profile
viewpoint
Daniele Antonioli francozappa EPFL Lausanne https://francozappa.github.io Interested in various aspects of cyber-physical and wireless systems security.

francozappa/knob 124

Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506]

francozappa/bias 51

Bluetooth Impersonation AttackS (BIAS) [CVE 2020-10135]

francozappa/REarby 13

Toolkit developed to reverse engineer Google's Nearby Connections API

francozappa/ghidra_scripts 1

Scripts for the Ghidra software reverse engineering suite.

francozappa/how2heap 1

A repository for learning various heap exploitation techniques.

francozappa/mininet 1

Emulator for rapid prototyping of Software Defined Networks

francozappa/android-nearby 0

Samples for Nearby APIs on Android

francozappa/angr 0

The next-generation binary analysis platform from UC Santa Barbara's Seclab!

francozappa/awesome-industrial-control-system-security 0

A curated list of resources related to Industrial Control System (ICS) security.

francozappa/book 0

The Rust Programming Language

push eventfrancozappa/francozappa.github.io

francozappa

commit sha 07ae3a5906c2f2bb071cf53148de7495395a400c

Build 2020-09-25 10:25

view details

push time in 15 hours

push eventfrancozappa/francozappa.github.io

francozappa

commit sha e567aadae1e9f55bb59e9623d5b7e33a15a721fa

Build 2020-09-07 15:18

view details

push time in 18 days

push eventfrancozappa/francozappa.github.io

francozappa

commit sha 8d42f16af07f7481f610fe553d0ba0176f146b28

Build 2020-09-07 14:59

view details

push time in 18 days

push eventfrancozappa/francozappa.github.io

francozappa

commit sha fad4a7fcb6791928cd0203fe259c2fb82eef36cb

Build 2020-09-07 13:43

view details

push time in 18 days

push eventfrancozappa/francozappa.github.io

francozappa

commit sha c48a00334f46133703727b3d9ba8f29bd4472d4a

Build 2020-09-07 13:40

view details

push time in 18 days

push eventfrancozappa/francozappa.github.io

francozappa

commit sha 11f81bef70d67ced5a6a743fda8b9deff38e0e5a

Build 2020-08-18 09:42

view details

push time in a month

push eventfrancozappa/francozappa.github.io

francozappa

commit sha c1df39341b7c5b35460a48df216b40b43ae1e242

Build 2020-08-12 17:21

view details

push time in a month

push eventfrancozappa/francozappa.github.io

francozappa

commit sha 1fc615402324d9a10746dde1a450fe8f2f319e37

Build 2020-08-07 10:40

view details

push time in 2 months

push eventfrancozappa/francozappa.github.io

francozappa

commit sha 5eba4527485d03e775a74439ca23adf31718360a

Build 2020-08-06 16:02

view details

push time in 2 months

push eventfrancozappa/francozappa.github.io

francozappa

commit sha df1e2b398b556cd8489f6cc4e4e07f77b7957eae

Build 2020-08-06 15:45

view details

push time in 2 months

push eventfrancozappa/francozappa.github.io

francozappa

commit sha e584f7f21d59107d7df1d9b97ab7906ec9326ce6

Build 2020-08-05 17:36

view details

push time in 2 months

push eventfrancozappa/btlejack

francozappa

commit sha c1b02e819bccfbbd67aa83a3defeb4f297cd1fe5

Fix RSSI sign

view details

push time in 2 months

pull request commentvirtualabs/btlejack

Adding support for sniffing and reactive jamming of advertisements.

@RCayre

What is the status of this PR? It looks that sniffing and jamming advs is not supported by btlejack v2.0

RCayre

comment created time in 2 months

PR opened virtualabs/btlejack

Write RSSI values into the pcap

Hey,

This patch should write the packet rssi value in the pcap when using the -x ll_phdr flag rather than -40

+1 -1

0 comment

1 changed file

pr created time in 2 months

push eventfrancozappa/btlejack

Daniele Antonioli

commit sha f6596396c7f2d69bc67a4cd2c0584e53a09dbdb1

Write RSSI values into the pcap

view details

push time in 2 months

fork francozappa/btlejack

Bluetooth Low Energy Swiss-army knife

fork in 2 months

push eventfrancozappa/francozappa.github.io

francozappa

commit sha 365396e92599a647d09b9b7fa0f2b615a776ac56

Build 2020-07-21 11:06

view details

push time in 2 months

issue closedfrancozappa/bias

How to identify whether the vulneriability after scripts running

Hi,

Many thanks for your helping, I have no issues on running the scripts(No errors shows on the terminal). However, there are some issues when I check the wireshark log:

I pair the phone(Samsung galaxy 6+) and a vehicle Headunit(which is the device I really want to test, and it runs as a master I think). And also run the bias.py. I disconect the Bluetooth between phone and headunit and switch off the bluetooth on the phone. Then I use the headunit to connect (The traffic go to my laptop, that's correct because my laptop is the fake phone now). However, the connection is failed. And I did not see any role switch happen during the connection(I think it should have some traffic like my laptop send "become master" then the headunit accept it, but I only see the headunit send change role to become a master and ask my laptop a Link Key) image And the log on Interblue log: image

  1. Do you have any idea your PoC is success?

In addition, according to your paper: image 2. Can I say If the communication use legacy mode and role switch is enable, the attack will success?(beause I also capture the logs between my android phone and headunit, in that logs, it shows that the role switch feature is enable and Secure Connection is false, so it use Legacy mode and enable role switch)

Many thanks

closed time in 2 months

DuCkBlAcK

issue commentfrancozappa/bias

How to identify whether the vulneriability after scripts running

@DuCkBlAcK could you please share the pcaps file such that I can have a look? Ideally you should provide two pcaps, one should contain the pairing traffic between the phone and the car, and the other the impersonation attempt from the laptop.

DuCkBlAcK

comment created time in 2 months

push eventfrancozappa/francozappa.github.io

francozappa

commit sha 5ede3d851b5f92e491087172e1a881fd26f8907d

Build 2020-07-06 11:43

view details

push time in 3 months

more