Mirror/Momentum-Firmware
1
0
Fork 0
mirror of https://github.com/Next-Flip/Momentum-Firmware.git synced 2026-05-14 10:38:35 -07:00
Code Issues Packages Projects Releases Wiki Activity

rfid fuzzer H10301 support and bug fixes

Browse Source
This commit is contained in:
MX
2022-10-04 03:15:28 +03:00
parent 683c6254da
commit c0765c1114
6 changed files with 159 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
applications/plugins/flipfrid/flipfrid.h
View File

@@ -32,6 +32,7 @@ typedef enum {
EM4100, EM4100,
HIDProx, HIDProx,
PAC, PAC,
H10301,
} FlipFridProtos; } FlipFridProtos;
typedef enum { typedef enum {

15
applications/plugins/flipfrid/scene/flipfrid_scene_entrypoint.c
View File

@@ -1,7 +1,7 @@
#include "flipfrid_scene_entrypoint.h" #include "flipfrid_scene_entrypoint.h"
string_t menu_items[4]; string_t menu_items[4];
string_t menu_proto_items[3]; string_t menu_proto_items[4];
void flipfrid_scene_entrypoint_menu_callback( void flipfrid_scene_entrypoint_menu_callback(
FlipFridState* context, FlipFridState* context,
@@ -45,6 +45,10 @@ void flipfrid_scene_entrypoint_menu_callback(
context->proto = PAC; context->proto = PAC;
string_set_str(context->proto_name, "PAC/Stanley"); string_set_str(context->proto_name, "PAC/Stanley");
break; break;
case H10301:
context->proto = H10301;
string_set_str(context->proto_name, "H10301");
break;
default: default:
break; break;
} }
@@ -70,13 +74,14 @@ void flipfrid_scene_entrypoint_on_enter(FlipFridState* context) {
string_set(menu_items[3], "Load uids from file"); string_set(menu_items[3], "Load uids from file");
context->menu_proto_index = 0; context->menu_proto_index = 0;
for(uint32_t i = 0; i < 3; i++) { for(uint32_t i = 0; i < 4; i++) {
string_init(menu_proto_items[i]); string_init(menu_proto_items[i]);
} }
string_set(menu_proto_items[0], "EM4100"); string_set(menu_proto_items[0], "EM4100");
string_set(menu_proto_items[1], "HIDProx"); string_set(menu_proto_items[1], "HIDProx");
string_set(menu_proto_items[2], "PAC/Stanley"); string_set(menu_proto_items[2], "PAC/Stanley");
string_set(menu_proto_items[3], "H10301");
} }
void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) { void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) {
@@ -85,7 +90,7 @@ void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) {
string_clear(menu_items[i]); string_clear(menu_items[i]);
} }
for(uint32_t i = 0; i < 3; i++) { for(uint32_t i = 0; i < 4; i++) {
string_clear(menu_proto_items[i]); string_clear(menu_proto_items[i]);
} }
} }
@@ -114,7 +119,7 @@ void flipfrid_scene_entrypoint_on_event(FlipFridEvent event, FlipFridState* cont
} }
break; break;
case InputKeyRight: case InputKeyRight:
if(context->menu_proto_index < PAC) { if(context->menu_proto_index < H10301) {
context->menu_proto_index++; context->menu_proto_index++;
} }
break; break;
@@ -186,7 +191,7 @@ void flipfrid_scene_entrypoint_on_draw(Canvas* canvas, FlipFridState* context) {
canvas_set_font(canvas, FontPrimary); canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(canvas, 101, 4, AlignCenter, AlignTop, ">"); canvas_draw_str_aligned(canvas, 101, 4, AlignCenter, AlignTop, ">");
if(context->menu_proto_index < PAC) { if(context->menu_proto_index < H10301) {
canvas_set_font(canvas, FontSecondary); canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned( canvas_draw_str_aligned(
canvas, canvas,

14
applications/plugins/flipfrid/scene/flipfrid_scene_load_file.c
View File

@@ -51,6 +51,13 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) {
string_set_str(context->notification_msg, "Unsupported Key type"); string_set_str(context->notification_msg, "Unsupported Key type");
break; break;
} }
} else if(context->proto == H10301) {
if(strcmp(string_get_cstr(temp_str), "H10301") != 0) {
FURI_LOG_E(TAG, "Unsupported Key type");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Unsupported Key type");
break;
}
} else { } else {
if(strcmp(string_get_cstr(temp_str), "HIDProx") != 0) { if(strcmp(string_get_cstr(temp_str), "HIDProx") != 0) {
FURI_LOG_E(TAG, "Unsupported Key type"); FURI_LOG_E(TAG, "Unsupported Key type");
@@ -84,6 +91,13 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) {
string_set_str(context->notification_msg, "Incorrect Key length"); string_set_str(context->notification_msg, "Incorrect Key length");
break; break;
} }
} else if(context->proto == H10301) {
if(string_size(context->data_str) != 8) {
FURI_LOG_E(TAG, "Incorrect Key length");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Incorrect Key length");
break;
}
} else { } else {
if(string_size(context->data_str) != 17) { if(string_size(context->data_str) != 17) {
FURI_LOG_E(TAG, "Incorrect Key length"); FURI_LOG_E(TAG, "Incorrect Key length");

119
applications/plugins/flipfrid/scene/flipfrid_scene_run_attack.c
View File

@@ -60,6 +60,23 @@ uint8_t id_list_pac[17][4] = {
{0xCA, 0xCA, 0xCA, 0xCA}, // From arha {0xCA, 0xCA, 0xCA, 0xCA}, // From arha
}; };
uint8_t id_list_h[14][3] = {
{0x00, 0x00, 0x00}, // Null bytes
{0xFF, 0xFF, 0xFF}, // Only FF
{0x11, 0x11, 0x11}, // Only 11
{0x22, 0x22, 0x22}, // Only 22
{0x33, 0x33, 0x33}, // Only 33
{0x44, 0x44, 0x44}, // Only 44
{0x55, 0x55, 0x55}, // Only 55
{0x66, 0x66, 0x66}, // Only 66
{0x77, 0x77, 0x77}, // Only 77
{0x88, 0x88, 0x88}, // Only 88
{0x99, 0x99, 0x99}, // Only 99
{0x12, 0x34, 0x56}, // Incremental UID
{0x56, 0x34, 0x12}, // Decremental UID
{0xCA, 0xCA, 0xCA}, // From arha
};
void flipfrid_scene_run_attack_on_enter(FlipFridState* context) { void flipfrid_scene_run_attack_on_enter(FlipFridState* context) {
context->attack_step = 0; context->attack_step = 0;
context->dict = protocol_dict_alloc(lfrfid_protocols, LFRFIDProtocolMax); context->dict = protocol_dict_alloc(lfrfid_protocols, LFRFIDProtocolMax);
@@ -68,6 +85,8 @@ void flipfrid_scene_run_attack_on_enter(FlipFridState* context) {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "HIDProx"); context->protocol = protocol_dict_get_protocol_by_name(context->dict, "HIDProx");
} else if(context->proto == PAC) { } else if(context->proto == PAC) {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "PAC/Stanley"); context->protocol = protocol_dict_get_protocol_by_name(context->dict, "PAC/Stanley");
} else if(context->proto == H10301) {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "H10301");
} else { } else {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "EM4100"); context->protocol = protocol_dict_get_protocol_by_name(context->dict, "EM4100");
} }
@@ -127,6 +146,21 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->attack_step++; context->attack_step++;
} }
break; break;
} else if(context->proto == H10301) {
context->payload[0] = id_list_h[context->attack_step][0];
context->payload[1] = id_list_h[context->attack_step][1];
context->payload[2] = id_list_h[context->attack_step][2];
if(context->attack_step == 13) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
} else {
context->attack_step++;
}
break;
} else { } else {
context->payload[0] = id_list_hid[context->attack_step][0]; context->payload[0] = id_list_hid[context->attack_step][0];
context->payload[1] = id_list_hid[context->attack_step][1]; context->payload[1] = id_list_hid[context->attack_step][1];
@@ -172,6 +206,21 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->payload[2] = 0x00; context->payload[2] = 0x00;
context->payload[3] = 0x00; context->payload[3] = 0x00;
if(context->attack_step == 255) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
} else {
context->attack_step++;
}
break;
} else if(context->proto == H10301) {
context->payload[0] = context->attack_step;
context->payload[1] = 0x00;
context->payload[2] = 0x00;
if(context->attack_step == 255) { if(context->attack_step == 255) {
context->attack_step = 0; context->attack_step = 0;
counter = 0; counter = 0;
@@ -231,6 +280,24 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->payload[context->key_index] = context->attack_step; context->payload[context->key_index] = context->attack_step;
if(context->attack_step == 255) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
break;
} else {
context->attack_step++;
}
break;
} else if(context->proto == H10301) {
context->payload[0] = context->data[0];
context->payload[1] = context->data[1];
context->payload[2] = context->data[2];
context->payload[context->key_index] = context->attack_step;
if(context->attack_step == 255) { if(context->attack_step == 255) {
context->attack_step = 0; context->attack_step = 0;
counter = 0; counter = 0;
@@ -342,6 +409,44 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->payload[i] = (uint8_t)strtol(temp_str, NULL, 16); context->payload[i] = (uint8_t)strtol(temp_str, NULL, 16);
} }
break; break;
} else if(context->proto == H10301) {
bool end_of_list = false;
while(true) {
string_reset(context->data_str);
if(!stream_read_line(context->uids_stream, context->data_str)) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
stream_rewind(context->uids_stream);
end_of_list = true;
break;
};
if(string_get_char(context->data_str, 0) == '#') continue;
if(string_size(context->data_str) != 7) break;
break;
}
if(end_of_list) break;
FURI_LOG_D(TAG, string_get_cstr(context->data_str));
if(string_size(context->data_str) != 7) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_error);
break;
};
// string is valid, parse it in context->payload
for(uint8_t i = 0; i < 3; i++) {
char temp_str[3];
temp_str[0] = string_get_cstr(context->data_str)[i * 2];
temp_str[1] = string_get_cstr(context->data_str)[i * 2 + 1];
temp_str[2] = '\0';
context->payload[i] = (uint8_t)strtol(temp_str, NULL, 16);
}
break;
} else { } else {
bool end_of_list = false; bool end_of_list = false;
while(true) { while(true) {
@@ -395,6 +500,12 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
} else { } else {
counter++; counter++;
} }
} else if(context->proto == H10301) {
if(counter > 10) {
counter = 0;
} else {
counter++;
}
} else { } else {
if(counter > TIME_BETWEEN_CARDS) { if(counter > TIME_BETWEEN_CARDS) {
counter = 0; counter = 0;
@@ -474,6 +585,14 @@ void flipfrid_scene_run_attack_on_draw(Canvas* canvas, FlipFridState* context) {
context->payload[1], context->payload[1],
context->payload[2], context->payload[2],
context->payload[3]); context->payload[3]);
} else if(context->proto == H10301) {
snprintf(
uid,
sizeof(uid),
"%02X:%02X:%02X",
context->payload[0],
context->payload[1],
context->payload[2]);
} else { } else {
snprintf( snprintf(
uid, uid,

7
applications/plugins/flipfrid/scene/flipfrid_scene_select_field.c
View File

@@ -10,6 +10,12 @@ void flipfrid_center_displayed_key(FlipFridState* context, uint8_t index) {
if(context->proto == EM4100) { if(context->proto == EM4100) {
key_len = 16; key_len = 16;
} }
if(context->proto == PAC) {
key_len = 13;
}
if(context->proto == H10301) {
key_len = 10;
}
for(uint8_t i = 0; i < data_len; i++) { for(uint8_t i = 0; i < data_len; i++) {
if(context->data[i] < 9) { if(context->data[i] < 9) {
@@ -119,6 +125,7 @@ void flipfrid_scene_select_field_on_event(FlipFridEvent event, FlipFridState* co
context->current_scene = SceneAttack; context->current_scene = SceneAttack;
break; break;
case InputKeyBack: case InputKeyBack:
context->key_index = 0;
string_reset(context->notification_msg); string_reset(context->notification_msg);
context->current_scene = SceneSelectFile; context->current_scene = SceneSelectFile;
break; break;

8
assets/resources/rfidfuzzer/example_uids_h10301.txt Normal file
View File

@@ -0,0 +1,8 @@
# Example file, P.S. keep empty line at the end!
000000
F00000
E00000
FE0000
CAFE00
00CAFE
0000CA