search

ECTO-1A / AppleJuice

Apple BLE proximity pairing message spoofing
Apache License 2.0
1.7k stars 146 forks source link

Not really spamming #28

Open atlab95 opened 1 year ago

atlab95 commented 1 year ago

Tried using the same external dongle as the PoC, but I have to lock and unlock the iphone to get another notification..

ckcr4lyf commented 1 year ago

If you really want to spam, you'll have better luck randomizing the device spoofed, the bluetooth advertisement type and the source mac address.

I don't think a laptop would let you do the last bit.

Some more info:

ECTO-1A commented 1 year ago

Hopefully over the next couple days I'll get the randomization that WillJL built into the flipper app ported back to the main app. For the headphones you can just set the last 12 bytes to random numbers and it will see it as a new device each time and allow the continuous pop-ups.

Bigyls commented 1 year ago

If you really want to spam, you'll have better luck randomizing the device spoofed, the bluetooth advertisement type and the source mac address.

I don't think a laptop would let you do the last bit.

Some more info:

I tried to change the MAC address of my BLE USB adapter (Zexmte) on raspberry pi 4, but I was unable to do so. bdaddr tool says 'Unsupported manufacturer' and I didn't find anything else.

ckcr4lyf commented 1 year ago

I tried to change the MAC address of my BLE USB adapter (Zexmte) on raspberry pi 4, but I was unable to do so. bdaddr tool says 'Unsupported manufacturer' and I didn't find anything else.

bdaddr only supports some manufacturers, probably Zexmte isn't. Nothing we can do about that. Using microcontrollers such as an ESP32-C3 you've a lot more control on BLE advertising, you could try one of those.

Bigyls commented 1 year ago

I tried to change the MAC address of my BLE USB adapter (Zexmte) on raspberry pi 4, but I was unable to do so. bdaddr tool says 'Unsupported manufacturer' and I didn't find anything else.

bdaddr only supports some manufacturers, probably Zexmte isn't. Nothing we can do about that. Using microcontrollers such as an ESP32-C3 you've a lot more control on BLE advertising, you could try one of those.

What is the BLE range of ESP-32s? Is it possible to add a BLE adapter to increase the range?

ckcr4lyf commented 1 year ago

The BLE range is I think 4-5m? It's not a very strong antenna so physical objects can impact it quite a bit.

Not sure about BLE adapters.

9xcoder commented 1 year ago

I tried to change the MAC address of my BLE USB adapter (Zexmte) on raspberry pi 4, but I was unable to do so. bdaddr tool says 'Unsupported manufacturer' and I didn't find anything else.

bdaddr only supports some manufacturers, probably Zexmte isn't. Nothing we can do about that. Using microcontrollers such as an ESP32-C3 you've a lot more control on BLE advertising, you could try one of those.

Can I use any ESP32 circuit or does it have to be an ESP32-C3?

barsikus007 commented 1 year ago

I tried to implement random-mac and random-adv to this script you can test this right now: https://github.com/barsikus007/AppleJuice

you can test new parameters with command: python3 app.py -r --random-mac --random-adv -i 20 --adv-time 0.2

btw apple spam is untested right now (I have no devices :( ) so I will check that and update my PR later

Bigyls commented 1 year ago

I tried to implement random-mac and random-adv to this script you can test this right now: https://github.com/barsikus007/AppleJuice

you can test new parameters with command: python3 app.py -r --random-mac --random-adv -i 20 --adv-time 0.2

btw apple spam is untested right now (I have no devices :( ) so I will check that and update my PR later

Thanks for your contribution, It works better than without the random address MAC. However, it doesn't run any better than flipper zero.

barsikus007 commented 1 year ago

However, it doesn't run any better than flipper zero.

Better than nothing, cause flipper is hard to get in my country... At least it runs the same (I also ported android and windows spam. alongside with apple custom crash from flipper-firmware) Didn't check apple one, but windows seem not working...

Bigyls commented 1 year ago

I also ported android and windows spam. alongside with apple custom crash from flipper-firmware. Didn't check apple one, but windows seem not working...

How to do custom-crash ? I tried python3 app.py -c but I receive an error.

barsikus007 commented 1 year ago

I also ported android and windows spam. alongside with apple custom crash from flipper-firmware. Didn't check apple one, but windows seem not working...

How to do custom-crash ? I tried python3 app.py -c but I receive an error.

fixed