def _recoverFromCrcInit(self, accessAddress=None, crcInit=None):
aa = accessAddress if accessAddress is not None else self._getAccessAddress(
)
crcInit = crcInit if crcInit is not None else self._getCrcInit()
io.info("Recovering ChannelMap ...")
self._reset()
pkt = self._internalCommand(BTLEJack_Recover_Command() /
BTLEJack_Recover_Channel_Map_Command(
access_address=aa, crc_init=crcInit))
io.progress(0, total=36, suffix="0/36 channels")
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.onEvent("*", callback=self.updateDevices)
start = utils.now()
startChannel = utils.integerArg(self.args["START_CHANNEL"])
endChannel = utils.integerArg(self.args["END_CHANNEL"])
numberOfChannels = endChannel + 1 - startChannel
channels = list(range(startChannel, endChannel + 1))
i = 0
while self.args["TIME"] == "" or utils.now(
) - start < utils.integerArg(self.args["TIME"]):
if startChannel != endChannel:
io.progress(i,
total=numberOfChannels,
suffix="Channel: " +
(" " if len(str(channels[i])) == 1 else "") +
str(channels[i]))
self.receiver.setChannel(channels[i])
if utils.booleanArg(self.args["ACTIVE"]):
self.emitter.sendp(
zigbee.ZigbeeBeaconRequest(sequenceNumber=1,
destPanID=0xFFFF,
destAddr=0xFFFF))
utils.wait(seconds=0.1)
i = (i + 1) % len(channels)
if startChannel != endChannel:
sys.stdout.write(" " * 100 + "\r")
if len(self.devices) == 0:
return self.nok()
else:
return self.generateOutput()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to sniff and inject frames.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(self.args["INTERFACE"])
self.receiver.enterPromiscuousMode()
if self.checkPromiscuousSniffingCapabilities():
self.receiver.onEvent("*", callback=self.add)
if utils.booleanArg(self.args["DONGLE_PACKETS"]):
self.receiver.enableDonglePackets()
else:
self.receiver.disableDonglePackets()
start = utils.now()
startChannel = utils.integerArg(self.args["START_CHANNEL"])
endChannel = utils.integerArg(self.args["END_CHANNEL"])
numberOfChannels = endChannel + 1 - startChannel
channels = list(range(startChannel, endChannel + 1))
i = 0
while self.args["TIME"] == "" or utils.now(
) - start < utils.integerArg(self.args["TIME"]):
io.progress(i,
total=numberOfChannels,
suffix="Channel: " +
(" " if len(str(channels[i])) == 1 else "") +
str(channels[i]))
self.receiver.setChannel(channels[i])
utils.wait(seconds=0.1)
self.displayDevices()
i = (i + 1) % len(channels)
sys.stdout.write(" " * 100 + "\r")
if len(self.devices) >= 1:
return self.ok(self.generateOutput())
else:
return self.nok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to run in promiscuous mode.")
return self.nok()
def recv(self):
self._enterListening()
pkt = self._recv()
self._exitListening()
if pkt is not None:
if self.customMirageFirmware and BTLEJack_Advertisement_Packet_Notification in pkt:
timestamp = time.time()
ts_sec = int(timestamp)
ts_usec = int((timestamp - ts_sec) * 1000000)
if pkt.crc_ok == 0x01:
io.success("CRC OK !")
else:
io.fail("CRC not OK !")
if pkt.crc_ok != 0x01 and self.crcEnabled:
return None
return BTLE_PPI(btle_channel=pkt.channel,
btle_clkn_high=ts_sec,
btle_clk_100ns=ts_usec,
rssi_max=-pkt.rssi,
rssi_min=-pkt.rssi,
rssi_avg=-pkt.rssi,
rssi_count=1) / BTLE() / BTLE_ADV(
pkt.ble_payload)
if BTLEJack_Access_Address_Notification in pkt:
self._addCandidateAccessAddress(
accessAddress=pkt.access_address,
rssi=pkt.rssi,
channel=pkt.channel)
if BTLEJack_CRCInit_Notification in pkt:
self._updateCrcInit(crcInit=pkt.crc_init)
if BTLEJack_Channel_Map_Notification in pkt:
self._updateChannelMap(channelMap=pkt.channel_map)
if BTLEJack_Verbose_Response in pkt and b"c=" in pkt.message:
currentChannel = pkt.message.decode('ascii').split("c=")[1]
io.progress(int(currentChannel),
total=36,
suffix=str(currentChannel) + "/36 channels")
if BTLEJack_Verbose_Response in pkt and b"ADV_JAMMED" in pkt.message:
io.info("Advertisement jammed on channel #" +
str(self.getChannel()))
if BTLEJack_Verbose_Response in pkt:
io.info(pkt.message.decode('ascii'))
if BTLEJack_Hop_Interval_Notification in pkt:
self._updateHopInterval(pkt.hop_interval)
if BTLEJack_Hop_Increment_Notification in pkt:
self._updateHopIncrement(pkt.hop_increment)
if self.hijacking:
self._internalCommand(
BTLEJack_Enable_Hijacking_Command(enabled=0x01))
elif self.jamming:
self._internalCommand(
BTLEJack_Enable_Jamming_Command(enabled=0x01))
self.synchronized = True
if BTLEJack_Hijack_Status_Notification in pkt:
self.hijacked = (pkt.status == 0x00)
if BTLEJack_Nordic_Tap_Packet_Notification in pkt:
timestamp = time.time()
ts_sec = int(timestamp)
ts_usec = int((timestamp - ts_sec) * 1000000)
return BTLE_PPI(
btle_channel=pkt.channel,
btle_clkn_high=ts_sec,
btle_clk_100ns=ts_usec,
rssi_max=pkt.rssi,
rssi_min=pkt.rssi,
rssi_avg=pkt.rssi,
rssi_count=1) / BTLE(
access_addr=self.getAccessAddress()) / pkt.ble_payload
elif BTLEJack_Connection_Request_Notification in pkt:
self._setAccessAddress(
struct.unpack(">I", struct.pack("<I",
pkt.ble_payload.AA))[0])
self._setCrcInit(
struct.unpack(
">I", b"\x00" +
struct.pack('<I', pkt.ble_payload.crc_init)[:3])[0])
self._setChannelMap(pkt.ble_payload.chM)
self._setHopInterval(pkt.ble_payload.interval)
self._setHopIncrement(pkt.ble_payload.hop)
self.synchronized = True
timestamp = time.time()
ts_sec = int(timestamp)
ts_usec = int((timestamp - ts_sec) * 1000000)
return BTLE_PPI(btle_channel=self.channel,
btle_clkn_high=ts_sec,
btle_clk_100ns=ts_usec,
rssi_max=0,
rssi_min=0,
rssi_avg=0,
rssi_count=1) / BTLE() / BTLE_ADV(
RxAdd=pkt.RxAdd,
TxAdd=pkt.TxAdd,
RFU=pkt.RFU,
PDU_type=pkt.PDU_type) / pkt.ble_payload
elif BTLEJack_Connection_Lost_Notification in pkt or pkt.packet_type == 0x4 and pkt.notification_type == 0x9:
io.fail("Connection lost !")
self._reset()
self.restartSniffingMode()
self._setAccessAddress(None)
self._setCrcInit(None)
self._setChannelMap(None)
self._setHopInterval(None)
self._setHopIncrement(None)
self.hijacked = False
self.synchronized = False
else:
self.commandResponses.put(pkt)
else:
utils.wait(seconds=0.0001)