GermaniumSystem · August 17, 2018 02:43
diff --git a/DCF26_badge_BTLE_client.sh b/DCF26_badge_BTLE_client.sh
 #!/bin/bash

 set -e

 IFACE='hci0'
 SN='8678'
 MAGIC_AWOO='a0'
 MAGIC_BEACON='00'
 MAGIC_CURE='ce'
 MAGIC_EMOTE='b2'
 MAGIC_RABIES='35'


 function printHelp {
  cat <<EOHELP
 BTLEComm.sh - Control nearby DEFCON Furs DC26 badges via BTLE beaconns.
 Usage:
    BTLEComm.sh [-i interface] [-s serial] <command> [argument]
 Flags:
    -i, --interface=IFACE     The Bluetooth interface to broadcast from.
                              Defaults to $IFACE.
    -s, --serial=SERIALNUM    The badge serial number to use.
                              Default to $SN.
 Commands:
    awoo   - Starts a howl with a maximum TTL.
    beacon - Broadcasts the same beacons as an idle badge would.
    cure   - Cures nearby badges of rabies.
    emote  - Causes nearby badges to display an emote.
             Accepts an optional argument to specify an emote. Random if blank.
             There are three built-in "phrase" emotes:
                 emote awoo
                 emote boop
                 emote owo
             Arbitrary emotes such as "^.^" may also be sent. Only uppercase,
             letters, most special characters, and lowercase "o" are supported.
                 emote '^.^'
                 emote '>.>'
                 emote 'o.o'
    rabies - Broadcasts a rabid beacon, just as a normal rabid badge would.
 EOHELP
  exit
 }


 function decToHex {
  printf "%02x" "$1"
 }


 function setAdvertParams {
  data="$1"
  len="$(($(echo "$data" | sed 's/ //g' | wc -c - | sed 's/ .*//') / 2 + 3))"
  hex_len="$(decToHex "$len")"
  # https://gist.github.com/GermaniumSystem/d785ab9717dda672419740a40b0623bb
  hcitool -i "$IFACE" cmd 0x08 0x0008 1E 03 19 dc 26 02 01 06 0b 09 44 45 46 43 4f 4e 46 75 72 73 $hex_len ff ff 71 $data 00 >/dev/null
 }


 function asciiToHex {
  # This limits the input to 16 bytes, but no commands should be this long.
  printf -- "$1" | od -t x1 | head -n 1 | sed -r 's/^[^ ]+ //'
 }


 function serialHex {
  # The two bytes need to be flipped for the subsequent hcitool command.
   printf "%04x\n" "$SN" | sed -r 's/(..)(..)/\2 \1/'
 }


 function ctrl_c {
  # Stop transmitting on ^C.
  hciconfig "$IFACE" noleadv
  echo -e "\nTransmission stopped."
 }


 # Sanity checks.
 if [ -z "$(which hciconfig)" ] ; then
  echo "Could not locate hciconfig! Does this system have BlueZ?"
  exit 10
 fi
 if [ -z "$1" ] ; then
  printHelp
 fi
 if [ "$(id -u)" -ne "0" ] ; then
  echo -e "\nWARNING: This script probably won't work when not run by root.\n"
 fi
 if ps ax | grep -v 'grep' | grep -qi 'bluetoothd' ; then
  echo -e "\nWARNING: bluetoothd is running! This may break things.\n"
 fi


 # Parse args.
 while [[ $# -gt 0 ]]; do
  key=$1
  case $key in
    -h|--help)
      printHelp
    ;;
    -i|--interface)
      IFACE="$2"
      shift
      shift
    ;;
    -s|--serial)
      SN="$2"
      shift
      shift
    ;;
    *)
      cmd="$1"
      if [ -n "$2" ] ; then
        arg="$2"
        shift
      fi
      shift
    ;;
  esac
 done


 #echo "Generating payload..."
 sn_bytes="$(serialHex)"
 case $cmd in
  awoo)
    # Magic byte, two serial num bytes, TTL byte, two origin serial num bytes.
    data="$MAGIC_AWOO $sn_bytes ff $sn_bytes"
  ;;
  beacon)
    # Magic byte, two serial num bytes.
    data="$MAGIC_BEACON $sn_bytes"
  ;;
  cure)
    # Magic byte, two serial num bytes, CURE.
    cure_hex="$(asciiToHex 'CURE')"
    data="$MAGIC_CURE $sn_bytes $cure_hex"
  ;;
  emote)
    # Magic byte, two serial num bytes, optional emote bytes.
    if [ -n "$arg" ] ; then
      arg_hex="$(asciiToHex "$arg")"
    fi
    data="$MAGIC_EMOTE $sn_bytes $arg_hex"
  ;;
  rabies)
    # Magic byte, two serial num bytes.
    data="$MAGIC_RABIES $sn_bytes"
  ;;
  *)
    echo "Unknown command."
    exit 2
  ;;
 esac


 echo "Bringing interface $IFACE up..."
 hciconfig "$IFACE" up

 #echo "Setting advertisement parameters..."
 setAdvertParams "$data"

 #echo "Enabling advertisement..."
 hciconfig "$IFACE" leadv 3

 trap ctrl_c INT

 printf "Broadcasting! Press ^C to stop transmission."
 while true ; do
  printf '.'
  sleep 1s
 done
	#!/bin/bash

	set -e

	IFACE='hci0'
	SN='8678'
	MAGIC_AWOO='a0'
	MAGIC_BEACON='00'
	MAGIC_CURE='ce'
	MAGIC_EMOTE='b2'
	MAGIC_RABIES='35'


	function printHelp {
	cat <<EOHELP
	BTLEComm.sh - Control nearby DEFCON Furs DC26 badges via BTLE beaconns.
	Usage:
	BTLEComm.sh [-i interface] [-s serial] <command> [argument]
	Flags:
	-i, --interface=IFACE The Bluetooth interface to broadcast from.
	Defaults to $IFACE.
	-s, --serial=SERIALNUM The badge serial number to use.
	Default to $SN.
	Commands:
	awoo - Starts a howl with a maximum TTL.
	beacon - Broadcasts the same beacons as an idle badge would.
	cure - Cures nearby badges of rabies.
	emote - Causes nearby badges to display an emote.
	Accepts an optional argument to specify an emote. Random if blank.
	There are three built-in "phrase" emotes:
	emote awoo
	emote boop
	emote owo
	Arbitrary emotes such as "^.^" may also be sent. Only uppercase,
	letters, most special characters, and lowercase "o" are supported.
	emote '^.^'
	emote '>.>'
	emote 'o.o'
	rabies - Broadcasts a rabid beacon, just as a normal rabid badge would.
	EOHELP
	exit
	}


	function decToHex {
	printf "%02x" "$1"
	}


	function setAdvertParams {
	data="$1"
	len="$(($(echo "$data" \| sed 's/ //g' \| wc -c - \| sed 's/ .*//') / 2 + 3))"
	hex_len="$(decToHex "$len")"
	# https://gist.github.com/GermaniumSystem/d785ab9717dda672419740a40b0623bb
	hcitool -i "$IFACE" cmd 0x08 0x0008 1E 03 19 dc 26 02 01 06 0b 09 44 45 46 43 4f 4e 46 75 72 73 $hex_len ff ff 71 $data 00 >/dev/null
	}


	function asciiToHex {
	# This limits the input to 16 bytes, but no commands should be this long.
	printf -- "$1" \| od -t x1 \| head -n 1 \| sed -r 's/^[^ ]+ //'
	}


	function serialHex {
	# The two bytes need to be flipped for the subsequent hcitool command.
	printf "%04x\n" "$SN" \| sed -r 's/(..)(..)/\2 \1/'
	}


	function ctrl_c {
	# Stop transmitting on ^C.
	hciconfig "$IFACE" noleadv
	echo -e "\nTransmission stopped."
	}


	# Sanity checks.
	if [ -z "$(which hciconfig)" ] ; then
	echo "Could not locate hciconfig! Does this system have BlueZ?"
	exit 10
	fi
	if [ -z "$1" ] ; then
	printHelp
	fi
	if [ "$(id -u)" -ne "0" ] ; then
	echo -e "\nWARNING: This script probably won't work when not run by root.\n"
	fi
	if ps ax \| grep -v 'grep' \| grep -qi 'bluetoothd' ; then
	echo -e "\nWARNING: bluetoothd is running! This may break things.\n"
	fi


	# Parse args.
	while [[ $# -gt 0 ]]; do
	key=$1
	case $key in
	-h\|--help)
	printHelp
	;;
	-i\|--interface)
	IFACE="$2"
	shift
	shift
	;;
	-s\|--serial)
	SN="$2"
	shift
	shift
	;;
	*)
	cmd="$1"
	if [ -n "$2" ] ; then
	arg="$2"
	shift
	fi
	shift
	;;
	esac
	done


	#echo "Generating payload..."
	sn_bytes="$(serialHex)"
	case $cmd in
	awoo)
	# Magic byte, two serial num bytes, TTL byte, two origin serial num bytes.
	data="$MAGIC_AWOO $sn_bytes ff $sn_bytes"
	;;
	beacon)
	# Magic byte, two serial num bytes.
	data="$MAGIC_BEACON $sn_bytes"
	;;
	cure)
	# Magic byte, two serial num bytes, CURE.
	cure_hex="$(asciiToHex 'CURE')"
	data="$MAGIC_CURE $sn_bytes $cure_hex"
	;;
	emote)
	# Magic byte, two serial num bytes, optional emote bytes.
	if [ -n "$arg" ] ; then
	arg_hex="$(asciiToHex "$arg")"
	fi
	data="$MAGIC_EMOTE $sn_bytes $arg_hex"
	;;
	rabies)
	# Magic byte, two serial num bytes.
	data="$MAGIC_RABIES $sn_bytes"
	;;
	*)
	echo "Unknown command."
	exit 2
	;;
	esac


	echo "Bringing interface $IFACE up..."
	hciconfig "$IFACE" up

	#echo "Setting advertisement parameters..."
	setAdvertParams "$data"

	#echo "Enabling advertisement..."
	hciconfig "$IFACE" leadv 3

	trap ctrl_c INT

	printf "Broadcasting! Press ^C to stop transmission."
	while true ; do
	printf '.'
	sleep 1s
	done