Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-05-22 05:14:46 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fuzzer App: use FuzzerPayload & smal fixes

Browse Source
This commit is contained in:
gid9798
2023-06-07 11:51:15 +03:00
parent 28f4cd3d3c
commit 6ce098064a
15 changed files with 96 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
applications/external/pacs_fuzzer/fuzzer.c vendored
View File

@@ -26,6 +26,7 @@ PacsFuzzerApp* fuzzer_app_alloc() {
app->fuzzer_state.proto_index = 0; app->fuzzer_state.proto_index = 0;
app->worker = fuzzer_worker_alloc(); app->worker = fuzzer_worker_alloc();
app->payload = fuzzer_payload_alloc();
app->file_path = furi_string_alloc(); app->file_path = furi_string_alloc();
@@ -114,6 +115,7 @@ void fuzzer_app_free(PacsFuzzerApp* app) {
furi_string_free(app->file_path); furi_string_free(app->file_path);
fuzzer_payload_free(app->payload);
fuzzer_worker_free(app->worker); fuzzer_worker_free(app->worker);
free(app); free(app);

1
applications/external/pacs_fuzzer/fuzzer_i.h vendored
View File

@@ -51,4 +51,5 @@ typedef struct {
FuzzerConsts* fuzzer_const; FuzzerConsts* fuzzer_const;
FuzzerWorker* worker; FuzzerWorker* worker;
FuzzerPayload* payload;
} PacsFuzzerApp; } PacsFuzzerApp;

42
applications/external/pacs_fuzzer/lib/worker/fake_worker.c vendored
View File

@@ -38,8 +38,8 @@ struct FuzzerWorker {
const FuzzerProtocol* protocol; const FuzzerProtocol* protocol;
FuzzerWorkerAttackType attack_type; FuzzerWorkerAttackType attack_type;
uint8_t timer_idle_time; uint16_t timer_idle_time_ms;
uint8_t timer_emu_time; uint16_t timer_emu_time_ms;
uint8_t payload[MAX_PAYLOAD_SIZE]; uint8_t payload[MAX_PAYLOAD_SIZE];
Stream* uids_stream; Stream* uids_stream;
@@ -157,7 +157,7 @@ static void fuzzer_worker_on_tick_callback(void* context) {
#endif #endif
} }
instance->in_emu_phase = false; instance->in_emu_phase = false;
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_idle_time * 100)); furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_idle_time_ms));
} else { } else {
if(!fuzzer_worker_load_key(instance, true)) { if(!fuzzer_worker_load_key(instance, true)) {
fuzzer_worker_pause(instance); // XXX fuzzer_worker_pause(instance); // XXX
@@ -173,7 +173,7 @@ static void fuzzer_worker_on_tick_callback(void* context) {
#endif #endif
} }
instance->in_emu_phase = true; instance->in_emu_phase = true;
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time * 100)); furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time_ms));
if(instance->tick_callback) { if(instance->tick_callback) {
instance->tick_callback(instance->tick_context); instance->tick_callback(instance->tick_context);
} }
@@ -187,7 +187,6 @@ void fuzzer_worker_get_current_key(FuzzerWorker* instance, FuzzerPayload* output
furi_assert(instance->protocol); furi_assert(instance->protocol);
output_key->data_size = instance->protocol->data_size; output_key->data_size = instance->protocol->data_size;
output_key->data = malloc(sizeof(output_key->data_size));
memcpy(output_key->data, instance->payload, instance->protocol->data_size); memcpy(output_key->data, instance->payload, instance->protocol->data_size);
} }
@@ -258,7 +257,7 @@ bool fuzzer_worker_init_attack_file_dict(
bool fuzzer_worker_init_attack_bf_byte( bool fuzzer_worker_init_attack_bf_byte(
FuzzerWorker* instance, FuzzerWorker* instance,
FuzzerProtocolsID protocol_index, FuzzerProtocolsID protocol_index,
const uint8_t* uid, const FuzzerPayload* new_uid,
uint8_t chusen) { uint8_t chusen) {
furi_assert(instance); furi_assert(instance);
@@ -268,7 +267,7 @@ bool fuzzer_worker_init_attack_bf_byte(
instance->attack_type = FuzzerWorkerAttackTypeLoadFile; instance->attack_type = FuzzerWorkerAttackTypeLoadFile;
instance->index = chusen; instance->index = chusen;
memcpy(instance->payload, uid, instance->protocol->data_size); memcpy(instance->payload, new_uid->data, instance->protocol->data_size);
res = true; res = true;
@@ -349,8 +348,8 @@ FuzzerWorker* fuzzer_worker_alloc() {
memset(instance->payload, 0x00, sizeof(instance->payload)); memset(instance->payload, 0x00, sizeof(instance->payload));
instance->timer_idle_time = PROTOCOL_DEF_IDLE_TIME; instance->timer_idle_time_ms = PROTOCOL_DEF_IDLE_TIME * 100;
instance->timer_emu_time = PROTOCOL_DEF_EMU_TIME; instance->timer_emu_time_ms = PROTOCOL_DEF_EMU_TIME * 100;
instance->timer = instance->timer =
furi_timer_alloc(fuzzer_worker_on_tick_callback, FuriTimerTypeOnce, instance); furi_timer_alloc(fuzzer_worker_on_tick_callback, FuriTimerTypeOnce, instance);
@@ -383,17 +382,22 @@ bool fuzzer_worker_start(FuzzerWorker* instance, uint8_t idle_time, uint8_t emu_
furi_assert(instance); furi_assert(instance);
if(instance->attack_type < FuzzerWorkerAttackTypeMax) { if(instance->attack_type < FuzzerWorkerAttackTypeMax) {
// if(emu_time == 0) { if(idle_time == 0) {
// uint8_t temp = idle_time / 2; instance->timer_idle_time_ms = 10;
// instance->timer_emu_time = temp; } else {
// instance->timer_idle_time = temp + idle_time % 2; instance->timer_idle_time_ms = idle_time * 100;
// } else { }
instance->timer_idle_time = idle_time; if(emu_time == 0) {
instance->timer_emu_time = emu_time; instance->timer_emu_time_ms = 10;
// } } else {
instance->timer_emu_time_ms = emu_time * 100;
}
FURI_LOG_D( FURI_LOG_D(
TAG, "Emu_time %u Idle_time %u", instance->timer_emu_time, instance->timer_idle_time); TAG,
"Emu_time %u ms Idle_time %u ms",
instance->timer_emu_time_ms,
instance->timer_idle_time_ms);
if(!instance->treead_running) { if(!instance->treead_running) {
#if defined(RFID_125_PROTOCOL) #if defined(RFID_125_PROTOCOL)
@@ -415,7 +419,7 @@ bool fuzzer_worker_start(FuzzerWorker* instance, uint8_t idle_time, uint8_t emu_
ibutton_worker_emulate_start(instance->proto_worker, instance->key); ibutton_worker_emulate_start(instance->proto_worker, instance->key);
#endif #endif
instance->in_emu_phase = true; instance->in_emu_phase = true;
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time * 100)); furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time_ms));
return true; return true;
} }
return false; return false;

6
applications/external/pacs_fuzzer/lib/worker/fake_worker.h vendored
View File

@@ -82,21 +82,21 @@ bool fuzzer_worker_init_attack_file_dict(
* *
* @param instance Pointer to a FuzzerWorker * @param instance Pointer to a FuzzerWorker
* @param protocol_index index of the selected protocol * @param protocol_index index of the selected protocol
* @param uid UID for brute force * @param new_uid Pointer to a FuzzerPayload with UID for brute force
* @param chosen index of chusen byte * @param chosen index of chusen byte
* @return bool True if initialization is successful * @return bool True if initialization is successful
*/ */
bool fuzzer_worker_init_attack_bf_byte( bool fuzzer_worker_init_attack_bf_byte(
FuzzerWorker* instance, FuzzerWorker* instance,
FuzzerProtocolsID protocol_index, FuzzerProtocolsID protocol_index,
const uint8_t* uid, const FuzzerPayload* new_uid,
uint8_t chusen); uint8_t chusen);
/** /**
* Get current UID * Get current UID
* *
* @param instance Pointer to a FuzzerWorker * @param instance Pointer to a FuzzerWorker
* @param output_key Pointer to a FuzzerWorker, memory for data will be allocated * @param output_key Pointer to a FuzzerPayload
*/ */
void fuzzer_worker_get_current_key(FuzzerWorker* instance, FuzzerPayload* output_key); void fuzzer_worker_get_current_key(FuzzerWorker* instance, FuzzerPayload* output_key);

16
applications/external/pacs_fuzzer/lib/worker/protocol.c vendored
View File

@@ -242,6 +242,22 @@ const FuzzerMenuItems fuzzer_menu_items[] = {
{"Load UIDs from file", FuzzerAttackIdLoadFileCustomUids}, {"Load UIDs from file", FuzzerAttackIdLoadFileCustomUids},
}; };
FuzzerPayload* fuzzer_payload_alloc() {
FuzzerPayload* payload = malloc(sizeof(FuzzerPayload));
payload->data = malloc(sizeof(payload->data[0]) * MAX_PAYLOAD_SIZE);
return payload;
}
void fuzzer_payload_free(FuzzerPayload* payload) {
furi_assert(payload);
if(payload->data) {
free(payload->data);
}
free(payload);
}
const char* fuzzer_proto_get_name(FuzzerProtocolsID index) { const char* fuzzer_proto_get_name(FuzzerProtocolsID index) {
return fuzzer_proto_items[index].name; return fuzzer_proto_items[index].name;
} }

14
applications/external/pacs_fuzzer/lib/worker/protocol.h vendored
View File

@@ -31,6 +31,20 @@ struct FuzzerPayload {
uint8_t data_size; uint8_t data_size;
}; };
/**
* Allocate FuzzerPayload
*
* @return FuzzerPayload* pointer to FuzzerPayload
*/
FuzzerPayload* fuzzer_payload_alloc();
/**
* Free FuzzerPayload
*
* @param instance Pointer to a FuzzerPayload
*/
void fuzzer_payload_free(FuzzerPayload*);
/** /**
* Get maximum length of UID among all supported protocols * Get maximum length of UID among all supported protocols
* @return Maximum length of UID * @return Maximum length of UID

12
applications/external/pacs_fuzzer/lib/worker/protocol_i.h vendored
View File

@@ -19,7 +19,7 @@ typedef struct FuzzerProtocol FuzzerProtocol;
struct ProtoDict { struct ProtoDict {
const uint8_t* val; const uint8_t* val;
const uint8_t len; // TODO const uint8_t len;
}; };
struct FuzzerProtocol { struct FuzzerProtocol {
@@ -34,20 +34,10 @@ struct FuzzerProtocol {
// #define FUZZ_TIME_DELAY_DEFAULT (10) // #define FUZZ_TIME_DELAY_DEFAULT (10)
// #define FUZZ_TIME_DELAY_MAX (70) // #define FUZZ_TIME_DELAY_MAX (70)
// #define FUZZER_APP_CUSTOM_DICT_EXTENSION ".txt"
// #define FUZZER_APP_CUSTOM_DICT_FOLDER "/ext/rfidfuzzer"
// #define FUZZER_APP_KEY_EXTENSION ".rfid"
// #define FUZZER_APP_PATH_KEY_FOLDER "/ext/lfrfid"
// #define MAX_PAYLOAD_SIZE 8 // #define MAX_PAYLOAD_SIZE 8
// #define FUZZ_TIME_DELAY_MIN (4) // #define FUZZ_TIME_DELAY_MIN (4)
// #define FUZZ_TIME_DELAY_DEFAULT (8) // #define FUZZ_TIME_DELAY_DEFAULT (8)
// #define FUZZ_TIME_DELAY_MAX (80) // #define FUZZ_TIME_DELAY_MAX (80)
// #define FUZZER_APP_CUSTOM_DICT_EXTENSION ".txt"
// #define FUZZER_APP_CUSTOM_DICT_FOLDER "/ext/ibtnfuzzer"
// #define FUZZER_APP_KEY_EXTENSION ".ibtn"
// #define FUZZER_APP_PATH_KEY_FOLDER "/ext/ibutton"
extern const FuzzerProtocol fuzzer_proto_items[]; extern const FuzzerProtocol fuzzer_proto_items[];

13
applications/external/pacs_fuzzer/scenes/fuzzer_scene_attack.c vendored
View File

@@ -1,8 +1,6 @@
#include "../fuzzer_i.h" #include "../fuzzer_i.h"
#include "../helpers/fuzzer_custom_event.h" #include "../helpers/fuzzer_custom_event.h"
// TODO simlify callbacks and attack state
const NotificationSequence sequence_one_green_50_on_blink_blue = { const NotificationSequence sequence_one_green_50_on_blink_blue = {
&message_red_255, &message_red_255,
&message_delay_50, &message_delay_50,
@@ -18,12 +16,9 @@ static void fuzzer_scene_attack_update_uid(PacsFuzzerApp* app) {
furi_assert(app->worker); furi_assert(app->worker);
furi_assert(app->attack_view); furi_assert(app->attack_view);
FuzzerPayload uid; fuzzer_worker_get_current_key(app->worker, app->payload);
fuzzer_worker_get_current_key(app->worker, &uid);
fuzzer_view_attack_set_uid(app->attack_view, uid); fuzzer_view_attack_set_uid(app->attack_view, app->payload);
free(uid.data);
} }
static void fuzzer_scene_attack_set_state(PacsFuzzerApp* app, FuzzerAttackState state) { static void fuzzer_scene_attack_set_state(PacsFuzzerApp* app, FuzzerAttackState state) {
@@ -127,7 +122,6 @@ bool fuzzer_scene_attack_on_event(void* context, SceneManagerEvent event) {
if(scene_manager_get_scene_state(app->scene_manager, FuzzerSceneAttack) == if(scene_manager_get_scene_state(app->scene_manager, FuzzerSceneAttack) ==
FuzzerAttackStateIdle) { FuzzerAttackStateIdle) {
// Start or Continue Attack // Start or Continue Attack
// TODO emu_time
if(fuzzer_worker_start( if(fuzzer_worker_start(
app->worker, app->worker,
fuzzer_view_attack_get_time_delay(app->attack_view), fuzzer_view_attack_get_time_delay(app->attack_view),
@@ -160,7 +154,8 @@ void fuzzer_scene_attack_on_exit(void* context) {
furi_assert(context); furi_assert(context);
PacsFuzzerApp* app = context; PacsFuzzerApp* app = context;
// fuzzer_worker_stop(); // XXX // XXX the scene has no descendants, and the return will be processed in on_event
// fuzzer_worker_stop();
fuzzer_worker_set_uid_chaged_callback(app->worker, NULL, NULL); fuzzer_worker_set_uid_chaged_callback(app->worker, NULL, NULL);
fuzzer_worker_set_end_callback(app->worker, NULL, NULL); fuzzer_worker_set_end_callback(app->worker, NULL, NULL);

11
applications/external/pacs_fuzzer/scenes/fuzzer_scene_field_editor.c vendored
View File

@@ -14,12 +14,9 @@ void fuzzer_scene_field_editor_on_enter(void* context) {
fuzzer_view_field_editor_set_callback( fuzzer_view_field_editor_set_callback(
app->field_editor_view, fuzzer_scene_field_editor_callback, app); app->field_editor_view, fuzzer_scene_field_editor_callback, app);
FuzzerPayload uid; fuzzer_worker_get_current_key(app->worker, app->payload);
fuzzer_worker_get_current_key(app->worker, &uid);
fuzzer_view_field_editor_reset_data(app->field_editor_view, uid); fuzzer_view_field_editor_reset_data(app->field_editor_view, app->payload);
free(uid.data);
view_dispatcher_switch_to_view(app->view_dispatcher, FuzzerViewIDFieldEditor); view_dispatcher_switch_to_view(app->view_dispatcher, FuzzerViewIDFieldEditor);
} }
@@ -37,11 +34,11 @@ bool fuzzer_scene_field_editor_on_event(void* context, SceneManagerEvent event)
} }
consumed = true; consumed = true;
} else if(event.event == FuzzerCustomEventViewFieldEditorOk) { } else if(event.event == FuzzerCustomEventViewFieldEditorOk) {
// TODO fuzzer_view_field_editor_get_uid(app->field_editor_view, app->payload);
if(fuzzer_worker_init_attack_bf_byte( if(fuzzer_worker_init_attack_bf_byte(
app->worker, app->worker,
app->fuzzer_state.proto_index, app->fuzzer_state.proto_index,
fuzzer_view_field_editor_get_uid(app->field_editor_view), app->payload,
fuzzer_view_field_editor_get_index(app->field_editor_view))) { fuzzer_view_field_editor_get_index(app->field_editor_view))) {
scene_manager_next_scene(app->scene_manager, FuzzerSceneAttack); scene_manager_next_scene(app->scene_manager, FuzzerSceneAttack);
} }

9
applications/external/pacs_fuzzer/scenes/fuzzer_scene_main.c vendored
View File

@@ -103,8 +103,6 @@ bool fuzzer_scene_main_on_event(void* context, SceneManagerEvent event) {
// TODO error logic // TODO error logic
bool loading_ok = false; bool loading_ok = false;
uint8_t d_size = fuzzer_proto_get_max_data_size();
uint8_t* uid;
switch(fuzzer_proto_get_attack_id_by_index(app->fuzzer_state.menu_index)) { switch(fuzzer_proto_get_attack_id_by_index(app->fuzzer_state.menu_index)) {
case FuzzerAttackIdDefaultValues: case FuzzerAttackIdDefaultValues:
@@ -119,13 +117,12 @@ bool fuzzer_scene_main_on_event(void* context, SceneManagerEvent event) {
break; break;
case FuzzerAttackIdBFCustomerID: case FuzzerAttackIdBFCustomerID:
// TODO // TODO
uid = malloc(d_size); app->payload->data_size = fuzzer_proto_get_max_data_size();
memset(uid, 0x00, d_size); memset(app->payload->data, 0x00, app->payload->data_size);
loading_ok = fuzzer_worker_init_attack_bf_byte( loading_ok = fuzzer_worker_init_attack_bf_byte(
app->worker, app->fuzzer_state.proto_index, uid, 0); app->worker, app->fuzzer_state.proto_index, app->payload, 0);
free(uid);
if(!loading_ok) { if(!loading_ok) {
// error // error
} }

4
applications/external/pacs_fuzzer/todo.md vendored
View File

@@ -31,9 +31,13 @@
- [ ] Decide on the display - [ ] Decide on the display
- [x] UID - [x] UID
- [x] Simplify the storage and exchange of `uids.data` `uid.data_size` in `views` - [x] Simplify the storage and exchange of `uids.data` `uid.data_size` in `views`
- [x] Using `FuzzerPayload` to store the uid
- [x] `UID_MAX_SIZE` - [x] `UID_MAX_SIZE`
- [x] Add pause - [x] Add pause
- [x] Fix `Custom dict` attack when ended - [x] Fix `Custom dict` attack when ended
- [ ] Pause V2
- [ ] Save logic
- [ ] Switching UIDs if possible
- [ ] Worker - [ ] Worker
- [ ] Use `prtocol_id` instead of protocol name - [ ] Use `prtocol_id` instead of protocol name
- [x] this can be simplified `fuzzer_proto_items` - [x] this can be simplified `fuzzer_proto_items`

10
applications/external/pacs_fuzzer/views/attack.c vendored
View File

@@ -48,17 +48,17 @@ void fuzzer_view_attack_reset_data(
true); true);
} }
void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload uid) { void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload* uid) {
furi_assert(view); furi_assert(view);
furi_assert(uid.data); furi_assert(uid->data);
with_view_model( with_view_model(
view->view, view->view,
FuzzerViewAttackModel * model, FuzzerViewAttackModel * model,
{ {
furi_string_printf(model->uid_str, "%02X", uid.data[0]); furi_string_printf(model->uid_str, "%02X", uid->data[0]);
for(uint8_t i = 1; i < uid.data_size; i++) { for(uint8_t i = 1; i < uid->data_size; i++) {
furi_string_cat_printf(model->uid_str, ":%02X", uid.data[i]); furi_string_cat_printf(model->uid_str, ":%02X", uid->data[i]);
} }
}, },
true); true);

2
applications/external/pacs_fuzzer/views/attack.h vendored
View File

@@ -27,7 +27,7 @@ void fuzzer_view_attack_reset_data(
const char* attack_name, const char* attack_name,
const char* protocol_name); const char* protocol_name);
void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload uid); void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload* uid);
void fuzzer_view_attack_start(FuzzerViewAttack* view); void fuzzer_view_attack_start(FuzzerViewAttack* view);

20
applications/external/pacs_fuzzer/views/field_editor.c vendored
View File

@@ -49,27 +49,33 @@ void fuzzer_view_field_editor_set_callback(
void fuzzer_view_field_editor_reset_data( void fuzzer_view_field_editor_reset_data(
FuzzerViewFieldEditor* view_edit, FuzzerViewFieldEditor* view_edit,
const FuzzerPayload new_uid) { const FuzzerPayload* new_uid) {
furi_assert(view_edit); furi_assert(view_edit);
furi_assert(new_uid->data);
with_view_model( with_view_model(
view_edit->view, view_edit->view,
FuzzerViewFieldEditorModel * model, FuzzerViewFieldEditorModel * model,
{ {
memcpy(model->uid, new_uid.data, new_uid.data_size); memcpy(model->uid, new_uid->data, new_uid->data_size);
model->index = 0; model->index = 0;
model->lo = false; model->lo = false;
model->uid_size = new_uid.data_size; model->uid_size = new_uid->data_size;
}, },
true); true);
} }
const uint8_t* fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit) { void fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit, FuzzerPayload* output_uid) {
furi_assert(view_edit); furi_assert(view_edit);
uint8_t* uid; furi_assert(output_uid);
with_view_model( with_view_model(
view_edit->view, FuzzerViewFieldEditorModel * model, { uid = model->uid; }, true); view_edit->view,
return uid; FuzzerViewFieldEditorModel * model,
{
output_uid->data_size = model->uid_size;
memcpy(output_uid->data, model->uid, model->uid_size);
},
true);
} }
uint8_t fuzzer_view_field_editor_get_index(FuzzerViewFieldEditor* view_edit) { uint8_t fuzzer_view_field_editor_get_index(FuzzerViewFieldEditor* view_edit) {

5
applications/external/pacs_fuzzer/views/field_editor.h vendored
View File

@@ -21,9 +21,8 @@ View* fuzzer_view_field_editor_get_view(FuzzerViewFieldEditor* view_attack);
void fuzzer_view_field_editor_reset_data( void fuzzer_view_field_editor_reset_data(
FuzzerViewFieldEditor* view_edit, FuzzerViewFieldEditor* view_edit,
const FuzzerPayload new_uid); const FuzzerPayload* new_uid);
// TODO void fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit, FuzzerPayload* output_uid);
const uint8_t* fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit);
uint8_t fuzzer_view_field_editor_get_index(FuzzerViewFieldEditor* view_edit); uint8_t fuzzer_view_field_editor_get_index(FuzzerViewFieldEditor* view_edit);