Skip to content

Latest commit

 

History

History
101 lines (71 loc) · 6.64 KB

README.md

File metadata and controls

101 lines (71 loc) · 6.64 KB

Fingerprinting Bluetooth Low Energy via Active Automata Learning

This repository contains the supplemental material to the article 'Identification and Analysis of Bluetooth Devices via Automata Learning' and to the paper 'Fingerprinting Bluetooth Low Energy via Active Automata Learning' of Andrea Pferscher and Bernhard K. Aichernig (Institute of Software Technology, Graz University of Technology).

Learning output

This repository provides a framework that learns the behavioral model of a black-box Bluetooth Low Energy (BLE) device by active automata learning. The framework can learn the model of the connection procedure and the legacy pairing procedure. This repository also contains the learned models and learning results of the performed case study.

Content

Installation

Prerequisites

  1. Nordic nRF52840 Dongle or Development Kit flashed with corresponding firmware

    Flashing: You can use the programmer tool of the nRF Connect for Desktop application to flash the provided firmware on the Nordic nRF52840 Dongle or Nordic nRF52840 Development Kit.

    For the development kit (possibly also for the dongle) you first have to write the s140_nrf52_6.1.1_softdevice file and then the nrf52840_dk_firmware.

    The firmware is taken from the SweynTooth project.

  2. Python 3.9

  3. Python libraries pySerial, Scapy >=v2.4.5, Aalpy >=1.1.7 and Colorama, pycryptodome

    Requirements installation:

    sudo pip3 install -r requirements.txt

Only required for the learning of the pairing procedure:

  1. Installation of python3.9-dev:

    sudo apt-get install python3.9-dev
  2. Installation of Security Manager interface:

    cd libs/smp_server/;sudo python3.9 setup.py install

Experiment Execution

The learning procedure for learning the connection procedure of a Bluetooth Low Energy (BLE) device can be executed via (ble_learning.py). If you want to start learning after the connection request execute ble_learning_connecting_start.py instead. The learning of the pairing procedure can be started with ble_learning_pairing.py. All programs require the serial port name of the nRF52 device and the BLE address of the peripheral device (advertiser) that should be learned.

python3 ble_learning.py <serial_port> <advertiser_address> [<pcap|dot filename>]

Example:

python3 ble_learning.py /dev/ttyACM0 00:A0:50:00:00:03 

The program outputs the learning results after a successful learning procedure and saves the learned model in the file LearnedModel.dot.

Learning output

Acknowledgement

  • SweynTooth: nRF52 driver, firmware and code snippets for BLE package construction
  • AALpy: active automata learning library
  • Scapy: BLE package parsing and composition
  • Colorama: colored terminal text