knob

Open source MIT Python

Website GitHub

186

Stars

Forks

Issues

Watchers

4 years

Last Commit

Vulnerability Scanning

About knob

A research repository documenting the Key Negotiation Of Bluetooth (KNOB) attacks targeting both Bluetooth BR/EDR and Bluetooth Low Energy, tracked as CVE-2019-9506. The KNOB attack exploits a vulnerability in the encryption key negotiation protocol, allowing an attacker to force the entropy of the encryption key down to a single byte, making it trivial to brute force. The repository includes multiple proof-of-concept tools demonstrating the attack against BR/EDR using the InternalBlue framework, a Linux kernel patch for performing the attack on BLE, and utilities for validating and brute forcing E0 encryption keys. It also provides Wireshark capture files for analysis and contains supporting materials from accompanying academic publications presented at venues including USENIX Security 2019. The project is intended for security researchers, Bluetooth protocol developers, and penetration testers studying wireless security vulnerabilities and protocol-level weaknesses in Bluetooth authentication and encryption

Platforms

Web Self-hosted

Languages

Python

Links

Website Source Code

Published by

francozappa

Visit View Profile

README.md

View on GitHub

README

Repository about the Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and Bluetooth Low Energy.

Related Work

From the Bluetooth Standard to Standard-Compliant 0-days [HWIO20]
Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy [TOPS20]
Bluetooth blues: KNOB attack explained [CyberWire19]
The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR [SEC19]
BIAS: Bluetooth Impersonatoin AttackS [S&P20]