Skip to content

Commit

Permalink
Add flipper zero sniff
Browse files Browse the repository at this point in the history
  • Loading branch information
justcallmekoko committed Nov 24, 2024
1 parent 88b4edd commit 3ceac18
Show file tree
Hide file tree
Showing 9 changed files with 129 additions and 4 deletions.
8 changes: 7 additions & 1 deletion esp32_marauder/Assets.h
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,13 @@ PROGMEM static const unsigned char menu_icons[][66] = {
0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3F},
{0xFF, 0xFF, 0xFD, 0xBF, 0x0B, 0xD0, 0xE7, 0xE7, 0xEF, 0xF7, 0xCF, 0xF3, // DISABLED TOUCH: 34
0xAF, 0xF5, 0x6F, 0xF6, 0x6F, 0xF6, 0xAF, 0xF5, 0xCF, 0xF3, 0x0F, 0xF0,
0xE7, 0xE7, 0x0B, 0xD0, 0xFD, 0xBF, 0xFF, 0xFF}
0xE7, 0xE7, 0x0B, 0xD0, 0xFD, 0xBF, 0xFF, 0xFF},
{0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3F, 0x0F, 0xFE, 0x3F, 0xF3, 0xF9, 0x3F, // FLIPPER: 35
0x8D, 0xF7, 0x3F, 0x7D, 0xEE, 0x3F, 0xC6, 0x2D, 0x38, 0xBB, 0x9D, 0x3B,
0xBB, 0x63, 0x38, 0x87, 0x3C, 0x3E, 0xFB, 0x0F, 0x3F, 0xFF, 0x81, 0x3F,
0xFF, 0x3F, 0x38, 0xFF, 0xFF, 0x3C, 0xFF, 0x07, 0x3E, 0xFF, 0xEB, 0x3F,
0xFF, 0xEF, 0x3F, 0xFF, 0xEF, 0x3F, 0xFF, 0xDF, 0x3F, 0xFF, 0xFF, 0x3F,
0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3F}
};

/*#ifndef MARAUDER_MINI
Expand Down
8 changes: 8 additions & 0 deletions esp32_marauder/CommandLine.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -865,6 +865,14 @@ void CommandLine::runCommand(String input) {
#endif
wifi_scan_obj.StartScan(BT_SCAN_AIRTAG, TFT_WHITE);
}
else if (bt_type == "flipper") {
Serial.println("Starting Flipper sniff. Stop with " + (String)STOPSCAN_CMD);
#ifdef HAS_SCREEN
display_obj.clearScreen();
menu_function_obj.drawStatusBar();
#endif
wifi_scan_obj.StartScan(BT_SCAN_FLIPPER, TFT_ORANGE);
}
}
// General bluetooth sniff
else {
Expand Down
2 changes: 1 addition & 1 deletion esp32_marauder/CommandLine.h
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ const char PROGMEM HELP_SAVE_CMD[] = "save -a/-s";
const char PROGMEM HELP_LOAD_CMD[] = "load -a/-s";

// Bluetooth sniff/scan
const char PROGMEM HELP_BT_SNIFF_CMD[] = "sniffbt [-t] <airtag>";
const char PROGMEM HELP_BT_SNIFF_CMD[] = "sniffbt [-t] <airtag/flipper>";
const char PROGMEM HELP_BT_SPAM_CMD[] = "blespam -t <apple/google/samsung/windows/flipper/all>";
const char PROGMEM HELP_BT_SPOOFAT_CMD[] = "spoofat -t <index>";
//const char PROGMEM HELP_BT_SOUR_APPLE_CMD[] = "sourapple";
Expand Down
7 changes: 7 additions & 0 deletions esp32_marauder/MenuFunctions.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -675,6 +675,7 @@ void MenuFunctions::main(uint32_t currentTime)
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_LIST) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_AIRTAG) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_FLIPPER) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) ||
Expand Down Expand Up @@ -742,6 +743,7 @@ void MenuFunctions::main(uint32_t currentTime)
(wifi_scan_obj.currentScanMode == WIFI_ATTACK_BEACON_LIST) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_AIRTAG) ||
(wifi_scan_obj.currentScanMode == BT_SCAN_FLIPPER) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
(wifi_scan_obj.currentScanMode == BT_ATTACK_SPAM_ALL) ||
Expand Down Expand Up @@ -1952,6 +1954,11 @@ void MenuFunctions::RunSetup()
this->drawStatusBar();
wifi_scan_obj.StartScan(BT_SCAN_ALL, TFT_GREEN);
});
this->addNodes(&bluetoothSnifferMenu, "Flipper Sniff", TFT_ORANGE, NULL, FLIPPER, [this]() {
display_obj.clearScreen();
this->drawStatusBar();
wifi_scan_obj.StartScan(BT_SCAN_FLIPPER, TFT_ORANGE);
});
this->addNodes(&bluetoothSnifferMenu, "Airtag Sniff", TFT_WHITE, NULL, BLUETOOTH_SNIFF, [this]() {
display_obj.clearScreen();
this->drawStatusBar();
Expand Down
1 change: 1 addition & 0 deletions esp32_marauder/MenuFunctions.h
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ extern Settings settings_obj;
#define STATUS_GPS 32
#define GPS_MENU 33
#define DISABLE_TOUCH 34
#define FLIPPER 35

PROGMEM void my_disp_flush(lv_disp_drv_t *disp, const lv_area_t *area, lv_color_t *color_p);
PROGMEM bool my_touchpad_read(lv_indev_drv_t * indev_driver, lv_indev_data_t * data);
Expand Down
91 changes: 89 additions & 2 deletions esp32_marauder/WiFiScan.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ LinkedList<ssid>* ssids;
LinkedList<AccessPoint>* access_points;
LinkedList<Station>* stations;
LinkedList<AirTag>* airtags;
LinkedList<Flipper>* flippers;

extern "C" int ieee80211_raw_frame_sanity_check(int32_t arg, int32_t arg2, int32_t arg3){
if (arg == 31337)
Expand Down Expand Up @@ -275,6 +276,76 @@ extern "C" {
#endif
}
}
else if (wifi_scan_obj.currentScanMode == BT_SCAN_FLIPPER) {
uint8_t* payLoad = advertisedDevice->getPayload();
size_t len = advertisedDevice->getPayloadLength();

bool match = false;
String color = "";
for (int i = 0; i <= len - 4; i++) {
if (payLoad[i] == 0x81 && payLoad[i+1] == 0x30) {
match = true;
color = "Black";
break;
}
if (payLoad[i] == 0x82 && payLoad[i+1] == 0x30) {
match = true;
color = "White";
break;
}
if (payLoad[i] == 0x83 && payLoad[i+1] == 0x30) {
color = "Transparent";
match = true;
break;
}
}

if (match) {
String mac = advertisedDevice->getAddress().toString().c_str();
String name = advertisedDevice->getName().c_str();
mac.toUpperCase();

for (int i = 0; i < flippers->size(); i++) {
if (mac == flippers->get(i).mac)
return;
}

int rssi = advertisedDevice->getRSSI();
Serial.print("RSSI: ");
Serial.print(rssi);
Serial.print(" MAC: ");
Serial.println(mac);
Serial.print("Name: ");
Serial.println(name);

Flipper flipper;
flipper.mac = mac;
flipper.name = name;

flippers->add(flipper);


/*#ifdef HAS_SCREEN
//display_string.concat("RSSI: ");
display_string.concat((String)rssi);
display_string.concat(" Flipper: ");
display_string.concat(name);
uint8_t temp_len = display_string.length();
for (uint8_t i = 0; i < 40 - temp_len; i++)
{
display_string.concat(" ");
}
display_obj.display_buffer->add(display_string);
#endif*/

#ifdef HAS_SCREEN
display_obj.display_buffer->add(String("Flipper: ") + name + ", ");
display_obj.display_buffer->add(" MAC: " + String(mac) + ", ");
display_obj.display_buffer->add(" RSSI: " + String(rssi) + ", ");
display_obj.display_buffer->add(" Color: " + String(color) + " ");
#endif
}
}
else if (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) {
if (buf >= 0)
{
Expand Down Expand Up @@ -445,6 +516,7 @@ void WiFiScan::RunSetup() {
access_points = new LinkedList<AccessPoint>();
stations = new LinkedList<Station>();
airtags = new LinkedList<AirTag>();
flippers = new LinkedList<Flipper>();

#ifdef HAS_BT
watch_models = new WatchModel[26] {
Expand Down Expand Up @@ -523,6 +595,14 @@ int WiFiScan::clearAirtags() {
return num_cleared;
}

int WiFiScan::clearFlippers() {
int num_cleared = flippers->size();
while (flippers->size() > 0)
flippers->remove(0);
Serial.println("Flippers: " + (String)flippers->size());
return num_cleared;
}

int WiFiScan::clearSSIDs() {
int num_cleared = ssids->size();
ssids->clear();
Expand Down Expand Up @@ -696,7 +776,7 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
this->startWiFiAttacks(scan_mode, color, text_table4[47]);
else if (scan_mode == WIFI_ATTACK_AP_SPAM)
this->startWiFiAttacks(scan_mode, color, " AP Beacon Spam ");
else if ((scan_mode == BT_SCAN_ALL) || (scan_mode == BT_SCAN_AIRTAG)){
else if ((scan_mode == BT_SCAN_ALL) || (scan_mode == BT_SCAN_AIRTAG) || (scan_mode == BT_SCAN_FLIPPER)){
#ifdef HAS_BT
RunBluetoothScan(scan_mode, color);
#endif
Expand Down Expand Up @@ -894,6 +974,7 @@ void WiFiScan::StopScan(uint8_t scan_mode)

else if ((currentScanMode == BT_SCAN_ALL) ||
(currentScanMode == BT_SCAN_AIRTAG) ||
(currentScanMode == BT_SCAN_FLIPPER) ||
(currentScanMode == BT_ATTACK_SOUR_APPLE) ||
(currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
(currentScanMode == BT_ATTACK_SPAM_ALL) ||
Expand Down Expand Up @@ -2551,7 +2632,7 @@ void WiFiScan::RunBluetoothScan(uint8_t scan_mode, uint16_t color)
}
NimBLEDevice::init("");
pBLEScan = NimBLEDevice::getScan(); //create new scan
if ((scan_mode == BT_SCAN_ALL) || (BT_SCAN_AIRTAG))
if ((scan_mode == BT_SCAN_ALL) || (scan_mode == BT_SCAN_AIRTAG) || (scan_mode == BT_SCAN_FLIPPER))
{
#ifdef HAS_SCREEN
display_obj.TOP_FIXED_AREA_2 = 48;
Expand All @@ -2565,6 +2646,8 @@ void WiFiScan::RunBluetoothScan(uint8_t scan_mode, uint16_t color)
display_obj.tft.drawCentreString(text_table4[41],120,16,2);
else if (scan_mode == BT_SCAN_AIRTAG)
display_obj.tft.drawCentreString("Airtag Sniff",120,16,2);
else if (scan_mode == BT_SCAN_FLIPPER)
display_obj.tft.drawCentreString("Flipper Sniff", 120, 16, 2);
display_obj.touchToExit();
#endif
display_obj.tft.setTextColor(TFT_CYAN, TFT_BLACK);
Expand All @@ -2576,6 +2659,10 @@ void WiFiScan::RunBluetoothScan(uint8_t scan_mode, uint16_t color)
this->clearAirtags();
pBLEScan->setAdvertisedDeviceCallbacks(new bluetoothScanAllCallback(), true);
}
else if (scan_mode == BT_SCAN_FLIPPER) {
this->clearFlippers();
pBLEScan->setAdvertisedDeviceCallbacks(new bluetoothScanAllCallback(), true);
}
}
else if ((scan_mode == BT_SCAN_WAR_DRIVE) || (scan_mode == BT_SCAN_WAR_DRIVE_CONT)) {
#ifdef HAS_GPS
Expand Down
7 changes: 7 additions & 0 deletions esp32_marauder/WiFiScan.h
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@
#define BT_ATTACK_FLIPPER_SPAM 42
#define BT_SCAN_AIRTAG 43
#define BT_SPOOF_AIRTAG 44
#define BT_SCAN_FLIPPER 45

#define GRAPH_REFRESH 100

Expand Down Expand Up @@ -164,6 +165,11 @@ struct AirTag {
bool selected;
};

struct Flipper {
String mac;
String name;
};

class WiFiScan
{
private:
Expand Down Expand Up @@ -386,6 +392,7 @@ class WiFiScan
int clearSSIDs();
int clearAPs();
int clearAirtags();
int clearFlippers();
int clearStations();
bool addSSID(String essid);
int generateSSIDs(int count = 20);
Expand Down
Binary file added pictures/icons/flipper_22.bmp
Binary file not shown.
9 changes: 9 additions & 0 deletions pictures/xbm/flipper_22.xbm
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#define 46b478bd979f4b9aa1ef9da6d23af832GZGcJCdnPjHIQppj_width 22
#define 46b478bd979f4b9aa1ef9da6d23af832GZGcJCdnPjHIQppj_height 22
static char 46b478bd979f4b9aa1ef9da6d23af832GZGcJCdnPjHIQppj_bits[] = {
0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3F, 0x0F, 0xFE, 0x3F, 0xF3, 0xF9, 0x3F,
0x8D, 0xF7, 0x3F, 0x7D, 0xEE, 0x3F, 0xC6, 0x2D, 0x38, 0xBB, 0x9D, 0x3B,
0xBB, 0x63, 0x38, 0x87, 0x3C, 0x3E, 0xFB, 0x0F, 0x3F, 0xFF, 0x81, 0x3F,
0xFF, 0x3F, 0x38, 0xFF, 0xFF, 0x3C, 0xFF, 0x07, 0x3E, 0xFF, 0xEB, 0x3F,
0xFF, 0xEF, 0x3F, 0xFF, 0xEF, 0x3F, 0xFF, 0xDF, 0x3F, 0xFF, 0xFF, 0x3F,
0xFF, 0xFF, 0x3F, 0xFF, 0xFF, 0x3F, };

0 comments on commit 3ceac18

Please sign in to comment.