Browse Source

Add flags for dumping and replaying raw dumps etc

kb/hax
Konrad Beckmann 3 years ago
parent
commit
c6ccfb7561
4 changed files with 36 additions and 5 deletions
  1. +26
    -2
      ble_dump.py
  2. BIN
      dump_1519587726.pcap
  3. BIN
      dump_1519587726.raw
  4. +10
    -3
      proto.py

+ 26
- 2
ble_dump.py View File

@ -41,6 +41,10 @@ def print_settings(gr, opts):
print ' %-22s: %s' % ('Disable De-Whitening', '{0}'.format(opts.disable_dewhitening))
print '\n%-23s: %s\n' % ('PCAP output file', '{:s}'.format(opts.pcap_file))
if opts.raw_replay_file:
print '%-23s: %s\n' % ('Raw replay input file', '{:s}'.format(opts.raw_replay_file))
if opts.raw_capture_file:
print '%-23s: %s\n' % ('Raw capture output file', '{:s}'.format(opts.raw_capture_file))
# Setup Gnu Radio with defined command line arguments
def init_args(gr, opts):
@ -64,6 +68,9 @@ def init_opts(gr):
capture.add_option("-m", "--min_buffer_size", type="int", default=65, help="Minimum buffer size [default=%default]")
capture.add_option("-s", "--sample-rate", type="eng_float", default=gr.sample_rate, help="Sample rate [default=%default]")
capture.add_option("-t", "--squelch_threshold", type="eng_float", default=gr.squelch_threshold, help="Squelch threshold (simple squelch) [default=%default]")
capture.add_option("", "--pcap_fifo_file", type="string", default='', help="Secondary PCAP output file, preferrably a FIFO file [default=%default]")
capture.add_option("", "--raw_replay_file", type="string", default='', help="Replays a raw capture [default=%default]")
capture.add_option("", "--raw_capture_file", type="string", default='', help="Captures raw data to this file [default=%default]")
# Low Pass filter
filters = OptionGroup(parser, 'Low-pass filter:')
@ -119,6 +126,9 @@ if __name__ == '__main__':
# Open PCAP file descriptor
pcap_fd = open_pcap(opts.pcap_file)
pcap_fifo_fd = open_pcap(opts.pcap_fifo_file) if opts.pcap_fifo_file else None
raw_capture_fd = open_pcap(opts.raw_capture_file) if opts.raw_capture_file else None
raw_replay_fd = open(opts.raw_replay_file, "rb") if opts.raw_replay_file else None
current_hop = 1
hopping_time = datetime.now() + timedelta(seconds=opts.ble_scan_window)
@ -144,7 +154,15 @@ if __name__ == '__main__':
print 'Switching to BLE channel [ {:d} ] @ {:d} MHz'.format(current_ble_chan, int(gr_block.get_freq() / 1000000))
# Fetch data from Gnu Radio message queue
gr_buffer += gr_block.message_queue.delete_head().to_string()
if raw_replay_fd != None:
chunk = raw_replay_fd.read(1024)
else:
chunk = gr_block.message_queue.delete_head().to_string()
gr_buffer += chunk
if raw_capture_fd != None:
raw_capture_fd.write(chunk)
raw_capture_fd.flush()
if len(gr_buffer) > opts.min_buffer_size:
# Prepend lost data
@ -203,13 +221,19 @@ if __name__ == '__main__':
continue
# Write BLE packet to PCAP file descriptor
write_pcap(pcap_fd, current_ble_chan, ble_access_address, ble_data)
write_pcap(pcap_fd, pcap_fifo_fd, current_ble_chan, ble_access_address, ble_data)
gr_buffer = ''
except KeyboardInterrupt:
pass
if raw_capture_fd != None:
raw_capture_fd.close()
if raw_replay_fd != None:
raw_replay_fd.close()
pcap_fd.close()
gr_block.stop()
gr_block.wait()

BIN
dump_1519587726.pcap View File


BIN
dump_1519587726.raw View File


+ 10
- 3
proto.py View File

@ -12,6 +12,7 @@
from time import time
from struct import pack, unpack
import pwn
# Bluetooth LE constants and definitions
BLE_PREAMBLE = '\xAA'
@ -103,7 +104,7 @@ def open_pcap(filename):
return pcap_fd
# Write BLE packet to PCAP fd
def write_pcap(fd, ble_channel, ble_access_address, ble_data):
def write_pcap(fd, fd_fifo_fd, ble_channel, ble_access_address, ble_data):
now = time()
sec = int(now)
usec = int((now - sec) * 1000000)
@ -111,8 +112,14 @@ def write_pcap(fd, ble_channel, ble_access_address, ble_data):
ble_flags = 0x3c37
# Write PCAP packet header
fd.write(pack('<LLLLBBBBLHL', sec, usec, ble_len, ble_len, ble_channel, 0xff, 0xff, 0x00, ble_access_address, ble_flags, ble_access_address))
data = (pack('<LLLLBBBBLHL', sec, usec, ble_len, ble_len, ble_channel, 0xff, 0xff, 0x00, ble_access_address, ble_flags, ble_access_address))
data += (''.join(chr(x) for x in ble_data))
# Write BLE packet
fd.write(''.join(chr(x) for x in ble_data))
fd.write(data)
fd.flush()
if fd_fifo_fd != None:
fd_fifo_fd.write(data)
fd_fifo_fd.flush()
print pwn.hexdump(''.join(chr(x) for x in ble_data))

Loading…
Cancel
Save