Projects & tools

LoRa Craft

LoRa Craft is a small set of tools to receive signals with Software-Defined Radio, decode et craft LoRaWAN packets on top of a gr-lora GNU Radio module.

Link to the project

V2G Injector

Tools to intrude a V2G (Vehicle To Grid) PowerLine network, but also to capture and inject V2G packets.

Link to the project

V2G decoder

Encode and decode V2G (Vehicle To Grid) messages on the fly.

Link to the project

HomePlugPWN

A collection of tools and Scapy dissectors to test Power-Line Communication (in)security:

• HomeplugAV.py Scapy Layers: create and craft your own HomePlugAV packets
• discover.py: sends 'GetDeviceTypeRequest' in broadcast mode to discover PLCs of the same AVLN
• genDAK.py: derives MAC address to get a Qualcomm DAK passphrase
• PBKDF1.py: hashes the DAK or NMK passphrase using the PBKDF1
• quickKODAK.py: performs a KODAK bruteforce on powerline
• plcmon.py: enables 'Sniffer mode' and uses Sniffer Indicate packet to retrieve CCos MAC address
• PIBdump.py: dumps your entire PLC configure (PIB) into a file
• patchPIB.py: patch arbitrary bytes of your PLC, or a field between bytes 0x0-0x400 (see the details of ModulePIB conditions in the Scapy layer).
• HPGPKeysCollect.py: parse HPGP messages and collect keys

Link to the project

Modmobmap

Map 2G/3G/4G and more cellular networks in real life with a simple smartphone, pretty much like the osmocomBB monitoring feature.

Link to the project

Modmobjam

A smart jamming proof of concept for mobile equipment that could be powered with the Modmobmap tool.

Link to the project