Hello,

I am trying to understand what the output of the brute force script is. As far as I understand, in the terminal output it shows what pattern it was able to decrypt from the ciphertexts in the cts.py file with the brute forced key:
2021-02-01 16:31:57,580 root INFO attack i: 208655, off: 24, CLK_HEX: 032f0f, MATCH jpeg 'jpeg' at [301]).

If I check the .bf file after the script is finished, i can find the corresponding lines:

What does “CLK”, “off” and “out” of the .bf file displays? And is there a way to get the actual brute forced key and the decrypted messages?

Thank you in advance

I'm trying to use this PoC on a Nexus 6p on Android 8.1.0. I installed the custom BT stack from seemoo-lab here: https://github.com/seemoo-lab/internalblue/tree/master/android_bluetooth_stack/android8_1_0

I then installed internalblue from this repo. I am able to run internalblue and get a command prompt:

However, when I try to start monitoring LMP:

It fails with the following:

[CRITICAL] Uncaught exception ('module' object has no attribute 'LMP_MONITOR_BUFFER_BASE_ADDRESS'). Abort.
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/internalblue-0.1-py2.7.egg/internalblue/cli.py", line 71, in commandLoop
    if(not cmd_instance.work()):
  File "/usr/local/lib/python2.7/dist-packages/internalblue-0.1-py2.7.egg/internalblue/cmds.py", line 420, in work
    monitorController.startMonitor()
  File "/usr/local/lib/python2.7/dist-packages/internalblue-0.1-py2.7.egg/internalblue/cmds.py", line 339, in startLmpMonitor
    self.internalblue.startLmpMonitor(self._callback)
  File "/usr/local/lib/python2.7/dist-packages/internalblue-0.1-py2.7.egg/internalblue/core.py", line 619, in startLmpMonitor
    log.info('LMP_MONITOR_BUFFER_BASE_ADDRESS: {0:#x}'.format(fw.LMP_MONITOR_BUFFER_BASE_ADDRESS))
AttributeError: 'module' object has no attribute 'LMP_MONITOR_BUFFER_BASE_ADDRESS'

Any suggestions?

Hi,
i'm trying the knob attack on rooted nexus5.
got the following errors:

[] Importing fw_5 for Nexus 5
[!] Could not read btsnoop header
[+] Starting local process '/usr/bin/adb': pid 14442
[+] Receiving all data: Done (0B)
[] Process '/usr/bin/adb' stopped with exit code 0 (pid 14442)
[+] Starting local process '/usr/bin/adb': pid 14445
[+] Receiving all data: Done (0B)
[] Process '/usr/bin/adb' stopped with exit code 0 (pid 14445)
[CRITICAL] No connection to target device.
[] Check if:
-> Bluetooth is active
-> Bluetooth Stack has Debug Enabled
-> BT HCI snoop log is activated
[CRITICAL] No connection to target device.

The bluetooth, HCI snoop log are active. Also, stack is debug enabled following the procedure here for nexus 5 https://github.com/seemoo-lab/internalblue/blob/master/android_bluetooth_stack/README.md.

am i missing something here?

Ciao, innanzitutto volevo farti i miei complimenti per questo lavoro, è davvero interessante ed utile!
Stavo provando a riprodurre il codice utilizzando uno Z3 Compact che da quanto ho capito dalla documentazione di Internalblue dovrebbe avere lo stesso chip bluetooth del Nexus 5.
Per ora non riesco ancora a far funzionare correttamente Internalblue (il bluetooth crasha quando cerco di fare una accoppiamento con un altro dispositivo).

Quello che però non mi è chiaro leggendo il paper e la documentazione del repo è se il bluetooth sniffer (Ubertooth) è necessario per manipolare la procedura di negoziazione dell'entropia per la chiave K'c.
Inoltre non mi è chiaro se sia o meno possibile, una volta trovata forzata la chiave, recuperare i pacchetti trasferiti direttamente da Wireshark utilizzando Internalblue sul dispositivo modificato (Nexus 5 - Z3 Compact) e leggendo il log "btsnoop_hci.log".

Mi scuso per le domande, forse banali, e per l'inglese orribile con cui tradurrò questo messaggio per il resto della community.
Grazie e buona giornata!
Alessandro

(ENG)

Hi, first of all congrats for this useful research, it's really interesting!
I was trying to reproduce your code using a Z3 Compact that should share the same bluetooth chip of the Nexus 5 (i found this information on the Internalblue repo).
For now I can't get Internalblue to work properly (bluetooth crashes when I try to pair with another device).

What is not clear to me, after reading your paper and the documentation of the repo, is whether the bluetooth sniffer (Ubertooth) is necessary to manipulate the entropy negotiation procedure for the K'c key or not.
Furthermore, it is not clear to me whether or not it is possible, once the key has been forced, to recover the packets transferred directly from Wireshark using Internalblue on the modified device (Nexus 5 - Z3 Compact) and reading them the log file "btsnoop_hci.log".

I apologize for the trivial questions and for the horrible English with which I will translate this message for the rest of the community.
Thank you and have a good day!
Alessandro

Hello @francozappa,
Which plugin(s) (standard/legacy, btbb/btbredr) are you using to dissect the LMP packets? I can see only Ethernet II frames (Wireshark 2.6.8, Ubuntu 18.04) and I get an error while launching Wireshark.

Optionally install the LMP dissection plugin and our LMP coloring rules to easily follow the packet capture. I was able to install using Wireshark v2.6.10

The error:

btbb.so: undefined symbol: new_create_dissector_handle

I know it's not an error related to this project, but could you please share your modifications? Thanks a lot.,
Sam

I used two nexus 5 version phones to execute the CVE_2018_5383_Invalid_Curve_Attack_PoC.py file, but the following error occurred when this file was executed on the ubuntu system:

[] Using adb device: 04250993437df21a (AOSP on HammerHead)
[] Importing fw_5 for AOSP on HammerHead
[] Writing hooks to 0xd7800...
[] Installing hook patches...
[] - Hook public key receive path to replace y-coordinate with zero
[] patchRom: Choosing next free slot: 114
[] - Hook public key send path to replace y-coordinate with zero
[] patchRom: Choosing next free slot: 115
[*] - Hook private key generation function to always produce even private key
[!] patchRom: patch (\x00\x8e���) must be a 32-bit dword!
[CRITICAL] Installing patch for GEN_PRIV_KEY failed1!

Can you know what went wrong?

Hi,
I'm wondering if my Bluetooth Classic device is vulnerable or not and if I could brute force and validate the low entropy E0 key. I got the packets below by using internalblue and the command monitor lmp start.

I got a LMP_encryption_key_size packet with a defined key size of 1 byte.

No.     Time           Source                Destination           Protocol Length Info
    379 -12.825905     controller            aa:bb:cc:dd           LMP      64     LMP_encryption_key_size_req

Frame 379: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
Bluetooth
Bluetooth HCI H4
Bluetooth H4 Serial Broadcom Vendor Specific
    Clock: 0x00000000
    Remote MAC Address: aa:bb:cc:dd
    Payload Header
        .... ..11 = LLID: LMP message (ACL-C) (0x3)
        .... .0.. = Flow: False
        0001 0... = Length: 2
    Bluetooth Link Manager Protocol
        0 = TID: transaction initiated by master
        0010 000. = Opcode: LMP_encryption_key_size_req (16)
        Key Size: 1

Then, I got a LMP_accepted packet, a LMP_start_encryption_req and again a LMP_accepted. Can I assume that the device is vulnerable?

Then, I would like to validate the entropy of the key with your code. I'm not able to find the value for the variable Kl (the Wireshark filter doesn't display any packet).

• AU_RAND : btbrlmp.op == 11 --> 716c98e8c4be05e6dc0fa09c8598a6f7
• R_SRES : packet LMP_sres --> 24d9d395
• EN_RAND : btbrlmp.op == 17 --> 422e33c9efac7ac8e7c1c4978b5711e2
• R_SRES : packet LMP_sres --> 3f20daf7

Apart from the values above, do I have to modify something else?

Thanks in advance,
Sam

When I run "make bf", it seems to hang or be waiting for input after "BEGIN: 198775, END: 218775, KS_BYTES: 400", so my output initially looks like this:

make bf
python2 bf.py
2023-05-10 14:39:13,259 root WARNING attack Assuming FEC and whitening already computed by Ubertooth
2023-05-10 14:39:13,259 root INFO attack BTADDR_M : bytearray(b'\xcc\xfa\x00p\xdc\xb6')
2023-05-10 14:39:13,259 root INFO attack start lmp and hci iblue monitors: sudo ubertooth-rx -l 70dcb6 -u 00  -r nexus.pcap
2023-05-10 14:39:13,259 root INFO attack BTADDR_S : bytearray(b'\x82\x9ff\x9b\xda$')
2023-05-10 14:39:13,259 root INFO attack Kl       : bytearray(b"\xd5\xf2\x07D\xc0]\x08`\x1d(\xfa\x1d\xd7\x9c\xdc\'")
2023-05-10 14:39:13,259 root INFO attack AU_RAND  : 722e6ecd32ed43b7f3cdbdc2100ff6e0
2023-05-10 14:39:13,286 root INFO attack SRES     : bytearray(b'\xb0\xa3\xf4\x1f')
2023-05-10 14:39:13,286 root INFO attack R_SRES   : bytearray(b'\xb0\xa3\xf4\x1f')
2023-05-10 14:39:13,286 root INFO attack ACO = COF: bytearray(b'\x1c\xe4\xf9Bm\xc2\xbc\x11\x04r\xd6\x8e')
2023-05-10 14:39:13,286 root INFO attack ACO = COF: 1ce4f9426dc2bc110472d68e
2023-05-10 14:39:13,286 root INFO attack EN_RAND  : d72fb4217dcdc3145056ba488bea9076
2023-05-10 14:39:13,310 root INFO attack Kc       : bytearray(b"\xa3\xfc\xce\xf2*\xd2#,z\xcb\x01\xe9\xb9\xedg\'")
2023-05-10 14:39:13,310 root INFO attack Kc       : a3fccef22ad2232c7acb01e9b9ed6727
2023-05-10 14:39:13,383 root INFO attack Kc_prime : bytearray(b'\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'), entropy: 1 Byte
2023-05-10 14:39:13,383 root INFO attack Kc_prime : 7fffffffffffffffffffffffffffffff, entropy: 1 Byte
Make sure to make e0 with correct Kc_prime, and BTADDR_M
BEGIN: 198775, END: 218775, KS_BYTES: 400

If I wait for a bit and then hit ctrl-c or enter, I get:

2023-05-10 14:44:16,702 root INFO attack # BEGIN bruteforce : CT6-RCLK-KS400-198775-218775.bf
2023-05-10 14:44:16,702 root INFO attack            343 CT  : ebad5675cf3a158575ecf90d0b842149364a5f85f69c9ac1d6c5442059dee18f1ba5af427b4ecd60eb6222902ceff0c78dd257a13da766b0753111489677f8e346e9abd09e5333d8ba980824cb3bfc71a3f45568cfa9196c5d4c0492e51dfeb851fa2ab4e7d40cb62e2602c9f20e7fdc287d15da736a065b1713816479873f6e94be0aed393583ad8b8940b2bcc31f374a5f85f69c9ac1d6c5442059dee18f1ba5af427b4ecd60eb6222902ceff0c78dd257a13da766b0753111489677f8e346e9abd09e5333d8ba980824cb3bfc71a3f45568cfa9196c5d4c0492e51dfeb851fa2ab4e7d40cb62e2602c9f20e7fdc287d15da736a065b1713816479873f6e94be0aed393583ad8b8940b2bcc31f374a5f85f69c9ac1d6c5442059dee18f1ba5af427b4ecd60eb6222902ceff0c78dd257a13da766b0753111489677f8e346e9abd09e5333d8ba980824cb3bfc71a3f45568cfa9196c5d
2023-05-10 14:44:16,702 root INFO 
2023-05-10 14:44:16,702 root INFO PATTERNS: {'cccc': 'cccc', 'f_i_l_e': 'f\x00i\x00l\x00e', 'L2CAP1_R': '\x00\x01\x00\x08', 'L2CAP1_TR': '\x00I\x00\x03', 'image': 'image', 'L2CAP3': '\n\x00\x01\x00', 'bbbb': 'bbbb', 'L2CAP1_T': '\x03\x00I\x00', 'aaaa': 'aaaa', 'dddd': 'dddd', 'L2CAP1': '\x08\x00\x01\x00', 'L2CAP2': '\x0c\x00\x01\x00', 'L2CAP2_R': '\x00\x01\x00\x0c', 'jpeg': 'jpeg', 'j_p_e_g': '\x06a\x00p\x00e\x00g', 'L2CAP3_R': '\x00\x01\x00\n'}
Traceback (most recent call last):
  File "bf.py", line 211, in <module>
    p = Popen(ARGS, stdout=PIPE)
  File "/usr/lib/python2.7/subprocess.py", line 394, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
make: *** [Makefile:4: bf] Error 1

"CT6-RCLK-KS400-198775-218775.bf" is in the folder just fine, so I'm wondering if the file it can't find is the "nexus.pcap", in reference to the attack start lmp and hci iblue monitors: sudo ubertooth-rx -l 70dcb6 -u 00 -r nexus.pcap line?

(I tried cp ../poc-internalblue/sample-nexmaster-galaxys9slave.pcapng nexus.pcap but that didn't help)

Note: I don't seem to see any errors with "make tests" (if that was supposed to create the pcap or something.)