Download in PDF RHM v0.4 ┃ Read online
The Robot Hacking Manual (RHM) is an introductory series about cybersecurity for robots, with an attempt to provide comprehensive case studies and step-by-step tutorials with the intent to raise awareness in the field and highlight the importance of taking a security-first1 approach. The material available here is also a personal learning attempt and it's disconnected from any particular organization. Content is provided as is and by no means I encourage or promote the unauthorized tampering of robotic systems or related technologies.
- Disclaimer
- History
- Motivation
- A containerized approach
- Contribute back
- Introduction
- Case studies
- Universal Robots' UR3 (hacking a collaborative robot arm)
- Mobile Industrial Robots' MiR100 (hacking an industrial mobile robot)
- Robot Operating System (hacking ROS 1)
- Robot Operating System 2 (hacking ROS 2)
- TurtleBot 3 (hacking TurtleBot 3)
- PX4 autopilot
- Writeups
- Reconaissance
- Vulnerability research
- Static analysis
- Dynamic analysis
- Tutorial 1: Robot sanitizers in ROS 2 Dashing
- Tutorial 2: Robot sanitizers in MoveIt 2
- Tutorial 3: Debugging output of robot sanitizers with GDB, hunting and fixing bugs
Tutorial 4: Robot sanitizers with Gazebo- Tutorial 5: Static analysis of PyRobot
- Tutorial 6: Looking for vulnerabilities in ROS 2
- Tutorial 7: Analyzing Turtlebot 3
- Tutorial 8: SROS and SROS 2, exploring
- Tutorial 9: Looking at DDS middleware flaws
- Exploitation
- General
- Tutorial 1: Buffer overflows
- Tutorial 2: Building shellcode
- Tutorial 3: Exploiting
- Tutorial 4: Return to
libc - Tutorial 5: Return-Oriented Programming (ROP)
- Tutorial 6: Remote shell
- Tutorial 7: pwntools - CTF toolkit
- Tutorial 8: Linux Binary Protections (external)
- Tutorial 9: Building a pwnbox
- Tutorial 10: Bypassing NX with Return Oriented Programming (WIP, unfinished)
- Robotics-specific
- General
- Forensics
- Hardening
- Talks:
- 2016
- 2017
- Hacking Robots Before Skynet, Ekoparty Security Conference 2017
- An Experimental Security Analysis of an Industrial Robot Controller, IEEE Symposium on Security and Privacy 2017
- SROS: Current Progress and Developments, ROSCon 2017
- Breaking the Laws of Robotics: Attacking Industrial Robots, Black Hat USA 2017
- 2018
- Introducing the Robot Security Framework (spanish), Navaja Negra Conference 2018
- Arm DDS Security library: Adding secure security to ROS2, ROSCon 2018
- Leveraging DDS Security in ROS 2, ROSCon 2018
- 2019
- Defensive and offensive robot security, ROS-Industrial Conference 2019
- Black Block Recorder: Immutable Black Box Logging via rosbag2 and DLTs, ROSCon 2019
- Lessons learned on real-time and security (slides), ROS 2 Real-Time Workshop, ROSCon 2019
- 2020
- Current security threat landscape in robotics, European Robotics Forum (ERF) 2020
- Security in ROS & ROS 2 robot setups, European Robotics Forum (ERF) 2020
- Akerbeltz, industrial robot ransomware, International Workshop on Engineering Resilient Robot Software Systems, International Conference on Robotic Computing (IRC 2020).
- Zero Trust Architecture in Robotics, Workshop on Security and Privacy in Robotics, ICRA 2020
- The cybersecurity status of PX4, PX4 Developer Summit Virtual 2020
- Detecting Insecure Code Patterns in Industrial Robot Programs, Proceedings of the 15th ACM Asia Conference on Computer and Communications Security 2020
- Protecting robot endpoints against cyber-threats, ROS-Industrial Conference 2020
- Robots and Privacy, Shmoocon 2020
- 2021
- Uncovering Planned Obsolescence Practices in Robotics and What This Means for Cybersecurity, BlackHat USA 2021
- The Data Distribution Service (DDS) Protocol is Critical: Let's Use it Securely! (to appear), BlackHat Europe 2021
- Breaking ROS 2 security assumptions: Targeting the top 6 DDS implementations (to appear), ROS-Industrial Conference 2021