This past weekend I decided to make a Bus Pirate as a quick weekend project.  The Bus Pirate is a universal serial interface originally designed by the folks over at Hack a Day.  Basically the Bus Pirate is a device that can talk a wide range of serial protocols.  Most folks are familiar with the USB serial bus, yes I know that is redundant, and the old school RS-232 serial port.  Just about every computer made in the past 20 plus years has one of these serial ports. Sadly many hardware devices such as smart cards, integrated circuits and embedded devices do not speak RS-232 or USB.  Because of this talking to these devices can be hassle. You often need to build a hardware converter and possibly write some custom code to communicate with these devices.  The Bus Pirate tries to eliminate this hassle.

Today the Bus Pirate speaks eight protocols (1-Wire, UART, I²C, SPI, JTAG, raw 2-wire, raw 3-wire and PC AT keyboard).  The raw 2-wire and raw 3-wire can be used to interface with proprietary serial protocols.  The Bus Pirate also contains some other handy features such as a on-board 3.3 and 5 volt power supply, 0-6 volt measurement probe, a frequency measurement probe and frequency generator.

I was not adventurous enough to etch my own circuit board so I decided to build the Bus Pirate kit made by Fundamental Logic.  The kit includes all the parts you need.  Fundamental Logic even preprogrammed the PIC so you can build the kit without a PIC programmer.  The online assembly directions for the kit are very clear and easy to follow.  Before you start be sure to visit their tools page to make sure you have all the tools you need.

Overall the project took me about two hours to complete. A lot of that time was spent setting up and getting back into the swing of soldering.  Overall it was not a very difficult project.  The kit uses all through-hole components and the circuit board is not too densely populated.  In terms of difficulty I rate this kit as medium to medium-low.  I recommend this kit to anyone who wants to build a Bus Pirate.  However if you are new to electronics and soldering this is probably not the best project for you to cut your teeth on.

Truthfully I had more problems getting my serial port and terminal program configured properly than I did assembling the kit.  In the future I'll post some notes on getting the Bus Pirate to work in Windows and Linux.  I'll also cover how to get it working with a serial-to-USB converter.

So the Bus Pirate sounds like a cool geek toy but how does it relate to security?  First off when assessing hardware it is often helpful to communicate with the hardware directly.  This will allow you to skip over the vendor's APIs and applications which may place limitation on what can be sent to the hardware.  If you can talk to the hardware directly you can bypass these limitations.  From the security point of view I am especially interested in the Bus Pirate's ability to speak JTAG, 1-wire and raw 2-wire serial protocols.

JTAG is a diagnostic protocol that can be used to communicate with electronic circuits and chips.  JTAG is commonly used to restore bricked routers when an installation of OpenWRT or similar firmware fails.  However JTAG can also be used to directly query the memory in most embedded devices.

iButton Image By Stan Zurek1-wire is a protocol used by the iButton line of products. iButtons are frequently used in physical access control systems.

The raw 2-wire mode can be used to communicate with a number of smart cards.

I'll let your imagination ponder why I would want to communicate with these devices.