Discover hidden UART consoles, auto-detect baud rates, and interact with embedded device serial interfaces
NullSec UART automates the discovery and exploitation of serial debug consoles on embedded devices. Hidden UART interfaces are one of the most common hardware attack surfaces — often providing root shells, bootloader access, and firmware update capabilities.
| Feature | Description |
|---|---|
| Baud Detector | Auto-detect baud rate from 300 to 4M baud |
| Pin Finder | Identify TX/RX pins using signal analysis |
| Console Logger | Record serial output with timestamps |
| Command Injector | Automated command injection via serial |
| Bootloader Detector | Identify U-Boot, Barebox, CFE, and custom bootloaders |
| Shell Detector | Detect root shells, BusyBox, and restricted environments |
| Firmware Extractor | Dump firmware via bootloader commands (XMODEM, YMODEM) |
| Adapter | Status |
|---|---|
| FTDI FT232R/FT2232H | ✅ Full |
| CP2102/CP2104 | ✅ Full |
| CH340/CH341 | ✅ Full |
| Bus Pirate | ✅ Full |
| Raspberry Pi GPIO | ✅ Full |
# Auto-detect baud rate
nullsec-uart detect --port /dev/ttyUSB0
# Connect to UART console
nullsec-uart connect --port /dev/ttyUSB0 --baud 115200
# Log all serial output
nullsec-uart log --port /dev/ttyUSB0 --baud 115200 -o device_log.txt
# Brute-force login
nullsec-uart bruteforce --port /dev/ttyUSB0 --wordlist common_creds.txt| Project | Description |
|---|---|
| nullsec-jtag | JTAG/SWD debug interface toolkit |
| nullsec-glitch | Voltage glitching & fault injection |
| nullsec-sdr | Software-defined radio toolkit |
| nullsec-linux | Security Linux distro (140+ tools) |
For authorized hardware security testing only.
MIT License — @bad-antics
Part of the NullSec Hardware Security Suite