Skip to content

ttdennis/bluetooth_smp_pocs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

assets

assets

 
 

smp_bruteforce

smp_bruteforce

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

extract_smp_passkey.py

extract_smp_passkey.py

 
 

Repository files navigation

Bluetooth SMP PoCs

This repository contains proof-of-concepts for attacks against the BLE SMP protocols when a static passkey is used. More information can be found in the corresponding Insinuator blogpost.

SMP Bruteforce

The bruteforce script requires Internalblue and pycryptodome to be installed. You will either need CAP_NET_RAW or root privileges to use the required HCI socket. Additionally, the Bluetooth device needs to be down. You can simply run systemctl stop bluetooth to do that.

To run the script you need to Bluetooth address of the device you want to brute-force. Run the script as follows:

python smp_bruteforce.py AA:BB:CC:DD:EE:FF

Successfully running the script looks as follows:

smp_bruteforce script excecution GIF

About

BLE Passkey Bruteforce PoC

Topics

bluetooth-low-energy brute-force passkey

Resources

Readme
Activity

Stars

24 stars

Watchers

1 watching

Forks

3 forks
Report repository

Languages