๐ NullSec UART
March 7, 2026 ยท View on GitHub
๐ NullSec UART
UART/Serial Console Discovery & Exploitation
Discover hidden UART consoles, auto-detect baud rates, and interact with embedded device serial interfaces
๐ฏ Overview
NullSec UART automates the discovery and exploitation of serial debug consoles on embedded devices. Hidden UART interfaces are one of the most common hardware attack surfaces โ often providing root shells, bootloader access, and firmware update capabilities.
โก Features
| Feature | Description |
|---|---|
| Baud Detector | Auto-detect baud rate from 300 to 4M baud |
| Pin Finder | Identify TX/RX pins using signal analysis |
| Console Logger | Record serial output with timestamps |
| Command Injector | Automated command injection via serial |
| Bootloader Detector | Identify U-Boot, Barebox, CFE, and custom bootloaders |
| Shell Detector | Detect root shells, BusyBox, and restricted environments |
| Firmware Extractor | Dump firmware via bootloader commands (XMODEM, YMODEM) |
๐ง Supported Adapters
| Adapter | Status |
|---|---|
| FTDI FT232R/FT2232H | โ Full |
| CP2102/CP2104 | โ Full |
| CH340/CH341 | โ Full |
| Bus Pirate | โ Full |
| Raspberry Pi GPIO | โ Full |
๏ฟฝ๏ฟฝ Quick Start
# Auto-detect baud rate
nullsec-uart detect --port /dev/ttyUSB0
# Connect to UART console
nullsec-uart connect --port /dev/ttyUSB0 --baud 115200
# Log all serial output
nullsec-uart log --port /dev/ttyUSB0 --baud 115200 -o device_log.txt
# Brute-force login
nullsec-uart bruteforce --port /dev/ttyUSB0 --wordlist common_creds.txt
๐ Related Projects
| Project | Description |
|---|---|
| nullsec-jtag | JTAG/SWD debug interface toolkit |
| nullsec-glitch | Voltage glitching & fault injection |
| nullsec-sdr | Software-defined radio toolkit |
| nullsec-linux | Security Linux distro (140+ tools) |
โ ๏ธ Legal
For authorized hardware security testing only.
๐ License
MIT License โ @bad-antics
Part of the NullSec Hardware Security Suite