Difference between revisions of "Bluetooth LE hacking"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
m
m
Line 5: Line 5:
== Requirements ==
== Requirements ==


* Operating system: Ubuntu 21.10, Ubuntu 18.04
* Operating system: Ubuntu 18.04
* Elvis lab IoT devices
* Elvis lab IoT devices



Revision as of 21:46, 14 November 2021

Summary

This page describes the basics steps of how a BLE device can be attacked.

Requirements

  • Operating system: Ubuntu 18.04
  • Elvis lab IoT devices

In order to complete these steps, you must have followed before.

Description

First install ubertooth one and all libraries. A full documentation is available on: https://ubertooth.readthedocs.io/en/latest/build_guide.html

Check if ubertooth one is recognized:

lsusb

Bus 001 Device 003: ID 1d50:6002 OpenMoko, Inc. Ubertooth One

sudo apt-get install -y ubertooth cmake libusb-1.0-0-dev make gcc g++ libbluetooth-dev pkg-config python3-numpy python3-qtpy

Install libbtbb

wget https://github.com/greatscottgadgets/libbtbb/archive/2020-12-R1.tar.gz -O libbtbb-2020-12-R1.tar.gz
tar -xf libbtbb-2020-12-R1.tar.gz
cd libbtbb-2020-12-R1
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig

Install Ubertooth Tools

wget https://github.com/greatscottgadgets/ubertooth/releases/download/2020-12-R1/ubertooth-2020-12-R1.tar.xz
tar -xf ubertooth-2020-12-R1.tar.xz
cd ubertooth-2020-12-R1/host
mkdir build
cd build
cmake ..
make
sudo make install
sudo ldconfig

Ubertooth One Firmware update

cd firmware
sudo apt-get install -y gcc-arm-none-eabi
make clean all
make
cd bluetooth_rxtx
ubertooth-dfu -d bluetooth_rxtx.dfu -r

To show the Firmware use the command

ubertooth-util -v

Firmware version: git-7b656c1 (API:1.07)

Wireshark sniffing

The ubertooth one device is used for sniffing the bluetooth packets and wireshark is displaying the packets.

mkfifo /tmp/pipe
sudo wireshark -k -i /tmp/pipe &
sudo ubertooth-btle -f -c /tmp/pipe

MITM attack

To find out what GAT messages between a BLE device and a smartphone are being exchanged, I used a MITM attack. For this the tool btlejuice was used.

Create 2 virtual machines with Ubuntu 18.04 and make sure that a bluetooth adapter is available on both machines. Make sure that the machines can reach each other over the network. It is also recommend to turn of the firewall.

sudo apt-get install -y nodejs npm bluetooth bluez libbluetooth-dev libudev-dev
sudo npm install -g btlejuice
sudo service ufw stop
sudo ufw disable

One machine acts as proxy. On this machine enter the command:

sudo btlejuice-proxy

The second machine is the core unit and there you enter:

sudo btlejuice -u <ip proxy> -w

Gatttool

Used Hardware

All hardware is used from the Elvis Lab.

  • Ubertooth One

Courses

References