Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-26 22:52:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/radio-hacking/pentesting-ble-bluetooth-low-energy.md

140 lines
7.4 KiB
Markdown
Raw Normal View History

Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated to Swahili
2024-02-11 02:13:58 +00:00
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Njia nyingine za kusaidia HackTricks:
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
* Ikiwa unataka kuona **kampuni yako inayotangazwa katika HackTricks** au **kupakua HackTricks katika PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
GitBook: [#3165] No subject
2022-05-01 16:32:23 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
# Utangulizi
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Inapatikana tangu maelezo ya Bluetooth 4.0, BLE hutumia njia 40 tu, ikifunika mbalimbali ya 2400 hadi 2483.5 MHz. Kwa kulinganisha, Bluetooth ya jadi hutumia njia 79 katika mbalimbali hiyo hiyo.
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Vifaa vya BLE huchangamana kwa kutuma **pakiti za matangazo** (**beacons**), pakiti hizi huzirusha uwepo wa kifaa cha BLE kwa vifaa vingine vilivyo karibu. Mara nyingine pakiti hizi za matangazo **hutuma data** pia.
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Kifaa cha kusikiliza, kinachoitwa pia kifaa cha kati, kinaweza kujibu pakiti ya matangazo kwa **ombi la UCHUNGUZI** lililotumwa kwa kifaa cha matangazo. **Jibu** kwa uchunguzi huo hutumia muundo sawa na pakiti ya **matangazo** na habari zaidi ambazo hazikuweza kutoshea kwenye ombi la awali la matangazo, kama vile jina kamili la kifaa.
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
GitBook: [#3164] No subject
2022-05-01 16:17:23 +00:00
![](<../.gitbook/assets/image (201) (2) (1) (1).png>)
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Bayiti ya awali inasawazisha frekwensi, wakati anwani ya ufikiaji yenye herufi nne ni **kitambulisho cha uunganisho**, ambacho hutumiwa katika hali ambapo vifaa vingi vinajaribu kuanzisha uhusiano kwenye njia sawa. Kisha, Kitengo cha Data cha Itifaki (**PDU**) kina data ya **matangazo**. Kuna aina kadhaa za PDU; zinazotumiwa sana ni ADV\_NONCONN\_IND na ADV\_IND. Vifaa hutumia aina ya PDU ya **ADV\_NONCONN\_IND** ikiwa **hawakubali uhusiano**, kusambaza data tu katika pakiti ya matangazo. Vifaa hutumia **ADV\_IND** ikiwa **ruhusu uhusiano** na **kukoma kutuma** pakiti za matangazo mara tu **uhusiano** unapokuwa **umeanzishwa**.
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
GitBook: [#3165] No subject
2022-05-01 16:32:23 +00:00
## GATT
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
**Generic Attribute Profile** (GATT) inafafanua jinsi **kifaa kinavyopaswa kuandaa na kuhamisha data**. Unapochunguza eneo la shambulio la kifaa cha BLE, mara nyingi utazingatia GATT (au GATTs), kwa sababu ndio jinsi **utendaji wa kifaa unavyoanzishwa** na jinsi data inavyohifadhiwa, kikundi, na kubadilishwa. GATT inaorodhesha sifa, maelezo, na huduma za kifaa katika jedwali kama thamani za bits 16 au 32. **Sifa** ni **thamani ya data** inayotumwa kati ya kifaa cha kati na kifaa cha pembeni. Sifa hizi zinaweza kuwa na **maelezo** yanayotoa **habari zaidi kuhusu hizo**. **Sifa** mara nyingi **hukusanywa** katika **huduma** ikiwa zina uhusiano na kutekeleza hatua fulani.
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
# Uchambuzi wa Kina
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
```bash
hciconfig #Check config, check if UP or DOWN
# If DOWN try:
sudo modprobe -c bluetooth
sudo hciconfig hci0 down && sudo hciconfig hci0 up
# Spoof MAC
spooftooph -i hci0 -a 11:22:33:44:55:66
```
GitBook: [#3165] No subject
2022-05-01 16:32:23 +00:00
## GATTool
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
**GATTool** inaruhusu **kuweka** **unganisho** na kifaa kingine, kuorodhesha sifa za kifaa hicho, na kusoma na kuandika mali zake.\
GATTTool inaweza kuzindua kikao cha kuingiliana na chaguo la `-I`:
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
```bash
gatttool -i hci0 -I
[ ][LE]> connect 24:62:AB:B1:A8:3E Attempting to connect to A4:CF:12:6C:B3:76 Connection successful
[A4:CF:12:6C:B3:76][LE]> characteristics
Translated to Swahili
2024-02-11 02:13:58 +00:00
handle: 0x0002, char properties: 0x20, char value handle:
0x0003, uuid: 00002a05-0000-1000-8000-00805f9b34fb
handle: 0x0015, char properties: 0x02, char value handle:
0x0016, uuid: 00002a00-0000-1000-8000-00805f9b34fb
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
[...]
# Write data
gatttool -i <Bluetooth adapter interface> -b <MAC address of device> --char-write-req <characteristic handle> -n <value>
gatttool -b a4:cf:12:6c:b3:76 --char-write-req -a 0x002e -n $(echo -n "04dc54d9053b4307680a"|xxd -ps)
# Read data
gatttool -i <Bluetooth adapter interface> -b <MAC address of device> --char-read -a 0x16
# Read connecting with an authenticated encrypted connection
gatttool --sec-level=high -b a4:cf:12:6c:b3:76 --char-read -a 0x002c
```
GitBook: [#3165] No subject
2022-05-01 16:32:23 +00:00
## Bettercap
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Bettercap ni chombo cha nguvu cha kufanya uchunguzi wa mitandao ya Bluetooth Low Energy (BLE) na kutekeleza mashambulizi ya kudhibiti. Inatoa huduma za kufuatilia, kuchanganua na kudhibiti vifaa vya BLE.
### Kufunga Bettercap
Unaweza kufunga Bettercap kwa kufuata hatua hizi:
1. Sakinisha Go kwenye mfumo wako.
2. Sakinisha Bettercap kwa kutumia amri ifuatayo:
```bash
go get github.com/bettercap/bettercap
```
### Kuanza Bettercap
Kuanza Bettercap, tumia amri ifuatayo:
```bash
sudo bettercap
```
### Kufanya Uchunguzi wa BLE
Kwa kufanya uchunguzi wa BLE na Bettercap, tumia amri ifuatayo:
```bash
ble.recon on
```
### Kutekeleza Mashambulizi ya Kudhibiti
Bettercap inaruhusu kutekeleza mashambulizi ya kudhibiti kwenye vifaa vya BLE. Unaweza kutumia amri ifuatayo kufanya hivyo:
```bash
ble.replay -i <interface> -t <target> -a <access_address> -c <channel> -p <payload>
```
Hapa, `<interface>` inahitajika kuwa interface ya Bluetooth, `<target>` ni anwani ya MAC ya kifaa cha BLE, `<access_address>` ni anwani ya upatikanaji ya BLE, `<channel>` ni namba ya kituo cha BLE, na `<payload>` ni data ya kudhibiti inayotumwa kwa kifaa cha BLE.
### Kufuatilia Matukio ya BLE
Bettercap inaruhusu kufuatilia matukio ya BLE kwa kutumia amri ifuatayo:
```bash
ble.show
```
Hii itaonyesha matukio yote ya BLE yaliyopatikana wakati wa uchunguzi.
GitBook: [#3038] No subject
2022-02-28 09:13:08 +00:00
```bash
# Start listening for beacons
sudo bettercap --eval "ble.recon on"
# Wait some time
>> ble.show # Show discovered devices
>> ble.enum <mac addr> # This will show the service, characteristics and properties supported
# Write data in a characteristic
>> ble.write <MAC ADDR> <UUID> <HEX DATA>
>> ble.write <mac address of device> ff06 68656c6c6f # Write "hello" in ff06
```
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated to Swahili
2024-02-11 02:13:58 +00:00
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Njia nyingine za kusaidia HackTricks:
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink