crackle – Crack Bluetooth Smart Encryption (BLE)


crackle is a tool to crack Bluetooth Smart Encryption (BLE), it exploits a flaw in the pairing mechanism that leaves all communications vulnerable to decryption by passive eavesdroppers.

crackle - Crack Bluetooth Smart Encryption (BLE)

crackle can guess or very quickly brute force the TK (temporary key) used in the pairing modes supported by most devices (Just Works and 6-digit PIN). With this TK, crackle can derive all further keys used during the encrypted session that immediately follows pairing.

The LTK (long-term key) is typically exchanged in this encrypted session, and it is the key used to encrypt all future communications between the master and slave. The net result: a passive eavesdropper can decrypt everything. Bluetooth Smart encryption is worthless.

Modes of Operation

Crack TK

This is the default mode used when providing crackle with an input file using -i.

In Crack TK mode, crackle brute forces the TK used during a BLE pairing event. crackle exploits the fact that the TK in Just Works(tm) and 6-digit PIN is a value in the range [0,999999] padded to 128 bits.


Decrypt with LTK

In Decrypt with LTK mode, crackle uses a user-supplied LTK to decrypt communications between a master and slave. This mode is identical to the decryption portion of Crack TK mode.

Usage

You can download crackle here:

crackle-0.1.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Networking Hacking

,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


Comments are closed.