裂纹包装说明
裂纹利用在BLE配对过程,允许攻击者猜测或很快蛮力TK(临时密钥)的一个漏洞。随着传统知识和配对过程中收集的其他数据中,STK(短期密钥)和后来的LTK(长期密钥)可以被收集。
随着STK及乐庭的主机和从机之间的所有通信进行解密。
资料来源:https://github.com/mikeryan/crackle
裂纹首页 | 卡利裂纹回购
- 作者:迈克·瑞恩
- 许可:BSD
包含在裂纹封装工具
裂纹 - 裂纹和解密BLE加密
[email protected]:~# crackle
Usage: crackle -i <input.pcap> [-o <output.pcap>] [-l <ltk>]
Cracks Bluetooth Low Energy encryption (AKA Bluetooth Smart)
Major modes: Crack TK // Decrypt with LTK
Crack TK:
Input PCAP file must contain a complete pairing conversation. If any
packet is missing, cracking will not proceed. The PCAP file will be
decrypted if -o <output.pcap> is specified. If LTK exchange is in
the PCAP file, the LTK will be dumped to stdout.
Decrypt with LTK:
Input PCAP file must contain at least LL_ENC_REQ and LL_ENC_RSP
(which contain the SKD and IV). The PCAP file will be decrypted if
the LTK is correct.
LTK format: string of hex bytes, no separator, most-significant
octet to least-significant octet.
Example: -l 81b06facd90fe7a6e9bbd9cee59736a7
Optional arguments:
-v Be verbose
-t Run tests against crypto engine
Written by Mike Ryan <[email protected]>
See web site for more info:
http://lacklustre.net/projects/crackle/裂纹用法示例
读取输入文件(-i ltk_exchange.pcap)和写入解密输出到磁盘(-o LTK-decrypted.pcap):
[email protected]:~# crackle -i ltk_exchange.pcap -o ltk-decrypted.pcap
!!!
TK found: 000000
ding ding ding, using a TK of 0! Just Cracks(tm)
!!!
Warning: packet is too short to be encrypted (1), skipping
LTK found: 7f62c053f104a5bbe68b1d896a2ed49c
Done, processed 712 total packets, decrypted 3