Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

A How-To Guide for Using ZigDiggity, the Zigbee Hacking Toolkit

Zig Diggity White

Share

Introducing ZigDiggity, a ZigBee testing framework created by Bishop Fox.


About ZigDiggity

ZigDiggity version 2 is a major overhaul of the original package and aims to enable security auditors and developers to run complex interactions with ZigBee networks using a single device.

Go to https://github.com/BishopFox/ZigDiggity for complete tooling

Install Instructions

Using a default install of Raspbian, perform the following steps:

  • Plug your Raspbee into your Raspberry Pi
  • Enable serial using the sudo raspbi-config command
    • Select "Advanced Options/Serial"
    • Select NO to "Would you like a login shell to be accessible over serial?"
    • Select YES to enabling serial
    • Restart the Raspberry Pi
  • Install GCFFlasher available Here
  • Flash the Raspbee's firmware
    • udo GCFFlasher -f firmware/zigdiggity_raspbee.bin
    • sudo GCFFlasher -udo GCFFlasher -r
  • Install the python requirements using pip3 install -r requirements.txt
  • Patch scapy sudo cp patch/zigbee.py /usr/local/lib/python3.5/dist-packages/scapy/layers/zigbee.py
  • Install wireshark on the device using sudo apt-get install wireshark

Hardware

The current version of ZigDiggity is solely designed for use with the Raspbee

Usage

Currently scripts are available in the root of the repository, they can all be run using Python3:

python3 listen.py -c 15

When running with wireshark, root privileges may be required.

Scripts

  • ack_attack.py - Performs the acknowledge attack against a given network.
  • beacon.py - Sends a single beacon and listens for a short time. Intended for finding which networks are near you.
  • find_locks.py5 - Examines the network traffic on a channel to determine if device behavior looks like a lock. Displays which devices it thinks are locks.
  • insecure_rejoin.py - Runs an insecure rejoin attempt on the target network.
  • listen.py - Listens on a channel piping all output to wireshark for viewing.
  • scan.py - Moves between channels listening and piping the data to wireshark for viewing.
  • unlock.py - Attempts to unlock a target lock

Notes

The patterns used by ZigDiggity version 2 are designed to be as reliable as possible. The tool is still in fairly early stages of development, so expect to see improvements over time.


Francis brown

About the author, Francis Brown

Co-Founder and Board Member

Francis Brown, CISA, CISSP, MCSE, is the Co-founder and Board Member of Bishop Fox. Before founding Bishop Fox, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.

Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

More by Francis

Matt gleason

About the author, Matt Gleason

Bishop Fox Alumnus

Matt Gleason is a Bishop Fox alumnus. He focused on application penetration testing (static and dynamic), network penetration testing (external and internal), and cloud deployment reviews.

Matt is an active security researcher and presented on the ZigDiggity attack tool targeting home automation networks at Black Hat USA and DEF CON. He also presented at The Active Directory Kill Chain: Is Your Company at Risk at (ISC)2 Phoenix. In this talk, he explained how enterprises could protect themselves against a potentially devastating Microsoft Active Directory exploit.

More by Matt

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.