int3.cc

Osprey

The Osprey hardware platform was designed and developed during 2012 and early 2013 by Stephen A. Ridley. Osprey is the basis for a consumer product called Tally (patent pending) which is currently in development. The Osprey hardware platform is dual use however. With modified firmware, Stephen has been using the Osprey hardware (as a consultant) to facilitate attacks against embedded systems and low-power RF networks. The goal is for it to be the "Metasploit" of hardware hacking. Modular with a firmware framework. (i.e. BusPirate functionality, glitching, JTAG brute forcing, low-power RF network attacks, etc.)

Stephen first began to speak publicly about his Osprey tool in early 2013 at Infiltrate 2013 (in Miami, FL) and NoSuchCon 2013 in Paris, France, and most recently at the 30 year anniversary of CCC in Hamburg.  He's also spoken about it briefly during his interview with the SecurityWeek Podcast.

Eventually there will be more information and detail here about Osprey, but for now you can find out about how Stephen has been using his custom platform (for research and consulting) in the last half of his NoSuchCon (Paris) 2013 presentation slides. Additional information is available in Stephen's Chaos Communication Congress talk at 30C3 in Hamburg, Germany.

Osprey is not for sale yet. The cost per-unit is still quite high due to the complexity of a multi-layer RF board like this. There are less that 20 Ospreys in existence. They are currently used for Tally development; to facilitate hardware attacks during consulting engagements, and have been released to private clients/customers.

Manufacturing electronics is entirely about volume. The more you can manufacture, the cheaper per-unit. The goal is that with the larger production volumes for the release of the consumer product (Tally) researchers will be able to repurpose the cheaper consumer hardware with custom firmware loads and use Osprey to facilitate their own hardware vulnerability research tasks. 

Why pricing things is hard...

Many people skip the INT3 "About" page and formulate opinions without understanding what is going on here. Please read that to understand why just because a project is "Open Source hardware" doesn't mean...

Learn to reverse engineer and exploit mobiles, IoT, and Embedded systems. (Public Trainings Announced)

We've announced our public EU and US trainings for 2015. Sign up today!  

Using the Shikra to Attack Embedded Systems: Getting Started

The blog system on this e-commerce platform is awful. This blogpost has been prettified and moved to Xipiter's main blog here:  http://www.xipiter.com/musings/using-the-shikra-to-attack-embedded-systems-getting-started