This project is now officially deprecated, since I worked with virtualabs on the next version of Mirage since three years now: an ecosystem of tools named WHAD. Almost all Mirage modules have now been ported to WHAD, so if you loved Mirage for a specific feature, you should find an equivalent one in WHAD. Moreover the philosophy behind the project is similar: fighting fragmentation of tools, providing user-friendly CLI tools to interact with wireless protocols, while creating a powerful offensive library if you want to use it in your own project.
Mirage repo will stay active since I know a lot of people are using it, but if you want to start experimenting with wireless attacks, you should definitely use WHAD instead. I won't maintain this repository anymore, but WHAD will be actively maintained and is evolving quickly.
See you on the other side:
- WHAD repository: https://github.com/whad-team/whad-client
- ButteRFly firmware repository (nRF52): https://github.com/whad-team/butterfly
- WHAD website: https://whad.io
- WHAD documentation: https://whad.readthedocs.io/en/latest/
This framework is released as an opensource project using the MIT License.
Mirage is a powerful and modular framework dedicated to the security analysis of wireless communications. It currently provides :
- multiple lightweight and hackable wireless protocol stacks (e.g. Bluetooth Low Energy, Enhanced ShockBurst, WiFi, Zigbee ...)
- multiple highly customizable offensive modules (e.g. Man-in-the-Middle, sniffing, jamming, hijacking, cloning ...)
- mutiple modules dedicated to information gathering (e.g. applicative layers dumping, scanning ...)
- mutiple experimental offensive modules based on InjectaBLE attack (e.g. Bluetooth Low Energy injection, Slave and Master hijacking, MiTM ...)
- a chaining operator allowing to easily combine attack modules in order to build complex attack workflows
- support of multiple devices, such as HCI devices, Crazy Radio PA, RZUSBStick, BTLEJack, Nordic, Sniffle, ButteRFly and Ubertooth sniffers
- an user-friendly development environment allowing to easily write new modules or customize existing ones
- an experimental Software defined radio architecture, allowing to sniff and inject packets using HackRF One
- Documentation: http://homepages.laas.fr/rcayre/mirage-documentation/index.html
- Documentation (sphinx source code): https://redmine.laas.fr/projects/mirage-documentation
- Mirage can manipulate IR signals using an opensource hardware called IRma, the schematics and firmware source code can be found here: https://redmine.laas.fr/projects/mirage-irma-device
- Mirage can perform experimental Bluetooth Low Energy attacks using ButteRFly device (nRF52840 dongle): https://github.com/RCayre/injectable-firmware. This new device allows to inject packets into an established connection, hijack the slave role, hijack the master role or perform a Man-in-the-Middle attack.
- Mirage can use a custom BTLEJack firmware for the BBC Micro:Bit, adding some specific features for manipulating advertisements: https://redmine.laas.fr/projects/btlejack-custom-firmware
The original BTLEJack firmware, written by Damien Cauquil, is available on github :
- BTLEJack: https://github.com/virtualabs/btlejack
- BTLEJack firmware: https://github.com/virtualabs/btlejack-firmware
This framework is developed in the context of research works focused on IoT security by Romain Cayre, who is a PhD student at LAAS-CNRS and Apsys.Lab. His PhD thesis is supervised by Guillaume Auriol, Vincent Nicomette and Mohamed Kaâniche.
We published two papers describing this tool:
- Romain Cayre, Jonathan Roux, Eric Alata, Vincent Nicomette, Guillaume Auriol. Mirage : un framework offensif pour l'audit du Bluetooth Low Energy. Symposium sur la Sécurité des Technologies de l'Information et des Communications (SSTIC 2019), Jun 2019, Rennes, France. pp.229-258. [fr]
- Romain Cayre, Vincent Nicomette, Guillaume Auriol, Eric Alata, Mohamed Kaâniche, et al.. Mirage: towards a Metasploit-like framework for IoT. 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE), Oct 2019, Berlin, Germany. [en]
We also published two papers describing a new Bluetooth Low Energy attack, named InjectaBLE, allowing to inject malicious traffic into an established BLE connection. Mirage (v1.2) adds support for a new device, named ButteRFly, allowing to perform this attack:
- Romain Cayre, Florent Galtier, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche, et al.. InjectaBLE : injection de trafic malveillant dans une connexion Bluetooth Low Energy. Symposium sur la sécurité des technologies de l'information et des communications (SSTIC 2021), Jun 2021, Rennes (en ligne), France. [fr]
- Romain Cayre, Florent Galtier, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche, et al.. InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Jun 2021, Taipei (virtual), Taiwan. [en]