{"id":21743943,"url":"https://github.com/telefonica/airdrop-crazy","last_synced_at":"2026-01-27T06:31:31.350Z","repository":{"id":66221843,"uuid":"218270613","full_name":"Telefonica/Airdrop-Crazy","owner":"Telefonica","description":"Airdrop Crazy","archived":false,"fork":false,"pushed_at":"2020-05-15T09:10:41.000Z","size":28433,"stargazers_count":57,"open_issues_count":2,"forks_count":6,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-30T03:36:23.515Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Telefonica.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-29T11:24:45.000Z","updated_at":"2025-02-09T20:25:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"f1c7f32b-9861-4d68-ae5c-894c216d55b1","html_url":"https://github.com/Telefonica/Airdrop-Crazy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Telefonica/Airdrop-Crazy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FAirdrop-Crazy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FAirdrop-Crazy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FAirdrop-Crazy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FAirdrop-Crazy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Telefonica","download_url":"https://codeload.github.com/Telefonica/Airdrop-Crazy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FAirdrop-Crazy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28806294,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T06:25:51.065Z","status":"ssl_error","status_checked_at":"2026-01-27T06:25:50.640Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-26T07:09:29.282Z","updated_at":"2026-01-27T06:31:31.337Z","avatar_url":"https://github.com/Telefonica.png","language":"Python","readme":"# Airdrop Crazy\n[![Python Version][python-image]][python-url]\n[![License][license-image]][license-url]\n\n## Disclaimer\nThese scripts are experimental PoCs that show what an attacker get from Apple devices if they sniff Bluetooth traffic.\n\n***This project is created only for educational purposes and cannot be used for law violation or personal gain.\u003cbr/\u003eThe author of this project is not responsible for any possible harm caused by the materials of this project***\n\nThis project is a hard fork of the project created by the Hexway team called [Apple bleee](https://github.com/hexway/apple_bleee) \n\n\n## Requirements \nI have adapted those scripts deleting all the function that was not available and refactoring the scripts in order to use a more Pythonic and modern way to organize the code. Please read carefully the [OWL](https://github.com/seemoo-lab/owl) and [Opendrop](https://github.com/seemoo-lab/opendrop) documentation in order to understand what's going on underneath these scripts.\nAlso, you need for the airdrop part an **Active Monitor Network Card** as the Authors said, the **Atheros AR9280** should work but you can use the **TP-LINK Archer T2U/T1U** if you want a usb card.\nWe have tested the tool with Ubuntu 18.03 and Linux 5+ Kernel due to the TP-Link Archer requieremnets\n\n## Installation\n\n```\n# clone main repo\ngit clone https://github.com/ElevenPaths/Airdrop-Crazy \u0026\u0026 cd ./airdrop_crazy\nsudo ./install.sh [NGROK_AUTH_TOKEN] [IFACE]\n```\n\n**To change the wireless interface, bluetooth interface or channel just go to airdropcrazy/src/__init__.py**\n\n### Raspberry\n\n* Donwload this version of raspbian Buster: http://downloads.raspberrypi.org/raspbian/images/raspbian-2019-09-30/\n* Download the firmware for the mediatech card TP-Link T2U: http://anduin.linuxfromscratch.org/sources/linux-firmware/mediatek/mt7610u.bin \n* Copy the ``mt7610u.bin``firmawre to the raspberry path ``/lib/firmware/mediatek``\n* Run ``sudo modprobe -r mt76x0`` and then ``sudo modprobe mt76x0``\n\n## How to use\n\nBefore using the tool, check that your Bluetooth adapter is connected\n\n```\nhcitool dev\nDevices:\n    hci0    XX:XX:XX:XX:XX:XX\n```\nThen make sure you have downloaded **owl** and you have a compatible network card that supports active framing.\n\nThere are two main ways to use the tool:\n\n* **Server mode**: Follow the instructions to run the tool with the app and local server\n* **CLI Scripts**: Run the scripts local with the cli\n\n\n### Server Mode\nIn this mode, you need the companion iOS app to display the information, these are all the requirements:\n\n* [Ngrok](https://ngrok.com): To expose the local server to the app, just follow the instructions in the webpage.\n* [XCode](https://developer.apple.com/xcode/): To compile the SwiftUI project.\n\nFirst you need to select the wirless interface in `airdrop_crazy/src/views.py`, in the code line `airdrop_leak = AirdropLeak(iface=\"\")`\nThen you need to \n\nNow you just need to run the local server with ```bash bootstrap.sh``` or ```python3 app.py```.\n\nAnd then scan the qr generated with the app.\n\n![server](img/server.png)\n\n\n### CLI: ble_read_script.py\n\nThis script sniffs `BLE` traffic and displays status messages from Apple devices.\nMoreover, the tool detects requests for password sharing from Apple devices. In these packets, we can get first 3 bytes of sha256(phone_number) and could try to guess the original phone number using prepared tables with phone hash values.\n\n![dev_status](img/dev_status.png)\n\n```bash\npython3 ble_read_state.py -h\nusage: ble_read_state.py [-h] [-t TTL] [-b BLE_IFACE] [-w W_IFACE] [-s] [-a]\n\nApple bleee. Apple device sniffer\n---chipik\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -t TTL, --ttl TTL     Time To Live\n  -b BLE_IFACE, --ble_iface BLE_IFACE\n                        Bluetooth inteface\n  -w W_IFACE, --w_iface W_IFACE\n                        Wireless Interface\n  -s, --ssid            Get SSID from request\n  -a, --airdrop         Get info from AWDL airdrop\n  -d, --debug           Debug mode\n\n```\n\nFor monitoring you can just run the script without any parameters\n\n```bash\nsudo python3 ble_read_state.py\n```\n\npress `Ctrl+q` to exit\n\n\n\n### CLI: airdrop_leak.py\n\nThis script allows to get mobile phone number of any user who will try to send file via AirDrop\n\nFor this script, we'll need `AWDL` interface. **Never use owl with the -N flag as it could lead into problems, always check if you have active monitor mode**\n\nNow, you can run the script\n\n```bash\npython3 airdrop_leak.py -h\nusage: airdrop_leak.py [-h] [-n NAME] [-i IFACE] [-p PHONE] [-m MAIL]\n\n    AirPods advertise spoofing PoC\n    ---chipik\n    \n\noptional arguments:\n  -h, --help            show this help message and exit\n  -n NAME, --name NAME  Name of the interface\n  -i IFACE, --iface IFACE\n                        Wireless inteface\n  -p PHONE, --phone PHONE\n                        phone\n  -m MAIL, --mail MAIL  mail\n```\n\nWith no params, the script just displays phone hash and ipv6 address of the sender\n\n```bash\nsudo python3 airdrop_leak.py\n```\n\n### CLI: adv_wifi.py\n\n\nThis script sends `BLE` messages with WiFi password sharing request. This PoC shows that an attacker can trigger a pop up message on the target device if he/she knows any phone/email that exists on the victim's device\n\n```bash\npython3 adv_wifi.py -h\nusage: adv_wifi.py [-h] [-p PHONE] [-e EMAIL] [-a APPLEID] -s SSID\n                   [-i INTERVAL]\n\nWiFi password sharing spoofing PoC\n---chipik\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -p PHONE, --phone PHONE\n                        Phone number (example: 39217XXX514)\n  -e EMAIL, --email EMAIL\n                        Email address (example: test@test.com)\n  -a APPLEID, --appleid APPLEID\n                        Email address (example: test@icloud.com)\n  -s SSID, --ssid SSID  WiFi SSID (example: test)\n  -i INTERVAL, --interval INTERVAL\n                        Advertising interval\n```\n\nFor a WiFi password request, we'll need to specify any contact (email/phone) that exists in a victim's contacts and the SSID of a WiFi network the victim knows\n\n```bash\nsudo python3 adv_wifi.py -e pr@hexway.io -s hexway\n```\n\n### CLI: adv_airpods.py\n\nThis script mimics AirPods by sending `BLE` messages\n\n```bash\npython3 adv_airpods.py -h\nusage: adv_airpods.py [-h] [-i INTERVAL] [-r] [-b BLE_IFACE]\n\n    AirPods advertise spoofing PoC\n    ---chipik\n    \n\noptional arguments:\n  -h, --help            show this help message and exit\n  -i INTERVAL, --interval INTERVAL\n                        Advertising interval\n  -r, --random          Send random charge values\n  -b BLE_IFACE, --ble_iface BLE_IFACE\n                        Bluetooth inteface\n```\n\nLet's send `BLE` messages with random charge values for headphones\n\n```bash\nsudo python3 adv_airpods.py -r\n```\n\n\n\n### Api phone\n\nThis service allows to build a service to request the hashed phones, just update the generate_number/generate_hashes functions in views.py to adapt to your phone number requirements.\n\n## Troubleshooting\n\nIf you have problem finding your bluetooth dongle, might be an issue from bluez. Just run these commands:\n\n``\nsudo add-apt-repository ppa:bluetooth/bluez\nsudo apt update\nsudo apt install bluez\n``\nAnd restart your machine\n\nIf your are working in a virtual machine in macOS Catalina you might wanna change the default hci behaviour introduced with this command:\n\n``\nsudo nvram bluetoothHostControllerSwitchBehavior=\"never\"\n``\n\n## Contacts\n\n* [Lucas Fernandez](https://twitter.com/lucferbux)\n\n* [Pablo Gonzalez](https://twitter.com/pablogonzalezpe)\n\n[python-image]: https://img.shields.io/badge/Python-3.7-yellow\n[python-url]: https://www.python.org\n[license-image]: https://img.shields.io/badge/License-GPL-blue.svg\n[license-url]: LICENSE\n\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelefonica%2Fairdrop-crazy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftelefonica%2Fairdrop-crazy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelefonica%2Fairdrop-crazy/lists"}