Beispiel #1
0
    def run(self):
        self.emitter = self.getEmitter(interface=self.args['INTERFACE'])
        self.receiver = self.getReceiver(interface=self.args['INTERFACE'])

        self.currentChannel = self.emitter.getChannel()
        self.initializeCallbacks()

        if self.checkCommunicationCapabilities():
            if self.args["TARGET"] != "":
                self.emitter.enterSnifferMode(self.args["TARGET"])
                self.target = self.args["TARGET"].upper()
                self.updatePrompt(self.target)
            else:
                self.updatePrompt()
            if self.loadScenario():
                self.scenarioStop = False
                io.info("Scenario loaded !")
                self.startScenario()
                while not self.scenarioStop:
                    utils.wait(seconds=0.1)
                self.endScenario()
            else:
                interpreter.Interpreter.loop(self)

            return self.ok()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to communicate as a PRX device.")
            return self.nok()
Beispiel #2
0
    def onMasterWriteRequest(self, packet):

        # Changing RGB values
        if packet.handle == 0x21 and b"\x55\x13" in packet.value:
            print(packet)
            value = (packet.value[0:2] + bytes(
                [packet.value[4], packet.value[2], packet.value[3]]) + b"\r\n")
            io.info("Changing RGB values ...")
            self.a2sEmitter.sendp(
                ble.BLEWriteRequest(handle=packet.handle, value=value))
            return False

        # Changing on/off packets
        elif packet.handle == 0x21 and b"\x55\x10\x01\x0d\x0a" == packet.value:
            for _ in range(3):
                io.info("Day !")
                self.a2sEmitter.sendp(
                    ble.BLEWriteCommand(handle=packet.handle,
                                        value=b"\x55\x10\x01\x0d\x0a"))
                utils.wait(seconds=1)
                io.info("Night !")
                self.a2sEmitter.sendp(
                    ble.BLEWriteCommand(handle=packet.handle,
                                        value=b"\x55\x10\x00\x0d\x0a"))
                utils.wait(seconds=1)
        return True
Beispiel #3
0
    def run(self):

        self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
        if self.checkCapabilities():
            if utils.isNumber(self.args["CHANNEL"]):
                self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
            else:
                io.fail("You must provide a channel number !")
                return self.nok()

            self.pcapReceiver = self.getReceiver(
                interface=self.args["PCAP_FILE"])
            io.info("Extracting packet stream from PCAP ...")
            stream = self.pcapReceiver.generateStream()
            io.success("Packet stream successfully extracted !")

            io.info("Injecting ...")
            self.emitter.sendp(*stream)
            for i in stream:
                i.show()
            while not self.emitter.isTransmitting():
                utils.wait(seconds=0.1)

            while self.emitter.isTransmitting():
                utils.wait(seconds=0.1)
            io.success("Injection done !")
            return self.ok()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to inject frames.")
            return self.nok()
Beispiel #4
0
    def run(self):
        interface = self.args["INTERFACE"]
        self.emitter = self.getEmitter(interface=interface)
        self.receiver = self.getReceiver(interface=interface)
        if self.checkCapabilities():
            self.initializeServer()
            if self.args["ATT_FILE"] != "" and self.fileExists(
                    self.args["ATT_FILE"]):
                self.importATT()
            elif self.args["GATT_FILE"] != "" and self.fileExists(
                    self.args["GATT_FILE"]):
                self.importGATT()
            else:
                io.info("No filename provided : empty database !")

            self.initializeCallbacks()

            if self.loadScenario():
                io.info("Scenario loaded !")
                self.startScenario()
                while not self.emitter.isConnected():
                    utils.wait(seconds=0.01)
                while self.emitter.isConnected():
                    utils.wait(seconds=0.01)
                self.endScenario()
            else:
                interpreter.Interpreter.loop(self)

            return self.ok()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to communicate as a slave.")
            return self.nok()
Beispiel #5
0
    def run(self):
        interface = self.args["INTERFACE"]
        timeout = utils.integerArg(self.args["TIMEOUT"])

        self.emitter = self.getEmitter(interface=interface)
        self.receiver = self.getReceiver(interface=interface)

        if self.checkCapabilities():
            io.info("Trying to connect to : " + self.args["TARGET"] +
                    " (type : " + self.args["CONNECTION_TYPE"] + ")")
            self.emitter.sendp(
                ble.BLEConnect(self.args["TARGET"],
                               type=self.args["CONNECTION_TYPE"]))

            while not self.receiver.isConnected() and timeout > 0:
                timeout -= 1
                utils.wait(seconds=1)

            if self.receiver.isConnected():
                io.success("Connected on device : " + self.args["TARGET"])
                return self.ok({"INTERFACE": self.args["INTERFACE"]})

            else:
                io.fail("Error during connection establishment !")
                self.emitter.sendp(ble.BLEConnectionCancel())
                return self.nok()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to initiate connection.")
            return self.nok()
Beispiel #6
0
    def connect(self, packet):
        if self.getStage() == BLEMitmStage.WAIT_CONNECTION:

            io.success("Master connected : " + packet.srcAddr)

            self.initiatorAddress = packet.srcAddr
            self.initiatorAddressType = b"\x00" if packet.type == "public" else b"\x01"

            if self.args["ADVERTISING_STRATEGY"] == "preconnect":
                if utils.booleanArg(self.args["MASTER_SPOOFING"]):
                    self.a2sEmitter.sendp(ble.BLEDisconnect())
                    while self.a2sEmitter.isConnected():
                        utils.wait(seconds=0.01)
                    self.a2sEmitter.setAddress(packet.srcAddr,
                                               random=packet.type == "random")
                    address = utils.addressArg(self.args["TARGET"])
                    connectionType = self.args["CONNECTION_TYPE"]
                    io.info("Connecting to slave " + address + "...")
                    self.a2sEmitter.sendp(
                        ble.BLEConnect(dstAddr=address,
                                       type=connectionType,
                                       initiatorType=packet.type))
                    while not self.a2sEmitter.isConnected():
                        utils.wait(seconds=0.01)
            if self.args["ADVERTISING_STRATEGY"] == "flood":
                if utils.booleanArg(self.args["MASTER_SPOOFING"]):
                    self.a2sEmitter.setAddress(packet.srcAddr,
                                               random=packet.type == "random")
                self.connectOnSlave(packet.type)
            self.setStage(BLEMitmStage.ACTIVE_MITM)
            io.info("Entering ACTIVE_MITM stage ...")
Beispiel #7
0
 def send_deauth(self):
     packet_count = utils.integerArg(self.args["COUNT"])
     if packet_count == 0:
         count = 0
         while True:
             if self.args["MODE"].lower(
             ) == "both" or self.args["MODE"].lower() == "deauthentication":
                 self.emitter.sendp(self.deauth_packet)
             if self.args["MODE"].lower(
             ) == "both" or self.args["MODE"].lower() == "disassociation":
                 self.emitter.sendp(self.disas_packet)
             utils.wait(seconds=0.05)
             count += 1
             if count % 100 == 0 and utils.booleanArg(self.args['VERBOSE']):
                 io.info("Sent {} deauthentication packets via {}".format(
                     count, self.args["INTERFACE"]))
     else:
         for count in range(packet_count):
             if self.args["MODE"].lower(
             ) == "both" or self.args["MODE"].lower() == "deauthentication":
                 self.emitter.sendp(self.deauth_packet)
             if self.args["MODE"].lower(
             ) == "both" or self.args["MODE"].lower() == "disassociation":
                 self.emitter.sendp(self.disas_packet)
             utils.wait(seconds=0.05)
             if count % 100 == 0 and utils.booleanArg(self.args['VERBOSE']):
                 io.info("Sent {} deauthentication packets via {}".format(
                     count, self.args["INTERFACE"]))
Beispiel #8
0
 def _sweepingThread(self):
     for channel in self.sweepingSequence:
         if ((self.sniffingMode == BLESniffingMode.NEW_CONNECTION
              and not self.synchronized)
                 or self.sniffingMode == BLESniffingMode.ADVERTISEMENT):
             self.setChannel(channel=channel)
         utils.wait(seconds=0.1)
Beispiel #9
0
	def sniffAdvertisements(self,target, channel):

		if len(self.receivers) == 1:
			enabled,sweepingSequence = self.sweepingParameter()
			if enabled:
				self.receivers[0].setSweepingMode(enable=True,sequence=sweepingSequence)
			self.receivers[0].sniffAdvertisements(address=target, channel=channel)
			self.receivers[0].onEvent("*", callback=self.show)
		elif len(self.receivers) == 2:
			self.receivers[0].sniffAdvertisements(address=target,channel=37)
			self.receivers[1].sniffAdvertisements(address=target,channel=38)
			self.receivers[0].onEvent("*", callback=self.show)
			self.receivers[1].onEvent("*", callback=self.show)

		elif len(self.receivers) == 3:
			self.receivers[0].sniffAdvertisements(address=target,channel=37)
			self.receivers[1].sniffAdvertisements(address=target,channel=38)
			self.receivers[2].sniffAdvertisements(address=target,channel=39)
			self.receivers[0].onEvent("*", callback=self.show)
			self.receivers[1].onEvent("*", callback=self.show)
			self.receivers[2].onEvent("*", callback=self.show)
		else:
			io.fail("No sniffer detected !")
			return self.nok()
		while True:
			utils.wait(seconds=0.01)
Beispiel #10
0
    def recv(self):
        '''
		This method allows to receive raw HCI packets from the HCI device.
		'''
        self._enterListening()
        try:
            if self.socket is not None and self.socket.fileno(
            ) != -1 and self.socket.readable():
                packet = self._recv()
                #packet.show()
                if self._commandModeEnabled() and packet.type == 0x04:
                    self.commandResponses.put(packet)
                    return None
                else:
                    self._exitListening()
                    return packet

            else:
                self._exitListening()
                utils.wait(seconds=0.0001)
            return None
        # An error may occur during a socket restart
        except OSError as e:
            self._exitListening()
            return None
Beispiel #11
0
	def resetUbertooth(cls,index=0):
		'''
		This class method allows to reset the Ubertooth, by providing the device's index.

		:param index: device's index
		:type index: int
		:return: boolean indicating if the reset operation was successful
		:rtype: bool

		:Example:
			
			>>> BtUbertoothDevice.resetUbertooth(0)
			True
		
		'''
		try:
			device = list(usb.core.find(idVendor=UBERTOOTH_ID_VENDOR,idProduct=UBERTOOTH_ID_PRODUCT,find_all=True))[index]
			bus = str(device.bus).zfill(3)
			addr = str(device.address).zfill(3)
			filename = "/dev/bus/usb/"+bus+"/"+addr
			
			ioctl(open(filename,"w"),USBDEVFS_RESET,0)
			device.ctrl_transfer(CTRL_OUT,UBERTOOTH_RESET,0, 0)
			utils.wait(seconds=1)

			return True

		except (IOError,IndexError):
			io.fail("Unable to reset ubertooth device : #"+str(index))
			
		return False
Beispiel #12
0
    def run(self):
        interface = self.args["INTERFACE"]
        self.emitter = self.getEmitter(interface=interface)
        if self.checkCapabilities():
            if self.emitter.isConnected():
                self.emitter.sendp(ble.BLEDisconnect())
            while self.emitter.isConnected():
                utils.wait(seconds=0.01)
            address = (self.emitter.getAddress()
                       if self.args["ADVERTISING_ADDRESS"] == "" else
                       utils.addressArg(self.args["ADVERTISING_ADDRESS"]))
            if address != self.emitter.getAddress():
                self.emitter.setAddress(address)

            if utils.isHexadecimal(self.args["SCANNING_DATA"]):
                scanningData = bytes.fromhex(self.args["SCANNING_DATA"])
            else:
                scanningData = b""

            if utils.isHexadecimal(self.args["ADVERTISING_DATA"]):
                advertisingData = bytes.fromhex(self.args["ADVERTISING_DATA"])
            else:
                advertisingData = b""

            destAddress = ("00:00:00:00:00:00"
                           if self.args["DESTINATION_ADDRESS"] == "" else
                           utils.addressArg(self.args["DESTINATION_ADDRESS"]))

            intervalMin = utils.integerArg(self.args["INTERVAL_MIN"])
            intervalMax = utils.integerArg(self.args["INTERVAL_MAX"])

            advertisingType = self.args["ADVERTISING_TYPE"].upper()

            advertisingAddressType = "public" if self.args[
                "ADVERTISING_ADDRESS_TYPE"].lower() == "public" else "random"
            destinationAddressType = "public" if self.args[
                "DESTINATION_ADDRESS_TYPE"].lower() == "public" else "random"
            self.emitter.setScanningParameters(data=scanningData)
            self.emitter.setAdvertisingParameters(
                type=advertisingType,
                destAddr=destAddress,
                data=advertisingData,
                intervalMin=intervalMin,
                intervalMax=intervalMax,
                daType=advertisingAddressType,
                oaType=destinationAddressType)
            self.emitter.setAdvertising(
                enable=utils.booleanArg(self.args["ENABLE"]))
            time = utils.integerArg(
                self.args['TIME']) if self.args["TIME"] != "" else -1

            while time != 0:
                utils.wait(seconds=1)
                time -= 1
            return self.ok({"INTERFACE": self.args["INTERFACE"]})
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to send advertisements.")
            return self.nok()
Beispiel #13
0
	def _poll(self):
		try:
			result = self.ubertooth.ctrl_transfer(CTRL_IN,UBERTOOTH_POLL,0, 0,512,timeout=100)
			utils.wait(seconds=0.001)
		except usb.core.USBError as e:
			#io.fail("USB Error : "+str(e))
			return array.array('B',[])
		return result
Beispiel #14
0
    def run(self):
        self.emitter = self.getEmitter(interface=self.args['INTERFACE'])
        self.receiver = self.getReceiver(interface=self.args['INTERFACE'])
        self.windowSize = utils.integerArg(self.args['WINDOW'])
        self.n = utils.integerArg(self.args['ENVIRONMENT_FACTOR'])
        self.devices = {}
        self.connections = {}
        # store rssi values over time
        self.values = {}
        self.deviceCallback = self.args['DEVICE_CALLBACK'] if callable(
            self.args['DEVICE_CALLBACK']) else self.display
        self.connectionCallback = self.args['CONNECTION_CALLBACK'] if callable(
            self.args['CONNECTION_CALLBACK']) else self.display
        self._dirty = False
        self.scanningTime = utils.integerArg(
            self.args['TIME']) if self.args["TIME"] != "" else -1

        scanDev = self.args['SCAN_TYPE'] == 'all' or self.args[
            'SCAN_TYPE'] == 'devices'
        if scanDev:
            io.info('Scanning for existing devices')
            self.receiver.setSweepingMode(enable=True, sequence=[37, 38, 39])
            self.receiver.sniffAdvertisements(address="FF:FF:FF:FF:FF:FF")
            self.receiver.onEvent("*", callback=self.onAdvertisement)

            remainingTime = self.scanningTime
            while remainingTime != 0:
                utils.wait(seconds=1)
                remainingTime -= 1
                if (self._dirty):
                    self.deviceCallback(self.devices)
                    self._dirty = False

            # stop listening for advertisements
            self.receiver.setSweepingMode(enable=False)
            self.receiver.removeCallbacks()

        scanConn = self.args['SCAN_TYPE'] == 'all' or self.args[
            'SCAN_TYPE'] == 'connections'
        if scanConn:
            io.info('Scanning for existing connections')
            self.receiver.scanExistingConnections(
                onConnection=self.onConnectionFound,
                resetState=self.args['SCAN_TYPE'] == 'all')
            remainingTime = self.scanningTime
            while remainingTime != 0:
                utils.wait(seconds=1)
                remainingTime -= 1
                if (self._dirty):
                    self.connectionCallback(self.connections)
                    self._dirty = False

        return self.ok({
            'devices': self.devices,
            'connections': self.connections
        })
Beispiel #15
0
 def show(self):
     io.info("Received frames: (Ctrl + C to exit)")
     self.showMode = True
     try:
         while True:
             utils.wait(seconds=0.1)
     except KeyboardInterrupt:
         self.showMode = False
     sys.stdout.write("\r")
     self.updatePrompt(self.target if self.target is not None else "")
Beispiel #16
0
	def send(self,packet):
		calcFcs = fcs(bytes(packet))
		self.receivePipeline.stop()
		self.transmitPipeline.start()
		packet = bytes(packet)+calcFcs
		packet = bytes([len(packet)])+packet
		self.transmitPipeline.setInput(packet)
		utils.wait(seconds=0.75)
		self.transmitPipeline.stop()
		self.receivePipeline.start()
Beispiel #17
0
	def disconnect(self):
		if self.receiver.isConnected():
			self.emitter.sendp(ble.BLEDisconnect())
			utils.wait(seconds=1)
			io.success("Disconnected !")
			if self.receiver.isConnected():
				self.updatePrompt(self.emitter.getCurrentConnection())
			else:
				self.updatePrompt()
		else:
			io.fail("No active connections !")
Beispiel #18
0
 def _setTarget(self, target="00:00:00:00:00:00"):
     utils.wait(seconds=1)
     data = array.array(
         "B",
         bytes.fromhex(target.replace(":", "")) + bytes(0x30))
     self.ubertooth.ctrl_transfer(CTRL_OUT,
                                  UBERTOOTH_BTLE_SET_TARGET,
                                  0,
                                  0,
                                  data,
                                  timeout=5000)
Beispiel #19
0
	def run(self):

		self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
		self.receiver = self.getReceiver(interface=self.args["INTERFACE"])

		if self.checkInjectingCapabilities():
			self.pcapReceiver = self.getReceiver(interface=self.args["PCAP_FILE"])

			self.target = "FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])

			if self.target == "FF:FF:FF:FF:FF" and not self.checkPassiveScanningCapabilities():
				io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan in promiscuous mode, you have to provide a specific target.")
				return self.nok()

			if self.target != "FF:FF:FF:FF:FF" and self.args["CHANNEL"].lower() == "auto" and not self.checkActiveScanningCapabilities():
				io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.")
				return self.nok()

			if self.target == "FF:FF:FF:FF:FF":
				io.info("Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted.")
				self.emitter.enterPromiscuousMode()
			else:
				io.info("Sniffing mode enabled !")
				self.emitter.enterSnifferMode(address=self.target)


			if utils.isNumber(self.args["CHANNEL"]):
				self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
			elif self.args["CHANNEL"].lower() == "auto":
				self.searchChannel()
			else:
				io.fail("A channel must be provided in order to perform an injection.")
				return self.nok()

			

			io.info("Extracting packet stream from PCAP ...")
			stream = self.pcapReceiver.generateStream()
			io.success("Packet stream successfully extracted !")

			io.info("Injecting ...")
			self.emitter.sendp(*stream)

			while not self.emitter.isTransmitting():
				utils.wait(seconds=0.1)

			while self.emitter.isTransmitting():
				utils.wait(seconds=0.1)
			io.success("Injection done !")
			return self.ok()
		else:
			io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to inject.")
			return self.nok()
Beispiel #20
0
    def run(self):

        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])

        if self.checkCapabilities():
            if utils.isNumber(self.args["CHANNEL"]):
                self.receiver.setChannel(utils.integerArg(
                    self.args["CHANNEL"]))
            else:
                io.fail("You must provide a channel number !")
                return self.nok()

            if self.args["TARGET_PANID"] != "":
                self.targetPanID = utils.integerArg(self.args["TARGET_PANID"])
            else:
                self.targetPanID = None

            if self.args["TARGET"] != "" and self.args["TARGET"][2:].upper(
            ) != "FFFF" and self.args["TARGET"].upper(
            ) != "FF:FF:FF:FF:FF:FF:FF:FF":
                if utils.isNumber(self.args["TARGET"]):
                    self.target = utils.integerArg(self.args["TARGET"])
                else:
                    self.target = zigbee.convertAddress(self.args["TARGET"])
            else:
                self.target = None

            if self.args["PCAP_FILE"] != "":
                self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])
            else:
                self.pcap = None
            self.receiver.onEvent("*", callback=self.show)

            time = utils.integerArg(
                self.args['TIME']) if self.args["TIME"] != "" else None
            start = utils.now()
            while utils.now() - start <= time if time is not None else True:
                utils.wait(seconds=0.1)

            self.receiver.removeCallbacks()

            output = {
                "CHANNEL": self.args["CHANNEL"],
                "INTERFACE": self.args["INTERFACE"],
                "PCAP_FILE": self.args["PCAP_FILE"]
            }
            return self.ok(output)
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to sniff and inject frames.")
            return self.nok()
Beispiel #21
0
    def run(self):
        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
        self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
        if self.checkCapabilities():
            self.receiver.enterSnifferMode(
                utils.addressArg(self.args["TARGET"]))
            if self.checkInjectionSyncCapabilities():
                if utils.booleanArg(self.args["SYNC"]):
                    self.receiver.enableSync()
                else:
                    self.receiver.disableSync()
            else:
                io.warning(
                    "Synchronized injection is not supported by this interface, the SYNC parameter will be ignored ..."
                )

            self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))

            if self.args["TEXT"] != "":
                keystrokes = self.addMosartText(self.args["TEXT"])
                self.emitter.sendp(*keystrokes)
                while not self.emitter.isTransmitting():
                    utils.wait(seconds=0.1)
                while self.emitter.isTransmitting():
                    utils.wait(seconds=0.1)

            elif self.args["DUCKYSCRIPT"] != "":
                parser = DuckyScriptParser(filename=self.args["DUCKYSCRIPT"])
                keystrokes = parser.generatePackets(
                    textFunction=self.addMosartText,
                    initFunction=self.startMosartInjection,
                    keyFunction=self.addMosartKeystroke,
                    sleepFunction=self.addMosartDelay)
                self.emitter.sendp(*keystrokes)
                while not self.emitter.isTransmitting():
                    utils.wait(seconds=0.1)
                while self.emitter.isTransmitting():
                    utils.wait(seconds=0.1)

            elif utils.booleanArg(self.args["INTERACTIVE"]):
                self.stop = False
                self.watchKeyboard()
                while not self.stop:
                    utils.wait(seconds=0.5)

            return self.ok()
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to inject frames and run in sniffing mode.")
            return self.nok()
Beispiel #22
0
 def _sweepingThread(self):
     for channel in self.sweepingSequence:
         self.setChannel(channel=channel)
         if self.sniffingMode is not None:
             if self.sniffingMode == BLESniffingMode.ADVERTISEMENT:
                 self._internalCommand(
                     BTLEJack_Advertisements_Command() /
                     BTLEJack_Advertisements_Enable_Sniff_Command(
                         channel=channel),
                     noResponse=True)
             elif self.sniffingMode == BLESniffingMode.NEW_CONNECTION and not self.synchronized:
                 self._sniffConnectionRequests(address=self.lastTarget,
                                               channel=channel)
         utils.wait(seconds=0.1)
Beispiel #23
0
	def run(self):
		self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
		if self.checkCapabilities():
			self.receiver.onEvent("BLEAdvertisement",callback=self.scan)
			time = utils.integerArg(self.args['TIME']) if self.args["TIME"] != "" else -1
			self.receiver.setScan(enable=True)
			while time != 0:
				utils.wait(seconds=1)
				time -= 1
				self.updateDevices()
			self.receiver.setScan(enable=False)
			return self.generateOutput()
		else:
			io.fail("Interface provided ("+self.args["INTERFACE"]+") is not able to scan.")
			return self.nok()
Beispiel #24
0
    def run(self):
        self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
        if self.checkSniffingCapabilities():
            self.target = "FF:FF:FF:FF" if self.args[
                "TARGET"] == "" else self.args["TARGET"].upper()
            if self.target == "FF:FF:FF:FF":
                self.receiver.enterPromiscuousMode()
            else:
                self.receiver.enterSnifferMode(self.target)

            if self.args["PCAP_FILE"] != "":
                self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])

            if utils.booleanArg(self.args["DONGLE_PACKETS"]):
                self.receiver.enableDonglePackets()
            else:
                self.receiver.disableDonglePackets()

            if self.args["CHANNEL"] == "" or self.args["CHANNEL"].lower(
            ) == "auto":
                while not self.find():
                    io.info("Retrying ...")
            else:
                self.receiver.setChannel(utils.integerArg(
                    self.args["CHANNEL"]))

            self.receiver.onEvent("*", callback=self.show)
            time = utils.integerArg(
                self.args['TIME']) if self.args["TIME"] != "" else None
            start = utils.now()
            while utils.now() - start <= time if time is not None else True:
                utils.wait(seconds=0.5)

            self.receiver.removeCallbacks()
            if self.pcap is not None:
                self.pcap.stop()

            output = {}
            output["MOUSE_FILE"] = self.args["MOUSE_FILE"]
            output["PCAP_FILE"] = self.args["PCAP_FILE"]
            output["TARGET"] = self.target
            output["CHANNEL"] = str(int(self.receiver.getChannel()))

            return self.ok(output)
        else:
            io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
                    ") is not able to run in sniffing mode.")
            return self.nok()
Beispiel #25
0
    def jamAdvertisements(self):
        if self.checkAdvertisementsJammingCapabilities():
            channel = utils.integerArg(self.args["CHANNEL"])
            if self.args["TARGET"] != "":
                target = utils.addressArg(self.args["TARGET"])
                pattern = bytes.fromhex(target.replace(":", ""))[::-1]
                offset = 2
            elif (utils.isNumber(self.args["OFFSET"])
                  and utils.isHexadecimal(self.args["PATTERN"])
                  and self.args["OFFSET"] != ""
                  and self.args["PATTERN"] != ""):
                pattern = bytes.fromhex(self.args["PATTERN"])
                offset = utils.integerArg(self.args["OFFSET"])
            else:
                io.fail(
                    "You must provide a dewhitened pattern and an offset, or a target to jam."
                )
                return self.nok()

            if len(self.emitters) == 1:
                self.emitters[0].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=channel)
            if len(self.emitters) == 2:
                self.emitters[0].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=channel)
                self.emitters[1].jamAdvertisements(
                    pattern=pattern,
                    offset=offset,
                    channel=(channel + 1 if channel < 39 else 37))
            if len(self.emitters) == 3:
                self.emitters[0].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=37)
                self.emitters[1].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=38)
                self.emitters[2].jamAdvertisements(pattern=pattern,
                                                   offset=offset,
                                                   channel=39)

            while True:
                utils.wait(seconds=0.01)

        else:
            io.fail("Interfaces provided are not able to jam advertisements.")
            return self.nok()
Beispiel #26
0
    def findNRFSniffers(cls, index=None):
        '''
		This class method allows to find a specific NRFSniffer device, by providing the device's index. 
		If no index is provided, it returns a list of every devices found.
		If no device has been found, None is returned.

		:param index: device's index
		:type index: int
		:return: string indicating the device
		:rtype: str

		:Example:
			
			>>> NRFSnifferDevice.findNRFSniffers(0)
			'/dev/ttyACM0'
			>>> NRFSnifferDevice.findNRFSniffers()
			['/dev/ttyACM0','/dev/ttyACM1']
		'''
        devices = [i[0] for i in comports()]
        nrfsniffers = []
        for device in devices:
            attempts = 10
            while attempts > 0 and device not in nrfsniffers:
                try:
                    ser = Serial(port=device, baudrate=460800, timeout=5)
                    # Fingerprinting using Ping packet.
                    # Looks dirty in my opinion but I don't find a most elegant way.
                    ser.write(b"\xab\x06\x00\x01\x00\x00\x0d\xbc")
                    utils.wait(seconds=1)
                    response = b""
                    while ser.in_waiting:
                        response += ser.read(1)
                    if b"\x57\x04\xbc" in response:
                        nrfsniffers.append(device)
                except:
                    attempts -= 1
                    utils.wait(seconds=1)
        if index is None:
            return nrfsniffers
        else:
            try:
                nrfsniffer = nrfsniffers[index]
            except IndexError:
                return None
            return nrfsniffer
        return None
Beispiel #27
0
	def run(self):
		self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
		if self.checkCapabilities():
			frequency = self.receiver.getFrequency()
			if frequency != utils.integerArg(self.args["FREQUENCY"]):
				self.receiver.setFrequency(utils.integerArg(self.args["FREQUENCY"]))
			self.count = utils.integerArg(self.args["NUMBER"]) if utils.isNumber(self.args["NUMBER"]) else 1

			self.receiver.onEvent("*",callback=self.show)
			self.receiver.waitData()
			while self.count > 0:
				utils.wait(seconds=0.5)

			output = self.generateOutput()	
			return self.ok(output)
		else:
			io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to sniff IR signals.")			
			return self.nok()
Beispiel #28
0
    def monitoring(self):
        self.receiver.onEvent("*", callback=self.onPacket)
        try:
            if self.args["TIME"] == "":
                while True:
                    utils.wait(seconds=0.00001)

            elif utils.isNumber(self.args["TIME"]):
                time = utils.integerArg(self.args["TIME"])
                start = utils.now()
                while utils.now() - start < time:
                    utils.wait(seconds=0.0000001)

            else:
                io.fail("You have provided a wrong TIME value.")
                return self.nok()
        except KeyboardInterrupt:
            pass
Beispiel #29
0
	def _pingPRX(self):
		utils.wait(seconds=1)
		self.ackLock.acquire()
		self.emitter.sendp(esb.ESBPingRequestPacket(address=self.target))
		found = False
		start = utils.now()
		while utils.now() - start < 1:
			if self.ack:
				found = True
				break
		self.ack = False
		if not found:
			self.onPingFailure()
			while not self.emitter.scan():
				utils.wait(seconds=0.1)
			self.onPRXFound()
			self.currentChannel = self.emitter.getChannel()
			self.updatePrompt(self.target)
		self.ackLock.release()
Beispiel #30
0
    def sniffNewConnections(self, address='FF:FF:FF:FF:FF:FF', channel=None):
        '''
		This method starts the new connections sniffing mode.

		:param address: selected address - if not provided, no filter is applied (format : "1A:2B:3C:4D:5E:6F")
		:type address: str
		:param channel: selected channel - if not provided, channel 37 is selected
		:type channel: int

		:Example:

			>>> device.sniffNewConnections()
			>>> device.sniffNewConnections(channel=38)
			>>> device.sniffNewConnections(address="1A:2B:3C:4D:5E:6F")
			
		.. note::

			This method is a **shared method** and can be called from the corresponding Emitters / Receivers.

		'''
        self.synchronized = False
        self.sniffingMode = BLESniffingMode.NEW_CONNECTION
        self.lastTarget = address
        if self.sweepingMode:
            self._setChannels(self.sweepingSequence)
        else:
            if channel is None:
                channel = 37
            self._setChannel(channel)
        if address.upper() == "FF:FF:FF:FF:FF:FF":
            io.fail(
                "NRFSniffer requires to target a specific device in order to sniff a connection."
            )
        else:
            self._scanContinuously()
            while address.upper() not in self.targets:
                utils.wait(seconds=1)
            io.success("Target found :" + address.upper() + " [ " +
                       self.targets[address.upper()] + " ]")
            self._followTarget(address,
                               self.targets[address.upper()],
                               advertisementsOnly=False)