Since the use of lightweight cryptography for Internet of Things (IoT) security increases, it is necessary to inform significant threats to IoT devices through research on the attacks of lightweight cryptography. This article demonstrates successful attacks on six lightweight cryptographies: DESL, LBlock, TWINE, PRESENT, KLEIN, and LED, after investigating over 50 modern lightweight cryptographies built on SRAM field-programmable gate arrays (FPGAs). We first describe the fundamental procedure of an S-box attack to detect and manipulate S-box within the FPGA bitstream and then carefully customize the S-box attacks for each lightweight cryptography in order to weaken plaintext or key information. For practical analysis, a typical IoT platform based on Cortex-M0 operating at 50 MHz is implemented along with a variety of cryptography algorithms and design options on three Xilinx FPGA chips: Spartan-6, Artix-7, and Kintex Ultrascale. According to experimental results, the proposed attack successfully extracts the full 64-bit plaintext for DESL, LBlock, and TWINE. For KLEIN and LED, the full 64-bit keys are recovered, and for PRESENT, 80% of the 64-bit keys out of the total 80-bit keys are partially retrieved. We emphasize that the purpose of this article is not to provide attackers with a feasible attack strategy, but rather to raise awareness about the possibility of an attacker manipulating the lightweight cryptography on FPGA devices.