Fork: 0
0xRoM / BLE_CTF_V2
Transfer to URL with SHA Find file
Newer
Older
BLE_CTF_V2 / level_04.py
0xRM on 14 Feb 2021 1 KB lvl 0 - 6 complete, useful scripts added)
Raw Blame History 
#! /usr/bin/python
import binascii
import struct
import sys, os, time
import bluepy.btle as btle
  
'''
42  0x2A   READ         Handle 0x002C takes value AABBCCDDEEFF. Fuzz a varient of this to find the flag!
44  0x2C   NOTIFY WRITE 
46  0x2E   READ WRITE   write here to goto to scoreboard
'''

deviceMAC = open('ctf_mac.txt').read()  
p = btle.Peripheral(deviceMAC)
svc=p.getServiceByUUID(0x00FF)
print ("Attached to peripheral")

print("Loading level 04")
hex1 = binascii.unhexlify(str('%0*x' % (4,2)))
p.writeCharacteristic(0x30, hex1, withResponse=False)

password = "AABBCCDDEEFF"

sys.stdout.write("\rTrying: %s                                          " % password.rstrip())
response = p.writeCharacteristic(0x2C, password.rstrip(), withResponse=True)
while True:
  if p.waitForNotifications(1.0):
    # handleNotification() was called
    continue
    print "Waiting..."    
     
    #hex1 = p.readCharacteristic(0x2C)
    #hex2 = binascii.b2a_hex(hex1) 
    #hexlif2 = str(binascii.unhexlify(hex2))        
            
class MyDelegate(btle.DefaultDelegate):
  def __init__(self, params):
    btle.DefaultDelegate.__init__(self)
    # ... initialise here

  def handleNotification(self, cHandle, data):
    # ... perhaps check cHandle
    # ... process 'data'
    print("Data: "+data)

p.disconnect()