---
type: CKG Bundle
title: Embedded / IoT Hardware Hacking
tags: [Compliance & Security]
timestamp: 2026-06-18T00:00:00Z
ckg:
  id: embedded-iot-hardware
  nodes: 155
  license: CC BY 4.0
---

# Embedded / IoT Hardware Hacking — Compressed Knowledge Graph

```csv
ConceptID,ConceptLabel,TaxonomyID
BR1,Embedded/IoT Attack Lifecycle,Phase
BR2,Recon & Information Gathering,Phase
BR3,Hardware Interface Access,Phase
BR4,Firmware Acquisition,Phase
BR5,Reverse Engineering,Phase
BR6,Vulnerability Analysis,Phase
BR7,Exploitation,Phase
BR8,Threat Modeling,Concept
BR9,Attack Tree,Concept
BR10,DREAD / Risk Scoring,Concept
BR11,Coordinated Vulnerability Disclosure,Concept
BR12,Firmware Image,Artifact
BR13,Cryptographic Key,Artifact
BR14,Secure Boot / Signature Verification,Target
BR15,Root of Trust / TEE,Concept
HW1,UART,Interface
HW2,JTAG,Interface
HW3,SWD,Interface
HW4,SPI,Interface
HW5,I2C,Interface
HW6,SD/eMMC,Interface
HW7,CAN bus,Interface
HW8,USB,Interface
HW9,PCI Express,Interface
HW10,Ethernet,Interface
HW11,Parallel / Memory interfaces,Interface
HW12,Logic Levels & Signaling,Concept
HW13,JTAG Boundary Scan,Technique
HW14,Debug Interfaces (generic),Interface
LAB1,Digital Oscilloscope,Tool
LAB2,Logic Analyzer,Tool
LAB3,Multimeter,Tool
LAB4,ChipWhisperer,Tool
LAB5,Bus Pirate,Tool
LAB6,Proxmark3,Tool
LAB7,Test Lab Setup & Budget Tiers,Concept
LAB8,Soldering / Desoldering / Rework,Technique
FI1,Fault Injection,Technique
FI2,Clock Fault Injection,Technique
FI3,Voltage Fault Injection,Technique
FI4,Crowbar Glitch,Technique
FI5,Electromagnetic Fault Injection (EMFI),Technique
FI6,Optical Fault Injection,Technique
FI7,Body Biasing Injection (BBI),Technique
FI8,Fault Model / Fault Primitive,Concept
FI9,Glitch Parameter Search,Technique
FI10,Fault Triggering & Timing,Technique
FI11,Differential Fault Analysis (DFA),Technique
FI12,Metastability,Concept
FI13,Fault Sensitivity Analysis,Technique
PA1,Side-Channel Analysis,Technique
PA2,Timing Attack,Technique
PA3,Simple Power Analysis (SPA),Technique
PA4,Differential Power Analysis (DPA),Technique
PA5,Correlation Power Analysis (CPA),Technique
PA6,Leakage Model (Hamming weight/distance),Concept
PA7,Power Trace / Trace Set,Artifact
PA8,Correlation Coefficient,Concept
PA9,AES (AES-128/AES-256),Target
PA10,RSA,Target
PA11,ECDSA,Target
PA12,Trace Processing & Alignment,Technique
PA13,Deep-Learning SCA (CNN),Technique
PA14,Success-Rate / Guessing-Entropy Metrics,Concept
HHC1,IC Package Identification,Technique
HHC2,PCB Mapping,Technique
HHC3,OSINT: FCC / Patents / Datasheets,Technique
HHC4,Firmware Extraction (hardware),Technique
HHC5,Assets & Security Objectives,Concept
HHC6,Attacker Profiling,Concept
HHC7,Protect / Detect / Respond,Countermeasure
HHC8,Security Certifications,Countermeasure
HHC9,PlayStation 3 Hypervisor (FI),Case
HHC10,Xbox 360 (FI),Case
HHC11,Philips Hue (Power Analysis),Case
HHC12,Trezor One Wallet Memory Dump,Case
HHC13,Attack Taxonomy,Concept
HHC14,Disassembling Target Code,Technique
GD1,Disassembly,Concept
GD2,Linear Sweep Disassembly,Technique
GD3,Recursive Descent Disassembly,Technique
GD4,Malware Analysis,Concept
GD5,Vulnerability Analysis (binary),Concept
GD6,RE Companion Tools,Tool
GC1,Ghidra,Tool
GC2,CodeBrowser,Tool
GC3,Listing Window,Tool
GC4,Decompiler,Tool
GC5,Function Graph,Tool
GC6,Symbol Tree,Tool
GC7,Data Type Manager,Tool
GC8,Cross-References (XRefs),Concept
GC9,Project & Auto-Analysis,Technique
GC10,Stack Frames & Calling Conventions,Concept
GC11,Data Types & Structures,Concept
GC12,C++ Reversing,Concept
GE1,Ghidra Scripting,Technique
GE2,Headless Analyzer,Technique
GE3,Ghidra API,Tool
GE4,Custom Loaders,Technique
GE5,SLEIGH / Processor Modules,Technique
GE6,Decompiler Internals,Concept
GE7,Collaborative Server / Version Control,Tool
GE8,GhidraDev / Eclipse,Tool
GE9,ROP Gadget Identification,Technique
GE10,Function ID (FID),Technique
GA1,Obfuscation / Anti-RE,Concept
GA2,Static Deobfuscation / Unpacking,Technique
GA3,Emulation (p-code),Technique
GA4,Binary Patching,Technique
GA5,Anti-Debugger Evasion,Technique
GA6,BSim,Tool
GA7,Version Tracking,Tool
GA8,Program Diff / Function Comparison,Tool
GA9,Compiler Variations,Concept
IT1,IoT Security,Concept
IT2,IoT vs. Traditional IT Security,Concept
IT3,IoT Testing Methodology,Technique
IT4,Frameworks / Standards / Guides,Concept
IT5,Medical Device Security,Case
IT6,IoT Hacking Laws / Legal,Concept
IN1,VLAN Hopping,Technique
IN2,MQTT Attacks,Technique
IN3,Ncrack MQTT Module,Tool
IN4,Network Protocol Analysis,Technique
IN5,Wireshark Lua Dissector,Tool
IN6,DICOM Protocol,Target
IN7,Nmap Scripting Engine (NSE),Tool
IN8,UPnP Exploitation,Technique
IN9,mDNS / DNS-SD Attacks,Technique
IN10,WS-Discovery Attacks,Technique
IH1,EEPROM / Flash Dumping (SPI),Technique
IH2,Firmware Hacking,Technique
IH3,Firmware Emulation,Technique
IH4,Backdooring Firmware,Technique
IH5,Firmware Update Mechanism Attacks,Technique
IH6,STM32F103 'Black Pill' + OpenOCD,Target
IR1,RFID (LF/HF),Technique
IR2,RFID Cloning (MIFARE),Technique
IR3,BLE (GATT/GAP),Technique
IR4,BLE Tools (BlueZ/GATTTool/Bettercap),Tool
IR5,Wi-Fi Client/AP Attacks,Technique
IR6,WPA/WPA2 Cracking,Technique
IR7,LPWAN / LoRa / LoRaWAN,Technique
IR8,LoRaWAN Attacks,Technique
IR9,Radio Hardware (Heltec/CatWAN/LoStik),Tool
IR10,Signal Jamming / Replay Attacks,Technique
IE1,iOS App Attacks,Technique
IE2,Android App Attacks,Technique
IE3,Jailbreak / Root Detection Bypass,Technique
IE4,Mobile Security Controls,Concept
IE5,Smart-Home Attack Surface,Concept
IE6,IP Camera Stream Hijack,Technique
IE7,Smart Treadmill (Android) Takeover,Case
IE8,RFID Lock Cloning (entry),Technique
```

## Edges (prerequisite -> concept)
BR6 -> BR1
BR2 -> BR1
GA8 -> GA5
IN1 -> BR7
BR4 -> BR1
PA3 -> PA1
IR1 -> LAB6
BR5 -> BR6
BR7 -> BR1
HHC4 -> BR12
BR15 -> FI1
BR8 -> BR9
PA13 -> PA4
IH3 -> GA3
LAB1 -> PA7
HHC9 -> FI1
BR8 -> IT3
FI7 -> FI1
HW4 -> BR3
IE2 -> BR7
HW3 -> IH6
HHC7 -> PA1
PA5 -> PA1
IH5 -> BR7
GC7 -> GC2
IR6 -> IR5
FI6 -> FI1
GC4 -> GC11
FI1 -> BR14
HW13 -> HHC2
IE6 -> IE5
HHC4 -> GD1
GC3 -> GC2
PA1 -> BR7
HW13 -> HW2
PA12 -> PA4
BR2 -> BR3
GE9 -> GE2
IE8 -> IR2
PA5 -> PA4
IR3 -> BR7
FI9 -> FI10
LAB8 -> HHC4
IT3 -> BR2
BR5 -> BR1
HHC2 -> BR2
IE3 -> GA4
HHC14 -> GC1
IE3 -> IE4
GC6 -> GC2
PA2 -> PA1
IN8 -> BR7
FI5 -> HW8
GE7 -> BR5
HW12 -> HW1
FI3 -> FI1
IR2 -> LAB6
IE4 -> IE2
PA4 -> PA7
BR9 -> BR10
IN1 -> IT1
LAB3 -> HHC1
GA5 -> GA4
FI13 -> FI1
IE5 -> IR10
IN9 -> IN10
HW2 -> BR3
BR12 -> GC1
HW4 -> IH1
HW5 -> BR3
BR9 -> IN1
GC5 -> GC2
PA4 -> PA6
GA3 -> GA2
GA9 -> GC4
GE1 -> GE3
FI2 -> FI1
LAB4 -> PA1
BR11 -> BR7
HW3 -> HW14
IH2 -> BR12
BR6 -> BR7
IR7 -> IR8
GE5 -> GD1
LAB4 -> FI2
FI8 -> FI9
PA5 -> PA8
IN4 -> IN5
IH3 -> BR6
IH2 -> GC9
GA6 -> PA9
GE2 -> GE1
BR4 -> BR5
HW1 -> BR3
IN2 -> IN3
GC2 -> GC1
FI4 -> FI3
GC4 -> GC2
FI11 -> PA10
HHC4 -> BR4
HW3 -> BR3
IH1 -> BR12
IR5 -> IR10
FI10 -> HHC14
GC8 -> GD5
HHC7 -> FI1
GD3 -> GD1
BR3 -> BR4
HW2 -> HW14
HHC11 -> PA1
PA4 -> PA1
BR3 -> BR1
HHC1 -> BR2
BR8 -> HHC5
PA14 -> PA1
FI1 -> BR7
IH4 -> BR12
IH4 -> BR7
HW5 -> LAB5
HW2 -> BR4
PA3 -> PA10
HHC10 -> FI1
IE5 -> BR7
GC10 -> GC4
FI12 -> FI2
IE7 -> IE5
IR1 -> IR2
IR1 -> BR7
HW1 -> IH6
GD1 -> BR5
FI11 -> BR13
GA2 -> GA1
GA6 -> GD4
HHC11 -> BR13
HHC3 -> BR2
HHC12 -> BR13
GA4 -> BR7
IN7 -> BR2
GA4 -> IH4
LAB4 -> FI3
IR8 -> BR7
IR3 -> IR4
IE1 -> BR7
PA1 -> BR13
GE6 -> GC4
FI1 -> HHC12
GE10 -> GA6
LAB1 -> HW8
GA7 -> GA8
IN7 -> IN6
IE7 -> IE2
IN5 -> IN6
LAB2 -> HW1
FI5 -> FI1
GD6 -> GC9
GC9 -> GC3
IN9 -> BR2
LAB5 -> HW4
LAB4 -> PA7
PA4 -> PA9
GC11 -> GC12
BR8 -> HHC6
IH3 -> BR12
GE8 -> GE4
PA3 -> PA11
GC1 -> BR5
BR14 -> BR15
LAB7 -> BR3
IH2 -> BR4
FI1 -> GA4
IR7 -> IR9
GC1 -> GD3
GD2 -> GD1
HHC9 -> BR15
HHC8 -> HHC7
HHC13 -> BR8
GE4 -> GC9
IE5 -> IE8
GC8 -> GC2

*Free CKG · Graphify.md · `pip install ckg-mcp` for all · own the knowledge layer, rent the model*