Share
## https://sploitus.com/exploit?id=27C8E4F7-789B-5171-8B24-B21D4137905D
# WhisperPair Exploit Toolkit (CVE-2025-36911)

[![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![CVE](https://img.shields.io/badge/CVE-2025--36911-red.svg)](https://nvd.nist.gov/vuln/detail/CVE-2025-36911)

A security research toolkit for demonstrating CVE-2025-36911 (WhisperPair), a critical vulnerability in Google Fast Pair affecting hundreds of millions of Bluetooth audio devices.


  
  
  


## 🎯 Overview

WhisperPair allows attackers to forcibly pair with vulnerable Bluetooth earbuds and headphones **without user interaction**, potentially enabling:

- 🎀 **Eavesdropping** via device microphone
- πŸ”Š **Audio injection** into victim's earbuds
- πŸ“ **Location tracking** via Google Find Hub
- πŸ” **Persistent access** via account key injection

**Affected Brands:** Sony, Google, JBL, Jabra, Anker, Nothing, OnePlus, Xiaomi, Marshall, and more.

## πŸ“‹ Contents

| Component | Description |
|-----------|-------------|
| `fastpair_exploit.py` | Python scanner, tester, and exploit tool |
| `esp32_vulnerable_earbud/` | ESP32 firmware to emulate a vulnerable device |
| `DOCUMENTATION.md` | Full technical writeup and demo guide |

## πŸš€ Quick Start

### Installation

```bash
# Clone the repository
git clone https://github.com/yourusername/whisperpair-toolkit.git
cd whisperpair-toolkit

# Install dependencies
pip install -r requirements.txt
```

### Usage

```bash
# List known vulnerable devices
python fastpair_exploit.py list

# Scan for Fast Pair devices
python fastpair_exploit.py scan

# Test a specific device
python fastpair_exploit.py test AA:BB:CC:DD:EE:FF

# Run full exploit chain
python fastpair_exploit.py exploit AA:BB:CC:DD:EE:FF
```

### Example Output

```
πŸ“‘ Scanning for Fast Pair devices (10.0s)...

  ● Sony WF-1000XM4
    Address: AA:BB:CC:DD:EE:FF  RSSI: -45 dBm
    Mode: idle  |  ⚠️  KNOWN VULNERABLE
    Model ID: CD8256

──────────────────────────────────────────────────
πŸ“Š Found 1 device(s)

⚠️  1 KNOWN VULNERABLE:
   β€’ Sony WF-1000XM4 (AA:BB:CC:DD:EE:FF)
```

## πŸ”¬ ESP32 Vulnerable Device Emulator

For safe demonstration without real vulnerable devices, flash an ESP32 to emulate vulnerable earbuds.

### Setup

1. Install [Arduino IDE](https://www.arduino.cc/en/software) with ESP32 support
2. Open `esp32_vulnerable_earbud/esp32_vulnerable_earbud.ino`
3. Select your ESP32 board (tested on ESP32-C6)
4. Upload and open Serial Monitor (115200 baud)

The ESP32 will advertise as a vulnerable Fast Pair device, accepting unauthorized pairing requests and logging the attack in real-time.

## πŸ“š Documentation

See [DOCUMENTATION.md](DOCUMENTATION.md) for:

- Detailed vulnerability explanation
- Protocol analysis
- Classroom demo script
- Remediation guidance

## ⚠️ Known Vulnerable Devices

| Manufacturer | Model | Status |
|--------------|-------|--------|
| Sony | WH-1000XM6/XM5/XM4 | Vulnerable (patch available) |
| Sony | WF-1000XM5/XM4 | Vulnerable (patch available) |
| Google | Pixel Buds Pro 2 | Vulnerable (patch available) |
| JBL | Tune Beam, Live Pro 2 | Vulnerable |
| Jabra | Elite 8 Active | Vulnerable |
| Anker | Soundcore Liberty 4 NC | Vulnerable |
| Nothing | Ear (a) | Vulnerable |
| OnePlus | Nord Buds 3 Pro | Vulnerable |
| Xiaomi | Redmi Buds 5 Pro | Vulnerable |

Full list: [whisperpair.eu/vulnerable-devices](https://whisperpair.eu/vulnerable-devices)

## πŸ›‘οΈ Remediation

**The only fix is a firmware update from your device manufacturer.**

| Brand | Update Method |
|-------|---------------|
| Sony | Sony Headphones Connect app |
| Google | Automatic via Pixel Buds app |
| JBL | JBL Headphones app |
| Jabra | Jabra Sound+ app |
| Anker | Soundcore app |

Updating your phone does **not** fix the vulnerabilityβ€”the flaw is in the earbuds themselves.

## πŸ”— References

- [WhisperPair Official Site](https://whisperpair.eu/)
- [CVE-2025-36911 (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2025-36911)
- [KU Leuven Research Paper](https://whisperpair.eu/)
- [Google Fast Pair Specification](https://developers.google.com/nearby/fast-pair/spec)

## πŸ‘₯ Credits

**Original Research:**
- COSIC Group, KU Leuven (Sayon Duttagupta, Nikola Antonijević, Bart Preneel)
- DistriNet Group, KU Leuven (Seppe Wyns, Dave SingelΓ©e)

**This Toolkit:**
- Steven Perumean (Python port & ESP32 emulator)

## βš–οΈ Legal Disclaimer

This toolkit is provided for **educational and authorized security research purposes only**.

- βœ… Test devices you own
- βœ… Use in controlled lab environments
- βœ… Educational demonstrations
- ❌ Unauthorized access to others' devices
- ❌ Eavesdropping or surveillance
- ❌ Any illegal activity

**Unauthorized interception of communications is a federal crime.**

The authors are not responsible for misuse of this software.

## πŸ“„ License

MIT License - See [LICENSE](LICENSE) for details.

---


  Built for cybersecurity education at California Baptist University