Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding support for HIDProx, updating the UI to switch between protocols #74

Merged
merged 2 commits into from
Sep 20, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions applications/main/archive/helpers/archive_menu.h
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,7 @@ ARRAY_DEF(
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-function"
// Using in applications/archive/views/archive_browser_view.c
static void archive_menu_add_item(
ArchiveContextMenuItem_t* obj,
string_t text,
uint32_t event) {
static void archive_menu_add_item(ArchiveContextMenuItem_t* obj, string_t text, uint32_t event) {
string_init_move(obj->text, text);
obj->event = event;
}
Expand Down
2 changes: 1 addition & 1 deletion applications/main/archive/scenes/archive_scene_browser.c
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ bool archive_scene_browser_on_event(void* context, SceneManagerEvent event) {
case ArchiveBrowserEventFileMenuRename:
if(favorites) {
browser->callback(ArchiveBrowserEventEnterFavMove, browser->context);
//} else if((archive_is_known_app(selected->type)) && (selected->is_app == false)) {
//} else if((archive_is_known_app(selected->type)) && (selected->is_app == false)) {
} else {
// Added ability to rename files and folders
archive_show_file_menu(browser, false);
Expand Down
28 changes: 21 additions & 7 deletions applications/plugins/flipfrid/README.md
Original file line number Diff line number Diff line change
@@ -1,21 +1,35 @@
# Flipfrid

Basic EM4100 Fuzzer
Basic EM4100 and HIDProx Fuzzer.

## Why

Flipfrid is a simple Rfid fuzzer using EM4100 protocol (125khz).
Objective is to provide a simple to use fuzzer to test readers by emulating various cards.

EM4100 cards use a 1 byte customer id and 4 bytes card id.
- EM4100 cards use a 1 byte customer id and 4 bytes card id.
- HIDProx cards use a 2 byte customer id and 3 byte card id.

## How

There is 4 modes :
- Default key loop over 16 factory/default keys and emulate each one after one ;
- BF customer id. just an iteration from 0X00 to 0XFF on the first byte ;
- Load Dump file : Load an existing EM4100 dump generated by Flipperzero, select an index and bruteforce from 0X00 to 0XFF;
- Uids list: loop over a text file (one uid per line)
1) Select the Protocol with the left and right arrows
2) Select the Mode with the up and down arrows

### Info

There are 2 Protocols:
- EM4100
- HIDProx

There are 4 modes:
- Default Values: Try factory/default keys and emulate one after the other.
- BF customer id: An iteration from 0X00 to 0XFF on the first byte.
- Load Dump file: Load an existing dump (.rfid) generated by Flipperzero, select an index and bruteforce from 0X00 to 0XFF;
- Uids list: Iterate over an input text file (one uid per line) and emulate one after the other.




TODO :
- blank screen on back press
- Add second byte test to `BF customer id`
3 changes: 3 additions & 0 deletions applications/plugins/flipfrid/flipfrid.c
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ FlipFridState* flipfrid_alloc() {
flipfrid->is_attacking = false;
flipfrid->key_index = 0;
flipfrid->menu_index = 0;
flipfrid->menu_proto_index = 0;

flipfrid->attack = FlipFridAttackDefaultValues;
flipfrid->notify = furi_record_open(RECORD_NOTIFICATION);
Expand All @@ -73,12 +74,14 @@ FlipFridState* flipfrid_alloc() {
flipfrid->data[2] = 0x00;
flipfrid->data[3] = 0x00;
flipfrid->data[4] = 0x00;
flipfrid->data[5] = 0x00;

flipfrid->payload[0] = 0x00;
flipfrid->payload[1] = 0x00;
flipfrid->payload[2] = 0x00;
flipfrid->payload[3] = 0x00;
flipfrid->payload[4] = 0x00;
flipfrid->payload[5] = 0x00;

//Dialog
flipfrid->dialogs = furi_record_open(RECORD_DIALOGS);
Expand Down
12 changes: 10 additions & 2 deletions applications/plugins/flipfrid/flipfrid.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ typedef enum {
FlipFridAttackLoadFileCustomUids,
} FlipFridAttacks;

typedef enum {
EM4100,
HIDProx,
} FlipFridProtos;

typedef enum {
NoneScene,
SceneEntryPoint,
Expand Down Expand Up @@ -56,13 +61,16 @@ typedef struct {
FlipFridScene previous_scene;
NotificationApp* notify;
u_int8_t menu_index;
u_int8_t menu_proto_index;

string_t data_str;
uint8_t data[5];
uint8_t payload[5];
uint8_t data[6];
uint8_t payload[6];
uint8_t attack_step;
FlipFridAttacks attack;
FlipFridProtos proto;
string_t attack_name;
string_t proto_name;

DialogsApp* dialogs;
string_t notification_msg;
Expand Down
83 changes: 77 additions & 6 deletions applications/plugins/flipfrid/scene/flipfrid_scene_entrypoint.c
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
#include "flipfrid_scene_entrypoint.h"

string_t menu_items[4];
string_t menu_proto_items[2];

void flipfrid_scene_entrypoint_menu_callback(FlipFridState* context, uint32_t index) {
void flipfrid_scene_entrypoint_menu_callback(
FlipFridState* context,
uint32_t index,
uint32_t proto_index) {
switch(index) {
case FlipFridAttackDefaultValues:
context->attack = FlipFridAttackDefaultValues;
Expand All @@ -27,6 +31,19 @@ void flipfrid_scene_entrypoint_menu_callback(FlipFridState* context, uint32_t in
default:
break;
}

switch(proto_index) {
case EM4100:
context->proto = EM4100;
string_set_str(context->proto_name, "EM4100");
break;
case HIDProx:
context->proto = HIDProx;
string_set_str(context->proto_name, "HIDProx");
break;
default:
break;
}
}

void flipfrid_scene_entrypoint_on_enter(FlipFridState* context) {
Expand All @@ -36,6 +53,7 @@ void flipfrid_scene_entrypoint_on_enter(FlipFridState* context) {
context->payload[2] = 0x00;
context->payload[3] = 0x00;
context->payload[4] = 0x00;
context->payload[5] = 0x00;

context->menu_index = 0;
for(uint32_t i = 0; i < 4; i++) {
Expand All @@ -46,13 +64,25 @@ void flipfrid_scene_entrypoint_on_enter(FlipFridState* context) {
string_set(menu_items[1], "BF Customer ID");
string_set(menu_items[2], "Load File");
string_set(menu_items[3], "Load uids from file");

context->menu_proto_index = 0;
for(uint32_t i = 0; i < 2; i++) {
string_init(menu_proto_items[i]);
}

string_set(menu_proto_items[0], "EM4100");
string_set(menu_proto_items[1], "HIDProx");
}

void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) {
UNUSED(context);
for(uint32_t i = 0; i < 4; i++) {
string_clear(menu_items[i]);
}

for(uint32_t i = 0; i < 2; i++) {
string_clear(menu_proto_items[i]);
}
}

void flipfrid_scene_entrypoint_on_tick(FlipFridState* context) {
Expand All @@ -74,10 +104,18 @@ void flipfrid_scene_entrypoint_on_event(FlipFridEvent event, FlipFridState* cont
}
break;
case InputKeyLeft:
if(context->menu_proto_index > EM4100) {
context->menu_proto_index--;
}
break;
case InputKeyRight:
if(context->menu_proto_index < HIDProx) {
context->menu_proto_index++;
}
break;
case InputKeyOk:
flipfrid_scene_entrypoint_menu_callback(context, context->menu_index);
flipfrid_scene_entrypoint_menu_callback(
context, context->menu_index, context->menu_proto_index);
break;
case InputKeyBack:
context->is_running = false;
Expand All @@ -91,10 +129,6 @@ void flipfrid_scene_entrypoint_on_draw(Canvas* canvas, FlipFridState* context) {
canvas_clear(canvas);
canvas_set_color(canvas, ColorBlack);

// Title
canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(canvas, 64, 6, AlignCenter, AlignTop, "RFID Fuzzer");

if(context->menu_index > FlipFridAttackDefaultValues) {
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(
Expand All @@ -120,4 +154,41 @@ void flipfrid_scene_entrypoint_on_draw(Canvas* canvas, FlipFridState* context) {
AlignTop,
string_get_cstr(menu_items[context->menu_index + 1]));
}

if(context->menu_proto_index > EM4100) {
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(
canvas,
64,
-12,
AlignCenter,
AlignTop,
string_get_cstr(menu_proto_items[context->menu_proto_index - 1]));
}

canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(canvas, 34, 4, AlignCenter, AlignTop, "<");

canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(
canvas,
64,
4,
AlignCenter,
AlignTop,
string_get_cstr(menu_proto_items[context->menu_proto_index]));

canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(canvas, 94, 4, AlignCenter, AlignTop, ">");

if(context->menu_proto_index < HIDProx) {
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(
canvas,
64,
-12,
AlignCenter,
AlignTop,
string_get_cstr(menu_proto_items[context->menu_proto_index + 1]));
}
}
43 changes: 31 additions & 12 deletions applications/plugins/flipfrid/scene/flipfrid_scene_load_file.c
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,21 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) {
break;
} else {
FURI_LOG_I(TAG, "Key type: %s", string_get_cstr(temp_str));
if(strcmp(string_get_cstr(temp_str), "EM4100") != 0) {
FURI_LOG_E(TAG, "Unsupported Key type");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Unsupported Key type");
break;

if(context->proto == EM4100) {
if(strcmp(string_get_cstr(temp_str), "EM4100") != 0) {
FURI_LOG_E(TAG, "Unsupported Key type");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Unsupported Key type");
break;
}
} else {
if(strcmp(string_get_cstr(temp_str), "HIDProx") != 0) {
FURI_LOG_E(TAG, "Unsupported Key type");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Unsupported Key type");
break;
}
}
}

Expand All @@ -53,15 +63,24 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) {
} else {
FURI_LOG_I(TAG, "Key: %s", string_get_cstr(context->data_str));

// Check data size
if(string_size(context->data_str) != 14) {
FURI_LOG_E(TAG, "Incorrect Key length");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Incorrect Key length");
break;
if(context->proto == EM4100) {
if(string_size(context->data_str) != 14) {
FURI_LOG_E(TAG, "Incorrect Key length");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Incorrect Key length");
break;
}
} else {
if(string_size(context->data_str) != 17) {
FURI_LOG_E(TAG, "Incorrect Key length");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Incorrect Key length");
break;
}
}

// String to uint8_t
for(uint8_t i = 0; i < 5; i++) {
for(uint8_t i = 0; i < 6; i++) {
char temp_str2[3];
temp_str2[0] = string_get_cstr(context->data_str)[i * 3];
temp_str2[1] = string_get_cstr(context->data_str)[i * 3 + 1];
Expand Down
Loading