Difference between revisions of "Bluetooth LE hacking"
m |
m (→MITM attack) |
||
| Line 67: | Line 67: | ||
Make sure that the machines can reach each other over the network. It is also recommend to turn | Make sure that the machines can reach each other over the network. It is also recommend to turn | ||
of the firewall. | of the firewall. | ||
sudo apt-get install -y nodejs npm bluetooth bluez libbluetooth-dev libudev-dev | |||
sudo npm install -g btlejuice | |||
sudo service ufw stop | sudo service ufw stop | ||
sudo ufw disable | sudo ufw disable | ||
| Line 73: | Line 75: | ||
The second machine is the core unit and there you enter: | The second machine is the core unit and there you enter: | ||
sudo btlejuice -u <ip proxy> -w | sudo btlejuice -u <ip proxy> -w | ||
=== Gatttool === | === Gatttool === | ||
Revision as of 20:32, 6 November 2021
Summary
This page describes the basics steps of how a BLE device can be attacked.
Requirements
- Operating system: Ubuntu 21.10, Ubuntu 18.04
- Elvis lab IoT devices
In order to complete these steps, you must have followed before.
Description
First install ubertooth one and all libraries. A full documentation is available on: https://ubertooth.readthedocs.io/en/latest/build_guide.html
Check if ubertooth one is recognized:
lsusb
Bus 001 Device 003: ID 1d50:6002 OpenMoko, Inc. Ubertooth One
sudo apt-get install -y ubertooth cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev pkg-config python3-numpy python3-qtpy
Install libbtbb
wget https://github.com/greatscottgadgets/libbtbb/archive/2020-12-R1.tar.gz -O libbtbb-2020-12-R1.tar.gz tar -xf libbtbb-2020-12-R1.tar.gz cd libbtbb-2020-12-R1 mkdir build cd build cmake .. make sudo make install sudo ldconfig
Install Ubertooth Tools
wget https://github.com/greatscottgadgets/ubertooth/releases/download/2020-12-R1/ubertooth-2020-12-R1.tar.xz tar -xf ubertooth-2020-12-R1.tar.xz cd ubertooth-2020-12-R1/host mkdir build cd build cmake .. make sudo make install sudo ldconfig
Ubertooth One Firmware update
cd firmware sudo apt-get install -y gcc-arm-none-eabi make clean all make cd bluetooth_rxtx ubertooth-dfu -d bluetooth_rxtx.dfu -r
To show the Firmware use the command
ubertooth-util -v
Firmware version: git-7b656c1 (API:1.07)
Wireshark sniffing
The ubertooth one device is used for sniffing the bluetooth packets and wireshark is displaying the packets.
mkpipe /tmp/pipe sudo wireshark -k -i /tmp/pipe & sudo ubertooth-btle -f -c /tmp/pipe
MITM attack
To find out what GAT messages between a BLE device and a smartphone are being exchanged, I used a MITM attack. For this the tool btlejuice was used.
Create 2 virtual machines with Ubuntu 18.04 and make sure that a bluetooth adapter is available on both machines. Make sure that the machines can reach each other over the network. It is also recommend to turn of the firewall.
sudo apt-get install -y nodejs npm bluetooth bluez libbluetooth-dev libudev-dev sudo npm install -g btlejuice sudo service ufw stop sudo ufw disable
One machine acts as proxy. On this machine enter the command:
sudo btlejuice-proxy
The second machine is the core unit and there you enter:
sudo btlejuice -u <ip proxy> -w
Gatttool
Used Hardware
All hardware is used from the Elvis Lab.
- Ubertooth One