def __init__(self):
"""Initialize the nRF24 radio and the Raspberry Pi"""
self.state = IDLE # current state
self.lcd = None # LCD
self.radio = None # nRF24 radio
self.address = None # address of Cherry keyboard (CAUTION: Reversed byte order compared to sniffer tools!)
self.channel = 6 # used ShockBurst channel (was 6 for all tested Cherry keyboards)
self.payloads = [] # list of sniffed payloads
self.kbd = None # keyboard for keystroke injection attacks
try:
# disable GPIO warnings
GPIO.setwarnings(False)
# initialize LCD
self.lcd = CharLCD(cols=16, rows=2, pin_rs=15, pin_rw=18, pin_e=16, pins_data=[21, 22, 23, 24])
self.lcd.clear()
self.lcd.home()
self.lcd.write_string(APP_NAME)
self.lcd.cursor_pos = (1, 0)
self.lcd.write_string(SYSS_BANNER)
# use Raspberry Pi board pin numbers
GPIO.setmode(GPIO.BOARD)
# set up the GPIO pins
GPIO.setup(RED_LED, GPIO.OUT, initial = GPIO.LOW)
GPIO.setup(GREEN_LED, GPIO.OUT, initial = GPIO.LOW)
GPIO.setup(BLUE_LED, GPIO.OUT, initial = GPIO.LOW)
GPIO.setup(RECORD_BUTTON, GPIO.IN, pull_up_down = GPIO.PUD_DOWN)
GPIO.setup(REPLAY_BUTTON, GPIO.IN, pull_up_down = GPIO.PUD_DOWN)
GPIO.setup(ATTACK_BUTTON, GPIO.IN, pull_up_down = GPIO.PUD_DOWN)
GPIO.setup(SCAN_BUTTON, GPIO.IN, pull_up_down = GPIO.PUD_DOWN)
# set callcack functions
GPIO.add_event_detect(RECORD_BUTTON, GPIO.RISING, callback = self.buttonCallback, bouncetime = 250)
GPIO.add_event_detect(REPLAY_BUTTON, GPIO.RISING, callback = self.buttonCallback, bouncetime = 250)
GPIO.add_event_detect(ATTACK_BUTTON, GPIO.RISING, callback = self.buttonCallback, bouncetime = 250)
GPIO.add_event_detect(SCAN_BUTTON, GPIO.RISING, callback = self.buttonCallback, bouncetime = 250)
# initialize radio
self.radio = nrf24.nrf24()
# enable LNA
self.radio.enable_lna()
# show startup info for some time with blinkenlights
self.blinkenlights()
# start scanning mode
self.setState(SCAN)
except:
# error when initializing Radio Hack Box
self.lcd.clear()
self.lcd.home()
self.lcd.write_string(u"Error: 0xDEAD")
self.lcd.cursor_pos = (1, 0)
self.lcd.write_string(u"Please RTFM!")
def init_radio(self, disable_lna, reset):
if reset:
self._debug("Reseting PARadio USB Dongle")
nrf24_reset.reset_radio(0)
self.radio = nrf24.nrf24(0)
if not disable_lna:
self._debug("Enabled LNA")
self.radio.enable_lna()
def __init__(self, address=""):
"""Initialize Logitech Wireless Presenter Attack"""
self.state = IDLE # current state
self.channel = 2 # used ShockBurst channel
self.payloads = [] # list of sniffed payloads
self.screen = None # screen
self.font = None # font
self.statusText = "" # current status text
self.address = address # set device address
self.attack_vector = ATTACK_VECTOR1 # set attack vector
# initialize keyboard
self.kbd = keyboard.LogitechPresenter()
try:
# initialize pygame variables
pygame.init()
self.icon = pygame.image.load("./images/syss_logo.png")
self.bg = pygame.image.load(
"./images/logitech_presenter_attack_bg.png")
pygame.display.set_caption("SySS Logitech Presenter Attack PoC")
pygame.display.set_icon(self.icon)
self.screen = pygame.display.set_mode((400, 300), 0, 24)
self.font = pygame.font.SysFont("arial", 24)
self.screen.blit(self.bg, (0, 0))
pygame.display.update()
# set key repetition parameters
pygame.key.set_repeat(250, 50)
# initialize radio
self.radio = nrf24.nrf24()
# enable LNA
self.radio.enable_lna()
# start scanning mode
self.setState(SCAN)
except:
# info output
info(
"[-] Error: Could not initialize Logitech Wireless Presenter Attack"
)
def __init__(self):
"""Initialize Cherry Attack"""
self.state = IDLE # current state
self.channel = 6 # used ShockBurst channel (was 6 for all tested Cherry keyboards)
self.payloads = [] # list of sniffed payloads
self.kbd = None # keyboard for keystroke injection attacks
self.screen = None # screen
self.font = None # font
self.statusText = "" # current status text
try:
# initialize pygame variables
pygame.init()
self.icon = pygame.image.load("./images/syss_logo.png")
self.bg = pygame.image.load("./images/cherry_attack_bg.png")
pygame.display.set_caption("SySS Cherry Attack PoC")
pygame.display.set_icon(self.icon)
self.screen = pygame.display.set_mode((400, 300), 0, 24)
self.font = pygame.font.SysFont("arial", 24)
# self.screen.fill((255, 255, 255))
self.screen.blit(self.bg, (0, 0))
pygame.display.update()
# set key repetition parameters
pygame.key.set_repeat(250, 50)
# initialize radio
self.radio = nrf24.nrf24()
# enable LNA
self.radio.enable_lna()
# start scanning mode
self.setState(SCAN)
except:
# info output
info("[-] Error: Could not initialize Cherry Attack")
def init_radio(self, disable_lna):
self.radio = nrf24.nrf24(0)
if not disable_lna:
self._debug("Enabled LNA")
self.radio.enable_lna()
if args.address:
try:
# address of nRF24 keyboard (CAUTION: Reversed byte order compared to sniffer tools!)
address = args.address.replace(':', '').decode('hex')[::-1][:5]
address_string = ':'.join('{:02X}'.format(ord(b))
for b in address[::-1])
except:
print("[-] Error: Invalid address")
exit(1)
else:
address = ""
try:
# initialize radio
print("[*] Configure nRF24 radio")
radio = nrf24.nrf24()
# enable LNA
radio.enable_lna()
except:
print("[-] Error: Could not initialize nRF24 radio")
exit(1)
# put the radio in promiscuous mode with given address
if len(address) > 0:
radio.enter_promiscuous_mode(address[::-1])
else:
radio.enter_promiscuous_mode()
# set the initial channel
radio.set_channel(SCAN_CHANNELS[0])
def init_radio(self, disable_lna):
self.radio = nrf24.nrf24(0)
if not disable_lna:
self._debug("Enabled LNA")
self.radio.enable_lna()
def init_radio(self, disable_lna):
self.radio = nrf24.nrf24(0)
if not disable_lna:
self.radio.enable_lna()
