《工业互联网安全测试技术:ZigBee协议渗透测试.docx》由会员分享,可在线阅读,更多相关《工业互联网安全测试技术:ZigBee协议渗透测试.docx(6页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Zigbee协议测试实验文档实验原理协议数据包抓取软件模拟Zigbee设备的入网过程,构造相关的数据包与终端进行通信,实 现抓取数据包或者控制Zigbee设备的目的。实验目的利用Ubiqua软件以及相关的Zigbee硬件模块,抓取Zigbee协议数据包并进行恶意流量分 析。实验环境Ubiqua软件一套Zigbee硬件模块1套Ubuntu20.04操作系统推荐课时数:2课时实验步骤1. Zigbee设备接入Ubiqua软件 翻开Ubiqua软件,界面如下列图所示:匈 Untitled - Ubiqua Protocol AnalyzerFile Tools Device View Window
2、HelpDevice ManagerDevice ManagerTraffic ViewYour device list is empty.Add DeviceLn. TimestampJ- : No Filters. T 干.Time Delta Ch. Stack Layer Packet InformationPacket View No packet is selectedNetwork ExplorerGraphic ViewGraphic ViewProperties图1 Uniqua软件界面 翻开配置菜单Tools-Options,选择Security ,添加key,如下列图所示
3、:座Untitled - Ubiqua Protocol AnalyzerFile Tools Device View Window HelpDevice ManagerOptionsYour device list is empty.Add DeviceNetwork ExplorerGraphic ViewSecurityGeneral FilesKeychain AddressesTrafficOKCancel图2添加keyPacket View No packet is selectedProperties o/o 口o/o(3)添加设备,具体设置如下列图所示:色 Untitled -
4、 Ubiqua Protocol AnalyzerFile Tools Device View Window Help Device ManagerTraffic View酒 ,I *-:? No Filters/ YLn. TimestampTime Ddta Ch. Stade Layer Packet Information x Packet View No packet is selectedMAC Src MAC DstNetwork ExploitGraphic ViewYour device list is enpty.Add DeviceXubiqua 孰Vendor: Oth
5、er*ConfigurationCOM Port:Baud Rate:Data Bits:Stop Bits:Parity:Flow Control:Application:Channels:Camel Add Device图3添加设备(4)选择Zigbee协议,如下列图所示:备 Untitled - Ubiqua Protocol AnalyzerFile Took Device View Window HelpPacket View No packet is selectedGraphic Viewittei *遗飞No packetsiibilpgix c ornII p在这里输入你要搜
6、索的内容17人8中2。篇八9图4选择Zigbee协议(5)选择信道,具体设置如下列图所示:Untitled - Ubiqua Protocol AnalyzerFile Tools Device View Window HelpDevice Manage:Frcccalc Sni OfflineTraffic ViewStart DeviceNo FiltersLayerPaocet InformationMACSrcMAC OstNetwork ExplorerGraphic View:图4I R再1No packetsO Channel11 (OxOB, 2405 MHz)Time Del
7、taProtocol StackSonPacket View No packet is selected国阅读活单Nelwxk ExplorefGraphic View 由 I QPropertiesNo p水 ketsubilogixxorn结语tf-% weixin_33805557zxII P在这里输入你要搜索的内容图6翻开设备Ubiqua中的常用工具(1)常用工具在抓包器中一有些常用的工具,如下列图所示:Traffic View:一电泄注J /、:一电泄注J /、Time DeltaLayer is ZCLLayer Packet InFionMAC DstMA.图7常用工具保存当前数
8、据滚动显示单包分解窗显示最新包清空所有当前过滤器启用与关闭过滤器新建过滤器编辑当前过滤器删除过滤器(2)过滤器过滤器是必要的,可帮助我们快速定位到相应查找的资源。过滤器的页面如下列图所示:同ZiqBee设筋渗透JL具:Attrty * (14筑陶)Ziqbcc抓包分析公ziqbec/议数钻包_白度搜索XPacket View No packet is selectedC A hlnn rsdn npf/u/piyin ?2RDS,7/3rtirla/dataik/q2cs2a64,vnm = 1001 2101 001 6661 1/Vutm mAdium=diOrihutp nr ralav
9、act t0 nonp-tack-hlnn-2&i Untitled Ubiqua Protocol Analyzer:!:应用0 Gn_ File Tools Device View Window HelpAcsonDevice Manage!Your device list is enpty.Add Device4 Create I ilterName UntitledNetwork ExploteSelett.Full PacketPacket NumberProtocolChannellEtt 802.15.4 2006IETF 6L0WPAN、.Time3dmp lime Delta
10、LengthLink QualitySourceLayerStatusProtocol StMks Match all * of the following rules:isGraphic ViewNo pd kelsII Q在这里输入你要搜索的内容Name: Protcx ol I abel: Protocol Length: 0 lype: String Layer (unknown)OK , Cancelubilogixxom3。邙,卤I,/ 平 |O|图8过滤器过滤器中设置了多种过滤规那么,从上图可以看出有全包显示,有根据报文数显示,有根据时 间戳、协议等等。抓包完成后,可以根据自己的
11、实际用途来灵活配置过滤器的筛选规那么,以 到达快速定位自己想要的资源的效果,节省自己筛选数据报文的时间。要抓PANID=5FCC的包,即同一个网络的数据包.先选中一个数据包样本。然后可如下列图操 作:Packet ViewQ X NWK - Link Status+ Frame Information: (50 bytes)MAC Header: (9 bytes)-i MAC Payload: (39 bytes)NWK Header: (16 bytes) 国 Frame Control: 0x1209Destination Address: OxFFFC Source Address:
12、0x0000Radius: 0x01Sequence Number: 213Source IEEE Address: 00:15:8D:00:NWK Aux Header: (14 bytes)S Network Security Control: 0x28 NWK Frame Counter: 80320 Source Address: 00:15:80:00:00:7( NWK Key Sequence Number: 1NWK Payload: 0X1142CD6108NWK Command ID: 0x08 Unk StaS Unk Status Options: 0x61 囹 Unk
13、 Status List: 0X1142CDNWK MIC: 0XCBC7AB1CZCLlationMAC Src.MAC DstPacket View NWK - Unk Statuslesties0xB4000x00000x00000xB400OxFFFF OxFFFF6519CopyCopy nS+ Frame Information: (50 bytes)S MAC Header: (9 bytes)+ Frame Control: 0x8841Sequence Number: 217Ctrl-CID:0x00000x42CD0xB4000x0000CollapseExpandBSS:
14、 OxFFFF 0x0000 tes) )bytes)I: 0x1209 ddress: OxFFFC ss: 0x0000Destination PAN IDCreate New Filter工 is OxSFCCis not 0x5FCCAdd To Current FilterCollapse AllExpand Alluber: 213Xddress: 00:15:8D:00: :(14 bytes) irity Control: 0x28greater than 0x5FCC less than 0x5FCCat least 0x5FCC2162216123NWK Frame Cou
15、nter: 80320Source Address: 00:15:8D:00:00:7(NWK Key Sequence Number: 19 NWK Payload: 0X1142CD6108NWK Command TD: TOxORl I ink Gta v .VQ口0/0 0 3/2 0 50at zost 0x5FCC图9过滤器设置2. Zigbee 测试框架 Attify-Zigbee-Framework 从github上面clone该框架的原代码,具体操作如下列图所示:rootiZm5eglwt605nh28gqo0b8Z:git clone s:/github /attify/A
16、ttify-Zigbe e-FrameworkCloning into 1Attify-Zigbee-Framework1.remote: Enumerating objects: 1620, done.remote: Total 1620 (delta 0), reused 0 (delta 0), pack-reused 1620 Receiving objects: 100% (1620/1620), 2.34 MiB | 4.05 MiB/s, done. Resolving deltas: 100% (1086/1086)z done.rootiZm5eglwt605nh28gqo0
17、b8Z:图10克隆框架代码 运行installer.sh脚本程序,执行框架相应的环境安装,具体操作如下列图所示:rootiZm5eglwt605nh28gqo0b8Z:-/Attify-Zigbee-Framework# chmod 777 installer.shrootiZm5eglwt605nh28gqo0b8Z:/Attify-Zigbee-Framework# ./installer.sh* Installing dependenciesReading package lists. DoneBuilding dependency treeReading state informati
18、on. DoneNote, selecting 1python-dev-is-python21 instead of 1python-dev1Note, selecting 1libgcrypt20-dev, instead of 1libgcrypt-dev*E: Unable to locate package python-gtk2E: Unable to locate package python-serial图11执行脚本安装(3)当安装脚本执行安装完成后,将会出现以下界面,那么安装成功:* All done!(Happy hacking )A A)/O (oo)()图12安装成功界面Attify-Zigbee-Framework上面的KillerBee框架是测试Zigbee的有力武器,由一些工具组 成,且并不是所有这些工具已经在AZF上实现,目前,AZF包含了渗透ZigBee的一些必 要的工具,未添加的将在未来版本中添加。