Skip to content

Commit

Permalink
Injection: scripting, re-execution; auto store injectable devices; mi…
Browse files Browse the repository at this point in the history 
…nor fixes; reimplementation of ringbuf
  • Loading branch information
@mame82
mame82 committed May 28, 2019
1 parent b32c586 commit afb8e70
Show file tree
Hide file tree
Showing 15 changed files with 607 additions and 177 deletions.
77 changes: 69 additions & 8 deletions logitacker/logitacker.c
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include "nrf_cli.h"
#include "logitacker.h"
#include "logitacker_bsp.h"
#include "logitacker_radio.h"
Expand Down Expand Up @@ -444,27 +445,51 @@ void pairing_sniff_event_handler_esb(nrf_esb_evt_t *p_event) {

//retrieve device or add new and update data
logitacker_devices_unifying_device_t * p_device = NULL;
logitacker_devices_get_device(&p_device, m_device_pair_info.device_rf_address);
if (p_device == NULL) {
//couldn't fetch device, try to create
logitacker_devices_create_device(&p_device, m_device_pair_info.device_rf_address);
}
//couldn't fetch device, try to create (gets existing one in case it is already defined)
logitacker_devices_create_device(&p_device, m_device_pair_info.device_rf_address);
if (p_device == NULL) {
NRF_LOG_ERROR("failed adding device entry for pairing sniff result");
} else {
// update device caps
// copy pairing info to device data
memcpy(p_device->serial, m_device_pair_info.device_serial, 4);
memcpy(p_device->device_name, m_device_pair_info.device_name, m_device_pair_info.device_name_len);
memcpy(p_device->key, m_device_pair_info.device_key, 16);
memcpy(p_device->raw_key_data, m_device_pair_info.device_raw_key_material, 16);
memcpy(p_device->rf_address, m_device_pair_info.device_rf_address, 16);
memcpy(p_device->rf_address, m_device_pair_info.device_rf_address, 5);
memcpy(p_device->wpid, m_device_pair_info.device_wpid, 2);
p_device->caps = m_device_pair_info.device_caps;
p_device->report_types = m_device_pair_info.device_report_types;


if (p_device->p_dongle == NULL) {
NRF_LOG_ERROR("device doesn't point to dongle");
} else {
memcpy(p_device->p_dongle->wpid, m_device_pair_info.dongle_wpid, 2);
logitacker_devices_unifying_dongle_t * p_dongle = p_device->p_dongle;
memcpy(p_dongle->wpid, m_device_pair_info.dongle_wpid, 2);

p_dongle->classification = DONGLE_CLASSIFICATION_IS_LOGITECH;
if (p_dongle->wpid[0] == 0x88 && p_dongle->wpid[1] == 0x02) p_dongle->is_nordic = true;
if (p_dongle->wpid[0] == 0x88 && p_dongle->wpid[1] == 0x08) p_dongle->is_texas_instruments = true;

}
p_device->key_known = m_device_pair_info.key_material_complete;

// if auto store is enabled, store to flash
if (g_logitacker_global_config.auto_store_sniffed_pairing_devices) {
//check if already stored
logitacker_devices_unifying_device_t dummy_device;
if (logitacker_flash_get_device(&dummy_device, p_device->rf_address) != NRF_SUCCESS) {
// not existing on flash create it
if (logitacker_devices_store_ram_device_to_flash(p_device->rf_address) == NRF_SUCCESS) {
NRF_LOG_INFO("device automatically stored to flash");
} else {
NRF_LOG_WARNING("failed to store device to flash");
}
} else {
NRF_LOG_INFO("device already exists on flash");
}
}

}

pairing_sniff_on_success();
Expand Down Expand Up @@ -682,6 +707,42 @@ void logitacker_injection_string(logitacker_keyboard_map_lang_t language_layout,
logitacker_processor_inject_string(p_processor, language_layout, str);
}



void logitacker_injection_clear() {
if (m_state_local.mainstate != LOGITACKER_MAINSTATE_INJECT) {
NRF_LOG_ERROR("Can't inject while not in injection mode");
return;
}

logitacker_processor_inject_clear_tasks(p_processor);
NRF_LOG_INFO("Injection tasks cleared");
}

void logitacker_injection_list_tasks(nrf_cli_t const * p_cli) {
if (m_state_local.mainstate != LOGITACKER_MAINSTATE_INJECT) {
NRF_LOG_ERROR("Can't inject while not in injection mode");
return;
}

logitacker_processor_inject_list_tasks(p_processor, p_cli);

}

void logitacker_injection_start_execution(bool execute) {
if (m_state_local.mainstate != LOGITACKER_MAINSTATE_INJECT) {
NRF_LOG_ERROR("Can't inject while not in injection mode");
return;
}

logitacker_processor_inject_start_execution(p_processor, execute);
if (execute) {
NRF_LOG_INFO("Injection processing resumed");
} else {
NRF_LOG_INFO("Injection processing paused");
}
}

void logitacker_injection_delay(uint32_t delay_ms) {
if (m_state_local.mainstate != LOGITACKER_MAINSTATE_INJECT) {
NRF_LOG_ERROR("Can't inject while not in injection mode");
Expand Down
6 changes: 5 additions & 1 deletion logitacker/logitacker.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ extern "C" {
#endif


#include <stdint.h>
#include "stdint.h"
#include "nrf_cli.h"
#include "nrf_esb_illegalmod.h"
#include "logitacker_keyboard_map.h"

Expand Down Expand Up @@ -72,6 +73,9 @@ void logitacker_enter_mode_injection(uint8_t const *rf_address);
void logitacker_injection_string(logitacker_keyboard_map_lang_t language_layout, char * str);
void logitacker_injection_delay(uint32_t delay_ms);
void logitacker_injection_press(logitacker_keyboard_map_lang_t language_layout, char * str);
void logitacker_injection_start_execution(bool execute);
void logitacker_injection_clear();
void logitacker_injection_list_tasks(nrf_cli_t const * p_cli);

#ifdef __cplusplus
}
Expand Down
128 changes: 38 additions & 90 deletions logitacker/logitacker_cli.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,88 +279,6 @@ static void cmd_test_a(nrf_cli_t const * p_cli, size_t argc, char **argv)

static void cmd_test_b(nrf_cli_t const * p_cli, size_t argc, char **argv) {

/*
bool push_success;
push_success = push_task_delay(0x400);
if (!push_success) return;
push_success = push_task_string(LANGUAGE_LAYOUT_DE, "1111");
//if (!push_success) return;
push_success = push_task_delay(0x2000);
//if (!push_success) return;
push_success = push_task_string(LANGUAGE_LAYOUT_DE, "22222");
//if (!push_success) return;
push_success = push_task_string(LANGUAGE_LAYOUT_DE, "333333");
//if (!push_success) return;
bool pop_succes;
inject_task_t tmp_task = {0};
pop_succes = pop_task(&tmp_task);
if (pop_succes) {
if (tmp_task.data_len > 0) {
NRF_LOG_INFO("task data:");
NRF_LOG_HEXDUMP_INFO(tmp_task.p_data_u8, tmp_task.data_len);
}
free_task(tmp_task);
}
pop_succes = pop_task(&tmp_task);
if (pop_succes) {
if (tmp_task.data_len > 0) {
NRF_LOG_INFO("task data:");
NRF_LOG_HEXDUMP_INFO(tmp_task.p_data_u8, tmp_task.data_len);
}
free_task(tmp_task);
}
pop_succes = pop_task(&tmp_task);
if (pop_succes) {
if (tmp_task.data_len > 0) {
NRF_LOG_INFO("task data:");
NRF_LOG_HEXDUMP_INFO(tmp_task.p_data_u8, tmp_task.data_len);
}
free_task(tmp_task);
}
pop_succes = pop_task(&tmp_task);
if (pop_succes) {
if (tmp_task.data_len > 0) {
NRF_LOG_INFO("task data:");
NRF_LOG_HEXDUMP_INFO(tmp_task.p_data_u8, tmp_task.data_len);
}
free_task(tmp_task);
}
pop_succes = pop_task(&tmp_task);
if (pop_succes) {
if (tmp_task.data_len > 0) {
NRF_LOG_INFO("task data:");
NRF_LOG_HEXDUMP_INFO(tmp_task.p_data_u8, tmp_task.data_len);
}
free_task(tmp_task);
}
pop_succes = pop_task(&tmp_task);
if (pop_succes) {
if (tmp_task.data_len > 0) {
NRF_LOG_INFO("task data:");
NRF_LOG_HEXDUMP_INFO(tmp_task.p_data_u8, tmp_task.data_len);
}
free_task(tmp_task);
}
pop_succes = pop_task(&tmp_task);
if (pop_succes) {
if (tmp_task.data_len > 0) {
NRF_LOG_INFO("task data:");
NRF_LOG_HEXDUMP_INFO(tmp_task.p_data_u8, tmp_task.data_len);
}
free_task(tmp_task);
}
*/

}

static void cmd_test_c(nrf_cli_t const * p_cli, size_t argc, char **argv) {
Expand Down Expand Up @@ -407,14 +325,39 @@ static void cmd_inject_target(nrf_cli_t const * p_cli, size_t argc, char **argv)

}

/*
static void cmd_inject_pause(nrf_cli_t const * p_cli, size_t argc, char **argv) {
logitacker_injection_start_execution(false);
}
*/

static void cmd_inject_execute(nrf_cli_t const *p_cli, size_t argc, char **argv) {
logitacker_injection_start_execution(true);
}

static void cmd_inject_clear(nrf_cli_t const *p_cli, size_t argc, char **argv) {
logitacker_injection_clear();
}

static void cmd_inject_list(nrf_cli_t const *p_cli, size_t argc, char **argv) {
logitacker_injection_list_tasks(p_cli);
}

static void cmd_inject_string(nrf_cli_t const * p_cli, size_t argc, char **argv)
{
//let's inject a 5s delay upfront
//logitacker_injection_delay(5000);
char press_str[NRF_CLI_CMD_BUFF_SIZE] = {0};
int str_buf_remaining = sizeof(press_str)-1; //keep one byte for terminating 0x00
for (int i=1; i<argc && str_buf_remaining>0; i++) {
if (i>1) strcat(press_str, " ");
str_buf_remaining--;
int len = strlen(argv[i]);
if (len > str_buf_remaining) len = str_buf_remaining;
strncat(press_str, argv[i], len);
str_buf_remaining -= len;
}

for (int i=1; i<argc;i++) {
logitacker_injection_string(LANGUAGE_LAYOUT_DE, argv[i]);
logitacker_injection_string(LANGUAGE_LAYOUT_DE, " ");
logitacker_injection_string(LANGUAGE_LAYOUT_DE, press_str);
}
}

Expand Down Expand Up @@ -651,7 +594,7 @@ static void cmd_devices_store_save(nrf_cli_t const * p_cli, size_t argc, char **
char tmp_addr_str[16];
helper_addr_to_hex_str(tmp_addr_str, 5, addr);
nrf_cli_fprintf(p_cli, NRF_CLI_VT100_COLOR_GREEN, "Storing device %s to flash\r\n", tmp_addr_str);
logitacker_devices_store_device_to_flash(addr);
logitacker_devices_store_ram_device_to_flash(addr);
return;
}
}
Expand Down Expand Up @@ -763,9 +706,11 @@ static void cmd_options(nrf_cli_t const * p_cli, size_t argc, char **argv)
}

nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\r\ncurrent options\r\n===============\r\n", g_logitacker_global_config.pass_through_keyboard ? "on" : "off");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\taction on RF address discovery : %s\r\n", discover_on_hit_str);
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\tkeyboard pass-through : %s\r\n", g_logitacker_global_config.pass_through_keyboard ? "on" : "off");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\tmouse pass-through : %s\r\n", g_logitacker_global_config.pass_through_mouse ? "on" : "off");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\taction on RF address discovery : %s\r\n", discover_on_hit_str);
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\tkeyboard pass-through : %s\r\n", g_logitacker_global_config.pass_through_keyboard ? "on" : "off");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\tmouse pass-through : %s\r\n", g_logitacker_global_config.pass_through_mouse ? "on" : "off");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\tauto store plain injectable devices : %s\r\n", g_logitacker_global_config.auto_store_plain_injectable ? "on" : "off");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\tauto store devices from sniffed pairing : %s\r\n", g_logitacker_global_config.auto_store_sniffed_pairing_devices ? "on" : "off");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "stats\r\n======\r\n");
nrf_cli_fprintf(p_cli, NRF_CLI_DEFAULT, "\tboot count : %d\r\n", g_logitacker_global_config.stats.boot_count);

Expand Down Expand Up @@ -898,6 +843,9 @@ NRF_CLI_CREATE_DYNAMIC_CMD(m_sub_inject_target_addr, dynamic_device_addr_list_ra
NRF_CLI_CREATE_STATIC_SUBCMD_SET(m_sub_inject)
{
NRF_CLI_CMD(target, &m_sub_inject_target_addr, "inject given string", cmd_inject_target),
NRF_CLI_CMD(clear, NULL, "clear current injection tasks", cmd_inject_clear),
NRF_CLI_CMD(execute, NULL, "execute current script", cmd_inject_execute),
NRF_CLI_CMD(list, NULL, "list current injection script", cmd_inject_list),
NRF_CLI_CMD(string, NULL, "inject given string", cmd_inject_string),
NRF_CLI_CMD(press, NULL, "inject key combo given as string", cmd_inject_press),
NRF_CLI_CMD(delay, NULL, "delay injection", cmd_inject_delay),
Expand Down
24 changes: 22 additions & 2 deletions logitacker/logitacker_devices.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
#include "nrf_log.h"
#include "logitacker_flash.h"
#include "logitacker_unifying_crypto.h"
#include "logitacker_options.h"

NRF_LOG_MODULE_REGISTER();

Expand Down Expand Up @@ -254,7 +255,7 @@ uint32_t logitacker_devices_store_dongle_to_flash(logitacker_devices_unifying_de
return NRF_SUCCESS;
}

uint32_t logitacker_devices_store_device_to_flash(logitacker_devices_unifying_device_rf_address_t const rf_addr) {
uint32_t logitacker_devices_store_ram_device_to_flash(logitacker_devices_unifying_device_rf_address_t const rf_addr) {
logitacker_devices_unifying_device_t * p_device = NULL;

// check if device exists
Expand Down Expand Up @@ -654,14 +655,15 @@ uint32_t logitacker_devices_device_update_classification(logitacker_devices_unif
p_dongle->classification = DONGLE_CLASSIFICATION_IS_LOGITECH;
}
} else {
NRF_LOG_INFO("... INVALID Logitech CRC");
NRF_LOG_DEBUG("... INVALID Logitech CRC");
//dealing with situation where Logitech CRC is wrong due to RX/TX errors isn't needed, as at this point the ESB CRC was already valid
if (p_dongle->classification == DONGLE_CLASSIFICATION_UNKNOWN) {
p_dongle->classification = DONGLE_CLASSIFICATION_IS_NOT_LOGITECH;
}
return NRF_SUCCESS;
}

bool autostore = false;

switch (unifying_report_type) {
case UNIFYING_RF_REPORT_ENCRYPTED_KEYBOARD:
Expand Down Expand Up @@ -693,6 +695,7 @@ uint32_t logitacker_devices_device_update_classification(logitacker_devices_unif
case UNIFYING_RF_REPORT_PLAIN_KEYBOARD:
p_device->report_types |= LOGITACKER_DEVICE_REPORT_TYPES_KEYBOARD;
p_device->vuln_plain_injection = true;
if (g_logitacker_global_config.auto_store_plain_injectable) autostore = true;
break;
case UNIFYING_RF_REPORT_PLAIN_MOUSE:
if (len != 10) return NRF_ERROR_INVALID_DATA;
Expand All @@ -711,6 +714,23 @@ uint32_t logitacker_devices_device_update_classification(logitacker_devices_unif
break;
}



if (autostore) {
NRF_LOG_INFO("Try to auto store");
//check if already stored
logitacker_devices_unifying_device_t dummy_device;
if (logitacker_flash_get_device(&dummy_device, p_device->rf_address) != NRF_SUCCESS) {
// not existing on flash create it
if (logitacker_devices_store_ram_device_to_flash(p_device->rf_address) == NRF_SUCCESS) {
NRF_LOG_INFO("device automatically stored to flash");
} else {
NRF_LOG_WARNING("error storing device to flash automatically");
}
} else {
NRF_LOG_INFO("device exists on flash already and has NOT been overwritten");
}
}
return NRF_SUCCESS;
}

Expand Down
2 changes: 1 addition & 1 deletion logitacker/logitacker_devices.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ uint32_t logitacker_devices_remove_device_from_dongle(logitacker_devices_unifyin

uint32_t logitacker_devices_create_device(logitacker_devices_unifying_device_t ** pp_device, logitacker_devices_unifying_device_rf_address_t const rf_addr);
uint32_t logitacker_devices_restore_device_from_flash(logitacker_devices_unifying_device_t **pp_device, logitacker_devices_unifying_device_rf_address_t const rf_address);
uint32_t logitacker_devices_store_device_to_flash(logitacker_devices_unifying_device_rf_address_t const rf_addr);
uint32_t logitacker_devices_store_ram_device_to_flash(logitacker_devices_unifying_device_rf_address_t const rf_addr);
uint32_t logitacker_devices_remove_device_from_flash(logitacker_devices_unifying_device_rf_address_t const rf_addr);
uint32_t logitacker_devices_get_device(logitacker_devices_unifying_device_t ** pp_device, logitacker_devices_unifying_device_rf_address_t const rf_addr);
uint32_t logitacker_devices_del_device(logitacker_devices_unifying_device_rf_address_t const rf_addr);
Expand Down
2 changes: 2 additions & 0 deletions logitacker/logitacker_options.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ logitacker_global_config_t g_logitacker_global_config = {
.discovery_on_new_address_action = LOGITACKER_DISCOVERY_ON_NEW_ADDRESS_DO_NOTHING,
.pass_through_mouse = false,
.pass_through_keyboard = false,
.auto_store_plain_injectable = true,
.auto_store_sniffed_pairing_devices = true,
};


Expand Down
5 changes: 5 additions & 0 deletions logitacker/logitacker_options.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,18 @@ typedef struct {
bool pass_through_mouse;
logitacker_discovery_on_new_address_t discovery_on_new_address_action; //not only state, persistent config

bool auto_store_plain_injectable;
bool auto_store_sniffed_pairing_devices;

logitacker_options_stats_t stats;
} logitacker_global_config_t;

const static logitacker_global_config_t LOGITACKER_OPTIONS_DEFAULTS = {
.discovery_on_new_address_action = LOGITACKER_DISCOVERY_ON_NEW_ADDRESS_DO_NOTHING,
.pass_through_mouse = false,
.pass_through_keyboard = false,
.auto_store_sniffed_pairing_devices = true,
.auto_store_plain_injectable = true,
.stats = {
.boot_count = 0,
},
Expand Down
Loading

0 comments on commit afb8e70

Please sign in to comment.