TK Bruteforce
Closed this issue · 1 comments
Santy99ab commented
I have listen a pairing between 2 Bluetooth LE devices...
The pairing procedure uses the 6 digit-key algorithm (not just works), and i run crackle in mode -s and -v.
Crackle try to bruteforce the TK, but only try combinations with the first 3 digits, the last 3 digits it assume that are 000... I know that the TK is like "123456", so, crackle won't get the correct key because it doesn't use the last 3 digits.
I attach the execution where you can notice the problem:
crackle_execution-s.txt
Sorry of my English... bye!
PD: great tool Mike! it's very useful for my BLE security research. (:
Santy99ab commented
Sorry, didn't read it:
if (verbose && numeric_key % 1000 == 0) {
printf("Trying TK: %d\n", numeric_key);
}