
A simple deep dive of Apple BLE spoofing, written with Scapy. Inspired by DEFCON 31's Apple TV spoof attacks.

Primary LanguagePython


Apple BLE spoof PoC implemented with Scapy.

This project is created only for educational purposes

In the news:



  • Tested on a Raspberry Pi Zero W with USB UD100 Bluetooth dongle.

  • util/ibeacon.py contains slightly modified scapy code but it's still based on the original and can be found here:


  • Substitute scapy's default ibeacon.py with the provided util/ibeacon.py. Scapy's ibeacon.py file location can be typically found in:


  • util/btconfig.sh bash script configures & reset the bluetooth interface of the Raspberry Pi Zero W prior to running the spoof PoC script. Uses spooftooph-bin, you can check it here:


  • spoof/apple-airpods-spoof.py is the script that performs THE spoof attack itself, handles the Pi's bluetooth interface and sends out spoofed airpods' advertising packets. Should be run with sudo.

  • For the demonstration, btconfig.sh & spoof/apple-airpods-spoof.py were placed in a cronjob to run at boot on the RPi with the Bluetooth dongled connected.