Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan shows unknown state #38

Open
treble37 opened this issue Dec 19, 2024 · 0 comments
Open

Scan shows unknown state #38

treble37 opened this issue Dec 19, 2024 · 0 comments

Comments

@treble37
Copy link

treble37 commented Dec 19, 2024
edited
Loading

I have 2 Raspberry Pi 5 devices set up to experiment with a BLE MITM on a test home device. One is the "central" Pi device and the other is the "perhiperhal" PI device to run node scan on. I'm trying to get gattacker node scan to work, but I keep getting an "unknown" message. I followed the set up from a blog post (it's a little dated as it references Node 8, but the content seems reasonable). I'm really just looking for other steps I might try to troubleshoot as between some outdated Internet articles and making forked copies of various NodeJS packages to deal with dependency install issues, I'm a bit out of ideas on what to try next.

Any ideas? Booting up bluetoothctl and then issuing a scan command there yields some output of MAC addresses for various nearby Bluetooth devices, but for some reason gattacker just seems to hang on the "unknown" message. Below is my setup.

Setup

In ~/node_modules/gattacker/config.env, for the "central" Pi device where I run node ws-slave, config.env looks like (note that I use hci device id set to 1 because I started experimenting with a Kinivo Bluetooth adapter thinking that the built-in BLE adapter on the Raspberry Pi 5 might be using a version of Bluetooth not described in the various online tutorials I came across. But I had the same issues using the default Raspberry Pi 5 BLE adapter):


# HCI devices.
# ws-slave - "central" device connecting to target peripheral
# NOBLE_HCI_DEVICE_ID=0
NOBLE_HCI_DEVICE_ID=1
# "peripheral" device emulator
# BLENO_HCI_DEVICE_ID=1
# advertising interval - minimal = 20ms
# BLENO_ADVERTISING_INTERVAL=20
# ws-slave websocket address
WS_SLAVE=127.0.0.1
# path to save advertisement and characteristic files of devices
DEVICES_PATH=devices
# path to save log (dump) of all the data exchanged with device
DUMP_PATH=dump
# display websocket client messages in console
WS_DEBUG=0

In ~/node_modules/gattacker/config.env, for the "perhiperhal" Pi device where I run node ws-slave, config.env looks like:

# HCI devices.
# ws-slave - "central" device connecting to target peripheral
# NOBLE_HCI_DEVICE_ID=0
# "peripheral" device emulator
# BLENO_HCI_DEVICE_ID=1
BLENO_HCHI_DEVICE_ID=1
# advertising interval - minimal = 20ms
BLENO_ADVERTISING_INTERVAL=20
# ws-slave websocket address
# WS_SLAVE=127.0.0.1
WS_SLAVE=199.254.22.120 # sanitized address here for this github comment
# path to save advertisement and characteristic files of devices
DEVICES_PATH=devices
# path to save log (dump) of all the data exchanged with device
DUMP_PATH=dump
# display websocket client messages in console
WS_DEBUG=0

Running sudo node ws-slave on the "central" Pi yields:

GATTacker ws-slave
ws -> connection
ws -> send: {"type":"stateChange","state":"unknown"}
ws -> close
ws -> connection
ws -> send: {"type":"stateChange","state":"unknown"}

Running node scan on the "peripheral" Pi yields:

node scan
Ws-slave address: 199.254.22.120
on open
unknown
state unknown - waiting...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@treble37