def recvPacket(self, record): hcipkt = record[0] if not issubclass(hcipkt.__class__, HCI_Event): return if hcipkt.event_code != 0xFF: return # TODO Android 8 introduced special handling for 0x57 HCI_VSE_SUBCODE_DEBUG_INFO_SUB_EVT, # stackdumps might no longer work if hcipkt.data[0] == "\x57": self.handleNexus6pStackDump(hcipkt) if hcipkt.data[0:4] == p32(0x039200F7): self.handleNexus5StackDump(hcipkt) # same header for S10 and evaluation board... if hcipkt.data[0:2] == p16( 0x031B): # generated by bthci_event_vs_initializeCoredumpHdr() self.handleEvalStackDump(hcipkt) self.handleS10StackDump(hcipkt)
def getRaw(self): raw = bits(p16(self.handle))[4:] raw.extend(bits(p8(self.ps))[6:]) raw.extend(bits(p8(0))[6:]) raw.extend(bits(p8(self.length))) return super(HCI_Sco, self).getRaw() + unbits(raw) + self.data
def getHciDeviceList(self): # type: () -> List[Device] """ Get a list of available HCI devices. The list is obtained by executing ioctl syscalls HCIGETDEVLIST and HCIGETDEVINFO. The returned list contains dictionaries with the following fields: dev_id : Internal ID of the device (e.g. 0) dev_name : Name of the device (e.g. "hci0") dev_bdaddr : MAC address (e.g. "00:11:22:33:44:55") dev_flags : Device flags as decimal number dev_flags_str : Device flags as String (e.g. "UP RUNNING" or "DOWN") """ # Open Bluetooth socket to execute ioctl's: try: s = socket.socket(socket.AF_BLUETOOTH, socket.SOCK_RAW, socket.BTPROTO_HCI) # Ticket 6: does not run on Windows with Kali subsystem except socket.error: log.warn( "Opening a local Bluetooth socket failed. Not running on native Linux?" ) return [] # Do ioctl(s,HCIGETDEVLIST,arg) to get the number of available devices: # arg is struct hci_dev_list_req (/usr/include/bluetooth/hci.h) arg = p32(16) # dl->dev_num = HCI_MAX_DEV which is 16 (little endian) arg += b"\x00" * (8 * 16) devices_raw = fcntl.ioctl(s.fileno(), HCIGETDEVLIST, arg) num_devices = u16(devices_raw[:2]) log.debug("Found %d HCI devices via ioctl(HCIGETDEVLIST)!" % num_devices) device_list = [] for dev_nr in range(num_devices): dev_struct_start = 4 + 8 * dev_nr dev_id = u16(devices_raw[dev_struct_start:dev_struct_start + 2]) # arg is struct hci_dev_info (/usr/include/bluetooth/hci.h) arg = p16(dev_id) # di->dev_id = <device_id> arg += b"\x00" * 20 # Enough space for name, bdaddr and flags dev_info_raw = bytearray( fcntl.ioctl(s.fileno(), HCIGETDEVINFO, arg)) dev_name = dev_info_raw[2:10].replace(b"\x00", b"").decode() dev_bdaddr = ":".join( ["%02X" % x for x in dev_info_raw[10:16][::-1]]) dev_flags = u32(dev_info_raw[16:20]) if dev_flags == 0: dev_flags_str = "DOWN" else: dev_flags_str = " ".join([ name for flag, name in zip( bin(dev_flags)[2:][::-1], [ "UP", "INIT", "RUNNING", "PSCAN", "ISCAN", "AUTH", "ENCRYPT", "INQUIRY", "RAW", "RESET", ], ) if flag == "1" ]) device_list.append({ "dev_id": dev_id, "dev_name": dev_name, "dev_bdaddr": dev_bdaddr, "dev_flags": dev_flags, "dev_flags_str": dev_flags_str, }) s.close() return cast("List[Device]", device_list)
def getRaw(self): return (super(HCI_Cmd, self).getRaw() + p16(self.opcode) + p8(self.length) + self.data)
def work(self): args = self.getArgs() internalblue.sendHciCommand(hci.HCI_COMND.Encryption_Key_Size, p16(args.hnd)) return True