Skip to content

balisong/blueborne

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
android
android
 
 
l2cap_infra
l2cap_infra
 
 
linux-bluez
linux-bluez
 
 
nRF24_BDADDR_Sniffer
nRF24_BDADDR_Sniffer
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

BlueBorne Exploits & Framework

This repository contains a PoC code of various exploits for the BlueBorne vulnerabilities.

Under 'android' exploits for the Android RCE vulnerability (CVE-2017-0781), and the SDP Information leak vulnerability (CVE-2017-0785) can be found.

Under 'linux-bluez' exploits for the Linux-RCE vulnerability (CVE-2017-1000251) can be found (for Amazon Echo, and Samsung Gear S3).

Under 'l2cap_infra' a general testing framework to send and receive raw l2cap messages (using scapy) can be found.

Under 'nRF24_BDADDR_Sniffer' a tool to capture bluetooth mac addresses (BDADDR) over the air, using a nRF24L01 chip

For more details on BlueBorne, you may read the full technical white paper available here:

https://www.armis.com/blueborne/

In addition a several detailed blog posts on the exploitation of these vulnerability can be found here:

https://www.armis.com/blog/

===============

Dependencies:

pip2 packages: pybluez, pwn, scapy

- sudo apt-get install libbluetooth-dev
- sudo pip2 install pybluez pwn scapy

To run the exploits, the root of this repository needs to be in the PYTHONPATH:

export PYTHONPATH=$PYTHONPATH:<repo-path>

About

PoC scripts demonstrating the BlueBorne vulnerabilities

www.armis.com/blueborne/

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%