March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
电子撬锁
——
滥用门锁危害物理安全
|
55
根据
BLE
的规约,如果选择了仅工作模式,那么
TK
的值是
0
。这种模式用于设备很少或
是没有显示或输入机制的时候,因此配对是自动的。除此以外,
TK
使用介于
0
到
999
999
之间的一个值。更常见的是在主设备和从设备上显示出生成的数字要求用户来确认。一旦
计算出
TK
,主、从设备用
TK
生成一个短期密钥(
short-term key
,
STK
)。由
STK
最
终生成
LTK
。
Ryan
发布了一款名为
crackle
的工具,使用抓到的
BLE
数据包,并尝试用
0
到
999 999
之间的值作为
TK
去暴力破解数据包。一旦找到
TK
,便可以很容易地通过
TK
解密验
证
STK
。最后,可以通过使用
STK
解密获得
LTK
。假设捕获的数据包存储在一个名为
capture.pcap
文件中,下面是运行
crackle
工具的命令:
[bash]$
crackle -i capture.pcap -o decrypted.pcap
TK found: 249592
LTK found: 26db138d0aa63a12dd596228577c4731
Done, processed 106 total packets, decrypted 19
像
Wireshark
这样的工具能打开
decrypted.pcap
这种包含明文的数据文件。需要注意的是,
Ryan
的暴力破解方法不能有效破解带外数据(
Out-of-Band
,
OOB
)模式,这种模式通
过协议交换一个
128
位密钥,不同于
BLE
协议。但大多数设备使用仅工作模式或
6
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.