ZigDiggity Version 2
Introducing ZigDiggity 2.0, a ZigBee penetration testing framework created by Matt Gleason & Francis Brown of Bishop Fox. Special thanks to Caleb Marion!
ZigDiggity version 2 is a major overhaul of the original package and aims to enable cybersecurity professionals, auditors, and developers to run complex interactions with ZigBee networks using a single device.
2019 - Black Hat USA 2019 & DEF CON 27 - links, slides, and videos
- Black Hat USA 2019 - ARSENAL LAB - ZigBee Hacking: Smarter Home Invasion with ZigDiggity - Aug 7-8, 2019
- YouTube - Zigbee Hacking: Smarter Home Invasion with ZigDiggity - 56sec DEMO - 20Aug2019
- Defeating Zigbee smart locks & home alarm sensors; demonstrating effective IoT product security evaluations using ZigDiggity 2.0 - the new open-source Zigbee pentest toolkit from Bishop Fox.
Do you feel safe in your home with the security system armed? You may reconsider after watching a demo of our new hacking toolkit, ZigDiggity, where we target door & window sensors using an "ACK Attack". ZigDiggity will emerge as the weapon of choice for testing Zigbee-enabled systems, replacing all previous efforts.
Zigbee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools.
Unfortunately, existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.
Our DEMO-rich presentation showcases ZigDiggity's attack capabilities by pitting it against common Internet of Things (IoT) products that use Zigbee. Come experience the future of Zigbee hacking, in a talk that the New York Times will be hailing as "a veritable triumph of the human spirit." ... ya know, probably
Using a default install of Raspbian, perform the following steps:
- Plug your Raspbee into your Raspberry Pi
- Enable serial using the
- Select "Advanced Options/Serial"
- Select NO to "Would you like a login shell to be accessible over serial?"
- Select YES to enabling serial
- Restart the Raspberry Pi
- Install GCFFlasher available Here
- Flash the Raspbee's firmware
sudo GCFFlasher -f firmware/zigdiggity_raspbee.bin
sudo GCFFlasher -r
- Install the python requirements using
pip3 install -r requirements.txt
- Patch scapy
sudo cp patch/zigbee.py /usr/local/lib/python3.5/dist-packages/scapy/layers/zigbee.py
- Install wireshark on the device using
sudo apt-get install wireshark
The current version of ZigDiggity is solely designed for use with the Raspbee
- Raspberry Pi 3 B+
- RasPad by SunFounder (Optional) - great portable Zigbee hacking solution, tablet to house the RaspPi3 & RaspBee radio:
Currently scripts are available in the root of the repository, they can all be run using Python3:
python3 listen.py -c 15
When running with wireshark, root privileges may be required.
ack_attack.py- Performs the acknowledge attack against a given network.
beacon.py- Sends a single beacon and listens for a short time. Intended for finding which networks are near you.
find_locks.py- Examines the network traffic on a channel to determine if device behavior looks like a lock. Displays which devices it thinks are locks.
insecure_rejoin.py- Runs an insecure rejoin attempt on the target network.
listen.py- Listens on a channel piping all output to wireshark for viewing.
scan.py- Moves between channels listening and piping the data to wireshark for viewing.
unlock.py- Attempts to unlock a target lock
The patterns used by ZigDiggity version 2 are designed to be as reliable as possible. The tool is still in fairly early stages of development, so expect to see improvements over time.