def _setupSockets(self):
"""
Forward the HCI snoop and inject ports from the Android device to
the host (using adb). Open TCP sockets (s_snoop, s_inject) to connect
to the forwarded ports. Read the btsnoop header from the s_snoop
socket in order to verify that the connection actually works correctly.
"""
# In order to support multiple parallel instances of InternalBlue
# (with multiple attached Android devices) we must not hard code the
# forwarded port numbers. Therefore we choose the port numbers
# randomly and hope that they are not already in use.
self.hciport = random.randint(
60000, 65534
) # minus 1, as we are using hciport + 1
log.debug(
"_setupSockets: Selected random ports snoop=%d and inject=%d"
% (self.hciport, self.hciport + 1)
)
# Forward ports 8872 and 8873. Ignore log.info() outputs by the adb function.
saved_loglevel = context.log_level
context.log_level = "warn"
try:
adb.adb(["forward", "tcp:%d" % (self.hciport), "tcp:8872"])
adb.adb(["forward", "tcp:%d" % (self.hciport + 1), "tcp:8873"])
except PwnlibException as e:
log.warn("Setup adb port forwarding failed: " + str(e))
return False
finally:
context.log_level = saved_loglevel
# Connect to hci injection port
self.s_inject = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
self.s_inject.connect(("127.0.0.1", self.hciport + 1))
self.s_inject.settimeout(0.5)
except socket.error:
log.warn("Could not connect to adb. Is your device authorized?")
return False
# Connect to hci snoop log port
self.s_snoop = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.s_snoop.connect(("127.0.0.1", self.hciport))
self.s_snoop.settimeout(0.5)
# Read btsnoop header
if self._read_btsnoop_hdr() == None:
log.warn("Could not read btsnoop header")
self.s_inject.close()
self.s_snoop.close()
self.s_inject = self.s_snoop = None
context.log_level = "warn"
adb.adb(["forward", "--remove", "tcp:%d" % (self.hciport)])
adb.adb(["forward", "--remove", "tcp:%d" % (self.hciport + 1)])
context.log_level = saved_loglevel
return False
return True
def _teardownSockets(self):
"""
Close s_snoop and s_inject sockets. Remove port forwarding with adb.
"""
if self.s_inject != None:
self.s_inject.close()
self.s_inject = None
if self.s_snoop != None:
self.s_snoop.close()
self.s_snoop = None
saved_loglevel = context.log_level
context.log_level = "warn"
if self.hciport is not None:
hciport = self.hciport
try:
adb.adb(["forward", "--remove", f"tcp:{hciport}"])
adb.adb(["forward", "--remove", f"tcp:{hciport + 1}"])
except PwnlibException as e:
log.warn("Removing adb port forwarding failed: " + str(e))
return False
finally:
context.log_level = saved_loglevel