forked from secdev/scapy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
bluetooth4LE.uts
110 lines (81 loc) · 3.47 KB
/
bluetooth4LE.uts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
% Regression tests for the bluetooth4LE layer
##################################
#### Bluetooth 4.0 Low Energy ####
##################################
+ BTLE tests
= Default build
a = BTLE()/BTLE_ADV()/BTLE_ADV_IND()
assert raw(a) == b'\xd6\xbe\x89\x8e\x00\x06\x00\x00\x00\x00\x00\x00Z9`'
= Basic dissection
b = BTLE(raw(a))
assert b.crc == 0x5a3960
assert b[BTLE_ADV_IND].AdvA == '00:00:00:00:00:00'
= BTLE_DATA build
a = BTLE(access_addr=0)/BTLE_DATA()/"toto"
a = BTLE(raw(a))
assert a[BTLE_DATA].len == 4
assert a[Raw].load == b"toto"
= BTLE_DATA + EIR_ShortenedLocalName
test1 = BTLE() / BTLE_ADV() / BTLE_ADV_IND() / EIR_Hdr() / EIR_ShortenedLocalName(local_name= 'wussa')
test1e = BTLE(raw(test1))
assert test1e[EIR_ShortenedLocalName].local_name == b"wussa"
= BTLE_DATA + CtrlPDU
test2 = BTLE(access_addr=1) / BTLE_DATA() / CtrlPDU(version=7)
test2e = BTLE(raw(test2))
assert test2e[CtrlPDU].version == 7
= BTLE_DATA + ATT_PrepareWriteReq
test3 = BTLE(access_addr=1) / BTLE_DATA() / L2CAP_Hdr() / ATT_Hdr() / ATT_Prepare_Write_Request(gatt_handle = 0xa, data="test")
test3e = BTLE(raw(test3))
assert test3e[ATT_Prepare_Write_Request].data == b"test"
assert test3e[ATT_Prepare_Write_Request].gatt_handle == 0xa
assert test3e[ATT_Hdr].opcode == 0x16
= BTLE layers
# a crazy packet with all classes in it!
pkt = BTLE()/BTLE_ADV()/BTLE_ADV_DIRECT_IND()/BTLE_ADV_IND()/BTLE_ADV_NONCONN_IND()/BTLE_ADV_SCAN_IND()/BTLE_CONNECT_REQ()/BTLE_DATA()/BTLE_PPI()/BTLE_SCAN_REQ()/BTLE_SCAN_RSP()
assert BTLE in pkt.layers()
assert BTLE_ADV in pkt.layers()
assert BTLE_ADV_DIRECT_IND in pkt.layers()
assert BTLE_ADV_IND in pkt.layers()
assert BTLE_ADV_NONCONN_IND in pkt.layers()
assert BTLE_ADV_SCAN_IND in pkt.layers()
assert BTLE_CONNECT_REQ in pkt.layers()
assert BTLE_DATA in pkt.layers()
assert BTLE_PPI in pkt.layers()
assert BTLE_SCAN_REQ in pkt.layers()
assert BTLE_SCAN_RSP in pkt.layers()
= BTLE_RF link
a = BTLE_RF()/BTLE()/BTLE_ADV()/BTLE_SCAN_REQ()
a.ScanA = "aa:aa:aa:aa:aa:aa"
a.AdvA = "bb:bb:bb:bb:bb:bb"
a.reference_access_address_valid = 1
a.reference_access_address = 0x8e89bed6
a.phy = 3
a.type = 5
a.noise = -90
a.signal = -75
a.rf_channel = 6
a.access_address_offenses = 10
assert raw(a) == b'\x06\xb5\xa6\n\xd6\xbe\x89\x8e\x90\xc2\xd6\xbe\x89\x8e\x03\x0c\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\x07\xb2a'
a = BTLE_RF(raw(a))
assert a.noise == -90
assert a.signal == -75
assert a.phy == 3
assert a.type == 5
assert a.reference_access_address_valid == 1
assert a[BTLE_SCAN_REQ].ScanA == "aa:aa:aa:aa:aa:aa"
+ Specific tests after issue GH#1673
= DLT_USER0 with PPI
pkt = PPI(b'\x00\x00\x18\x00\x93\x00\x00\x006u\x0c\x00\x00b\t\x00\xe1\xcf\x01\x00\xf1\xe3\x92\x00\xd6\xbe\x89\x8e@\x14M\x95P\x16\xfev\x02\x01\x1a\n\xffL\x00\x10\x05\x0b\x1c\x0e\xa86Z\xf0\x04')
assert BTLE_PPI in pkt.headers[0].payload
# We MUST NOT detect the BLTE link-layer at this point. This is intentionally
# counter to issue 1673 -- Ubertooth One emits incorrect PCAP files.
assert BTLE not in pkt
= DLT_BLUETOOTH_LE_LL with PPI
pkt = PPI(b'\x00\x00\x18\x00\xfb\x00\x00\x006u\x0c\x00\x00b\t\x00\xe1\xcf\x01\x00\xf1\xe3\x92\x00\xd6\xbe\x89\x8e@\x14M\x95P\x16\xfev\x02\x01\x1a\n\xffL\x00\x10\x05\x0b\x1c\x0e\xa86Z\xf0\x04')
assert BTLE_PPI in pkt.headers[0].payload
# Only now must we detect BTLE.
assert BTLE in pkt
= DLT_BLUETOOTH_LE_LL without PPI
pkt = BTLE_RF(b'\x00\xc6\x80\x00\xd6\xbe\x89\x8e7\x00\xd6\xbe\x89\x8e@\x14\x03g\xa6+\xcbi\x00\x01\x1a\n\xffL\x00\x12E\x03\x18y\x9e\x96\x07\xfa%')
assert BTLE_RF in pkt
assert BTLE in pkt