From 6cb575a04495333318b72affb3c1323210ea3cf9 Mon Sep 17 00:00:00 2001 From: "Gana (@G4N4P4T1)" Date: Wed, 17 Aug 2022 15:07:17 +0200 Subject: [PATCH] Add rfid_fuzzer plugin --- applications/FlipFrid/LICENSE.md | 8 + applications/FlipFrid/README.md | 33 ++ applications/FlipFrid/application.fam | 11 + applications/FlipFrid/flipfrid.cpp | 313 ++++++++++++++++++ applications/FlipFrid/flipfrid.h | 8 + .../FlipFrid/flipfrid_app_launcher.cpp | 12 + applications/meta/application.fam | 1 + 7 files changed, 386 insertions(+) create mode 100644 applications/FlipFrid/LICENSE.md create mode 100644 applications/FlipFrid/README.md create mode 100644 applications/FlipFrid/application.fam create mode 100644 applications/FlipFrid/flipfrid.cpp create mode 100644 applications/FlipFrid/flipfrid.h create mode 100644 applications/FlipFrid/flipfrid_app_launcher.cpp diff --git a/applications/FlipFrid/LICENSE.md b/applications/FlipFrid/LICENSE.md new file mode 100644 index 00000000000..a856581c9fe --- /dev/null +++ b/applications/FlipFrid/LICENSE.md @@ -0,0 +1,8 @@ +/* + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * @G4N4P4T1 wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. + * ---------------------------------------------------------------------------- + */ \ No newline at end of file diff --git a/applications/FlipFrid/README.md b/applications/FlipFrid/README.md new file mode 100644 index 00000000000..42f0b26e3ec --- /dev/null +++ b/applications/FlipFrid/README.md @@ -0,0 +1,33 @@ +# FlipFrid + +A simple implmentation of ZigFrid on Flipper zero + +(https://z4ziggy.wordpress.com/2017/07/21/zigfrid-a-passive-rfid-fuzzer/) + +## Installation + +- Create the `flipperzero-firmware/applications/flipfrid` folder in flipper zero firmware sources. +- Git clone this repo inside flipfrid +- Update `/flipperzero-firmware/applications/meta/application.fam` to add an entry in `App/provides` + +``` +App( + appid="basic_apps", + name="Basic applications for main menu", + apptype=FlipperAppType.METAPACKAGE, + provides=[ + "gpio", + "ibutton", + "infrared", + "lfrfid", + "nfc", + "subghz", + "bad_usb", + "u2f", + "flip_frid_app", + ], +) +``` + +- Compile and push new firmware `/fbt --with-updater flash_usb` +- Enjoy ! diff --git a/applications/FlipFrid/application.fam b/applications/FlipFrid/application.fam new file mode 100644 index 00000000000..44767546e8f --- /dev/null +++ b/applications/FlipFrid/application.fam @@ -0,0 +1,11 @@ +App( + appid="APPS_FlipFrid", + name="Rfid Fuzzer", + apptype=FlipperAppType.PLUGIN, + entry_point="flipfrid_app", + cdefines=["APP_FLIP_FRID"], + requires=["gui"], + stack_size=1 * 1024, + icon="A_125khz_14", + order=30, +) diff --git a/applications/FlipFrid/flipfrid.cpp b/applications/FlipFrid/flipfrid.cpp new file mode 100644 index 00000000000..df241541708 --- /dev/null +++ b/applications/FlipFrid/flipfrid.cpp @@ -0,0 +1,313 @@ +#include +#include +#include +#include + +#include "../lfrfid/helpers/rfid_timer_emulator.h" +#include "flipfrid.h" + +#define EMIT_STEPS 10 +#define TAG "FLIPFRID" + +uint8_t id_list[12][5] = { + {0x00, 0x00, 0x00, 0x00, 0x00}, // Default uid + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, // Only FF + {0x11, 0x11, 0x11, 0x11, 0x11}, // Only 11 + {0x22, 0x22, 0x22, 0x22, 0x22}, // Only 22 + {0x33, 0x33, 0x33, 0x33, 0x33}, // Only 33 + {0x44, 0x44, 0x44, 0x44, 0x44}, // Only 44 + {0x55, 0x55, 0x55, 0x55, 0x55}, // Only 55 + {0x66, 0x66, 0x66, 0x66, 0x66}, // Only 66 + {0x77, 0x77, 0x77, 0x77, 0x77}, // Only 77 + {0x88, 0x88, 0x88, 0x88, 0x88}, // Only 88 + {0x99, 0x99, 0x99, 0x99, 0x99}, // Only 99 + {0x12, 0x34, 0x56, 0x78, 0x9A}, // Incremental UID +}; + +typedef struct { + LfrfidKeyType type; + char* name; +} Badges; + +typedef enum { + EventTypeTick, + EventTypeKey, +} EventType; + +typedef struct { + EventType evt_type; + InputKey key; + InputType input_type; +} FlipFridEvent; + +// STRUCTS +typedef struct { + bool emitting; + LfrfidKeyType current_badge_type; + uint8_t current_uid; + uint8_t current_uid_repeat; +} FlipFridState; + +static void flipfrid_draw_callback(Canvas* const canvas, void* ctx) { + const FlipFridState* flipfrid_state = (FlipFridState*)acquire_mutex((ValueMutex*)ctx, 100); + + if(flipfrid_state == NULL) { + return; + } + + canvas_clear(canvas); + canvas_set_color(canvas, ColorBlack); + + // Frame + canvas_draw_frame(canvas, 0, 0, 128, 64); + + // Title + canvas_set_font(canvas, FontPrimary); + canvas_draw_str_aligned(canvas, 64, 8, AlignCenter, AlignTop, "Flip/Frid"); + + // Badge Type + char uid[15]; + char badge_type[12]; + switch(flipfrid_state->current_badge_type) { + case LfrfidKeyType::KeyEM4100: + strcpy(badge_type, " EM4100 >"); + snprintf( + uid, + sizeof(uid), + "%X:%X:%X:%X:%X", + id_list[flipfrid_state->current_uid][0], + id_list[flipfrid_state->current_uid][1], + id_list[flipfrid_state->current_uid][2], + id_list[flipfrid_state->current_uid][3], + id_list[flipfrid_state->current_uid][4]); + break; + case LfrfidKeyType::KeyH10301: + strcpy(badge_type, "< HID26 >"); + snprintf( + uid, + sizeof(uid), + "%X:%X:%X", + id_list[flipfrid_state->current_uid][0], + id_list[flipfrid_state->current_uid][1], + id_list[flipfrid_state->current_uid][2]); + break; + case LfrfidKeyType::KeyI40134: + strcpy(badge_type, "< Indala >"); + snprintf( + uid, + sizeof(uid), + "%X:%X:%X", + id_list[flipfrid_state->current_uid][0], + id_list[flipfrid_state->current_uid][1], + id_list[flipfrid_state->current_uid][2]); + break; + case LfrfidKeyType::KeyIoProxXSF: + strcpy(badge_type, "< IoProxs "); + snprintf( + uid, + sizeof(uid), + "%X:%X:%X:%X", + id_list[flipfrid_state->current_uid][0], + id_list[flipfrid_state->current_uid][1], + id_list[flipfrid_state->current_uid][2], + id_list[flipfrid_state->current_uid][3]); + break; + default: + + break; + } + + // Badge infos + canvas_set_font(canvas, FontSecondary); + canvas_draw_str_aligned(canvas, 64, 28, AlignCenter, AlignCenter, badge_type); + + if(flipfrid_state->emitting) { + canvas_draw_str_aligned(canvas, 64, 42, AlignCenter, AlignCenter, uid); + + // Progress bar + char progress[EMIT_STEPS + 2] = ""; + strcat(progress, "["); + for(int i = 0; i < flipfrid_state->current_uid_repeat; i++) { + strcat(progress, "="); + } + for(int i = 0; i < (EMIT_STEPS - flipfrid_state->current_uid_repeat); i++) { + strcat(progress, "-"); + } + strcat(progress, "]"); + canvas_draw_str_aligned(canvas, 64, 58, AlignCenter, AlignBottom, progress); + } else { + canvas_draw_str_aligned( + canvas, 64, 42, AlignCenter, AlignCenter, "Press OK to start/stop"); + } + + release_mutex((ValueMutex*)ctx, flipfrid_state); +} + +void flipfrid_input_callback(InputEvent* input_event, FuriMessageQueue* event_queue) { + furi_assert(event_queue); + + FlipFridEvent event = { + .evt_type = EventTypeKey, .key = input_event->key, .input_type = input_event->type}; + furi_message_queue_put(event_queue, &event, 25); +} + +static void flipfrid_timer_callback(FuriMessageQueue* event_queue) { + furi_assert(event_queue); + + FlipFridEvent event = { + .evt_type = EventTypeTick, .key = InputKeyUp, .input_type = InputTypeRelease}; + furi_message_queue_put(event_queue, &event, 25); +} + +FlipFridApp::FlipFridApp() { +} + +FlipFridApp::~FlipFridApp() { +} + +// ENTRYPOINT +void FlipFridApp::run() { + // Input + FURI_LOG_I(TAG, "Initializing input"); + FuriMessageQueue* event_queue = furi_message_queue_alloc(8, sizeof(FlipFridEvent)); + FlipFridState* flipfrid_state = (FlipFridState*)malloc(sizeof(FlipFridState)); + ValueMutex flipfrid_state_mutex; + + // Mutex + FURI_LOG_I(TAG, "Initializing flipfrid mutex"); + if(!init_mutex(&flipfrid_state_mutex, flipfrid_state, sizeof(FlipFridState))) { + FURI_LOG_E(TAG, "cannot create mutex\r\n"); + furi_message_queue_free(event_queue); + free(flipfrid_state); + } + + // Configure view port + FURI_LOG_I(TAG, "Initializing viewport"); + ViewPort* view_port = view_port_alloc(); + view_port_draw_callback_set(view_port, flipfrid_draw_callback, &flipfrid_state_mutex); + view_port_input_callback_set(view_port, flipfrid_input_callback, event_queue); + + // Configure timer + FURI_LOG_I(TAG, "Initializing timer"); + FuriTimer* timer = + furi_timer_alloc(flipfrid_timer_callback, FuriTimerTypePeriodic, event_queue); + furi_timer_start(timer, furi_kernel_get_tick_frequency() / 6); // configTICK_RATE_HZ_RAW 1000 + + // Register view port in GUI + FURI_LOG_I(TAG, "Initializing gui"); + Gui* gui = (Gui*)furi_record_open(RECORD_GUI); + gui_add_view_port(gui, view_port, GuiLayerFullscreen); + + // Init values + FlipFridEvent event; + flipfrid_state->emitting = false; + flipfrid_state->current_uid = 0; + flipfrid_state->current_uid_repeat = 0; + flipfrid_state->current_badge_type = LfrfidKeyType::KeyEM4100; + RfidTimerEmulator* emulator; + emulator = new RfidTimerEmulator(); + RfidTimerEmulator em = *emulator; + + uint8_t badge_type_index = 0; + LfrfidKeyType badges_types[] = { + LfrfidKeyType::KeyEM4100, + LfrfidKeyType::KeyH10301, + LfrfidKeyType::KeyI40134, + LfrfidKeyType::KeyIoProxXSF, + }; + + bool running = true; + while(running) { + // Get next event + FuriStatus event_status = furi_message_queue_get(event_queue, &event, 25); + if(event_status == FuriStatusOk) { + if(event.evt_type == EventTypeKey) { + if(event.input_type == InputTypeShort) { + switch(event.key) { + case InputKeyUp: + case InputKeyDown: + // OSEF + break; + case InputKeyRight: + // Next badge type + flipfrid_state->emitting = false; + if(badge_type_index < + (sizeof(badges_types) / sizeof(badges_types[0]) - 1)) { + badge_type_index++; + flipfrid_state->current_badge_type = badges_types[badge_type_index]; + } + break; + case InputKeyLeft: + // Previous badge type + flipfrid_state->emitting = false; + if(badge_type_index > 0) { + badge_type_index--; + flipfrid_state->current_badge_type = badges_types[badge_type_index]; + } + break; + case InputKeyOk: + if(flipfrid_state->emitting) { + flipfrid_state->emitting = false; + } else { + flipfrid_state->current_uid_repeat = 0; + flipfrid_state->current_uid = 0; + flipfrid_state->current_badge_type = + (LfrfidKeyType)((flipfrid_state->current_badge_type)); + flipfrid_state->emitting = true; + } + break; + case InputKeyBack: + flipfrid_state->emitting = false; + running = false; + break; + } + } + } else if(event.evt_type == EventTypeTick) { + // Emulate card + + if(flipfrid_state->emitting) { + + if(flipfrid_state->current_uid_repeat == 0) { + FURI_LOG_D(TAG, "Starting emulation %d", flipfrid_state->current_uid); + em.start( + flipfrid_state->current_badge_type, + id_list[flipfrid_state->current_uid], + lfrfid_key_get_type_data_count(flipfrid_state->current_badge_type)); + flipfrid_state->current_uid_repeat++; + } else if(flipfrid_state->current_uid_repeat == EMIT_STEPS) { + FURI_LOG_D(TAG, "Stop emulation %d", flipfrid_state->current_uid); + flipfrid_state->current_uid_repeat = 0; + em.stop(); + + // Next uid + flipfrid_state->current_uid++; + if(flipfrid_state->current_uid == sizeof(id_list) / 5) { + flipfrid_state->current_uid = 0; + } + } else { + furi_delay_ms(100); + flipfrid_state->current_uid_repeat++; + FURI_LOG_D( + TAG, + "Starting emulation %d/%d", + flipfrid_state->current_uid_repeat, + EMIT_STEPS); + } + } + view_port_update(view_port); + } + } + } + + // Cleanup + furi_timer_stop(timer); + furi_timer_free(timer); + em.stop(); + free(emulator); + FURI_LOG_I(TAG, "Cleaning up"); + free(flipfrid_state); + gui_remove_view_port(gui, view_port); + view_port_free(view_port); + furi_message_queue_free(event_queue); + furi_record_close(RECORD_GUI); +} \ No newline at end of file diff --git a/applications/FlipFrid/flipfrid.h b/applications/FlipFrid/flipfrid.h new file mode 100644 index 00000000000..58ec9bcf16a --- /dev/null +++ b/applications/FlipFrid/flipfrid.h @@ -0,0 +1,8 @@ +#include + +class FlipFridApp { +public: + ~FlipFridApp(); + FlipFridApp(); + void run(); +}; \ No newline at end of file diff --git a/applications/FlipFrid/flipfrid_app_launcher.cpp b/applications/FlipFrid/flipfrid_app_launcher.cpp new file mode 100644 index 00000000000..e74573d04dd --- /dev/null +++ b/applications/FlipFrid/flipfrid_app_launcher.cpp @@ -0,0 +1,12 @@ +#include "flipfrid.h" + +// app enter function +extern "C" int32_t flipfrid_app(void* p) { + UNUSED(p); + + FlipFridApp* app = new FlipFridApp(); + app->run(); + delete app; + + return 0; +} diff --git a/applications/meta/application.fam b/applications/meta/application.fam index 27acfc384f8..50671747df1 100644 --- a/applications/meta/application.fam +++ b/applications/meta/application.fam @@ -47,6 +47,7 @@ App( "APPS_SentrySafe", "APPS_SpectrumAnalyzer", "APPS_WAVPlayer", + "APPS_FlipFrid", ], )