Difference between revisions of "ZigBee Replay"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 24: Line 24:
* [[:File:ZigBeeReplay.pdf|Documentation]] of the conducted project and source code of the python script
* [[:File:ZigBeeReplay.pdf|Documentation]] of the conducted project and source code of the python script


The authors suppose that the misinterpretation of data results from the limited hardware capacities of the [[https://www.microchip.com/developmenttools/ProductDetails/ATAVRRZUSBSTICK Atmel RZ Raven USB stick].
The authors suppose that the misinterpretation of data results from the limited hardware capacities of the [[AVR RZUSBSTICK|Atmel RZ Raven USB stick]].
The solution would be a [https://en.wikipedia.org/wiki/Software-defined_radio Software Defined Radio (SDR)].
The solution would be a [https://en.wikipedia.org/wiki/Software-defined_radio Software Defined Radio (SDR)].
The drivers of scapy were only written for the [https://www.ettus.com/ Ettus USRP] but the authors were not provided with this SDR.
The drivers of scapy were only written for the [https://www.ettus.com/ Ettus USRP] but the authors were not provided with this SDR.
Line 30: Line 30:
== Used Hardware ==
== Used Hardware ==


* [https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/ Raspberry Pi 3 Model B+]
* [[Raspberry Pi 3, Model B+, WLAN, BT]]
* SD card with at least 8 gigabyte of memory
* [[Kingston 8GB micro SD-HC class 4]]
* [https://www.dresden-elektronik.de/raspbee/ Raspbee module]
* [[RaspBee premium, Erweiterungsplatine mit Funkmodul für Raspberry Pi]]
* [https://www2.meethue.com/de-at/p/hue-white-einzellampe--e27/8718696449578 Philips Hue light bulb]
* [[Philips Hue White and Color Ambiance Single LED-Bulb E27 10W]]
* [https://www.microchip.com/developmenttools/ProductDetails/ATAVRRZUSBSTICK Atmel RZ Raven USB stick]
* [[AVR RZUSBSTICK]]
* [https://www.kali.org/downloads/12/ Kali Linux] host
* [https://www.kali.org/downloads/12/ Kali Linux] host
* USB mouse and keyboard
* USB mouse and keyboard

Latest revision as of 13:15, 12 March 2019

Summary

After successfully sniffing the Network Key of a ZigBee network as described in ZigBee Sniffing the next step is to conduct a replay attack by resending the decrypted on/off commands with adjusted counters.

Requirements

Authors

  • Daniel Tod
  • Luca Strobl

Results

  • zbreplay does not work due to counter queries
  • Python script to log the latest counters and create a packet with updated counters
    • Data is misinterpreted and therefore the FCS and MIC are wrong
    • Packet is not constructed
  • Documentation of the conducted project and source code of the python script

The authors suppose that the misinterpretation of data results from the limited hardware capacities of the Atmel RZ Raven USB stick. The solution would be a Software Defined Radio (SDR). The drivers of scapy were only written for the Ettus USRP but the authors were not provided with this SDR.

Used Hardware

Courses

Retrieved from "https://wiki.elvis.science/index.php?title=ZigBee_Replay&oldid=1314"