ZigBee Replay
Jump to navigation
Jump to search
Summary
After successfully sniffing the Network Key of a ZigBee network as described in ZigBee Sniffing the next step is to conduct a replay attack by resending the decrypted on/off commands with adjusted counters.
Requirements
- Operating system of attacking host: Kali Linux 64 Bit
- Version 2018.2
- Packages: KillerBee
- Operating system of Raspberry Pi: RaspBee Gateway SD card image Raspbian Jessi RaspBee (Stable)
- Version 01-2017
Authors
- Daniel Tod
- Luca Strobl
Results
zbreplay
does not work due to counter queries- Python script to log the latest counters and create a packet with updated counters
- Documentation of the conducted project and source code of the python script
The authors suppose that the misinterpretation of data results from the limited hardware capacities of the Atmel RZ Raven USB stick. The solution would be a Software Defined Radio (SDR). The drivers of scapy were only written for the Ettus USRP but the authors were not provided with this SDR.
Used Hardware
- Raspberry Pi 3, Model B+, WLAN, BT
- Kingston 8GB micro SD-HC class 4
- RaspBee premium, Erweiterungsplatine mit Funkmodul für Raspberry Pi
- Philips Hue White and Color Ambiance Single LED-Bulb E27 10W
- AVR RZUSBSTICK
- Kali Linux host
- USB mouse and keyboard
- external monitor
- HDMI cable
Courses
- Vertiefendes Wahlfachprojekt (2019)