Skip to content

Add rfid_fuzzer plugin #245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 17, 2022
Merged

Add rfid_fuzzer plugin #245

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions applications/FlipFrid/LICENSE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/*
* ----------------------------------------------------------------------------
* "THE BEER-WARE LICENSE" (Revision 42):
* @G4N4P4T1 wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
* this stuff is worth it, you can buy me a beer in return.
* ----------------------------------------------------------------------------
*/
33 changes: 33 additions & 0 deletions applications/FlipFrid/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# FlipFrid

A simple implmentation of ZigFrid on Flipper zero

(https://z4ziggy.wordpress.com/2017/07/21/zigfrid-a-passive-rfid-fuzzer/)

## Installation

- Create the `flipperzero-firmware/applications/flipfrid` folder in flipper zero firmware sources.
- Git clone this repo inside flipfrid
- Update `/flipperzero-firmware/applications/meta/application.fam` to add an entry in `App/provides`

```
App(
appid="basic_apps",
name="Basic applications for main menu",
apptype=FlipperAppType.METAPACKAGE,
provides=[
"gpio",
"ibutton",
"infrared",
"lfrfid",
"nfc",
"subghz",
"bad_usb",
"u2f",
"flip_frid_app",
],
)
```

- Compile and push new firmware `/fbt --with-updater flash_usb`
- Enjoy !
11 changes: 11 additions & 0 deletions applications/FlipFrid/application.fam
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
App(
appid="APPS_FlipFrid",
name="Rfid Fuzzer",
apptype=FlipperAppType.PLUGIN,
entry_point="flipfrid_app",
cdefines=["APP_FLIP_FRID"],
requires=["gui"],
stack_size=1 * 1024,
icon="A_125khz_14",
order=30,
)
313 changes: 313 additions & 0 deletions applications/FlipFrid/flipfrid.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,313 @@
#include <furi.h>
#include <gui/gui.h>
#include <input/input.h>
#include <stdlib.h>

#include "../lfrfid/helpers/rfid_timer_emulator.h"
#include "flipfrid.h"

#define EMIT_STEPS 10
#define TAG "FLIPFRID"

uint8_t id_list[12][5] = {
{0x00, 0x00, 0x00, 0x00, 0x00}, // Default uid
{0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, // Only FF
{0x11, 0x11, 0x11, 0x11, 0x11}, // Only 11
{0x22, 0x22, 0x22, 0x22, 0x22}, // Only 22
{0x33, 0x33, 0x33, 0x33, 0x33}, // Only 33
{0x44, 0x44, 0x44, 0x44, 0x44}, // Only 44
{0x55, 0x55, 0x55, 0x55, 0x55}, // Only 55
{0x66, 0x66, 0x66, 0x66, 0x66}, // Only 66
{0x77, 0x77, 0x77, 0x77, 0x77}, // Only 77
{0x88, 0x88, 0x88, 0x88, 0x88}, // Only 88
{0x99, 0x99, 0x99, 0x99, 0x99}, // Only 99
{0x12, 0x34, 0x56, 0x78, 0x9A}, // Incremental UID
};

typedef struct {
LfrfidKeyType type;
char* name;
} Badges;

typedef enum {
EventTypeTick,
EventTypeKey,
} EventType;

typedef struct {
EventType evt_type;
InputKey key;
InputType input_type;
} FlipFridEvent;

// STRUCTS
typedef struct {
bool emitting;
LfrfidKeyType current_badge_type;
uint8_t current_uid;
uint8_t current_uid_repeat;
} FlipFridState;

static void flipfrid_draw_callback(Canvas* const canvas, void* ctx) {
const FlipFridState* flipfrid_state = (FlipFridState*)acquire_mutex((ValueMutex*)ctx, 100);

if(flipfrid_state == NULL) {
return;
}

canvas_clear(canvas);
canvas_set_color(canvas, ColorBlack);

// Frame
canvas_draw_frame(canvas, 0, 0, 128, 64);

// Title
canvas_set_font(canvas, FontPrimary);
canvas_draw_str_aligned(canvas, 64, 8, AlignCenter, AlignTop, "Flip/Frid");

// Badge Type
char uid[15];
char badge_type[12];
switch(flipfrid_state->current_badge_type) {
case LfrfidKeyType::KeyEM4100:
strcpy(badge_type, " EM4100 >");
snprintf(
uid,
sizeof(uid),
"%X:%X:%X:%X:%X",
id_list[flipfrid_state->current_uid][0],
id_list[flipfrid_state->current_uid][1],
id_list[flipfrid_state->current_uid][2],
id_list[flipfrid_state->current_uid][3],
id_list[flipfrid_state->current_uid][4]);
break;
case LfrfidKeyType::KeyH10301:
strcpy(badge_type, "< HID26 >");
snprintf(
uid,
sizeof(uid),
"%X:%X:%X",
id_list[flipfrid_state->current_uid][0],
id_list[flipfrid_state->current_uid][1],
id_list[flipfrid_state->current_uid][2]);
break;
case LfrfidKeyType::KeyI40134:
strcpy(badge_type, "< Indala >");
snprintf(
uid,
sizeof(uid),
"%X:%X:%X",
id_list[flipfrid_state->current_uid][0],
id_list[flipfrid_state->current_uid][1],
id_list[flipfrid_state->current_uid][2]);
break;
case LfrfidKeyType::KeyIoProxXSF:
strcpy(badge_type, "< IoProxs ");
snprintf(
uid,
sizeof(uid),
"%X:%X:%X:%X",
id_list[flipfrid_state->current_uid][0],
id_list[flipfrid_state->current_uid][1],
id_list[flipfrid_state->current_uid][2],
id_list[flipfrid_state->current_uid][3]);
break;
default:

break;
}

// Badge infos
canvas_set_font(canvas, FontSecondary);
canvas_draw_str_aligned(canvas, 64, 28, AlignCenter, AlignCenter, badge_type);

if(flipfrid_state->emitting) {
canvas_draw_str_aligned(canvas, 64, 42, AlignCenter, AlignCenter, uid);

// Progress bar
char progress[EMIT_STEPS + 2] = "";
strcat(progress, "[");
for(int i = 0; i < flipfrid_state->current_uid_repeat; i++) {
strcat(progress, "=");
}
for(int i = 0; i < (EMIT_STEPS - flipfrid_state->current_uid_repeat); i++) {
strcat(progress, "-");
}
strcat(progress, "]");
canvas_draw_str_aligned(canvas, 64, 58, AlignCenter, AlignBottom, progress);
} else {
canvas_draw_str_aligned(
canvas, 64, 42, AlignCenter, AlignCenter, "Press OK to start/stop");
}

release_mutex((ValueMutex*)ctx, flipfrid_state);
}

void flipfrid_input_callback(InputEvent* input_event, FuriMessageQueue* event_queue) {
furi_assert(event_queue);

FlipFridEvent event = {
.evt_type = EventTypeKey, .key = input_event->key, .input_type = input_event->type};
furi_message_queue_put(event_queue, &event, 25);
}

static void flipfrid_timer_callback(FuriMessageQueue* event_queue) {
furi_assert(event_queue);

FlipFridEvent event = {
.evt_type = EventTypeTick, .key = InputKeyUp, .input_type = InputTypeRelease};
furi_message_queue_put(event_queue, &event, 25);
}

FlipFridApp::FlipFridApp() {
}

FlipFridApp::~FlipFridApp() {
}

// ENTRYPOINT
void FlipFridApp::run() {
// Input
FURI_LOG_I(TAG, "Initializing input");
FuriMessageQueue* event_queue = furi_message_queue_alloc(8, sizeof(FlipFridEvent));
FlipFridState* flipfrid_state = (FlipFridState*)malloc(sizeof(FlipFridState));
ValueMutex flipfrid_state_mutex;

// Mutex
FURI_LOG_I(TAG, "Initializing flipfrid mutex");
if(!init_mutex(&flipfrid_state_mutex, flipfrid_state, sizeof(FlipFridState))) {
FURI_LOG_E(TAG, "cannot create mutex\r\n");
furi_message_queue_free(event_queue);
free(flipfrid_state);
}

// Configure view port
FURI_LOG_I(TAG, "Initializing viewport");
ViewPort* view_port = view_port_alloc();
view_port_draw_callback_set(view_port, flipfrid_draw_callback, &flipfrid_state_mutex);
view_port_input_callback_set(view_port, flipfrid_input_callback, event_queue);

// Configure timer
FURI_LOG_I(TAG, "Initializing timer");
FuriTimer* timer =
furi_timer_alloc(flipfrid_timer_callback, FuriTimerTypePeriodic, event_queue);
furi_timer_start(timer, furi_kernel_get_tick_frequency() / 6); // configTICK_RATE_HZ_RAW 1000

// Register view port in GUI
FURI_LOG_I(TAG, "Initializing gui");
Gui* gui = (Gui*)furi_record_open(RECORD_GUI);
gui_add_view_port(gui, view_port, GuiLayerFullscreen);

// Init values
FlipFridEvent event;
flipfrid_state->emitting = false;
flipfrid_state->current_uid = 0;
flipfrid_state->current_uid_repeat = 0;
flipfrid_state->current_badge_type = LfrfidKeyType::KeyEM4100;
RfidTimerEmulator* emulator;
emulator = new RfidTimerEmulator();
RfidTimerEmulator em = *emulator;

uint8_t badge_type_index = 0;
LfrfidKeyType badges_types[] = {
LfrfidKeyType::KeyEM4100,
LfrfidKeyType::KeyH10301,
LfrfidKeyType::KeyI40134,
LfrfidKeyType::KeyIoProxXSF,
};

bool running = true;
while(running) {
// Get next event
FuriStatus event_status = furi_message_queue_get(event_queue, &event, 25);
if(event_status == FuriStatusOk) {
if(event.evt_type == EventTypeKey) {
if(event.input_type == InputTypeShort) {
switch(event.key) {
case InputKeyUp:
case InputKeyDown:
// OSEF
break;
case InputKeyRight:
// Next badge type
flipfrid_state->emitting = false;
if(badge_type_index <
(sizeof(badges_types) / sizeof(badges_types[0]) - 1)) {
badge_type_index++;
flipfrid_state->current_badge_type = badges_types[badge_type_index];
}
break;
case InputKeyLeft:
// Previous badge type
flipfrid_state->emitting = false;
if(badge_type_index > 0) {
badge_type_index--;
flipfrid_state->current_badge_type = badges_types[badge_type_index];
}
break;
case InputKeyOk:
if(flipfrid_state->emitting) {
flipfrid_state->emitting = false;
} else {
flipfrid_state->current_uid_repeat = 0;
flipfrid_state->current_uid = 0;
flipfrid_state->current_badge_type =
(LfrfidKeyType)((flipfrid_state->current_badge_type));
flipfrid_state->emitting = true;
}
break;
case InputKeyBack:
flipfrid_state->emitting = false;
running = false;
break;
}
}
} else if(event.evt_type == EventTypeTick) {
// Emulate card

if(flipfrid_state->emitting) {

if(flipfrid_state->current_uid_repeat == 0) {
FURI_LOG_D(TAG, "Starting emulation %d", flipfrid_state->current_uid);
em.start(
flipfrid_state->current_badge_type,
id_list[flipfrid_state->current_uid],
lfrfid_key_get_type_data_count(flipfrid_state->current_badge_type));
flipfrid_state->current_uid_repeat++;
} else if(flipfrid_state->current_uid_repeat == EMIT_STEPS) {
FURI_LOG_D(TAG, "Stop emulation %d", flipfrid_state->current_uid);
flipfrid_state->current_uid_repeat = 0;
em.stop();

// Next uid
flipfrid_state->current_uid++;
if(flipfrid_state->current_uid == sizeof(id_list) / 5) {
flipfrid_state->current_uid = 0;
}
} else {
furi_delay_ms(100);
flipfrid_state->current_uid_repeat++;
FURI_LOG_D(
TAG,
"Starting emulation %d/%d",
flipfrid_state->current_uid_repeat,
EMIT_STEPS);
}
}
view_port_update(view_port);
}
}
}

// Cleanup
furi_timer_stop(timer);
furi_timer_free(timer);
em.stop();
free(emulator);
FURI_LOG_I(TAG, "Cleaning up");
free(flipfrid_state);
gui_remove_view_port(gui, view_port);
view_port_free(view_port);
furi_message_queue_free(event_queue);
furi_record_close(RECORD_GUI);
}
8 changes: 8 additions & 0 deletions applications/FlipFrid/flipfrid.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#include <furi.h>

class FlipFridApp {
public:
~FlipFridApp();
FlipFridApp();
void run();
};
12 changes: 12 additions & 0 deletions applications/FlipFrid/flipfrid_app_launcher.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#include "flipfrid.h"

// app enter function
extern "C" int32_t flipfrid_app(void* p) {
UNUSED(p);

FlipFridApp* app = new FlipFridApp();
app->run();
delete app;

return 0;
}
Loading