Fork: 0
0xRoM / BLE_CTF_V2
Transfer to URL with SHA Find file
Newer
Older
BLE_CTF_V2 / lvl_05.py
0xRM on 14 Feb 2021 1014 bytes lvl 0 - 6 complete, useful scripts added)
Raw Blame History 
#! /usr/bin/python
import binascii
import struct
import sys, os, time
import bluepy.btle as btle
  
'''
42  0x2A   READ         find a valid write value in this pcap to use below
44  0x2C   READ WRITE   https://github.com/hackgnar/ble_ctf_infinity/blob/master/gatt_servers/pcap_write/write_sample.pcap
46  0x2E   READ WRITE   write here to goto to scoreboard

84cf61c35b2d9c92217d
'''

deviceMAC = open('ctf_mac.txt').read()  
p = btle.Peripheral(deviceMAC)
svc=p.getServiceByUUID(0x00FF)
print ("Attached to peripheral")

print("Loading level 05")
hex1 = binascii.unhexlify(str('%0*x' % (4,5)))
p.writeCharacteristic(0x30, hex1, withResponse=False)

print("Sending \"121212121222\" to 0x2c")

services=p.getServices()

hexlif2 = binascii.unhexlify("121212121222")
hexlif2 = str(hexlif2)
response = p.writeCharacteristic(0x2C, hexlif2, True)

print("Reading value")
hex1 = p.readCharacteristic(0x2C)
hex2 = binascii.b2a_hex(hex1) 
hexlif2 = str(binascii.unhexlify(hex2))
print("Flag: %s" % hexlif2)

p.disconnect()