{"id":13475026,"url":"https://github.com/mikeryan/crackle","last_synced_at":"2025-04-12T23:29:19.038Z","repository":{"id":2069918,"uuid":"16268083","full_name":"mikeryan/crackle","owner":"mikeryan","description":"Crack and decrypt BLE encryption","archived":false,"fork":false,"pushed_at":"2021-08-26T08:56:39.000Z","size":572,"stargazers_count":880,"open_issues_count":6,"forks_count":127,"subscribers_count":63,"default_branch":"master","last_synced_at":"2025-04-04T02:09:15.922Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mikeryan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-01-27T03:15:35.000Z","updated_at":"2025-03-31T22:40:01.000Z","dependencies_parsed_at":"2022-08-06T12:00:32.525Z","dependency_job_id":null,"html_url":"https://github.com/mikeryan/crackle","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeryan%2Fcrackle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeryan%2Fcrackle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeryan%2Fcrackle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mikeryan%2Fcrackle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mikeryan","download_url":"https://codeload.github.com/mikeryan/crackle/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248646802,"owners_count":21139075,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T16:01:16.792Z","updated_at":"2025-04-12T23:29:19.011Z","avatar_url":"https://github.com/mikeryan.png","language":"C","funding_links":[],"categories":["Uncategorized","\u003ca id=\"de81f9dd79c219c876c1313cd97852ce\"\u003e\u003c/a\u003e破解\u0026\u0026Crack\u0026\u0026爆破\u0026\u0026BruteForce","Tools","Wireless Protocols","\u003ca id=\"73c3c9225523cbb05333246f23342846\"\u003e\u003c/a\u003e工具","\u003ca name=\"bluetooth_security_tools\"\u003e\u003c/a\u003eBluetooth Security Tools","TODO List"],"sub_categories":["Uncategorized","\u003ca id=\"f2c76d99a0b1fda124d210bd1bbc8f3f\"\u003e\u003c/a\u003eWordlist生成","Bluetooth / BLE","\u003ca id=\"53084c21ff85ffad3dd9ce445684978b\"\u003e\u003c/a\u003e未分类的","Exploit Tools","Vulnerabilities to be added soon"],"readme":"![crackle](https://raw.github.com/mikeryan/crackle/logo/crackle.png \"crackle\")\n\ncrackle cracks BLE Encryption (AKA Bluetooth Smart).\n\ncrackle exploits a flaw in the BLE pairing process that allows an\nattacker to guess or very quickly brute force the TK (Temporary Key).\nWith the TK and other data collected from the pairing process, the STK\n(Short Term Key) and later the LTK (Long Term Key) can be collected.\n\nWith the STK and LTK, all communications between the master and the\nslave can be decrypted.\n\nBefore attempting to use crackle, review the [FAQ](FAQ.md) to determine\nwhether it is the appropriate tool to use in your situation.\n\ncrackle was written by Mike Ryan \u003cmikeryan@lacklustre.net\u003e\nSee web site for more info:\n    http://lacklustre.net/projects/crackle/\n\n![Build Status](https://travis-ci.org/mikeryan/crackle.svg?branch=master \"Build Status\")\n\nTable of Contents\n=================\n\n - Modes of Operation\n    - Crack TK\n    - Decrypt with LTK\n - Running crackle\n - Sample Files\n - Frequently Asked Questions\n - See Also\n - Thanks\n\n\nModes of Operation\n==================\n\ncrackle has two major modes of operation: Crack TK and Decrypt with LTK.\n\nCrack TK\n--------\n\nThis is the default mode used when providing crackle with an input file\nusing ```-i```.\n\nIn Crack TK mode, crackle brute forces the TK used during a BLE pairing\nevent. crackle exploits the fact that the TK in Just Works(tm) and\n6-digit PIN is a value in the range [0,999999] padded to 128 bits.\n\ncrackle employs several methods to perform this brute force: a very fast\nmethod if all pairing packets are present in the input file, and a slow\nmethod if a minimum set of packets is present.\n\nTo use this mode, launch crackle with an input PCAP or PcapNG file\ncontaining one or more connections with a BLE pairing conversation.\ncrackle will analyze all connections, determine whether it is possible\nto crack a given connection, and automatically choose the best strategy\nto crack each one.\n\nIf the TK successfully cracks, crackle will derive the remaining keys\nused to encrypt the rest of the connection and will decrypt any\nencrypted packets that follow. If the LTK is exchanged (typically the\nfirst thing done after encryption is established) crackle will output\nthis value to stdout. The LTK can be used to decrypt any future\ncommunications between the two endpoints.\n\nProvide crackle with an output file using ```-o``` to create a new PCAP\nfile containing the decrypted data (in addition to the already\nunencrypted data).\n\nExample usage:\n\n    $ crackle -i input.pcap -o decrypted.pcap\n\n\nDecrypt with LTK\n----------------\n\nIn Decrypt with LTK mode, crackle uses a user-supplied LTK to decrypt\ncommunications between a master and slave. This mode is identical to the\ndecryption portion of Crack TK mode.\n\nExample usage:\n\n    $ crackle -i encrypted.pcap -o decrypted.pcap -l 81b06facd90fe7a6e9bbd9cee59736a7\n\n\nRunning Crackle\n===============\n\nCrack TK Mode\n-------------\n\nIn Crack TK mode, crackle requires a PCAP file that contains a BLE\npairing event. The best way to generate such a file is to use an\nUbertooth to capture a pairing event between a master and a slave.\n\nTo check if your PCAP file contains all the necessary packets, run\ncrackle with the -i option:\n\n    crackle -i \u003cfile.pcap\u003e\n\ncrackle will analyze each connection in the input file and output the\nresults of its analysis to stdout. If you have all the components of a\npairing conversation, the output will look like this:\n\n    Analyzing connection 0:\n      xx:xx:xx:xx:xx:xx (public) -\u003e yy:yy:yy:yy:yy:yy (public)\n      Found 13 encrypted packets\n\n      Cracking with strategy 0, 20 bits of entropy\n\n      !!!\n      TK found: 412741\n      !!!\n\n      Decrypted 12 packets\n      LTK found: 81b06facd90fe7a6e9bbd9cee59736a7\n\n    Specify an output file with -o to decrypt packets!\n\nTo decrypt all packets, add the -o option:\n\n    crackle -i \u003cfile.pcap\u003e -o \u003coutput.pcap\u003e\n\nThe output file will contain decrypted versions of all the encrypted\npackets from the original PCAP, as well as all the unencrypted packets.\nNote that CRCs are not recalculated, so the CRCs of decrypted packets\nwill be incorrect.\n\nDecrypt with LTK\n----------------\n\nIn Decrypt with LTK mode, crackle requires a PCAP file that contains at\na minimum LL_ENC_REQ and LL_ENC_RSP packets and the LTK used to encrypt\nthe communications.\n\nThe format for LTK is a 128 bit hexadecimal number with no spaces or\nseparators, most-significant octet to least-significant octet. Example:\n\n    -l 81b06facd90fe7a6e9bbd9cee59736a7\n\nTo check if your PCAP file contains all the necessary packets, run\ncrackle with -i and -l:\n\n    crackle -i \u003cfile.pcap\u003e -l \u003cltk\u003e\n\nIf you have both of the required packets, the program should produce\noutput similar to this:\n\n    Analyzing connection 0:\n      xx:xx:xx:xx:xx:xx (public) -\u003e yy:yy:yy:yy:yy:yy (public)\n      Found 9 encrypted packets\n      Decrypted 6 packets\n\n    Specify an output file with -o to decrypt packets!\n\nTo decrypt all packets, add the -o option:\n\n    crackle -i \u003cfile.pcap\u003e -o \u003cout.pcap\u003e -l \u003cltk\u003e\n\nThe output file will be produced similarly to the output file described\nabove.\n\n\nSample Files\n============\n\nThe test files included in the ```tests``` directory serve as\ninteresting input for playing with crackle. Review the README files\nincluded in each test's subdirectory.\n\nGrab some sample files for cracking with crackle. Refer to the README\ninside the tarball for more information:\n\nhttps://lacklustre.net/bluetooth/crackle-sample.tgz\n\n\nFrequently Asked Questions\n==========================\n\nWe have compiled a list of [Frequently Asked Questions](FAQ.md).\n\n\nSee Also\n========\n\n - Ubertooth: http://ubertooth.sourceforge.net/\n - libbtbb: http://libbtbb.sourceforge.net/\n - #ubertooth on irc.freenode.net\n\n\nThanks\n======\n\nMajor thanks go to Mike Ossmann and Dominic Spill from the Ubertooth\nproject. None of this would be possible without them.\n\nBig time thanks go to Mike Kershaw/dragorn of Kismet for help creating\nand working with PCAP files.\n\nThanks go to the rest of #ubertooth on irc.freenode.net.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikeryan%2Fcrackle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmikeryan%2Fcrackle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmikeryan%2Fcrackle/lists"}