gitea-mirror/ESP32Marauder
1
0
Fork 0
mirror of https://github.com/justcallmekoko/ESP32Marauder.git synced 2025-12-23 07:29:14 -08:00
Code Issues Packages Projects Releases Wiki Activity

Add airtag sniffing

Browse Source
This commit is contained in:
Just Call Me Koko
2024-11-18 18:43:22 -05:00
parent 4156009e3b
commit 36617f1568
3 changed files with 102 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
esp32_marauder/MenuFunctions.cpp
View File

@@ -585,6 +585,7 @@ void MenuFunctions::main(uint32_t currentTime)
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_RICK_ROLL) || (wifi_scan_obj.currentScanMode == WIFI_ATTACK_RICK_ROLL) ||
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_LIST) || (wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_LIST) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_ALL) || (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_AIRTAG) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) ||
@@ -650,6 +651,7 @@ void MenuFunctions::main(uint32_t currentTime)
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_RICK_ROLL) || (wifi_scan_obj.currentScanMode == WIFI_ATTACK_RICK_ROLL) ||
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_LIST) || (wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_LIST) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_ALL) || (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_AIRTAG) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) ||
@@ -1851,6 +1853,11 @@ void MenuFunctions::RunSetup()
this->drawStatusBar(); this->drawStatusBar();
wifi_scan_obj.StartScan(BT_SCAN_ALL, TFT_GREEN); wifi_scan_obj.StartScan(BT_SCAN_ALL, TFT_GREEN);
}); });
this->addNodes(&bluetoothSnifferMenu, "Airtag Sniff", TFT_WHITE, NULL, BLUETOOTH_SNIFF, [this]() {
display_obj.clearScreen();
this->drawStatusBar();
wifi_scan_obj.StartScan(BT_SCAN_AIRTAG, TFT_WHITE);
});
#ifdef HAS_GPS #ifdef HAS_GPS
if (gps_obj.getGpsModuleStatus()) { if (gps_obj.getGpsModuleStatus()) {
this->addNodes(&bluetoothSnifferMenu, "BT Wardrive", TFT_CYAN, NULL, BLUETOOTH_SNIFF, [this]() { this->addNodes(&bluetoothSnifferMenu, "BT Wardrive", TFT_CYAN, NULL, BLUETOOTH_SNIFF, [this]() {

92
esp32_marauder/WiFiScan.cpp
View File

@@ -9,6 +9,7 @@ int num_eapol = 0;
LinkedList<ssid>* ssids; LinkedList<ssid>* ssids;
LinkedList<AccessPoint>* access_points; LinkedList<AccessPoint>* access_points;
LinkedList<Station>* stations; LinkedList<Station>* stations;
LinkedList<AirTag>* airtags;
extern "C" int ieee80211_raw_frame_sanity_check(int32_t arg, int32_t arg2, int32_t arg3){ extern "C" int ieee80211_raw_frame_sanity_check(int32_t arg, int32_t arg2, int32_t arg3){
if (arg == 31337) if (arg == 31337)
@@ -188,9 +189,9 @@ extern "C" {
//// https://github.com/Spooks4576 //// https://github.com/Spooks4576
class bluetoothScanAllCallback: public BLEAdvertisedDeviceCallbacks { class bluetoothScanAllCallback: public NimBLEAdvertisedDeviceCallbacks {
void onResult(BLEAdvertisedDevice *advertisedDevice) { void onResult(NimBLEAdvertisedDevice *advertisedDevice) {
extern WiFiScan wifi_scan_obj; extern WiFiScan wifi_scan_obj;
@@ -202,7 +203,66 @@ extern "C" {
String display_string = ""; String display_string = "";
if (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) { if (wifi_scan_obj.currentScanMode == BT_SCAN_AIRTAG) {
uint8_t* payLoad = advertisedDevice->getPayload();
size_t len = advertisedDevice->getPayloadLength();
bool match = false;
for (int i = 0; i <= len - 4; i++) {
if (payLoad[i] == 0x1E && payLoad[i+1] == 0xFF && payLoad[i+2] == 0x4C && payLoad[i+3] == 0x00) {
match = true;
break;
}
if (payLoad[i] == 0x4C && payLoad[i+1] == 0x00 && payLoad[i+2] == 0x12 && payLoad[i+3] == 0x19) {
match = true;
break;
}
}
if (match) {
String mac = advertisedDevice->getAddress().toString().c_str();
mac.toUpperCase();
for (int i = 0; i < airtags->size(); i++) {
if (mac == airtags->get(i).mac)
return;
}
int rssi = advertisedDevice->getRSSI();
Serial.print("RSSI: ");
Serial.print(rssi);
Serial.print(" MAC: ");
Serial.println(mac);
Serial.print("Len: ");
Serial.print(len);
Serial.print(" Payload: ");
for (size_t i = 0; i < len; i++) {
Serial.printf("%02X ", payLoad[i]);
}
Serial.println("\n");
AirTag airtag;
airtag.mac = mac;
airtag.payload.assign(payLoad, payLoad + len);
airtags->add(airtag);
#ifdef HAS_SCREEN
//display_string.concat("RSSI: ");
display_string.concat((String)rssi);
display_string.concat(" MAC: ");
display_string.concat(mac);
uint8_t temp_len = display_string.length();
for (uint8_t i = 0; i < 40 - temp_len; i++)
{
display_string.concat(" ");
}
display_obj.display_buffer->add(display_string);
#endif
}
}
else if (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) {
if (buf >= 0) if (buf >= 0)
{ {
display_string.concat(text_table4[0]); display_string.concat(text_table4[0]);
@@ -371,6 +431,7 @@ void WiFiScan::RunSetup() {
ssids = new LinkedList<ssid>(); ssids = new LinkedList<ssid>();
access_points = new LinkedList<AccessPoint>(); access_points = new LinkedList<AccessPoint>();
stations = new LinkedList<Station>(); stations = new LinkedList<Station>();
airtags = new LinkedList<AirTag>();
#ifdef HAS_BT #ifdef HAS_BT
watch_models = new WatchModel[26] { watch_models = new WatchModel[26] {
@@ -441,6 +502,14 @@ int WiFiScan::clearAPs() {
return num_cleared; return num_cleared;
} }
int WiFiScan::clearAirtags() {
int num_cleared = airtags->size();
while (airtags->size() > 0)
airtags->remove(0);
Serial.println("airtags: " + (String)airtags->size());
return num_cleared;
}
int WiFiScan::clearSSIDs() { int WiFiScan::clearSSIDs() {
int num_cleared = ssids->size(); int num_cleared = ssids->size();
ssids->clear(); ssids->clear();
@@ -614,7 +683,7 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
this->startWiFiAttacks(scan_mode, color, text_table4[47]); this->startWiFiAttacks(scan_mode, color, text_table4[47]);
else if (scan_mode == WIFI_ATTACK_AP_SPAM) else if (scan_mode == WIFI_ATTACK_AP_SPAM)
this->startWiFiAttacks(scan_mode, color, " AP Beacon Spam "); this->startWiFiAttacks(scan_mode, color, " AP Beacon Spam ");
else if (scan_mode == BT_SCAN_ALL) { else if ((scan_mode == BT_SCAN_ALL) || (BT_SCAN_AIRTAG)){
#ifdef HAS_BT #ifdef HAS_BT
RunBluetoothScan(scan_mode, color); RunBluetoothScan(scan_mode, color);
#endif #endif
@@ -809,6 +878,7 @@ void WiFiScan::StopScan(uint8_t scan_mode)
else if ((currentScanMode == BT_SCAN_ALL) || else if ((currentScanMode == BT_SCAN_ALL) ||
(currentScanMode == BT_SCAN_AIRTAG) ||
(currentScanMode == BT_ATTACK_SOUR_APPLE) || (currentScanMode == BT_ATTACK_SOUR_APPLE) ||
(currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) || (currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
(currentScanMode == BT_ATTACK_SPAM_ALL) || (currentScanMode == BT_ATTACK_SPAM_ALL) ||
@@ -2411,7 +2481,7 @@ void WiFiScan::RunBluetoothScan(uint8_t scan_mode, uint16_t color)
} }
NimBLEDevice::init(""); NimBLEDevice::init("");
pBLEScan = NimBLEDevice::getScan(); //create new scan pBLEScan = NimBLEDevice::getScan(); //create new scan
if (scan_mode == BT_SCAN_ALL) if ((scan_mode == BT_SCAN_ALL) || (BT_SCAN_AIRTAG))
{ {
#ifdef HAS_SCREEN #ifdef HAS_SCREEN
display_obj.TOP_FIXED_AREA_2 = 48; display_obj.TOP_FIXED_AREA_2 = 48;
@@ -2421,13 +2491,21 @@ void WiFiScan::RunBluetoothScan(uint8_t scan_mode, uint16_t color)
display_obj.tft.setTextColor(TFT_BLACK, color); display_obj.tft.setTextColor(TFT_BLACK, color);
#ifdef HAS_ILI9341 #ifdef HAS_ILI9341
display_obj.tft.fillRect(0,16,240,16, color); display_obj.tft.fillRect(0,16,240,16, color);
if (scan_mode == BT_SCAN_ALL)
display_obj.tft.drawCentreString(text_table4[41],120,16,2); display_obj.tft.drawCentreString(text_table4[41],120,16,2);
else if (scan_mode == BT_SCAN_AIRTAG)
display_obj.tft.drawCentreString("Airtag Sniff",120,16,2);
display_obj.touchToExit(); display_obj.touchToExit();
#endif #endif
display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK); display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK);
display_obj.setupScrollArea(display_obj.TOP_FIXED_AREA_2, BOT_FIXED_AREA); display_obj.setupScrollArea(display_obj.TOP_FIXED_AREA_2, BOT_FIXED_AREA);
#endif #endif
if (scan_mode == BT_SCAN_ALL)
pBLEScan->setAdvertisedDeviceCallbacks(new bluetoothScanAllCallback(), false); pBLEScan->setAdvertisedDeviceCallbacks(new bluetoothScanAllCallback(), false);
else if (scan_mode == BT_SCAN_AIRTAG) {
this->clearAirtags();
pBLEScan->setAdvertisedDeviceCallbacks(new bluetoothScanAllCallback(), true);
}
} }
else if ((scan_mode == BT_SCAN_WAR_DRIVE) || (scan_mode == BT_SCAN_WAR_DRIVE_CONT)) { else if ((scan_mode == BT_SCAN_WAR_DRIVE) || (scan_mode == BT_SCAN_WAR_DRIVE_CONT)) {
#ifdef HAS_GPS #ifdef HAS_GPS
@@ -2486,8 +2564,8 @@ void WiFiScan::RunBluetoothScan(uint8_t scan_mode, uint16_t color)
pBLEScan->setAdvertisedDeviceCallbacks(new bluetoothScanSkimmersCallback(), false); pBLEScan->setAdvertisedDeviceCallbacks(new bluetoothScanSkimmersCallback(), false);
} }
pBLEScan->setActiveScan(true); //active scan uses more power, but get results faster pBLEScan->setActiveScan(true); //active scan uses more power, but get results faster
pBLEScan->setInterval(97); pBLEScan->setInterval(100);
pBLEScan->setWindow(37); // less or equal setInterval value pBLEScan->setWindow(99); // less or equal setInterval value
pBLEScan->setMaxResults(0); pBLEScan->setMaxResults(0);
pBLEScan->start(0, scanCompleteCB, false); pBLEScan->start(0, scanCompleteCB, false);
Serial.println("Started BLE Scan"); Serial.println("Started BLE Scan");

8
esp32_marauder/WiFiScan.h
View File

@@ -7,6 +7,7 @@
#include <ArduinoJson.h> #include <ArduinoJson.h>
#include <algorithm> #include <algorithm>
#include <vector>
#ifdef HAS_BT #ifdef HAS_BT
#include <NimBLEDevice.h> #include <NimBLEDevice.h>
@@ -93,6 +94,7 @@
#define WIFI_SCAN_GPS_NMEA 40 #define WIFI_SCAN_GPS_NMEA 40
#define BT_ATTACK_GOOGLE_SPAM 41 #define BT_ATTACK_GOOGLE_SPAM 41
#define BT_ATTACK_FLIPPER_SPAM 42 #define BT_ATTACK_FLIPPER_SPAM 42
#define BT_SCAN_AIRTAG 43
#define GRAPH_REFRESH 100 #define GRAPH_REFRESH 100
@@ -153,6 +155,11 @@ struct Station {
bool selected; bool selected;
}; };
struct AirTag {
String mac; // MAC address of the AirTag
std::vector<uint8_t> payload; // Payload data
};
class WiFiScan class WiFiScan
{ {
private: private:
@@ -372,6 +379,7 @@ class WiFiScan
void RunSetup(); void RunSetup();
int clearSSIDs(); int clearSSIDs();
int clearAPs(); int clearAPs();
int clearAirtags();
int clearStations(); int clearStations();
bool addSSID(String essid); bool addSSID(String essid);
int generateSSIDs(int count = 20); int generateSSIDs(int count = 20);