GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Charmve → Ble Security Attack Defence

Charmve / Ble Security Attack Defence

Licence: bsd-2-clause
✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

hackingfuzzingvulnerabilitystackblebluetooth-low-energyreverse-proxywirelessreversebluetooth-le

Projects that are alternatives of or similar to Ble Security Attack Defence

Nimble Arduino
A fork of the NimBLE library structured for compilation with Ardruino, designed for use with ESP32.
Stars: ✭ 108 (+22.73%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
py-bluetooth-utils
Python module containing bluetooth utility functions, in particular for easy BLE scanning and advertising
Stars: ✭ 60 (-31.82%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Ble.net
Cross-platform Bluetooth Low Energy (BLE) library for Android, iOS, and UWP
Stars: ✭ 137 (+55.68%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Extendable
Blocks Based Bluetooth LE Connectivity framework for iOS/watchOS/tvOS/OSX. Quickly configure centrals & peripherals, perform read/write operations, and respond characteristic updates.
Stars: ✭ 88 (+0%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Rxandroidble
An Android Bluetooth Low Energy (BLE) Library with RxJava2 interface
Stars: ✭ 3,025 (+3337.5%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Easyble
Android BLE framework
Stars: ✭ 155 (+76.14%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Node Ble
Bluetooth Low Energy (BLE) library written with pure Node.js (no bindings) - baked by Bluez via DBus
Stars: ✭ 159 (+80.68%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
ESP32 BLE OTA Arduino
OTA update on ESP32 via BLE
Stars: ✭ 41 (-53.41%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
IOS-DFU-Library
OTA DFU Library for Mac and iOS, compatible with nRF5x SoCs
Stars: ✭ 400 (+354.55%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
ruuvitag-demo
Demo of reading Bluetooth Low Energy sensor measurements of RuuviTag environmental sensors and feeding them to MQTT, a database and dashboards
Stars: ✭ 14 (-84.09%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Android Scanner Compat Library
A compat library for Bluetooth Low Energy scanning on Android.
Stars: ✭ 462 (+425%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Ios Pods Dfu Library
OTA DFU Library for Mac and iOS, compatible with nRF5x SoCs
Stars: ✭ 349 (+296.59%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
Android Dfu Library
A library with DFU feature for Android 4.3+.
Stars: ✭ 532 (+504.55%)
Mutual labels:  ble, bluetooth-low-energy, bluetooth-le
One Lin3r
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Stars: ✭ 1,259 (+1330.68%)
Mutual labels:  hacking, reverse
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+862.5%)
Mutual labels:  hacking, vulnerability
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1006.82%)
Mutual labels:  hacking, fuzzing
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+1046.59%)
Mutual labels:  hacking, vulnerability
Esp32 ble wedo
A library to control LEGO wedo 2.0 with the ESP32 through Bluetooth low energy
Stars: ✭ 16 (-81.82%)
Mutual labels:  ble, bluetooth-low-energy
Flutter wechat ble
ble 4.0 with wechat style api for flutter. flutter版微信api风格的低功耗蓝牙
Stars: ✭ 41 (-53.41%)
Mutual labels:  ble, bluetooth-low-energy
Ancs4linux
iOS/iPadOS notification service client for Linux desktop (notifications on your desktop, over Bluetooth Low Energy)
Stars: ✭ 47 (-46.59%)
Mutual labels:  ble, bluetooth-low-energy
View All Similar Projects ➔

Bluetooth-LE Security: Method, Tools and Stack

B1ueB0y github Code-of-Conduct


✨ News! ✨

  •   2020.10.13: A heap-based type confusion affecting Linux kernel 4.8 and higher was discovered in net/bluetooth/l2cap_core.c. by Google Security Research !
  •   2020.03.26: A memory corruption issue was addressed with improved input validation by Qihoo 360 Alpha Lab !

BLE Vulnerability TOP5




Table of Content

BLE-Security-Attack&Defence
 |-- BLE Vulnerability TOP5
 |  |-- BlueBorne
 |  |-- BleedingBit
 |  |-- SweynTooth
 |  |-- BtleJuice
 |  |-- BLE-CTF
 |-- ble-stack
 |  |-- Mynewt-Nimble
 |  |-- nRF5_SDK_15.0.0_a53641a
 |  |-- PyBluez
 |  |-- LightBlue
 |-- cap - capture package
 |  |-- CrackLE
 |  |-- TI-BLTE2Pcap
 |  |-- blefuzz_V21
 |  |-- Fuzzing Bluetooth
 |-- image
 |-- tools - hardware&sofrware
 |  |-- Ubertooth
 |  |-- GATTacker
 |  |-- BladeRF
 |  |-- HackRF
 |  |-- Adafruit-BluefruitLE
 ...

Bluetooth LE Vulnerabilities

1. BlueBorne: A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device

BlueBorne: A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device
Ben Seri & Gregory Vishnepolsky

In this talk we will present the ramifications of airborne attacks, which bypass all current security measures and provide hackers with a contagious attack, capable of jumping over "air-gapped" networks...

Black Hat 2017
[PDF | Project Page | Video | PoC]

2. BtleJuice: the Bluetooth Smart Man In The Middle Framework by Damiel Cauquil

BtleJuice: the Bluetooth Smart Man In The Middle Framework
Damiel Cauquil

A lot of Bluetooth Low Energy capable devices are spread since the last few years, offering a brand new way to compromise many “smart” objects: fitness wristbands, smart locks and padlocks and even healthcare devices. But this protocol poses some new challenges...

DefConference 2016 (DEFCOON)
[Video | PDF | Project Page]

3. Damien virtualabs Cauquil - You had better secure your BLE devices

You had better secure your BLE devices
Damiel Cauquil

Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, ...

DefConference 2018 (DEFCOON26)
[PDF | Project Page | Video]

4. BLEEDINGBIT - Takeover of Aruba Access Point Access Point 325

BLEEDINGBIT - Takeover of Aruba Access Point Access Point 325
Armis

In this demo, Armis will demonstrate the takeover of an Aruba Access Point Access Point 325 using a TI cc2540 BLE chip. For more information, please visit https://armis.com/bleedingbit.

BLEEDINGBIT RCE vulnerability (CVE-2018-16986)
[PDF | Project Page | Video]
5. SweynTooth: Unleashing Mayhem over Bluetooth Low Energy

SweynTooth: Unleashing Mayhem over Bluetooth Low Energy
Matheus E. Garbelini

The Bluetooth Low Energy (BLE) is a promising short-range communication technology for Internet-of-Things (IoT) with reduced energy consumption. Vendors implement BLE protocols in their manufactured devices compliant to Bluetooth Core Specification. Recently, several vulnerabilities were discovered in the BLE protocol ...

USENIX Security 20
[PDF | Code | Project Page | Video | Slides]
6. BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy

BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy
Jianliang Wu, Yuhong Nan ..., Purdue University

In this paper, we analyze the security of the BLE link-layer, focusing on the scenario in which two previously-connected devices reconnect. Based on a formal analysis of the reconnection procedure defined by the BLE specification, we highlight two critical security weaknesses in the specification. As a result, even a device implementing the BLE protocol correctly may be vulnerable to spoofing attacks...

WOOT '20
[PDF | Project Page | Video]
7. Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool

Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool
Slawomir Jasek

Using a few simple tricks, we can assure the victim will connect to our impersonator device instead of the original one, and then just proxy the traffic - without consent of the mobile app or device. And here it finally becomes interesting - just imagine how many attacks you might be able to perform with the possibility to actively intercept the BLE communication....

Black Hat 2016 (Black Hat)
[Slides]

8. BIAS: Bluetooth Impersonation AttackS

BIAS: Bluetooth Impersonation AttackS
Daniele Antonioli, Nils Ole Tippenhauer & Kasper Rasmussen

The Bluetooth standard provides authentication mechanisms based on a long term pairing key, which are designed to protect against impersonation attacks. The BIAS attacks from our new paper demonstrate that those mechanisms are broken, and that an attacker can exploit them to impersonate any Bluetooth master or slave device. Our attacks are standard-compliant, and can be combined with other attacks, including the KNOB attack. In the paper, we also describe a low cost implementation of the attacks and our evaluation results on 30 unique Bluetooth devices using 28 unique Bluetooth chips.

📑 IEEE Symposium on Security and Privacy
[PDF | Project Page | Video | Slides | PoC]
9. BLEKey: Breaking Access Controls With BLEKey

BLEKey: Breaking Access Controls With BLEKey
Eric Evenchick & Mark Baseggio

RFID access controls are broken. In this talk, we will demonstrate how to break into buildings using open-source hardware we are releasing.Over the years, we have seen research pointing to deficiencies in every aspect of access control systems: the cards...

Black Hat 2016 (Black Hat)
[PDF | Project Page | Video]
10. MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE

MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE
Yan Michalevsky

In this talk, we present new applications for cryptographic secret handshakes between mobile devices on top of Bluetooth Low-Energy (LE). Secret handshakes enable mutual authentication between parties that did not meet before (and therefore don't trust each other) but are both associated with a virtual secret group or community...

Black Hat 2016 (Black Hat)
[PDF | Project Page | Video]
11. Safe Mode Wireless Village - The Basics Of Breaking BLE v3

Safe Mode Wireless Village - The Basics Of Breaking BLE v3
FreqyXin

Evolving over the past twenty-two years, Bluetooth, especially Bluetooth Low Energy (BLE), has become the ubiquitous backbone ...

DefConference 2020 (DEFCOON)
[PDF | Project Page | Video]
12. USENIX Security '19 - The KNOB is Broken: Exploiting Low Entropy in the Encryption Key

Key Negotiation Of Bluetooth (KNOB): Breaking Bluetooth Security
Daniele Antonioli, SUTD

We present an attack on the encryption key negotiation protocol of Bluetooth BR/EDR. The attack allows a third party, without knowledge of any secret material (such as link and encryption keys), to make two (or more) victims agree on an encryption key with only 1 byte (8 bits) of entropy. Such low entropy enables the attacker to easily brute force the negotiated encryption keys, decrypt the eavesdropped ciphertext, and inject valid encrypted messages (in real-time)....

USENIX Security 19
[PDF | Project Page | Video | PoC]
13. Bluetooth Reverse Engineering: Tools and Techniques

Bluetooth Reverse Engineering: Tools and Techniques
Mike Ryan, Founder, ICE9 Consulting

With the continuing growth of IoT, more and more devices are entering the market with Bluetooth. This talk will shed some light on how these devices use Bluetooth and will cover reverse engineering techniques that in many cases can be accomplished with hardware you already have! Whether you're a Bluetooth newbie or a seasoned pro, you’ll learn something from this talk....

RSA Conference
[PDF | Project Page | Video]



MORE

  1. BlueBorne - A New Class of Airborne Attacks that can Remotely Compromise Any Linux/IoT Device https://www.youtube.com/watch?v=WWQTlogqF1I

    Hack.lu 2016 BtleJuice: the Bluetooth Smart Man In The Middle Framework by Damiel Cauquil https://www.youtube.com/watch?v=G08fh5Sa7TU

  2. MASHaBLE: Mobile Applications of Secret Handshakes Over Bluetooth LE https://www.youtube.com/watch?v=s79CG2Os0Nc

  3. Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing https://www.youtube.com/watch?v=NDWGwrMk3AU

  4. Hacking the Wireless World with Software Defined Radio - 2.0 https://www.youtube.com/watch?v=MKbU3HhG2vk

  5. Effective File Format Fuzzing – Thoughts, Techniques and Results https://www.youtube.com/watch?v=qTTwqFRD1H8

  6. Hacking the Wireless World with Software Defined Radio - 2.0 https://www.youtube.com/watch?v=x3UUazj0tkg

  7. DEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices https://www.youtube.com/watch?v=VHJfd9h6G2s&t=646s

  8. DEF CON 24 Wireless Village - Jose Gutierrez and Ben Ramsey - How Do I BLE Hacking https://www.youtube.com/watch?v=oP6sx2cObrY

  9. DEF CON Safe Mode Wireless Village - FreqyXin - The Basics Of Breaking https://www.youtube.com/watch?v=X2ARyfjzxhY

  10. DEF CON 26 - Vincent Tan - Hacking BLE Bicycle Locks for Fun and a Small Profit https://www.youtube.com/watch?v=O-caTVpHWoY

  11. DEF CON 26 WIRELESS VILLAGE - ryan holeman - BLE CTF https://www.youtube.com/watch?v=lx5MAOyu9N0

  12. DEF CON 21 - Ryan Holeman - The Bluetooth Device Database https://www.youtube.com/watch?v=BqiIERArnA8

  13. DEF CON 22 - Grant Bugher - Detecting Bluetooth Surveillance Systems https://www.youtube.com/watch?v=85uwy0ACJJw

  14. KnighTV Episode 11: Hacking BLe Devices Part 1/6: Attacking August Smart Lock Pro https://www.youtube.com/watch?v=3e4DBk5BKLg

  15. Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool https://www.youtube.com/watch?v=uKqdb4lF0XU&list=LLxFkZjbpt0KyhEv1d342SQQ&index=6&t=91s

  16. Bluetooth Reverse Engineering: Tools and Techniques https://www.youtube.com/watch?v=gCQ3iSy6R-U

  17. Hopping into Enterprise Networks from Thin Air with BLEEDINGBIT https://www.youtube.com/watch?v=ASod9cRtZf4

漏洞预警 | BleedingBit蓝牙芯片远程代码执行漏洞 https://www.anquanke.com/post/id/163307 https://www.secpulse.com/archives/78841.html

  1. BA03 Breaking the Teeth of Bluetooth Padlocks Adrian Crenshaw https://www.youtube.com/watch?v=k8Tp5hj6ylY

  2. The NSA Playset Bluetooth Smart Attack Tools https://www.youtube.com/watch?v=_Z4gYyrKVFM

Code of Conduct

免责申明 Code of Conduct

To-Do

  • 2020.10 BleedingTooth CVE-2020-12351 CVE-2020-12352 CVE-2020-24490
  • 2020.04 BIAS CVE-2020-10135
  • 2020.03 Bluewave CVE-2020-3848 CVE-2020-3849 CVE-2020-3850
  • 2020.03 BLURtooth CVE-2020-15802
  • 2020.03 BLESA CVE-2020-9770
  • 2020.03 KNOB CVE-2019-9506

Citation

Use this bibtex to cite this repository:

@misc{BLE Security,
  title={Bluetooth LE-Security: Method, Tools and Stack},
  author={Charmve},
  year={2020.09},
  publisher={Github},
  journal={GitHub repository},
  howpublished={\url{https://github.com/Charmve/BLE-Security-Attack-Defence}},
}

*updade on 2020/10/23 @ Charmve

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].