securing / gattacker

A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks
http://www.gattack.io
MIT License
704 stars 142 forks source link

Can Gattacker send LTK encrypted command to a device? #18

Open jimmyzero3 opened 6 years ago

jimmyzero3 commented 6 years ago

Hi, I was trying to hack my BLE key card and I came across this great tool, but there're some questions I'd like to ask.

The key card connects to a smart phone with LTK encryption (Which I can crack with Crackle). Because the private key stored in the card regenerates every time the card is connected to a new phone, I will have to hack it without actually pairing with it.

So, the idea I came up is to spoof the real phone connected to the key card and try to get its key. I think it was possible to achieve the spoofing part of my plan with Gattacker, but the problem is they uses LTK to encrypt their communications. Is Gattacker available to send LTK encrypted packet if I know the LTK?

decidedlygray commented 4 years ago

Unfortunately, no it is not currently compatible with link layer encryption - https://github.com/securing/gattacker/wiki/FAQ#does-it-work-against-encrypted-connections