https://github.com/akestoridis/zigator

Zigator: A security analysis tool for Zigbee and Thread networks
https://github.com/akestoridis/zigator

Last synced: 14 days ago
JSON representation

Zigator: A security analysis tool for Zigbee and Thread networks

• Host: GitHub
• URL: https://github.com/akestoridis/zigator
• Owner: akestoridis
• License: gpl-2.0
• Created: 2020-01-25T02:32:56.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2022-09-30T20:02:09.000Z (over 1 year ago)
• Last Synced: 2023-05-17T01:36:20.303Z (about 1 year ago)
• Language: Python
• Homepage:
• Size: 648 KB
• Stars: 20
• Watchers: 2
• Forks: 4
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Lists

• IoTSecurity101 - Zigator

README

        


# zigator

Zigator: A security analysis tool for Zigbee and Thread networks

![Status of tests workflow](https://img.shields.io/github/workflow/status/akestoridis/zigator/wf01-tests?label=tests)

![GitHub release (latest by date)](https://img.shields.io/github/v/release/akestoridis/zigator)

![GitHub commits since latest release (by date)](https://img.shields.io/github/commits-since/akestoridis/zigator/latest)

![Python version requirement](https://img.shields.io/badge/python-3.7%20%7C%203.8%20%7C%203.9%20%7C%203.10-blue)

![License](https://img.shields.io/badge/license-GPL--2.0--only-blue)

## Disclaimer

Zigator is a software tool that analyzes the security of Zigbee and Thread networks, which is made available for benign research purposes only.

The users of this tool are responsible for making sure that they are compliant with their local laws and that they have proper permission from the affected network owners.

## Installation

You can install Zigator in a Python 3 virtual environment as follows:

```console

$ git clone https://github.com/akestoridis/zigator.git

$ cd zigator/

$ python3 -m venv venv/

$ source venv/bin/activate

(venv) $ pip install --upgrade pip

(venv) $ pip install .

```

The following command should display the version of Zigator that you installed:

```console

(venv) $ zigator -v

```

If you decided to install Zigator outside of a Python 3 virtual environment and then you received an error message that the `zigator` command was not found, make sure that your system's `PATH` environment variable includes the directory of the installed executable.

For example, if it was installed in `~/.local/bin`, add the following line at the end of your `~/.bashrc` file:

```bash

export PATH=$PATH:~/.local/bin

```

After reloading your `~/.bashrc` file, you should be able to find the `zigator` command.

## Features

Zigator enables its users to do the following:

* Decrypt and verify captured Zigbee and Thread packets

* Encrypt and authenticate forged Zigbee and Thread packets

* Derive preconfigured Trust Center link keys from install codes

* Derive MAC keys and MLE keys from master keys

* Parse several header fields of Zigbee and Thread packets

* Infer information from captured Zigbee and Thread packets

* Produce statistics from databases with Zigbee and Thread packets

* Visualize data from databases with Zigbee packets

* Train decision tree classifiers from databases with Zigbee packets

* Inject forged packets over UDP and SLL

* Launch selective jamming and spoofing attacks with an ATUSB

* Deploy stand-alone WIDS sensors for Zigbee networks

## Getting Started

You can view a synopsis of all the subcommands that Zigator supports as follows:

```console

(venv) $ zigator -h

```

The `-h` flag can also be used to view the supported arguments of different Zigator subcommands.

For example, the following command displays the supported arguments of the `inject` subcommand:

```console

(venv) $ zigator inject -h

```

Similarly, you can view the supported arguments of the `inject` subcommand for the forging of a Zigbee beacon, before forwarding it for injection over UDP, with the following command:

```console

(venv) $ zigator inject udp zigbeebeacon -h

```

For instance, you can forward a forged Zigbee beacon for injection over UDP, that has its PAN ID set to 0xbbcc and the remaining fields set to their default values, by executing the following command:

```console

(venv) $ zigator inject udp zigbeebeacon --mac_srcpanid 0xbbcc

```

Note that some Zigator subcommands can only be executed by the superuser.

For example, you will have to execute your installed executable with `sudo` in order to send a forged packet to a raw socket, e.g.:

```console

(venv) $ sudo ./venv/bin/zigator inject sll zigbeebeacon --mac_srcpanid 0xbbcc

```

A disclaimer will be printed whenever the user executes a command that would launch an attack.

The user will have to accept responsibility for their actions if they want to proceed.

## Related Publications

* D.-G. Akestoridis, V. Sekar, and P. Tague, “On the security of Thread networks: Experimentation with OpenThread-enabled devices,” in *Proc. ACM WiSec’22*, 2022, pp. 233–244, doi: [10.1145/3507657.3528544](https://doi.org/10.1145/3507657.3528544).

* D.-G. Akestoridis and P. Tague, “HiveGuard: A network security monitoring architecture for Zigbee networks,” in *Proc. IEEE CNS’21*, 2021, pp. 209–217, doi: [10.1109/CNS53000.2021.9705043](https://doi.org/10.1109/CNS53000.2021.9705043).

* D.-G. Akestoridis, M. Harishankar, M. Weber, and P. Tague, “Zigator: Analyzing the security of Zigbee-enabled smart homes,” in *Proc. ACM WiSec’20*, 2020, pp. 77–88, doi: [10.1145/3395351.3399363](https://doi.org/10.1145/3395351.3399363).

## Acknowledgments

This project was supported in part by the Carnegie Mellon CyLab Security and Privacy Institute and in part by Carnegie Mellon University.

## License

Copyright (C) 2020-2022 Dimitrios-Georgios Akestoridis

This project is licensed under the terms of the GNU General Public License version 2 only (GPL-2.0-only).