From 1b454277c89488d818b1956814dcfc05413848f8 Mon Sep 17 00:00:00 2001 From: Derek Jamison Date: Wed, 6 Sep 2023 22:30:54 -0500 Subject: [PATCH] v1.5 (L/R count, OK=flush+CLOSED, signal=vibrate) --- .../.flipcorg/gallery/00-about.png | Bin 2174 -> 2179 bytes subghz/apps/rolling-flaws/CHANGELOG.md | 11 ++++ subghz/apps/rolling-flaws/README.md | 4 +- subghz/apps/rolling-flaws/application.fam | 4 +- subghz/apps/rolling-flaws/rolling_flaws.c | 57 +++++++++++++++++- .../apps/rolling-flaws/rolling_flaws_about.h | 2 +- 6 files changed, 70 insertions(+), 8 deletions(-) diff --git a/subghz/apps/rolling-flaws/.flipcorg/gallery/00-about.png b/subghz/apps/rolling-flaws/.flipcorg/gallery/00-about.png index d27d5a334820c14d968b94b7fdb81f5b96d45f0f..6f06f227f490a9130d4e1c615ff288d26b655e1a 100644 GIT binary patch delta 1716 zcmYjRe>l^59RJLc=#=uD+|HD9mmV&qAAU1Bkvf)$c#KM;cqBCAnD27Ooyw%uqq2HGQn^Lf2rKi;p;veBI3R=9k8QIDZzO++uB?wVWP?~%I~|s zQbU=ZE@0OY0DjvFKxreSf#_)sN<2A_PV3TBv~?suHj5d#VYvK~_xZ(a}kDLNMT&X_LaQMzN9@Z;JjWdJlaa+5)1qPfnNDT^V}b zJ7IsJZa9|?#S9oPUE;Ri=08ai1*alV{je_uEmHp@jx7R(#lSH{Sp8g+PKjwCzZG79 z7w!*cj$#-3>?iukBaW6W1Kl~r1h>Fd7X>t=I`gIK3RW2Q@b+t5r%V?uE#YW6c{fnm4<7_LnrTdBNGI0 z<3=~Q`Kb>r`M>ml7wpNZ+yI1uMDo|uPai;PMQafF|7we+`9YcysTokrO4q!2%&ZHn@*%v zJAAkxR-A22f!_wIs``~kZ&X#T9UE<|n>d?8P9TW2p{7&69^ybbR$uZ3rP{pf8O{J; z)*K*i(pJ}Mb^TTt*}$$@d?s;b=8#mlYY5OF-t~pc84k#W3iEJ%XDkb_7BHvE=@|5nP#jT0XfljzpGgc^I5|s7 zlfB4i2#Y$@ev+gtgrIrC8MDsb0mtEG##mibK4KE--0qS-@wWREhqRG9oOl^FIc4cK zACpLoZ0E*|aQv13P9%Ew3q;GTr8J@20Ct;u=Q2U4exs(Bq!VnRi+bSj=iU}LQ3x&#x%l9I`={-!r87N*_{OAmma#Y+W(kWb(V)a)?T0CY zj8lcZ#4KaV{H@GP!N;jU6(a`e^-(@5W8e0@w$<#R%Mtp*YqE!Ekoo1g1f*2Q;owG1 z?gAs?frcjrrc%BQ}1FpQQ7ggaI;3PP)R|B7VZn041iM= ch(AMZ81K8gyl0g{Y@3b0k=rGDT(P@Fnk9 zvnrtBec$N<*1i2q!HwrCCq6aJwQTstxoY!h$2;hr566*mVUv|9fm=-FT4dJwxED}eJT34kdu-o`SzM8=b{=-zw&JQbH;BI z?*(|yK_*;F1FmCkY6Sm5Gdge6pI0R7VlRbo))Mt99_FI#d}ty*ZT~&X^xs|q@TCh3 z+X-wWW^UVPL@8^Bnmq^U8fq+mamcf8@Mlpi8r=BM!R|ntbMQ{T;HK>yONjdB^2Y!AzJ9i2jZO`D+2Fh7r|P@6Fpi z^5C73NMBezm{BwU`Ny1ryUb&mp(CD7N5V_+ZTC=`@XyBsE$F+~0+&HA)$k-aPhWkl zAEB-#h6Tj(5!L%D(O%4$+>COnNF~&%3YeZ0W2YsEY#shD-iUJl!PcyO32T$@(8jk8 zZY(EwXKE|uNO|x1)^x~MI}g+^P~e%n1Nj&QRmoQ8T72!h{TGDl--lOxNe3kE$K|VM zdwFJ$2o@52rd!e(Xtvl)`@&jzPdiHzGd~!cZFgY+u-hTgE3(dOMY=7pb*qtG8*6h0 z?NUU+E%0^ZiKY0H8aI%4*+Hld4O}#?%StSn50102$eN-i`mXOyAsxigP%w{+SthyU zFfhh1GKvdY5qb6{5gH>j%L zX>J4g)q19qt!#xwZ}~Y~bve<-^-1~Tx@7R#uAXLG5GypNqL^IOdfR^@{Utr6XdrA+ zW~H35@x+BXNrO;7Coo@7(M`uuTmIqTR))<>B-cq^xn>luW>ZC!!ZO~Tic|lZjI^uw z9AqY?-kuOpvXzDxnnN)w6CJU+A)4mv>y_CzA>vdk9HFdCXUw5TsPyofx%9 zMHKZc4um`lQZXPs=5%=4wt8Q><`hdNm1=#0?DD#Uhz&RA6*YFGV2$AxUM)u~x~6sR zMW$b}ugXjl5+qEx*ovmZ@hJi_U8Al=+x+<*Y`9+58r`~`inA6QvwI)3O(hVf5rfFy zT7brsd#4QXdlRhIqll5^Hom>vX1gge1Qhwu#pk7DMQYnjoWDTVFkmUj?Vk!S#VHQu zWUJH+yy4+DlCek5gKgS}{QI1>7lcnAL*RysV|VY}>3p|AoTLn!3L=-OPb#z*q>ryy zt(k>ux-Gv(s}70>82GM-4RVrTfbmj7Q<}3q5FV^IQJoAJ$vRE(V!%{Q+2 zWtzg~QOD68x6FOzilEW#G~9~YKJ5Yql%llapI7x#OsC&?1OEl4#&D=x{JDl5Dm7f$ zV@Ovrgfx8&ayPPCDDzf=knct-LnwdZA-p~rNS*x@<58#j>dfolKNR5br-Vqs{-lfl E0~pGMRsaA1 diff --git a/subghz/apps/rolling-flaws/CHANGELOG.md b/subghz/apps/rolling-flaws/CHANGELOG.md index e99db47..c68b1b6 100644 --- a/subghz/apps/rolling-flaws/CHANGELOG.md +++ b/subghz/apps/rolling-flaws/CHANGELOG.md @@ -2,6 +2,17 @@ This file contains all changelogs for latest releases, from 1.3 onward. +## v1.5 + +### Added +When in "Receive Signals" you can now use LEFT/RIGHT arrows to decrease/increase the current count. + +When in "Receive Signals" you can now use OK to force a CLOSED. + +When in "Receive Signals" you can now use OK to flush the radio. So the next signal it detects can be a repeat of the previous signal, without needed custom firmware! (Press "OK" again to flush the radio again.) + +When in "Receive Signals" the Flipper Zero now does a brief vibrate when it receives a signal. + ## v1.4 ### Fixed diff --git a/subghz/apps/rolling-flaws/README.md b/subghz/apps/rolling-flaws/README.md index 363b478..4ca5da1 100644 --- a/subghz/apps/rolling-flaws/README.md +++ b/subghz/apps/rolling-flaws/README.md @@ -1,6 +1,6 @@ # Rolling Flaws -Rolling Flaws (version 1.4) by [@CodeAllNight](https://twitter.com/codeallnight). +Rolling Flaws (version 1.5) by [@CodeAllNight](https://twitter.com/codeallnight). [YouTube demo](https://youtu.be/gMnGuDC9EQo?si=4HLZpkC4XWhh97uQ) of using Rolling Flaws application. The video shows how to use the application to simulate a receiver that has a Replay attack flaw, Pairing FZ to a receiver, Cloning sequence attack, Future attack, Rollback attack & KGB attack. The Rolling Flaws application also supports things like "ENC00" attack & window-next attacks, which are described in scenarios below but was not in video. Rolljam is discussed in document, but discouraged to test since it is [illegal to jam signals](https://www.fcc.gov/general/jammer-enforcement) in the US. If you have additional ideas, please let me know! @@ -70,7 +70,7 @@ If you want to generate a custom SUB file for a specific key and count, you can break; ``` -If you want the Flipper Zero to be able to decode the same signal multiple times, in ``.\lib\subghz\protocols\protocol_items.c`` after the two occurances of ``instance->decoder.decode_count_bit = 0;`` add the line ``instance->generic.data = 0;``. This will cause the Flipper Zero to forget the previous data, so it will decode the same signal multiple times. Be sure to edit the file back when you are done. +If you press the "OK" button when reading, it will flush the radio and set the current status to CLOSED. This means you can attempt a replay attack without having to have custom firmware. If you don't want to have to press the OK button try attempt a replay, then you need to make the following change: If you want the Flipper Zero to be able to decode the same signal multiple times, in ``.\lib\subghz\protocols\protocol_items.c`` after the two occurances of ``instance->decoder.decode_count_bit = 0;`` add the line ``instance->generic.data = 0;``. This will cause the Flipper Zero to forget the previous data, so it will decode the same signal multiple times. Be sure to edit the file back when you are done. To scan for more interesting sequences, make this breaking change to keeloq.c file that will keep incrementing the key until it finds a DoorHan code (but it leaves the FIX value the same). This is one technique to search for ENC00 sequences. Be sure to edit the file back when you are done. ```c diff --git a/subghz/apps/rolling-flaws/application.fam b/subghz/apps/rolling-flaws/application.fam index 95ea519..e45f11e 100644 --- a/subghz/apps/rolling-flaws/application.fam +++ b/subghz/apps/rolling-flaws/application.fam @@ -5,9 +5,9 @@ App( entry_point="rolling_flaws_app", requires=["gui", "subghz"], stack_size=2 * 1024, - fap_version=(1, 4), + fap_version=(1, 5), fap_icon="rolling_flaws.png", fap_category="Sub-GHz", fap_icon_assets="assets", - fap_description="Rolling code receiver (version 1.4), used to learn about rolling code flaws. Watch video at https://youtu.be/gMnGuDC9EQo", + fap_description="Rolling code receiver (version 1.5), used to learn about rolling code flaws. Watch video at https://youtu.be/gMnGuDC9EQo", ) diff --git a/subghz/apps/rolling-flaws/rolling_flaws.c b/subghz/apps/rolling-flaws/rolling_flaws.c index edfd11d..d47f69a 100644 --- a/subghz/apps/rolling-flaws/rolling_flaws.c +++ b/subghz/apps/rolling-flaws/rolling_flaws.c @@ -58,10 +58,15 @@ typedef enum { typedef enum { RollingFlawsEventIdReceivedSignal, + RollingFlawsEventIdCycleSignal, } RollingFlawsEventId; static bool decode_packet(FuriString* buffer, void* ctx) { RollingFlaws* context = ctx; + furi_hal_vibro_on(true); + furi_delay_ms(50); + furi_hal_vibro_on(false); + if(furi_string_start_with_str(buffer, "KeeLoq 64bit")) { if(!furi_string_start_with_str( buffer, rolling_flaws_setting_protocol_base_name_get(context->model))) { @@ -160,6 +165,14 @@ bool rolling_flaws_view_dispatcher_custom_event_callback(void* context, uint32_t return true; } + if(event == RollingFlawsEventIdCycleSignal) { + RollingFlaws* app = (RollingFlaws*)context; + stop_listening(app->subghz); + uint32_t frequency = rolling_flaws_setting_frequency_get(app->model); + app->model->opened = false; + start_listening(app->subghz, frequency, decode_packet, app); + } + return false; } @@ -267,9 +280,47 @@ void rolling_flaws_receive_signal_draw_callback(Canvas* canvas, void* model) { furi_string_free(str); } -bool rolling_flaws_view_input_callback(InputEvent* event, void* context) { - UNUSED(context); +bool rolling_flaws_view_input_ignore_callback(InputEvent* event, void* context) { UNUSED(event); + UNUSED(context); + + return false; +} + +bool rolling_flaws_view_input_callback(InputEvent* event, void* context) { + RollingFlaws* app = (RollingFlaws*)context; + RollingFlawsModel* my_model = app->model; + + FURI_LOG_I(TAG, "Input event received: %d", event->type); + if(event->type == InputTypeShort) { + FURI_LOG_I(TAG, "Input key: %d", event->key); + if(event->key == InputKeyLeft) { + if(my_model->count == 0) { + my_model->count = 0xFFFF; + } else { + my_model->count--; + } + __gui_redraw(); + return true; + } + if(event->key == InputKeyRight) { + if(my_model->count == 0xFFFF) { + my_model->count = 0; + } else { + my_model->count++; + } + __gui_redraw(); + return true; + } + if(event->key == InputKeyOk) { + my_model->opened = false; + view_dispatcher_send_custom_event( + app->view_dispatcher, RollingFlawsEventIdCycleSignal); + __gui_redraw(); + return true; + } + } + return false; } @@ -360,7 +411,7 @@ RollingFlaws* rolling_flaws_alloc() { app->view_receive_sync = view_alloc(); view_set_context(app->view_receive_sync, app); view_set_draw_callback(app->view_receive_sync, rolling_flaws_receive_sync_draw_callback); - view_set_input_callback(app->view_receive_sync, rolling_flaws_view_input_callback); + view_set_input_callback(app->view_receive_sync, rolling_flaws_view_input_ignore_callback); view_set_previous_callback( app->view_receive_sync, rolling_flaws_navigation_submenu_stop_sync_callback); view_allocate_model( diff --git a/subghz/apps/rolling-flaws/rolling_flaws_about.h b/subghz/apps/rolling-flaws/rolling_flaws_about.h index 7713fd8..4c8c40f 100644 --- a/subghz/apps/rolling-flaws/rolling_flaws_about.h +++ b/subghz/apps/rolling-flaws/rolling_flaws_about.h @@ -1,7 +1,7 @@ #pragma once #define ROLLING_FLAWS_ABOUT_TEXT \ - "Rolling code receiver\n version 1.4\n" \ + "Rolling code receiver\n version 1.5\n" \ "---\n" \ "Practice rolling code attacks without risking a desync!\n" \ "This app is for educational\n" \