Add BLE Kitchen Sink

2025-12-12 07:40:58 -08:00 · 2023-11-08 16:55:08 -05:00
parent b17aa987cc
commit 8d694cb1ef
6 changed files with 68 additions and 24 deletions
--- a/esp32_marauder/CommandLine.cpp
+++ b/esp32_marauder/CommandLine.cpp
@@ -251,6 +251,7 @@ void CommandLine::runCommand(String input) {
      Serial.println(HELP_BT_SNIFF_CMD);
      Serial.println(HELP_BT_SOUR_APPLE_CMD);
      Serial.println(HELP_BT_SWIFTPAIR_SPAM_CMD);
+      Serial.println(HELP_BT_KITCHEN_SINK_CMD);
      #ifdef HAS_GPS
        Serial.println(HELP_BT_WARDRIVE_CMD);
      #endif
@@ -808,6 +809,18 @@ void CommandLine::runCommand(String input) {
        Serial.println("Bluetooth not supported");
      #endif
    }
+    else if (cmd_args.get(0) == BT_KITCHEN_SINK_CMD) {
+      #ifdef HAS_BT
+        Serial.println("Starting Kitchen Sink Spam attack. Stop with " + (String)STOPSCAN_CMD);
+        #ifdef HAS_SCREEN
+          display_obj.clearScreen();
+          menu_function_obj.drawStatusBar();
+        #endif
+        wifi_scan_obj.StartScan(BT_ATTACK_KITCHEN_SINK, TFT_MAGENTA);
+      #else
+        Serial.println("Bluetooth not supported");
+      #endif
+    }
    // Wardrive
    else if (cmd_args.get(0) == BT_WARDRIVE_CMD) {
      #ifdef HAS_BT
--- a/esp32_marauder/CommandLine.h
+++ b/esp32_marauder/CommandLine.h
@@ -79,6 +79,7 @@ const char PROGMEM SSID_CMD[] = "ssid";
 const char PROGMEM BT_SNIFF_CMD[] = "sniffbt";
 const char PROGMEM BT_SOUR_APPLE_CMD[] = "sourapple";
 const char PROGMEM BT_SWIFTPAIR_SPAM_CMD[] = "swiftpair";
+const char PROGMEM BT_KITCHEN_SINK_CMD[] = "kitchensink";
 const char PROGMEM BT_WARDRIVE_CMD[] = "btwardrive";
 const char PROGMEM BT_SKIM_CMD[] = "sniffskim";

@@ -126,6 +127,7 @@ const char PROGMEM HELP_SSID_CMD_B[] = "ssid -r <index>";
 const char PROGMEM HELP_BT_SNIFF_CMD[] = "sniffbt";
 const char PROGMEM HELP_BT_SOUR_APPLE_CMD[] = "sourapple";
 const char PROGMEM HELP_BT_SWIFTPAIR_SPAM_CMD[] = "swiftpair";
+const char PROGMEM HELP_BT_KITCHEN_SINK_CMD[] = "kitchensink";
 const char PROGMEM HELP_BT_WARDRIVE_CMD[] = "btwardrive [-c]";
 const char PROGMEM HELP_BT_SKIM_CMD[] = "sniffskim";
 const char PROGMEM HELP_FOOT[] = "==================================";
--- a/esp32_marauder/MenuFunctions.cpp
+++ b/esp32_marauder/MenuFunctions.cpp
@@ -507,6 +507,7 @@ void MenuFunctions::main(uint32_t currentTime)
          (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
          (wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
          (wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+          (wifi_scan_obj.currentScanMode == BT_ATTACK_KITCHEN_SINK) ||
          (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) ||
          (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) ||
          (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS))
@@ -565,6 +566,7 @@ void MenuFunctions::main(uint32_t currentTime)
          (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
          (wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
          (wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+          (wifi_scan_obj.currentScanMode == BT_ATTACK_KITCHEN_SINK) ||
          (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) ||
          (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) ||
          (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS) ||
@@ -1473,6 +1475,11 @@ void MenuFunctions::RunSetup()
    this->drawStatusBar();
    wifi_scan_obj.StartScan(BT_ATTACK_SWIFTPAIR_SPAM, TFT_CYAN);
  });
+  this->addNodes(&bluetoothAttackMenu, "Kitchen Sink Spam", TFT_MAGENTA, NULL, DEAUTH_SNIFF, [this]() {
+    display_obj.clearScreen();
+    this->drawStatusBar();
+    wifi_scan_obj.StartScan(BT_ATTACK_KITCHEN_SINK, TFT_MAGENTA);
+  });

  // Device menu
  deviceMenu.parentMenu = &mainMenu;
--- a/esp32_marauder/WiFiScan.cpp
+++ b/esp32_marauder/WiFiScan.cpp
@@ -483,7 +483,8 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
      RunSourApple(scan_mode, color);
    #endif
  }
-  else if (scan_mode == BT_ATTACK_SWIFTPAIR_SPAM) {
+  else if ((scan_mode == BT_ATTACK_SWIFTPAIR_SPAM) || 
+           (scan_mode == BT_ATTACK_KITCHEN_SINK)) {
    #ifdef HAS_BT
      RunSwiftpairSpam(scan_mode, color);
    #endif
@@ -661,6 +662,7 @@ void WiFiScan::StopScan(uint8_t scan_mode)
  else if ((currentScanMode == BT_SCAN_ALL) ||
  (currentScanMode == BT_ATTACK_SOUR_APPLE) ||
  (currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+  (currentScanMode == BT_ATTACK_KITCHEN_SINK) ||
  (currentScanMode == BT_SCAN_WAR_DRIVE) ||
  (currentScanMode == BT_SCAN_WAR_DRIVE_CONT) ||
  (currentScanMode == BT_SCAN_SKIMMERS))
@@ -1458,6 +1460,11 @@ void WiFiScan::RunPwnScan(uint8_t scan_mode, uint16_t color)

 void WiFiScan::executeSourApple() {
  #ifdef HAS_BT
+    NimBLEDevice::init("");
+    NimBLEServer *pServer = NimBLEDevice::createServer();
+
+    pAdvertising = pServer->getAdvertising();
+
    delay(40);
    NimBLEAdvertisementData advertisementData = getOAdvertisementData();
    pAdvertising->setAdvertisementData(advertisementData);
@@ -1872,10 +1879,10 @@ void WiFiScan::RunProbeScan(uint8_t scan_mode, uint16_t color)

 void WiFiScan::RunSourApple(uint8_t scan_mode, uint16_t color) {
  #ifdef HAS_BT
-    NimBLEDevice::init("");
+    /*NimBLEDevice::init("");
    NimBLEServer *pServer = NimBLEDevice::createServer();

-    pAdvertising = pServer->getAdvertising();
+    pAdvertising = pServer->getAdvertising();*/

    #ifdef HAS_SCREEN
      display_obj.TOP_FIXED_AREA_2 = 48;
@@ -1909,7 +1916,10 @@ void WiFiScan::RunSwiftpairSpam(uint8_t scan_mode, uint16_t color) {
      display_obj.tft.setTextColor(TFT_BLACK, color);
      #ifdef HAS_ILI9341
        display_obj.tft.fillRect(0,16,240,16, color);
-        display_obj.tft.drawCentreString("Swiftpair Spam",120,16,2);
+        if (scan_mode == BT_ATTACK_SWIFTPAIR_SPAM)
+          display_obj.tft.drawCentreString("Swiftpair Spam",120,16,2);
+        else if (scan_mode == BT_ATTACK_KITCHEN_SINK)
+          display_obj.tft.drawCentreString("BLE Kitchen Sink Spam",120,16,2);
        display_obj.touchToExit();
      #endif
      display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
@@ -4255,7 +4265,9 @@ void WiFiScan::main(uint32_t currentTime)
      channelHop();
    }
  }
-  else if (currentScanMode == BT_ATTACK_SOUR_APPLE) {
+  else if ((currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+           (currentScanMode == BT_ATTACK_SOUR_APPLE) ||
+           (currentScanMode == BT_ATTACK_KITCHEN_SINK)) {
    #ifdef HAS_BT
      if (currentTime - initTime >= 1000) {
        initTime = millis();
@@ -4271,26 +4283,13 @@ void WiFiScan::main(uint32_t currentTime)
        #endif
      }

-      this->executeSourApple();
-    #endif
-  }
-  else if (currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) {
-    #ifdef HAS_BT
-      if (currentTime - initTime >= 1000) {
-        initTime = millis();
-        String displayString = "";
-        String displayString2 = "";
-        displayString.concat("Advertising Data...");
-        for (int x = 0; x < STANDARD_FONT_CHAR_LIMIT; x++)
-          displayString2.concat(" ");
-        #ifdef HAS_SCREEN
-          display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
-          display_obj.showCenterText(displayString2, 160);
-          display_obj.showCenterText(displayString, 160);
-        #endif
-      }
+      if ((currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+          (currentScanMode == BT_ATTACK_KITCHEN_SINK))
+        this->executeSwiftpairSpam();

-      this->executeSwiftpairSpam();
+      if ((currentScanMode == BT_ATTACK_SOUR_APPLE) ||
+          (currentScanMode == BT_ATTACK_KITCHEN_SINK))
+        this->executeSourApple();
    #endif
  }
  else if (currentScanMode == WIFI_SCAN_WAR_DRIVE) {
--- a/esp32_marauder/WiFiScan.h
+++ b/esp32_marauder/WiFiScan.h
@@ -85,6 +85,7 @@
 #define BT_SCAN_WAR_DRIVE_CONT 35
 #define BT_ATTACK_SOUR_APPLE 36
 #define BT_ATTACK_SWIFTPAIR_SPAM 37
+#define BT_ATTACK_KITCHEN_SINK 38

 #define GRAPH_REFRESH 100

--- a/pictures/jcmkllc.svg
+++ b/pictures/jcmkllc.svg
@@ -0,0 +1,22 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="926.000000pt" height="825.000000pt" viewBox="0 0 926.000000 825.000000"
+ preserveAspectRatio="xMidYMid meet">
+<metadata>
+Created by potrace 1.10, written by Peter Selinger 2001-2011
+</metadata>
+<g transform="translate(0.000000,825.000000) scale(0.050000,-0.050000)"
+fill="#000000" stroke="none">
+<path d="M3825 15611 c-130 -58 -145 -115 -145 -541 l0 -380 -770 -770 c-597
+-596 -775 -786 -790 -840 -27 -96 -25 -1069 2 -1170 25 -95 2624 -2720 2766
+-2793 227 -118 372 48 372 427 l0 226 881 880 c933 931 939 938 939 1077 0
+200 -125 253 -600 253 l-330 0 -390 390 -390 390 370 0 c403 0 455 13 530 127
+38 59 49 441 14 504 -12 22 -516 533 -1120 1136 -1219 1218 -1156 1167 -1339
+1084z m1316 -2331 l-518 -10 -62 -59 c-191 -183 -175 -207 653 -1035 l717
+-716 126 0 c73 0 124 -8 120 -19 -4 -11 -331 -344 -726 -741 l-720 -721 -1055
+1055 -1056 1056 0 404 0 405 758 755 c802 801 822 824 822 990 l0 106 730
+-730 730 -730 -519 -10z"/>
+</g>
+</svg>