def setUpClass(cls):
c = config.loadConfig()
attack='Dos'
cls.comPortNRF = c['TESTBED']['COM_PORT_NRF']
cls.advertiser_address = c['TESTBED']['ADVERTISER_ADDRESS']
cls.master_address = c['TESTBED']['MASTER_ADDRESS']
cls.access_address = int(c['TESTBED']['ACCESS_ADDRESS'], 16)
cls.connection = c['TESTBED']['CONNECTION_TO_DATABASE']
cls.version = c['TESTBED']['DATABASE_VERSION']
log.info('Advertiser Address: ' + cls.advertiser_address.upper())
# Open serial port of NRF52 Dongle
cls.driver = NRF52Dongle(cls.comPortNRF, '115200')
date = str(datetime.datetime.today()).split()[0].encode('ascii', 'ignore')
# Chooce from test.conf file type of database to insert data
if str(c['TESTBED']['DATABASE_VERSION']) == 'SQL':
insert_data_to_link_layer_tests(cls.advertiser_address, cls.master_address, cls.access_address, date,
attack, cls.comPortNRF)
elif str(c['TESTBED']['DATABASE_VERSION']) == 'MONGODB':
client = insert_data_to_collection_info_tests(attack)
close_connection_to_database(client)
elif str(c['TESTBED']['DATABASE_VERSION']) == 'BOTH':
insert_data_to_link_layer_tests(cls.advertiser_address, cls.master_address, cls.access_address, date,
attack, cls.comPortNRF)
client = insert_data_to_collection_info_tests(attack)
close_connection_to_database(client)
else:
print('Continue with no database')
pass
def setUp(self):
c = config.loadConfig()
attack='Silent Length Overflow'
self.master_address = '5d:36:ac:90:0b:22'
self.access_address = 0x9a328370
self.comPortNRF = c['TESTBED']['COM_PORT_NRF']
self.advertiser_address = c['TESTBED']['ADVERTISER_ADDRESS']
self.connection = c['TESTBED']['CONNECTION_TO_DATABASE']
log.info('Advertiser Address: ' + self.advertiser_address.upper())
# Open serial port of NRF52 Dongle
self.driver = NRF52Dongle(self.comPortNRF, '115200')
self.crash_timeout_flag = False
date = str(datetime.datetime.today()).split()[0].encode('ascii', 'ignore')
# Choose from test.conf file type of database to insert data
if str(c['TESTBED']['DATABASE_VERSION']) == 'SQL':
insert_data_to_link_layer_tests(self.advertiser_address, self.master_address, self.access_address, date,
attack, self.comPortNRF)
elif str(c['TESTBED']['DATABASE_VERSION']) == 'MONGODB':
client = insert_data_to_collection_info_tests(attack)
close_connection_to_database(client)
elif str(c['TESTBED']['DATABASE_VERSION']) == 'BOTH':
insert_data_to_link_layer_tests(self.advertiser_address, self.master_address, self.access_address, date,
attack, self.comPortNRF)
client = insert_data_to_collection_info_tests(attack)
close_connection_to_database(client)
else:
print('Continue with no database')
pass
def change_pairing():
global switch_pairing, enable_secure_connections, enc_start_index_max, enable_anomaly
switch_pairing = False
print(Fore.GREEN + "[!] Tests with legacy pairing finished,"
" switching to Secure Connections on next connection")
enable_secure_connections = True
enc_start_index_max = 0
enable_anomaly = False
# Open serial port of NRF52 Dongle
try:
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename=script_folder +
'/../logs/non_compliance_data_during_enc_setup.pcap')
except Exception as e:
print(Fore.RED + str(e))
print(Fore.RED +
'Make sure the nRF52 dongle is properly recognized by your computer')
exit(0)
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
start_timeout('crash_timeout', CRASH_TIMEOUT, crash_timeout)
start_timeout('crash_timeout', CRASH_TIMEOUT, crash_timeout)
def scan_timeout():
global connecting, end_connection, slave_addr_type
connecting = False
end_connection = False
scan_req = BTLE() / BTLE_ADV(RxAdd=slave_addr_type) / BTLE_SCAN_REQ(
ScanA=master_address, AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', 3, scan_timeout)
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename='Microchip_invalid_lcap_fragment.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=slave_addr_type) / BTLE_SCAN_REQ(
ScanA=master_address, AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', 3, scan_timeout)
start_timeout('crash_timeout', CRASH_TIMEOUT, crash_timeout)
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
att_start_address = 0x0001
connection_idle_counter = 0
def scan_timeout():
if not slave_connected:
scan_req = BTLE() / BTLE_ADV() / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
send(scan_req)
timeout_scan = Timer(5, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
# Default master address
master_address = '5d:36:ac:90:0b:22'
access_address = 0x9a328370
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port, '115200')
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
send(scan_req)
# Start the scan timeout to resend packets
timeout_scan = Timer(5, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
timeout = Timer(5.0, crash_timeout)
timeout.daemon = True
timeout.start()
c = False
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
conn_request.hop = 0
send(scan_req)
timeout_scan = Timer(2.0, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
# Default master address
master_address = '5d:36:ac:90:0b:22'
access_address = 0x9a328370
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(
serial_port,
'115200',
logs_pcap=True,
pcap_filename='Microchip_and_others_non_compliant_connection.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
send(scan_req)
# Start the scan timeout to resend packets
timeout_scan = Timer(2.0, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
timeout = Timer(5.0, crash_timeout)
timeout.daemon = True
timeout.start()
if not slave_connected:
scan_req = BTLE() / BTLE_ADV() / BTLE_SCAN_REQ(
ScanA=master_address,
AdvA=advertiser_address)
send(scan_req)
timeout_scan = Timer(5, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
# Default master address
master_address = '5d:36:ac:90:0b:22'
access_address = 0x9a328370
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port, '115200', logs_pcap=True, pcap_filename='CC2540_connection_req_crash.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(
ScanA=master_address,
AdvA=advertiser_address)
send(scan_req)
# Start the scan timeout to resend packets
timeout_scan = Timer(5, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
timeout = Timer(5.0, crash_timeout)
timeout.daemon = True
timeout.start()
c = False
fragment += raw(pkt[BTLE_DATA].payload)
if pkt[BTLE_DATA].len >= fragment_left:
fragment_start = False
pkt = BTLE(fragment + '\x00\x00\x00')
pkt.len = len(pkt[BTLE_DATA].payload) # update ble header length
return pkt
else:
return None
else:
fragment_start = False
return pkt
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename='zero_ltk_capture.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=slave_addr_type) / BTLE_SCAN_REQ(
ScanA=master_address, AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
while run_script:
pkt = None
# Receive packet from the NRF52 Dongle
data = driver.raw_receive()
if data:
# Decode Bluetooth Low Energy Data
def send_pairing_request():
pairing_req = BTLE(access_addr=access_address) / BTLE_DATA() / L2CAP_Hdr(
) / SM_Hdr() / SM_Pairing_Request(iocap=pairing_iocap,
oob=0,
authentication=paring_auth_request,
max_key_size=current_key_size,
initiator_key_distribution=0x07,
responder_key_distribution=0x07)
driver.send(pairing_req)
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename='knob_ble_tester.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV() / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
while True:
pkt = None
# Receive packet from the NRF52 Dongle
data = driver.raw_receive()
if data:
# Decode Bluetooth Low Energy Data
def scan_timeout():
global timeout_scan, connecting
connecting = False
if not slave_connected:
scan_req = BTLE() / BTLE_ADV(RxAdd=slave_txaddr) / BTLE_SCAN_REQ(
ScanA=master_address, AdvA=advertiser_address)
driver.send(scan_req, force_pcap_save=True)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename='logs/zephyr_invalid_sequence.pcap')
driver.set_log_tx(1)
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req, force_pcap_save=True)
# Start the scan timeout to resend packets
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
while run_script:
pkt = None
# Receive packet from the NRF52 Dongle
data = driver.raw_receive()
fragment_start = False
pkt = BTLE(fragment + '\x00\x00\x00')
pkt.len = len(pkt[BTLE_DATA].payload) # update ble header length
return pkt
else:
return None
else:
fragment_start = False
return pkt
# Open serial port of NRF52 Dongle
try:
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename=script_folder +
'/../logs/dhcheck_skip_capture.pcap')
except Exception as e:
print(Fore.RED + str(e))
print(Fore.RED +
'Make sure the nRF52 dongle is properly recognized by your computer')
exit(0)
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=slave_txaddr) / BTLE_SCAN_REQ(
ScanA=master_address, AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
conn_rx_packet_counter += 1
try:
mic = raw_pkt[6 + length:-3] # Get mic from payload and exclude crc
aes.verify(mic)
return BTLE(aa + chr(header) + chr(length) + dec_pkt + b'\x00\x00\x00')
except Exception as e:
print(Fore.RED + "MIC Wrong: " + str(e))
return BTLE(aa + chr(header) + chr(length) + dec_pkt + b'\x00\x00\x00')
# Open serial port of NRF52 Dongle
try:
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename=script_folder +
'/../logs/non_compliance_nonzero_ediv_rand.pcap')
except Exception as e:
print(Fore.RED + str(e))
print(Fore.RED +
'Make sure the nRF52 dongle is properly recognized by your computer')
exit(0)
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
start_timeout('crash_timeout', CRASH_TIMEOUT, crash_timeout)
scan_req = BTLE() / BTLE_ADV() / BTLE_SCAN_REQ(
ScanA=master_address,
AdvA=advertiser_address)
send(scan_req)
timeout_scan = Timer(5, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
already_connected = False
# Default master address
master_address = '5d:36:ac:90:0b:22'
access_address = 0x9a328370
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port, '115200', logs_pcap=True, pcap_filename='CC2540_truncated_connection_success.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(
ScanA=master_address,
AdvA=advertiser_address)
send(scan_req)
# Start the scan timeout to resend packets
timeout_scan = Timer(5, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
timeout = Timer(5.0, crash_timeout)
timeout.daemon = True
timeout.start()
c = False
print(Fore.RED + "No advertisement from " + advertiser_address.upper() +
' received\nThe device may have crashed!!!')
driver.save_pcap()
disable_timeout('scan_timeout')
def scan_timeout():
scan_req = BTLE() / BTLE_ADV() / BTLE_SCAN_REQ(
ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', 2, scan_timeout)
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port, '115200', logs_pcap=True, \
pcap_filename=os.path.basename(__file__).split('.')[0] + '.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV() / BTLE_SCAN_REQ(
ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', 2, scan_timeout)
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
while True:
pkt = None
# Receive packet from the NRF52 Dongle
data = driver.raw_receive()
if data:
# Decode Bluetooth Low Energy Data
def change_pairing():
global switch_pairing, enable_secure_connections, enc_start_index_max, enable_anomaly
switch_pairing = False
print(Fore.GREEN + "[!] Tests with legacy pairing finished,"
" switching to Secure Connections on next connection")
enable_secure_connections = True
enc_start_index_max = 0
enable_anomaly = False
# Open serial port of NRF52 Dongle
try:
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename=script_folder +
'/../logs/anomaly_unexpected_encryption_start.pcap')
except Exception as e:
print(Fore.RED + str(e))
print(Fore.RED +
'Make sure the nRF52 dongle is properly recognized by your computer')
exit(0)
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
start_timeout('crash_timeout', CRASH_TIMEOUT, crash_timeout)
global timeout_scan, connecting
connecting = False
if not slave_connected:
scan_req = BTLE() / BTLE_ADV(RxAdd=slave_txaddr) / BTLE_SCAN_REQ(
ScanA=master_address, AdvA=advertiser_address)
driver.send(scan_req)
timeout_scan = Timer(2.0, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename='logs/invalid_channel_map.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV(RxAdd=0) / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
# Start the scan timeout to resend packets
timeout_scan = Timer(2.0, scan_timeout)
timeout_scan.daemon = True
timeout_scan.start()
timeout = Timer(5.0, crash_timeout)
timeout.daemon = True
timeout.start()
dec_pkt = aes.decrypt(raw_pkt[6:-4 -
3]) # get payload and exclude 3 bytes of crc
conn_rx_packet_counter += 1
try:
mic = raw_pkt[6 + length:-3] # Get mic from payload and exclude crc
aes.verify(mic)
return BTLE(aa + chr(header) + chr(length) + dec_pkt + '\x00\x00\x00')
except Exception as e:
print(Fore.RED + "MIC Wrong: " + e)
return BTLE(aa + chr(header) + chr(length) + dec_pkt + '\x00\x00\x00')
# Open serial port of NRF52 Dongle
driver = NRF52Dongle(serial_port,
'115200',
logs_pcap=True,
pcap_filename='logs/esp32_hci_desync.pcap')
# Send scan request
scan_req = BTLE() / BTLE_ADV() / BTLE_SCAN_REQ(ScanA=master_address,
AdvA=advertiser_address)
driver.send(scan_req)
start_timeout('scan_timeout', SCAN_TIMEOUT, scan_timeout)
print(Fore.YELLOW + 'Waiting advertisements from ' + advertiser_address)
while run_script:
pkt = None
# Receive packet from the NRF52 Dongle
data = driver.raw_receive()
if data:
# Decode Bluetooth Low Energy Data
