def send_pairing_request():
global pairing_procedure, access_address, pairing_iocap, paring_auth_request, master_address, advertiser_address
master_address_raw = ''.join(map(lambda x: chr(int(x, 16)), master_address.split(':')))
slave_address_raw = ''.join(map(lambda x: chr(int(x, 16)), advertiser_address.split(':')))
BLESMPServer.set_pin_code('\x00' * 4)
BLESMPServer.configure_connection(master_address_raw, slave_address_raw, 0,
pairing_iocap, paring_auth_request)
hci_res = BLESMPServer.pairing_request()
if hci_res:
pairing_procedure = True
# Pairing request
pkt = BTLE(access_addr=access_address) / BTLE_DATA() / L2CAP_Hdr() / HCI_Hdr(hci_res)[SM_Hdr]
driver.send(pkt)
def send_pairing_request():
global access_address, pairing_iocap, paring_auth_request, master_address, advertiser_address
if enable_secure_connections is False:
paring_auth_request = 0x01
else:
paring_auth_request = 0x01 | 0x08 # Secure connections
master_address_raw = ''.join(map(lambda x: chr(int(x, 16)), master_address.split(':')))
slave_address_raw = ''.join(map(lambda x: chr(int(x, 16)), advertiser_address.split(':')))
BLESMPServer.set_pin_code('\x00' * 4)
BLESMPServer.configure_connection(master_address_raw, slave_address_raw, 0,
pairing_iocap, paring_auth_request)
hci_res = BLESMPServer.pairing_request()
if hci_res:
# Pairing request
pkt = BTLE(access_addr=access_address) / BTLE_DATA() / L2CAP_Hdr() / HCI_Hdr(hci_res)[SM_Hdr]
driver.send(pkt)
start_timeout('smp_timeout', SMP_TIMEOUT, smp_timeout)
elif ATT_Exchange_MTU_Response in pkt:
# Send version indication request
pkt = BTLE(access_addr=access_address) / BTLE_DATA() / CtrlPDU(
) / LL_VERSION_IND(version='4.2')
driver.send(pkt)
elif LL_VERSION_IND in pkt:
if version_request_number < 1:
master_address_raw = ''.join(
map(lambda x: chr(int(x, 16)), master_address.split(':')))
slave_address_raw = ''.join(
map(lambda x: chr(int(x, 16)),
advertiser_address.split(':')))
BLESMPServer.configure_connection(master_address_raw,
slave_address_raw, 0,
pairing_iocap,
paring_auth_request)
hci_res = BLESMPServer.pairing_request()
if hci_res:
pairing_procedure = True
# Pairing request
pkt = BTLE(access_addr=access_address) / BTLE_DATA(
) / L2CAP_Hdr() / HCI_Hdr(hci_res)[SM_Hdr]
driver.send(pkt)
version_request_number += 1
elif pairing_procedure and SM_Hdr in pkt:
update_timeout('scan_timeout')
# Handle pairing response and so on
smp_answer = BLESMPServer.send_hci(
raw(HCI_Hdr() / HCI_ACL_Hdr() / L2CAP_Hdr() / pkt[SM_Hdr]))
from scapy.all import *
from scapy.layers.bluetooth import SM_Master_Identification
from scapy.layers.bluetooth import SM_Identity_Information
from scapy.layers.bluetooth import SM_Pairing_Request
from scapy.layers.bluetooth import SM_Confirm
from scapy.layers.bluetooth import SM_Random
import BLESMPServer
master_address = '5d:36:ac:90:0b:22'
slave_address = '50:36:ac:90:0b:20'
ia = ''.join(map(lambda x: chr(int(x, 16)), master_address.split(':')))
ra = ''.join(map(lambda x: chr(int(x, 16)), slave_address.split(':')))
BLESMPServer.set_iocap(0x03) # NoInputNoOutput
BLESMPServer.configure_connection(ia, ra, 0, 0x03, 0)
s = HCI_Hdr() / HCI_ACL_Hdr() / L2CAP_Hdr() / SM_Hdr() / SM_Pairing_Request()
data = bytearray(raw(s))
# hci_res = BLESMPServer.send_hci(data)
hci_res = BLESMPServer.pairing_request()
if hci_res is not None:
pkt = HCI_Hdr(hci_res)
print(pkt.summary())
pkt.show()
print('---------------------')