bluetooth_smp_pocs's Introduction

Bluetooth SMP PoCs

This repository contains proof-of-concepts for attacks against the BLE SMP protocols when a static passkey is used. More information can be found in the corresponding Insinuator blogpost.

SMP Bruteforce

The bruteforce script requires Internalblue and pycryptodome to be installed. You will either need CAP_NET_RAW or root privileges to use the required HCI socket. Additionally, the Bluetooth device needs to be down. You can simply run systemctl stop bluetooth to do that.

To run the script you need to Bluetooth address of the device you want to brute-force. Run the script as follows:

python smp_bruteforce.py AA:BB:CC:DD:EE:FF

Successfully running the script looks as follows:

bluetooth_smp_pocs's People

Contributors

Stargazers

Watchers

bluetooth_smp_pocs's Issues

NameError: name 'log' is not defined

─$ python smp_bruteforce.py 64:48:fc:37:35:82
[!] Found 1 HCI devices via ioctl(HCIGETDEVLIST)!
[] HCI device: hci0 [11:22:33:44:55:66] flags=5
[!] Found 1 HCI devices via ioctl(HCIGETDEVLIST)!
[] HCI device: hci0 [11:22:33:44:55:66] flags=5
[ERROR] Unable to bind
[*] Connected to hci0
[!] Receive Thread started.
[!] Send Thread started.
[!] _sendThreadFunc: No response from the firmware.
[!] sendHciCommand: waiting for response timed out!
[!] initialize_fimware: Failed to send a HCI command to the Bluetooth driver.
adb: Check if you installed a custom bluetooth.default.so properly on your
Android device. bluetooth.default.so must contain the string 'hci_inject'.
hci: You might have insufficient permissions to send this type of command.
[!] connect: Failed to initialize firmware!
Traceback (most recent call last):
File "/home/kali/Downloads/bluetooth_smp_pocs/smp_bruteforce/smp_bruteforce.py", line 216, in
main()
File "/home/kali/Downloads/bluetooth_smp_pocs/smp_bruteforce/smp_bruteforce.py", line 205, in main
log.critical("No connection to internalblue device.")
NameError: name 'log' is not defined
how can ı fix

dont work

─$ sudo python smp_bruteforce.py 56:a4:78:7a:0b:50

dpkg-query: no path found matching pattern bin/armeabilinux*-as*
Could not find 'as' installed for ContextType(arch = 'thumb', bits = 32, endian = 'little')
Try installing binutils for this architecture:
https://docs.pwntools.com/en/stable/install/binutils.html
[!] pwnlib.asm.which_binutils() cannot find 'as'!
[!] pwntools cannot find binutils for arm architecture. Disassembling will not work!
[!] Found 1 HCI devices via ioctl(HCIGETDEVLIST)!
[] HCI device: hci0 [77:22:34:44:55:77] flags=5
[!] Found 1 HCI devices via ioctl(HCIGETDEVLIST)!
[] HCI device: hci0 [77:22:34:44:55:77] flags=5
[ERROR] Unable to bind
[*] Connected to hci0
[!] Receive Thread started.
[!] Send Thread started.
[!] _sendThreadFunc: No response from the firmware.
[!] sendHciCommand: waiting for response timed out!
[!] initialize_fimware: Failed to send a HCI command to the Bluetooth driver.
adb: Check if you installed a custom bluetooth.default.so properly on your
Android device. bluetooth.default.so must contain the string 'hci_inject'.
hci: You might have insufficient permissions to send this type of command.
[!] connect: Failed to initialize firmware!
CRITICAL:root:No connection to internalblue device.
same issue , ı closed first issue sory.

Recommend Projects

ttdennis / bluetooth_smp_pocs Goto Github PK

bluetooth_smp_pocs's Introduction

Bluetooth SMP PoCs

SMP Bruteforce

bluetooth_smp_pocs's People

Contributors

Stargazers

Watchers

Forkers

bluetooth_smp_pocs's Issues

NameError: name 'log' is not defined

dont work

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent