What HackerBoxes is — and is not
HackerBoxes is a US-based monthly subscription service launched in 2015 and run by a small Chicago team. Each month subscribers receive a themed box of electronics components — typically one anchor part (an ESP32 development board, an RTL-SDR dongle, a PN532 NFC module), three to six accessory components selected to enable specific projects, and a printed instruction sheet with QR codes pointing at online lab pages. Subscribers can skip individual months without cancelling, can buy back-issues from the catalogue at retail prices, and pay roughly $45 per box plus shipping.
It is not a pentest kit, and it is critical to start the review by setting that expectation. HackerBoxes is a maker subscription that often tilts toward security-adjacent topics: ESP32 wardriving, SDR signal scanning, RFID experimentation, retro-cryptography puzzles. When the theme aligns with pentest learning (roughly 40–50% of months by my count over a three-year subscription), the box is excellent. When it doesn't, you are paying $45 for a 12 V relay board and a sensor pack you could have bought from AliExpress for $9.
Hardware quality & component selection
Anchor parts are the heart of the box and are consistently respectable. ESP32 development boards have been the Espressif official DevKit-C or the equivalent S3 N16R8 modules — not generic JL-clone boards that fail to flash. SDR boxes have shipped genuine RTL-SDR Blog v3/v4 dongles, not unbranded NESDR clones. NFC modules have been Adafruit PN532 breakouts. The pattern is consistent: the headline component is a known-good module that you would buy intentionally for the project it enables.
Accessories vary more. Antennas in the SDR box are useful but not exotic; the breakout boards in IoT-themed boxes are usually Adafruit or SparkFun-grade; passive components (resistors, headers, jumpers) are generic but functional. Some boxes ship custom HackerBoxes-branded PCBs — usually shields or breakout boards that exist nowhere else. These are fun but their resale value is zero, so do not treat them as inventory.
A representative sample of the last five boxes
| Box | Theme | Anchor part | Accessories | Pentest value |
|---|---|---|---|---|
| HB0124 | ESP32 BLE Mesh | ESP32-S3 DevKit | BLE beacon shields, OLED, mini battery, sensor breakouts | Solid — BLE recon, advert spoofing, ESPHome flashing labs |
| HB0125 | SDR Starter | RTL-SDR Blog v4 dongle | Antenna kit, SMA pigtails, signal-analysis lab sheet | High — frequency hunting, ADS-B, sub-GHz survey |
| HB0126 | RFID Lab | PN532 NFC module + LF reader | T5577 cards, MIFARE cards, antenna tuner | High — pairs perfectly with a Flipper Zero or Proxmark |
| HB0127 | IoT Sensor Net | ESP32-C3 + LoRa SX1278 module | TTGO LoRa board, environment sensors, breadboard | Medium — useful for LoRaWAN labs, less for offensive work |
| HB0128 | Retro Crypto | STM32 dev board + WS2812 ring | OLED, hand-soldered enclosure, AES tutorial PCB | Low/educational — embedded crypto teaching, not offensive |
The pattern is visible: SDR, ESP32 and RFID boxes deliver immediate pentest learning value, while the retro-crypto and pure-IoT boxes are educational but offensively neutral. If you skipped only the months where the theme didn't align, you'd average roughly six boxes a year at $270, and your collected component pile would compare favourably with a $300 self-curated parts list.
Build documentation & learning curve
Each box ships with a printed insert that summarises the theme and lists the included components, plus a QR code linking to an online lab sheet. The lab sheets vary in quality. The strongest are the ESP32 and SDR ones — they walk through toolchain installation (ESP-IDF, PlatformIO, SDR#, Gqrx), explain the relevant theory at a 200-level depth, and provide working code on GitHub. The weakest are the project boxes where the lab sheet is a thinly wrapped Hackster tutorial.
For an absolute beginner, the curve is gentle but real. You will be expected to solder, to flash microcontroller firmware from a host computer, and to read enough of an SDK to modify example code. If those activities are still intimidating, start with a single back-issue box and gauge the pace before committing to a subscription. For an intermediate maker, the lab sheets are unlikely to teach you anything new; you will treat the box as a hardware-discovery service.
Community & aftermarket
HackerBoxes runs a Discord and a small forum. The Discord is the more active of the two — channel volume is modest, response time is hours rather than days, and the community is friendly. It is no substitute for r/AskElectronics or the Adafruit forum at peak hours, but it is genuinely useful when you are stuck on a HackerBoxes-specific PCB. The aftermarket is robust: most boxes show up on eBay six to twelve months later at 50–70% of retail, and the catalogue page on the HackerBoxes website lets you buy older boxes at the original price as long as inventory holds.
Legality, ethics & field use
HackerBoxes ship commodity electronics — no inherently regulated radios, no LF/HF reader-writer hardware sold in customs-flagged categories, no rolling-code defeat tools. There has never been a US-customs seizure of a HackerBoxes shipment that I'm aware of. The components inside the boxes can absolutely be assembled into hardware that is regulated (you can build a sub-GHz transmitter from a CC1101 module + an antenna), but the kits as shipped are educational electronics. Treat them the way you would treat an Arduino starter kit: legal to possess, ethical to use within scope, dual-use only by intent.
Deployment scenarios
Scenario 1 — Structured learning
Subscribe for a year, skip the months that look weak, and build the SDR / ESP32 / RFID labs. By month six you will have soldered a half-dozen boards, flashed three microcontrollers, captured your first 433 MHz remote and read your first MIFARE card. Excellent for the "I want to learn hardware but don't know where to start" learner.
Scenario 2 — Gift / curriculum
Three-month gift sub for a curious teenager or a colleague who wants to break into hardware. The themed cadence keeps engagement up, and the printed insert gives them somewhere to start without you having to write a curriculum.
Scenario 3 — Component stockpile
If you build IoT prototypes regularly, the boxes are a low-effort way to keep a drawer of ESP32 boards, sensors, and breakouts topped up. Cost per component is competitive with retail and beats AliExpress on quality assurance.
Scenario 4 — Awareness training
For a corporate security-team enablement program, queue up the SDR and RFID boxes and run a two-hour internal workshop where engineers clone a card or capture a 433 MHz fob. The visceral impact of "this is real" generally exceeds two days of phishing-only awareness training.
How HackerBoxes compares with the alternatives
| Aspect | HackerBoxes | Adafruit AdaBox | Crowd Supply | DIY (parts list) |
|---|---|---|---|---|
| Cost | $45/month (+ shipping) | $60/quarter | Variable per project — $25–$2,000 | $15–60 per kit (parts only) |
| Curation | Themed, pentest-leaning ~40% of months | Maker / creative, no pentest focus | Whatever you fund | You curate |
| Build sheets | PDF + online instructions | Polished Learn Adafruit pages | Project-specific docs | GitHub READMEs + YouTube |
| Anchor part value | Usually $25–40 (legitimate single-purchase cost) | Adafruit retail value | Manufacturer pricing | Cost-only |
| Community | Forum + Discord — modest | Adafruit forum — large | Per project | StackExchange, r/AskElectronics |
| Pentest relevance | Theme-dependent — best months are gold | Very low | Project-dependent (Proxmark, USB Armory) | Whatever you target |
| Lock-in | Subscription (skip-month available) | Quarterly subscription | One-time crowdfund | None |
Pure DIY remains the cheapest path and the one that produces the deepest knowledge — but it is also the one that produces the most half-finished projects and the least follow-through. The whole point of a curated subscription is to outsource the planning. AdaBox is more polished but almost entirely maker-focused. Crowd Supply ships individual projects of much higher technical depth but with no cadence. HackerBoxes is unique in its blend: themed cadence, security-adjacent topics, and a price point that lets a hobbyist commit to it without resentment.
Pros & cons
Subscribe if…
- You're a beginner who wants externally imposed cadence to actually finish projects.
- You enjoy the surprise factor and treat misses as part of the deal.
- You want to gradually accumulate ESP32 / SDR / RFID modules without parts-list overhead.
- You're running an internal team curriculum and want a monthly excuse to gather.
- You skip strategically and treat 6 of 12 boxes a year as the realistic hit rate.
Skip if…
- You need a deep, depth-first dive into one specific topic — DIY is cheaper and faster.
- You're an experienced engineer who already has a stocked components drawer.
- You are pentest-only and need every dollar to land on directly-applicable kit (Proxmark, HackRF, Flipper).
- You hate subscription billing — the skip-month UX is functional but not elegant.
- You live outside North America — international shipping erodes the value proposition fast.
Verdict
HackerBoxes is a good subscription, not a great one — and that is the right framing. It is genuinely useful for the audience it was built for (curious beginners, parents shopping for technical gifts, internal trainers running a "make something" hour), and it sits in a useful adjacency to the deeper pentest hardware tools reviewed elsewhere on this page. Skip strategically, treat 6 of 12 boxes a year as a realistic hit rate at this subscription cadence, pair the SDR / RFID / ESP32 boxes with a Flipper Zero or a Proxmark for amplified value, and you will get your $270 a year of fun and an honest amount of hands-on skill out of the experience.
