🔓 BLEhhh v3.0

Disconnected
Device Scan
Classic Exploits
Advanced Exploits
Post-Exploitation
Smart Devices
WiFi Attacks
LoRa Testing
Captures
Console

Device Scanner

Classic Bluetooth Low Energy Exploits

🔵 BlueBorne (CVE-2017-8628)

Multiple RCE vulnerabilities affecting billions of devices. Allows remote code execution without user interaction.

🦷 SweynTooth (CVE-2019-17061)

Collection of vulnerabilities in BLE SoCs. Can cause DoS, deadlocks, and security bypass.

🔑 KNOB Attack (CVE-2019-9506)

Key Negotiation of Bluetooth - forces weak encryption keys that can be brute-forced.

🚫 BrakTooth (CVE-2021-28139)

DoS and code execution vulnerabilities in Bluetooth Classic implementations.

Advanced BLE Exploits

🔐 BIAS - Bluetooth Impersonation AttackS (CVE-2020-10135)

Authentication Bypass

Impersonate previously paired devices without re-authentication.

Role Switch Attack

Force role switch to bypass security requirements.

🌀 BLURtooth - CTKD Bypass (CVE-2020-15802)

Cross-Transport Key Derivation

Overwrite BLE LTK with weak BR/EDR link key via CTKD.

Key Replay Attack

Replay captured cross-transport keys.

🔄 BLESA - BLE Spoofing Attacks (CVE-2020-9770)

Reconnection Spoofing

Spoof legitimate server during reconnection.

Signature Bypass

Write to signed characteristics without verification.

💉 BleedingBit - TI Chip RCE (CVE-2018-16986)

TI OAD Exploit

Remote code execution on Texas Instruments BLE chips.

Advertisement DoS

Crash TI chips with malformed advertisements.

⌨️ BadBLE - HID Injection Attacks

Keyboard Injection

Act as HID keyboard to inject commands.

Mouse Hijacking

Control mouse to perform automated actions.

🔀 GATTacker - Advanced MITM

MITM Proxy Setup

Create transparent proxy between device and app.

Replay Captured Data

Replay and modify intercepted commands.

🎯 Additional Attack Vectors

Method Confusion

Downgrade pairing method through confusion.

Simultaneous Pairing

Race condition in pairing process.

L2CAP CoC Flood

Flood L2CAP Connection-Oriented Channels.

Passkey Timing

Extract passkey through timing analysis.

BLE Mesh Flood

Disrupt mesh networks with packet floods.

L2CAP Credit DoS

Exhaust flow control credits.

Smart Device Exploits

🍎 Apple AirDrop/Continuity

Exploit Apple's proprietary protocols for tracking and popup attacks.

💪 Fitness Tracker Exploits

Manipulate fitness data and extract personal information.

🔒 Smart Lock Attacks

Test smart lock security and authentication bypass.

📱 Generic IoT Devices

Common vulnerabilities in IoT implementations.

Post-Exploitation Tools

📋 Device Enumeration

Dump all services, characteristics, and readable values from the target device.

🔐 Key Extraction

Extract captured encryption keys, PINs, and other security credentials.

✍️ Write Exploit

Write custom payloads to writable characteristics.

🔄 Fuzzing

Fuzz device characteristics with malformed data.

WiFi Penetration Testing

📡 Network Discovery

Enhanced scan showing hidden networks and WPS status.

💥 Deauthentication Attack

Force clients to disconnect using multiple reason codes.

👥 Evil Twin AP

Advanced phishing portal with credential harvesting.

🔓 PMKID Attack

Capture PMKID for offline password cracking.

✨ Pixie Dust WPS

Extract WPS nonces for offline PIN recovery.

LoRa Radio Testing (RadioLib Enhanced)

📻 Comprehensive Scanner

Scan all common frequencies with multiple SF/BW combinations.

🔁 Advanced Replay

Replay with automatic counter incrementation and bit manipulation.

🎯 Smart Jamming

Selective jamming that detects and jams only legitimate packets.

🔨 Protocol Fuzzing

Advanced fuzzing with edge cases and format string attacks.

Packet Captures

Debug Console

BLEhhh v3.0 Console
Type 'help' for available commands