Finding Hardware Targets
_

Finding Hardware Targets

Published: April 5, 2025

We all know practice makes perfect - and that's all well and good, until you have to put up cash for it. This is usually the case for hardware hacking, unless you are going through e-waste, or getting absolute steals on eBay, you have to purchase hardware to practice your skills on. Often times, you will even want to buy a few of the same device for testing.

I will show you how I find devices and how I vet them to see if they are worth my time and money.

Choosing Device Types

Depending on what you are after, it often helps to narrow your search down to a specific device type before you run off to Amazon. Here are a few examples:

Verifying Candidates

Once you have a device type in mind, you can start looking for candidates on places like eBay, Amazon, and AliExpress. When you find a candidate, you need to verify that it has what you are looking for. It could be that you are looking to practice eMMC flash dumping or interfacing with UART, but the pictures on Amazon won't show you the device internals, so you could end up wasting money.

Instead of playing UART bingo, there is a little trick you can do. If you want to sell a device and that device emits radio signals of any kind, you are required to register it with a regulatatory agency, such as the FCC (at least in the US and UK). FCC reports are (for the most part) publicly accessible. Part of the FCC reporting process includes photographing device internals, so we can use these to have a little peak under the hood.

Example: WiFi-enabled Camera

I was looking for device to practice desoldering and dumping firmware chips. I found a relatively cheap WiFi camera on Amazon.

WiFi Camera

I started just by googling "JOOAN" and "FCC" to see if I could find any device submissions from this company.

JOOAN Google Search

We can see there are a few results. If we click into one, we can see the company that submitted it:

FCC Company Page

This page will list out every device that JOOAN has submitted to the FCC for certification. Our device must be in here somewhere, so all we have to do is scroll through the list, and look at the external photos of each device.

FCC JOOAN Devices

Here it is! The page we are specifically looking for is the "Internal Photos" section.

WiFi Camera Page

The internal photos are usually within a PDF file - if we carefully look through, we can see a close-up of the device's main PCB:

Device Internal Photos And we have successfully identified a few interesting components, and eventual attack vectors. From top to bottom, we have an Ingenic T31 SoC, and an XMC SPI flash chip.

Conclusion

This is a really good way of finding devices specific to your hardware hacking needs. While it is possible for companies to submit confidentiality requests to disallow displaying of internal photos, this is rarely the case and usually only done by larger companies to protect their IP.

← Back to Home