ZigBee Replay
Jump to navigation
Jump to search
Summary
After successfully sniffing the Network Key of a ZigBee network as described in ZigBee Sniffing the next step is to conduct a replay attack by resending the decrypted on/off commands with adjusted counters.
Requirements
- Operating system of attacking host: Kali Linux 64 Bit
- Version 2018.2
- Packages: KillerBee
- Operating system of Raspberry Pi: RaspBee Gateway SD card image Raspbian Jessi RaspBee (Stable)
- Version 01-2017
Authors
- Daniel Tod
- Luca Strobl
Results
zbreplay
does not work due to counter queries- Python script to log the latest counters and create a packet with updated counters
- Documentation of the conducted project and source code of the python script
The authors suppose that the misinterpretation of data results from the limited hardware capacities of the [Atmel RZ Raven USB stick. The solution would be a Software Defined Radio (SDR). The drivers of scapy were only written for the Ettus USRP but the authors were not provided with this SDR.
Used Hardware
- Raspberry Pi 3 Model B+
- SD card with at least 8 gigabyte of memory
- Raspbee module
- Philips Hue light bulb
- Atmel RZ Raven USB stick
- Kali Linux host
- USB mouse and keyboard
- external monitor
- HDMI cable
Courses
- Vertiefendes Wahlfachprojekt (2019)