diff --git "a/docs/\344\275\277\347\224\250Ubertooth-one\346\211\253\346\217\217\345\227\205\346\216\242\344\275\216\345\212\237\350\200\227\350\223\235\347\211\231.html" "b/docs/\344\275\277\347\224\250Ubertooth-one\346\211\253\346\217\217\345\227\205\346\216\242\344\275\216\345\212\237\350\200\227\350\223\235\347\211\231.html"
new file mode 100644
index 0000000..da9971f
--- /dev/null
+++ "b/docs/\344\275\277\347\224\250Ubertooth-one\346\211\253\346\217\217\345\227\205\346\216\242\344\275\216\345\212\237\350\200\227\350\223\235\347\211\231.html"
@@ -0,0 +1,153 @@
+<!doctype html>
+<html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"><meta><title>使用Ubertooth one扫描嗅探低功耗蓝牙 - ol4three</title><meta description="0x00 本机环境Mac osx 10.15.5VMware Fusion 11.5.1Ubuntu 18.04Ubertooth One"><meta property="og:type" content="blog"><meta property="og:title" content="使用Ubertooth one扫描嗅探低功耗蓝牙"><meta property="og:url" content="http://www.ol4three.com/2020/10/14/IOT/%E4%BD%BF%E7%94%A8Ubertooth-one%E6%89%AB%E6%8F%8F%E5%97%85%E6%8E%A2%E4%BD%8E%E5%8A%9F%E8%80%97%E8%93%9D%E7%89%99/"><meta property="og:site_name" content="ol4three"><meta property="og:description" content="0x00 本机环境Mac osx 10.15.5VMware Fusion 11.5.1Ubuntu 18.04Ubertooth One"><meta property="og:locale" content="en_US"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015092657632.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015093808357.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015094038013.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015094733056.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015095601031.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015100005087.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015104856092.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015104915904.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015113803864.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015110349788.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015113903595.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015114932731.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015115144837.png"><meta property="og:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015115842434.png"><meta property="article:published_time" content="2020-10-14T07:17:42.000Z"><meta property="article:modified_time" content="2021-03-03T06:36:44.000Z"><meta property="article:author" content="ol4three"><meta property="article:tag" content="BLE"><meta property="article:tag" content="Ubertooth one"><meta property="article:tag" content="SDK"><meta property="twitter:card" content="summary"><meta property="twitter:image" content="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015092657632.png"><script type="application/ld+json">{"@context":"https://schema.org","@type":"BlogPosting","mainEntityOfPage":{"@type":"WebPage","@id":"http://www.ol4three.com/2020/10/14/IOT/%E4%BD%BF%E7%94%A8Ubertooth-one%E6%89%AB%E6%8F%8F%E5%97%85%E6%8E%A2%E4%BD%8E%E5%8A%9F%E8%80%97%E8%93%9D%E7%89%99/"},"headline":"ol4three","image":["https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015092657632.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015093808357.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015094038013.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015094733056.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015095601031.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015100005087.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015104856092.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015104915904.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015113803864.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015110349788.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015113903595.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015114932731.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015115144837.png","https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015115842434.png"],"datePublished":"2020-10-14T07:17:42.000Z","dateModified":"2021-03-03T06:36:44.000Z","author":{"@type":"Person","name":"ol4three"},"description":"0x00 本机环境Mac osx 10.15.5VMware Fusion 11.5.1Ubuntu 18.04Ubertooth One"}</script><link rel="canonical" href="http://www.ol4three.com/2020/10/14/IOT/%E4%BD%BF%E7%94%A8Ubertooth-one%E6%89%AB%E6%8F%8F%E5%97%85%E6%8E%A2%E4%BD%8E%E5%8A%9F%E8%80%97%E8%93%9D%E7%89%99/"><link rel="icon" href="/img/logo.svg"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.12.0/css/all.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/highlight.js@9.12.0/styles/atom-one-light.css"><link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;600&amp;family=Source+Code+Pro"><link rel="stylesheet" href="/css/default.css"><style>body>.footer,body>.navbar,body>.section{opacity:0}</style><!--!--><!--!--><script src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" defer></script><!--!--><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/lightgallery@1.6.8/dist/css/lightgallery.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/justifiedGallery@3.7.0/dist/css/justifiedGallery.min.css"><!--!--><!--!--><script src="https://cdn.jsdelivr.net/npm/pace-js@1.0.2/pace.min.js"></script><script data-ad-client="1" src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js" async></script><meta name="generator" content="Hexo 5.1.1"><link rel="alternate" href="/atom.xml" title="ol4three" type="application/atom+xml">
+</head><body class="is-3-column"><nav class="navbar navbar-main"><div class="container"><div class="navbar-brand justify-content-center"><a class="navbar-item navbar-logo" href="/"><img src="/img/logo.svg" alt="ol4three" height="28"></a></div><div class="navbar-menu"><div class="navbar-start"><a class="navbar-item" href="/">Home</a><a class="navbar-item" href="/about">About</a><a class="navbar-item" href="/Security%20Incidents">Security Incidents</a><a class="navbar-item" href="/Vulnerabilities">Vulnerabilities</a><a class="navbar-item" href="/Read%20Team">Read Team</a><a class="navbar-item" href="/Stop%20learning">Stop learning</a><a class="navbar-item" href="/archives">Archives</a><a class="navbar-item" href="/categories">Categories</a><a class="navbar-item" href="/tags">Tags</a></div><div class="navbar-end"><a class="navbar-item" target="_blank" rel="noopener" title="Download on GitHub" href="https://github.com/ppoffice/hexo-theme-icarus"><i class="fab fa-github"></i></a><a class="navbar-item is-hidden-tablet catalogue" title="Catalogue" href="javascript:;"><i class="fas fa-list-ul"></i></a><a class="navbar-item search" title="Search" href="javascript:;"><i class="fas fa-search"></i></a></div></div></div></nav><section class="section"><div class="container"><div class="columns"><div class="column order-2 column-main is-8-tablet is-8-desktop is-9-widescreen"><div class="card"><article class="card-content article" role="article"><div class="article-meta size-small is-uppercase level is-mobile"><div class="level-left"><span class="level-item">Posted&nbsp;<time dateTime="2020-10-14T07:17:42.000Z" title="2020-10-14T07:17:42.000Z">2020-10-14</time></span><span class="level-item">Updated&nbsp;<time dateTime="2021-03-03T06:36:44.000Z" title="2021-03-03T06:36:44.000Z">2021-03-03</time></span><span class="level-item">Updated&nbsp;<time dateTime="2021-03-03T06:36:44.000Z" title="2021-03-03T06:36:44.000Z">2021-03-03</time></span><span class="level-item"><a class="link-muted" href="/categories/IOT/">IOT</a></span><span class="level-item">12 minutes read (About 1801 words)</span><span class="level-item" id="busuanzi_container_page_pv"><span id="busuanzi_value_page_pv">0</span>&nbsp;visits</span></div></div><h1 class="title is-3 is-size-4-mobile">使用Ubertooth one扫描嗅探低功耗蓝牙</h1><div class="content"><h2 id="0x00-本机环境"><a href="#0x00-本机环境" class="headerlink" title="0x00 本机环境"></a>0x00 本机环境</h2><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">Mac osx 10.15.5</span><br><span class="line">VMware Fusion 11.5.1</span><br><span class="line">Ubuntu 18.04</span><br><span class="line">Ubertooth One</span><br></pre></td></tr></table></figure>
+
+<a id="more"></a>
+
+<h2 id="0x01-环境搭建"><a href="#0x01-环境搭建" class="headerlink" title="0x01 环境搭建"></a>0x01 环境搭建</h2><h3 id="1-安装lib库"><a href="#1-安装lib库" class="headerlink" title="1. 安装lib库"></a>1. 安装lib库</h3><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">apt-get install python-software-properties</span><br><span class="line">add-apt-repository ppa:pyside</span><br><span class="line">apt-get update</span><br><span class="line">apt-get install libnl-3-dev libusb-1.0-0-dev pyside-tools</span><br></pre></td></tr></table></figure>
+
+<h3 id="2-安装libbtbb"><a href="#2-安装libbtbb" class="headerlink" title="2. 安装libbtbb"></a>2. 安装libbtbb</h3><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">wget https:&#x2F;&#x2F;github.com&#x2F;greatscottgadgets&#x2F;libbtbb&#x2F;archive&#x2F;2015-09-R2.tar.gz -O libbtbb-2015-09-R2.tar.gz</span><br><span class="line">tar xf libbtbb-2015-09-R2.tar.gz</span><br><span class="line">cd libbtbb-2015-09-R2</span><br><span class="line">mkdir build</span><br><span class="line">cd build</span><br><span class="line">cmake ..</span><br><span class="line">make</span><br><span class="line">sudo make install</span><br></pre></td></tr></table></figure>
+
+<h3 id="3-安装ubertooth"><a href="#3-安装ubertooth" class="headerlink" title="3. 安装ubertooth"></a>3. 安装ubertooth</h3><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">sudo apt-get install ubertooth</span><br></pre></td></tr></table></figure>
+
+<blockquote>
+<p>报错安装：</p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">sudo apt-get install pkg-config</span><br></pre></td></tr></table></figure>
+</blockquote>
+<h3 id="4-安装wireshark"><a href="#4-安装wireshark" class="headerlink" title="4. 安装wireshark"></a>4. 安装wireshark</h3><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">sudo apt-get install wireshark</span><br></pre></td></tr></table></figure>
+
+<h3 id="5-安装kismet"><a href="#5-安装kismet" class="headerlink" title="5. 安装kismet"></a>5. 安装kismet</h3><h4 id="a-直接安装"><a href="#a-直接安装" class="headerlink" title="a. 直接安装"></a>a. 直接安装</h4><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">sudo apt-get install ckermit </span><br></pre></td></tr></table></figure>
+
+<p>在~中创建.kermrc，然后输入如下配置信息：</p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">set line          &#x2F;dev&#x2F;ttyUSB0  </span><br><span class="line">set speed         115200  </span><br><span class="line">set carrier-watch off  </span><br><span class="line">set handshake     none  </span><br><span class="line">set flow-control none  </span><br><span class="line">robust  </span><br><span class="line">set file type     bin  </span><br><span class="line">set file name     lit  </span><br><span class="line">set rec pack      1000  </span><br><span class="line">set send pack     1000  </span><br><span class="line">set window        5  </span><br></pre></td></tr></table></figure>
+
+<h4 id="b-编译安装"><a href="#b-编译安装" class="headerlink" title="b. 编译安装"></a>b. 编译安装</h4><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">wget https:&#x2F;&#x2F;kismetwireless.net&#x2F;code&#x2F;kismet-2020-09-R1.tar.xz</span><br><span class="line">tar xf kismet-2020-09-R1.tar.xz</span><br><span class="line">cd kismet-2020-09-R1</span><br><span class="line">ln -s ..&#x2F;ubertooth-2015-09-R2&#x2F;host&#x2F;kismet&#x2F;plugin-ubertooth .</span><br><span class="line">.&#x2F;configure</span><br><span class="line">make &amp;&amp; make plugins</span><br><span class="line">sudo make suidinstall</span><br><span class="line">sudo make plugins-install</span><br></pre></td></tr></table></figure>
+
+<blockquote>
+<p>报错安装：</p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">sudo apt-get install ncurses-dev</span><br><span class="line">sudo apt-get install libpcap-dev</span><br><span class="line">sudo apt-get install libz-dev</span><br><span class="line">sudo apt-get install libmicrohttpd-dev</span><br><span class="line">sudo apt-get install libsqlite3-dev</span><br></pre></td></tr></table></figure>
+
+
+</blockquote>
+<p>找到kismet的配置文件kismet.conf ，把”pcapbtbb”加入到kismet.conf的logtypes= 里边</p>
+<h3 id="6-安装BLE解密工具crackle"><a href="#6-安装BLE解密工具crackle" class="headerlink" title="6. 安装BLE解密工具crackle"></a>6. 安装BLE解密工具crackle</h3><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">git clone https:&#x2F;&#x2F;github.com&#x2F;mikeryan&#x2F;crackle.git</span><br><span class="line">cd crackle</span><br><span class="line">make</span><br><span class="line">sudo make install</span><br></pre></td></tr></table></figure>
+
+<h2 id="0x02-嗅探扫描"><a href="#0x02-嗅探扫描" class="headerlink" title="0x02 嗅探扫描"></a>0x02 嗅探扫描</h2><h3 id="1-Spectool"><a href="#1-Spectool" class="headerlink" title="1. Spectool"></a>1. Spectool</h3><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">sudo apt install spectools</span><br></pre></td></tr></table></figure>
+
+<h4 id="a-spectool-curses"><a href="#a-spectool-curses" class="headerlink" title="a. spectool_curses"></a>a. spectool_curses</h4><p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015092657632.png" alt="image-20201015092657632"></p>
+<h4 id="b-spectool-gtk"><a href="#b-spectool-gtk" class="headerlink" title="b. spectool_gtk"></a>b. spectool_gtk</h4><p>扫描附近信号在频谱上显示</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015093808357.png" alt="image-20201015093808357"></p>
+<h4 id="c-spectool-raw"><a href="#c-spectool-raw" class="headerlink" title="c. spectool_raw"></a>c. spectool_raw</h4><p>RAW中文的解释是“原材料”或“未经过处理的东西”，这里猜测是显示设备捕获到的未经处理的信号数据：</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015094038013.png" alt="image-20201015094038013"></p>
+<h4 id="d-spectool-net"><a href="#d-spectool-net" class="headerlink" title="d. spectool_net"></a>d. spectool_net</h4><p>将Ubertooth One作为一台“硬件服务器”，并监听TCP：30569端口，局域网内任何可以跟主机建立通信的PC可通过Ubertoothe主机IP+30569共享设备。连接方式：在另外一台主机终端上执行：spectool_gtk</p>
+<p>—&gt;选择Open Network Device —&gt;输入ip、端口</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015094733056.png" alt="image-20201015094733056"></p>
+<h3 id="2-Hcitool"><a href="#2-Hcitool" class="headerlink" title="2. Hcitool"></a>2. Hcitool</h3><p>hcitool –help</p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">hcitool - HCI Tool ver 5.48</span><br><span class="line">Usage:</span><br><span class="line">	hcitool [options] &lt;command&gt; [command parameters]</span><br><span class="line">Options:</span><br><span class="line">	--help	Display help</span><br><span class="line">	-i dev	HCI device</span><br><span class="line">Commands:</span><br><span class="line">	dev 	Display local devices</span><br><span class="line">	inq 	Inquire remote devices</span><br><span class="line">	scan	Scan for remote devices</span><br><span class="line">	name	Get name from remote device</span><br><span class="line">	info	Get information from remote device</span><br><span class="line">	spinq	Start periodic inquiry</span><br><span class="line">	epinq	Exit periodic inquiry</span><br><span class="line">	cmd 	Submit arbitrary HCI commands</span><br><span class="line">	con 	Display active connections</span><br><span class="line">	cc  	Create connection to remote device</span><br><span class="line">	dc  	Disconnect from remote device</span><br><span class="line">	sr  	Switch master&#x2F;slave role</span><br><span class="line">	cpt 	Change connection packet type</span><br><span class="line">	rssi	Display connection RSSI</span><br><span class="line">	lq  	Display link quality</span><br><span class="line">	tpl 	Display transmit power level</span><br><span class="line">	afh 	Display AFH channel map</span><br><span class="line">	lp  	Set&#x2F;display link policy settings</span><br><span class="line">	lst 	Set&#x2F;display link supervision timeout</span><br><span class="line">	auth	Request authentication</span><br><span class="line">	enc 	Set connection encryption</span><br><span class="line">	key 	Change connection link key</span><br><span class="line">	clkoff	Read clock offset</span><br><span class="line">	clock	Read local or remote clock</span><br><span class="line">	lescan	Start LE scan</span><br><span class="line">	leinfo	Get LE remote information</span><br><span class="line">	lewladd	Add device to LE White List</span><br><span class="line">	lewlrm	Remove device from LE White List</span><br><span class="line">	lewlsz	Read size of LE White List</span><br><span class="line">	lewlclr	Clear LE White List</span><br><span class="line">	lerladd	Add device to LE Resolving List</span><br><span class="line">	lerlrm	Remove device from LE Resolving List</span><br><span class="line">	lerlclr	Clear LE Resolving List</span><br><span class="line">	lerlsz	Read size of LE Resolving List</span><br><span class="line">	lerlon	Enable LE Address Resolution</span><br><span class="line">	lerloff	Disable LE Address Resolution</span><br><span class="line">	lecc	Create a LE Connection</span><br><span class="line">	ledc	Disconnect a LE Connection</span><br><span class="line">	lecup	LE Connection Update</span><br><span class="line"></span><br><span class="line">For more information on the usage of each command use:</span><br><span class="line">	hcitool &lt;command&gt; --help</span><br></pre></td></tr></table></figure>
+
+<p>hcitool scan :扫描附近蓝牙设备</p>
+<p>hcitool lescan :扫描附近低功耗蓝牙设备</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015095601031.png" alt="image-20201015095601031"></p>
+<h3 id="3-Gatttool"><a href="#3-Gatttool" class="headerlink" title="3. Gatttool"></a>3. Gatttool</h3><p> gatttool -h</p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">Usage:</span><br><span class="line">  gatttool [OPTION?]</span><br><span class="line"></span><br><span class="line">Help Options:</span><br><span class="line">  -h, --help                                Show help options</span><br><span class="line">  --help-all                                Show all help options</span><br><span class="line">  --help-gatt                               Show all GATT commands</span><br><span class="line">  --help-params                             Show all Primary Services&#x2F;Characteristics arguments</span><br><span class="line">  --help-char-read-write                    Show all Characteristics Value&#x2F;Descriptor Read&#x2F;Write arguments</span><br><span class="line"></span><br><span class="line">Application Options:</span><br><span class="line">  -i, --adapter&#x3D;hciX                        Specify local adapter interface</span><br><span class="line">  -b, --device&#x3D;MAC                          Specify remote Bluetooth address</span><br><span class="line">  -t, --addr-type&#x3D;[public | random]         Set LE address type. Default: public</span><br><span class="line">  -m, --mtu&#x3D;MTU                             Specify the MTU size</span><br><span class="line">  -p, --psm&#x3D;PSM                             Specify the PSM for GATT&#x2F;ATT over BR&#x2F;EDR</span><br><span class="line">  -l, --sec-level&#x3D;[low | medium | high]     Set security level. Default: low</span><br><span class="line">  -I, --interactive                         Use interactive mode</span><br></pre></td></tr></table></figure>
+
+<p>gatttool -b EC:F3:42:B2:DF:24 -I</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015100005087.png" alt="image-20201015100005087"></p>
+<h3 id="4-Ubertooth-scan-s"><a href="#4-Ubertooth-scan-s" class="headerlink" title="4. Ubertooth-scan -s"></a>4. Ubertooth-scan -s</h3><p>sudo apt install ubertooth</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015104856092.png" alt="image-20201015104856092"></p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015104915904.png" alt="image-20201015104915904"></p>
+<h3 id="5-Ubertooth-ble"><a href="#5-Ubertooth-ble" class="headerlink" title="5. Ubertooth-ble"></a>5. Ubertooth-ble</h3><pre><code>ubertooth-btle - passive Bluetooth Low Energy monitoring
+Usage:
+    -h this help
+
+    Major modes:
+    -f follow connections
+    -p promiscuous: sniff active connections
+    -a[address] get/set access address (example: -a8e89bed6)
+    -s&lt;address&gt; faux slave mode, using MAC addr (example: -s22:44:66:88:aa:cc)
+    -t&lt;address&gt; set connection following target (example: -t22:44:66:88:aa:cc)
+
+    Interference (use with -f or -p):
+    -i interfere with one connection and return to idle
+    -I interfere continuously
+
+    Data source:
+    -U&lt;0-7&gt; set ubertooth device to use
+
+    Misc:
+    -r&lt;filename&gt; capture packets to PCAPNG file
+    -q&lt;filename&gt; capture packets to PCAP file (DLT_BLUETOOTH_LE_LL_WITH_PHDR)
+    -c&lt;filename&gt; capture packets to PCAP file (DLT_PPI)
+    -A&lt;index&gt; advertising channel index (default 37)
+    -v[01] verify CRC mode, get status or enable/disable
+    -x&lt;n&gt; allow n access address offenses (default 32)
+
+If an input file is not specified, an Ubertooth device is used for live capture.
+In get/set mode no capture occurs.</code></pre><blockquote>
+<p>ubertooth-btle -f -c test.pcap抓包&amp;保存到本地</p>
+</blockquote>
+<p>使用这条命令我们可以把设备捕获到的数据包保存到本地，完成后可导入wireshark进行数据包、协议分析。</p>
+<p>wireshark导入嗅探到的蓝牙数据包需要处理一下才能正常查看，不然无法正常分析数据：</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015113803864.png" alt="image-20201015113803864"></p>
+<p>Edit → Preferences → Protocols → DLT_USER → Edit → New</p>
+<p>在payload protocol中输入btle</p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015110349788.png" alt="image-20201015110349788"></p>
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015113903595.png" alt="image-20201015113903595"></p>
+<p>使用规则过滤数据包：参考<a target="_blank" rel="noopener" href="https://github.com/greatscottgadgets/ubertooth/wiki/Capturing-BLE-in-Wireshark">Capturing BLE in Wireshark</a></p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">btle.data_header.length &gt; 0 || btle.advertising_header.pdu_type &#x3D;&#x3D; 0x05</span><br></pre></td></tr></table></figure>
+
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015114932731.png" alt="image-20201015114932731"></p>
+<h3 id="6-crackle"><a href="#6-crackle" class="headerlink" title="6. crackle"></a>6. crackle</h3><p>如果捕获到足够的数据包尤其是btsmp，抓到包之后我们最关心的问题是我们有没有抓到的足够的包来破解tk。所以在wireshark中你可以在filter处加上btsmp，确保抓到了我们需要的6个包。，那接下来便可以用crackle来破解tk和ltk：</p>
+<p><strong>做到这个点尝试了身边的一些设备的连接没抓到大量包没有至少6个btsmp之后实践中碰到补足图片</strong></p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">crackle -i &lt;file.pcap&gt;</span><br></pre></td></tr></table></figure>
+
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015115144837.png" alt="image-20201015115144837"></p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">从上图中我们可以看到我们不但破解了tk，还利用利用tk和其它一些数据成功的还原出了ltk。</span><br><span class="line"></span><br><span class="line">接下来我们再来试试利用获取的ltk来破解其他的加密包。假设我们在配对过程中已经拿到了ltk&#x3D;7f62c053f104a5bbe68b1d896a2ed49c</span><br></pre></td></tr></table></figure>
+
+<p>解密数据包，并把解密后的包另存：</p>
+<figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">crackle -i &lt;file.pcap&gt; -o &lt;output.pcap&gt;</span><br><span class="line">crackle -i &lt;file.pcap&gt; -o &lt;out.pcap&gt; -l &lt;ltk&gt;</span><br><span class="line"></span><br><span class="line">crackle -l 7f62c053f104a5bbe68b1d896a2ed49c -i test44.pcap -o test66.pcap</span><br></pre></td></tr></table></figure>
+
+<p><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/image-20201015115842434.png" alt="image-20201015115842434"></p>
+<p>可以看到成功破解了7个包</p>
+<h2 id="0x03-解决方案"><a href="#0x03-解决方案" class="headerlink" title="0x03 解决方案"></a>0x03 解决方案</h2><h4 id="1-使用OOB"><a href="#1-使用OOB" class="headerlink" title="1. 使用OOB"></a>1. 使用OOB</h4><figure class="highlight plain"><table><tr><td class="code"><pre><span class="line">[email protected]:~&#x2F;Desktop# crackle -i heart.pcap </span><br><span class="line">Warning: No output file specified. Won&#39;t decrypt any packets.</span><br><span class="line">Warning: found multiple connects, only using the latest one</span><br><span class="line">Warning: found multiple LL_ENC_REQ, only using latest one</span><br><span class="line">Warning: found multiple connects, only using the latest one</span><br><span class="line">Warning: found multiple pairing requests, only using the latest one</span><br><span class="line">Warning: found multiple connects, only using the latest one</span><br><span class="line">Warning: found multiple pairing requests, only using the latest one</span><br><span class="line">Warning: already saw two random values, skipping</span><br><span class="line">Warning: found multiple LL_ENC_REQ, only using latest one</span><br><span class="line">TK not found, the connection is probably using OOB pairing</span><br><span class="line">Sorry d00d :(</span><br></pre></td></tr></table></figure>
+
+<h4 id="2-支持bluetooth4-2以上的设备的出现（通过ECDH解决）"><a href="#2-支持bluetooth4-2以上的设备的出现（通过ECDH解决）" class="headerlink" title="2. 支持bluetooth4.2以上的设备的出现（通过ECDH解决）"></a>2. 支持bluetooth4.2以上的设备的出现（通过ECDH解决）</h4><h2 id="0x04-参考："><a href="#0x04-参考：" class="headerlink" title="0x04 参考："></a>0x04 参考：</h2><p><a target="_blank" rel="noopener" href="http://www.vuln.cn/6083">http://www.vuln.cn/6083</a></p>
+<p><a target="_blank" rel="noopener" href="https://blog.csdn.net/charmve/article/details/107170250">https://blog.csdn.net/charmve/article/details/107170250</a></p>
+<p><a target="_blank" rel="noopener" href="https://www.freebuf.com/articles/wireless/106298.html">路人甲@乌云drops:Bluetooth Low Energy 嗅探</a></p>
+<p><a target="_blank" rel="noopener" href="http://j2abro.blogspot.com.au/2014/06/understanding-bluetooth-advertising.html">疯狗@乌云drops：物联网安全拔“牙”实战——低功耗蓝牙（BLE）初探</a></p>
+<p><a target="_blank" rel="noopener" href="https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide">https://github.com/greatscottgadgets/ubertooth/wiki/Build-Guide</a></p>
+<p><a target="_blank" rel="noopener" href="https://github.com/greatscottgadgets/ubertooth/wiki/Capturing-BLE-in-Wireshark">https://github.com/greatscottgadgets/ubertooth/wiki/Capturing-BLE-in-Wireshark</a></p>
+</div><div class="article-licensing box"><div class="licensing-title"><p>使用Ubertooth one扫描嗅探低功耗蓝牙</p><p><a href="http://www.ol4three.com/2020/10/14/IOT/%E4%BD%BF%E7%94%A8Ubertooth-one%E6%89%AB%E6%8F%8F%E5%97%85%E6%8E%A2%E4%BD%8E%E5%8A%9F%E8%80%97%E8%93%9D%E7%89%99/">http://www.ol4three.com/2020/10/14/IOT/%E4%BD%BF%E7%94%A8Ubertooth-one%E6%89%AB%E6%8F%8F%E5%97%85%E6%8E%A2%E4%BD%8E%E5%8A%9F%E8%80%97%E8%93%9D%E7%89%99/</a></p></div><div class="licensing-meta level is-mobile"><div class="level-left"><div class="level-item is-narrow"><div><h6>Author</h6><p>ol4three</p></div></div><div class="level-item is-narrow"><div><h6>Posted on</h6><p>2020-10-14</p></div></div><div class="level-item is-narrow"><div><h6>Updated on</h6><p>2021-03-03</p></div></div><div class="level-item is-narrow"><div><h6>Licensed under</h6><p><a class="icon" rel="noopener" target="_blank" title="Creative Commons" href="https://creativecommons.org/"><i class="fab fa-creative-commons"></i></a><a class="icon" rel="noopener" target="_blank" title="Attribution" href="https://creativecommons.org/licenses/by/4.0/"><i class="fab fa-creative-commons-by"></i></a><a class="icon" rel="noopener" target="_blank" title="Noncommercial" href="https://creativecommons.org/licenses/by-nc/4.0/"><i class="fab fa-creative-commons-nc"></i></a></p></div></div></div></div></div><hr style="height:1px;margin:1rem 0"><div class="level is-mobile is-flex"><div class="article-tags is-size-7 is-uppercase"><i class="fas fa-tags has-text-grey"></i> <a class="link-muted" rel="tag" href="/tags/BLE/">BLE, </a><a class="link-muted" rel="tag" href="/tags/Ubertooth-one/">Ubertooth one, </a><a class="link-muted" rel="tag" href="/tags/SDK/">SDK </a></div></div><div class="sharethis-inline-share-buttons"></div><script src=" " defer></script></article></div><div class="card"><div class="card-content"><h3 class="menu-label has-text-centered">Like this article? Support the author with</h3><div class="buttons is-centered"><a class="button is-info donate"><span class="icon is-small"><i class="fab fa-alipay"></i></span><span>Alipay</span><span class="qrcode"><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/20230128152554.png" alt="Alipay"></span></a><a class="button is-success donate"><span class="icon is-small"><i class="fab fa-weixin"></i></span><span>Wechat</span><span class="qrcode"><img src="https://oss-map.oss-cn-beijing.aliyuncs.com/img/20230128152647.png" alt="Wechat"></span></a></div></div></div><nav class="post-navigation mt-4 level is-mobile"><div class="level-start"><a class="article-nav-prev level level-item link-muted" href="/2020/11/28/IOT/DMA%E6%94%BB%E5%87%BB%E5%92%8CThunderbolt-3%E5%AE%89%E5%85%A8%E7%BA%A7%E5%88%AB%E6%B5%85%E8%B0%88/"><i class="level-item fas fa-chevron-left"></i><span class="level-item">DMA攻击和Thunderbolt 3安全级别浅谈</span></a></div><div class="level-end"><a class="article-nav-next level level-item link-muted" href="/2020/09/24/IOT/%E8%93%9D%E7%89%99%E5%AE%89%E5%85%A8%E4%BB%A5%E5%8F%8A%E7%9B%B8%E5%85%B3%E6%BC%8F%E6%B4%9E%E7%A0%94%E7%A9%B6/"><span class="level-item">蓝牙安全以及相关漏洞研究</span><i class="level-item fas fa-chevron-right"></i></a></div></nav><div class="card"><div class="card-content"><h3 class="title is-5">Comments</h3><div class="content" id="valine-thread"></div><script src="//cdn1.lncld.net/static/js/3.0.4/av-min.js"></script><script src="https://cdn.jsdelivr.net/npm/valine@1.4.14/dist/Valine.min.js"></script><script>new Valine({
+            el: '#valine-thread' ,
+            appId: "Mi7VTJ1Ohx0XKeYNBRfjWrY5-gzGzoHsz",
+            appKey: "kqSPJKxTTPM9aNVRrWttS4HT",
+            
+            avatar: "mm",
+            
+            meta: ["nick","mail","link"],
+            pageSize: 10,
+            lang: "en",
+            
+            highlight: true,
+            
+            requiredFields: [],
+        });</script></div></div></div><div class="column column-left is-4-tablet is-4-desktop is-3-widescreen  order-1 is-sticky"><div class="card widget"><div class="card-content"><nav class="level"><div class="level-item has-text-centered flex-shrink-1"><div><figure class="image is-128x128 mx-auto mb-2"><img class="avatar" src="/img/avatar.png" alt="ol4three"></figure><p class="title is-size-4 is-block line-height-inherit">ol4three</p><p class="is-size-6 is-block">醒来时世界都远了，我需要最狂的风，和最静的海。</p><p class="is-size-6 is-flex justify-content-center"><i class="fas fa-map-marker-alt mr-1"></i><span>BeiJing,China</span></p></div></div></nav><nav class="level is-mobile"><div class="level-item has-text-centered is-marginless"><div><p class="heading">Posts</p><a href="/archives"><p class="title">118</p></a></div></div><a class="level-item has-text-centered is-marginless" href="/categories"><div><p class="heading">Categories</p><div><p class="title">10</p></div></div></a><div class="level-item has-text-centered is-marginless"><div><p class="heading">Tags</p><a href="/tags"><p class="title">114</p></a></div></div></nav><div class="level"><a class="level-item button is-primary is-rounded" href="https://github.com/ol4three" target="_blank" rel="noopener">Follow</a></div><div class="level is-mobile"><a class="level-item button is-transparent is-marginless" target="_blank" rel="noopener" title="Github" href="https://github.com/ol4three"><i class="fab fa-github"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="noopener" title="Facebook" href="https://facebook.com"><i class="fab fa-facebook"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="noopener" title="Twitter" href="https://twitter.com"><i class="fab fa-twitter"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="noopener" title="Dribbble" href="https://dribbble.com"><i class="fab fa-dribbble"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="noopener" title="RSS" href="/"><i class="fas fa-rss"></i></a></div></div></div><div class="card widget" id="toc"><div class="card-content"><div class="menu"><h3 class="menu-label">Catalogue</h3><ul class="menu-list"><li><a class="is-flex" href="#0x00-本机环境"><span class="mr-2">1</span><span>0x00 本机环境</span></a></li><li><a class="is-flex" href="#0x01-环境搭建"><span class="mr-2">2</span><span>0x01 环境搭建</span></a><ul class="menu-list"><li><a class="is-flex" href="#1-安装lib库"><span class="mr-2">2.1</span><span>1. 安装lib库</span></a></li><li><a class="is-flex" href="#2-安装libbtbb"><span class="mr-2">2.2</span><span>2. 安装libbtbb</span></a></li><li><a class="is-flex" href="#3-安装ubertooth"><span class="mr-2">2.3</span><span>3. 安装ubertooth</span></a></li><li><a class="is-flex" href="#4-安装wireshark"><span class="mr-2">2.4</span><span>4. 安装wireshark</span></a></li><li><a class="is-flex" href="#5-安装kismet"><span class="mr-2">2.5</span><span>5. 安装kismet</span></a><ul class="menu-list"><li><a class="is-flex" href="#a-直接安装"><span class="mr-2">2.5.1</span><span>a. 直接安装</span></a></li><li><a class="is-flex" href="#b-编译安装"><span class="mr-2">2.5.2</span><span>b. 编译安装</span></a></li></ul></li><li><a class="is-flex" href="#6-安装BLE解密工具crackle"><span class="mr-2">2.6</span><span>6. 安装BLE解密工具crackle</span></a></li></ul></li><li><a class="is-flex" href="#0x02-嗅探扫描"><span class="mr-2">3</span><span>0x02 嗅探扫描</span></a><ul class="menu-list"><li><a class="is-flex" href="#1-Spectool"><span class="mr-2">3.1</span><span>1. Spectool</span></a><ul class="menu-list"><li><a class="is-flex" href="#a-spectool-curses"><span class="mr-2">3.1.1</span><span>a. spectool_curses</span></a></li><li><a class="is-flex" href="#b-spectool-gtk"><span class="mr-2">3.1.2</span><span>b. spectool_gtk</span></a></li><li><a class="is-flex" href="#c-spectool-raw"><span class="mr-2">3.1.3</span><span>c. spectool_raw</span></a></li><li><a class="is-flex" href="#d-spectool-net"><span class="mr-2">3.1.4</span><span>d. spectool_net</span></a></li></ul></li><li><a class="is-flex" href="#2-Hcitool"><span class="mr-2">3.2</span><span>2. Hcitool</span></a></li><li><a class="is-flex" href="#3-Gatttool"><span class="mr-2">3.3</span><span>3. Gatttool</span></a></li><li><a class="is-flex" href="#4-Ubertooth-scan-s"><span class="mr-2">3.4</span><span>4. Ubertooth-scan -s</span></a></li><li><a class="is-flex" href="#5-Ubertooth-ble"><span class="mr-2">3.5</span><span>5. Ubertooth-ble</span></a></li><li><a class="is-flex" href="#6-crackle"><span class="mr-2">3.6</span><span>6. crackle</span></a></li></ul></li><li><a class="is-flex" href="#0x03-解决方案"><span class="mr-2">4</span><span>0x03 解决方案</span></a><ul class="menu-list"><ul class="menu-list"><li><a class="is-flex" href="#1-使用OOB"><span class="mr-2">4.1.1</span><span>1. 使用OOB</span></a></li><li><a class="is-flex" href="#2-支持bluetooth4-2以上的设备的出现（通过ECDH解决）"><span class="mr-2">4.1.2</span><span>2. 支持bluetooth4.2以上的设备的出现（通过ECDH解决）</span></a></li></ul></ul></li><li><a class="is-flex" href="#0x04-参考："><span class="mr-2">5</span><span>0x04 参考：</span></a></li></ul></div></div><style>.menu-list > li > a.is-active + .menu-list { display: block; }.menu-list > li > a + .menu-list { display: none; }</style><script src="/js/toc.js" defer></script></div><div class="card widget"><div class="card-content"><div class="menu"><h3 class="menu-label">Links</h3><ul class="menu-list"><li><a class="level is-mobile is-mobile" href="http://b0urne.top" target="_blank" rel="noopener"><span class="level-left"><span class="level-item">B0urne</span></span><span class="level-right"><span class="level-item tag">b0urne.top</span></span></a></li><li><a class="level is-mobile is-mobile" href="https://lalalaxiaoyuren.github.io" target="_blank" rel="noopener"><span class="level-left"><span class="level-item">smail_fish</span></span><span class="level-right"><span class="level-item tag">lalalaxiaoyuren.github.io</span></span></a></li><li><a class="level is-mobile is-mobile" href="https://vinadiakt.github.io" target="_blank" rel="noopener"><span class="level-left"><span class="level-item">vinadiak</span></span><span class="level-right"><span class="level-item tag">vinadiakt.github.io</span></span></a></li></ul></div></div></div><div class="card widget"><div class="card-content"><div class="menu"><h3 class="menu-label">Categories</h3><ul class="menu-list"><li><a class="level is-mobile is-marginless" href="/categories/Android/"><span class="level-start"><span class="level-item">Android</span></span><span class="level-end"><span class="level-item tag">11</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/CTF/"><span class="level-start"><span class="level-item">CTF</span></span><span class="level-end"><span class="level-item tag">4</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/Code/"><span class="level-start"><span class="level-item">Code</span></span><span class="level-end"><span class="level-item tag">1</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/IOT/"><span class="level-start"><span class="level-item">IOT</span></span><span class="level-end"><span class="level-item tag">26</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/PWN/"><span class="level-start"><span class="level-item">PWN</span></span><span class="level-end"><span class="level-item tag">1</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/WEB%E5%AE%89%E5%85%A8/"><span class="level-start"><span class="level-item">WEB安全</span></span><span class="level-end"><span class="level-item tag">46</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/%E4%BA%8C%E8%BF%9B%E5%88%B6%E5%AE%89%E5%85%A8/"><span class="level-start"><span class="level-item">二进制安全</span></span><span class="level-end"><span class="level-item tag">15</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/"><span class="level-start"><span class="level-item">内网渗透</span></span><span class="level-end"><span class="level-item tag">8</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/%E7%8E%AF%E5%A2%83%E9%85%8D%E7%BD%AE/"><span class="level-start"><span class="level-item">环境配置</span></span><span class="level-end"><span class="level-item tag">4</span></span></a></li><li><a class="level is-mobile is-marginless" href="/categories/%E8%B7%AF%E7%94%B1%E5%99%A8/"><span class="level-start"><span class="level-item">路由器</span></span><span class="level-end"><span class="level-item tag">1</span></span></a></li></ul></div></div></div><div class="card widget"><div class="card-content"><h3 class="menu-label">Recents</h3><article class="media"><div class="media-content size-small"><p><time dateTime="2023-07-11T00:48:47.000Z">2023-07-11</time></p><p class="title is-6"><a class="link-muted" href="/2023/07/11/IOT/%E6%B1%BD%E8%BD%A6%E5%AE%89%E5%85%A8%E6%B5%8B%E8%AF%95CAN%E5%AD%A6%E4%B9%A0/">汽车安全测试CAN指南</a></p><p class="is-uppercase"><a class="link-muted" href="/categories/IOT/">IOT</a></p></div></article><article class="media"><div class="media-content size-small"><p><time dateTime="2023-04-12T10:25:42.000Z">2023-04-12</time></p><p class="title is-6"><a class="link-muted" href="/2023/04/12/WEB/Code_audit/codeql%E5%AD%A6%E4%B9%A0%E8%AE%B0%E5%BD%95/">codeql学习指南</a></p><p class="is-uppercase"><a class="link-muted" href="/categories/WEB%E5%AE%89%E5%85%A8/">WEB安全</a></p></div></article><article class="media"><div class="media-content size-small"><p><time dateTime="2022-07-27T10:25:17.000Z">2022-07-27</time></p><p class="title is-6"><a class="link-muted" href="/2022/07/27/WEB/OSS%E4%BA%91%E5%AD%98%E5%82%A8%E7%9B%B8%E5%85%B3%E5%AE%89%E5%85%A8%E9%A3%8E%E9%99%A9/">OSS云存储相关安全风险</a></p><p class="is-uppercase"><a class="link-muted" href="/categories/WEB%E5%AE%89%E5%85%A8/">WEB安全</a></p></div></article><article class="media"><div class="media-content size-small"><p><time dateTime="2022-06-07T00:51:06.000Z">2022-06-07</time></p><p class="title is-6"><a class="link-muted" href="/2022/06/07/WEB/Python%E5%A4%9A%E7%BA%BF%E7%A8%8B%E5%AE%9E%E7%8E%B0%E8%BF%9B%E5%BA%A6%E6%9D%A1/">Python多线程实现进度条</a></p><p class="is-uppercase"><a class="link-muted" href="/categories/Code/">Code</a></p></div></article><article class="media"><div class="media-content size-small"><p><time dateTime="2022-05-29T06:41:33.000Z">2022-05-29</time></p><p class="title is-6"><a class="link-muted" href="/2022/05/29/%E4%BA%8C%E8%BF%9B%E5%88%B6%E5%AE%89%E5%85%A8/DLL%E5%8A%AB%E6%8C%81%E6%BC%8F%E6%B4%9E%E8%AF%A6%E8%A7%A3/">DLL劫持漏洞详解</a></p><p class="is-uppercase"><a class="link-muted" href="/categories/%E4%BA%8C%E8%BF%9B%E5%88%B6%E5%AE%89%E5%85%A8/">二进制安全</a></p></div></article></div></div><div class="card widget"><div class="card-content"><div class="menu"><h3 class="menu-label">Tags</h3><div class="field is-grouped is-grouped-multiline"><div class="control"><a class="tags has-addons" href="/tags/360/"><span class="tag">360</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/APP%E6%B5%8B%E8%AF%95/"><span class="tag">APP测试</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/AWD/"><span class="tag">AWD</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/ActiveMQ/"><span class="tag">ActiveMQ</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Amazon/"><span class="tag">Amazon</span><span class="tag is-grey-lightest">7</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Apache/"><span class="tag">Apache</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Apache-Cocoon-XML/"><span class="tag">Apache-Cocoon-XML</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Apereo-Cas/"><span class="tag">Apereo Cas</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/AppWeb/"><span class="tag">AppWeb</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Apple-T2/"><span class="tag">Apple T2</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/BLE/"><span class="tag">BLE</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/BadUsb/"><span class="tag">BadUsb</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/C2/"><span class="tag">C2</span><span class="tag is-grey-lightest">4</span></a></div><div class="control"><a class="tags has-addons" href="/tags/CAN/"><span class="tag">CAN</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/CTF/"><span class="tag">CTF</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Car/"><span class="tag">Car</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Cisco/"><span class="tag">Cisco</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Cobalt-Strike/"><span class="tag">Cobalt Strike</span><span class="tag is-grey-lightest">4</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Code-audit/"><span class="tag">Code_audit</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/DLL%E5%8A%AB%E6%8C%81/"><span class="tag">DLL劫持</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/DMA/"><span class="tag">DMA</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Dict/"><span class="tag">Dict</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Drozer/"><span class="tag">Drozer</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/EDR/"><span class="tag">EDR</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Exchange-Server/"><span class="tag">Exchange-Server</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Frida/"><span class="tag">Frida</span><span class="tag is-grey-lightest">5</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Glibc-Heap/"><span class="tag">Glibc Heap</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Google-Hacking/"><span class="tag">Google-Hacking</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/HTTP%E8%AF%B7%E6%B1%82%E8%B5%B0%E7%A7%81%E5%8D%8F%E8%AE%AE/"><span class="tag">HTTP请求走私协议</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/HWS/"><span class="tag">HWS</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Hook/"><span class="tag">Hook</span><span class="tag is-grey-lightest">5</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Horde-Groupware-Webmail-Edition/"><span class="tag">Horde Groupware Webmail Edition</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Httpdecrypt/"><span class="tag">Httpdecrypt</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Huawei/"><span class="tag">Huawei</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/IOT/"><span class="tag">IOT</span><span class="tag is-grey-lightest">17</span></a></div><div class="control"><a class="tags has-addons" href="/tags/JCG/"><span class="tag">JCG</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/MCA/"><span class="tag">MCA</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/MCE/"><span class="tag">MCE</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/MSF/"><span class="tag">MSF</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Mybatis/"><span class="tag">Mybatis</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Mysql-python/"><span class="tag">Mysql-python</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/NC/"><span class="tag">NC</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/OSS/"><span class="tag">OSS</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/PHP%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/"><span class="tag">PHP反序列化</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/PHP%E7%BD%91%E7%AB%99/"><span class="tag">PHP网站</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/PWN/"><span class="tag">PWN</span><span class="tag is-grey-lightest">4</span></a></div><div class="control"><a class="tags has-addons" href="/tags/PhpStudy/"><span class="tag">PhpStudy</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/PineApple-Nano/"><span class="tag">PineApple-Nano</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Pligg/"><span class="tag">Pligg</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/PowerSploit/"><span class="tag">PowerSploit</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/ProcessPoolExecutor/"><span class="tag">ProcessPoolExecutor</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Pwn/"><span class="tag">Pwn</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Python/"><span class="tag">Python</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/RCE/"><span class="tag">RCE</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/SDK/"><span class="tag">SDK</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/SGX/"><span class="tag">SGX</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/SQLI-labs/"><span class="tag">SQLI-labs</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/SQL%E6%B3%A8%E5%85%A5/"><span class="tag">SQL注入</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/SSTI/"><span class="tag">SSTI</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Smartbi/"><span class="tag">Smartbi</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Spring-Boot/"><span class="tag">Spring Boot</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Sql%E6%B3%A8%E5%85%A5/"><span class="tag">Sql注入</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Thunderbolt-3/"><span class="tag">Thunderbolt 3</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/UAF/"><span class="tag">UAF</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/Ubertooth-one/"><span class="tag">Ubertooth one</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/VIM/"><span class="tag">VIM</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/VPN/"><span class="tag">VPN</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/WEB%E5%AE%89%E5%85%A8/"><span class="tag">WEB安全</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/XiaoMi/"><span class="tag">XiaoMi</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/ZTE/"><span class="tag">ZTE</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/adb/"><span class="tag">adb</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/codeql/"><span class="tag">codeql</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/crackme/"><span class="tag">crackme</span><span class="tag is-grey-lightest">5</span></a></div><div class="control"><a class="tags has-addons" href="/tags/crunch/"><span class="tag">crunch</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/icarus/"><span class="tag">icarus</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/iot/"><span class="tag">iot</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/"><span class="tag">java反序列化</span><span class="tag is-grey-lightest">4</span></a></div><div class="control"><a class="tags has-addons" href="/tags/junior/"><span class="tag">junior</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/kindeditor/"><span class="tag">kindeditor</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/multiprocessing/"><span class="tag">multiprocessing</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/nginx%E8%A7%A3%E6%9E%90%E6%BC%8F%E6%B4%9E/"><span class="tag">nginx解析漏洞</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/objection/"><span class="tag">objection</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/pwnable-kr/"><span class="tag">pwnable.kr</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/queue/"><span class="tag">queue</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/sangfor/"><span class="tag">sangfor</span><span class="tag is-grey-lightest">4</span></a></div><div class="control"><a class="tags has-addons" href="/tags/scrcpy/"><span class="tag">scrcpy</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/sql%E6%B3%A8%E5%85%A5/"><span class="tag">sql注入</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/struts2/"><span class="tag">struts2</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/unlink/"><span class="tag">unlink</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E4%B8%89%E6%98%9F/"><span class="tag">三星</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E4%BA%91%E5%AD%98%E5%82%A8/"><span class="tag">云存储</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E4%BB%A3%E7%90%86%E8%BD%AC%E5%8F%91/"><span class="tag">代理转发</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/"><span class="tag">内网渗透</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%8D%8F%E8%AE%AE%E5%88%86%E6%9E%90/"><span class="tag">协议分析</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%90%8E%E6%B8%97%E9%80%8F/"><span class="tag">后渗透</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%9B%BA%E4%BB%B6/"><span class="tag">固件</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%A0%86/"><span class="tag">堆</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%A4%A9%E8%9E%8D%E4%BF%A1/"><span class="tag">天融信</span><span class="tag is-grey-lightest">2</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%AE%8F%E7%97%85%E6%AF%92/"><span class="tag">宏病毒</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%AE%9D%E5%A1%94/"><span class="tag">宝塔</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E5%B0%8F%E7%A8%8B%E5%BA%8F/"><span class="tag">小程序</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/"><span class="tag">未授权访问漏洞</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E6%A0%BC%E5%BC%8F%E5%8C%96%E5%AD%97%E7%AC%A6%E4%B8%B2/"><span class="tag">格式化字符串</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E6%AD%A3%E5%88%99/"><span class="tag">正则</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E6%B3%9B%E5%BE%AEOA/"><span class="tag">泛微OA</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E7%94%A8%E5%8F%8B/"><span class="tag">用友</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E7%BA%A2%E9%98%9F%E7%99%BE%E7%A7%91%E5%85%A8%E4%B9%A6/"><span class="tag">红队百科全书</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E7%BB%BF%E7%9B%9F/"><span class="tag">绿盟</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E8%93%9D%E7%89%99/"><span class="tag">蓝牙</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E8%B7%AF%E7%94%B1%E5%99%A8/"><span class="tag">路由器</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E9%80%9A%E8%BE%BEOA/"><span class="tag">通达OA</span><span class="tag is-grey-lightest">3</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E9%9D%A2%E8%AF%95/"><span class="tag">面试</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E9%BB%98%E8%AE%A4%E5%AF%86%E7%A0%81/"><span class="tag">默认密码</span><span class="tag is-grey-lightest">1</span></a></div><div class="control"><a class="tags has-addons" href="/tags/%E9%BD%90%E6%B2%BB%E5%A0%A1%E5%9E%92%E6%9C%BA/"><span class="tag">齐治堡垒机</span><span class="tag is-grey-lightest">1</span></a></div></div></div></div></div><div class="card widget"><div class="card-content"><div class="menu"><h3 class="menu-label">Subscribe for updates</h3><form action="https://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open(&#039;https://feedburner.google.com/fb/a/mailverify?uri=&#039;,&#039;popupwindow&#039;,&#039;scrollbars=yes,width=550,height=520&#039;);return true"><input type="hidden" value="" name="uri"><input type="hidden" name="loc" value="en_US"><div class="field has-addons"><div class="control has-icons-left is-expanded"><input class="input" name="email" type="email" placeholder="Email"><span class="icon is-small is-left"><i class="fas fa-envelope"></i></span></div><div class="control"><input class="button is-primary" type="submit" value="Subscribe"></div></div></form></div></div></div><div class="card widget"><div class="card-content"><div class="menu"><h3 class="menu-label">Advertisement</h3><script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script><ins class="adsbygoogle" style="display:block" data-ad-client="1" data-ad-slot="1" data-ad-format="auto" data-full-width-responsive="true"></ins><script>(adsbygoogle = window.adsbygoogle || []).push({});</script></div></div></div></div><!--!--></div></div></section><footer class="footer"><div class="container"><div class="level"><div class="level-start"><a class="footer-logo is-block mb-2" href="/"><img src="/img/logo.svg" alt="ol4three" height="28"></a><p class="size-small"><span>&copy; 2023 ol4three</span>  Powered by <a href="https://www.ol4three.com" target="_blank" rel="noopener">ol4three</a> <br><span id="busuanzi_container_site_uv">Visited by <span id="busuanzi_value_site_uv">0</span> users</span></p></div><div class="level-end"><div class="field has-addons"><p class="control"><a class="button is-transparent is-large" target="_blank" rel="noopener" title="Creative Commons" href="https://creativecommons.org/"><i class="fab fa-creative-commons"></i></a></p><p class="control"><a class="button is-transparent is-large" target="_blank" rel="noopener" title="Attribution 4.0 International" href="https://creativecommons.org/licenses/by/4.0/"><i class="fab fa-creative-commons-by"></i></a></p><p class="control"><a class="button is-transparent is-large" target="_blank" rel="noopener" title="Download on GitHub" href="https://github.com/ppoffice/hexo-theme-icarus"><i class="fab fa-github"></i></a></p></div></div></div></div></footer><script src="https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/npm/moment@2.22.2/min/moment-with-locales.min.js"></script><script>moment.locale("en");</script><script>var IcarusThemeSettings = {
+            article: {
+                highlight: {
+                    clipboard: true,
+                    fold: 'unfolded'
+                }
+            }
+        };</script><script src="https://cdn.jsdelivr.net/npm/clipboard@2.0.4/dist/clipboard.min.js" defer></script><script src="/js/animation.js"></script><a id="back-to-top" title="Back to top" href="javascript:;"><i class="fas fa-chevron-up"></i></a><script src="/js/back_to_top.js" defer></script><!--!--><!--!--><!--!--><script src="https://cdn.jsdelivr.net/npm/lightgallery@1.6.8/dist/js/lightgallery.min.js" defer></script><script src="https://cdn.jsdelivr.net/npm/justifiedGallery@3.7.0/dist/js/jquery.justifiedGallery.min.js" defer></script><script>window.addEventListener("load", () => {
+            if (typeof $.fn.lightGallery === 'function') {
+                $('.article').lightGallery({ selector: '.gallery-item' });
+            }
+            if (typeof $.fn.justifiedGallery === 'function') {
+                if ($('.justified-gallery > p > .gallery-item').length) {
+                    $('.justified-gallery > p > .gallery-item').unwrap();
+                }
+                $('.justified-gallery').justifiedGallery();
+            }
+        });</script><!--!--><!--!--><!--!--><script src="/js/main.js" defer></script><div class="searchbox"><div class="searchbox-container"><div class="searchbox-header"><div class="searchbox-input-container"><input class="searchbox-input" type="text" placeholder="Type something..."></div><a class="searchbox-close" href="javascript:;">×</a></div><div class="searchbox-body"></div></div></div><script src="/js/insight.js" defer></script><script>document.addEventListener('DOMContentLoaded', function () {
+            loadInsight({"contentUrl":"/content.json"}, {"hint":"Type something...","untitled":"(Untitled)","posts":"Posts","pages":"Pages","categories":"Categories","tags":"Tags"});
+        });</script></body></html>
