Skip to content
/ iOS-BLE-Proximity-Attack-ESP32 Public
forked from ckcr4lyf/EvilAppleJuice-ESP32

Spam iOS and iPadOS BLE Proximity Setup/Pair Messages via an ESP32 w/ iOS 18 compatibility. (Forked and updated from ckcr4lyf/EvilAppleJuice-ESP32)

License

WTFPL license
2 stars 196 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tysenp/iOS-BLE-Proximity-Attack-ESP32

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

iOS BLE Proximity Attack via ESP32

Spam proximity BLE advertisements on iPhones and iPads w/ iOS 18 compatibility!

iPhone 15s (latest) Older iPhones
iphone_15.mp4
iphone_old.mp4

Updated orginial code from ckcr4lyf, which was based off of the work of ronaldstoner in the AppleJuice repository.

Also thanks to simondankelmann for their discoveries in new advertising messages to pop-up new notifications in iOS devices source

With the randomization optimizations it can render an iPhone almost useless with a single ESP32 (a new notification as soon as you close the old one, no longer causes device crash).

Confirmed on:

  • iPhone 15 (running iOS 17.1.2)
  • iPhone 14 Pro Max (running iOS 17.2 b3) (See #19)
  • iPhone 14 Pro (running iOS 16.6.1)
  • iPhone 14 (Running iOS 18/18.1)
  • iPhone 13 Pro (running iOS 17.4 (21E5184k))
  • iPhone 12 Pro (Running iOS 18)
  • iPhone 11 (running iOS 16.6.1)
  • iPhone X (running iOS 14.8 (18H17)) - only "AppleTV Keyboard", "TV Color Balance", "AppleTV Setup", "AppleTV Homekit Setup", "AppleTV New User".
  • iPad Pro 11 (running iPadOS 17.3 (21D50))

Not working on:

  • iPhone 4S (running iOS 10.3 (14E277))

Other observations:

  • Doesn't seem to spawn notifications if Camera is open, notifications still appear if Keyboard is open with this updated repo.

Video Demo

Single ESP32 vs. iPhone 14 Pro @ iOS 16.6.1

applexd.mp4

Notable Differences

This implementation makes the following changes:

  • Random source MAC address (including BLE_ADDR_TYPE_RANDOM)
  • Randomly pick BLE Advertisement Type (this may lead to more success)
  • Randomly pick one of the possible devices
  • Sets the ESP32 BLE Power to the maximum (9dBm) to increase range

And it makes these random choices every time it runs (Updated code re-advertises with a 200ms delay).

Given the 29 devices and the 3 advertisement types, there are a total of 87 unique possible advertisements (ignoring the random source MAC) possible, of which one is broadcasted every 1/5 of a second.

Usage

The easiest would be to use VS Code w/ PlatformIO then copy and paste 'src/main.cpp' to the 'main.cpp' file that PlatformIO created, and build/upload your ESP32.

If errors occur, ensure your .ini file is filled out correctly. This updated project has been tested on an ESP32-WROOM-32E. (DM on Discord for support.)

Spamming a specific device

Some basic instructions are here: ckcr4lyf#42 (comment).

About

Spam iOS and iPadOS BLE Proximity Setup/Pair Messages via an ESP32 w/ iOS 18 compatibility. (Forked and updated from ckcr4lyf/EvilAppleJuice-ESP32)

Resources

Readme

License

WTFPL license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%