mirror of https://github.com/secdev/scapy.git
113 lines
4.4 KiB
Plaintext
113 lines
4.4 KiB
Plaintext
% Scapy Bluetooth layer tests
|
|
|
|
+ HCI Commands
|
|
= LE Create Connection Cancel
|
|
|
|
expected_cmd_raw_data = hex_bytes("010e2000")
|
|
cmd_raw_data = raw(HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_LE_Create_Connection_Cancel())
|
|
assert(expected_cmd_raw_data == cmd_raw_data)
|
|
|
|
= Disconnect
|
|
expected_cmd_raw_data = hex_bytes("01060403341213")
|
|
cmd_raw_data = raw(HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_Disconnect(handle=0x1234))
|
|
assert(expected_cmd_raw_data == cmd_raw_data)
|
|
|
|
= LE Connection Update Command
|
|
expected_cmd_raw_data = hex_bytes("0113200e47000a00140001003c000100ffff")
|
|
cmd_raw_data = raw(
|
|
HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_LE_Connection_Update(
|
|
handle=0x47, min_interval=10, max_interval=20, latency=1, timeout=60,
|
|
min_ce=1, max_ce=0xffff))
|
|
assert(expected_cmd_raw_data == cmd_raw_data)
|
|
|
|
|
|
+ HCI Events
|
|
= LE Connection Update Event
|
|
evt_raw_data = hex_bytes("043e0a03004800140001003c00")
|
|
evt_pkt = HCI_Hdr(evt_raw_data)
|
|
assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].handle == 0x48)
|
|
assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].interval == 20)
|
|
assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].latency == 1)
|
|
assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].timeout == 60)
|
|
|
|
|
|
+ Bluetooth LE Advertising / Scan Response Data Parsing
|
|
= Parse EIR_Flags, EIR_CompleteList16BitServiceUUIDs, EIR_CompleteLocalName and EIR_TX_Power_Level
|
|
|
|
ad_report_raw_data = \
|
|
hex_bytes("043e2b020100016522c00181781f0201020303d9fe1409" \
|
|
"506562626c652054696d65204c452037314536020a0cde")
|
|
scapy_packet = HCI_Hdr(ad_report_raw_data)
|
|
|
|
assert(scapy_packet[EIR_Flags].flags == 0x02)
|
|
assert(scapy_packet[EIR_CompleteList16BitServiceUUIDs].svc_uuids == [0xfed9])
|
|
assert(scapy_packet[EIR_CompleteLocalName].local_name == b'Pebble Time LE 71E6')
|
|
assert(scapy_packet[EIR_TX_Power_Level].level == 12)
|
|
|
|
= Parse EIR_Manufacturer_Specific_Data
|
|
|
|
scan_resp_raw_data = \
|
|
hex_bytes("043e2302010401be5e0eb9f04f1716ff5401005f423331" \
|
|
"3134374432343631fc00030c0000de")
|
|
scapy_packet = HCI_Hdr(scan_resp_raw_data)
|
|
|
|
assert(scapy_packet[EIR_Manufacturer_Specific_Data].data == b'\x00_B31147D2461\xfc\x00\x03\x0c\x00\x00')
|
|
assert(scapy_packet[EIR_Manufacturer_Specific_Data].company_id == 0x154)
|
|
|
|
= Basic L2CAP dissect
|
|
a = L2CAP_Hdr(b'\x08\x00\x06\x00\t\x00\xf6\xe5\xd4\xc3\xb2\xa1')
|
|
assert a[SM_Identity_Address_Information].address == 'a1:b2:c3:d4:e5:f6'
|
|
assert a[SM_Identity_Address_Information].atype == 0
|
|
a.show()
|
|
|
|
= Basic HCI_ACL_Hdr build & dissect
|
|
a = HCI_Hdr()/HCI_ACL_Hdr(handle=0xf4c, PB=2, BC=2, len=20)/L2CAP_Hdr(len=16)/L2CAP_CmdHdr(code=8, len=12)/Raw("A"*12)
|
|
assert raw(a) == b'\x02L\xaf\x14\x00\x10\x00\x05\x00\x08\x00\x0c\x00AAAAAAAAAAAA'
|
|
b = HCI_Hdr(raw(a))
|
|
assert a == b
|
|
|
|
= Complex HCI - L2CAP build
|
|
a = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_ConnReq(scid=1)
|
|
assert raw(a) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x02\x00\x04\x00\x00\x00\x01\x00'
|
|
a.show()
|
|
|
|
= Complex HCI - L2CAP dissect
|
|
a = HCI_Hdr(b'\x02\x00\x00\x11\x00\r\x00\x05\x00\x0b\x00\t\x00\x01\x00\x00\x00debug')
|
|
assert a[L2CAP_InfoResp].result == 0
|
|
assert a[L2CAP_InfoResp].data == b"debug"
|
|
|
|
= Answers
|
|
a = HCI_Hdr(b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x02\x00\x04\x00\x00\x00\x9a;')
|
|
b = HCI_Hdr(b'\x02\x00\x00\x10\x00\x0c\x00\x05\x00\x03\x00\x08\x00\x9a;\x00\x00\x00\x00\x01\x00')
|
|
assert b.answers(a)
|
|
assert not a.answers(b)
|
|
|
|
a = HCI_Hdr(b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x04\x00\x04\x00\x15\x00\x00\x00')
|
|
b = HCI_Hdr(b'\x02\x00\x00\x0e\x00\n\x00\x05\x00\x05\x00\x06\x00\x15\x00\x00\x00\x02\x00')
|
|
assert b.answers(a)
|
|
assert not a.answers(b)
|
|
|
|
= EIR_Hdr - misc
|
|
a = HCI_Hdr()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_LE_Meta_Advertising_Report(addr = "a1:b2:c3:d4:e5:f6", data=EIR_Hdr()/EIR_CompleteLocalName(local_name="scapy"))
|
|
assert raw(a) == b'\x04>\x00\x02\x00\x00\x00\xf6\xe5\xd4\xc3\xb2\xa1\x07\x06\tscapy\x00'
|
|
b = HCI_Hdr(raw(a))
|
|
assert b.data[0][EIR_CompleteLocalName].local_name == b"scapy"
|
|
assert b[HCI_LE_Meta_Advertising_Report].addr == "a1:b2:c3:d4:e5:f6"
|
|
|
|
assert a.summary() == "HCI Event / HCI_Event_Hdr / HCI_Event_LE_Meta / HCI_LE_Meta_Advertising_Report"
|
|
|
|
= ATT_Hdr - misc
|
|
a = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/ATT_Hdr()/ATT_Read_By_Type_Request_128bit(uuid1=0xa14, uuid2=0xa24)
|
|
a = HCI_Hdr(raw(a))
|
|
a.show()
|
|
a.mysummary()
|
|
assert ATT_Read_By_Type_Request_128bit in a
|
|
assert not Raw in a
|
|
|
|
b = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/ATT_Hdr()/ATT_Read_By_Type_Request(uuid=0xa14)
|
|
b = HCI_Hdr(raw(b))
|
|
b.show()
|
|
b.mysummary()
|
|
assert ATT_Read_By_Type_Request in b
|
|
assert not Raw in b
|