def pairingResponse(self, packet):
if self.getStage() == BLEMitmStage.ACTIVE_MITM:
io.info(
("Pairing Response (from slave) : " + "\n=> outOfBand = " +
("yes" if packet.outOfBand else "no") +
"\n=> inputOutputCapability = " + str(
ble.InputOutputCapability(
data=bytes([packet.inputOutputCapability]))) +
"\n=> authentication = " +
str(ble.AuthReqFlag(data=bytes([packet.authentication]))) +
"\n=> maxKeySize = " + str(packet.maxKeySize) +
"\n=> initiatorKeyDistribution = " + str(
ble.KeyDistributionFlag(
data=bytes([packet.initiatorKeyDistribution])))) +
"\n=> responderKeyDistribution = " + str(
ble.KeyDistributionFlag(
data=bytes([packet.responderKeyDistribution]))))
io.info("Storing Pairing Response's payload :" +
packet.payload.hex())
self.pRes = packet.payload[::-1]
io.info("Redirecting to master ...")
self.a2mEmitter.sendp(
ble.BLEPairingResponse(
outOfBand=packet.outOfBand,
inputOutputCapability=packet.inputOutputCapability,
authentication=packet.authentication,
maxKeySize=packet.maxKeySize,
initiatorKeyDistribution=packet.initiatorKeyDistribution,
responderKeyDistribution=packet.responderKeyDistribution))
def masterPairingRequest(self, pkt):
self.initiatorAddress = self.emitter.getCurrentConnection()
self.initiatorAddressType = b"\x00" if self.emitter.getCurrentConnectionMode(
) == "public" else b"\x01"
self.responderAddress = self.emitter.getAddress()
self.responderAddressType = b"\x00" if self.emitter.getAddressMode(
) == "public" else b"\x01"
pkt.show()
self.pairingRequest = pkt
self.pReq = self.pairingRequest.payload[::-1]
self.initiatorAuthReq = ble.AuthReqFlag(
data=bytes([pkt.authentication]))
self.initiatorInputOutputCapability = ble.InputOutputCapability(
data=bytes([pkt.inputOutputCapability]))
self.initiatorKeyDistribution = ble.KeyDistributionFlag(
data=bytes([pkt.initiatorKeyDistribution]))
keyboard = utils.booleanArg(self.args["KEYBOARD"])
yesno = utils.booleanArg(self.args["YESNO"])
display = utils.booleanArg(self.args["DISPLAY"])
ct2 = utils.booleanArg(self.args["CT2"])
mitm = utils.booleanArg(self.args["MITM"])
bonding = utils.booleanArg(self.args["BONDING"])
secureConnections = utils.booleanArg(self.args["SECURE_CONNECTIONS"])
keyPress = utils.booleanArg(self.args["KEYPRESS"])
linkKey = False
encKey = self.args["LTK"] != "" and self.args[
"EDIV"] != "" and self.args["RAND"] != ""
idKey = self.args["IRK"] != "" and self.args[
"ADDR"] != "" and self.args["ADDR_TYPE"]
signKey = self.args["CSRK"] != ""
self.responderInputOutputCapability = ble.InputOutputCapability(
keyboard=keyboard, display=display, yesno=yesno)
self.responderAuthReq = ble.AuthReqFlag(
ct2=ct2,
mitm=mitm,
bonding=bonding,
secureConnections=secureConnections,
keypress=keyPress)
self.responderKeyDistribution = ble.KeyDistributionFlag(
linkKey=linkKey, encKey=encKey, idKey=idKey, signKey=signKey)
self.pairingResponse = ble.BLEPairingResponse(
authentication=self.responderAuthReq.data[0],
inputOutputCapability=self.responderInputOutputCapability.data[0],
initiatorKeyDistribution=self.responderKeyDistribution.data[0],
responderKeyDistribution=self.responderKeyDistribution.data[0])
self.pairingResponse.show()
self.pRes = self.pairingResponse.payload[::-1]
pairingMethod = self.pairingMethodSelection()
io.success("Pairing Method selected : " + self.pairingMethod)
self.emitter.sendp(self.pairingResponse)
def slavePairingResponse(self, pkt):
self.initiatorAddress = self.emitter.getAddress()
self.initiatorAddressType = b"\x00" if self.emitter.getAddressMode(
) == "public" else b"\x01"
self.responderAddress = self.emitter.getCurrentConnection()
self.responderAddressType = b"\x00" if self.emitter.getCurrentConnectionMode(
) == "public" else b"\x01"
pkt.show()
self.pairingResponse = pkt
self.pRes = self.pairingResponse.payload[::-1]
self.responderAuthReq = ble.AuthReqFlag(
data=bytes([pkt.authentication]))
self.responderInputOutputCapability = ble.InputOutputCapability(
data=bytes([pkt.inputOutputCapability]))
self.responderKeyDistribution = ble.KeyDistributionFlag(
data=bytes([pkt.responderKeyDistribution]))
pairingMethod = self.pairingMethodSelection()
io.success("Pairing Method selected : " + self.pairingMethod)
self.mRand = ble.BLECrypto.generateRandom()
io.success("Generating random : " + self.mRand.hex())
if pairingMethod == "JustWorks":
pinCode = 0
else:
if self.args["PIN"] != "" and utils.isNumber(self.args["PIN"]):
pinCode = int(self.args["PIN"])
else:
pinCode = int(io.enterPinCode("Enter the 6 digit PIN code: "))
self.tk = self.pinToTemporaryKey(pinCode)
io.success("Generating Temporary Key : " + self.tk.hex())
self.mConfirm = ble.BLECrypto.c1(self.tk, self.mRand[::-1], self.pReq,
self.pRes, self.initiatorAddressType,
self.initiatorAddress,
self.responderAddressType,
self.responderAddress)
io.success("Generating MConfirm : " + self.mConfirm.hex())
confirmPacket = ble.BLEPairingConfirm(confirm=self.mConfirm[::-1])
confirmPacket.show()
self.emitter.sendp(confirmPacket)
def run(self):
self.finished = False
interface = self.args["INTERFACE"]
self.emitter = self.getEmitter(interface=interface)
self.receiver = self.getReceiver(interface=interface)
if not self.emitter.isConnected() and utils.booleanArg(
self.args["ACTIVE"]):
io.fail("A connection must be established.")
return self.nok()
if self.args["MODE"].lower() == "master":
keyboard = utils.booleanArg(self.args["KEYBOARD"])
yesno = utils.booleanArg(self.args["YESNO"])
display = utils.booleanArg(self.args["DISPLAY"])
ct2 = utils.booleanArg(self.args["CT2"])
mitm = utils.booleanArg(self.args["MITM"])
bonding = utils.booleanArg(self.args["BONDING"])
secureConnections = utils.booleanArg(
self.args["SECURE_CONNECTIONS"])
keyPress = utils.booleanArg(self.args["KEYPRESS"])
linkKey = False
encKey = self.args["LTK"] != "" and self.args[
"EDIV"] != "" and self.args["RAND"] != ""
idKey = self.args["IRK"] != "" and self.args[
"ADDR"] != "" and self.args["ADDR_TYPE"]
signKey = self.args["CSRK"] != ""
self.initiatorInputOutputCapability = ble.InputOutputCapability(
keyboard=keyboard, display=display, yesno=yesno)
self.initiatorAuthReq = ble.AuthReqFlag(
ct2=ct2,
mitm=mitm,
bonding=bonding,
secureConnections=secureConnections,
keypress=keyPress)
self.initiatorKeyDistribution = ble.KeyDistributionFlag(
linkKey=linkKey, encKey=encKey, idKey=idKey, signKey=signKey)
self.pairingRequest = ble.BLEPairingRequest(
authentication=self.initiatorAuthReq.data[0],
inputOutputCapability=self.initiatorInputOutputCapability.
data[0],
initiatorKeyDistribution=self.initiatorKeyDistribution.data[0],
responderKeyDistribution=self.initiatorKeyDistribution.data[0])
self.pReq = self.pairingRequest.payload[::-1]
self.receiver.onEvent("BLESecurityRequest",
callback=self.slaveSecurityRequest)
self.receiver.onEvent("BLEPairingResponse",
callback=self.slavePairingResponse)
self.receiver.onEvent("BLEPairingConfirm",
callback=self.slavePairingConfirm)
self.receiver.onEvent("BLEPairingRandom",
callback=self.slavePairingRandom)
self.receiver.onEvent("BLEPairingFailed",
callback=self.slavePairingFailed)
self.receiver.onEvent("BLEEncryptionInformation",
callback=self.slaveEncryptionInformation)
self.receiver.onEvent("BLEMasterIdentification",
callback=self.slaveMasterIdentification)
self.receiver.onEvent("BLEIdentityInformation",
callback=self.slaveIdentityInformation)
self.receiver.onEvent(
"BLEIdentityAddressInformation",
callback=self.slaveIdentityAddressInformation)
self.receiver.onEvent("BLESigningInformation",
callback=self.slaveSigningInformation)
if utils.booleanArg(self.args["ACTIVE"]):
self.pairingRequest.show()
self.emitter.sendp(self.pairingRequest)
while not self.finished and not self.failure:
utils.wait(seconds=1)
if self.failure:
return self.nok()
return self.ok()
else:
self.receiver.onEvent("BLEPairingRequest",
callback=self.masterPairingRequest)
self.receiver.onEvent("BLEPairingConfirm",
callback=self.masterPairingConfirm)
self.receiver.onEvent("BLEPairingRandom",
callback=self.masterPairingRandom)
self.receiver.onEvent("BLELongTermKeyRequest",
callback=self.masterLongTermKeyRequest)
self.receiver.onEvent("BLEPairingFailed",
callback=self.masterPairingFailed)
self.receiver.onEvent("BLEEncryptionInformation",
callback=self.masterEncryptionInformation)
self.receiver.onEvent("BLEMasterIdentification",
callback=self.masterMasterIdentification)
self.receiver.onEvent("BLEIdentityInformation",
callback=self.masterIdentityInformation)
self.receiver.onEvent(
"BLEIdentityAddressInformation",
callback=self.masterIdentityAddressInformation)
self.receiver.onEvent("BLESigningInformation",
callback=self.masterSigningInformation)
ct2 = utils.booleanArg(self.args["CT2"])
mitm = utils.booleanArg(self.args["MITM"])
bonding = utils.booleanArg(self.args["BONDING"])
secureConnections = utils.booleanArg(
self.args["SECURE_CONNECTIONS"])
keyPress = utils.booleanArg(self.args["KEYPRESS"])
authReq = ble.AuthReqFlag(ct2=ct2,
mitm=mitm,
bonding=bonding,
secureConnections=secureConnections,
keypress=keyPress)
if utils.booleanArg(self.args["ACTIVE"]):
securityRequest = ble.BLESecurityRequest(
authentication=authReq.data[0])
securityRequest.show()
self.emitter.sendp(securityRequest)
return self.ok({"INTERFACE": self.args["INTERFACE"]})