From 8d694cb1ef250d7a74fd67a5e7172e1e99b14a2a Mon Sep 17 00:00:00 2001
From: Just Call Me Koko <at.the.red.team@gmail.com>
Date: Wed, 8 Nov 2023 16:55:08 -0500
Subject: [PATCH] Add BLE Kitchen Sink

---
 esp32_marauder/CommandLine.cpp   | 13 +++++++++
 esp32_marauder/CommandLine.h     |  2 ++
 esp32_marauder/MenuFunctions.cpp |  7 +++++
 esp32_marauder/WiFiScan.cpp      | 47 ++++++++++++++++----------------
 esp32_marauder/WiFiScan.h        |  1 +
 pictures/jcmkllc.svg             | 22 +++++++++++++++
 6 files changed, 68 insertions(+), 24 deletions(-)
 create mode 100644 pictures/jcmkllc.svg

diff --git a/esp32_marauder/CommandLine.cpp b/esp32_marauder/CommandLine.cpp
index 0ccaa9d..1caec4d 100644
--- a/esp32_marauder/CommandLine.cpp
+++ b/esp32_marauder/CommandLine.cpp
@@ -251,6 +251,7 @@ void CommandLine::runCommand(String input) {
       Serial.println(HELP_BT_SNIFF_CMD);
       Serial.println(HELP_BT_SOUR_APPLE_CMD);
       Serial.println(HELP_BT_SWIFTPAIR_SPAM_CMD);
+      Serial.println(HELP_BT_KITCHEN_SINK_CMD);
       #ifdef HAS_GPS
         Serial.println(HELP_BT_WARDRIVE_CMD);
       #endif
@@ -808,6 +809,18 @@ void CommandLine::runCommand(String input) {
         Serial.println("Bluetooth not supported");
       #endif
     }
+    else if (cmd_args.get(0) == BT_KITCHEN_SINK_CMD) {
+      #ifdef HAS_BT
+        Serial.println("Starting Kitchen Sink Spam attack. Stop with " + (String)STOPSCAN_CMD);
+        #ifdef HAS_SCREEN
+          display_obj.clearScreen();
+          menu_function_obj.drawStatusBar();
+        #endif
+        wifi_scan_obj.StartScan(BT_ATTACK_KITCHEN_SINK, TFT_MAGENTA);
+      #else
+        Serial.println("Bluetooth not supported");
+      #endif
+    }
     // Wardrive
     else if (cmd_args.get(0) == BT_WARDRIVE_CMD) {
       #ifdef HAS_BT
diff --git a/esp32_marauder/CommandLine.h b/esp32_marauder/CommandLine.h
index c2bff8b..967c645 100644
--- a/esp32_marauder/CommandLine.h
+++ b/esp32_marauder/CommandLine.h
@@ -79,6 +79,7 @@ const char PROGMEM SSID_CMD[] = "ssid";
 const char PROGMEM BT_SNIFF_CMD[] = "sniffbt";
 const char PROGMEM BT_SOUR_APPLE_CMD[] = "sourapple";
 const char PROGMEM BT_SWIFTPAIR_SPAM_CMD[] = "swiftpair";
+const char PROGMEM BT_KITCHEN_SINK_CMD[] = "kitchensink";
 const char PROGMEM BT_WARDRIVE_CMD[] = "btwardrive";
 const char PROGMEM BT_SKIM_CMD[] = "sniffskim";
 
@@ -126,6 +127,7 @@ const char PROGMEM HELP_SSID_CMD_B[] = "ssid -r <index>";
 const char PROGMEM HELP_BT_SNIFF_CMD[] = "sniffbt";
 const char PROGMEM HELP_BT_SOUR_APPLE_CMD[] = "sourapple";
 const char PROGMEM HELP_BT_SWIFTPAIR_SPAM_CMD[] = "swiftpair";
+const char PROGMEM HELP_BT_KITCHEN_SINK_CMD[] = "kitchensink";
 const char PROGMEM HELP_BT_WARDRIVE_CMD[] = "btwardrive [-c]";
 const char PROGMEM HELP_BT_SKIM_CMD[] = "sniffskim";
 const char PROGMEM HELP_FOOT[] = "==================================";
diff --git a/esp32_marauder/MenuFunctions.cpp b/esp32_marauder/MenuFunctions.cpp
index 6111ef2..4338d4a 100644
--- a/esp32_marauder/MenuFunctions.cpp
+++ b/esp32_marauder/MenuFunctions.cpp
@@ -507,6 +507,7 @@ void MenuFunctions::main(uint32_t currentTime)
           (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
           (wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
           (wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+          (wifi_scan_obj.currentScanMode == BT_ATTACK_KITCHEN_SINK) ||
           (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) ||
           (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) ||
           (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS))
@@ -565,6 +566,7 @@ void MenuFunctions::main(uint32_t currentTime)
           (wifi_scan_obj.currentScanMode == BT_SCAN_ALL) ||
           (wifi_scan_obj.currentScanMode == BT_ATTACK_SOUR_APPLE) ||
           (wifi_scan_obj.currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+          (wifi_scan_obj.currentScanMode == BT_ATTACK_KITCHEN_SINK) ||
           (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE) ||
           (wifi_scan_obj.currentScanMode == BT_SCAN_WAR_DRIVE_CONT) ||
           (wifi_scan_obj.currentScanMode == BT_SCAN_SKIMMERS) ||
@@ -1473,6 +1475,11 @@ void MenuFunctions::RunSetup()
     this->drawStatusBar();
     wifi_scan_obj.StartScan(BT_ATTACK_SWIFTPAIR_SPAM, TFT_CYAN);
   });
+  this->addNodes(&bluetoothAttackMenu, "Kitchen Sink Spam", TFT_MAGENTA, NULL, DEAUTH_SNIFF, [this]() {
+    display_obj.clearScreen();
+    this->drawStatusBar();
+    wifi_scan_obj.StartScan(BT_ATTACK_KITCHEN_SINK, TFT_MAGENTA);
+  });
 
   // Device menu
   deviceMenu.parentMenu = &mainMenu;
diff --git a/esp32_marauder/WiFiScan.cpp b/esp32_marauder/WiFiScan.cpp
index f7b9d34..9e29ded 100644
--- a/esp32_marauder/WiFiScan.cpp
+++ b/esp32_marauder/WiFiScan.cpp
@@ -483,7 +483,8 @@ void WiFiScan::StartScan(uint8_t scan_mode, uint16_t color)
       RunSourApple(scan_mode, color);
     #endif
   }
-  else if (scan_mode == BT_ATTACK_SWIFTPAIR_SPAM) {
+  else if ((scan_mode == BT_ATTACK_SWIFTPAIR_SPAM) || 
+           (scan_mode == BT_ATTACK_KITCHEN_SINK)) {
     #ifdef HAS_BT
       RunSwiftpairSpam(scan_mode, color);
     #endif
@@ -661,6 +662,7 @@ void WiFiScan::StopScan(uint8_t scan_mode)
   else if ((currentScanMode == BT_SCAN_ALL) ||
   (currentScanMode == BT_ATTACK_SOUR_APPLE) ||
   (currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+  (currentScanMode == BT_ATTACK_KITCHEN_SINK) ||
   (currentScanMode == BT_SCAN_WAR_DRIVE) ||
   (currentScanMode == BT_SCAN_WAR_DRIVE_CONT) ||
   (currentScanMode == BT_SCAN_SKIMMERS))
@@ -1458,6 +1460,11 @@ void WiFiScan::RunPwnScan(uint8_t scan_mode, uint16_t color)
 
 void WiFiScan::executeSourApple() {
   #ifdef HAS_BT
+    NimBLEDevice::init("");
+    NimBLEServer *pServer = NimBLEDevice::createServer();
+
+    pAdvertising = pServer->getAdvertising();
+
     delay(40);
     NimBLEAdvertisementData advertisementData = getOAdvertisementData();
     pAdvertising->setAdvertisementData(advertisementData);
@@ -1872,10 +1879,10 @@ void WiFiScan::RunProbeScan(uint8_t scan_mode, uint16_t color)
 
 void WiFiScan::RunSourApple(uint8_t scan_mode, uint16_t color) {
   #ifdef HAS_BT
-    NimBLEDevice::init("");
+    /*NimBLEDevice::init("");
     NimBLEServer *pServer = NimBLEDevice::createServer();
 
-    pAdvertising = pServer->getAdvertising();
+    pAdvertising = pServer->getAdvertising();*/
 
     #ifdef HAS_SCREEN
       display_obj.TOP_FIXED_AREA_2 = 48;
@@ -1909,7 +1916,10 @@ void WiFiScan::RunSwiftpairSpam(uint8_t scan_mode, uint16_t color) {
       display_obj.tft.setTextColor(TFT_BLACK, color);
       #ifdef HAS_ILI9341
         display_obj.tft.fillRect(0,16,240,16, color);
-        display_obj.tft.drawCentreString("Swiftpair Spam",120,16,2);
+        if (scan_mode == BT_ATTACK_SWIFTPAIR_SPAM)
+          display_obj.tft.drawCentreString("Swiftpair Spam",120,16,2);
+        else if (scan_mode == BT_ATTACK_KITCHEN_SINK)
+          display_obj.tft.drawCentreString("BLE Kitchen Sink Spam",120,16,2);
         display_obj.touchToExit();
       #endif
       display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
@@ -4255,7 +4265,9 @@ void WiFiScan::main(uint32_t currentTime)
       channelHop();
     }
   }
-  else if (currentScanMode == BT_ATTACK_SOUR_APPLE) {
+  else if ((currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+           (currentScanMode == BT_ATTACK_SOUR_APPLE) ||
+           (currentScanMode == BT_ATTACK_KITCHEN_SINK)) {
     #ifdef HAS_BT
       if (currentTime - initTime >= 1000) {
         initTime = millis();
@@ -4271,26 +4283,13 @@ void WiFiScan::main(uint32_t currentTime)
         #endif
       }
 
-      this->executeSourApple();
-    #endif
-  }
-  else if (currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) {
-    #ifdef HAS_BT
-      if (currentTime - initTime >= 1000) {
-        initTime = millis();
-        String displayString = "";
-        String displayString2 = "";
-        displayString.concat("Advertising Data...");
-        for (int x = 0; x < STANDARD_FONT_CHAR_LIMIT; x++)
-          displayString2.concat(" ");
-        #ifdef HAS_SCREEN
-          display_obj.tft.setTextColor(TFT_GREEN, TFT_BLACK);
-          display_obj.showCenterText(displayString2, 160);
-          display_obj.showCenterText(displayString, 160);
-        #endif
-      }
+      if ((currentScanMode == BT_ATTACK_SWIFTPAIR_SPAM) ||
+          (currentScanMode == BT_ATTACK_KITCHEN_SINK))
+        this->executeSwiftpairSpam();
 
-      this->executeSwiftpairSpam();
+      if ((currentScanMode == BT_ATTACK_SOUR_APPLE) ||
+          (currentScanMode == BT_ATTACK_KITCHEN_SINK))
+        this->executeSourApple();
     #endif
   }
   else if (currentScanMode == WIFI_SCAN_WAR_DRIVE) {
diff --git a/esp32_marauder/WiFiScan.h b/esp32_marauder/WiFiScan.h
index 093ff07..1d5e51c 100644
--- a/esp32_marauder/WiFiScan.h
+++ b/esp32_marauder/WiFiScan.h
@@ -85,6 +85,7 @@
 #define BT_SCAN_WAR_DRIVE_CONT 35
 #define BT_ATTACK_SOUR_APPLE 36
 #define BT_ATTACK_SWIFTPAIR_SPAM 37
+#define BT_ATTACK_KITCHEN_SINK 38
 
 #define GRAPH_REFRESH 100
 
diff --git a/pictures/jcmkllc.svg b/pictures/jcmkllc.svg
new file mode 100644
index 0000000..05d8f24
--- /dev/null
+++ b/pictures/jcmkllc.svg
@@ -0,0 +1,22 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="926.000000pt" height="825.000000pt" viewBox="0 0 926.000000 825.000000"
+ preserveAspectRatio="xMidYMid meet">
+<metadata>
+Created by potrace 1.10, written by Peter Selinger 2001-2011
+</metadata>
+<g transform="translate(0.000000,825.000000) scale(0.050000,-0.050000)"
+fill="#000000" stroke="none">
+<path d="M3825 15611 c-130 -58 -145 -115 -145 -541 l0 -380 -770 -770 c-597
+-596 -775 -786 -790 -840 -27 -96 -25 -1069 2 -1170 25 -95 2624 -2720 2766
+-2793 227 -118 372 48 372 427 l0 226 881 880 c933 931 939 938 939 1077 0
+200 -125 253 -600 253 l-330 0 -390 390 -390 390 370 0 c403 0 455 13 530 127
+38 59 49 441 14 504 -12 22 -516 533 -1120 1136 -1219 1218 -1156 1167 -1339
+1084z m1316 -2331 l-518 -10 -62 -59 c-191 -183 -175 -207 653 -1035 l717
+-716 126 0 c73 0 124 -8 120 -19 -4 -11 -331 -344 -726 -741 l-720 -721 -1055
+1055 -1056 1056 0 404 0 405 758 755 c802 801 822 824 822 990 l0 106 730
+-730 730 -730 -519 -10z"/>
+</g>
+</svg>