KillerBee

Description

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. Using this tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the its framework, you can build your own tools, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more.



ZBASSOCFLOOD

KillerBee  – Repeatedly associate to the target PANID in an effort to cause the device to crash from too many connected stations.

Syntax

zbassocflood [-pcDis] [-i devnumstring] [-p PANID] [-c channel]
                        [-s per-packet delay/float]


ZBCONVERT

KillerBee  – Convert a packet capture from Libpcap to Daintree SNA format, or vice-versa.

Syntax

zbconvert [-n] [-i input] [-o output] [-c count]


ZBDSNIFF

KillerBee  – Captures ZigBee traffic, looking for NWK frames and over-the-air key provisioning. When a key is found, zbdsniff prints the key to stdout. The sample packet capture sample/zigbee-network-key-ota.dcf can be used to demonstrate this functionality.

Syntax

zbdsniff [capturefiles ...]


ZBDUMP

KillerBee  – A tcpdump-like took to capture IEEE 802.15.4 frames to a libpcap or Daintree SNA packet capture file. Does not display real-time stats like tcpdump when not writing to a file.

Syntax

zbdump [-fiwDch] [-f channel] [-w pcapfile] [-W daintreefile]
         [-i devnumstring]


ZBGOODFIND

KillerBee  – Implements a key search function using an encrypted packet capture and memory dump from a legitimate ZigBee or IEEE 802.15.4 device. This tool accompanies Travis Goodspeed’s GoodFET hardware attack tool, or other binary data that could contain encryption key information such as bus sniffing with legacy chips (such as the CC2420). Zbgoodfind’s search file must be in binary format (obj hexfile’s are not supported). To convert from the hexfile format to a binary file, use the objcopy tool: objcopy -I ihex -O binary mem.hex mem.bin

Syntax

zbgoodfind [-frRFd] [-f binary file] [-r pcapfile] [-R daintreefile]
         [-F Don't skip 2-byte FCS at end of each frame]
         [-d genenerate binary file (test mode)]


ZBREPLAY

Implements a replay attack, reading from a specified Daintree DCF or libpcap packet capture file, retransmitting the frames. ACK frames are not retransmitted.

Syntax

 zbreplay [-rRfiDch] [-f channel] [-r pcapfile] [-R daintreefile]
         [-i devnumstring] [-s delay/float] [-c countpackets]


ZBSTUMBLER

Active ZigBee and IEEE 802.15.4 network discovery tool. Zbstumbler sends beacon request frames out while channel hopping, recording and displaying summarized information about discovered devices. Can also log results to a CSV file.

Syntax

zbstumbler [-iscwD] [-i devnumstring] [-s per-channel delay] [-c channel]
                          [-w report.csv]
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?