Exam 312-50v12 topic 1 question 259 discussion

From ChatGPT Command Breakdown for Option D: -f 0x129f3244: This sets the Access Address of the BLE connection you want to target. The Access Address is unique to each BLE connection. -j: This flag is used to hijack the BLE connection once it is discovered and captured. This is the correct combination for performing a Btlejacking attack — it focuses on hijacking an already established BLE connection. Quick Breakdown of Other Options: A. btlejack -f 0x9c68fd30 -t -m 0x1fffffffff The -t and -m options are related to sniffing and channel map tracking, not hijacking. B. btlejack -c any This command is used for sniffing connections on any channel, not hijacking. C. btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s This is used for multi-device sniffing, combining multiple micro:bit dongles for better packet capture.

D is more accurate. D. btlejack -f 0x129f3244 -j This command is explicitly aimed at hijacking an ongoing BLE connection on the specified frequency, aligning perfectly with the scenario's description of hijacking to read and export sensitive information. To hijack a connection, as described in option D with the -j flag, involves actively intervening in the communication. This means inserting the attacker’s device into the communication flow in a way that allows them to intercept, modify, or block the data being exchanged without the original devices noticing. This is more aggressive and direct in terms of interaction compared to merely tracking. Thus, while option A is very relevant for understanding the dynamics of the communication and could be a precursor to an effective hijacking (by knowing where and how to hijack), it does not by itself perform the action of hijacking. Therefore, it's correct to say that option A could be part of the process leading up to a hijack, but it isn't the command that would be used to execute the hijacking. The specific action of hijacking in Btlejack is indicated by the -j flag, as shown in option D.

CEHv12 2538

Module 16 Page 2538

Hijacking a BLE connection Btlejack is also able to hijack an existing connection, use the -t option to do so. Once hijacked, Btlejack will give you a prompt allowing you to interact with the hijacked device. First, hijack an existing connection: $ btlejack -f 0x9c68fd30 -t -m 0x1fffffffff BtleJack version 1.1 [i] Using cached parameters (created on 2018-08-11 01:48:24) [i] Detected sniffers: > Sniffer #0: fw version 1.1 [i] Synchronizing with connection 0x9c68fd30 ... ✓ CRCInit: 0x81f733 ✓ Channel map is provided: 0x1fffffffff ✓ Hop interval = 39 ✓ Hop increment = 9 [i] Synchronized, hijacking in progress ... [i] Connection successfully hijacked, it is all yours \o/ btlejack>