CN116193411B - Modification and playback method of Bluetooth car control instruction - Google Patents
Modification and playback method of Bluetooth car control instruction Download PDFInfo
- Publication number
- CN116193411B CN116193411B CN202310080587.0A CN202310080587A CN116193411B CN 116193411 B CN116193411 B CN 116193411B CN 202310080587 A CN202310080587 A CN 202310080587A CN 116193411 B CN116193411 B CN 116193411B
- Authority
- CN
- China
- Prior art keywords
- data
- packet
- length
- ble
- modified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012986 modification Methods 0.000 title claims abstract description 16
- 230000004048 modification Effects 0.000 title claims abstract description 16
- 230000006978 adaptation Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims 1
- 238000012360 testing method Methods 0.000 abstract description 4
- 238000004891 communication Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/08—Testing, supervising or monitoring using real traffic
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of automobile Bluetooth control, in particular to a method for modifying and replaying a Bluetooth control instruction, which comprises the following steps: s1: analyzing the BLE data packet into hexadecimal character data; s2: disassembling the parsed data according to a BLE protocol stack; s3: replacing relevant fields in the selected BLE data frame with modified fields; s4: reversing the replaced data into original binary data; s5: the modified data is replayed according to the destination MAC address, the MAC address type, seclevel. The invention can realize direct modification and playback of the Bluetooth control command data packet; the depth of Bluetooth control instruction test is improved, and the reliability of Bluetooth control functions is guaranteed.
Description
Technical Field
The invention relates to the technical field of automobile Bluetooth control, in particular to a method for modifying and replaying Bluetooth control instructions.
Background
With the increasingly developed intelligent internet-connected automobile wireless control technology, the Bluetooth technology is increasingly applied to vehicle-mounted electronic equipment, wherein the low-power Bluetooth is suitable for the application of the internet of things for transmitting a small amount of data at a lower speed, and the working frequency band is 2.4GHz. The release of bluetooth 5 and bluetooth mesh further expands the application of bluetooth low energy, and the cost of bluetooth low energy chipset and module is always rapidly reduced, making it an ideal connection solution for developing a high cost performance vehicle-mounted infotainment system.
In the automobile industry, the low-power consumption Bluetooth protocol is almost used in the field of mobile phone wireless control, and when the low-power consumption Bluetooth control technology is applied to automobiles more and more, the complexity is higher and higher, and the reliability of the protocol and communication is tested in a multi-dimensional manner. At present, no effective method for modifying and replaying the car control instruction with practical significance exists.
Although some open source tools can realize analysis of bluetooth data packets at present, the bluetooth transmission data cannot be modified and replayed directly through the analysis tools, and security test cannot be performed efficiently for bluetooth control instructions. It is therefore necessary to develop a method for modifying and replaying bluetooth control commands to verify the security of bluetooth low energy control protocols.
Disclosure of Invention
The invention provides a modification and playback method of a Bluetooth control command, which can realize direct modification and playback of a Bluetooth control command data packet.
The invention relates to a method for modifying and replaying a Bluetooth control command, which comprises the following steps:
S1: analyzing the BLE data packet into hexadecimal character data;
s2: disassembling the parsed data according to a BLE protocol stack;
s3: replacing relevant fields in the selected BLE data frame with modified fields;
s4: reversing the replaced data into original binary data;
S5: the modified data is replayed according to the destination MAC address, the MAC address type, seclevel.
Preferably, in S1, the BLE packet is in BTsnoop format, and the BTsnoop format is used for recording data that the bluetooth protocol stack interacts with the chip.
Preferably, BTsnoop formats include FILE HEADER and Packet Record, FILE HEADER is a fixed length field containing general information about the format of the Packet file and its contained Packet Record, including identification mode, version number and data link type; packet Record is a continuous Packet field containing an original length, a data field length, a Packet flag, a Packet loss Record, a timestamp, and a variable length Packet field.
Preferably, in S1, the data payload contained in the variable length field of the data packet is parsed into a visible string by using trshark tool, as an input for modification, and the BLE original hexadecimal data packet is converted into a hexadecimal string data packet using xxd tool, in preparation for subsequent replacement positioning.
Preferably, in S2, the specific method is as follows: calculating the data Frame Length field position, the host control layer interface Length HCI Total Length field position, the logical link control and adaptation protocol layer data load Length L2CAP PDU Length field position; and according to the Length of the modified data payload, specific values of Frame Len, HCI Total Length and L2CAP PDU Length are calculated and recorded.
Preferably, in S3, the source BLE packet is replaced according to the disassembled and calculated field; the specific method for replacement comprises the following steps: and positioning to the data Frame needing to be modified through a grep tool, replacing the converted hexadecimal string data packet by using a sed tool by calculating the values of the Frame Len, the HCI Total Length and the L2CAPPDU Length of the modified data, and synchronously replacing the input modified data payload.
Preferably, xxd-r is used to reverse the hexadecimal data to the original binary data in S4 in preparation for subsequent playback.
Preferably, in S5, the playback method is: analyzing the writing characteristic Value of the obtained BTsnoop-format data packet, and reading the Value after modification to the target writing characteristic to write data, thereby completing playback.
The invention can realize direct modification and playback of the Bluetooth control command data packet; the depth of Bluetooth control instruction test is improved, and the reliability of Bluetooth control functions is guaranteed.
Drawings
FIG. 1 is a flow chart of a modified replay method of Bluetooth control commands in an embodiment;
FIG. 2 is a diagram of an example file format of a modification BTsnoop in an embodiment;
FIG. 3 is an exemplary diagram of an alternate specification in an embodiment;
Figure 4 is an exemplary diagram of a BLE data frame data channel PDU format in an embodiment.
Detailed Description
For a further understanding of the present invention, the present invention will be described in detail with reference to the drawings and examples. It is to be understood that the examples are illustrative of the present invention and are not intended to be limiting.
Examples
As shown in fig. 1, the present embodiment provides a method for modifying and replaying a bluetooth control command, which includes the following steps:
s1: parsing BLE packets: analyzing the BLE data packet into hexadecimal character data;
The BLE data Packet parsed in this embodiment is BTsnoop format, and the format file is used to Record data that the bluetooth protocol stack interacts with the chip, as shown in fig. 2, and includes FILE HEADER and a Packet Record portion, FILE HEADER is a fixed-length field, and contains general information about the format of the Packet file and the Packet Record contained therein, such as an identification mode (Identification Pattern), version number (version number), and data link type (DATALINK TYPE). The Packet Record is a continuous Packet field, and includes an Original Length (Original Length), a Packet Length (included Length), a Packet flag (PACKET FLAGS), a Packet loss Record (Packet Drops), a timestamp (TIMESTAMP MICROSECONDS), and a Packet variable Length field (PACKET DATA). Since the other fields are relatively fixed except PACKET DATA, original Length, include Length fields, the trshark tool is used to parse the data payload contained in PACKET DATA into visible strings, as input for modification, and the BLE Original hexadecimal data packet is converted into hexadecimal string data packet using xxd tool, in preparation for subsequent replacement positioning.
S2: disassemble BLE data frame field: disassembling the parsed data according to a BLE protocol stack;
The specific method for disassembling the BLE data frame field comprises the following steps: because the relative positions of the fields are fixed, the field position of the data Frame Length (Frame Len), the field position of the host control layer interface Length (HCI Total Length), the field position of the logical link control and adaptation protocol layer data payload Length (L2 CAP PDU Length) can be calculated. And according to the Length of the modified data payload, specific values of Frame Len, HCI Total Length and L2CAP PDU Length are calculated and recorded. The remaining fields, such as the timestamp, do not affect the final packet encapsulation and thus no modification is involved in the method.
S3: replacement BLE data frame field: replacing relevant fields in the selected BLE data frame with modified fields;
And replacing the source BLE data packet according to the disassembled and calculated fields. The specific method for replacement comprises the following steps: and positioning to the data Frame to be modified through a grep tool, replacing the hexadecimal string data packet converted in S101 by using a sed tool by calculating the values of the Frame Len, the HCI Total Length and the L2CAP PDU Length of the modified data as shown in fig. 3, and synchronously replacing the input modified data payload. Unlike classical bluetooth, which is a wide variety of data packets, the data packet format of each physical layer of BLE is identical and commonly includes a Preamble (Preamble), an access address (ACCESSADDRESS), a protocol data unit (PDU, as shown in fig. 4), and a Cyclic Redundancy Check (CRC). The preamble is used by the receiver to perform synchronization frequency, symbol timing estimation, and Automatic Gain Control (AGC) training; the access address is used for distinguishing 32-bit identification codes of different connections or different periodical broadcasting; the protocol unit data is used for loading data to be transmitted and comprises two formats of a broadcast PDU and a data communication PDU; the cyclic redundancy check code is 24-bit CRC, is generated based on PDU calculation, and is used for checking the correctness of the data packet PDU. The BTsnoop format data packet obtained by the method is an HCI layer data packet, only comprises a PDU layer in the format, and the modified data packet is a data communication PDU. The preamble is automatically generated for a link layer (PHY); the access address is generated according to the access parameters before transmission; the protocol data unit is then the field replaced by the method; replacing the data payload and the length value thereof; cyclic redundancy check codes are also computationally generated at the link layer from PDUs.
S4: data after reverse substitution: reversing the replaced data into original binary data;
The command xxd under Linux can make one hexadecimal output for a given standard input or file, and also can convert the hexadecimal output into the original binary format. In S1, the method converts the BTsnoop packet into a hexadecimal string using xxd tool, and in S2 and S3 the disassembly and replacement operations are based on the BTsnoop packet converted using xxd command in S1. After the modification operation is completed, xxd-r is used to reverse the hexadecimal data to the original binary data in preparation for subsequent playback.
S5: playback of the modified BLE packets: the modified data is replayed according to the destination MAC address, the MAC address type, seclevel.
The BLE data packet object replayed by the method is only aimed at the Bluetooth device which does not carry out BLE data writing encryption and BLE connection authentication mechanism. In BLE, the feature value is composed of one or more attributes, the service is composed of one or more feature values, and the service is grouped by service declaration, and the feature value is grouped by feature value declaration. The method for replaying comprises the following steps: analyzing the writing characteristic Value of the obtained BTsnoop-format data packet, and reading the Value after modification to the target writing characteristic to write data, thereby completing playback. In the previous step, the Value has been modified and replaced, and the method directly plays back the modified BTsnoop format file.
The invention can realize direct modification and playback of the Bluetooth control command data packet; the depth of Bluetooth control instruction test is improved, and the reliability of Bluetooth control functions is guaranteed.
The invention and its embodiments have been described above by way of illustration and not limitation, and the invention is illustrated in the accompanying drawings and described in the drawings in which the actual structure is not limited thereto. Therefore, if one of ordinary skill in the art is informed by this disclosure, the structural mode and the embodiments similar to the technical scheme are not creatively designed without departing from the gist of the present invention.
Claims (5)
1. A modification and playback method of a Bluetooth car control instruction is characterized by comprising the following steps of: the method comprises the following steps:
S1: analyzing the BLE data packet into hexadecimal character data;
s2: disassembling the parsed data according to a BLE protocol stack; s2, the specific method is as follows: calculating the field position of the Frame Len of the data Frame, the field position of the HCI Total Length of the interface of the host control layer, and the field position of the data load Length L2CAPPDU Length of the logical link control and adaptation protocol layer; specific values of Frame Len, HCI Total Length and L2CAP PDU Length are calculated according to the Length of the modified data payload, and recorded;
S3: replacing relevant fields in the selected BLE data frame with modified fields; s3, replacing the source BLE data packet according to the disassembled and calculated fields; the specific method for replacement comprises the following steps: positioning to the data Frame to be modified through a grep tool, replacing the converted hexadecimal string data packet with a sed tool by calculating the values of the Frame Len, the HCI Total Length and the L2CAP PDU Length of the modified data, and synchronously replacing the input modified data payload;
s4: reversing the replaced data into original binary data;
S5: the modified data is replayed according to the destination MAC address, the MAC address type, seclevel.
2. A method for modifying and replaying a bluetooth control instruction according to claim 1, characterized in that: in S1, the BLE data packet is BTsnoop format, and BTsnoop format is used for recording data of interaction between the bluetooth protocol stack and the chip.
3. A method for modifying and replaying a bluetooth control instruction according to claim 2, characterized in that: the BTsnoop format includes FILE HEADER and Packet Record, FILE HEADER is a fixed length field containing general information about the format of the Packet file and its contained Packet Record, including identification mode, version number and data link type; packet Record is a continuous Packet field containing an original length, a data field length, a Packet flag, a Packet loss Record, a timestamp, and a variable length Packet field.
4. A method of modifying and replaying a bluetooth control instruction according to claim 3, characterized in that: in S1, the data payload contained in the variable length field of the data packet is parsed into a visible string by using trshark tool as an input for modification, and the BLE original hexadecimal data packet is converted into a hexadecimal string data packet using xxd tool, in preparation for subsequent replacement positioning.
5. The method for modifying and replaying a bluetooth control instruction according to claim 4, wherein: at S4, xxd-r is used to reverse hexadecimal data into original binary data in preparation for subsequent playback.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310080587.0A CN116193411B (en) | 2023-02-02 | 2023-02-02 | Modification and playback method of Bluetooth car control instruction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310080587.0A CN116193411B (en) | 2023-02-02 | 2023-02-02 | Modification and playback method of Bluetooth car control instruction |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116193411A CN116193411A (en) | 2023-05-30 |
| CN116193411B true CN116193411B (en) | 2024-08-23 |
Family
ID=86437868
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310080587.0A Active CN116193411B (en) | 2023-02-02 | 2023-02-02 | Modification and playback method of Bluetooth car control instruction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116193411B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115379425A (en) * | 2021-05-19 | 2022-11-22 | 中国移动通信集团有限公司 | Bluetooth attack detection method, device, storage medium and mobile terminal |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111030735A (en) * | 2019-12-11 | 2020-04-17 | 深圳市蓝蜂时代实业有限公司 | Method and system for customizing Bluetooth headset name based on BLE protocol, and headset |
| CN113228717B (en) * | 2021-03-31 | 2022-10-04 | 华为技术有限公司 | Communication method and device |
| WO2023115367A1 (en) * | 2021-12-22 | 2023-06-29 | 北京大学深圳研究生院 | Multi-protocol data transmission method and apparatus, network, and storage medium |
| CN115134793A (en) * | 2022-06-21 | 2022-09-30 | 北京百度网讯科技有限公司 | Data processing method, apparatus, equipment and storage medium |
-
2023
- 2023-02-02 CN CN202310080587.0A patent/CN116193411B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115379425A (en) * | 2021-05-19 | 2022-11-22 | 中国移动通信集团有限公司 | Bluetooth attack detection method, device, storage medium and mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116193411A (en) | 2023-05-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6965769B2 (en) | Testing center | |
| EP1636948B1 (en) | Concatenated frame structure for data transmission | |
| CN107920059A (en) | The method and its device of data are sent and received in vehicle network | |
| US9148819B2 (en) | In-place A-MSDU aggregation for wireless systems | |
| CN114024598B (en) | Fronthaul interface testing method and device | |
| CN116193411B (en) | Modification and playback method of Bluetooth car control instruction | |
| CN113454935A (en) | Line coding method and device | |
| CN118283254A (en) | Security camera function test system and method based on 4G network | |
| CN112769700A (en) | Routing method and routing system based on application method number | |
| CN113595966A (en) | Serial port communication control, configuration and test method and device, electronic equipment and storage medium | |
| CN117411950A (en) | Information processing methods and devices, electronic equipment and media | |
| CN114448453A (en) | Method and system for determining radio frequency signal of telemetering transmitter | |
| CN113938215B (en) | Multipath duplex acoustic wave communication system | |
| US20100103909A1 (en) | Data packet, system and method for multiple nodes transmitting under ad-hoc network architecture | |
| US6868522B2 (en) | Method for testing a communication module and the associated recording medium | |
| EP2005665B1 (en) | Method and device for data packet assembly | |
| US20040123209A1 (en) | TF-determination apparatus, and TF-determination method as well as program to be executed for implementing the TF-determination method | |
| CN119300011B (en) | Smart electric meter eSIM seed number local communication downloading method and system | |
| US7428242B2 (en) | Action list for a split media access and control layer communications system | |
| KR100990555B1 (en) | Method and system for providing a unified data exchange and storage format | |
| CN116723545B (en) | Message data processing method and device, computer equipment and storage medium | |
| KR100321746B1 (en) | Crc system and method for reducing ber | |
| CN103916381B (en) | Data transmission method and device between SA and coder-decoder (CD) in TETRA system | |
| CN117376379A (en) | Multi-channel information message configuration method, storage medium and electronic device | |
| CN115021865A (en) | Data reading method, data pushing method, electronic device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |