Beispiel #1
0
	def send(self,payloads="0f0f0f0f"):
		if self.target is None:
			io.fail("You must select a target before performing this action.")
		else:
			self.ackLock.acquire()
			for payload in payloads.split(","):
				try:
					esbPayload = bytes.fromhex(payload)
					self.emitter.sendp(esb.ESBPacket(address=self.target,payload=esbPayload))
					found = False
					start = utils.now()
					while utils.now() - start < 1:
						if self.ack:
							found = True
							break
					self.ack = False
					if found:
						io.success("ACK received.")
					else:
						io.fail("No ACK received.")
				except ValueError:
					io.fail("You must specify an hexadecimal payload.")
					self.ackLock.release()
					return
			self.ackLock.release()
Beispiel #2
0
    def run(self):

        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])

        if self.checkCapabilities():
            if utils.isNumber(self.args["CHANNEL"]):
                self.receiver.setChannel(utils.integerArg(
                    self.args["CHANNEL"]))
            else:
                io.fail("You must provide a channel number !")
                return self.nok()

            if self.args["TARGET_PANID"] != "":
                self.targetPanID = utils.integerArg(self.args["TARGET_PANID"])
            else:
                self.targetPanID = None

            if self.args["TARGET"] != "" and self.args["TARGET"][2:].upper(
            ) != "FFFF" and self.args["TARGET"].upper(
            ) != "FF:FF:FF:FF:FF:FF:FF:FF":
                if utils.isNumber(self.args["TARGET"]):
                    self.target = utils.integerArg(self.args["TARGET"])
                else:
                    self.target = zigbee.convertAddress(self.args["TARGET"])
            else:
                self.target = None

            if self.args["PCAP_FILE"] != "":
                self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])
            else:
                self.pcap = None
            self.receiver.onEvent("*", callback=self.show)

            time = utils.integerArg(
                self.args['TIME']) if self.args["TIME"] != "" else None
            start = utils.now()
            while utils.now() - start <= time if time is not None else True:
                utils.wait(seconds=0.1)

            self.receiver.removeCallbacks()

            output = {
                "CHANNEL": self.args["CHANNEL"],
                "INTERFACE": self.args["INTERFACE"],
                "PCAP_FILE": self.args["PCAP_FILE"]
            }
            return self.ok(output)
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to sniff and inject frames.")
            return self.nok()
Beispiel #3
0
    def run(self):
        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
        if self.checkSniffingCapabilities():
            self.target = "FF:FF:FF:FF" if self.args[
                "TARGET"] == "" else self.args["TARGET"].upper()
            if self.target == "FF:FF:FF:FF":
                self.receiver.enterPromiscuousMode()
            else:
                self.receiver.enterSnifferMode(self.target)

            if self.args["PCAP_FILE"] != "":
                self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])

            if utils.booleanArg(self.args["DONGLE_PACKETS"]):
                self.receiver.enableDonglePackets()
            else:
                self.receiver.disableDonglePackets()

            if self.args["CHANNEL"] == "" or self.args["CHANNEL"].lower(
            ) == "auto":
                while not self.find():
                    io.info("Retrying ...")
            else:
                self.receiver.setChannel(utils.integerArg(
                    self.args["CHANNEL"]))

            self.receiver.onEvent("*", callback=self.show)
            time = utils.integerArg(
                self.args['TIME']) if self.args["TIME"] != "" else None
            start = utils.now()
            while utils.now() - start <= time if time is not None else True:
                utils.wait(seconds=0.5)

            self.receiver.removeCallbacks()
            if self.pcap is not None:
                self.pcap.stop()

            output = {}
            output["MOUSE_FILE"] = self.args["MOUSE_FILE"]
            output["PCAP_FILE"] = self.args["PCAP_FILE"]
            output["TARGET"] = self.target
            output["CHANNEL"] = str(int(self.receiver.getChannel()))

            return self.ok(output)
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to run in sniffing mode.")
            return self.nok()
Beispiel #4
0
 def show(self, packet):
     if utils.booleanArg(self.args["ACK_PACKETS"]) or (
             not utils.booleanArg(self.args["ACK_PACKETS"])
             and not isinstance(packet, esb.ESBAckResponsePacket)):
         io.displayPacket(packet)
         self.lastReceivedFrameTimestamp = utils.now()
         if self.pcap is not None:
             self.pcap.sendp(packet)
Beispiel #5
0
    def monitoring(self):
        self.receiver.onEvent("*", callback=self.onPacket)
        try:
            if self.args["TIME"] == "":
                while True:
                    utils.wait(seconds=0.00001)

            elif utils.isNumber(self.args["TIME"]):
                time = utils.integerArg(self.args["TIME"])
                start = utils.now()
                while utils.now() - start < time:
                    utils.wait(seconds=0.0000001)

            else:
                io.fail("You have provided a wrong TIME value.")
                return self.nok()
        except KeyboardInterrupt:
            pass
Beispiel #6
0
	def _pingPRX(self):
		utils.wait(seconds=1)
		self.ackLock.acquire()
		self.emitter.sendp(esb.ESBPingRequestPacket(address=self.target))
		found = False
		start = utils.now()
		while utils.now() - start < 1:
			if self.ack:
				found = True
				break
		self.ack = False
		if not found:
			self.onPingFailure()
			while not self.emitter.scan():
				utils.wait(seconds=0.1)
			self.onPRXFound()
			self.currentChannel = self.emitter.getChannel()
			self.updatePrompt(self.target)
		self.ackLock.release()
Beispiel #7
0
	def recv(self):
		'''
		This method gets the packets from the PCAP file asynchronously.
		'''
		if self.mode == "read":
			while not self.reading:
				utils.wait(seconds=0.00001)
			success,data = self.getPacket()
			if success:
				timestamp,packet = data
				if self.initialTimestamp is None:
					self.initialTimestamp = timestamp
					self.beginningTimestamp = utils.now()
				else:
					while timestamp - self.initialTimestamp > (utils.now() - self.beginningTimestamp):
						utils.wait(seconds=0.00001)
				return self.buildPacket(packet,timestamp)
			else:
				self.publish("stop")
				self.close()
Beispiel #8
0
    def run(self):
        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
        self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
        if self.checkCapabilities():
            self.receiver.onEvent("*", callback=self.updateDevices)

            start = utils.now()
            startChannel = utils.integerArg(self.args["START_CHANNEL"])
            endChannel = utils.integerArg(self.args["END_CHANNEL"])

            numberOfChannels = endChannel + 1 - startChannel

            channels = list(range(startChannel, endChannel + 1))
            i = 0
            while self.args["TIME"] == "" or utils.now(
            ) - start < utils.integerArg(self.args["TIME"]):
                if startChannel != endChannel:
                    io.progress(i,
                                total=numberOfChannels,
                                suffix="Channel: " +
                                (" " if len(str(channels[i])) == 1 else "") +
                                str(channels[i]))
                self.receiver.setChannel(channels[i])
                if utils.booleanArg(self.args["ACTIVE"]):
                    self.emitter.sendp(
                        zigbee.ZigbeeBeaconRequest(sequenceNumber=1,
                                                   destPanID=0xFFFF,
                                                   destAddr=0xFFFF))
                utils.wait(seconds=0.1)
                i = (i + 1) % len(channels)

            if startChannel != endChannel:
                sys.stdout.write(" " * 100 + "\r")
            if len(self.devices) == 0:
                return self.nok()
            else:
                return self.generateOutput()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to sniff and inject frames.")
            return self.nok()
Beispiel #9
0
    def run(self):
        self.receiver = self.getReceiver(self.args["INTERFACE"])
        self.receiver.enterPromiscuousMode()
        if self.checkPromiscuousSniffingCapabilities():
            self.receiver.onEvent("*", callback=self.add)
            if utils.booleanArg(self.args["DONGLE_PACKETS"]):
                self.receiver.enableDonglePackets()
            else:
                self.receiver.disableDonglePackets()

            start = utils.now()
            startChannel = utils.integerArg(self.args["START_CHANNEL"])
            endChannel = utils.integerArg(self.args["END_CHANNEL"])

            numberOfChannels = endChannel + 1 - startChannel

            channels = list(range(startChannel, endChannel + 1))
            i = 0
            while self.args["TIME"] == "" or utils.now(
            ) - start < utils.integerArg(self.args["TIME"]):
                io.progress(i,
                            total=numberOfChannels,
                            suffix="Channel: " +
                            (" " if len(str(channels[i])) == 1 else "") +
                            str(channels[i]))
                self.receiver.setChannel(channels[i])
                utils.wait(seconds=0.1)
                self.displayDevices()
                i = (i + 1) % len(channels)
            sys.stdout.write(" " * 100 + "\r")
            if len(self.devices) >= 1:
                return self.ok(self.generateOutput())
            else:
                return self.nok()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to run in promiscuous mode.")
            return self.nok()
Beispiel #10
0
	def run(self):
		self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
		self.receiver.enterSnifferMode(utils.addressArg(self.args["TARGET"]))
		if self.checkSniffingCapabilities():
			self.receiver.onEvent("MosartKeyboardKeystrokePacket",callback=self.show)
			
			self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
			try:
				time = utils.integerArg(self.args['TIME']) if self.args["TIME"] != "" else None
				start = utils.now()
				while utils.now() - start <= time if time is not None else True:
					utils.wait(seconds=0.5)
			except KeyboardInterrupt:
				self.exportTextFile()
				self.receiver.removeCallbacks()
				return self.ok({"TEXT":self.text})

			self.exportTextFile()
			self.receiver.removeCallbacks()
			return self.ok({"TEXT":self.text})

		else:
			io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to run in sniffing mode.")
			return self.nok()
Beispiel #11
0
 def deviceToDongle(self, pkt):
     if pkt.payload != b"" and pkt.payload != b"\x0f\x0f\x0f\x0f" and pkt.payload != b"\xFF" * 32:
         self.lastFrame = utils.now()
         if self.stage == ESBMitmStage.DESYNC:
             self.deviceEmitter.sendp(
                 esb.ESBLogitechKeepAlivePacket(address=self.args["TARGET"],
                                                timeout=1))
             pkt.show()
             io.info("Injecting malicious KeepAlive...")
             self.injectionCount += 1
             if self.injectionCount >= 20:
                 self.injectionCount = 0
                 io.info("Changing dongle channel !")
                 self.dongleReceiver.setChannel(self.pickChannel())
         elif self.stage == ESBMitmStage.ACTIVE_MITM:
             self.dongleEmitter.clear()
             if isinstance(pkt, esb.ESBLogitechMousePacket):
                 self.logitechMousePacket(pkt)
             elif isinstance(pkt, esb.ESBLogitechSetTimeoutPacket):
                 self.logitechSetTimeoutPacket(pkt)
             elif isinstance(pkt,
                             esb.ESBLogitechUnencryptedKeyReleasePacket):
                 self.logitechUnencryptedKeyReleasePacket(pkt)
             elif isinstance(pkt, esb.ESBLogitechUnencryptedKeyPressPacket):
                 self.logitechUnencryptedKeyPressPacket(pkt)
             elif isinstance(pkt, esb.ESBLogitechKeepAlivePacket):
                 self.logitechKeepAlivePacket(pkt)
             elif isinstance(pkt, esb.ESBLogitechEncryptedKeystrokePacket):
                 self.logitechEncryptedKeystrokePacket(pkt)
             elif isinstance(pkt, esb.ESBLogitechMultimediaKeyPressPacket):
                 self.logitechMultimediaKeyPressPacket(pkt)
             elif isinstance(pkt,
                             esb.ESBLogitechMultimediaKeyReleasePacket):
                 self.logitechMultimediaKeyReleasePacket(pkt)
             self.dongleEmitter.sendp(
                 esb.ESBLogitechKeepAlivePacket(address=self.args["TARGET"],
                                                timeout=1200))
Beispiel #12
0
    def run(self):
        self.pcap = None
        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
        self.receiver.onEvent("*", callback=self.show)
        self.receiver.onEvent("ESBLogitechMousePacket",
                              callback=self.addMouseData)
        self.target = "FF:FF:FF:FF:FF" if self.args[
            "TARGET"] == "" else self.args["TARGET"].upper()
        if self.target == "FF:FF:FF:FF:FF":
            if self.checkPromiscuousSniffingCapabilities():
                io.info(
                    "Promiscuous mode enabled ! Only a subset of frames will be sniffed."
                )
                self.receiver.enterPromiscuousMode()
                if utils.booleanArg(self.args["ACTIVE_SCAN"]):
                    io.warning(
                        "Active scanning not compatible with promiscuous mode, ACTIVE parameter will be ignored."
                    )
                    self.activeMode = False
                else:
                    self.activeMode = utils.booleanArg(
                        self.args["ACTIVE_SCAN"])
            else:
                io.fail(
                    "Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to sniff packets in promiscuous mode, you have to provide a specific target."
                )
                return self.nok()
        else:
            if self.checkNormalSniffingCapabilities():
                io.info("Sniffing mode enabled !")
                self.receiver.enterSnifferMode(address=self.target)
                if utils.booleanArg(self.args["ACK_PACKETS"]):
                    io.warning(
                        "ACK cannot be sniffed in sniffing mode, ACK_PACKETS parameter will be ignored."
                    )
                self.activeMode = utils.booleanArg(self.args["ACTIVE_SCAN"])
            else:
                io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                        ") is not able to sniff packets.")
                return self.nok()

        if self.args["PCAP_FILE"] != "":
            self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])

        channelsTimeout = float(
            self.args["CHANNEL_TIMEOUT"]
        ) if self.args["CHANNEL_TIMEOUT"] != "" else None

        if self.activeMode and not self.checkActiveScanningCapabilities():
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to perform an active scan.")
            return self.nok()

        self.generateChannels()
        self.searchChannel()

        time = utils.integerArg(
            self.args['TIME']) if self.args["TIME"] != "" else None
        start = utils.now()
        while utils.now() - start <= time if time is not None else True:
            if ((utils.now() -
                 self.lastReceivedFrameTimestamp >= channelsTimeout) if
                (channelsTimeout is not None
                 and self.lastReceivedFrameTimestamp is not None) else False):
                io.fail("Channel lost...")
                if self.args["LOST_STREAM_ACTION"].lower() == "continue":
                    self.searchChannel()
                else:
                    break

        self.receiver.removeCallbacks()
        if self.pcap is not None:
            self.pcap.stop()

        output = {}
        output["MOUSE_FILE"] = self.args["MOUSE_FILE"]
        output["PCAP_FILE"] = self.args["PCAP_FILE"]
        output["TARGET"] = self.target
        output["CHANNEL"] = str(int(self.receiver.getChannel()))

        return self.ok(output)
Beispiel #13
0
    def run(self):
        self.deviceReceiver = self.getReceiver(
            interface=self.args["INTERFACE1"])
        self.deviceEmitter = self.getEmitter(interface=self.args["INTERFACE1"])

        self.dongleReceiver = self.getReceiver(
            interface=self.args["INTERFACE2"])
        self.dongleEmitter = self.getEmitter(interface=self.args["INTERFACE2"])

        if self.checkCapabilities():

            self.deviceReceiver.enterSnifferMode(self.args["TARGET"])
            self.dongleReceiver.enterSnifferMode(self.args["TARGET"])

            self.deviceReceiver.onEvent("*", self.deviceToDongle)
            self.dongleReceiver.onEvent("*", self.dongleToDevice)
            if self.loadScenario():
                io.info("Scenario loaded !")
                self.startScenario()

            io.info("Entering SCAN stage ...")
            self.setStage(ESBMitmStage.SCAN)
            while not self.deviceReceiver.scan(self.channels):
                io.info("Looking for dongle ...")
                utils.wait(seconds=0.01)
            io.success("Dongle found !")

            io.info("Entering DESYNC stage ...")
            self.setStage(ESBMitmStage.DESYNC)

            dongleChannel = self.pickChannel()
            self.dongleReceiver.setChannel(dongleChannel)
            self.deviceReceiver.enableAutoAck()

            while self.stage != ESBMitmStage.STOP:
                io.info("Transmitting ACK frames for device on channel " +
                        str(self.deviceReceiver.getChannel()) + " ...")
                io.info(
                    "Transmitting KeepAlive frames for dongle on channel " +
                    str(self.dongleReceiver.getChannel()) + " ...")

                keepAlives = []
                keepAlives.append(
                    esb.ESBLogitechKeepAlivePacket(address=self.args["TARGET"],
                                                   timeout=1200))
                keepAlives.append(wireless.WaitPacket(time=10.0 / 1000.0))
                while self.stage == ESBMitmStage.DESYNC or self.stage == ESBMitmStage.ACTIVE_MITM:
                    self.dongleEmitter.sendp(*keepAlives)
                    utils.wait(seconds=0.001)
                    if self.dongleEmitter.getChannel(
                    ) == self.deviceEmitter.getChannel():
                        self.dongleEmitter.setChannel(self.pickChannel())
                        self.ackCount = 0
                        self.injectionCount = 0
                        self.setStage(ESBMitmStage.DESYNC)
                        break
                    if self.lastFrame is not None and utils.now(
                    ) - self.lastFrame > utils.integerArg(
                            self.args["TIMEOUT"]):
                        io.fail("Device lost, terminating ...")
                        self.setStage(ESBMitmStage.STOP)
                        break

            if self.scenarioEnabled:
                self.endScenario()

            return self.ok()
        else:
            io.fail("Interfaces provided (" + str(self.args["INTERFACE1"]) +
                    ", " + str(self.args["INTERFACE2"]) +
                    ") are not able to run this module.")
            return self.nok()