Error during HCI device instanciation : AttributeError: 'NoneType' object has no attribute 'send'

[stabla]

AttributeError: 'NoneType' object has no attribute 'send'

I was trying to execute a Man In The Middle attack with the ble_mitm module, but each time I reconfigure the BD Address
manually, I got a failure, an AttributeError then it crashes. I have to kill the process to exit. The hci BD Address has been correctly modified tho.

• How do I modify the BD @ manually:

bdaddr -r -i hci1 33:33:33:33:33:33;
hciconfig hci1 down;
hciconfig hci1 up;

• Version: Python 3.7.3
• Cmd: ./mirage_launcher ble_mitm TARGET=FC:58:FA:14:F8:CE
  Sometimes, running it like this python3 mirage_launcher ble_mitm TARGET=FC:58:FA:14:F8:CE helps but not always.

Am I doing something that I shouldn't? Especially with tthe bdaddr command?

Logs
Short version:

root@raspberrypi:/home/pi/mirage# ./mirage_launcher ble_mitm TARGET=FC:58:FA:14:F8:CE
[INFO] Module ble_mitm loaded !
[SUCCESS] HCI Device (hci0) successfully instanciated !
[SUCCESS] HCI Device (hci1) successfully instanciated !
[INFO] Entering SCAN stage ...
...
...
[INFO] Changing HCI Device (hci1) Address to : FC:58:FA:14:F8:CE
[INFO] Connecting to slave FC:58:FA:14:F8:CE...
[SUCCESS] BD Address successfully modified !
[FAIL] Error during HCI device instanciation !
Exception in thread Thread-2:
Traceback (most recent call last):
  File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
    self.run()
  File "/home/pi/mirage/mirage/libs/wireless_utils/packetQueue.py", line 19, in run
    self._target(*(self._args))
...
...
  File "/home/pi/mirage/mirage/libs/bt.py", line 89, in send
    self.socket.send(data)
AttributeError: 'NoneType' object has no attribute 'send'

Detailed version:

root@raspberrypi:/home/pi/mirage# ./mirage_launcher ble_mitm TARGET=FC:58:FA:14:F8:CE
[INFO] Module ble_mitm loaded !
[SUCCESS] HCI Device (hci0) successfully instanciated !
[SUCCESS] HCI Device (hci1) successfully instanciated !
[INFO] Entering SCAN stage ...
[PACKET] << BLE - Advertisement Packet | type=ADV_IND | addr=CC:6E:A4:1D:CA:8F | data=0201181bff75004204030113170501cc6ea41dca8f0000ce6ea41dca8e0001 >>
[PACKET] << BLE - Advertisement Packet | type=SCAN_RSP | addr=CC:6E:A4:1D:CA:8F | data=1c085b41565d2053616d73756e6720536f756e64626172204d53353530 >>
[PACKET] << BLE - Advertisement Packet | type=ADV_IND | addr=62:6B:6F:72:48:9A | data=03039ffe17169ffe0262506450496774416d4b6b00000177ff4a6064 >>
[PACKET] << BLE - Advertisement Packet | type=SCAN_RSP | addr=62:6B:6F:72:48:9A | data=09ffe000010eca6f5aa2 >>
[PACKET] << BLE - Advertisement Packet | type=ADV_IND | addr=15:D0:69:41:B7:32 | data=1eff060001092002f03e5540970b4555d8f0bf6e09a62a42e22f06f63b6501 >>
[PACKET] << BLE - Advertisement Packet | type=ADV_IND | addr=FC:58:FA:14:F8:CE | data=0201060503e0ff02180709485431343037 >>
[SUCCESS] Found corresponding advertisement !
[PACKET] << BLE - Advertisement Packet | type=SCAN_RSP | addr=FC:58:FA:14:F8:CE | data=0709485431343037 >>
[INFO] Entering CLONE stage ...
[INFO] Changing HCI Device (hci1) Address to : FC:58:FA:14:F8:CE
[INFO] Connecting to slave FC:58:FA:14:F8:CE...
[SUCCESS] BD Address successfully modified !
[FAIL] Error during HCI device instanciation !
Exception in thread Thread-2:
Traceback (most recent call last):
  File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
    self.run()
  File "/home/pi/mirage/mirage/libs/wireless_utils/packetQueue.py", line 19, in run
    self._target(*(self._args))
  File "/home/pi/mirage/mirage/libs/wireless.py", line 206, in _task
    self._add(pkt)
  File "/home/pi/mirage/mirage/libs/wireless.py", line 186, in _add
    self._executeCallbacks(packet)
  File "/home/pi/mirage/mirage/libs/wireless.py", line 350, in _executeCallbacks
    callback.run(packet)
  File "/home/pi/mirage/mirage/libs/wireless_utils/callbacks.py", line 64, in run
    self.function(*args, **kwargs)
  File "/home/pi/mirage/mirage/core/scenario.py", line 62, in wrapper
    result = function(self,*args,**kwargs)
  File "/home/pi/mirage/mirage/modules/ble_mitm.py", line 114, in scanStage
    self.cloneStage(self.address,self.dataAdvInd,self.dataScanRsp,self.intervalMin,self.intervalMax,self.addrType)
  File "/home/pi/mirage/mirage/core/scenario.py", line 62, in wrapper
    result = function(self,*args,**kwargs)
  File "/home/pi/mirage/mirage/modules/ble_mitm.py", line 128, in cloneStage
    self.a2mEmitter.setScanningParameters(data=dataResponse)
  File "/home/pi/mirage/mirage/libs/ble.py", line 325, in setScanningParameters
    self._internalCommand(New_HCI_Cmd_LE_Set_Scan_Response_Data(data=advData,len=len(data)))
  File "/home/pi/mirage/mirage/libs/bt.py", line 130, in _internalCommand
    self.send(cmd)
  File "/home/pi/mirage/mirage/libs/bt.py", line 89, in send
    self.socket.send(data)
AttributeError: 'NoneType' object has no attribute 'send'

[RCayre]

Hi, thanks for reporting this issue.
Could you please provide me the output of lsusb ?
Regards,
Romain Cayre

[stabla]

Hi,

Yes !

#lsusb
Bus 001 Device 020: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp. SMC9514 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

[szbinks]

Hi,
I have the exact same problem but in a virtual machine, have you found a solution ?

I did a lsusb

#lsusb
Bus 001 Device 007: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
Bus 001 Device 009: ID 0a12:0001 Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

[stabla]

Hi @FabienOnGithub,

Still haven't found a proper way to fix this issue, yet, have you tried to run it with python3? Sometimes it helps

[szbinks]

Thanks for your reply !
I already tried to use python3 but unfortunately I still have the same error...
It seems that the "send error" comes from the device which attempt to connect to Mirage.
I tried with two devices : a Raspberry Pi 4 with Kali linux and my smartphone (a Samsung Galaxy S8 with Android 9). I always have the error with the Raspberry but I never had it with my phone.
I still don't understand why but at least I could use Mirage.

[RCayre]

Hi,
The problem is probably linked to the BD address modification of CSR dongles, because I have to reset the socket for this specific manufacturer.
Try to replace :
utils.wait(seconds=1)
by
utils.wait(seconds=3)
in libs/bt.py at line 472.
Let me know if it solves the problem.

[rriley]

Hi,

I'm not the original poster, but I have the same problem with a Bluetooth adapter that uses a CSR chipset. I tried your patch (I tried 3 seconds and even tried it at 30 seconds) with no change. Do you have any other thoughts? I appreciate your time and help.

[szbinks]

Hello !
In my memories I litteraly SPAMMED until it works (I had a school project and the subject was to perform a MiTM so I just showed a succesful attempt). I still don't understand this error so I can't really help you sorry.

[RCayre]

Hi,
Thanks for reporting this issue.
Can you

1. run hcidump -i hciX
2. run Mirage and trigger the bug on hciX
3. provide me the output of hcidump, please ?