Firmware question #13
Comments
|
Hi @AdySan, sorry for the delay. The firmware is closed source for now due to embargo, but it will be available open-source through request soon. Note that you can currently use the firmware to send or receive LL packets by just using the driver library included on this repo. |
|
Thanks, I understand @Matheus-Garbelini, also thank you for the great work. |
|
Hi @AdySan I'm reopening this issue as to notify others that the firmware code will be released by the end of this month. You'll be notified by then, and we will include documentation of the current API. |
|
Hi @Matheus-Garbelini any updates on the firmware release? Is there any way to reset the the firmware via UART? |
|
Hello @Matheus-Garbelini, Or maybe you can answer me some questions. Is it possible to advertise with this firmware and therefore create a simple peripheral? I tried to send advertisements, but had no success until now. Another question is, can i use any kind of address (random and public) with this firmware just by setting the corresponding packet values (seems like)? Or is there any additional logic in the firmware? Regards, |
|
Hi @byte-arts, @AdySan
Please, do not hesitate to open a new issue if you have any other question, regards. |
|
now 2021 ,open source delay? |
|
Hi @fr0zenrain |
nsidesm
added a commit
to nsidesm/mirage
that referenced
this issue
Dec 28, 2022
Modified Files: ************************ mirage/libs/ble.py: * Added Logic for nRF 52840 Zephyr hci_usb Device and corresponding MITM Mode. * Added Secure Connection Packets (e.g. BLEPublicKey, BLEDHKeyCheck) * Added logic to backup and restore Callbacks of Receivers * Removed Packet Fragmentation Implementation (is now part of mirage/libs/bt.py) mirage/libs/ble_utils/constants.py: * Added LL Opcodes and Error Codes mirage/libs/ble_utils/dissector.py: * Fixed HIDMapping (was not working for my devices) mirage/libs/ble_utils/packets.py * Small Adjustments mirage/libs/ble_utils/scapy_link_layers.py * Added bindings for LL Encryption packets mirage/libs/bt.py * Added Packet Fragmentation Code * Added Logic for nRF 52840 Zephyr hci_usb Device and corresponding MITM Mode. mirage/libs/bt_utils/scapy_vendor_specific.py * Added Zephyr HCI Commands mirage/modules/ble_connect.py * Added Logic to set new BD Address at each Start mirage/modules/ble_discovery.py * Added Discovery of Security Property mirage/modules/ble_pair.py * Added Option to modify Address * Reduced Success Logging New Files: ************************ Cryptographic functions for secure connections pairing: - mirage/libs/ble_utils/sc_crypto.py Generic BLE Module, does nothing and is suitable for scenarios, which perform specific tasks: - mirage/modules/ble_generic.py BLE Relay Module (Requires the nRF 52840 Dongles with customized Zephyr `hci_usb` Firmware): - mirage/modules/ble_relay.py Secure Connections MITM Module, uses downgrade attack to pair with both devices using Just Works Pairing: - mirage/modules/ble_sc_mitm.py Secure Connections Pairing Module, for pairing Secure Connections devices: - mirage/modules: ble_sc_pair.py Scenario to fuzz a writable GATT characteristic: - mirage/scenarios/ble_att_fuzz.py Scenario for Blue Door Attack https://dl.acm.org/doi/10.1145/3386901.3389025 (Requires the nRF 52840 Dongles with customized Zephyr `hci_usb` Firmware): - mirage/scenarios/ble_blue_door.py Scenario for BlueMirror Attack https://ieeexplore.ieee.org/document/9474325: - mirage/scenarios/ble_blue_mirror.py Scenario for Fixed Coordinate Invalid Curve Attack https://dl.acm.org/doi/abs/10.1007/978-3-030-38471-5_11: - mirage/scenarios/ble_fixed_coord_invalid_curve.py Scenario for HID Injection Attack: - mirage/scenarios/ble_hid_mitm.py Scenario for KNOB Attack https://dl.acm.org/doi/10.1145/3394497: - mirage/scenarios/ble_knob.py Scenario for Replay Attacks: - mirage/scenarios/ble_replay.py Scenario to scan for security Properties of the Device: - mirage/scenarios/ble_scan_sec_req.py Scenario to test cryptographic implementation of Secure Connections Cryptography: - mirage/scenarios/ble_sc_crypto_test.py Scenario for Zero LTK Attack Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks#13: - mirage/scenarios: ble_zero_ltk.py
nsidesm
added a commit
to nsidesm/mirage
that referenced
this issue
Dec 28, 2022
Modified Files: ************************ mirage/libs/ble.py: * Added Logic for nRF 52840 Zephyr hci_usb Device and corresponding MITM Mode. * Added Secure Connection Packets (e.g. BLEPublicKey, BLEDHKeyCheck) * Added logic to backup and restore Callbacks of Receivers * Removed Packet Fragmentation Implementation (is now part of mirage/libs/bt.py) mirage/libs/ble_utils/constants.py: * Added LL Opcodes and Error Codes mirage/libs/ble_utils/dissector.py: * Fixed HIDMapping (was not working for my devices) mirage/libs/ble_utils/packets.py * Small Adjustments mirage/libs/ble_utils/scapy_link_layers.py * Added bindings for LL Encryption packets mirage/libs/bt.py * Added Packet Fragmentation Code * Added Logic for nRF 52840 Zephyr hci_usb Device and corresponding MITM Mode. mirage/libs/bt_utils/scapy_vendor_specific.py * Added Zephyr HCI Commands mirage/modules/ble_connect.py * Added Logic to set new BD Address at each Start mirage/modules/ble_discovery.py * Added Discovery of Security Property mirage/modules/ble_pair.py * Added Option to modify Address * Reduced Success Logging New Files: ************************ Cryptographic functions for secure connections pairing: - mirage/libs/ble_utils/sc_crypto.py Generic BLE Module, does nothing and is suitable for scenarios, which perform specific tasks: - mirage/modules/ble_generic.py BLE Relay Module (Requires the nRF 52840 Dongles with customized Zephyr `hci_usb` Firmware): - mirage/modules/ble_relay.py Secure Connections MITM Module, uses downgrade attack to pair with both devices using Just Works Pairing: - mirage/modules/ble_sc_mitm.py Secure Connections Pairing Module, for pairing Secure Connections devices: - mirage/modules: ble_sc_pair.py Scenario to fuzz a writable GATT characteristic: - mirage/scenarios/ble_att_fuzz.py Scenario for Blue Door Attack https://dl.acm.org/doi/10.1145/3386901.3389025 (Requires the nRF 52840 Dongles with customized Zephyr `hci_usb` Firmware): - mirage/scenarios/ble_blue_door.py Scenario for BlueMirror Attack https://ieeexplore.ieee.org/document/9474325: - mirage/scenarios/ble_blue_mirror.py Scenario for Fixed Coordinate Invalid Curve Attack https://dl.acm.org/doi/abs/10.1007/978-3-030-38471-5_11: - mirage/scenarios/ble_fixed_coord_invalid_curve.py Scenario for HID Injection Attack: - mirage/scenarios/ble_hid_mitm.py Scenario for KNOB Attack https://dl.acm.org/doi/10.1145/3394497: - mirage/scenarios/ble_knob.py Scenario for Replay Attacks: - mirage/scenarios/ble_replay.py Scenario to scan for security Properties of the Device: - mirage/scenarios/ble_scan_sec_req.py Scenario to test cryptographic implementation of Secure Connections Cryptography: - mirage/scenarios/ble_sc_crypto_test.py Scenario for Zero LTK Attack Matheus-Garbelini/sweyntooth_bluetooth_low_energy_attacks#13: - mirage/scenarios: ble_zero_ltk.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
Sorry if I missed it, but is the firmware open source? If not can you at least give some hints what it's based on?
Thanks,
Aditya
The text was updated successfully, but these errors were encountered: