zigbee_inject

Presentation

zigbee_inject allows to inject Zigbee frames. It allows to configure the target by channel, PanID and address (respectively the CHANNEL, TARGET_PANID and TARGET parameters), along with the execution time (TIME parameter) and the PCAP (PCAP_FILE parameter) from which to take the capture.

Compatible devices

Input parameters

Name

Default value

Possible values

Description

INTERFACE

rzusbstick0

rzusbstickX

Interface to use

TARGET_PANID

<hexadecimal, 2 bytes>

Targeted PanID

CHANNEL

13

<integer>

Targeted channel

TARGET

<ZigBee address>

Targeted device

TIME

20

<integer>

Execution time

PCAP_FILE

<file path>

Capture file

Output parameters

This module doesn’t provide any output parameters.

Usage

Basic Usage

To inject a packet stream from a file, for example /tmp/capture.pcap, type the following command:

$ mirage zigbee_inject CHANNEL=12 TARGET_PANID=0x3332 PCAP_FILE=/tmp/capture.pcap
[INFO] Module zigbee_inject loaded !
[INFO] RZUSBStick: Killerbee firmware in use.
[SUCCESS] PCAP file successfully loaded (DLT : 195) !
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
^C[INFO] Mirage process terminated !

Performing a replay attack

You can also easily perform a replay attack by combining this module with zigbee_sniff :

$ mirage "zigbee_sniff|zigbee_inject" zigbee_sniff1.CHANNEL1=12 zigbee_sniff1.TARGET_PANID=0x3332 zigbee_sniff1.PCAP_FILE=/tmp/zigbeereplay.pcap zigbee_sniff1.TIME=5
[INFO] Module zigbee_sniff loaded !
[INFO] Module zigbee_inject loaded !
[INFO] RZUSBStick: Killerbee firmware in use.
[SUCCESS] PCAP file successfully loaded (DLT : 195) !
[PACKET] [ CH:12|RSSI:-55dBm|LKI:255/255|CRC:OK ] << Zigbee - Application Data Packet | srcAddr = 0x0000 | destAddr = 0xFFFF | destPanID = 0x3332 | data = 00000000000000fffe0000426f6e6a6f757212353d >>
[PACKET] [ CH:12|RSSI:-55dBm|LKI:255/255|CRC:OK ] << Zigbee - Application Data Packet | srcAddr = 0x0000 | destAddr = 0xFFFF | destPanID = 0x3332 | data = 0000000000000000426f6e6a6f75722028626973297031bb >>
[PACKET] [ CH:12|RSSI:-55dBm|LKI:255/255|CRC:OK ] << Zigbee - Application Data Packet | srcAddr = 0x0000 | destAddr = 0xFFFF | destPanID = 0x3332 | data = 00000000000000fffe0000426f6e6a6f7572128684 >>
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] PCAP file successfully loaded (DLT : 195) !
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
[...]