def generateChannels(self):
if self.args["CHANNELS"] == "all" or self.args["CHANNELS"] == "":
self.channels = range(100)
io.info("Channels: 0-99")
else:
for i in utils.listArg(self.args["CHANNELS"]):
if utils.isNumber(i):
self.channels.append(utils.integerArg(i))
elif "-" in i and len(i.split("-")) == 2 and all(
[utils.isNumber(j) for j in i.split("-")]):
upChannel, downChannel = [int(j) for j in i.split("-")]
self.channels += range(upChannel, downChannel)
io.info("Channels: " + ','.join([str(j) for j in self.channels]))
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkCapabilities():
if utils.isNumber(self.args["CHANNEL"]):
self.receiver.setChannel(utils.integerArg(
self.args["CHANNEL"]))
else:
io.fail("You must provide a channel number !")
return self.nok()
if self.args["TARGET_PANID"] != "":
self.targetPanID = utils.integerArg(self.args["TARGET_PANID"])
else:
self.targetPanID = None
if self.args["TARGET"] != "" and self.args["TARGET"][2:].upper(
) != "FFFF" and self.args["TARGET"].upper(
) != "FF:FF:FF:FF:FF:FF:FF:FF":
if utils.isNumber(self.args["TARGET"]):
self.target = utils.integerArg(self.args["TARGET"])
else:
self.target = zigbee.convertAddress(self.args["TARGET"])
else:
self.target = None
if self.args["PCAP_FILE"] != "":
self.pcap = self.getEmitter(interface=self.args["PCAP_FILE"])
else:
self.pcap = None
self.receiver.onEvent("*", callback=self.show)
time = utils.integerArg(
self.args['TIME']) if self.args["TIME"] != "" else None
start = utils.now()
while utils.now() - start <= time if time is not None else True:
utils.wait(seconds=0.1)
self.receiver.removeCallbacks()
output = {
"CHANNEL": self.args["CHANNEL"],
"INTERFACE": self.args["INTERFACE"],
"PCAP_FILE": self.args["PCAP_FILE"]
}
return self.ok(output)
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to sniff and inject frames.")
return self.nok()
def run(self):
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
if utils.isNumber(self.args["CHANNEL"]):
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
else:
io.fail("You must provide a channel number !")
return self.nok()
self.pcapReceiver = self.getReceiver(
interface=self.args["PCAP_FILE"])
io.info("Extracting packet stream from PCAP ...")
stream = self.pcapReceiver.generateStream()
io.success("Packet stream successfully extracted !")
io.info("Injecting ...")
self.emitter.sendp(*stream)
for i in stream:
i.show()
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
io.success("Injection done !")
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to inject frames.")
return self.nok()
def masterPairingConfirm(self, pkt):
pkt.show()
self.mConfirm = pkt.confirm[::-1]
self.sRand = ble.BLECrypto.generateRandom()
io.success("Generating random : " + self.sRand.hex())
if self.pairingMethod == "JustWorks":
pinCode = 0
else:
if self.args["PIN"] != "" and utils.isNumber(self.args["PIN"]):
pinCode = int(self.args["PIN"])
else:
pinCode = int(io.enterPinCode("Enter the 6 digit PIN code: "))
self.tk = self.pinToTemporaryKey(pinCode)
io.success("Generating Temporary Key : " + self.tk.hex())
self.sConfirm = ble.BLECrypto.c1(self.tk, self.sRand[::-1], self.pReq,
self.pRes, self.initiatorAddressType,
self.initiatorAddress,
self.responderAddressType,
self.responderAddress)
io.success("Generating SConfirm : " + self.sConfirm.hex())
confirmPacket = ble.BLEPairingConfirm(confirm=self.sConfirm[::-1])
confirmPacket.show()
self.emitter.sendp(confirmPacket)
def run(self):
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
if not utils.isNumber(self.args["CHANNEL"]):
io.fail("You must provide a channel number.")
return self.nok()
if self.args["TARGET"] == "":
io.warning(
"No target provided, the attack is performed in broadcast."
)
self.target = "FF:FF:FF:FF:FF:FF"
else:
io.info("Target provided: " + str(self.args["TARGET"]))
self.target = self.args["TARGET"].upper()
if self.args["SOURCE"] == "":
io.fail("You must provide a source address.")
return self.nok()
else:
self.source = self.args["SOURCE"].upper()
if utils.isNumber(self.args["REASON"]):
self.reason = utils.integerArg(self.args["REASON"])
else:
io.fail("You must provide a reason number.")
return self.nok()
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
# We forge the deauthentication and disassociation packet, while spoofing the client's MAC
self.deauth_packet = wifi.WifiDeauth(destMac=self.target,
srcMac=self.source,
reason=self.reason)
self.disas_packet = wifi.WifiDisas(destMac=self.target,
srcMac=self.source,
reason=self.reason)
self.send_deauth()
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to run in monitor mode.")
return self.nok()
def channel(self, newChannel=""):
if newChannel == "":
io.info("Current channel: " + str(self.emitter.getChannel()))
else:
if utils.isNumber(newChannel) and int(newChannel) >= 0 and int(
newChannel) <= 99:
self.emitter.setChannel(int(newChannel))
self.currentChannel = int(newChannel)
self.updatePrompt(self.target)
else:
io.fail("You must provide a channel number between 0 and 99.")
def run(self):
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkInjectingCapabilities():
self.pcapReceiver = self.getReceiver(interface=self.args["PCAP_FILE"])
self.target = "FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
if self.target == "FF:FF:FF:FF:FF" and not self.checkPassiveScanningCapabilities():
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan in promiscuous mode, you have to provide a specific target.")
return self.nok()
if self.target != "FF:FF:FF:FF:FF" and self.args["CHANNEL"].lower() == "auto" and not self.checkActiveScanningCapabilities():
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.")
return self.nok()
if self.target == "FF:FF:FF:FF:FF":
io.info("Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted.")
self.emitter.enterPromiscuousMode()
else:
io.info("Sniffing mode enabled !")
self.emitter.enterSnifferMode(address=self.target)
if utils.isNumber(self.args["CHANNEL"]):
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
elif self.args["CHANNEL"].lower() == "auto":
self.searchChannel()
else:
io.fail("A channel must be provided in order to perform an injection.")
return self.nok()
io.info("Extracting packet stream from PCAP ...")
stream = self.pcapReceiver.generateStream()
io.success("Packet stream successfully extracted !")
io.info("Injecting ...")
self.emitter.sendp(*stream)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
io.success("Injection done !")
return self.ok()
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to inject.")
return self.nok()
def switch(self,target:"!method:_autocompleteConnections"):
if utils.isNumber(target):
if int(target) > 0 and int(target) < len(self.emitter.getConnections())+1:
address = self.emitter.getConnections()[int(target)-1]["address"]
else:
address = self.emitter.getAddressByHandle(int(target))
else:
address = target
if self.emitter.switchConnection(address):
io.success("Switching to connection <"+address+">")
self.updatePrompt(address)
else:
io.fail("Unknown connection !")
def channel(self,newChannel=""):
if newChannel == "":
io.info("Current channel: "+str(self.emitter.getChannel()))
else:
if self.followThread is not None:
io.fail("You can't manually set a channel in follow PRX mode.")
else:
if utils.isNumber(newChannel) and int(newChannel) >= 0 and int(newChannel) <= 99:
self.emitter.setChannel(int(newChannel))
self.currentChannel = int(newChannel)
self.updatePrompt(self.target)
else:
io.fail("You must provide a channel number between 0 and 99.")
def find_prx(self,channels="0-99"):
if self.checkActiveScanningCapabilities():
if self.target is None:
io.fail("You must select a target before performing this action.")
else:
listOfChannels = []
for i in channels.split(","):
if utils.isNumber(i):
listOfChannels.append(int(i))
elif "-" in i and len(i.split("-")) == 2 and all([utils.isNumber(j) for j in i.split("-")]):
downChannel,upChannel = [int(j) for j in i.split("-")]
listOfChannels += range(downChannel,upChannel+1)
if all([(channel >= 0 and channel <= 99) for channel in listOfChannels]):
if self.emitter.scan(listOfChannels):
io.success("ACK received from PRX on channel #"+str(self.emitter.getChannel()))
self.currentChannel = self.emitter.getChannel()
self.updatePrompt(self.target)
else:
io.fail("PRX not found")
else:
io.fail("You must only provide channels between 0 and 99.")
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.")
def jamAdvertisements(self):
if self.checkAdvertisementsJammingCapabilities():
channel = utils.integerArg(self.args["CHANNEL"])
if self.args["TARGET"] != "":
target = utils.addressArg(self.args["TARGET"])
pattern = bytes.fromhex(target.replace(":", ""))[::-1]
offset = 2
elif (utils.isNumber(self.args["OFFSET"])
and utils.isHexadecimal(self.args["PATTERN"])
and self.args["OFFSET"] != ""
and self.args["PATTERN"] != ""):
pattern = bytes.fromhex(self.args["PATTERN"])
offset = utils.integerArg(self.args["OFFSET"])
else:
io.fail(
"You must provide a dewhitened pattern and an offset, or a target to jam."
)
return self.nok()
if len(self.emitters) == 1:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=channel)
if len(self.emitters) == 2:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=channel)
self.emitters[1].jamAdvertisements(
pattern=pattern,
offset=offset,
channel=(channel + 1 if channel < 39 else 37))
if len(self.emitters) == 3:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=37)
self.emitters[1].jamAdvertisements(pattern=pattern,
offset=offset,
channel=38)
self.emitters[2].jamAdvertisements(pattern=pattern,
offset=offset,
channel=39)
while True:
utils.wait(seconds=0.01)
else:
io.fail("Interfaces provided are not able to jam advertisements.")
return self.nok()
def parseFilterType(self):
filterType = self.args["FILTER"]
if filterType == "":
return None
if utils.isNumber(filterType):
return ble.UUID(UUID16=int(filterType)).data
elif utils.isHexadecimal(filterType) and len(filterType) <= 6:
return ble.UUID(UUID16=int(filterType, 16)).data
elif utils.isHexadecimal(filterType) and len(filterType) > 6:
uuid = ble.UUID(UUID128=bytes.fromhex(filterType)).data
if uuid is None:
return bytes.fromhex(filterType)
else:
return uuid
else:
return ble.UUID(name=filterType).data
def slavePairingResponse(self, pkt):
self.initiatorAddress = self.emitter.getAddress()
self.initiatorAddressType = b"\x00" if self.emitter.getAddressMode(
) == "public" else b"\x01"
self.responderAddress = self.emitter.getCurrentConnection()
self.responderAddressType = b"\x00" if self.emitter.getCurrentConnectionMode(
) == "public" else b"\x01"
pkt.show()
self.pairingResponse = pkt
self.pRes = self.pairingResponse.payload[::-1]
self.responderAuthReq = ble.AuthReqFlag(
data=bytes([pkt.authentication]))
self.responderInputOutputCapability = ble.InputOutputCapability(
data=bytes([pkt.inputOutputCapability]))
self.responderKeyDistribution = ble.KeyDistributionFlag(
data=bytes([pkt.responderKeyDistribution]))
pairingMethod = self.pairingMethodSelection()
io.success("Pairing Method selected : " + self.pairingMethod)
self.mRand = ble.BLECrypto.generateRandom()
io.success("Generating random : " + self.mRand.hex())
if pairingMethod == "JustWorks":
pinCode = 0
else:
if self.args["PIN"] != "" and utils.isNumber(self.args["PIN"]):
pinCode = int(self.args["PIN"])
else:
pinCode = int(io.enterPinCode("Enter the 6 digit PIN code: "))
self.tk = self.pinToTemporaryKey(pinCode)
io.success("Generating Temporary Key : " + self.tk.hex())
self.mConfirm = ble.BLECrypto.c1(self.tk, self.mRand[::-1], self.pReq,
self.pRes, self.initiatorAddressType,
self.initiatorAddress,
self.responderAddressType,
self.responderAddress)
io.success("Generating MConfirm : " + self.mConfirm.hex())
confirmPacket = ble.BLEPairingConfirm(confirm=self.mConfirm[::-1])
confirmPacket.show()
self.emitter.sendp(confirmPacket)
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkCapabilities():
frequency = self.receiver.getFrequency()
if frequency != utils.integerArg(self.args["FREQUENCY"]):
self.receiver.setFrequency(utils.integerArg(self.args["FREQUENCY"]))
self.count = utils.integerArg(self.args["NUMBER"]) if utils.isNumber(self.args["NUMBER"]) else 1
self.receiver.onEvent("*",callback=self.show)
self.receiver.waitData()
while self.count > 0:
utils.wait(seconds=0.5)
output = self.generateOutput()
return self.ok(output)
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to sniff IR signals.")
return self.nok()
def monitoring(self):
self.receiver.onEvent("*", callback=self.onPacket)
try:
if self.args["TIME"] == "":
while True:
utils.wait(seconds=0.00001)
elif utils.isNumber(self.args["TIME"]):
time = utils.integerArg(self.args["TIME"])
start = utils.now()
while utils.now() - start < time:
utils.wait(seconds=0.0000001)
else:
io.fail("You have provided a wrong TIME value.")
return self.nok()
except KeyboardInterrupt:
pass
def __init__(self,handle=None,value=None,type=None, permissions=None):
self.handle = handle
self.value = value
if isinstance(type,int):
self.type = UUID(UUID16=type)
elif isinstance(type,bytes):
self.type = UUID(data=type)
elif utils.isHexadecimal(type) and len(type)<=6:
self.type = UUID(UUID16=int(type, 16))
elif utils.isHexadecimal(type) and len(type)>6:
self.type = UUID(UUID128=bytes.fromhex(type))
else:
self.type = UUID(name=type)
if isinstance(permissions,str) and utils.isNumber(permissions):
self.permissions = PermissionsFlag(data=struct.pack('B',permissions))
elif isinstance(permissions,bytes):
self.permissions = PermissionsFlag(data=permissions)
else:
self.permissions = PermissionsFlag(permissions=permissions)