> Beniamin Jablonski, 2025-02-12 # INTRODUCTION At the beginning of 2025, I completed the **Beginner's Guide to IoT and Hardware Hacking** course by **TCM Security**, and subsequently passed the exam, earning the [Practical IoT Pentest Associate (PIPA)](https://certifications.tcm-sec.com/pipa/) certification. In this post, I would like to share a brief review and my thoughts on the course and exam. # COURSE I believe that for someone with little to no prior experience in hardware hacking, the course provides an excellent and beginner-friendly introduction to the topic. The course is focused on hacking the `TL-WR841N` router by `TP-Link`. The full syllabus, including all the topics covered, can be found [here](https://academy.tcm-sec.com/p/beginner-s-guide-to-iot-and-hardware-hacking). Since this is a **hardware hacking** course, it begins with an overview of the equipment you can purchase, which will be used by the instructor throughout the lessons. Although it’s stated that buying the hardware isn’t necessary to complete the course or pass the exam, I wouldn’t recommend skipping it. Opting not to purchase the equipment means missing out on the hands-on experience and the essence of what you’re learning in the lessons. I would say that the total cost of all the required hardware is around $50–$70. This is indeed an additional expense, considering that the course itself, along with the exam, costs $249. However, I’ll emphasise once again that if you decide to take this course, it’s really not worth saving on the hardware - especially since many of the purchased components can be useful for future projects. To give you a bit of encouragement, you can see the model of the `TL-WR841N` router I purchased, which already has pins soldered to the UART connectors and is connected to a USB UART converter. ![[Pasted image 20250212225539.png]] Overall, I think the course is really good. What stands out the most to me is how well the material is structured. It’s laid out in a very thoughtful and organized way, and most importantly, it gives you a clear methodology that you can use when testing the security of other devices. The instructor, Andrew Bellini, definitely deserves praise. It’s clear that each lesson is carefully and thoroughly prepared, and the entire course is designed to be as understandable as possible. All key concepts are explained clearly. Throughout the course, I always felt that I understood why we were doing something and what goal we were aiming to achieve. Honestly, I don’t have much to complain about. Maybe, because of my background, I felt like the electronics part was a bit too simplified - I would have loved to see those topics explored in more detail. That said, the instructor made it clear that the focus was on the basics, and he delivered on that perfectly. If you want to dig deeper into electronics, I’d recommend checking out [this Udemy course](https://www.udemy.com/course/crash-course-electronics-and-pcb-design/?couponCode=ST9MT120225A). # EXAM When it comes to the exam, it’s worth checking out [this article](https://tcm-sec.com/pass-pipa-certification-exam), which provides a good description of the tasks you’ll need to complete: > [!quote] > The exam is performed entirely inside of the virtual environment provided by TCM Security. When you begin the exam, you’ll be provided with an OpenVPN configuration file that you can use to connect to the exam environment, which consists of one Linux virtual machine accessed via a web browser GUI. The VM contains the firmware, logic analyzer samples, design documentation, and all of the necessary tools to analyze the firmware. This includes Ghidra, Cyberchef, Pulseview, Binwalk, Hashcat, and other common Linux binaries and utilities used for firmware and forensic analysis. The entirety of the exam, with the exception of writing your report, is intended to be performed inside the provided exam environment. I think it’s fair to say that if someone goes through the entire course with understanding, they’ll be able to pass the exam. All the exam tasks required to earn the certification reflect the material covered during the course. You have a total of **4 days** to complete the exam—2 days to solve the practical tasks and another 2 days to write the report. I think the time provided is more than sufficient, and it’s definitely not the kind of exam where every minute feels like it’s critical. # SUMMARY Overall, the course and exam were a really enjoyable adventure for me. I definitely gained a lot from them and want to continue growing in this field. I’ve already got another device on my desk, waiting to be tested so I can develop the knowledge I’ve gained. # REFERENCES 1. https://academy.tcm-sec.com/p/beginner-s-guide-to-iot-and-hardware-hacking 2. https://certifications.tcm-sec.com/pipa/ 3. https://tcm-sec.com/pass-pipa-certification-exam 4. https://www.udemy.com/course/crash-course-electronics-and-pcb-design/?couponCode=ST9MT120225A