关联漏洞
描述
Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506]
介绍
# README
Repository about the [Key Negotiation Of Bluetooth (KNOB)](https://knobattack.com/) attacks on Bluetooth BR/EDR and Bluetooth Low Energy.
## Related Work
* [From the Bluetooth Standard to Standard-Compliant 0-days](https://francozappa.github.io/talk/hwio20/talk/) [HWIO20]
* [Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy](https://francozappa.github.io/publication/knob-ble/) [TOPS20]
* [Bluetooth blues: KNOB attack explained](https://francozappa.github.io/talk/cyberwire-knob/talk/) [CyberWire19]
* [The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR](https://francozappa.github.io/publication/knob/) [SEC19]
* [BIAS: Bluetooth Impersonatoin AttackS](https://francozappa.github.io/publication/bias/) [S&P20]
## Links
* [CVE-2019-9506](https://www.kb.cert.org/vuls/id/918987/).
* [PoC to perform the KNOB attack using internalblue v0.1](https://github.com/francozappa/knob/tree/master/poc-internalblue)
* [Code to validate and brute force E0 encryption keys](https://github.com/francozappa/knob/tree/master/e0)
* [How to patch the Linux kernel to perform the KNOB attack on BLE ](https://github.com/francozappa/knob/tree/master/ble)
* [Wireshark files](https://github.com/francozappa/knob/tree/master/wireshark)
文件快照
[4.0K] /data/pocs/192b9c5e4a72f74de2220afee216a08314b8db30
├── [4.0K] ble
│ └── [ 707] README.md
├── [4.0K] e0
│ ├── [8.6K] bf.py
│ ├── [5.6K] bf_tests.py
│ ├── [172K] BitVector.py
│ ├── [2.9K] constants.py
│ ├── [3.7K] cts.py
│ ├── [ 38K] e0
│ ├── [ 538] e1.py
│ ├── [8.0K] e1_tests.py
│ ├── [ 523] e3.py
│ ├── [ 16K] e3_tests.py
│ ├── [2.4K] es.py
│ ├── [ 13K] es_tests.py
│ ├── [ 16K] h.py
│ ├── [ 0] h_tests.py
│ ├── [ 288] Makefile
│ └── [1.3K] README.md
├── [1.0K] LICENSE
├── [4.0K] poc-internalblue
│ ├── [4.0K] internalblue
│ │ ├── [4.0K] android_bluetooth_stack
│ │ │ ├── [4.0K] nexus5_android6_0_1
│ │ │ │ └── [1.3M] bluetooth.default.so
│ │ │ ├── [4.0K] nexus5_lineageos14.1
│ │ │ │ └── [1.4M] bluetooth.default.so
│ │ │ ├── [4.0K] nexus6p_android6_0_1
│ │ │ │ └── [1.3M] bluetooth.default.so
│ │ │ ├── [4.0K] nexus6p_android7_1_2
│ │ │ │ └── [1.2M] bluetooth.default.so
│ │ │ └── [5.2K] README.md
│ │ ├── [4.0K] examples
│ │ │ ├── [4.6K] bla.py
│ │ │ └── [3.4K] CVE_2018_5383_Invalid_Curve_Attack_PoC.py
│ │ ├── [4.0K] internalblue
│ │ │ ├── [4.3K] cli.py
│ │ │ ├── [ 47K] cmds.py
│ │ │ ├── [ 56K] core.py
│ │ │ ├── [3.3K] crypto.py
│ │ │ ├── [6.9K] fw_5_constants.py
│ │ │ ├── [9.5K] fw_5_master_mitm.py
│ │ │ ├── [8.9K] fw_5.py
│ │ │ ├── [ 15K] fw_5.py.bak
│ │ │ ├── [9.1K] fw_5_slave_mitm.py
│ │ │ ├── [ 16K] fw_6p.py
│ │ │ ├── [ 25K] hci.py
│ │ │ └── [ 1] __init__.py
│ │ ├── [3.8K] README.md
│ │ ├── [ 33] requirements.txt
│ │ └── [ 618] setup.py
│ ├── [3.2K] README.md
│ └── [8.6K] sample-nexmaster-galaxys9slave.pcapng
├── [1.3K] README.md
└── [4.0K] wireshark
├── [4.0K] coloring-rules
│ └── [2.2K] lmp
├── [4.0K] lmp_wireshark_dissector
│ ├── [ 44] AUTHORS
│ ├── [4.0K] cmake
│ │ ├── [1.3K] COPYING
│ │ ├── [1.5K] COPYING-CMAKE-SCRIPTS
│ │ ├── [6.4K] FindGLIB2.cmake
│ │ ├── [1.0K] FindWireshark.cmake
│ │ ├── [1.9K] LocatePythonModule.cmake
│ │ └── [ 452] UseMakePluginReg.cmake
│ ├── [2.1K] CMakeLists.txt
│ ├── [ 18K] COPYING
│ ├── [ 285] moduleinfo.h
│ ├── [ 16K] packet-btbb.c
│ ├── [100K] packet-btbrlmp.c
│ ├── [1.0K] plugin.rc.in
│ ├── [1.0K] README.md
│ └── [4.0K] tools
│ └── [5.3K] make-plugin-reg.py
└── [ 412] README.md
16 directories, 60 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。