search

riverloopsec / killerbee

IEEE 802.15.4/ZigBee Security Research Toolkit
http://www.riverloopsecurity.com
Other
755 stars 215 forks source link

Raspbee #201

Open snylee opened 4 years ago

snylee commented 4 years ago

Hi Guys

I'm kinda new to this so please bare with me. I'm a student in my final year of university. For my final year project I have chosen to focus on the penetration of Zigbee networks/devices. So far I have purchased a Raspberry Pi with the Raspbee Premium module. I am able to see traffic through Wireshark using software from Bishop Fox's software, ZigDiggity. But i want to do more, which is how I've come across Killerbee. I've noticed that the hardware requirements for Killerbee do not include that of Raspbee. Do you know if there is anyway I could use Killerbee with my Raspbee module? I only ask this because most of the hardware required for Killerbee are no longer in stock, especially the Atmel RZUSB Stick. I would need to sniff and inject. Any ideas would be mostly beneficial.

Thanks Guys Simon

rmspeers commented 4 years ago

Yes, you should be able to add Raspbee support relatively simply -- copy the pattern in another dev_*.py file and implement those functions that are in there to speak to the Raspbee hardware via it's serial interface. Your implementation likely could be informed by looking at zigdiggity/radios/raspbee_radio.py or you can implement using the Raspbee specifications.

snylee commented 4 years ago

Thanks for the quick reply rmspeers. So please let me know if i've got this right. -create a new .py script called dev_raspbee.py -(for example) -copy the script from "zigdiggity/radios/raspbee_radio.py" into my new dev_raspbee.py script? I'm a bit confused. Ha

rmspeers commented 4 years ago

You will want to create dev_raspbee.py, and can base it on dev_apimote.py as an example. However, you can’t use copy something in - you will need to implement those functions (pnext, set_channel, etc) based on the Raspbee communication protocol (which, as I mentioned, "zigdiggity/radios/raspbee_radio.py” may be one reference for how to do if you wanted to read it).

You’ll need to implement those methods and debug from that point to ensure you’re getting all the data in the expected format (e.g., FCS prepended vs null’ed, etc).

On Feb 9, 2020, at 1:36 PM, snylee notifications@github.com wrote:

Thanks for the quick reply rmspeers. So please let me know if i've got this right. -create a new .py script called dev_raspbee.py -(for example) -copy the script from "zigdiggity/radios/raspbee_radio.py" into my new dev_raspbee.py script? I'm a bit confused. Ha

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/riverloopsec/killerbee/issues/201?email_source=notifications&email_token=ACLNACNURTIQNDOTGKDGEGTRCBEL3A5CNFSM4KSC3GG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELGUKXY#issuecomment-583877983, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACLNACKDQ4Z2PSVLJLWPBHTRCBEL3ANCNFSM4KSC3GGQ.

snylee commented 4 years ago

Damn. So I’m not a programmer so i have no clue how to implement it across or what to look for in the zigdiggity/radios/raspbee_radio.py script either. Any other ideas to add support? Or do you have any idea of where i could get one of the supported hardware radios from?

rmspeers commented 4 years ago

Code needs to be written for there to be support for a radio. I've started a branch, tagged 201-raspbee-support, but have not had time to write most of it or test it - it serves only as an example to be built upon and tested.

rmspeers commented 4 years ago

For supported radios, you should be able to get the SiLabs Node Test supported boards from DigiKey and similar distributors easily, if those support the features you need. The ApiMote v4beta you can get from Attify who resells them. TelosB board clones I believe are readily available in the EU as well, and can be shipped internationally.

snylee commented 4 years ago

Ok thank for. I appreciate your time and effort. In the meantime time trying to do a quick corse on phthon. I know the basics but im not there yet. 😁

wang70880 commented 3 years ago

What's the status of Raspbee firmware development?

rmspeers commented 3 years ago

At this time, I have not had time to dedicate to writing a Raspbee firmware. We welcome any contributions of this firmware.

wang70880 commented 3 years ago

I would like to help develop the Raspbee firmware. Do you have any idea to help quickly get started? Actually I am confused.

In my view, Raspbee needs its firmware which provides some basic APIs through UART. KillerBee on the other side is more likely a toolkit which is developed by using these APIs provided by Raspbee firmware.

Should I also design Raspbee firmware, or use its orginal firmware? In my view, the dev_raspbee.py is just a software abstraction of Raspbee, and it didn't change the firmware of it.

rmspeers commented 3 years ago

See above notes on https://github.com/riverloopsec/killerbee/issues/201#issuecomment-583901216 on what you need to do for the KillerBee "driver" layer. You can use the default firmware if you wish, see above considerations. dev_raspbee.py is, as you say, the abstraction layer for speaking to the firmware. I would start with implementing that to talk to the default firmware and you can update firmware if you find things are missing after doing that which you need.

wang70880 commented 3 years ago

However, I found that the firmware of Raspbee is not open-sourced, and the functionality of original firmware is limited, e.g., changing PANID. What should we do to solve this firmware problem?