{"id":13464473,"url":"https://github.com/hexway/apple_bleee","last_synced_at":"2026-02-26T11:50:59.771Z","repository":{"id":39633300,"uuid":"198788481","full_name":"hexway/apple_bleee","owner":"hexway","description":"Apple BLE research","archived":false,"fork":false,"pushed_at":"2023-10-05T05:35:30.000Z","size":23289,"stargazers_count":2119,"open_issues_count":26,"forks_count":306,"subscribers_count":69,"default_branch":"master","last_synced_at":"2025-03-25T11:39:46.372Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hexway.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-07-25T08:16:28.000Z","updated_at":"2025-03-24T22:24:50.000Z","dependencies_parsed_at":"2024-01-15T13:36:02.183Z","dependency_job_id":null,"html_url":"https://github.com/hexway/apple_bleee","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/hexway/apple_bleee","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexway%2Fapple_bleee","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexway%2Fapple_bleee/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexway%2Fapple_bleee/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexway%2Fapple_bleee/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hexway","download_url":"https://codeload.github.com/hexway/apple_bleee/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexway%2Fapple_bleee/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29858451,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-26T08:51:08.701Z","status":"ssl_error","status_checked_at":"2026-02-26T08:50:19.607Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T14:00:43.914Z","updated_at":"2026-02-26T11:50:59.726Z","avatar_url":"https://github.com/hexway.png","language":"Python","readme":"# Apple bleee\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://github.com/hexway/apple_bleee/blob/master/img/logo.jpg\" height=\"350\"\u003e\n\u003c/p\u003e\n\n## Disclaimer\nThese scripts are experimental PoCs that show what an attacker get from Apple devices if they sniff Bluetooth traffic.\n\n***This project is created only for educational purposes and cannot be used for law violation or personal gain.\u003cbr/\u003eThe author of this project is not responsible for any possible harm caused by the materials of this project***\n\n\n## Requirements\nTo use these scripts you will need a Bluetooth adapter for sending `BLE` messages and WiFi card supporting active monitor mode with frame injection for communication using `AWDL` (AirDrop). We recommend the Atheros AR9280 chip (IEEE 802.11n) we used to develop and test this code.\nWe have tested these PoCs on **Kali Linux**\n\n\n## Installation\n\n```\n# clone main repo\ngit clone https://github.com/hexway/apple_bleee.git \u0026\u0026 cd ./apple_bleee\n# install dependencies\nsudo apt update \u0026\u0026 sudo apt install -y bluez libpcap-dev libev-dev libnl-3-dev libnl-genl-3-dev libnl-route-3-dev cmake libbluetooth-dev\nsudo pip3 install -r requirements.txt\n# clone and install owl for AWDL interface\ngit clone https://github.com/seemoo-lab/owl.git \u0026\u0026 cd ./owl \u0026\u0026 git submodule update --init \u0026\u0026 mkdir build \u0026\u0026 cd build \u0026\u0026 cmake .. \u0026\u0026 make \u0026\u0026 sudo make install \u0026\u0026 cd ../..\n```\n\n## How to use\n\nBefore using the tool, check that your Bluetooth adapter is connected\n\n```\nhcitool dev\nDevices:\n hci0 00:1A:7D:DA:71:13\n```\n\n\n### Script: [ble_read_state.py](https://github.com/hexway/apple_bleee/blob/master/ble_read_state.py)\n\nThis script sniffs `BLE` traffic and displays status messages from Apple devices.\nMoreover, the tool detects requests for password sharing from Apple devices. In these packets, we can get first 3 bytes of sha256(phone_number) and could try to guess the original phone number using prepared tables with phone hash values.\n\n![dev_status](img/dev_status.png)\n\n```bash\npython3 ble_read_state.py -h\nusage: ble_read_state.py [-h] [-c] [-n] [-r] [-l] [-s] [-m] [-a] [-t TTL]\n\nApple bleee. Apple device sniffer\n---chipik\n\noptional arguments:\n -h, --help show this help message and exit\n -c, --check_hash Get phone number by hash\n -n, --check_phone Get user info by phone number (TrueCaller/etc)\n -r, --check_region Get phone number region info\n -l, --check_hlr Get phone number info by HLR request (hlrlookup.com)\n -s, --ssid Get SSID from requests\n -m, --message Send iMessage to the victim\n -a, --airdrop Get info from AWDL\n -t TTL, --ttl TTL ttl\n```\n\nFor monitoring you can just run the script without any parameters\n\n```bash\nsudo python3 ble_read_state.py\n```\n\npress `Ctrl+q` to exit\n\nIf you want to get phone numbers from a WiFi password request, you have to prepare the hashtable (please find scripts below), setup a web server and specify `base_url` inside this script and run it with `-c` parameter\n\n```bash\nsudo python3 ble_read_state.py -с\n```\n\n**Video demo (click):**\n\n[![airdrop_demo](img/status_gif.gif)](https://www.youtube.com/watch?v=Bi602yAIBAw)\n\n### Script: [airdrop_leak.py](https://github.com/hexway/apple_bleee/blob/master/airdrop_leak.py)\n\nThis script allows to get mobile phone number of any user who will try to send file via AirDrop\n\nFor this script, we'll need `AWDL` interface:\n```bash\n# set wifi card to monitor mode and run owl\nsudo iwconfig wlan0 mode monitor \u0026\u0026 sudo ip link set wlan0 up \u0026\u0026 sudo owl -i wlan0 -N \u0026\n```\n\nNow, you can run the script\n\n```bash\npython3 airdrop_leak.py -h\nusage: airdrop_leak.py [-h] [-c] [-n] [-m]\n\nApple AirDrop phone number catcher\n---chipik\n\noptional arguments:\n -h, --help show this help message and exit\n -c, --check_hash Get phone number by hash\n -n, --check_phone Get user info by phone number (TrueCaller/etc)\n -m, --message Send iMessage to the victim\n```\n\nWith no params, the script just displays phone hash and ipv6 address of the sender\n\n```bash\nsudo python3 airdrop_leak.py\n```\n\n**Video demo (click):**\n\n[![airdrop_demo](img/airdrop_gif.gif)](https://www.youtube.com/watch?v=mREIeH_s3z8)\n\n### Script: [adv_wifi.py](https://github.com/hexway/apple_bleee/blob/master/adv_wifi.py)\n\nThis script sends `BLE` messages with WiFi password sharing request. This PoC shows that an attacker can trigger a pop up message on the target device if he/she knows any phone/email that exists on the victim's device\n\n```bash\npython3 adv_wifi.py -h\nusage: adv_wifi.py [-h] [-p PHONE] [-e EMAIL] [-a APPLEID] -s SSID\n [-i INTERVAL]\n\nWiFi password sharing spoofing PoC\n---chipik\n\noptional arguments:\n -h, --help show this help message and exit\n -p PHONE, --phone PHONE\n Phone number (example: 39217XXX514)\n -e EMAIL, --email EMAIL\n Email address (example: test@test.com)\n -a APPLEID, --appleid APPLEID\n Email address (example: test@icloud.com)\n -s SSID, --ssid SSID WiFi SSID (example: test)\n -i INTERVAL, --interval INTERVAL\n Advertising interval\n```\n\nFor a WiFi password request, we'll need to specify any contact (email/phone) that exists in a victim's contacts and the SSID of a WiFi network the victim knows\n\n```bash\nsudo python3 adv_wifi.py -e pr@hexway.io -s hexway\n```\n\n**Video demo (click):**\n\n[![share_wifi_demo](img/share_wifi_pwd2_gif.gif)](https://www.youtube.com/watch?v=QkGCP2mfbJ8)\n\n### Script: [adv_airpods.py](https://github.com/hexway/apple_bleee/blob/master/adv_airpods.py)\n\nThis script mimics AirPods by sending `BLE` messages\n\n```bash\npython3 adv_airpods.py -h\nusage: adv_airpods.py [-h] [-i INTERVAL] [-r]\n\nAirPods advertise spoofing PoC\n---chipik\n\noptional arguments:\n -h, --help show this help message and exit\n -i INTERVAL, --interval INTERVAL\n Advertising interval\n -r, --random Send random charge values\n```\n\nLet's send `BLE` messages with random charge values for headphones\n\n```bash\nsudo python3 adv_airpods.py -r\n```\n\n**Video demo (click):**\n\n[![airdrop_demo](img/airpods_gif.gif)](https://www.youtube.com/watch?v=HoSuLUtrkXo)\n\n### Script: [hash2phone](https://github.com/hexway/apple_bleee/blob/master/hash2phone/)\n\nYou can use this script to create pre-calculated table with mobile phone numbers hashes\u003cbr\u003e\nPlease find details [here](/hash2phone)\n\n## Contacts\n\n[https://hexway.io](https://hexway.io)\u003cbr\u003e\n[@_hexway](https://twitter.com/_hexway)\n","funding_links":[],"categories":["Python","Wireless Protocols"],"sub_categories":["Bluetooth / BLE"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhexway%2Fapple_bleee","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhexway%2Fapple_bleee","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhexway%2Fapple_bleee/lists"}