2025-02-19

PIPA

My experience and review of the PIPA (Practical IoT Pentest Associate) certification.

Context

I’m currently student in cybersecurity implying that I’m supposed to learn things, but, i end up not having too much spare time to dedicate in messing around with IoT hacking.

Then, my friend which was at the same time focused on another TCM security certification told me about the “PJIT” (now PIPA) which seemed to be great to learn fundamentals of hardware hacking, electronics and IoT security while being useful professionally thanks to the skills assessment, so i decided to give it a try.

Course material

Content

For the course, our instructor is Andrew Bellini, a hardware hacker with a background in electrical engineering.

So during the course there is a large part of electrical engineering. And as a person who never got into that before, it was pretty easy to understand and it helped me a lot to figure out how things work under the hood. Moreover, every new concept introduced was here for a reason and well explained so even an electrical engineering unaware person knows where we are going.

Through the course we learn by doing hands-on exercises on a TP-link router (TL-WR841N model). In shorts we learn to understand a pcb and identify its components, use fundamental hardware hacking tools like a logical analyser, multimeter, soldering station and more. Connect to a serial port using UART, doing recon on IoT device components, reading datasheets, extracting a firmware, hunt for interesting data, doing reverse engineering on binaries and more.

Also, during the course I wasn’t really comfortable with reverse engineering and Ghidra but it helps to try some easy challenges on CTF platforms like RootMe or Hackropole to get comfortable with it.

Pricing

The PIPA is at an affordable price (200$ for students) and come packaged with the IoT and hardware hacking course from the TCM academy platform and two exam attempts.

And of course you keep the course for life (hi INE).

Also I should mention the cost of the equipment that went up to an additionnal 100$ (because I was greedy). But you can easily buy everything you need for 50$ or less if you buy from banggood or aliexpress and reading this post.

But it is still possible to follow the course without any material (even the router) as the instructor will show every steps. However, without hands-on experience it’s just like reading the solution without even trying to solve the problem, so the fun is gone and it’s more likely to immediately forget everything.

The exam

The exam lasts 4 days. 2 days to review a firmware like in a real pentest and two days to write a report.

The whole exam is hosted in a virtual environment with all the tools needed to perform the review and there are no physical device to test.

You can learn more about it in this post which tell everything you need to know about the exam.

Getting crushed by the exam

During the exam, I could directly use what i’ve learnt on the course and quickly identify several vulnerabilities.

If you follow the course carefully there should be not any problem to assess the device.

Also I recommand these blogpost from TCM security :

• Analyzing and Enumerating Firmware
• Reverse Engineering and Exploiting Binaries

BUT,

I ended up failing my first attempt because my report wasn’t detailed and professional at all. I wasn’t really familiar with this game and approached the report like it was a CTF writeup. Honestly, I needed this to get back to reality.

Then, I took a large breath, read carefully the How to Pass the PIPA Certification Exam post, and retried it.

Crushing the exam

I got back to it, and as I already got several vulnerabilities, on this second attempt I mainly focused on the report.

By the way I used many parts from the TCM security pentest report sample to write mine.

Finally, I successfully passed.

My thoughts

I really liked the course and the exam, I can say that it suits any person interested in hardware and IoT hacking but not knowing where to start.

Also the exam is useful because it simulates a professional environment to introduce us to real-world cases.

What’s next ?

I liked this course and want to know more, what I plan is :

1. Dig more into other protocols like BLE, RFID, MQTT, zigbee and also learn about RF.

2. Order a device from Amazon or Aliexpress and try to do some.

3. Learn about binary exploitation and train on labs like DVAR or ARM Lab vm 2.0.

Links

• Here’s another nice PIPA review and this one too.
• PIPA course overview
• Damn vulnerable ARM Router
• ARM Lab vm 2.0
• TCM Security - Getting Started with IoT and Hardware Hacking: Part 3 – Analyzing and Enumerating Firmware
• TCM Security - Reverse Engineering and Exploiting Binaries: Hardware Hacking Part 4
• TCM Security - Getting Started with IoT & Hardware Hacking: Part One - Don’t Break the Bank
• Andrew Bellini
• TCM Security - How to Pass the PIPA Certification Exam
• RootMe Cracking challenges
• Hackropole reversing challenges