search

riverloopsec / killerbee

IEEE 802.15.4/ZigBee Security Research Toolkit
http://www.riverloopsecurity.com
Other
742 stars 215 forks source link

Cannot inject packets on RZ USB stick with Python 3 (TypeError) #250

Closed nitrescov closed 2 years ago

nitrescov commented 2 years ago

Hey all, I want to share a small issue I've noticed when using a RZ USB stick with killerbee.

General information

Issue

With Python 2, scapy packets could be passed as str(pkt) to the killerbee inject method, which worked fine.

With Python 3, on the other hand, it doesn't matter whether you pass the packet as a string or bytes. Killerbee always tries to concatenate both data types.

Traceback 1: injecting bytes

$ python3 test_inject.py
Traceback (most recent call last):
  File ".../test_inject.py", line 41, in <module>
    kb.inject(bytes(Dot15d4()))
  File ".../killerbee/dev_rzusbstick.py", line 523, in inject
    packet += "\x00\x00"
TypeError: can't concat str to bytes

Here the problem is clear.

Traceback 2: injecting string

$ python3 test_inject.py
Traceback (most recent call last):
  File ".../test_inject.py", line 41, in <module>
    kb.inject("".join(map(chr, bytes(Dot15d4()))))  # replacement for str(pkt) in Python 2
  File ".../killerbee/dev_rzusbstick.py", line 528, in inject
    self.__usb_write(RZ_USB_COMMAND_EP, struct.pack("BB", RZ_CMD_INJECT_FRAME, len(packet)) + packet)
TypeError: can't concat str to bytes

In this case it seems to be the other way round. Apparently struct.pack() returns bytes which cannot be concatenated with the packet string.

This can also be confirmed with killerbee internal tools that use the inject function (e.g. zbstumbler).

Has anyone else noticed this problem so far?

Edit: Unless I'm completely wrong, shouldn't this be solved by making the "\x00\x00" in line 523 a b"\x00\x00"?

taylorcenters commented 2 years ago

Unfortunately, I don't have an rzusbstick to specifically test this, but after mocking the function to confirm the change you suggested I have added it to PR #252 - Thanks for finding and solving this one!

nitrescov commented 2 years ago

Thank you for adding the fix. I made several tests with the RZUSB stick and can confirm that sending packets will work again with this simple change. I just didn't have time to make a pull request yet ;)

taylorcenters commented 2 years ago

Thank you again for your help!