Mirrors/unleashed-firmware
2
0
Fork 0
mirror of https://github.com/DarkFlippers/unleashed-firmware synced 2024-11-23 13:03:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

rfid fuzzer H10301 support and bug fixes

Browse source
This commit is contained in:
MX 2022-10-04 03:15:28 +03:00
parent 683c6254da
commit c0765c1114
No known key found for this signature in database
GPG key ID: 6C4C311DFD4B4AB5
6 changed files with 159 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
applications/plugins/flipfrid/flipfrid.h
View file

@ -32,6 +32,7 @@ typedef enum {
EM4100,
HIDProx,
PAC,
H10301,
} FlipFridProtos;
typedef enum {

15
applications/plugins/flipfrid/scene/flipfrid_scene_entrypoint.c
View file

@ -1,7 +1,7 @@
#include "flipfrid_scene_entrypoint.h"
string_t menu_items[4];
string_t menu_proto_items[3];
string_t menu_proto_items[4];
void flipfrid_scene_entrypoint_menu_callback(
FlipFridState* context,
@ -45,6 +45,10 @@ void flipfrid_scene_entrypoint_menu_callback(
context->proto = PAC;
string_set_str(context->proto_name, "PAC/Stanley");
break;
case H10301:
context->proto = H10301;
string_set_str(context->proto_name, "H10301");
break;
default:
break;
}
@ -70,13 +74,14 @@ void flipfrid_scene_entrypoint_on_enter(FlipFridState* context) {
string_set(menu_items[3], "Load uids from file");
context->menu_proto_index = 0;
for(uint32_t i = 0; i < 3; i++) {
for(uint32_t i = 0; i < 4; i++) {
string_init(menu_proto_items[i]);
}
string_set(menu_proto_items[0], "EM4100");
string_set(menu_proto_items[1], "HIDProx");
string_set(menu_proto_items[2], "PAC/Stanley");
string_set(menu_proto_items[3], "H10301");
}
void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) {
@ -85,7 +90,7 @@ void flipfrid_scene_entrypoint_on_exit(FlipFridState* context) {
string_clear(menu_items[i]);
}
for(uint32_t i = 0; i < 3; i++) {
for(uint32_t i = 0; i < 4; i++) {
string_clear(menu_proto_items[i]);
}
}
@ -114,7 +119,7 @@ void flipfrid_scene_entrypoint_on_event(FlipFridEvent event, FlipFridState* cont
}
break;
case InputKeyRight:
if(context->menu_proto_index < PAC) {
if(context->menu_proto_index < H10301) {
context->menu_proto_index++;
}
break;
@ -186,7 +191,7 @@ void flipfrid_scene_entrypoint_on_draw(Canvas* canvas, FlipFridState* context) {
canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(canvas, 101, 4, AlignCenter, AlignTop, ">");
if(context->menu_proto_index < PAC) {
if(context->menu_proto_index < H10301) {
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(
canvas,

14
applications/plugins/flipfrid/scene/flipfrid_scene_load_file.c
View file

@ -51,6 +51,13 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) {
string_set_str(context->notification_msg, "Unsupported Key type");
break;
}
} else if(context->proto == H10301) {
if(strcmp(string_get_cstr(temp_str), "H10301") != 0) {
FURI_LOG_E(TAG, "Unsupported Key type");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Unsupported Key type");
break;
}
} else {
if(strcmp(string_get_cstr(temp_str), "HIDProx") != 0) {
FURI_LOG_E(TAG, "Unsupported Key type");
@ -84,6 +91,13 @@ bool flipfrid_load(FlipFridState* context, const char* file_path) {
string_set_str(context->notification_msg, "Incorrect Key length");
break;
}
} else if(context->proto == H10301) {
if(string_size(context->data_str) != 8) {
FURI_LOG_E(TAG, "Incorrect Key length");
string_reset(context->notification_msg);
string_set_str(context->notification_msg, "Incorrect Key length");
break;
}
} else {
if(string_size(context->data_str) != 17) {
FURI_LOG_E(TAG, "Incorrect Key length");

119
applications/plugins/flipfrid/scene/flipfrid_scene_run_attack.c
View file

@ -60,6 +60,23 @@ uint8_t id_list_pac[17][4] = {
{0xCA, 0xCA, 0xCA, 0xCA}, // From arha
};
uint8_t id_list_h[14][3] = {
{0x00, 0x00, 0x00}, // Null bytes
{0xFF, 0xFF, 0xFF}, // Only FF
{0x11, 0x11, 0x11}, // Only 11
{0x22, 0x22, 0x22}, // Only 22
{0x33, 0x33, 0x33}, // Only 33
{0x44, 0x44, 0x44}, // Only 44
{0x55, 0x55, 0x55}, // Only 55
{0x66, 0x66, 0x66}, // Only 66
{0x77, 0x77, 0x77}, // Only 77
{0x88, 0x88, 0x88}, // Only 88
{0x99, 0x99, 0x99}, // Only 99
{0x12, 0x34, 0x56}, // Incremental UID
{0x56, 0x34, 0x12}, // Decremental UID
{0xCA, 0xCA, 0xCA}, // From arha
};
void flipfrid_scene_run_attack_on_enter(FlipFridState* context) {
context->attack_step = 0;
context->dict = protocol_dict_alloc(lfrfid_protocols, LFRFIDProtocolMax);
@ -68,6 +85,8 @@ void flipfrid_scene_run_attack_on_enter(FlipFridState* context) {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "HIDProx");
} else if(context->proto == PAC) {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "PAC/Stanley");
} else if(context->proto == H10301) {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "H10301");
} else {
context->protocol = protocol_dict_get_protocol_by_name(context->dict, "EM4100");
}
@ -127,6 +146,21 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->attack_step++;
}
break;
} else if(context->proto == H10301) {
context->payload[0] = id_list_h[context->attack_step][0];
context->payload[1] = id_list_h[context->attack_step][1];
context->payload[2] = id_list_h[context->attack_step][2];
if(context->attack_step == 13) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
} else {
context->attack_step++;
}
break;
} else {
context->payload[0] = id_list_hid[context->attack_step][0];
context->payload[1] = id_list_hid[context->attack_step][1];
@ -172,6 +206,21 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->payload[2] = 0x00;
context->payload[3] = 0x00;
if(context->attack_step == 255) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
} else {
context->attack_step++;
}
break;
} else if(context->proto == H10301) {
context->payload[0] = context->attack_step;
context->payload[1] = 0x00;
context->payload[2] = 0x00;
if(context->attack_step == 255) {
context->attack_step = 0;
counter = 0;
@ -231,6 +280,24 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->payload[context->key_index] = context->attack_step;
if(context->attack_step == 255) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
break;
} else {
context->attack_step++;
}
break;
} else if(context->proto == H10301) {
context->payload[0] = context->data[0];
context->payload[1] = context->data[1];
context->payload[2] = context->data[2];
context->payload[context->key_index] = context->attack_step;
if(context->attack_step == 255) {
context->attack_step = 0;
counter = 0;
@ -342,6 +409,44 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
context->payload[i] = (uint8_t)strtol(temp_str, NULL, 16);
}
break;
} else if(context->proto == H10301) {
bool end_of_list = false;
while(true) {
string_reset(context->data_str);
if(!stream_read_line(context->uids_stream, context->data_str)) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_single_vibro);
stream_rewind(context->uids_stream);
end_of_list = true;
break;
};
if(string_get_char(context->data_str, 0) == '#') continue;
if(string_size(context->data_str) != 7) break;
break;
}
if(end_of_list) break;
FURI_LOG_D(TAG, string_get_cstr(context->data_str));
if(string_size(context->data_str) != 7) {
context->attack_step = 0;
counter = 0;
context->is_attacking = false;
notification_message(context->notify, &sequence_blink_stop);
notification_message(context->notify, &sequence_error);
break;
};
// string is valid, parse it in context->payload
for(uint8_t i = 0; i < 3; i++) {
char temp_str[3];
temp_str[0] = string_get_cstr(context->data_str)[i * 2];
temp_str[1] = string_get_cstr(context->data_str)[i * 2 + 1];
temp_str[2] = '\0';
context->payload[i] = (uint8_t)strtol(temp_str, NULL, 16);
}
break;
} else {
bool end_of_list = false;
while(true) {
@ -395,6 +500,12 @@ void flipfrid_scene_run_attack_on_tick(FlipFridState* context) {
} else {
counter++;
}
} else if(context->proto == H10301) {
if(counter > 10) {
counter = 0;
} else {
counter++;
}
} else {
if(counter > TIME_BETWEEN_CARDS) {
counter = 0;
@ -474,6 +585,14 @@ void flipfrid_scene_run_attack_on_draw(Canvas* canvas, FlipFridState* context) {
context->payload[1],
context->payload[2],
context->payload[3]);
} else if(context->proto == H10301) {
snprintf(
uid,
sizeof(uid),
"%02X:%02X:%02X",
context->payload[0],
context->payload[1],
context->payload[2]);
} else {
snprintf(
uid,

7
applications/plugins/flipfrid/scene/flipfrid_scene_select_field.c
View file

@ -10,6 +10,12 @@ void flipfrid_center_displayed_key(FlipFridState* context, uint8_t index) {
if(context->proto == EM4100) {
key_len = 16;
}
if(context->proto == PAC) {
key_len = 13;
}
if(context->proto == H10301) {
key_len = 10;
}
for(uint8_t i = 0; i < data_len; i++) {
if(context->data[i] < 9) {
@ -119,6 +125,7 @@ void flipfrid_scene_select_field_on_event(FlipFridEvent event, FlipFridState* co
context->current_scene = SceneAttack;
break;
case InputKeyBack:
context->key_index = 0;
string_reset(context->notification_msg);
context->current_scene = SceneSelectFile;
break;

8
assets/resources/rfidfuzzer/example_uids_h10301.txt Normal file
View file

@ -0,0 +1,8 @@
# Example file, P.S. keep empty line at the end!
000000
F00000
E00000
FE0000
CAFE00
00CAFE
0000CA