Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



43 Commits

Repository files navigation


Damn Vulnerable IoT Device - The first opensource vulnerable designed IoT device

⚠️ This project is currently in development ⚠️

All details are available on DVID website :

Project overview

This IoT device is designed by my own and published on OpenSource. The main objective is to provide to each interrested people a vulnerable board to improve their skill in IoT hacking.

The board core is composed by a Atmega328p and a OLED screen. For each vulnerabilities, a firmware could be flashed on the Atmega328p in order to offer a specific vulnerable environment.

There is also connection port like UART, Bluetooth, 2,4Ghz and Wifi. In each vulnerability, a specific extension board must be plugged to the board.

Hacking required attacks tools like USBasp and USBuart.


You can buy the board on marketplace (available soon) or build it yourself with Gerber files. The board is shipped with theses three packages :

  • Board only and component reference : Naked board only. You must buy all component yourself and solder all component.
  • Soldered board without attack component and extention : Soldered board but you must buy all external tools like USBuart, USBasp, extention board.
  • Full package : Everything needed (soldered board, external board and attack tools).


If you want to contribute to the project, don't hesitate to open a pull request. By the way, about firmware compilation, you need to compile for atmega328p breadboard 8mhz. In order to do that, just add this board to the /arduino/hardware/arduino/avr/board.txt file

############################################################## on a breadboard (8 MHz internal clock)





In order to upload, select "USBAsp" in Tool -> Programmer and start the upload using Sketch -> Upload Using Programmer


Many thanks to @ghozt, @shoxxdj and @podalirius

In french 🇫🇷




In english 🇬🇧




Part list

Part Quantity Total Cost Buying link
Board 1 3€ Available soon or build yourself :)
Jumper Double Row Female 2x4P 2 1€
Jumper Single Row Male 4 1€
28 pins socket (for atmega328p) 1 0,5€
Oled Screen 4Pin white 1 5€
Atmega328p 1 3€
5V to 3V power supply 1 1€
Status led 1 0,5€
Total 15€

Attack tools and extention board

Part Quantity Total Cost Buying link
UsbUART 1 3€
UsbASP adapter 1 4€
AT-09 BLE module 1 2€
CSR BLE adapter 1 4€
Jumper Wire female female 1 2€
ESP8266 1 2€
Total 17€


In case of frying your board, you may encounter some issue with new version of chinese component. This part is dedicated to allow you to start to discuss with your component and put it in the ready-to-hack configuration

Bluetooth AT-09

Last received parcel contains a new version of the AT-09, named MLT-BT05. This new version natively discuss over UART with 115200 baudrate. The DVID can discuss to peripherial with 9600 baudrate. In order to change that, follow those steps:

  • Connect your AT-09 to your uart dongle : RX>TX, TX>RX, VCC>VCC and Gnd>Gnd
  • Open a serial monitor and type : AT+BAUD4
  • If you receive "OK", your BLE peripherial is ready-to-hack


Last received parcel contains a new version of Atmega328p. This version seems to be virgin and allow communication with very slow SCK. In order to modify the internal configuration (fuse), follow those steps:

  • Solder (or shortcut) the Jumper #3 on the USBasp flashing dongle
  • Type this command to be sure that you can communicates with the broken Atmega328p : avrdude -v -patmega328p -cusbasp
  • If you receive "hfuse reads D9" and "lfuse reads FF", your device is already ready-to-hack
  • If not, type this command : avrdude -v -patmega328p -U lfuse:w:0xE2:m -cusbasp
  • You can type again avrdude -v -patmega328p -cusbasp to be sure that fuse configuration changed

You can not unsolder or remove shortcut on the Jumper #3. If you don't remove it, flashing process will take 20 more times. You can now flash all firmware on you DVID !