Sign in Subscribe

If You're Into IoT Hacking, You Should Read This Book!

If You're Into IoT Hacking, You Should Read This Book!

If you're into IoT hacking then you should definitely read this book, even though it's not about hacking at all!

I first came across the third edition of Mastering Embedded Linux Development last year as I needed a refresher on embedded Linux development while creating the firmware for the TCM Security Practical IoT Pentest Associate (PIPA) Exam. If you're not familiar with that exam it focuses around performing static analysis on an embedded Linux firmware sample. To create the exam environment I built out the hardware and wrote custom firmware with intentional common vulnerabilities that exam takers need to find and report on.

One of the hardware prototypes for the "SMRT LOK" the device under test in the PIPA exam

As with all TCM exams, we want the exam to feel as close to a real world example as possible, so it was important that the firmware used was realistic. I've worked on embedded Linux development in the past, both at university and in a previous job, however I'd never built out my own firmware completely from the ground up.

In to the rescue came Mastering Embedded Linux Development! It was actually not the first resource that I tried, after going through a few disappointing Udemy courses I decided to go the book route and was so happy I stumbled upon this gem.

The book does an amazing job of both explaining how embedded Linux works and is developed along with providing concrete examples that are easy to follow along and also modify to meet your own needs. It was just the right amount of hand holding for me to feel like I was mastering the concepts while also being able to play around and experiment myself. All of the commands, samples, labs and technical details were laid out clearly and also up-to-date so that I didn't have any troubles reproducing them. Some concepts I had learned in university and also used in my past job finally fully clicked for me. Using the examples and what was taught in the course I was able to modify them enough to meet my exact needs and build out my own custom firmware with custom binaries, libraries and scripts that all interacted with my hardware of choice.

I read the third edition of this book front to cover multiple times, the pages are dog eared and covered in my notes and if you saw it, just by the wear alone you'd tell it's been well read. So when the fourth edition came out I immediately ordered one and have been enjoying the updates and taking the opportunity to learn more about the Yocto project as an alternative to Buildroot which I'm currently more comfortable with. If you don't know what either of those are, the book does an amazing job teaching both of them.

Okay, but I just want to hack!

Okay, so hear me out, in my opinion one of the best ways to learn how to hack anything is to build your own of that thing using the same tools, methodology and processes that real developers are using to build it. Whether that be a website, binary, network, you name it. For IoT devices this is no exception, and nowadays there is no shortage of embedded Linux IoT devices, and if you're just getting started I suggest you focus on those.

By building out your own embedded Linux device you'll be forced to learn about the ins and outs of how it works. All the way from how the bootloaders work, to setting up the required configuration in the kernel, to kernel models and drivers, to the embedded Linux init process, to busybox, to creating your own toolchains and compiling customs apps and the list goes on. If you had of asked me before this book if I had a good understanding of embedded Linux, to be honest I would have said yes. However, after reading this book multiple times and doing the labs in it, I realized that there was so much I was missing before and that now I actually had a decent understanding of how it worked.

That deep understanding has greatly improved my IoT hacking skills, not only making me faster by understanding how the systems work, but also knowing even more of the things that developers are doing and the shortcuts they may want to take.

So, if you're into IoT hacking I strongly recommend you read this book, even though it's not about hacking at all (or maybe it is because really building your own cool stuff is kind of hacking anyway).

Happy hacking - DigitalAndrew