Getting Started with HydraBus

The HydraBus (hardware) with HydraFW (firmware) are used as an open source multi-tool for anyone interested in learning/developping/debugging/hacking/Penetration Testing for basic or advanced embedded hardware.

The MCU is one of the fastest Cortex M4F on the market and is more than 40X faster than an Arduino (STM32F405, 32bits@168MHz=210DMIPS vs Arduino Uno, 8bits@16MHz=5.2DMIPS).

HydraBus can be also used as Test Bench for hardware validation/test with help of embedded python script or native C/C++ firmware and it is a perfect tool for hardware pentesting.

HydraBus is evolutive with the help of “Shield” hardware extensions:

• NFC 13.56MHz Shield (Reader/Programmer/Emulation...) see HydraNFC Shield v2
• LIN / Dual CAN Bus Shield see HydraLINCAN
• 8bit Nand Flash (Reader/Programmer) Shield see HydraFlash (see also https://github.com/hydrabus/DumpFlash-Hydrabus)
• SPI/I2C SOIC8 EEPROM (Reader/Programmer) Shield see HydraEEPROM
• HydraBus v1.0 Shield / Breakout board for ESP-WROOM-32 (ESP32) HydraESP32

HydraBus use cases:

• Communicate with multiple protocols/hardware:
  • 1-wire, 2-wire, 3-wire, UART, SPI, I²C, JTAG/SWD, CAN, SMARTCARD …
• Debugging/Programming with JTAG/SWD with OpenOCD
• Identifying, reading, writing, verifying and erasing SPI flash chips with native flashrom support (serprog)
• Programming Arduino/AVR MCU with avrdude
• 1-3wire / I²C / UART / SPI ... sniffing with sigrok/PulseView in logic analyzer mode (using SUMP protocol)
• Python scripting using the Binary mode
• Save/Read data to/from micro SD card
• USB OTG port ...

Video related to HydraBus / HydraNFC:

• 9 Sept 2022 Flashback Team Extracting Firmware from Embedded Devices (SPI NOR Flash)
• HydraBus Assembly Video
  • See also https://lab401.com/development/15-hydrabus.html
• HydraNFC Getting Started Video
• HydraBus / HydraNFC unboxing & Assembly Video
  • See also https://lab401.com/development/16-hydrabus.html

Press/Blogs related to HydraBus

• HydraBus in Francophone Magazine HACKABLE N°53 MARS/AVRIL 2024
• Nov 2023 Ph0wn eZine Issue #01 (PDF)
• 17 Apr 2023 I hack, U-Boot (Synacktiv/Théo Gordyjan)
• 03 Mar 2023 Hardware investigation of wireless keyloggers (Synacktiv/Antoine Cervoise)
• 9 Dec 2021 Hacking the My Arcade Contra Pocket Player - Part I (TrustedSec/Rob Simon)
• 31 Mar 2021 TrendMicro articles about LoRaWAN security in 3 parts (TrendMicro/Sebastien Dudek)
• 29 Aug 2020 Read & Fuzz contactless smart cards with HydraNFC v2 (Part 2) (Guillaume Vinet)
• 29 Aug 2020 Read & Fuzz contactless smart cards with HydraNFC v2 (Part 1) (Guillaume Vinet)
• 15 June 2020 SWD Bonus – MEM-AP security (Kudelski Security/Nicolas Oberli)
• 13 Oct 2019 PC to GBA interface -- Part 1 (entropyqueen)
• 31 Jul 2019 SWD part 2 : the MEM-AP (Kudelski Security/Nicolas Oberli)
• 16 May 2019 SWD – ARM’s alternative to JTAG (Kudelski Security/Nicolas Oberli)
• 19 Dec 2018 Ph0wn, my first IoT CTF - Part 3 using HydraBus (Sebastien Andrivet)
• 24 Oct 2018 - Hackaday building-a-proof-of-concept-hardware-implant
  • 14 Nov 2018 Video BlackAlps 2018: Build Your Own Hardware Implant (Nicolas Oberli)
• 23 Oct 2018 - kudelskisecurity build-your-own-hardware-implant
• 8 Oct 2018 - HydraBus RTL-SDR tuner R820T2 (Russian)
• 3 Oct 2018 - HydraBus/HydraNFC "How to steal money from a contactless card and Apple Pay" zhovner/HABR (Russian)
• 16 Jul 2018 - HydraBus Presentation (Russian)
• 2 Oct 2017 - HydraBus Presentation (entropyqueen)
• 1 Oct 2014 - cnx-software HydraBus/HydraNFC

Conference Talk related to HydraBus:

• https://www.blackalps.ch/ba-17/files/talks/BlackAlps17-Vernoux.pdf

Tutorial/Workshop/Training related to HydraBus:

• Dump all the (ARM) things ! (Baldanos/Barbhack 2023)
• https://github.com/parallelbeings/Debug_Authentication_LPC55S6x
• https://entropyqueen.github.io/posts/HydraBus_presentation
• https://github.com/rdomanski/hardware_hacking/tree/master/my_talks/Hardware_Hacking_101

Tutorial related to HydraBus & HydraNFC:

• https://github.com/hydrabus/hydrafw/wiki/HydraFW-HydraNFC-TRF7970A-Tutorial

Hack/Challenge using HydraBus:

• Riscure Rhme-2016
  • GPIO/Timing (WhackTheMole)
  • Fault Injection (Fiasco)
  • Password/Timing Attack (SecretSauce)

---

If you have just received your HydraBus (v1.0 Rev1_5) (see https://hydrabus.com/hydrabus-1-0-specifications) the factory flashed firmware is HydraFW (HydraBus) v0.11-1-g4d74500 2023-05-09, if you want the latest features you can update it (using USB DFU) with latest firmware with following steps:

Important: If you have an HydraNFC v1 or V2 Shield you shall only connect it on TOP of HydraBus (you shall push it strongly to be fully connected).

1. Follow the step Flash and use hydrafw on Windows or Flash and use hydrafw on Linux depending on your system.
2. When a Host is connected to HydraBus USB1 or USB2 (with a PC or any device supporting USB Host(also OTG) communications device class also called Virtual Serial Port) with the help of a VT100 Terminal you can use HydraFW console commands described in wiki https://github.com/hydrabus/hydrafw/wiki/HydraFW-console-commands

---

For more details on HydraBus/HydraNFC and HydraFW (the official firmware for HydraBus/HydraNFC) see following links:

Official web pages HydraBus

• http://hydrabus.com
• http://hydrabus.com/hydrabus-1-0-specifications
• http://hydrabus.com/hydranfc-1-0-specifications
• https://hydrabus.com/hydranfc-shield-v2-specifications

HydraBus/HydraNFC official firmware HydraFW

• https://github.com/hydrabus/hydrafw

Wiki for HydraFW (Support HydraBus/HydraNFC)

• https://github.com/hydrabus/hydrafw/wiki

Alternative firmware:

• HydraBus microPython

  • https://github.com/hydrabus/hydrabus#official-micro-python-port-for-hydrabus

• HydraBus JTAG/SWD debugger (using Black Magic FW)

  • https://github.com/hydrabus/hydrabus#official-black-magic-jtagswd-debugger-port-for-hydrabus

HydraBus Hardware

• https://github.com/hydrabus/hydrabus

HydraNFC Hardware

• https://github.com/hydrabus/hydranfc

For Issue/Question see HydraFW Issue

• https://github.com/hydrabus/hydrafw/issues
• https://hydrabus.com/contact