Damn Vulnerable Raspberry Pi (DVRPi)

Overview

Damn Vulnerable Raspberry Pi (DVRPi) is a Raspberry Pi 4B firmware designed to teach hardware hacking through intentional vulnerabilities. The challenges introduce the learners to multiple real-world software and physical interface exploitation scenarios, often an entry point for attacking embedded devices like IoT systems, routers, and industrial controllers.

Warning: DVRPi is for educational use only. Do not deploy on production or internet-facing systems, as it contains intentional vulnerabilities that will lead to compromise.

Getting Started

• Multiple Challenges to attempt.

• Write-ups available.

  
  

Step 1. Download the firmware

https://sourceforge.net/projects/dvrpi/

Step 2. Check Image Integrity

sha256sum rpi4-debian-firmware.img.xz
Validate against checksum.txt

Step 3. Place the SDCARD into your reader on host machine

Recommended SDCARD Size: 64GB

• Locate your SDCARD

lsblk

Step 4. Uncompress and Flash the image onto the SDCARD (using DD)

xz -dc rpi4-debian-firmware.img.xz | sudo dd of=/dev/sdX bs=4M status=progress

Step 5. Sync Writes

sync

Step 6. Umount the SDCARD

umount /<mountpoint>/rootfs
umount /<mountpoint>/bootfs

Step 7. Insert SDCARD into RPi and Follow challenge steps

NOTE: Do NOT power on until all challenge details have been read

Check out our Github for more:

https://github.com/exploitsecurityio/DVRPi