ChameleonDump is a user-friendly command-line tool for macOS. Its primary function is to show the security vulnerability that arises from using hardcoded, default BLE (Bluetooth Low Energy) PIN codes.
The tool attempts to connect to ChameleonUltra devices using their default BLE PIN code. Once connected, ChameleonDump extracts all stored RFID tag IDs from the device. As of now, the tool supports only the ChameleonUltra device.
Multiple solutions exist for mitigating this security risk. The most straightforward approach would be to require users to change the default PIN when they first set up the device.
Change the default PIN code of your ChameleonUltra device.
- macOS (The tool is not supported on other operating systems)
- Python 3.6 or higher
- pip package manager
pip install chameleondump
usage: chameleondump [-h] [--device {ChameleonUltra}] [--pin PIN] [--mask MASK]
ChameleonDump
optional arguments:
-h, --help show this help message and exit
--device {ChameleonUltra}
The target device
--pin PIN The PIN to use for pairing, leave empty to use the default PIN
--mask MASK Mask the RFID tag IDs
-
Clone the repository:
git clone https://github.com/masasron/chameleondump
-
Navigate to the project directory:
cd chameleondump
-
Build & Install
python3 setup.py sdist bdist_wheel pip3 install dist/chameleondump-0.1.5-py3-none-any.whl
Note: The name of the wheel file may vary depending on the version of the tool.
- ChameleonUltra