ZigBee Replay
Jump to navigation
Jump to search
Summary
After successfully sniffing the Network Key of a ZigBee network as described in ZigBee Sniffing the next step is to conduct a replay attack by resending the decrypted on/off commands with adjusted counters.
Requirements
- Operating system of attacking host: Kali Linux 64 Bit
- Version 2018.2
- Packages: KillerBee
- Operating system of Raspberry Pi: RaspBee Gateway SD card image Raspbian Jessi RaspBee (Stable)
- Version 01-2017
Authors
- Daniel Tod
- Luca Strobl
Results
zbreplay
does not work due to counter queries- Python script to log the latest counters and create a packet with updated counters
- Data is misinterpreted and therefore the FCS and MIC are wrong
- Packet is not constructed
- Documentation of the conducted project and source code of the python script
The authors suppose that the misinterpretation of data results from the limited hardware capacities of the Atmel RZ Raven USB stick. The solution would be a Software Defined Radio (SDR). The drivers of scapy were only written for the Ettus USRP but the authors were not provided with this SDR.
Used Hardware
- Raspberry Pi 3 Model B+
- SD card with at least 8 gigabyte of memory
- Raspbee module
- Philips Hue light bulb
- Atmel RZ Raven USB stick
- Kali Linux host
- USB mouse and keyboard
- external monitor
- HDMI cable
Courses
- Vertiefendes Wahlfachprojekt (2019)