Mirrors/unleashed-firmware
2
0
Fork 0
mirror of https://github.com/DarkFlippers/unleashed-firmware synced 2024-11-15 01:07:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fuzzer App: use FuzzerPayload & smal fixes

Browse source
This commit is contained in:
gid9798 2023-06-07 11:51:15 +03:00
parent 28f4cd3d3c
commit 6ce098064a
15 changed files with 96 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
applications/external/pacs_fuzzer/fuzzer.c vendored
View file

@ -26,6 +26,7 @@ PacsFuzzerApp* fuzzer_app_alloc() {
app->fuzzer_state.proto_index = 0;
app->worker = fuzzer_worker_alloc();
app->payload = fuzzer_payload_alloc();
app->file_path = furi_string_alloc();
@ -114,6 +115,7 @@ void fuzzer_app_free(PacsFuzzerApp* app) {
furi_string_free(app->file_path);
fuzzer_payload_free(app->payload);
fuzzer_worker_free(app->worker);
free(app);

1
applications/external/pacs_fuzzer/fuzzer_i.h vendored
View file

@ -51,4 +51,5 @@ typedef struct {
FuzzerConsts* fuzzer_const;
FuzzerWorker* worker;
FuzzerPayload* payload;
} PacsFuzzerApp;

42
applications/external/pacs_fuzzer/lib/worker/fake_worker.c vendored
View file

@ -38,8 +38,8 @@ struct FuzzerWorker {
const FuzzerProtocol* protocol;
FuzzerWorkerAttackType attack_type;
uint8_t timer_idle_time;
uint8_t timer_emu_time;
uint16_t timer_idle_time_ms;
uint16_t timer_emu_time_ms;
uint8_t payload[MAX_PAYLOAD_SIZE];
Stream* uids_stream;
@ -157,7 +157,7 @@ static void fuzzer_worker_on_tick_callback(void* context) {
#endif
}
instance->in_emu_phase = false;
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_idle_time * 100));
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_idle_time_ms));
} else {
if(!fuzzer_worker_load_key(instance, true)) {
fuzzer_worker_pause(instance); // XXX
@ -173,7 +173,7 @@ static void fuzzer_worker_on_tick_callback(void* context) {
#endif
}
instance->in_emu_phase = true;
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time * 100));
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time_ms));
if(instance->tick_callback) {
instance->tick_callback(instance->tick_context);
}
@ -187,7 +187,6 @@ void fuzzer_worker_get_current_key(FuzzerWorker* instance, FuzzerPayload* output
furi_assert(instance->protocol);
output_key->data_size = instance->protocol->data_size;
output_key->data = malloc(sizeof(output_key->data_size));
memcpy(output_key->data, instance->payload, instance->protocol->data_size);
}
@ -258,7 +257,7 @@ bool fuzzer_worker_init_attack_file_dict(
bool fuzzer_worker_init_attack_bf_byte(
FuzzerWorker* instance,
FuzzerProtocolsID protocol_index,
const uint8_t* uid,
const FuzzerPayload* new_uid,
uint8_t chusen) {
furi_assert(instance);
@ -268,7 +267,7 @@ bool fuzzer_worker_init_attack_bf_byte(
instance->attack_type = FuzzerWorkerAttackTypeLoadFile;
instance->index = chusen;
memcpy(instance->payload, uid, instance->protocol->data_size);
memcpy(instance->payload, new_uid->data, instance->protocol->data_size);
res = true;
@ -349,8 +348,8 @@ FuzzerWorker* fuzzer_worker_alloc() {
memset(instance->payload, 0x00, sizeof(instance->payload));
instance->timer_idle_time = PROTOCOL_DEF_IDLE_TIME;
instance->timer_emu_time = PROTOCOL_DEF_EMU_TIME;
instance->timer_idle_time_ms = PROTOCOL_DEF_IDLE_TIME * 100;
instance->timer_emu_time_ms = PROTOCOL_DEF_EMU_TIME * 100;
instance->timer =
furi_timer_alloc(fuzzer_worker_on_tick_callback, FuriTimerTypeOnce, instance);
@ -383,17 +382,22 @@ bool fuzzer_worker_start(FuzzerWorker* instance, uint8_t idle_time, uint8_t emu_
furi_assert(instance);
if(instance->attack_type < FuzzerWorkerAttackTypeMax) {
// if(emu_time == 0) {
// uint8_t temp = idle_time / 2;
// instance->timer_emu_time = temp;
// instance->timer_idle_time = temp + idle_time % 2;
// } else {
instance->timer_idle_time = idle_time;
instance->timer_emu_time = emu_time;
// }
if(idle_time == 0) {
instance->timer_idle_time_ms = 10;
} else {
instance->timer_idle_time_ms = idle_time * 100;
}
if(emu_time == 0) {
instance->timer_emu_time_ms = 10;
} else {
instance->timer_emu_time_ms = emu_time * 100;
}
FURI_LOG_D(
TAG, "Emu_time %u Idle_time %u", instance->timer_emu_time, instance->timer_idle_time);
TAG,
"Emu_time %u ms Idle_time %u ms",
instance->timer_emu_time_ms,
instance->timer_idle_time_ms);
if(!instance->treead_running) {
#if defined(RFID_125_PROTOCOL)
@ -415,7 +419,7 @@ bool fuzzer_worker_start(FuzzerWorker* instance, uint8_t idle_time, uint8_t emu_
ibutton_worker_emulate_start(instance->proto_worker, instance->key);
#endif
instance->in_emu_phase = true;
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time * 100));
furi_timer_start(instance->timer, furi_ms_to_ticks(instance->timer_emu_time_ms));
return true;
}
return false;

6
applications/external/pacs_fuzzer/lib/worker/fake_worker.h vendored
View file

@ -82,21 +82,21 @@ bool fuzzer_worker_init_attack_file_dict(
*
* @param instance Pointer to a FuzzerWorker
* @param protocol_index index of the selected protocol
* @param uid UID for brute force
* @param new_uid Pointer to a FuzzerPayload with UID for brute force
* @param chosen index of chusen byte
* @return bool True if initialization is successful
*/
bool fuzzer_worker_init_attack_bf_byte(
FuzzerWorker* instance,
FuzzerProtocolsID protocol_index,
const uint8_t* uid,
const FuzzerPayload* new_uid,
uint8_t chusen);
/**
* Get current UID
*
* @param instance Pointer to a FuzzerWorker
* @param output_key Pointer to a FuzzerWorker, memory for data will be allocated
* @param output_key Pointer to a FuzzerPayload
*/
void fuzzer_worker_get_current_key(FuzzerWorker* instance, FuzzerPayload* output_key);

16
applications/external/pacs_fuzzer/lib/worker/protocol.c vendored
View file

@ -242,6 +242,22 @@ const FuzzerMenuItems fuzzer_menu_items[] = {
{"Load UIDs from file", FuzzerAttackIdLoadFileCustomUids},
};
FuzzerPayload* fuzzer_payload_alloc() {
FuzzerPayload* payload = malloc(sizeof(FuzzerPayload));
payload->data = malloc(sizeof(payload->data[0]) * MAX_PAYLOAD_SIZE);
return payload;
}
void fuzzer_payload_free(FuzzerPayload* payload) {
furi_assert(payload);
if(payload->data) {
free(payload->data);
}
free(payload);
}
const char* fuzzer_proto_get_name(FuzzerProtocolsID index) {
return fuzzer_proto_items[index].name;
}

14
applications/external/pacs_fuzzer/lib/worker/protocol.h vendored
View file

@ -31,6 +31,20 @@ struct FuzzerPayload {
uint8_t data_size;
};
/**
* Allocate FuzzerPayload
*
* @return FuzzerPayload* pointer to FuzzerPayload
*/
FuzzerPayload* fuzzer_payload_alloc();
/**
* Free FuzzerPayload
*
* @param instance Pointer to a FuzzerPayload
*/
void fuzzer_payload_free(FuzzerPayload*);
/**
* Get maximum length of UID among all supported protocols
* @return Maximum length of UID

12
applications/external/pacs_fuzzer/lib/worker/protocol_i.h vendored
View file

@ -19,7 +19,7 @@ typedef struct FuzzerProtocol FuzzerProtocol;
struct ProtoDict {
const uint8_t* val;
const uint8_t len; // TODO
const uint8_t len;
};
struct FuzzerProtocol {
@ -34,20 +34,10 @@ struct FuzzerProtocol {
// #define FUZZ_TIME_DELAY_DEFAULT (10)
// #define FUZZ_TIME_DELAY_MAX (70)
// #define FUZZER_APP_CUSTOM_DICT_EXTENSION ".txt"
// #define FUZZER_APP_CUSTOM_DICT_FOLDER "/ext/rfidfuzzer"
// #define FUZZER_APP_KEY_EXTENSION ".rfid"
// #define FUZZER_APP_PATH_KEY_FOLDER "/ext/lfrfid"
// #define MAX_PAYLOAD_SIZE 8
// #define FUZZ_TIME_DELAY_MIN (4)
// #define FUZZ_TIME_DELAY_DEFAULT (8)
// #define FUZZ_TIME_DELAY_MAX (80)
// #define FUZZER_APP_CUSTOM_DICT_EXTENSION ".txt"
// #define FUZZER_APP_CUSTOM_DICT_FOLDER "/ext/ibtnfuzzer"
// #define FUZZER_APP_KEY_EXTENSION ".ibtn"
// #define FUZZER_APP_PATH_KEY_FOLDER "/ext/ibutton"
extern const FuzzerProtocol fuzzer_proto_items[];

13
applications/external/pacs_fuzzer/scenes/fuzzer_scene_attack.c vendored
View file

@ -1,8 +1,6 @@
#include "../fuzzer_i.h"
#include "../helpers/fuzzer_custom_event.h"
// TODO simlify callbacks and attack state
const NotificationSequence sequence_one_green_50_on_blink_blue = {
&message_red_255,
&message_delay_50,
@ -18,12 +16,9 @@ static void fuzzer_scene_attack_update_uid(PacsFuzzerApp* app) {
furi_assert(app->worker);
furi_assert(app->attack_view);
FuzzerPayload uid;
fuzzer_worker_get_current_key(app->worker, &uid);
fuzzer_worker_get_current_key(app->worker, app->payload);
fuzzer_view_attack_set_uid(app->attack_view, uid);
free(uid.data);
fuzzer_view_attack_set_uid(app->attack_view, app->payload);
}
static void fuzzer_scene_attack_set_state(PacsFuzzerApp* app, FuzzerAttackState state) {
@ -127,7 +122,6 @@ bool fuzzer_scene_attack_on_event(void* context, SceneManagerEvent event) {
if(scene_manager_get_scene_state(app->scene_manager, FuzzerSceneAttack) ==
FuzzerAttackStateIdle) {
// Start or Continue Attack
// TODO emu_time
if(fuzzer_worker_start(
app->worker,
fuzzer_view_attack_get_time_delay(app->attack_view),
@ -160,7 +154,8 @@ void fuzzer_scene_attack_on_exit(void* context) {
furi_assert(context);
PacsFuzzerApp* app = context;
// fuzzer_worker_stop(); // XXX
// XXX the scene has no descendants, and the return will be processed in on_event
// fuzzer_worker_stop();
fuzzer_worker_set_uid_chaged_callback(app->worker, NULL, NULL);
fuzzer_worker_set_end_callback(app->worker, NULL, NULL);

11
applications/external/pacs_fuzzer/scenes/fuzzer_scene_field_editor.c vendored
View file

@ -14,12 +14,9 @@ void fuzzer_scene_field_editor_on_enter(void* context) {
fuzzer_view_field_editor_set_callback(
app->field_editor_view, fuzzer_scene_field_editor_callback, app);
FuzzerPayload uid;
fuzzer_worker_get_current_key(app->worker, &uid);
fuzzer_worker_get_current_key(app->worker, app->payload);
fuzzer_view_field_editor_reset_data(app->field_editor_view, uid);
free(uid.data);
fuzzer_view_field_editor_reset_data(app->field_editor_view, app->payload);
view_dispatcher_switch_to_view(app->view_dispatcher, FuzzerViewIDFieldEditor);
}
@ -37,11 +34,11 @@ bool fuzzer_scene_field_editor_on_event(void* context, SceneManagerEvent event)
}
consumed = true;
} else if(event.event == FuzzerCustomEventViewFieldEditorOk) {
// TODO
fuzzer_view_field_editor_get_uid(app->field_editor_view, app->payload);
if(fuzzer_worker_init_attack_bf_byte(
app->worker,
app->fuzzer_state.proto_index,
fuzzer_view_field_editor_get_uid(app->field_editor_view),
app->payload,
fuzzer_view_field_editor_get_index(app->field_editor_view))) {
scene_manager_next_scene(app->scene_manager, FuzzerSceneAttack);
}

9
applications/external/pacs_fuzzer/scenes/fuzzer_scene_main.c vendored
View file

@ -103,8 +103,6 @@ bool fuzzer_scene_main_on_event(void* context, SceneManagerEvent event) {
// TODO error logic
bool loading_ok = false;
uint8_t d_size = fuzzer_proto_get_max_data_size();
uint8_t* uid;
switch(fuzzer_proto_get_attack_id_by_index(app->fuzzer_state.menu_index)) {
case FuzzerAttackIdDefaultValues:
@ -119,13 +117,12 @@ bool fuzzer_scene_main_on_event(void* context, SceneManagerEvent event) {
break;
case FuzzerAttackIdBFCustomerID:
// TODO
uid = malloc(d_size);
memset(uid, 0x00, d_size);
app->payload->data_size = fuzzer_proto_get_max_data_size();
memset(app->payload->data, 0x00, app->payload->data_size);
loading_ok = fuzzer_worker_init_attack_bf_byte(
app->worker, app->fuzzer_state.proto_index, uid, 0);
app->worker, app->fuzzer_state.proto_index, app->payload, 0);
free(uid);
if(!loading_ok) {
// error
}

4
applications/external/pacs_fuzzer/todo.md vendored
View file

@ -31,9 +31,13 @@
- [ ] Decide on the display
- [x] UID
- [x] Simplify the storage and exchange of `uids.data` `uid.data_size` in `views`
- [x] Using `FuzzerPayload` to store the uid
- [x] `UID_MAX_SIZE`
- [x] Add pause
- [x] Fix `Custom dict` attack when ended
- [ ] Pause V2
- [ ] Save logic
- [ ] Switching UIDs if possible
- [ ] Worker
- [ ] Use `prtocol_id` instead of protocol name
- [x] this can be simplified `fuzzer_proto_items`

10
applications/external/pacs_fuzzer/views/attack.c vendored
View file

@ -48,17 +48,17 @@ void fuzzer_view_attack_reset_data(
true);
}
void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload uid) {
void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload* uid) {
furi_assert(view);
furi_assert(uid.data);
furi_assert(uid->data);
with_view_model(
view->view,
FuzzerViewAttackModel * model,
{
furi_string_printf(model->uid_str, "%02X", uid.data[0]);
for(uint8_t i = 1; i < uid.data_size; i++) {
furi_string_cat_printf(model->uid_str, ":%02X", uid.data[i]);
furi_string_printf(model->uid_str, "%02X", uid->data[0]);
for(uint8_t i = 1; i < uid->data_size; i++) {
furi_string_cat_printf(model->uid_str, ":%02X", uid->data[i]);
}
},
true);

2
applications/external/pacs_fuzzer/views/attack.h vendored
View file

@ -27,7 +27,7 @@ void fuzzer_view_attack_reset_data(
const char* attack_name,
const char* protocol_name);
void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload uid);
void fuzzer_view_attack_set_uid(FuzzerViewAttack* view, const FuzzerPayload* uid);
void fuzzer_view_attack_start(FuzzerViewAttack* view);

20
applications/external/pacs_fuzzer/views/field_editor.c vendored
View file

@ -49,27 +49,33 @@ void fuzzer_view_field_editor_set_callback(
void fuzzer_view_field_editor_reset_data(
FuzzerViewFieldEditor* view_edit,
const FuzzerPayload new_uid) {
const FuzzerPayload* new_uid) {
furi_assert(view_edit);
furi_assert(new_uid->data);
with_view_model(
view_edit->view,
FuzzerViewFieldEditorModel * model,
{
memcpy(model->uid, new_uid.data, new_uid.data_size);
memcpy(model->uid, new_uid->data, new_uid->data_size);
model->index = 0;
model->lo = false;
model->uid_size = new_uid.data_size;
model->uid_size = new_uid->data_size;
},
true);
}
const uint8_t* fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit) {
void fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit, FuzzerPayload* output_uid) {
furi_assert(view_edit);
uint8_t* uid;
furi_assert(output_uid);
with_view_model(
view_edit->view, FuzzerViewFieldEditorModel * model, { uid = model->uid; }, true);
return uid;
view_edit->view,
FuzzerViewFieldEditorModel * model,
{
output_uid->data_size = model->uid_size;
memcpy(output_uid->data, model->uid, model->uid_size);
},
true);
}
uint8_t fuzzer_view_field_editor_get_index(FuzzerViewFieldEditor* view_edit) {

5
applications/external/pacs_fuzzer/views/field_editor.h vendored
View file

@ -21,9 +21,8 @@ View* fuzzer_view_field_editor_get_view(FuzzerViewFieldEditor* view_attack);
void fuzzer_view_field_editor_reset_data(
FuzzerViewFieldEditor* view_edit,
const FuzzerPayload new_uid);
const FuzzerPayload* new_uid);
// TODO
const uint8_t* fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit);
void fuzzer_view_field_editor_get_uid(FuzzerViewFieldEditor* view_edit, FuzzerPayload* output_uid);
uint8_t fuzzer_view_field_editor_get_index(FuzzerViewFieldEditor* view_edit);