Comments (10)
Hi @cxjcxggg unfortunately not.
ESP32 (and Microchip) uses intellectual Property from Riviera Waves RF Subsystem for Bluetooth and Wi-Fi, so even if Espressif wants, they cannot share their source code due to legal reasons (NDA).
from sweyntooth_bluetooth_low_energy_attacks.
Hi @Matheus-Garbelini , sad to know that. I am also interested in zephyr vulnerabilities you found. The zephyr project is open-source, does that mean I can have the source code which triggers the CVEs?
from sweyntooth_bluetooth_low_energy_attacks.
@cxjcxggg yes, for zephyr you can find the specific merges here:
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10069
from sweyntooth_bluetooth_low_energy_attacks.
@Matheus-Garbelini , I got it, thanks a lot!
from sweyntooth_bluetooth_low_energy_attacks.
Hi @Matheus-Garbelini , it's me again. I won't open a new issue so that I won't bother you. I am trying to reproduce the invalid channel map vulnerability (CVE-2020-10069) on Zephyr project, it is fixed in zephyr v2.3.0, so I need to use v2.2.0 or v2.2.1. I successfully connected the nrf52840 dongle with the nrf52840 DK via bluetooth using bluetooth peripheral sample in the latest zephyr project. But when I try to build the sample in zephyr v2.2.0, some problems arose because of the different zephyr project version.
Therefore, I think I may also need to change the Zephyr SDK's version so that it could work with zephyr v2.2.0. But which one should I use? How can I reproduce the attack? Thank you so much.
from sweyntooth_bluetooth_low_energy_attacks.
from sweyntooth_bluetooth_low_energy_attacks.
Hi @Matheus-Garbelini , thanks for your help. I have addressed the issues about the zephyr project.
Then I set the nrf52840 dongle in DFU mode and use command nrfutil dfu usb-serial -p COM_PORT -pkg nRF52_driver_firmware.zip
to flash the firmware, "Device programmed" is printed (the blue led goes off). So I replug the dongle (the green led begins to blink) and open the Bluetooth Low Energy app in the nRF Connect for Desktop, but encounter the problem as shown below.
So I try to manually flash the firmware with the Programmer app in nRF connect for Desktop, but still fails.
Close the Programmer and open the BLE app, but the device can't be opened.
I don't know which step goes wrong. Do I have to use the firmware you provide? I can establish BLE connection with my nrf52840 DK with sniffer hex on nrf52840 dongle. Can I run the invalid_channel_map.py
with sniffer firmware?
from sweyntooth_bluetooth_low_energy_attacks.
Hi @cxjcxggg I'm not sure what you are trying to do. The sniffer and our attacker firmware are different things.
If you see your led blinking green after flashing our firmware than you can run the exploits. Do not try to use it as an sniffer instead.
Let me know how it goes.
Regards.
from sweyntooth_bluetooth_low_energy_attacks.
Hi @Matheus-Garbelini , sorry for the confuse. I have finally successfully reproduced the vulnerability! Lol!
I always thought that I needed to connect the nrf52840 dongle to the peripheral before running the script. What I was trying to say yesterday is that I couldn't establish the bluetooth connection with the peripheral after flashing the firmware. So I actually got stuck because of misunderstanding about the way to use the script you provide.
Anyway, I am so excited. Appreciate your kindness a lot!
Regards.
from sweyntooth_bluetooth_low_energy_attacks.
@cxjcxggg good to know. Use it with responsibility 😃 👍
Division by zero is always funny.
from sweyntooth_bluetooth_low_energy_attacks.
Related Issues (20)
- llid_deadlock.py test script hanging HOT 1
- device cannot be correctly detected again after the firmware is flashed HOT 7
- Vulnerable peripherals HOT 3
- Question about the vulnerabilities. HOT 3
- Encryption Error HOT 8
- Question about LEDs color of NRF dongle flashed in the firware. HOT 1
- Question about sending custom BLE packet HOT 2
- Invalid non-compliance warning
- some questions about capturing the ble packets HOT 12
- Questions about firmware reverse
- Question about BR connection HOT 1
- Error with ADVA with sequential_att_deadlock script
- Truncated L2CAP attack misalignment between script and paper HOT 2
- Telink_Key_Size_Overflow hanging endlessly
- ImportError: No module named html.parser HOT 2
- Routine code about the device under test
- Question about firmware's source code
- AttributeError: AdvA
- NRF52_CMD_CHECKSUM_ERROR HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sweyntooth_bluetooth_low_energy_attacks.