From 780557624f0e0c9ef4ee73a7c26d9428d70a73b0 Mon Sep 17 00:00:00 2001 From: Corey Harding Date: Wed, 14 Mar 2018 07:24:58 -0400 Subject: [PATCH] Release v1.1.5 - Add Denial of Service Mode and Update Fuzzing Control * Add Denial of Service Mode * Update Fuzzing Control * Allow terminating transmission * Update TX Interface --- Source Code/esprfidtool/esprfidtool.ino | 131 ++++++++++++++++++++---- Source Code/esprfidtool/version.h | 2 +- 2 files changed, 112 insertions(+), 21 deletions(-) diff --git a/Source Code/esprfidtool/esprfidtool.ino b/Source Code/esprfidtool/esprfidtool.ino index 40a34a9..a435cd5 100644 --- a/Source Code/esprfidtool/esprfidtool.ino +++ b/Source Code/esprfidtool/esprfidtool.ino @@ -77,6 +77,7 @@ int txdelayus; int txdelayms; int safemode; +int dos=0; int TXstatus=0; String pinHTML; @@ -391,7 +392,7 @@ void LogWiegand(WiegandNG &tempwg) { f.print(String()+countedBits+F(" bit card,")); - if (countedBits==4) { + if (countedBits==4||countedBits==8) { f.print(F("possible keypad entry,")); } @@ -1266,7 +1267,7 @@ void setup() { } if (server.hasArg("bruteSTART")) { - server.send(200, "text/html", String()+"<- BACK TO INDEX

<- BACK TO EXPERIMENTAL TX MODE

Brute forcing "+pinBITS+"bit Wiegand Format PIN from "+(server.arg("bruteSTART"))+" to "+(server.arg("bruteEND"))+" with a "+pinHTMLDELAY+"ms delay between \"keypresses\"
This may take a while, your device will be busy until the sequence has been completely transmitted!
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
You can view if the brute force attempt has completed by returning to the Experimental TX page and checking the status located under \"Bruteforce PIN\"

"); + server.send(200, "text/html", String()+"<- BACK TO INDEX

<- BACK TO EXPERIMENTAL TX MODE

Brute forcing "+pinBITS+"bit Wiegand Format PIN from "+(server.arg("bruteSTART"))+" to "+(server.arg("bruteEND"))+" with a "+pinHTMLDELAY+"ms delay between \"keypresses\"
This may take a while, your device will be busy until the sequence has been completely transmitted!
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
You can view if the brute force attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"

"); delay(50); } @@ -1489,41 +1490,103 @@ void setup() { } if (server.arg("fuzzType")=="simultaneous") { + + int fuzzTimes=0; + dos=0; + if ((server.arg("fuzzTimes"))=="dos") { + dos=1; + server.send(200, "text/html", String()+ + "<- BACK TO INDEX

" + "<- BACK TO EXPERIMENTAL TX MODE

" + "Denial of Service mode active.
Transmitting D0 and D1 bits simultaneously until stopped." + "
This may take a while, your device will be busy until the sequence has been completely transmitted!" + "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" + "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"

" + ""); + delay(50); + } + else { + fuzzTimes=server.arg("fuzzTimes").toInt(); + server.send(200, "text/html", String()+ + "<- BACK TO INDEX

" + "<- BACK TO EXPERIMENTAL TX MODE

" + "Transmitting D0 and D1 bits simultaneously "+fuzzTimes+" times." + "
This may take a while, your device will be busy until the sequence has been completely transmitted!" + "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" + "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"

" + ""); + delay(50); + } + wg.pause(); digitalWrite(DATA0, HIGH); pinMode(DATA0,OUTPUT); digitalWrite(DATA1, HIGH); pinMode(DATA1,OUTPUT); - int fuzzTimes=server.arg("fuzzTimes").toInt(); + TXstatus=1; - for (int i=0; i<=fuzzTimes; i++) { + for (int i=0; i<=fuzzTimes || dos==1; i++) { digitalWrite(DATA0, LOW); digitalWrite(DATA1, LOW); delayMicroseconds(txdelayus); digitalWrite(DATA0, HIGH); digitalWrite(DATA1, HIGH); delay(txdelayms); + server.handleClient(); + if (TXstatus!=1) { + break; + } } pinMode(DATA0, INPUT); pinMode(DATA1, INPUT); wg.clear(); + TXstatus=0; + dos=0; - experimentalStatus=String()+"Transmitting D0 and D1 bits simultaneously "+fuzzTimes+" times."; + //experimentalStatus=String()+"Transmitting D0 and D1 bits simultaneously "+fuzzTimes+" times."; } if (server.arg("fuzzType")=="alternating") { + + int fuzzTimes=0; + dos=0; + if ((server.arg("fuzzTimes"))=="dos") { + dos=1; + server.send(200, "text/html", String()+ + "<- BACK TO INDEX

" + "<- BACK TO EXPERIMENTAL TX MODE

" + "Denial of Service mode active.
Transmitting bits alternating between D0 and D1 until stopped." + "
This may take a while, your device will be busy until the sequence has been completely transmitted!" + "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" + "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"

" + ""); + delay(50); + } + else { + fuzzTimes=server.arg("fuzzTimes").toInt(); + server.send(200, "text/html", String()+ + "<- BACK TO INDEX

" + "<- BACK TO EXPERIMENTAL TX MODE

" + "Transmitting "+fuzzTimes+" bits alternating between D0 and D1." + "
This may take a while, your device will be busy until the sequence has been completely transmitted!" + "
Please \"STOP CURRENT TRANSMISSION\" before attempting to use your device or simply wait for the transmission to finish.
" + "You can view if the fuzzing attempt has completed by returning to the Experimental TX page and checking the status located under \"Transmit Status\"

" + ""); + delay(50); + } + wg.pause(); digitalWrite(DATA0, HIGH); pinMode(DATA0,OUTPUT); digitalWrite(DATA1, HIGH); pinMode(DATA1,OUTPUT); - int fuzzTimes=server.arg("fuzzTimes").toInt(); String binALT=""; + TXstatus=1; - for (int i=0; i"; + + if (pinHTML!="") { + activeTX="Brute forcing PIN: "+pinHTML+"
"; + } + else if (dos==1) { + activeTX="Denial of Service mode active...
"; + } + else { + activeTX="Transmitting...
"; + } + } else { activeTX="INACTIVE
"; @@ -1586,17 +1665,18 @@ void setup() { "Experimental TX Mode" "" "" - )+F("Experimental Status: ")+experimentalStatus+"

"+F( - "<- BACK TO INDEX

" + )+experimentalStatus+"

" + +F( + "Transmit Status: ")+activeTX+F("

" + "<- BACK TO INDEX
" "

" "

Experimental TX Mode

" "
" - "Warning:
" - "This mode is highly experimental, use at your own risk!
" - "This device operates at 3v3 and may not reliably trigger 5v devices.
" - "Recieving Wiegand data during a transmission may damage your device.
" - "Do not scan any cards during this time, use at your own risk!
" - "Note: Timings for Wiegand data pulse width and data interval may be changed on the settings page.
" + "" + "Warning: This mode is highly experimental, use at your own risk!
" + "Note: Timings for the Wiegand Data Pulse Width and Wiegand Data Interval may be changed on the settings page." + "
" + "
" "
" "
" "
" @@ -1636,13 +1716,13 @@ void setup() { " 8bit Wiegand PIN Format
" "

" "
" - "Brute force status: ")+activeTX+F("
" "
" "
" "Fuzzing:

" "
" "Number of bits:" - " 0, must not be empty\" minlength=\"1\" size=\"32\">
" + "
" + //" 0, must not be empty \" minlength=\"1\" size=\"32\">
" " Transmit a bit simultaneously on D0 and D1 (X bits per each line)
" " Transmit X bits alternating between D0 and D1 each bit (01010101,etc)
" "
" @@ -1650,9 +1730,20 @@ void setup() { "
" "
" "
" + "Denial Of Service Mode:

" + "" + "Type of Attack:" + "
" + " Transmit a bit simultaneously on D0 and D1 until stopped
" + " Transmit bits alternating between D0 and D1 each bit (01010101,etc) until stopped
" + "
" + "
" + "
" + "
" + "
" "Push Button for Door Open:
" "Connect \"Push to Open\" wire from the reader to the RX pin(GPIO3) on the programming header on ESP-RFID-Tool.
" - "Warning! Selecting the wrong trigger signal type may cause damage to the connected reader.

" + "Warning! Selecting the wrong trigger signal type may cause damage to the connected hardware.

" "
" "Time in ms to push the door open button:" " 0, must not be empty\" minlength=\"1\" size=\"32\">
" diff --git a/Source Code/esprfidtool/version.h b/Source Code/esprfidtool/version.h index f97cc1c..4a5d71e 100644 --- a/Source Code/esprfidtool/version.h +++ b/Source Code/esprfidtool/version.h @@ -1 +1 @@ -String version = "1.1.4"; +String version = "1.1.5";