Skip to content

Zigator: A security analysis tool for Zigbee and Thread networks

License

Notifications You must be signed in to change notification settings

akestoridis/zigator

Repository files navigation

zigator

Zigator: A security analysis tool for Zigbee and Thread networks

Status of tests workflow GitHub release (latest by date) GitHub commits since latest release (by date) Python version requirement License

Disclaimer

Zigator is a software tool that analyzes the security of Zigbee and Thread networks, which is made available for benign research purposes only. The users of this tool are responsible for making sure that they are compliant with their local laws and that they have proper permission from the affected network owners.

Installation

You can install Zigator in a Python 3 virtual environment as follows:

$ git clone https://github.com/akestoridis/zigator.git
$ cd zigator/
$ python3 -m venv venv/
$ source venv/bin/activate
(venv) $ pip install --upgrade pip
(venv) $ pip install .

The following command should display the version of Zigator that you installed:

(venv) $ zigator -v

If you decided to install Zigator outside of a Python 3 virtual environment and then you received an error message that the zigator command was not found, make sure that your system's PATH environment variable includes the directory of the installed executable. For example, if it was installed in ~/.local/bin, add the following line at the end of your ~/.bashrc file:

export PATH=$PATH:~/.local/bin

After reloading your ~/.bashrc file, you should be able to find the zigator command.

Features

Zigator enables its users to do the following:

  • Decrypt and verify captured Zigbee and Thread packets
  • Encrypt and authenticate forged Zigbee and Thread packets
  • Derive preconfigured Trust Center link keys from install codes
  • Derive MAC keys and MLE keys from master keys
  • Parse several header fields of Zigbee and Thread packets
  • Infer information from captured Zigbee and Thread packets
  • Produce statistics from databases with Zigbee and Thread packets
  • Visualize data from databases with Zigbee packets
  • Train decision tree classifiers from databases with Zigbee packets
  • Inject forged packets over UDP and SLL
  • Launch selective jamming and spoofing attacks with an ATUSB
  • Deploy stand-alone WIDS sensors for Zigbee networks

Getting Started

You can view a synopsis of all the subcommands that Zigator supports as follows:

(venv) $ zigator -h

The -h flag can also be used to view the supported arguments of different Zigator subcommands. For example, the following command displays the supported arguments of the inject subcommand:

(venv) $ zigator inject -h

Similarly, you can view the supported arguments of the inject subcommand for the forging of a Zigbee beacon, before forwarding it for injection over UDP, with the following command:

(venv) $ zigator inject udp zigbeebeacon -h

For instance, you can forward a forged Zigbee beacon for injection over UDP, that has its PAN ID set to 0xbbcc and the remaining fields set to their default values, by executing the following command:

(venv) $ zigator inject udp zigbeebeacon --mac_srcpanid 0xbbcc

Note that some Zigator subcommands can only be executed by the superuser. For example, you will have to execute your installed executable with sudo in order to send a forged packet to a raw socket, e.g.:

(venv) $ sudo ./venv/bin/zigator inject sll zigbeebeacon --mac_srcpanid 0xbbcc

A disclaimer will be printed whenever the user executes a command that would launch an attack. The user will have to accept responsibility for their actions if they want to proceed.

Related Publications

  • D.-G. Akestoridis, V. Sekar, and P. Tague, “On the security of Thread networks: Experimentation with OpenThread-enabled devices,” in Proc. ACM WiSec’22, 2022, pp. 233–244, doi: 10.1145/3507657.3528544.
  • D.-G. Akestoridis and P. Tague, “HiveGuard: A network security monitoring architecture for Zigbee networks,” in Proc. IEEE CNS’21, 2021, pp. 209–217, doi: 10.1109/CNS53000.2021.9705043.
  • D.-G. Akestoridis, M. Harishankar, M. Weber, and P. Tague, “Zigator: Analyzing the security of Zigbee-enabled smart homes,” in Proc. ACM WiSec’20, 2020, pp. 77–88, doi: 10.1145/3395351.3399363.

Acknowledgments

This project was supported in part by the Carnegie Mellon CyLab Security and Privacy Institute and in part by Carnegie Mellon University.

License

Copyright (C) 2020-2022 Dimitrios-Georgios Akestoridis

This project is licensed under the terms of the GNU General Public License version 2 only (GPL-2.0-only).

About

Zigator: A security analysis tool for Zigbee and Thread networks

Resources

License

Stars

Watchers

Forks