Skip to content
A ZigBee hacking toolkit by Bishop Fox
Python
Branch: master
Clone or download
Latest commit 676835e Aug 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
firmware Initial ZigDiggity version 2 code Aug 7, 2019
images Add files via upload Aug 21, 2019
patch Initial ZigDiggity version 2 code Aug 7, 2019
zigdiggity Initial ZigDiggity version 2 code Aug 7, 2019
LICENSE Initial commit Aug 12, 2018
README.md Update README.md Aug 22, 2019
ack_attack.py Bug fixes Aug 7, 2019
beacon.py Bug fixes Aug 7, 2019
find_locks.py Bug fixes Aug 7, 2019
insecure_rejoin.py Bug fixes Aug 7, 2019
listen.py Initial ZigDiggity version 2 code Aug 7, 2019
requirements.txt README data Aug 7, 2019
scan.py Initial ZigDiggity version 2 code Aug 7, 2019
unlock.py Fixed more errors Aug 7, 2019

README.md

ZigDiggity - Logo

ZigDiggity Version 2

Introducing ZigDiggity 2.0, a ZigBee penetration testing framework created by Matt Gleason & Francis Brown of Bishop Fox. Special thanks to Caleb Marion!

ZigDiggity version 2 is a major overhaul of the original package and aims to enable cybersecurity professionals, auditors, and developers to run complex interactions with ZigBee networks using a single device.

2019 - Black Hat USA 2019 & DEF CON 27 - links, slides, and videos

Videos

ZigDiggity 2019 DEMO

Slides

ABSTRACT:

Do you feel safe in your home with the security system armed? You may reconsider after watching a demo of our new hacking toolkit, ZigDiggity, where we target door & window sensors using an "ACK Attack". ZigDiggity will emerge as the weapon of choice for testing Zigbee-enabled systems, replacing all previous efforts.

Zigbee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools.

Unfortunately, existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.

Our DEMO-rich presentation showcases ZigDiggity's attack capabilities by pitting it against common Internet of Things (IoT) products that use Zigbee. Come experience the future of Zigbee hacking, in a talk that the New York Times will be hailing as "a veritable triumph of the human spirit." ... ya know, probably

Installation

Using a default install of Raspbian, perform the following steps:

  • Plug your Raspbee into your Raspberry Pi
  • Enable serial using the sudo raspbi-config command
    • Select "Advanced Options/Serial"
    • Select NO to "Would you like a login shell to be accessible over serial?"
    • Select YES to enabling serial
    • Restart the Raspberry Pi
  • Install GCFFlasher available Here
  • Flash the Raspbee's firmware
    • sudo GCFFlasher -f firmware/zigdiggity_raspbee.bin
    • sudo GCFFlasher -r
  • Install the python requirements using pip3 install -r requirements.txt
  • Patch scapy sudo cp patch/zigbee.py /usr/local/lib/python3.5/dist-packages/scapy/layers/zigbee.py
  • Install wireshark on the device using sudo apt-get install wireshark

Hardware

The current version of ZigDiggity is solely designed for use with the Raspbee

Usage

Currently scripts are available in the root of the repository, they can all be run using Python3:

python3 listen.py -c 15

When running with wireshark, root privileges may be required.

Scripts

  • ack_attack.py - Performs the acknowledge attack against a given network.
  • beacon.py - Sends a single beacon and listens for a short time. Intended for finding which networks are near you.
  • find_locks.py - Examines the network traffic on a channel to determine if device behavior looks like a lock. Displays which devices it thinks are locks.
  • insecure_rejoin.py - Runs an insecure rejoin attempt on the target network.
  • listen.py - Listens on a channel piping all output to wireshark for viewing.
  • scan.py - Moves between channels listening and piping the data to wireshark for viewing.
  • unlock.py - Attempts to unlock a target lock

Notes

The patterns used by ZigDiggity version 2 are designed to be as reliable as possible. The tool is still in fairly early stages of development, so expect to see improvements over time.

You can’t perform that action at this time.