This repo contains the work i have done to make a script that performs an attack similar to what gattacker does. The file ble_scan.py scans for nearby ble devices(in this case, a ble bulb) and stores its MAC address, its name and its rssi to a text file. After the MAC address has been obtained, run the save-chara.py, where it will ask you the MAC address of the BLE device. Once you've provided the MAC addresss, the script will then attempt to make a connection with the BLE device and extract all of its services and characteristics, and saves it to a JSON file.
spoofing the peripheral does not work entirely for some reason. I spent a lot of time trying to get bluez to advertise the GATT profile, but the services and characteristics i defined were not showing up in a BLE exploration tool(nRF Connect). The device name would show up, but the services and characteristics were not showing up the way I defined it to. At one point, I tried to use Bleno to emulate the peripheral device, but could not get it to work. To install it, I had to downgrade NodeJS to v8.9.0, and the installation was done. I tried writing a test script by just importing Bleno, but when i tried to run it, it said that the bluetooth-hci-socket was missing, so i tried to install that. That's when more errors in installation came. Tried googling the error codes, and found out that it could be fixed by using @abandonware/node-bluetooth-hci-socket. I replaced it in the Packages.JSON file, but for some reason, i could not execute my test code. I'm still working on it by trying different tools to do this. As i was looking for options for resolving the issue i am facing, i came across this: bluez/bluez#821 where others are facing the same issue as well. The thread was opened 2 weeks ago, and it has not yet resolved. Please for the love of god im trying my best to get this finished as soon as possible i spent so much time searching for documents, other people who have even the tiniest bit of information that will help me finish this please please please
this can be done by running the ble-colour-change.py, where it will connect to the BLE bulb, and it will ask you for the RGBW values. Input the values and the colour will change to what was entered. Changing the colour on the actual BLE bulb does not require you to write a custom code at all; you can use an app called nRF Connect to scan for the bulb, then connect to it and write the RGBW values directly to a the characteristic FFE9. The colour changing script that i wrote eliminates the process of you having to navigate through the app and finding that characteristic to write through. It asks you the RGBW values that you want, and it appends the value you gave to some other hex values stored as string so that after appending, it looks like the actual message you have to send in order to change the colour(Check out the code to see what is being done to make it work). It just works.
I will change the code so that it operates similar to how gattacker operates; with a peripheral side and a central side with those two using websockets to relay information. The peripheral side will be made into one script that upon execution will scan for LE adverts, show the user the amount of devices, and prompt the user to select one to capture. Then at the central side, the peripheral spoofing code(upon completion) along with the other necessary codes will be made into one script, which upon execution connect to the peripheral side and get the data to spoof using websockets to transfer the data. After the data reaches the central side, the script will spoof peripheral with the data that was just received, and trick a central device into thinking that it is the actual peripheral device. The central device then transfers data which can then be either relayed over to the actual peripheral device or can be manipulated. This in theory sounds very easy to accomplish, but the actual developing part is what erases the will to live from me.