裂纹包装说明
裂纹利用在BLE配对过程,允许攻击者猜测或很快蛮力TK(临时密钥)的一个漏洞。随着传统知识和配对过程中收集的其他数据中,STK(短期密钥)和后来的LTK(长期密钥)可以被收集。 随着STK及乐庭的主机和从机之间的所有通信进行解密。 资料来源:https://github.com/mikeryan/crackle
- 作者:迈克·瑞恩
- 许可:BSD
0x01 包含在裂纹封装工具
裂纹 - 裂纹和解密BLE加密:~# crackle Usage: crackle -i <input.pcap> [-o <output.pcap>] [-l <ltk>] Cracks Bluetooth Low Energy encryption (AKA Bluetooth Smart) Major modes: Crack TK // Decrypt with LTK Crack TK: Input PCAP file must contain a complete pairing conversation. If any packet is missing, cracking will not proceed. The PCAP file will be decrypted if -o <output.pcap> is specified. If LTK exchange is in the PCAP file, the LTK will be dumped to stdout. Decrypt with LTK: Input PCAP file must contain at least LL_ENC_REQ and LL_ENC_RSP (which contain the SKD and IV). The PCAP file will be decrypted if the LTK is correct. LTK format: string of hex bytes, no separator, most-significant octet to least-significant octet. Example: -l 81b06facd90fe7a6e9bbd9cee59736a7 Optional arguments: -v Be verbose -t Run tests against crypto engine Written by Mike Ryan < > See web site for more info: http://lacklustre.net/projects/crackle/0x02 裂纹用法示例
读取输入文件 (-i ltk_exchange.pcap) 和写入解密输出到磁盘 (-o LTK-decrypted.pcap):
:~# crackle -i ltk_exchange.pcap -o ltk-decrypted.pcap
!!!
TK found: 000000
ding ding ding, using a TK of 0! Just Cracks(tm)
!!!
Warning: packet is too short to be encrypted (1), skipping
LTK found: 7f62c053f104a5bbe68b1d896a2ed49c
Done, processed 712 total packets, decrypted 3
原文来自https://www.hackfun.org/kali-tools/crackle_zh.html。转载请注明原出处,商用请联系原作者授权。