crackle 介绍



crackle 首页
crackle 源代码版本库


crackle - 爆破和解密BLE加密
:~# crackle
Usage: crackle -i <input.pcap> [-o <output.pcap>] [-l <ltk>]
Cracks Bluetooth Low Energy encryption (AKA Bluetooth Smart)

Major modes:  Crack TK // Decrypt with LTK

Crack TK:

    Input PCAP file must contain a complete pairing conversation. If any
    packet is missing, cracking will not proceed. The PCAP file will be
    decrypted if -o <output.pcap> is specified. If LTK exchange is in
    the PCAP file, the LTK will be dumped to stdout.

Decrypt with LTK:

    Input PCAP file must contain at least LL_ENC_REQ and LL_ENC_RSP
    (which contain the SKD and IV). The PCAP file will be decrypted if
    the LTK is correct.

    LTK format: string of hex bytes, no separator, most-significant
    octet to least-significant octet.

    Example: -l 81b06facd90fe7a6e9bbd9cee59736a7

Optional arguments:
    -v   Be verbose
    -t   Run tests against crypto engine

Written by Mike Ryan <>
See web site for more info:

crackle 示例

读取输入文件(-i ltk_exchange.pcap)和写入解密输出到磁盘(-o LTK-decrypted.pcap):

:~# crackle -i ltk_exchange.pcap -o ltk-decrypted.pcap

TK found: 000000
ding ding ding, using a TK of 0! Just Cracks(tm)

Warning: packet is too short to be encrypted (1), skipping
LTK found: 7f62c053f104a5bbe68b1d896a2ed49c
Done, processed 712 total packets, decrypted 3