From be09352868fa60c09bb1fcfbc11af9444cd256ce Mon Sep 17 00:00:00 2001 From: Pirata Date: Fri, 4 Oct 2024 17:52:42 -0300 Subject: [PATCH] Fixes - BadUsb now sends GUI commands and Control Escape - Added confirmation btn to deploy DuckyScript - Fixed the NTP setting (ask to connect to wifi first) - Fixed Evil evil_portal --- lib/Bad_Usb_Lib/BleKeyboard.cpp | 19 ++++++++++----- lib/Bad_Usb_Lib/CH9329_Keyboard.cpp | 4 +++- lib/Bad_Usb_Lib/USBHIDKeyboard.cpp | 10 ++++---- src/core/settings.cpp | 9 ++++++-- src/main.cpp | 2 +- src/modules/ble/bad_ble.cpp | 26 ++++++++++----------- src/modules/others/bad_usb.cpp | 36 +++++++++++++++-------------- src/modules/wifi/evil_portal.cpp | 14 +++++------ 8 files changed, 68 insertions(+), 52 deletions(-) diff --git a/lib/Bad_Usb_Lib/BleKeyboard.cpp b/lib/Bad_Usb_Lib/BleKeyboard.cpp index 31cef99e7..be3a2f3e6 100644 --- a/lib/Bad_Usb_Lib/BleKeyboard.cpp +++ b/lib/Bad_Usb_Lib/BleKeyboard.cpp @@ -234,21 +234,28 @@ uint8_t USBPutChar(uint8_t c); size_t BleKeyboard::press(uint8_t k) { uint8_t i; - if (k >= 136) { // it's a non-printing key (not a modifier) - k = k - 136; - } else if (k >= 128) { // it's a modifier key - _keyReport.modifiers |= (1<<(k-128)); + if(k>=0xE0 && k<0xE8) { + // k is not to be changed + } else if (k >= 0x88) { // it's a non-printing key (not a modifier) + k = k - 0x88; + } else if (k >= 0x80) { // it's a modifier key + _keyReport.modifiers |= (1<<(k-0x80)); k = 0; } else { // it's a printing key - k = pgm_read_byte(_asciimap + k); + k = _asciimap[k]; if (!k) { setWriteError(); return 0; } - if (k & 0x80) { // it's a capital letter or other character reached with shift + if ((k & 0xc0) == 0xc0) { // ALT_GR + _keyReport.modifiers |= 0x40; // AltGr = right Alt + k &= 0x3F; + } else if ((k & 0x80) == 0x80) { // SHIFT _keyReport.modifiers |= 0x02; // the left shift modifier k &= 0x7F; } + if (k == 0x32) //ISO_REPLACEMENT + k = 0x64; //ISO_KEY } // Add k to the key report only if it's not already present diff --git a/lib/Bad_Usb_Lib/CH9329_Keyboard.cpp b/lib/Bad_Usb_Lib/CH9329_Keyboard.cpp index f88450384..d0a818fcc 100644 --- a/lib/Bad_Usb_Lib/CH9329_Keyboard.cpp +++ b/lib/Bad_Usb_Lib/CH9329_Keyboard.cpp @@ -100,7 +100,9 @@ void CH9329_Keyboard_::sendReport(KeyReport* keys) size_t CH9329_Keyboard_::press(uint8_t k) { uint8_t i; - if (k >= 136) { // it's a non-printing key (not a modifier) + if(k>=0xE0 && k<0xE8) { + // k is not to be changed + } else if (k >= 136) { // it's a non-printing key (not a modifier) k = k - 136; } else if (k >= 128) { // it's a modifier key _keyReport.modifiers |= (1<<(k-128)); diff --git a/lib/Bad_Usb_Lib/USBHIDKeyboard.cpp b/lib/Bad_Usb_Lib/USBHIDKeyboard.cpp index 19f151b37..0cc4504b3 100644 --- a/lib/Bad_Usb_Lib/USBHIDKeyboard.cpp +++ b/lib/Bad_Usb_Lib/USBHIDKeyboard.cpp @@ -87,10 +87,7 @@ void USBHIDKeyboard::sendReport(KeyReport* keys) size_t USBHIDKeyboard::pressRaw(uint8_t k) { uint8_t i; - if (k >= 0xE0 && k < 0xE8) { - // it's a modifier key - _keyReport.modifiers |= (1<<(k-0x80)); - } else if (k && k < 0xA5) { + if ((k && k < 0xA5) || (k >= 0xE0 && k < 0xE8)) { // Add k to the key report only if it's not already present // and if there is an empty slot. if (_keyReport.keys[0] != k && _keyReport.keys[1] != k && @@ -144,7 +141,10 @@ size_t USBHIDKeyboard::releaseRaw(uint8_t k) // call release(), releaseAll(), or otherwise clear the report and resend. size_t USBHIDKeyboard::press(uint8_t k) { - if (k >= 0x88) { // it's a non-printing key (not a modifier) + if(k>=0xE0 && k<0xE8) { + // k is not to be changed + } + else if (k >= 0x88) { // it's a non-printing key (not a modifier) k = k - 0x88; } else if (k >= 0x80) { // it's a modifier key _keyReport.modifiers |= (1<<(k-0x80)); diff --git a/src/core/settings.cpp b/src/core/settings.cpp index d7a1b2db5..c6ed71b95 100644 --- a/src/core/settings.cpp +++ b/src/core/settings.cpp @@ -363,7 +363,7 @@ void setClock() { #endif options = { - {"NTP adjust", [&]() { auto_mode=true; }}, + {"NTP Timezone", [&]() { auto_mode=true; }}, {"Manually set", [&]() { auto_mode=false; }}, {"Main Menu", [=]() { backToMenu(); }}, }; @@ -373,7 +373,12 @@ void setClock() { if (!returnToMenu) { if (auto_mode) { - if(!wifiConnected) wifiConnectMenu(); + if(!wifiConnected) { + //Previous implementation was triggering Stack Canary error. + //NTP Adjust is made autommatically everytime you connect to wifi. + displayWarning("Connect to WiFi"); + return; + } if(!returnToMenu) { options = { {"Brasilia", [&]() { timeClient.setTimeOffset(-3 * 3600); tmz=0; }, tmz==0 ? true:false}, diff --git a/src/main.cpp b/src/main.cpp index 3dd44de98..929892cb8 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -31,7 +31,7 @@ String cachedPassword=""; String wigleBasicToken=""; int dimmerSet; int bright=100; -int tmz=3; +int tmz=0; int devMode=0; int soundEnabled=1; bool interpreter_start = false; diff --git a/src/modules/ble/bad_ble.cpp b/src/modules/ble/bad_ble.cpp index 3a241b9ce..f68788161 100644 --- a/src/modules/ble/bad_ble.cpp +++ b/src/modules/ble/bad_ble.cpp @@ -91,7 +91,8 @@ void key_input_ble(FS fs, String bad_script) { } else { Command = lineContent.substring(0, lineContent.indexOf(' ')); // get the Command strcpy(Cmd, Command.c_str()); // get the cmd - Argument = lineContent.substring(lineContent.indexOf(' ') + 1); // get the argument + if(lineContent.indexOf(' ')>0) Argument = lineContent.substring(lineContent.indexOf(' ') + 1); // get the argument + else Argument = ""; RepeatTmp = "1"; } uint16_t i; @@ -102,7 +103,7 @@ void key_input_ble(FS fs, String bad_script) { ArgChar = Argument.charAt(0); - if (Argument == "F1" || Argument == "F2" || Argument == "F3" || Argument == "F4" || Argument == "F5" || Argument == "F6" || Argument == "F7" || Argument == "F8" || Argument == "F9" || Argument == "F10" || Argument == "F11" || Argument == "F2" || Argument == "DELETE" || Argument == "TAB" || Argument == "ENTER") { ArgIsCmd = true; } + if (Argument == "F1" || Argument == "F2" || Argument == "F3" || Argument == "F4" || Argument == "F5" || Argument == "F6" || Argument == "F7" || Argument == "F8" || Argument == "F9" || Argument == "F10" || Argument == "F11" || Argument == "F12" || Argument == "DELETE" || Argument == "TAB" || Argument == "ENTER" || Argument == "ESCAPE" || Argument == "ESC") { ArgIsCmd = true; } restart: // restart checks @@ -168,18 +169,16 @@ void key_input_ble(FS fs, String bad_script) { Kble.releaseAll(); - if (line == 7) { + if (tft.getCursorY()>(HEIGHT-LH)) { tft.setCursor(0, 0); tft.fillScreen(BGCOLOR); - line = 0; } - line++; if (cmdFail == 57) { tft.setTextColor(ALCOLOR); tft.print(Command); tft.println(" -> Not Supported, running as STRINGLN"); - if (Command != Argument) { + if (Argument != "") { Kble.print(Command); Kble.print(" "); Kble.println(Argument); @@ -188,11 +187,12 @@ void key_input_ble(FS fs, String bad_script) { } } else { tft.setTextColor(FGCOLOR); - tft.println(Command); + tft.print(Command); } - tft.setTextColor(TFT_WHITE); - tft.println(Argument); - + if(Argument.length()>0) { + tft.setTextColor(TFT_WHITE); + tft.println(Argument); + } else tft.println(); if (strcmp(Cmd, "REM") != 0) delay(DEF_DELAY); //if command is not a comment, wait DEF_DELAY until next command (100ms) } } @@ -291,6 +291,8 @@ void ble_setup() { BLEConnected=true; displayRedStripe("Preparing",TFT_WHITE, FGCOLOR); delay(1000); + displayWarning(String(BTN_ALIAS) + " to deploy", true); + delay(200); key_input_ble(*fs, bad_script); displayRedStripe("Payload Sent",TFT_WHITE, FGCOLOR); @@ -303,7 +305,7 @@ void ble_setup() { goto NewScript; } - else displayWarning("Canceled"); + else displayWarning("Canceled", true); } End: @@ -440,8 +442,6 @@ void ble_keyboard() { } if(BLEConnected && !Kble.isConnected()) goto Reconnect; } - BLEConnected=false; - Kble.end(); returnToMenu=true; } diff --git a/src/modules/others/bad_usb.cpp b/src/modules/others/bad_usb.cpp index feeeb9943..88f614385 100644 --- a/src/modules/others/bad_usb.cpp +++ b/src/modules/others/bad_usb.cpp @@ -101,7 +101,8 @@ void key_input(FS fs, String bad_script) { } else { Command = lineContent.substring(0, lineContent.indexOf(' ')); // get the Command strcpy(Cmd, Command.c_str()); // get the cmd - Argument = lineContent.substring(lineContent.indexOf(' ') + 1); // get the argument + if(lineContent.indexOf(' ')>0) Argument = lineContent.substring(lineContent.indexOf(' ') + 1); // get the argument + else Argument = ""; RepeatTmp = "1"; } uint16_t i; @@ -112,7 +113,7 @@ void key_input(FS fs, String bad_script) { ArgChar = Argument.charAt(0); - if (Argument == "F1" || Argument == "F2" || Argument == "F3" || Argument == "F4" || Argument == "F5" || Argument == "F6" || Argument == "F7" || Argument == "F8" || Argument == "F9" || Argument == "F10" || Argument == "F11" || Argument == "F2" || Argument == "DELETE" || Argument == "TAB" || Argument == "ENTER") { ArgIsCmd = true; } + if (Argument == "F1" || Argument == "F2" || Argument == "F3" || Argument == "F4" || Argument == "F5" || Argument == "F6" || Argument == "F7" || Argument == "F8" || Argument == "F9" || Argument == "F10" || Argument == "F11" || Argument == "F12" || Argument == "DELETE" || Argument == "TAB" || Argument == "ENTER" || Argument == "ESCAPE" || Argument == "ESC") { ArgIsCmd = true; } restart: // restart checks @@ -121,10 +122,10 @@ void key_input(FS fs, String bad_script) { if (strcmp(Cmd, "DEFAULTDELAY") == 0 || strcmp(Cmd, "DEFAULT_DELAY") == 0) delay(DEF_DELAY); else { cmdFail++; } //100ms if (strcmp(Cmd, "STRING") == 0) { Kb.print(Argument);} else { cmdFail++; } if (strcmp(Cmd, "STRINGLN") == 0) { Kb.println(Argument); } else { cmdFail++; } - if (strcmp(Cmd, "SHIFT") == 0) { Kb.press(KEY_LEFT_SHIFT); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} // Save Cmd into OldCmd and then set Cmd = Argument - if (strcmp(Cmd, "ALT") == 0) { Kb.press(KEY_LEFT_ALT); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} // This is made to turn the code faster and to recover - if (strcmp(Cmd, "CTRL-ALT") == 0) { Kb.press(KEY_LEFT_ALT); Kb.press(KEY_LEFT_CTRL); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} // the Cmd after the if else statements, in order to - if (strcmp(Cmd, "CTRL-SHIFT") == 0) { Kb.press(KEY_LEFT_CTRL); Kb.press(KEY_LEFT_SHIFT); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;}// the Cmd REPEAT work as intended. + if (strcmp(Cmd, "SHIFT") == 0) { if(Argument.length()>0) { Kb.press(KEY_LEFT_SHIFT); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; } } else { Kb.press(0xE1); Kb.releaseAll(); } } else { cmdFail++; } // Save Cmd into OldCmd and then set Cmd = Argument + if (strcmp(Cmd, "ALT") == 0) { if(Argument.length()>0) { Kb.press(KEY_LEFT_ALT); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; } } else { Kb.press(0xE2); Kb.releaseAll(); } } else { cmdFail++; } // This is made to turn the code faster and to recover + if (strcmp(Cmd, "CTRL-ALT") == 0) { Kb.press(KEY_LEFT_ALT); Kb.press(KEY_LEFT_CTRL); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} // the Cmd after the if else statements, in order to + if (strcmp(Cmd, "CTRL-SHIFT") == 0) { Kb.press(KEY_LEFT_CTRL); Kb.press(KEY_LEFT_SHIFT); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} // the Cmd REPEAT work as intended. if (strcmp(Cmd, "CTRL-GUI") == 0) { Kb.press(KEY_LEFT_CTRL); Kb.press(KEY_LEFT_GUI); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} if (strcmp(Cmd, "ALT-SHIFT") == 0) { Kb.press(KEY_LEFT_ALT); Kb.press(KEY_LEFT_SHIFT); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} if (strcmp(Cmd, "ALT-GUI") == 0) { Kb.press(KEY_LEFT_ALT); Kb.press(KEY_LEFT_GUI); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} @@ -133,8 +134,8 @@ void key_input(FS fs, String bad_script) { if (strcmp(Cmd, "CTRL-ALT-GUI") == 0) { Kb.press(KEY_LEFT_ALT); Kb.press(KEY_LEFT_CTRL); Kb.press(KEY_LEFT_GUI); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} if (strcmp(Cmd, "ALT-SHIFT-GUI") == 0) { Kb.press(KEY_LEFT_ALT); Kb.press(KEY_LEFT_SHIFT); Kb.press(KEY_LEFT_GUI); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} if (strcmp(Cmd, "CTRL-SHIFT-GUI") == 0) { Kb.press(KEY_LEFT_CTRL); Kb.press(KEY_LEFT_SHIFT); Kb.press(KEY_LEFT_GUI); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} - if (strcmp(Cmd, "GUI") == 0 || strcmp(Cmd, "WINDOWS") == 0) { Kb.press(KEY_LEFT_GUI); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} - if (strcmp(Cmd, "CTRL") == 0 || strcmp(Cmd, "CONTROL") == 0) { Kb.press(KEY_LEFT_CTRL); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; }} else { cmdFail++;} + if (strcmp(Cmd, "GUI") == 0 || strcmp(Cmd, "WINDOWS") == 0) { if(Argument.length()>0) { Kb.press(KEY_LEFT_GUI); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; } } else { Kb.press(0xE3); Kb.releaseAll(); } } else { cmdFail++; } + if (strcmp(Cmd, "CTRL") == 0 || strcmp(Cmd, "CONTROL") == 0) { if(Argument.length()>0) { Kb.press(KEY_LEFT_CTRL); if (!ArgIsCmd) { Kb.press(ArgChar); Kb.releaseAll(); } else { strcpy(OldCmd, Cmd); strcpy(Cmd, Argument.c_str()); goto restart; } } else { Kb.press(0xE0); Kb.releaseAll(); } } else { cmdFail++; } if (strcmp(Cmd, "ESC") == 0 || strcmp(Cmd, "ESCAPE") == 0) {Kb.press(KEY_ESC);Kb.releaseAll(); } else { cmdFail++;} if (strcmp(Cmd, "ENTER") == 0) { Kb.press(KEY_RETURN); Kb.releaseAll(); } else { cmdFail++; } if (strcmp(Cmd, "DOWNARROW") == 0) { Kb.press(KEY_DOWN_ARROW); Kb.releaseAll();} else { cmdFail++;} @@ -178,18 +179,16 @@ void key_input(FS fs, String bad_script) { Kb.releaseAll(); - if (line == 7) { + if (tft.getCursorY()>(HEIGHT-LH)) { tft.setCursor(0, 0); tft.fillScreen(BGCOLOR); - line = 0; } - line++; if (cmdFail == 57) { tft.setTextColor(ALCOLOR); tft.print(Command); tft.println(" -> Not Supported, running as STRINGLN"); - if (Command != Argument) { + if (Argument != "") { Kb.print(Command); Kb.print(" "); Kb.println(Argument); @@ -198,11 +197,12 @@ void key_input(FS fs, String bad_script) { } } else { tft.setTextColor(FGCOLOR); - tft.println(Command); + tft.print(Command); } - tft.setTextColor(TFT_WHITE); - tft.println(Argument); - + if(Argument.length()>0) { + tft.setTextColor(TFT_WHITE); + tft.println(Argument); + } else tft.println(); if (strcmp(Cmd, "REM") != 0) delay(DEF_DELAY); //if command is not a comment, wait DEF_DELAY until next command (100ms) } } @@ -312,6 +312,8 @@ void usb_setup() { delay(2000); first_time=false; } + displayWarning(String(BTN_ALIAS) + " to deploy", true); + delay(200); key_input(*fs, bad_script); displayRedStripe("Payload Sent",TFT_WHITE, FGCOLOR); @@ -322,7 +324,7 @@ void usb_setup() { if(returnToMenu) return; // Try to run a new script on the same device goto NewScript; - } else displayWarning("Canceled"); + } else displayWarning("Canceled",true); returnToMenu=true; #if !defined(USB_as_HID) diff --git a/src/modules/wifi/evil_portal.cpp b/src/modules/wifi/evil_portal.cpp index 53502ef69..11747d576 100644 --- a/src/modules/wifi/evil_portal.cpp +++ b/src/modules/wifi/evil_portal.cpp @@ -57,7 +57,6 @@ void startEvilPortal(String tssid, uint8_t channel, bool deauth) { AP_name = keyboard("Free Wifi", 30, "Evil Portal SSID:"); } else { // tssid != "" means that is was cloned and can deploy Deauth - send_raw_frame(deauth_frame, sizeof(deauth_frame_default)); AP_name = tssid; } @@ -137,7 +136,7 @@ void startEvilPortal(String tssid, uint8_t channel, bool deauth) { tft.drawCentreString("Evil Portal",tft.width()/2, 29, SMOOTH_FONT); tft.setCursor(8,46); tft.setTextColor(FGCOLOR); - tft.println("AP: " + AP_name); + tft.println("AP: " + AP_name.substring(0,15)); tft.setCursor(8,tft.getCursorY()); tft.println("->" + WiFi.softAPIP().toString() + "/creds"); tft.setCursor(8,tft.getCursorY()); @@ -156,18 +155,21 @@ void startEvilPortal(String tssid, uint8_t channel, bool deauth) { if (hold_deauth) { tft.setTextSize(FP); tft.setTextColor(FGCOLOR); - tft.drawRightString("Deauth OFF", tft.width()-6,tft.height()-8,SMOOTH_FONT); + tft.drawRightString("Deauth OFF", tft.width()-8,tft.height()-16,SMOOTH_FONT); } else { tft.setTextSize(FP); tft.setTextColor(TFT_RED); - tft.drawRightString("Deauth ON", tft.width()-6,tft.height()-8,SMOOTH_FONT); + tft.drawRightString("Deauth ON", tft.width()-8,tft.height()-16,SMOOTH_FONT); } } redraw=false; } - if(!hold_deauth && (millis()-tmp) >5 && deauth) { + dnsServer.processNextRequest(); + ep->handleClient(); + + if(!hold_deauth && (millis()-tmp) >250 && deauth) { send_raw_frame(deauth_frame, 26); // sends deauth frames if needed. tmp=millis(); } @@ -181,8 +183,6 @@ void startEvilPortal(String tssid, uint8_t channel, bool deauth) { redraw=true; previousTotalCapturedCredentials = totalCapturedCredentials-1; } - dnsServer.processNextRequest(); - ep->handleClient(); if(checkEscPress()) break; }