cusbasp`\n* If you receive \"hfuse reads D9\" and \"lfuse reads FF\", your device is already ready-to-hack\n* If not, type this command : `avrdude -v -patmega328p -U lfuse:w:0xE2:m -cusbasp`\n* You can type again `avrdude -v -patmega328p -cusbasp` to be sure that fuse configuration changed\n\nYou can not unsolder or remove shortcut on the Jumper #3. If you don't remove it, flashing process will take 20 more times.\nYou can now flash all firmware on you DVID !\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FVulcainreo%2FDVID","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FVulcainreo%2FDVID","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FVulcainreo%2FDVID/lists"}