def recvPacket(self, record):
hcipkt = record[0]
if not issubclass(hcipkt.__class__, HCI_Event):
return
if hcipkt.event_code != 0xFF:
return
# TODO Android 8 introduced special handling for 0x57 HCI_VSE_SUBCODE_DEBUG_INFO_SUB_EVT,
# stackdumps might no longer work
if hcipkt.data[0] == "\x57":
self.handleNexus6pStackDump(hcipkt)
if hcipkt.data[0:4] == p32(0x039200F7):
self.handleNexus5StackDump(hcipkt)
# same header for S10 and evaluation board...
if hcipkt.data[0:2] == p16(
0x031B): # generated by bthci_event_vs_initializeCoredumpHdr()
self.handleEvalStackDump(hcipkt)
self.handleS10StackDump(hcipkt)
def getRaw(self):
raw = bits(p16(self.handle))[4:]
raw.extend(bits(p8(self.ps))[6:])
raw.extend(bits(p8(0))[6:])
raw.extend(bits(p8(self.length)))
return super(HCI_Sco, self).getRaw() + unbits(raw) + self.data
def getHciDeviceList(self):
# type: () -> List[Device]
"""
Get a list of available HCI devices. The list is obtained by executing
ioctl syscalls HCIGETDEVLIST and HCIGETDEVINFO. The returned list
contains dictionaries with the following fields:
dev_id : Internal ID of the device (e.g. 0)
dev_name : Name of the device (e.g. "hci0")
dev_bdaddr : MAC address (e.g. "00:11:22:33:44:55")
dev_flags : Device flags as decimal number
dev_flags_str : Device flags as String (e.g. "UP RUNNING" or "DOWN")
"""
# Open Bluetooth socket to execute ioctl's:
try:
s = socket.socket(socket.AF_BLUETOOTH, socket.SOCK_RAW,
socket.BTPROTO_HCI)
# Ticket 6: does not run on Windows with Kali subsystem
except socket.error:
log.warn(
"Opening a local Bluetooth socket failed. Not running on native Linux?"
)
return []
# Do ioctl(s,HCIGETDEVLIST,arg) to get the number of available devices:
# arg is struct hci_dev_list_req (/usr/include/bluetooth/hci.h)
arg = p32(16) # dl->dev_num = HCI_MAX_DEV which is 16 (little endian)
arg += b"\x00" * (8 * 16)
devices_raw = fcntl.ioctl(s.fileno(), HCIGETDEVLIST, arg)
num_devices = u16(devices_raw[:2])
log.debug("Found %d HCI devices via ioctl(HCIGETDEVLIST)!" %
num_devices)
device_list = []
for dev_nr in range(num_devices):
dev_struct_start = 4 + 8 * dev_nr
dev_id = u16(devices_raw[dev_struct_start:dev_struct_start + 2])
# arg is struct hci_dev_info (/usr/include/bluetooth/hci.h)
arg = p16(dev_id) # di->dev_id = <device_id>
arg += b"\x00" * 20 # Enough space for name, bdaddr and flags
dev_info_raw = bytearray(
fcntl.ioctl(s.fileno(), HCIGETDEVINFO, arg))
dev_name = dev_info_raw[2:10].replace(b"\x00", b"").decode()
dev_bdaddr = ":".join(
["%02X" % x for x in dev_info_raw[10:16][::-1]])
dev_flags = u32(dev_info_raw[16:20])
if dev_flags == 0:
dev_flags_str = "DOWN"
else:
dev_flags_str = " ".join([
name for flag, name in zip(
bin(dev_flags)[2:][::-1],
[
"UP",
"INIT",
"RUNNING",
"PSCAN",
"ISCAN",
"AUTH",
"ENCRYPT",
"INQUIRY",
"RAW",
"RESET",
],
) if flag == "1"
])
device_list.append({
"dev_id": dev_id,
"dev_name": dev_name,
"dev_bdaddr": dev_bdaddr,
"dev_flags": dev_flags,
"dev_flags_str": dev_flags_str,
})
s.close()
return cast("List[Device]", device_list)
def getRaw(self):
return (super(HCI_Cmd, self).getRaw() + p16(self.opcode) +
p8(self.length) + self.data)
def work(self):
args = self.getArgs()
internalblue.sendHciCommand(hci.HCI_COMND.Encryption_Key_Size,
p16(args.hnd))
return True
