Skip to content

Commit f034b8a

Browse files
NetdexNetdex
committed
Optimizations
New modules Restructuring
1 parent d2037aa commit f034b8a

File tree

14 files changed

+486
-149
lines changed

14 files changed

+486
-149
lines changed

app/src/main/java/cf/netdex/hidfuzzer/MainActivity.java

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,17 @@
11
package cf.netdex.hidfuzzer;
22

3-
import android.content.Context;
43
import android.os.Bundle;
54
import android.support.v7.app.AppCompatActivity;
65
import android.widget.CompoundButton;
76
import android.widget.Spinner;
8-
import android.widget.TextView;
97
import android.widget.ToggleButton;
108

11-
import cf.netdex.hidfuzzer.hid.HID;
9+
import cf.netdex.hidfuzzer.task.PowershellTask;
10+
import cf.netdex.hidfuzzer.task.DownloadTask;
11+
import cf.netdex.hidfuzzer.task.WallpaperTask;
1212
import cf.netdex.hidfuzzer.task.FuzzerTask;
1313
import cf.netdex.hidfuzzer.task.HIDTask;
1414
import cf.netdex.hidfuzzer.task.TestTask;
15-
import cf.netdex.hidfuzzer.util.Func;
1615

1716
public class MainActivity extends AppCompatActivity {
1817

@@ -23,33 +22,36 @@ protected void onCreate(Bundle savedInstanceState) {
2322
super.onCreate(savedInstanceState);
2423
setContentView(R.layout.activity_main);
2524

26-
final TextView txtStatus = (TextView) findViewById(R.id.txtStatus);
25+
2726
final ToggleButton btnPoll = (ToggleButton) findViewById(R.id.btnPoll);
2827
final Spinner spnTask = (Spinner) findViewById(R.id.spnTask);
2928

30-
final Func<HIDTask.RunState> updatef = new Func<HIDTask.RunState>() {
31-
@Override
32-
public void run(HIDTask.RunState... s) {
33-
txtStatus.setText(s[0].name());
34-
}
35-
};
3629
btnPoll.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
3730
@Override
3831
public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
3932
if (isChecked) {
4033
String stask = (String) spnTask.getSelectedItem();
4134
switch(stask){
4235
case "Fuzzer":
43-
RUNNING_TASK = new FuzzerTask(MainActivity.this, updatef);
36+
RUNNING_TASK = new FuzzerTask(MainActivity.this);
4437
break;
4538
case "Test":
46-
RUNNING_TASK = new TestTask(MainActivity.this, updatef);
39+
RUNNING_TASK = new TestTask(MainActivity.this);
40+
break;
41+
case "Wallpaper":
42+
RUNNING_TASK = new WallpaperTask(MainActivity.this);
43+
break;
44+
case "Download":
45+
RUNNING_TASK = new DownloadTask(MainActivity.this);
46+
break;
47+
case "PowerShell":
48+
RUNNING_TASK = new PowershellTask(MainActivity.this);
4749
break;
4850
}
4951
RUNNING_TASK.execute();
5052
} else {
5153
if (RUNNING_TASK != null)
52-
RUNNING_TASK.cancel(true);
54+
RUNNING_TASK.cancel(false);
5355
}
5456
}
5557
});

app/src/main/java/cf/netdex/hidfuzzer/hid/HID.java

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,21 @@
22

33
import android.util.Log;
44

5+
import java.util.Arrays;
56
import java.util.concurrent.CountDownLatch;
67

78
import eu.chainfire.libsuperuser.Shell;
89

910
/**
11+
* Native communication with HID devices
12+
*
1013
* Created by netdex on 1/15/2017.
1114
*/
1215

1316
public class HID {
17+
private static byte[] mouse_buf = new byte[4];
18+
private static byte[] keyboard_buf = new byte[8];
19+
1420
/**
1521
* A B C D
1622
* XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
@@ -23,41 +29,38 @@ public class HID {
2329
* @param sh SU shell
2430
* @param dev Mouse device (/dev/hidg1)
2531
* @param offset HID mouse bytes
26-
* @return error code
32+
* @return error c
2733
*/
2834
public static int hid_mouse(Shell.Interactive sh, String dev, byte... offset) {
2935
if (offset.length > 4)
3036
throw new IllegalArgumentException("Your mouse can only move in two dimensions");
31-
byte[] buf = new byte[4];
32-
System.arraycopy(offset, 0, buf, 0, offset.length);
33-
return write_bytes(sh, dev, buf);
37+
Arrays.fill(mouse_buf, (byte) 0);
38+
System.arraycopy(offset, 0, mouse_buf, 0, offset.length);
39+
return write_bytes(sh, dev, mouse_buf);
3440
}
3541

3642
/**
3743
* A B C D E F G H
3844
* XXXXXXXX 00000000 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
3945
* <p>
40-
* A: Key modifier mask
46+
* A: K modifier mask
4147
* B: Reserved
42-
* C: Key 1; D: Key 2; E: Key 3; F: Key 4; G: Key 5; H: Key 6;
48+
* C: K 1; D: K 2; E: K 3; F: K 4; G: K 5; H: K 6;
4349
*
4450
* @param sh SU shell
45-
* @param dev Keyboard device (/dev/hidg0)
51+
* @param dev KB device (/dev/hidg0)
4652
* @param keys HID keyboard bytes
47-
* @return error code
53+
* @return error c
4854
*/
4955
public static int hid_keyboard(Shell.Interactive sh, String dev, byte... keys) {
5056
if (keys.length > 7)
5157
throw new IllegalArgumentException("Cannot send more than 6 keys");
52-
byte[] buf = new byte[8];
53-
if (keys.length > 0) buf[0] = keys[0];
54-
if (keys.length > 1) System.arraycopy(keys, 1, buf, 2, keys.length - 1);
55-
return write_bytes(sh, dev, buf);
58+
Arrays.fill(keyboard_buf, (byte) 0);
59+
if (keys.length > 0) keyboard_buf[0] = keys[0];
60+
if (keys.length > 1) System.arraycopy(keys, 1, keyboard_buf, 2, keys.length - 1);
61+
return write_bytes(sh, dev, keyboard_buf);
5662
}
5763

58-
// TODO read state of NUM_LOCK, CAPS_LOCK, and SCROLL_LOCK by reading /dev/hidg0
59-
// lol you can create a serial line by flashing the num and caps lights, probably 10 baud though
60-
6164
private static int write_bytes(Shell.Interactive sh, String dev, byte[] arr) {
6265
String bt = escapeBytes(arr);
6366
final Integer[] err = {-1};

app/src/main/java/cf/netdex/hidfuzzer/hid/HIDR.java

Lines changed: 98 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,11 @@
66
import java.io.InputStream;
77

88
import cf.netdex.hidfuzzer.MainActivity;
9-
import cf.netdex.hidfuzzer.util.SUExecute;
109
import eu.chainfire.libsuperuser.Shell;
1110

1211
/**
12+
* Wrapper for HID class for ease of usage
13+
*
1314
* Created by netdex on 1/16/2017.
1415
*/
1516

@@ -34,6 +35,10 @@ public void delay(long m) {
3435
}
3536
}
3637

38+
public int test(){
39+
return hid_keyboard((byte) 0, Input.KB.K.VOLUME_UP.c);
40+
}
41+
3742
public int hid_mouse(byte... offset) {
3843
return HID.hid_mouse(mSU, mDevMouse, offset);
3944
}
@@ -49,21 +54,26 @@ public int press_keys(byte... keys) {
4954
return ec;
5055
}
5156

52-
/* String to code conversion tables */
57+
/* Begin string to c conversion tables */
5358
private static final String MP_ALPHA = "abcdefghijklmnopqrstuvwxyz"; // 0x04
5459
private static final String MP_ALPHA_ALT = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; // 0x04 SHIFT
5560
private static final String MP_NUM = "1234567890"; // 0x1E
5661
private static final String MP_NUM_ALT = "!@#$%^&*()"; // 0x1E SHIFT
5762
private static final String MP_SPEC = " -=[]\\#;'`,./"; // 0x2C
5863
private static final String MP_SPEC_ALT = " _+{}| :\"~<>?"; // 0x2C SHIFT
64+
private static final String MP_SU_SPEC = "\n"; // 0X28
5965

60-
private static final String[] AP_ATT = {MP_ALPHA, MP_ALPHA_ALT, MP_NUM, MP_NUM_ALT, MP_SPEC, MP_SPEC_ALT};
61-
private static final boolean[] AP_SHIFT = {false, true, false, true, false, true};
62-
private static final byte[] AP_OFFSET = {0x04, 0x04, 0x1E, 0x1E, 0x2C, 0x2C};
66+
private static final String[] AP_ATT = {MP_ALPHA, MP_ALPHA_ALT, MP_NUM, MP_NUM_ALT, MP_SPEC, MP_SPEC_ALT, MP_SU_SPEC};
67+
private static final boolean[] AP_SHIFT = {false, true, false, true, false, true, false};
68+
private static final byte[] AP_OFFSET = {0x04, 0x04, 0x1E, 0x1E, 0x2C, 0x2C, 0x28};
6369

64-
public int send_string(String s) {
65-
int ec = 0;
66-
for (char c : s.toCharArray()) {
70+
private static final byte[] AP_MAP_CODE = new byte[128];
71+
private static final boolean[] AP_MAP_SHIFT = new boolean[128];
72+
73+
// build fast conversion tables from human readable data
74+
static {
75+
for (int i = 0; i < 128; i++) {
76+
char c = (char) i;
6777
boolean shift = false;
6878
byte code = 0;
6979

@@ -77,28 +87,57 @@ public int send_string(String s) {
7787
}
7888
idx++;
7989
}
80-
if (idx == AP_ATT.length)
81-
throw new IllegalArgumentException("Given string contains illegal characters");
90+
if (idx == AP_ATT.length) {
91+
AP_MAP_CODE[i] = -1;
92+
} else {
93+
AP_MAP_CODE[i] = code;
94+
AP_MAP_SHIFT[i] = shift;
95+
}
96+
}
97+
}
98+
/* End string to c conversion tables */
99+
100+
public int send_string(String s) {
101+
return send_string(s, 0);
102+
}
82103

83-
ec |= hid_keyboard(shift ? Input.Keyboard.ModifierMask.LSHIFT.code : 0, code);
104+
public int send_string(String s, int d) {
105+
int ec = 0;
106+
char lc = Character.MIN_VALUE;
107+
for (char c : s.toCharArray()) {
108+
byte cd = AP_MAP_CODE[(int) c];
109+
boolean st = AP_MAP_SHIFT[(int) c];
110+
if (cd == -1)
111+
throw new IllegalArgumentException("Given string contains illegal characters");
112+
if (c == lc)
113+
ec |= hid_keyboard();
114+
ec |= hid_keyboard(st ? Input.KB.M.LSHIFT.c : 0, cd);
115+
if (d != 0)
116+
delay(d);
117+
lc = c;
84118
}
85119
ec |= hid_keyboard();
86120
return ec;
87121
}
88122

89-
public KeyboardLightListener getKeyboardLightListener(){
123+
public KeyboardLightListener getKeyboardLightListener() {
90124
return mKeyboardLightListener;
91125
}
92126

93127
public class KeyboardLightListener {
94128
private Process mKeyboardLightProc;
95129
private InputStream mKeyboardLightStream;
130+
private int mLastLightState;
96131

97132
public int start() {
98133
if (mKeyboardLightProc != null)
99-
throw new IllegalArgumentException("Keyboard light proc already running");
134+
throw new IllegalArgumentException("KB light proc already running");
100135

101-
mKeyboardLightProc = SUExecute.execute("cat " + mDevKeyboard);
136+
try {
137+
mKeyboardLightProc = Runtime.getRuntime().exec("cat " + mDevKeyboard);
138+
} catch (IOException e) {
139+
e.printStackTrace();
140+
}
102141
if (mKeyboardLightProc != null) {
103142
mKeyboardLightStream = mKeyboardLightProc.getInputStream();
104143
return 0;
@@ -118,23 +157,62 @@ public int start() {
118157
public int read() {
119158
try {
120159
if (mKeyboardLightStream != null)
121-
return mKeyboardLightStream.read();
160+
return mLastLightState = mKeyboardLightStream.read();
122161
return -1;
123162
} catch (IOException e) {
124163
Log.d(MainActivity.TAG, "Light stream forcibly terminated");
125164
return -1;
126165
}
127166
}
128167

168+
public int available() {
169+
if (mKeyboardLightStream != null) {
170+
try {
171+
return mKeyboardLightStream.available();
172+
} catch (IOException e) {
173+
e.printStackTrace();
174+
}
175+
}
176+
return -1;
177+
}
178+
129179
public void kill() {
130-
try {
180+
// HACK don't stare at this for too long, or your eyes will burn out
181+
// Field f = mKeyboardLightProc.getClass().getDeclaredField("pid");
182+
// f.setAccessible(true);
183+
// long pid = f.getLong(mKeyboardLightProc);
184+
// f.setAccessible(false);
185+
// String cmd = "pkill -KILL -P " + pid;
186+
// Log.d("A", cmd);
187+
// mSU.addCommand(cmd, 0, new Shell.OnCommandLineListener() {
188+
// @Override
189+
// public void onCommandResult(int commandCode, int exitCode) {
190+
// Log.d("A", commandCode + " " + exitCode);
191+
// }
192+
//
193+
// @Override
194+
// public void onLine(String line) {
195+
// Log.d("A", line);
196+
// }
197+
// });
198+
if (mKeyboardLightStream != null) {
199+
try {
200+
mKeyboardLightStream.close();
201+
} catch (IOException e) {
202+
e.printStackTrace();
203+
}
204+
mKeyboardLightStream = null;
205+
}
206+
207+
// close the stream before killing the process
208+
if (mKeyboardLightProc != null) {
131209
mKeyboardLightProc.destroy();
132210
mKeyboardLightProc = null;
133-
mKeyboardLightStream.close();
134-
mKeyboardLightStream = null;
135-
} catch (IOException e) {
136-
e.printStackTrace();
137211
}
138212
}
213+
214+
public int getLastLightState() {
215+
return mLastLightState;
216+
}
139217
}
140218
}

app/src/main/java/cf/netdex/hidfuzzer/hid/Input.java

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,21 +6,21 @@
66

77
public class Input {
88

9-
public static class Mouse {
10-
public enum Buttons {
9+
public static class M {
10+
public enum B {
1111
BUTTON_LEFT(0x1),
1212
BUTTON_RIGHT(0x2),
1313
BUTTON_MIDDLE(0x4);
1414
public byte code;
1515

16-
Buttons(int code) {
16+
B(int code) {
1717
this.code = (byte) code;
1818
}
1919
}
2020
}
2121

22-
public static class Keyboard {
23-
public enum ModifierMask {
22+
public static class KB {
23+
public enum M {
2424
LCTRL(0x1),
2525
LSHIFT(0x2),
2626
LALT(0x4),
@@ -30,14 +30,14 @@ public enum ModifierMask {
3030
RALT(0x40),
3131
RSUPER(0x80); // Windows key
3232

33-
public byte code;
33+
public byte c;
3434

35-
ModifierMask(int code) {
36-
this.code = (byte) code;
35+
M(int c) {
36+
this.c = (byte) c;
3737
}
3838
}
3939

40-
public enum Key {
40+
public enum K {
4141
A(0X04),
4242
B(0X05),
4343
C(0X06),
@@ -180,10 +180,10 @@ public enum Key {
180180
VOLUME_UP(0x80),
181181
VOLUME_DOWN(0x81);
182182

183-
public byte code;
183+
public byte c;
184184

185-
Key(int code) {
186-
this.code = (byte) code;
185+
K(int c) {
186+
this.c = (byte) c;
187187
}
188188
}
189189
}

0 commit comments

Comments
 (0)