Crack & Decrypt BLE (Bluetooth) encryption

crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.
With the STK and LTK, all communications between the master and the slave can be decrypted.
crackle has two major modes of operation: Crack TK and Decrypt with LTK.

Crack TK

This is the default mode used when providing crackle with an input file using -i.
In Crack TK mode, crackle brute forces the TK used during a BLE pairing event. crackle exploits the fact that the TK in Just Works(tm) and 6-digit PIN is a value in the range [0,999999] padded to 128 bits.
crackle employs several methods to perform this brute force: a very fast method if all pairing packets are present in the input file, and a slow method if a minimum set of packets is present.

Example usage:
$ crackle -i input.pcap -o decrypted.pcap

Decrypt with LTK

In Decrypt with LTK mode, crackle uses a user-supplied LTK to decrypt communications between a master and slave. This mode is identical to the decryption portion of Crack TK mode.

Example usage:
$ crackle -i encrypted.pcap -o decrypted.pcap -l 81b06facd90fe7a6e9bbd9cee59736a7

Sample Files

The test files included in the tests directory serve as interesting input for playing with crackle. Review the README files included in each test’s subdirectory.
Grab some sample files for cracking with crackle. Refer to the README inside the tarball for more information:
Download and learn more here
Irfan Shakeel
irfan shakeel, the founder of ehacking project, he also hosts classes at eh academy. he has found many vulnerabilities in the world’s known platforms, he has been providing it security training since 2010. you might have read his articles and opinion on ibm developers, infosec institute, alienvault, eh academy and other known blogs. follow him on twitter, linkedin and quora.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...