Skip to content

Akheron Proxy Cheatsheet

Akheron Proxy Cheatsheet

Overview

Akheron Proxy is an open-source serial communication proxy tool developed by Rapid7. It is designed for capturing, decoding, fuzzing, and replaying traffic from embedded devices. It was presented at the Black Hat USA 2025 Arsenal.

Key Features

  • Serial Communication Proxy: Intercept and analyze serial communication between embedded devices.
  • Traffic Capture: Capture and log all data transmitted over the serial connection.
  • Protocol Decoding: Decode and dissect various serial protocols.
  • Fuzzing: Send malformed data to test for vulnerabilities in the device's firmware.
  • Replay Attacks: Replay captured traffic to test for replay vulnerabilities.
  • Extensible: Can be extended with custom protocol decoders and fuzzing modules.

How It Works

Akheron Proxy sits between two embedded devices (or a device and a host computer) and intercepts the serial communication between them. It allows you to view, modify, and replay the data in real-time.

Installation

# (Note: Specific installation instructions will be available in the official repository)

# Example installation (replace with actual commands)
git clone https://github.com/rapid7/akheron-proxy.git
cd akheron-proxy
pip install -r requirements.txt

Usage

# Example usage (replace with actual commands)

# Start the proxy and listen on two serial ports
python akheron-proxy.py --port1 /dev/ttyUSB0 --port2 /dev/ttyUSB1

# Capture traffic to a file
python akheron-proxy.py --port1 /dev/ttyUSB0 --port2 /dev/ttyUSB1 --capture-file traffic.pcap

# Fuzz a device with a specific fuzzing module
python akheron-proxy.py --port1 /dev/ttyUSB0 --port2 /dev/ttyUSB1 --fuzz-module my_fuzzer

Common Use Cases

  • Embedded Device Security Audits: Assess the security of IoT and other embedded devices.
  • Vulnerability Research: Discover new vulnerabilities in embedded device firmware.
  • Hardware Hacking: Analyze and manipulate serial communication for hardware hacking projects.
  • Protocol Reverse Engineering: Reverse engineer unknown serial protocols.

Writing Custom Modules

Akheron Proxy is designed to be extensible. You can write your own Python modules to add support for new protocols or create custom fuzzing logic.

# my_decoder.py (example protocol decoder)

from akheron.protocol import Protocol

class MyProtocol(Protocol):
    def decode(self, data):
        # Your decoding logic here
        return decoded_data

Additional Resources