Hacky Pi is a plattform to solve security challenges and train your cybersecurity skills. Because Hacky Pi is based on a Raspberry Pi, it offers a new dimension for security challenges to address problems found specifically in embedded devices. To solve a challenge it may be required to use an insecure serial connection or do some hardware manipulation... Find it out!
ℹ️ Hacky Pi is not some kind of device which allows you to attack other systems. It is a training platform.
You will need a host system to run the Hacky Packages Server (OPKG Server) and to attack Hacky Pi. Hacky Pi needs a network connection in order to work. It is suggested to connect Hacky Pi and the host in an isolated network to prevent accidentally hacking the environment.
To install and start the server you need a Linux host with docker. Windows is not currently supported.
docker run --rm -p 8080:80 -d ghcr.io/nimarty/hackypackages-server:latest
This will automatically pull the docker image and launch the package server in the background.
- Download the latest release package from this repo
- Take
<xxx>.rpi-sdimg
fromimages/raspberrypi4/
orimages/raspberrypi3/
and write it to an SD card.- Under Linux:
sudo fdisk -l | grep /dev/sd
to determine device. - Under Linux:
sudo dd if=<xxx>.rpi-sdimg of=/dev/sd<x> bs=4M
to write image on device. - or under Windows, use Rufus or Win32DiskImager to write the image to an SD Card
- Under Linux:
- Put the SD Card into your Raspberry Pi, connect it to your network and power it on
ℹ️ First startup takes time as filesystem is expanded to available memory space (up to 10 minutes for slow SD cards). Be patient.
If the network is set up correctly, your Hacky Pi will get an IP address. Look it up on your DHCP server. To edit the opkg configuration you need to login via SSH as root.
root password
cG#e*n&5!kB3ssh root@<HACKYPI_IP>
vi /etc/opkg/opkg.conf
- Change the following line at the bottom of the file. Use the IP address and port of the system running the Hacky Packages Server
src/gz hackypackages http://<SERVER_URL>:<PORT>
opkg update
In order to install challenges, connect via SSH to Hacky Pi. Login as root.
ℹ️ It's not the idea to use the root user to directly solve a security challenge. This is no fun. Follow the challenge description for the best experience.
ssh root@<HACKYPI_IP>
opkg install <CHALLENGE_NAME> &> /dev/null
and now you're ready to hack.opkg remove --autoremove <CHALLENGE_NAME>
to remove the challenge from Hacky Pi
A list of all available challenges with details can be found here: https://github.com/nimarty/hackypi-handout
⚠️ Install only one challenge at once. Installing more than one challenge at once can lead to errors.
Following steps have been tested on Ubuntu 20.04 LTS. When using a virtual machine, make sure to have at least 2 CPUs and 50 GB disk space at your disposal. Anyways, the first BitBake build takes a while.
git clone https://github.com/nimarty/hackypi.git
cd hackypi
./setup.sh
source poky/oe-init-build-env
bitbake hackypi-image
It's possible to start the server in a development mode. In development mode it loads packages from the build directory and the package list is updated periodically. See .env
file for details.
git clone https://github.com/nimarty/hackypi.git
cd hackypi/tools/opkg-server
change to the directory with the docker compose filedocker-compose up -d
You're welcome to develop and add your own security challenge for Hacky Pi, please read the contribution guideline and our code of conduct, and start coding.