esb_inject =========== Presentation ------------ **esb_inject** allows to inject Enhanced ShockBurst frames. It works with a `RFStorm Device `_. It imports the frames stored in a PCAP file (provided as *PCAP_FILE* parameter) and uses the provided interface to inject them. You have to provide a target using the *TARGET* parameter. If no target is provided (or the value provided is *"FF:FF:FF:FF:FF"*), every frame contained in the PCAP file are transmitted. Else, only the frames corresponding to the provided target will be transmitted. You can choose the injection channel thanks to the *CHANNEL* parameter. You can provide multiple values : * **auto**: an active scan is performed in order to find the target * **X**: the channel X is used Compatible devices ------------------ * `RFStorm Device `_ * `PCAP Files `_ Input parameters ----------------- +----------------------------------------+---------------------------------------+-------------------------------------------------------------+-------------------------------------------------------------------------------------------+ | Name | Default value | Possible values | Description | +========================================+=======================================+=============================================================+===========================================================================================+ | INTERFACE | rfstorm0 | rfstormX | Interface to use | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+-------------------------------------------------------------------------------------------+ | TARGET | | | Address of the target device | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+-------------------------------------------------------------------------------------------+ | CHANNEL | auto | auto\| | Injection channel | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+-------------------------------------------------------------------------------------------+ | PCAP_FILE | | | PCAP file | +----------------------------------------+---------------------------------------+-------------------------------------------------------------+-------------------------------------------------------------------------------------------+ Output parameters ------------------ This module doesn't provide any output parameters. Usage ------ Basic Usage ^^^^^^^^^^^^ If you want to inject frames to a specific target, you have to provide the *TARGET* parameter: :: $ mirage esb_inject TARGET=E8:46:F9:2F:A4 PCAP_FILE=/tmp/replay.pcap [INFO] Module esb_inject loaded ! [SUCCESS] PCAP file successfully loaded (DLT : 148) ! [INFO] Sniffing mode enabled ! [INFO] Looking for an active channel for E8:46:F9:2F:A4... [SUCCESS] Channel found: 17 [INFO] Extracting packet stream from PCAP ... [SUCCESS] Packet stream successfully extracted ! [INFO] Injecting ... [SUCCESS] Injection done ! [INFO] Mirage process terminated ! If you don't provide the *TARGET* parameter, every frame contained in the PCAP file will be transmitted: :: $ mirage esb_inject PCAP_FILE=/tmp/replay.pcap [INFO] Module esb_inject loaded ! [SUCCESS] PCAP file successfully loaded (DLT : 148) ! [INFO] Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted. [INFO] Looking for an active channel for FF:FF:FF:FF:FF... [SUCCESS] Channel found: 12 [INFO] Extracting packet stream from PCAP ... [SUCCESS] Packet stream successfully extracted ! [INFO] Injecting ... [SUCCESS] Injection done ! [INFO] Mirage process terminated ! You can select a specific channel thanks to the *CHANNEL* parameter : :: $ mirage esb_inject TARGET=E8:46:F9:2F:A4 PCAP_FILE=/tmp/replay.pcap CHANNEL=12 [INFO] Module esb_inject loaded ! [SUCCESS] PCAP file successfully loaded (DLT : 148) ! [INFO] Sniffing mode enabled ! [INFO] Extracting packet stream from PCAP ... [SUCCESS] Packet stream successfully extracted ! [INFO] Injecting ... [SUCCESS] Injection done ! [INFO] Mirage process terminated ! Performing a replay attack ^^^^^^^^^^^^^^^^^^^^^^^^^^^ This module can be combined with `esb_sniff `_ in order to perform a replay attack: :: $ mirage "esb_sniff|esb_inject" esb_sniff1.TARGET=E8:46:F9:2F:A4 esb_sniff1.TIME=5 esb_sniff1.PCAP_FILE=/tmp/replay.pcap [INFO] Module esb_sniff loaded ! [INFO] Module esb_inject loaded ! [INFO] Sniffing mode enabled ! [SUCCESS] PCAP file successfully loaded (DLT : 148) ! [INFO] Channels: 0-99 [INFO] Looking for an active channel for E8:46:F9:2F:A4... [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-8 | y=3 >> [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-8 | y=3 >> [SUCCESS] Channel found: 8 [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-7 | y=1 >> [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-7 | y=1 >> [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-5 | y=2 >> [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-5 | y=2 >> [...] [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=255 | y=0 >> [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-3 | y=3 >> [PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-3 | y=3 >> [INFO] Sniffing mode enabled ! [INFO] Extracting packet stream from PCAP ... [SUCCESS] PCAP file successfully loaded (DLT : 148) ! [SUCCESS] Packet stream successfully extracted ! [INFO] Injecting ... [SUCCESS] Injection done ! [INFO] Mirage process terminated !