diff --git a/applications/plugins/flipfrid/flipfrid.h b/applications/plugins/flipfrid/flipfrid.h index 5417817e9..b9c17e659 100644 --- a/applications/plugins/flipfrid/flipfrid.h +++ b/applications/plugins/flipfrid/flipfrid.h @@ -31,6 +31,7 @@ typedef enum { typedef enum { EM4100, HIDProx, + PAC, } FlipFridProtos; typedef enum { diff --git a/applications/plugins/flipfrid/scene/flipfrid_scene_entrypoint.c b/applications/plugins/flipfrid/scene/flipfrid_scene_entrypoint.c index c709572e3..a7337b3ce 100644 --- a/applications/plugins/flipfrid/scene/flipfrid_scene_entrypoint.c +++ b/applications/plugins/flipfrid/scene/flipfrid_scene_entrypoint.c @@ -1,7 +1,7 @@ #include "flipfrid_scene_entrypoint.h" string_t menu_items[4]; -string_t menu_proto_items[2]; +string_t menu_proto_items[3]; void flipfrid_scene_entrypoint_menu_callback( FlipFridState* context, @@ -41,6 +41,10 @@ void flipfrid_scene_entrypoint_menu_callback( context->proto = HIDProx; string_set_str(context->proto_name, "HIDProx"); break; + case PAC: + context->proto = PAC; + string_set_str(context->proto_name, "PAC/Stanley"); + break; default: break; } @@ -66,12 +70,13 @@ void flipfrid_scene_entrypoint_on_enter(FlipFridState* context) { string_set(menu_items[3], "Load uids from file"); context->menu_proto_index = 0; - for(uint32_t i = 0; i < 2; i++) { + for(uint32_t i = 0; i < 3; i++) { string_init(menu_proto_items[i]); } string_set(menu_proto_items[0], "EM4100"); string_set(menu_proto_items[1], "HIDProx"); + string_set(menu_proto_items[2], "PAC/Stanley"); } void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) { @@ -80,7 +85,7 @@ void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) { string_clear(menu_items[i]); } - for(uint32_t i = 0; i < 2; i++) { + for(uint32_t i = 0; i < 3; i++) { string_clear(menu_proto_items[i]); } } @@ -109,7 +114,7 @@ void flipfrid_scene_entrypoint_on_event(FlipFridEvent event, FlipFridState* cont } break; case InputKeyRight: - if(context->menu_proto_index < HIDProx) { + if(context->menu_proto_index < PAC) { context->menu_proto_index++; } break; @@ -167,7 +172,7 @@ void flipfrid_scene_entrypoint_on_draw(Canvas* canvas, FlipFridState* context) { } canvas_set_font(canvas, FontPrimary); - canvas_draw_str_aligned(canvas, 34, 4, AlignCenter, AlignTop, "<"); + canvas_draw_str_aligned(canvas, 27, 4, AlignCenter, AlignTop, "<"); canvas_set_font(canvas, FontPrimary); canvas_draw_str_aligned( @@ -179,9 +184,9 @@ void flipfrid_scene_entrypoint_on_draw(Canvas* canvas, FlipFridState* context) { string_get_cstr(menu_proto_items[context->menu_proto_index])); canvas_set_font(canvas, FontPrimary); - canvas_draw_str_aligned(canvas, 94, 4, AlignCenter, AlignTop, ">"); + canvas_draw_str_aligned(canvas, 101, 4, AlignCenter, AlignTop, ">"); - if(context->menu_proto_index < HIDProx) { + if(context->menu_proto_index < PAC) { canvas_set_font(canvas, FontSecondary); canvas_draw_str_aligned( canvas, diff --git a/applications/plugins/flipfrid/scene/flipfrid_scene_load_file.c b/applications/plugins/flipfrid/scene/flipfrid_scene_load_file.c index 687a861c9..10ae624cf 100644 --- a/applications/plugins/flipfrid/scene/flipfrid_scene_load_file.c +++ b/applications/plugins/flipfrid/scene/flipfrid_scene_load_file.c @@ -44,6 +44,13 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) { string_set_str(context->notification_msg, "Unsupported Key type"); break; } + } else if(context->proto == PAC) { + if(strcmp(string_get_cstr(temp_str), "PAC/Stanley") != 0) { + FURI_LOG_E(TAG, "Unsupported Key type"); + string_reset(context->notification_msg); + string_set_str(context->notification_msg, "Unsupported Key type"); + break; + } } else { if(strcmp(string_get_cstr(temp_str), "HIDProx") != 0) { FURI_LOG_E(TAG, "Unsupported Key type"); @@ -70,6 +77,13 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) { string_set_str(context->notification_msg, "Incorrect Key length"); break; } + } else if(context->proto == PAC) { + if(string_size(context->data_str) != 11) { + FURI_LOG_E(TAG, "Incorrect Key length"); + string_reset(context->notification_msg); + string_set_str(context->notification_msg, "Incorrect Key length"); + break; + } } else { if(string_size(context->data_str) != 17) { FURI_LOG_E(TAG, "Incorrect Key length"); diff --git a/applications/plugins/flipfrid/scene/flipfrid_scene_run_attack.c b/applications/plugins/flipfrid/scene/flipfrid_scene_run_attack.c index 89f4c106b..f46955b2d 100644 --- a/applications/plugins/flipfrid/scene/flipfrid_scene_run_attack.c +++ b/applications/plugins/flipfrid/scene/flipfrid_scene_run_attack.c @@ -40,12 +40,34 @@ uint8_t id_list_hid[14][6] = { {0xCA, 0xCA, 0xCA, 0xCA, 0xCA, 0xCA}, // From arha }; +uint8_t id_list_pac[17][4] = { + {0x00, 0x00, 0x00, 0x00}, // Null bytes + {0xFF, 0xFF, 0xFF, 0xFF}, // Only FF + {0x11, 0x11, 0x11, 0x11}, // Only 11 + {0x22, 0x22, 0x22, 0x22}, // Only 22 + {0x33, 0x33, 0x33, 0x33}, // Only 33 + {0x44, 0x44, 0x44, 0x44}, // Only 44 + {0x55, 0x55, 0x55, 0x55}, // Only 55 + {0x66, 0x66, 0x66, 0x66}, // Only 66 + {0x77, 0x77, 0x77, 0x77}, // Only 77 + {0x88, 0x88, 0x88, 0x88}, // Only 88 + {0x99, 0x99, 0x99, 0x99}, // Only 99 + {0x12, 0x34, 0x56, 0x78}, // Incremental UID + {0x9A, 0x78, 0x56, 0x34}, // Decremental UID + {0x04, 0xd0, 0x9b, 0x0d}, // From arha + {0x34, 0x00, 0x29, 0x3d}, // From arha + {0x04, 0xdf, 0x00, 0x00}, // From arha + {0xCA, 0xCA, 0xCA, 0xCA}, // From arha +}; + void flipfrid_scene_run_attack_on_enter(FlipFridState* context) { context->attack_step = 0; context->dict = protocol_dict_alloc(lfrfid_protocols, LFRFIDProtocolMax); context->worker = lfrfid_worker_alloc(context->dict); if(context->proto == HIDProx) { context->protocol = protocol_dict_get_protocol_by_name(context->dict, "HIDProx"); + } else if(context->proto == PAC) { + context->protocol = protocol_dict_get_protocol_by_name(context->dict, "PAC/Stanley"); } else { context->protocol = protocol_dict_get_protocol_by_name(context->dict, "EM4100"); } @@ -79,7 +101,23 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { context->payload[3] = id_list[context->attack_step][3]; context->payload[4] = id_list[context->attack_step][4]; - if(context->attack_step == 15) { + if(context->attack_step == 16) { + context->attack_step = 0; + counter = 0; + context->is_attacking = false; + notification_message(context->notify, &sequence_blink_stop); + notification_message(context->notify, &sequence_single_vibro); + } else { + context->attack_step++; + } + break; + } else if(context->proto == PAC) { + context->payload[0] = id_list_pac[context->attack_step][0]; + context->payload[1] = id_list_pac[context->attack_step][1]; + context->payload[2] = id_list_pac[context->attack_step][2]; + context->payload[3] = id_list_pac[context->attack_step][3]; + + if(context->attack_step == 16) { context->attack_step = 0; counter = 0; context->is_attacking = false; @@ -97,7 +135,7 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { context->payload[4] = id_list_hid[context->attack_step][4]; context->payload[5] = id_list_hid[context->attack_step][5]; - if(context->attack_step == 15) { + if(context->attack_step == 13) { context->attack_step = 0; counter = 0; context->is_attacking = false; @@ -118,6 +156,22 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { context->payload[3] = 0x00; context->payload[4] = 0x00; + if(context->attack_step == 255) { + context->attack_step = 0; + counter = 0; + context->is_attacking = false; + notification_message(context->notify, &sequence_blink_stop); + notification_message(context->notify, &sequence_single_vibro); + } else { + context->attack_step++; + } + break; + } else if(context->proto == PAC) { + context->payload[0] = context->attack_step; + context->payload[1] = 0x00; + context->payload[2] = 0x00; + context->payload[3] = 0x00; + if(context->attack_step == 255) { context->attack_step = 0; counter = 0; @@ -158,6 +212,25 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { context->payload[context->key_index] = context->attack_step; + if(context->attack_step == 255) { + context->attack_step = 0; + counter = 0; + context->is_attacking = false; + notification_message(context->notify, &sequence_blink_stop); + notification_message(context->notify, &sequence_single_vibro); + break; + } else { + context->attack_step++; + } + break; + } else if(context->proto == PAC) { + context->payload[0] = context->data[0]; + context->payload[1] = context->data[1]; + context->payload[2] = context->data[2]; + context->payload[3] = context->data[3]; + + context->payload[context->key_index] = context->attack_step; + if(context->attack_step == 255) { context->attack_step = 0; counter = 0; @@ -194,6 +267,7 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { case FlipFridAttackLoadFileCustomUids: if(context->proto == EM4100) { + bool end_of_list = false; while(true) { string_reset(context->data_str); if(!stream_read_line(context->uids_stream, context->data_str)) { @@ -203,14 +277,23 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { notification_message(context->notify, &sequence_blink_stop); notification_message(context->notify, &sequence_single_vibro); stream_rewind(context->uids_stream); + end_of_list = true; break; }; if(string_get_char(context->data_str, 0) == '#') continue; - if(string_size(context->data_str) != 11) continue; + if(string_size(context->data_str) != 11) break; break; } + if(end_of_list) break; FURI_LOG_D(TAG, string_get_cstr(context->data_str)); - if(string_size(context->data_str) != 11) break; + if(string_size(context->data_str) != 11) { + context->attack_step = 0; + counter = 0; + context->is_attacking = false; + notification_message(context->notify, &sequence_blink_stop); + notification_message(context->notify, &sequence_error); + break; + }; // string is valid, parse it in context->payload for(uint8_t i = 0; i < 5; i++) { @@ -221,7 +304,8 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { context->payload[i] = (uint8_t)strtol(temp_str, NULL, 16); } break; - } else { + } else if(context->proto == PAC) { + bool end_of_list = false; while(true) { string_reset(context->data_str); if(!stream_read_line(context->uids_stream, context->data_str)) { @@ -231,14 +315,61 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { notification_message(context->notify, &sequence_blink_stop); notification_message(context->notify, &sequence_single_vibro); stream_rewind(context->uids_stream); + end_of_list = true; break; }; if(string_get_char(context->data_str, 0) == '#') continue; - if(string_size(context->data_str) != 13) continue; + if(string_size(context->data_str) != 9) break; + break; + } + if(end_of_list) break; + FURI_LOG_D(TAG, string_get_cstr(context->data_str)); + if(string_size(context->data_str) != 9) { + context->attack_step = 0; + counter = 0; + context->is_attacking = false; + notification_message(context->notify, &sequence_blink_stop); + notification_message(context->notify, &sequence_error); + break; + }; + + // string is valid, parse it in context->payload + for(uint8_t i = 0; i < 4; i++) { + char temp_str[3]; + temp_str[0] = string_get_cstr(context->data_str)[i * 2]; + temp_str[1] = string_get_cstr(context->data_str)[i * 2 + 1]; + temp_str[2] = '\0'; + context->payload[i] = (uint8_t)strtol(temp_str, NULL, 16); + } + break; + } else { + bool end_of_list = false; + while(true) { + string_reset(context->data_str); + if(!stream_read_line(context->uids_stream, context->data_str)) { + context->attack_step = 0; + counter = 0; + context->is_attacking = false; + notification_message(context->notify, &sequence_blink_stop); + notification_message(context->notify, &sequence_single_vibro); + stream_rewind(context->uids_stream); + end_of_list = true; + break; + }; + if(string_get_char(context->data_str, 0) == '#') continue; + if(string_size(context->data_str) != 13) break; break; } FURI_LOG_D(TAG, string_get_cstr(context->data_str)); - if(string_size(context->data_str) != 13) break; + if(end_of_list) break; + if(string_size(context->data_str) != 13) { + context->attack_step = 0; + counter = 0; + context->is_attacking = false; + notification_message(context->notify, &sequence_blink_stop); + notification_message(context->notify, &sequence_error); + break; + }; // string is valid, parse it in context->payload for(uint8_t i = 0; i < 6; i++) { @@ -252,11 +383,24 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) { } } } - - if(counter > TIME_BETWEEN_CARDS) { - counter = 0; + if(context->proto == PAC) { + if(counter > 10) { + counter = 0; + } else { + counter++; + } + } else if(context->proto == HIDProx) { + if(counter > 10) { + counter = 0; + } else { + counter++; + } } else { - counter++; + if(counter > TIME_BETWEEN_CARDS) { + counter = 0; + } else { + counter++; + } } } } @@ -321,6 +465,15 @@ void flipfrid_scene_run_attack_on_draw(Canvas* canvas, FlipFridState* context) { context->payload[3], context->payload[4], context->payload[5]); + } else if(context->proto == PAC) { + snprintf( + uid, + sizeof(uid), + "%02X:%02X:%02X:%02X", + context->payload[0], + context->payload[1], + context->payload[2], + context->payload[3]); } else { snprintf( uid, @@ -333,9 +486,12 @@ void flipfrid_scene_run_attack_on_draw(Canvas* canvas, FlipFridState* context) { context->payload[4]); } - canvas_draw_str_aligned(canvas, 64, 24, AlignCenter, AlignTop, uid); + canvas_draw_str_aligned(canvas, 64, 36, AlignCenter, AlignTop, uid); canvas_set_font(canvas, FontSecondary); + + canvas_draw_str_aligned( + canvas, 64, 22, AlignCenter, AlignTop, string_get_cstr(context->proto_name)); //char start_stop_msg[20]; if(context->is_attacking) { elements_button_center(canvas, "Stop"); diff --git a/assets/resources/rfidfuzzer/example_uids.txt b/assets/resources/rfidfuzzer/example_uids_em4100.txt similarity index 100% rename from assets/resources/rfidfuzzer/example_uids.txt rename to assets/resources/rfidfuzzer/example_uids_em4100.txt diff --git a/assets/resources/rfidfuzzer/example_uids_hidprox.txt b/assets/resources/rfidfuzzer/example_uids_hidprox.txt new file mode 100644 index 000000000..88683caf1 --- /dev/null +++ b/assets/resources/rfidfuzzer/example_uids_hidprox.txt @@ -0,0 +1,8 @@ +# Example file, P.S. keep empty line at the end! +000000000000 +00FE00000000 +00CAFE000000 +0000CAFE0000 +000000CAFE00 +00000000CAFE +0000000000CA diff --git a/assets/resources/rfidfuzzer/example_uids_pac.txt b/assets/resources/rfidfuzzer/example_uids_pac.txt new file mode 100644 index 000000000..56ed2069b --- /dev/null +++ b/assets/resources/rfidfuzzer/example_uids_pac.txt @@ -0,0 +1,8 @@ +# Example file, P.S. keep empty line at the end! +00000000 +F0000000 +FE000000 +CAFE0000 +00CAFE00 +0000CAFE +000000CA