mirror of
https://github.com/DarkFlippers/unleashed-firmware
synced 2024-12-11 13:42:30 +00:00
317 lines
12 KiB
C
317 lines
12 KiB
C
|
#include <furi.h>
|
||
|
#include <gui/gui.h>
|
||
|
#include <input/input.h>
|
||
|
#include <stdlib.h>
|
||
|
|
||
|
#include <lib/lfrfid/lfrfid_worker.h>
|
||
|
#include "raw_em4100.h"
|
||
|
#include <lfrfid/protocols/lfrfid_protocols.h>
|
||
|
|
||
|
#include "flipfrid.h"
|
||
|
|
||
|
#define NUMBER_OF_ATTACKS 4
|
||
|
#define TIME_BETWEEN_CARDS \
|
||
|
5 // Emulate 2 cards per second : (5 * (configTICK_RATE_HZ_RAW/10)) == (5*(1000/10)) == (5*100) == (500)ms
|
||
|
#define TAG "FLIPFRID"
|
||
|
|
||
|
uint8_t id_list[16][5] = {
|
||
|
{0x00, 0x00, 0x00, 0x00, 0x00}, // Null bytes
|
||
|
{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, // Only FF
|
||
|
{0x11, 0x11, 0x11, 0x11, 0x11}, // Only 11
|
||
|
{0x22, 0x22, 0x22, 0x22, 0x22}, // Only 22
|
||
|
{0x33, 0x33, 0x33, 0x33, 0x33}, // Only 33
|
||
|
{0x44, 0x44, 0x44, 0x44, 0x44}, // Only 44
|
||
|
{0x55, 0x55, 0x55, 0x55, 0x55}, // Only 55
|
||
|
{0x66, 0x66, 0x66, 0x66, 0x66}, // Only 66
|
||
|
{0x77, 0x77, 0x77, 0x77, 0x77}, // Only 77
|
||
|
{0x88, 0x88, 0x88, 0x88, 0x88}, // Only 88
|
||
|
{0x99, 0x99, 0x99, 0x99, 0x99}, // Only 99
|
||
|
{0x12, 0x34, 0x56, 0x78, 0x9A}, // Incremental UID
|
||
|
{0x04, 0xd0, 0x9b, 0x0d, 0x6a}, // From arha
|
||
|
{0x34, 0x00, 0x29, 0x3d, 0x9e}, // From arha
|
||
|
{0x04, 0xdf, 0x00, 0x00, 0x01}, // From arha
|
||
|
{0xCA, 0xCA, 0xCA, 0xCA, 0xCA}, // From arha
|
||
|
};
|
||
|
|
||
|
typedef enum {
|
||
|
DefaultKeys,
|
||
|
BruteForceCustomerId,
|
||
|
BadCrc,
|
||
|
} AttackType;
|
||
|
|
||
|
typedef enum {
|
||
|
EventTypeTick,
|
||
|
EventTypeKey,
|
||
|
} EventType;
|
||
|
|
||
|
typedef struct {
|
||
|
EventType evt_type;
|
||
|
InputKey key;
|
||
|
InputType input_type;
|
||
|
} FlipFridEvent;
|
||
|
|
||
|
// STRUCTS
|
||
|
typedef struct {
|
||
|
bool emitting;
|
||
|
AttackType current_attack_type;
|
||
|
uint8_t* current_uid;
|
||
|
uint8_t meta_data;
|
||
|
NotificationApp* notify;
|
||
|
} FlipFridState;
|
||
|
|
||
|
static void flipfrid_draw_callback(Canvas* const canvas, void* ctx) {
|
||
|
const FlipFridState* flipfrid_state = (FlipFridState*)acquire_mutex((ValueMutex*)ctx, 100);
|
||
|
|
||
|
if(flipfrid_state == NULL) {
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
canvas_clear(canvas);
|
||
|
canvas_set_color(canvas, ColorBlack);
|
||
|
|
||
|
// Frame
|
||
|
canvas_draw_frame(canvas, 0, 0, 128, 64);
|
||
|
|
||
|
// Title
|
||
|
canvas_set_font(canvas, FontPrimary);
|
||
|
canvas_draw_str_aligned(canvas, 64, 8, AlignCenter, AlignTop, "Flip/Frid");
|
||
|
|
||
|
// Badge Type
|
||
|
char uid[16];
|
||
|
char badge_type[21];
|
||
|
switch(flipfrid_state->current_attack_type) {
|
||
|
case DefaultKeys:
|
||
|
strcpy(badge_type, " Default Values >");
|
||
|
break;
|
||
|
case BruteForceCustomerId:
|
||
|
strcpy(badge_type, "< BF Customer ID >");
|
||
|
break;
|
||
|
case BadCrc:
|
||
|
strcpy(badge_type, "< Bad CRC ");
|
||
|
break;
|
||
|
default:
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if(flipfrid_state->current_attack_type == BruteForceCustomerId) {
|
||
|
snprintf(uid, sizeof(uid), " ID : %2X ", flipfrid_state->current_uid[0]);
|
||
|
} else if (flipfrid_state->current_attack_type == BadCrc) {
|
||
|
snprintf(uid, sizeof(uid), "Sending packets");
|
||
|
} else {
|
||
|
snprintf(
|
||
|
uid,
|
||
|
sizeof(uid),
|
||
|
"%2X:%2X:%2X:%2X:%2X",
|
||
|
flipfrid_state->current_uid[0],
|
||
|
flipfrid_state->current_uid[1],
|
||
|
flipfrid_state->current_uid[2],
|
||
|
flipfrid_state->current_uid[3],
|
||
|
flipfrid_state->current_uid[4]);
|
||
|
}
|
||
|
|
||
|
// Badge infos
|
||
|
canvas_set_font(canvas, FontSecondary);
|
||
|
canvas_draw_str_aligned(canvas, 64, 28, AlignCenter, AlignCenter, badge_type);
|
||
|
|
||
|
if(flipfrid_state->emitting) {
|
||
|
canvas_draw_str_aligned(canvas, 64, 42, AlignCenter, AlignCenter, uid);
|
||
|
} else {
|
||
|
canvas_draw_str_aligned(
|
||
|
canvas, 64, 42, AlignCenter, AlignCenter, "Press OK to start/stop");
|
||
|
}
|
||
|
|
||
|
release_mutex((ValueMutex*)ctx, flipfrid_state);
|
||
|
}
|
||
|
|
||
|
void flipfrid_input_callback(InputEvent* input_event, FuriMessageQueue* event_queue) {
|
||
|
furi_assert(event_queue);
|
||
|
|
||
|
FlipFridEvent event = {
|
||
|
.evt_type = EventTypeKey, .key = input_event->key, .input_type = input_event->type};
|
||
|
furi_message_queue_put(event_queue, &event, 25);
|
||
|
}
|
||
|
|
||
|
static void flipfrid_timer_callback(FuriMessageQueue* event_queue) {
|
||
|
furi_assert(event_queue);
|
||
|
|
||
|
FlipFridEvent event = {
|
||
|
.evt_type = EventTypeTick, .key = InputKeyUp, .input_type = InputTypeRelease};
|
||
|
furi_message_queue_put(event_queue, &event, 25);
|
||
|
}
|
||
|
|
||
|
// ENTRYPOINT
|
||
|
int32_t flipfrid_start(void* p) {
|
||
|
UNUSED(p);
|
||
|
|
||
|
// Input
|
||
|
FuriMessageQueue* event_queue = furi_message_queue_alloc(8, sizeof(FlipFridEvent));
|
||
|
FlipFridState* flipfrid_state = (FlipFridState*)malloc(sizeof(FlipFridState));
|
||
|
ValueMutex flipfrid_state_mutex;
|
||
|
|
||
|
// Mutex
|
||
|
if(!init_mutex(&flipfrid_state_mutex, flipfrid_state, sizeof(FlipFridState))) {
|
||
|
furi_message_queue_free(event_queue);
|
||
|
free(flipfrid_state);
|
||
|
}
|
||
|
|
||
|
// Configure view port
|
||
|
ViewPort* view_port = view_port_alloc();
|
||
|
view_port_draw_callback_set(view_port, flipfrid_draw_callback, &flipfrid_state_mutex);
|
||
|
view_port_input_callback_set(view_port, flipfrid_input_callback, event_queue);
|
||
|
|
||
|
// Configure timer
|
||
|
FuriTimer* timer =
|
||
|
furi_timer_alloc(flipfrid_timer_callback, FuriTimerTypePeriodic, event_queue);
|
||
|
furi_timer_start(timer, furi_kernel_get_tick_frequency() / 10); // configTICK_RATE_HZ_RAW 1000
|
||
|
|
||
|
// Register view port in GUI
|
||
|
Gui* gui = (Gui*)furi_record_open(RECORD_GUI);
|
||
|
gui_add_view_port(gui, view_port, GuiLayerFullscreen);
|
||
|
|
||
|
// Init values
|
||
|
FlipFridEvent event;
|
||
|
flipfrid_state->emitting = false;
|
||
|
flipfrid_state->current_uid = id_list[0];
|
||
|
flipfrid_state->current_attack_type = DefaultKeys;
|
||
|
flipfrid_state->meta_data = 0;
|
||
|
flipfrid_state->notify = furi_record_open(RECORD_NOTIFICATION);
|
||
|
|
||
|
// RFID Configuration
|
||
|
size_t data_size = 5; // Default EM4100 data size is 5 (1 customer id + 4 uid)
|
||
|
LFRFIDWorker* worker;
|
||
|
const ProtocolBase* lfrfid_protocol[] = {&protocol_raw_em4100, &protocol_raw_wrong_crc_em4100};
|
||
|
ProtocolDict* dict = protocol_dict_alloc(lfrfid_protocol, 2);
|
||
|
worker = lfrfid_worker_alloc(dict);
|
||
|
uint8_t selectedProtocol = CLEAN;
|
||
|
|
||
|
// Application state
|
||
|
int menu_selected_item_index = 0; // Menu current item index
|
||
|
uint8_t counter = 0; // Used to count the step and wqaiting time between each test
|
||
|
uint8_t attack_state = 0; // Used to store the current attack state
|
||
|
uint8_t candidate[5]; // uid candidate
|
||
|
bool running = true; // Used to stop the application
|
||
|
|
||
|
// Main loop
|
||
|
while(running) {
|
||
|
// Get next event
|
||
|
FuriStatus event_status = furi_message_queue_get(event_queue, &event, 25);
|
||
|
if(event_status == FuriStatusOk) {
|
||
|
if(event.evt_type == EventTypeKey) {
|
||
|
if(event.input_type == InputTypeShort) {
|
||
|
counter = 0;
|
||
|
switch(event.key) {
|
||
|
case InputKeyUp:
|
||
|
case InputKeyDown:
|
||
|
// OSEF
|
||
|
break;
|
||
|
case InputKeyRight:
|
||
|
// Next badge type
|
||
|
flipfrid_state->emitting = false;
|
||
|
if(menu_selected_item_index < (NUMBER_OF_ATTACKS - 1)) {
|
||
|
menu_selected_item_index++;
|
||
|
flipfrid_state->current_attack_type =
|
||
|
(AttackType)menu_selected_item_index;
|
||
|
}
|
||
|
break;
|
||
|
case InputKeyLeft:
|
||
|
// Previous badge type
|
||
|
flipfrid_state->emitting = false;
|
||
|
if(menu_selected_item_index > 0) {
|
||
|
menu_selected_item_index--;
|
||
|
flipfrid_state->current_attack_type =
|
||
|
(AttackType)menu_selected_item_index;
|
||
|
}
|
||
|
break;
|
||
|
case InputKeyOk:
|
||
|
if(flipfrid_state->emitting) {
|
||
|
flipfrid_state->emitting = false;
|
||
|
attack_state = 0;
|
||
|
// TODO FIX BLINK
|
||
|
notification_message(flipfrid_state->notify, &sequence_blink_stop);
|
||
|
} else {
|
||
|
flipfrid_state->emitting = true;
|
||
|
attack_state = 0;
|
||
|
// TODO FIX BLINK
|
||
|
notification_message(flipfrid_state->notify, &sequence_blink_start_magenta);
|
||
|
}
|
||
|
break;
|
||
|
case InputKeyBack:
|
||
|
flipfrid_state->emitting = false;
|
||
|
running = false;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
} else if(event.evt_type == EventTypeTick) {
|
||
|
// Emulate card
|
||
|
if(flipfrid_state->emitting) {
|
||
|
if(1 == counter) {
|
||
|
protocol_dict_set_data(
|
||
|
dict, (LFRFIDProtocol)0, flipfrid_state->current_uid, data_size);
|
||
|
worker = lfrfid_worker_alloc(dict);
|
||
|
lfrfid_worker_start_thread(worker);
|
||
|
lfrfid_worker_emulate_start(worker, (LFRFIDProtocol)selectedProtocol);
|
||
|
} else if(0 == counter) {
|
||
|
lfrfid_worker_stop(worker);
|
||
|
lfrfid_worker_stop_thread(worker);
|
||
|
// set next value
|
||
|
switch(flipfrid_state->current_attack_type) {
|
||
|
case DefaultKeys: {
|
||
|
selectedProtocol = CLEAN;
|
||
|
data_size = 5;
|
||
|
flipfrid_state->current_uid = id_list[attack_state];
|
||
|
attack_state = attack_state + 1;
|
||
|
if(attack_state >= sizeof(id_list) / sizeof(id_list[0])) {
|
||
|
attack_state = 0;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
case BruteForceCustomerId: {
|
||
|
data_size = 5;
|
||
|
selectedProtocol = CLEAN;
|
||
|
candidate[0] = attack_state;
|
||
|
flipfrid_state->current_uid = candidate;
|
||
|
attack_state = attack_state + 1;
|
||
|
if((attack_state + 1) == 256) {
|
||
|
attack_state = 0;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
case BadCrc: {
|
||
|
selectedProtocol = BAD_CRC;
|
||
|
data_size = 5;
|
||
|
candidate[0] = 0xFF;
|
||
|
candidate[1] = 0xDE;
|
||
|
candidate[2] = 0xAD;
|
||
|
candidate[3] = 0xBE;
|
||
|
candidate[4] = 0xEF;
|
||
|
flipfrid_state->current_uid = candidate;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
if(counter > TIME_BETWEEN_CARDS) {
|
||
|
counter = 0;
|
||
|
} else {
|
||
|
counter++;
|
||
|
}
|
||
|
}
|
||
|
view_port_update(view_port);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Cleanup
|
||
|
notification_message(flipfrid_state->notify, &sequence_blink_stop);
|
||
|
lfrfid_worker_stop(worker);
|
||
|
lfrfid_worker_stop_thread(worker);
|
||
|
lfrfid_worker_free(worker);
|
||
|
protocol_dict_free(dict);
|
||
|
furi_timer_stop(timer);
|
||
|
furi_timer_free(timer);
|
||
|
free(flipfrid_state);
|
||
|
gui_remove_view_port(gui, view_port);
|
||
|
view_port_free(view_port);
|
||
|
furi_message_queue_free(event_queue);
|
||
|
furi_record_close(RECORD_GUI);
|
||
|
return 0;
|
||
|
}
|