This guide provides a method to extract Bluetooth keys (IRK and ENC_KEY) from Apple devices for advanced settings in the Capod APP. The obtained security keys enable users to access advanced features and customization options in the Capod application.
- VMware Workstation Player
- Ubuntu 24.04 LTS or Arch Linux
- Python 3: (Pre-installed with Ubuntu)
- Bluetooth must be completely disabled on Windows host
- USB controller must be properly configured in VMware (USB 3.0+)
- Bluetooth adapter must be successfully recognized in VMware
# Run in Ubuntu or Arch Linux terminal, must see Bluetooth device information
lsusb | grep -i bluetooth
# Expected output: Bus 001 Device 004: ID 0a5c:21e8 Broadcom Corp. BCM20702A0 Bluetooth 4.0
sudo apt update && sudo apt upgrade -y
sudo apt install bluez bluez-tools blueman python3 python3-pip libbluetooth-dev
pip3 install pybluezsudo pacman -Syu
sudo pacman -S bluez bluez-utils python python-pip python-pybluezsudo systemctl enable bluetooth
sudo systemctl start bluetooth
sudo systemctl status bluetooth # Confirm status is active (running)Python script code is sourced from GitHub open-source project d4rken-org/capod, provided by user @kavishdevar.
nano get_ble_keys.pyvim get_ble_keys.py
#!/usr/bin/env python3
import sys
import socket
PROXIMITY_KEY_TYPES = {
0x01: "IRK",
0x04: "ENC_KEY",
}
def parse_proximity_keys_response(data):
if len(data) < 7 or data[4] != 0x31:
return None
key_count = data[6]
keys = []
offset = 7
for _ in range(key_count):
if offset + 3 >= len(data):
break
key_type = data[offset]
key_length = data[offset + 2]
offset += 4
if offset + key_length > len(data):
break
key_bytes = data[offset:offset + key_length]
keys.append((PROXIMITY_KEY_TYPES.get(key_type, f"TYPE_{key_type:02X}"), key_bytes))
offset += key_length
return keys
def hexdump(data):
return " ".join(f"{b:02X}" for b in data)
def main():
if len(sys.argv) != 2:
print(f"Usage: {sys.argv[0]} <MAC>")
sys.exit(1)
bdaddr = sys.argv[1]
PSM = 0x1001
handshake = bytes.fromhex("00 00 04 00 01 00 02 00 00 00 00 00 00 00 00 00")
key_req = bytes.fromhex("04 00 04 00 30 00 05 00")
sock = socket.socket(socket.AF_BLUETOOTH, socket.SOCK_SEQPACKET, socket.BTPROTO_L2CAP)
sock.connect((bdaddr, PSM))
sock.send(handshake)
sock.send(key_req)
try:
while True:
pkt = sock.recv(1024)
keys = parse_proximity_keys_response(pkt)
if keys is not None:
print("Proximity Keys:")
for name, key_bytes in keys:
print(f" {name}: {hexdump(key_bytes)}")
break
finally:
sock.close()
if __name__ == "__main__":
main()bash
Save file:
#[For nano] Ctrl+O -> Enter -> Ctrl+X
#[For vim] ESC -> type ":wq" -> Enter
chmod +x get_ble_keys.pybluetoothctl scan on
# Wait for devices to appear, record MAC address (format: XX:XX:XX:XX:XX:XX)
# Press Ctrl+C to stop scanning- Connect device to
Ubuntu Bluetooth - Open:
System Settings->Bluetooth - Click on connected device name (not the switch)
- View
MAC addressin popup interface
sudo python3 get_ble_keys.py FC:XX:XX:XX:XX:XX
# ake sure the filename you are running matches the filename in the Python code snippet
# Replace XX with the obtained MAC address and run directly| Parameter | Explanation | How to Obtain |
|---|---|---|
| sudo | Administrator privileges | Required for hardware access |
| python3 | Python interpreter | Pre-installed with Ubuntu |
| get_ble_keys.py | Script filename | User-created script file |
| FC:55:57:61:9B:D3 | Target device MAC address | Obtained via Bluetooth scanning or connected device (replace with your actual address) |
Proximity Keys:
IRK: C7 A2 09 96 8D E9 3B 0D E3 55 77 57 B5 E9 7A 32
ENC_KEY: BB 5E E6 45 5E A9 EA 79 68 83 EE 40 B3 FB D8 E9
- IRK (Identity Resolving Key): Device identity resolution key for identifying privacy address devices
- ENC_KEY (Long Term Key): Long-term encryption key for secure communication
- All software used are official free versions
- Python code is sourced from open-source projects, for educational research purposes only
- Please use only on your own devices or authorized devices
- Must ensure Windows host Bluetooth is completely disabled
- Must verify lsusb | grep -i bluetooth can detect the device
- MAC address must be accurate, otherwise cannot connect to device
- Permission errors: Confirm using
sudo - Device not found: Check if MAC address is correct
- Connection failed: Confirm device is in range and discoverable
- No output: Device may not support this protocol
- Environment preparation: Windows Bluetooth off -> VMware connect device -> Ubuntu verify recognition
- Software installation: Install necessary dependency packages and Python libraries
- Script deployment: Create and configure extraction script
- Target acquisition: Scan or view connected devices to obtain MAC address
- Execution extraction: Run script and record output results
- Environment restoration: Disconnect device -> Restore Windows Bluetooth function
- 🎯 Primary purpose: Provide Bluetooth keys for
Capod APPadvanced settings - 🐧 Compatible systems:
Ubuntu 24.04LTS on VMware - 📦 Software sources: All software are official free versions
- 💻 Code source:
GitHub d4rken-org/capod project @kavishdevar. - 🔬 Usage purpose: Limited to educational research and authorized testing