Test out your skills using Bluetooth low energy capture the flag: BLE_CTF

Scanning

Discover MAC using hcitool:

hcitool lescan hcitool scan

Discover MAC using *bleah:

bleah

*bleah has been DEPRECATED, please use bettercap

Enumeration

Enumerate all using bleah

bleah -b 01:23:45:67:89:AB -e

Read value

gatttool -b 01:23:45:67:89:AB -a 0x002a --char-read gatttool -b 01:23:45:67:89:AB -a 0x002a --char-read|awk -F’:’ ‘{print $2}’|tr -d ‘ ‘|xxd -r -p;printf ‘

’

-a - Handle

Second line is simple bash magic to decrypt hex to ascii

Write value

gatttool -b 01:23:45:67:89:AB --char-write-req -a 0x002c -n 0102 bleah -b 01:23:45:67:89:AB -n 0x002c -d 0102 gatttool -b 01:23:45:67:89:AB --char-write-req -a 0x002c -n $(echo -n “Text”|xxd -ps)

Bruteforce value

import os

for i in range(256):

hex = format(i,”x”).zfill(2)

os.system(‘gatttool -b 01:23:45:67:89:AB --char-write-req -a 0x003c -n ‘+hex)

Subscribe to notifications

gatttool -b 01:23:45:67:89:AB --char-write-req -a 0x0040 --value=0100 --listen

0100 to get notifications

0200 for indications

0300 for both

0000 for everything off

Change MAC Address

bdaddr -i hci0 -r 11:22:33:44:55:66

Get tool at http://blog.petrilopia.net/hacking/change-your-bluetooth-device-mac-address/

If there is anything missing let me know via Twitter