zigbee_inject¶
Presentation¶
zigbee_inject allows to inject Zigbee frames. It allows to configure the target by channel, PanID and address (respectively the CHANNEL, TARGET_PANID and TARGET parameters), along with the execution time (TIME parameter) and the PCAP (PCAP_FILE parameter) from which to take the capture.
Compatible devices¶
Input parameters¶
Name |
Default value |
Possible values |
Description |
---|---|---|---|
INTERFACE |
rzusbstick0 |
rzusbstickX |
Interface to use |
TARGET_PANID |
<hexadecimal, 2 bytes> |
Targeted PanID |
|
CHANNEL |
13 |
<integer> |
Targeted channel |
TARGET |
<ZigBee address> |
Targeted device |
|
TIME |
20 |
<integer> |
Execution time |
PCAP_FILE |
<file path> |
Capture file |
Output parameters¶
This module doesn’t provide any output parameters.
Usage¶
Basic Usage¶
To inject a packet stream from a file, for example /tmp/capture.pcap, type the following command:
$ mirage zigbee_inject CHANNEL=12 TARGET_PANID=0x3332 PCAP_FILE=/tmp/capture.pcap
[INFO] Module zigbee_inject loaded !
[INFO] RZUSBStick: Killerbee firmware in use.
[SUCCESS] PCAP file successfully loaded (DLT : 195) !
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
^C[INFO] Mirage process terminated !
Performing a replay attack¶
You can also easily perform a replay attack by combining this module with zigbee_sniff :
$ mirage "zigbee_sniff|zigbee_inject" zigbee_sniff1.CHANNEL1=12 zigbee_sniff1.TARGET_PANID=0x3332 zigbee_sniff1.PCAP_FILE=/tmp/zigbeereplay.pcap zigbee_sniff1.TIME=5
[INFO] Module zigbee_sniff loaded !
[INFO] Module zigbee_inject loaded !
[INFO] RZUSBStick: Killerbee firmware in use.
[SUCCESS] PCAP file successfully loaded (DLT : 195) !
[PACKET] [ CH:12|RSSI:-55dBm|LKI:255/255|CRC:OK ] << Zigbee - Application Data Packet | srcAddr = 0x0000 | destAddr = 0xFFFF | destPanID = 0x3332 | data = 00000000000000fffe0000426f6e6a6f757212353d >>
[PACKET] [ CH:12|RSSI:-55dBm|LKI:255/255|CRC:OK ] << Zigbee - Application Data Packet | srcAddr = 0x0000 | destAddr = 0xFFFF | destPanID = 0x3332 | data = 0000000000000000426f6e6a6f75722028626973297031bb >>
[PACKET] [ CH:12|RSSI:-55dBm|LKI:255/255|CRC:OK ] << Zigbee - Application Data Packet | srcAddr = 0x0000 | destAddr = 0xFFFF | destPanID = 0x3332 | data = 00000000000000fffe0000426f6e6a6f7572128684 >>
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] PCAP file successfully loaded (DLT : 195) !
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
[...]