============================================================================================================================================= | # Title : AirPlay Dual‑Mode Discovery Scanner for Flipper Zero ESP32 WiFi Dev Board | | # Author : indoushka | | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) | | # Vendor : https://www.apple.com/airplay/ | ============================================================================================================================================= [+] Summary : This project implements a dual‑mode AirPlay discovery scanner using an ESP32 WiFi Dev Board attached to a Flipper Zero. The tool is designed strictly for network discovery and visibility, not exploitation. The scanner supports two operating modes: [+] WiFi mDNS Mode (Connected Mode) Connects to a specified WiFi network. Listens to multicast DNS (mDNS) traffic on UDP port 5353. Detects AirPlay service advertisements: _airplay._tcp.local _raop._tcp.local Identifies unique device IP addresses. Prevents duplicate counting. Displays total discovered AirPlay devices. This mode provides higher accuracy because it operates within the network and processes legitimate multicast service announcements. [+] Sniffer Mode (Promiscuous Mode – No WiFi Password Required) Enables ESP32 promiscuous mode. Passively monitors nearby wireless traffic. Searches packet payloads for AirPlay service identifiers. Counts detected broadcast announcements. This mode does not connect to any network and does not transmit packets. It passively inspects broadcast traffic only. [+] What It Detects The scanner may discover devices such as: Apple TV Devices running iOS Systems running macOS [+] POC : #include <WiFi.h> #include <WiFiUdp.h> #include "esp_wifi.h" WiFiUDP udp; const char* ssid = "YOUR_WIFI"; const char* password = "YOUR_PASSWORD"; const int MDNS_PORT = 5353; const IPAddress multicastIP(224, 0, 0, 251); #define MAX_DEVICES 50 IPAddress discoveredIPs[MAX_DEVICES]; int deviceCount = 0; bool wifiMode = true; bool alreadyDiscovered(IPAddress ip) { for (int i = 0; i < deviceCount; i++) { if (discoveredIPs[i] == ip) return true; } return false; } void startWiFiMode() { Serial.println("Starting WiFi mDNS Mode..."); WiFi.mode(WIFI_STA); WiFi.begin(ssid, password); while (WiFi.status() != WL_CONNECTED) { delay(500); Serial.print("."); } Serial.println("\nConnected!"); Serial.print("IP: "); Serial.println(WiFi.localIP()); udp.beginMulticast(WiFi.localIP(), multicastIP, MDNS_PORT); } void sniffer(void* buf, wifi_promiscuous_pkt_type_t type) { wifi_promiscuous_pkt_t *pkt = (wifi_promiscuous_pkt_t*)buf; uint8_t *payload = pkt->payload; for (int i = 0; i < pkt->rx_ctrl.sig_len; i++) { if (i < pkt->rx_ctrl.sig_len - 12) { if (memcmp(payload + i, "_airplay._tcp", 13) == 0 || memcmp(payload + i, "_raop._tcp", 10) == 0) { deviceCount++; Serial.println("================================="); Serial.println("AirPlay Broadcast Detected (Sniffer)"); Serial.print("Total Detected: "); Serial.println(deviceCount); Serial.println("================================="); break; } } } } void startSnifferMode() { Serial.println("Starting Sniffer Mode..."); WiFi.mode(WIFI_MODE_NULL); esp_wifi_set_promiscuous(true); esp_wifi_set_promiscuous_rx_cb(&sniffer); } void setup() { Serial.begin(115200); delay(1000); Serial.println("AirPlay Dual Mode Scanner"); Serial.println("Type 1 for WiFi Mode"); Serial.println("Type 2 for Sniffer Mode"); while (!Serial.available()) { delay(100); } char choice = Serial.read(); if (choice == '2') { wifiMode = false; startSnifferMode(); } else { wifiMode = true; startWiFiMode(); } } void loop() { if (wifiMode) { int packetSize = udp.parsePacket(); if (packetSize) { char packet[512]; int len = udp.read(packet, sizeof(packet) - 1); if (len > 0) packet[len] = 0; String data = String(packet); if (data.indexOf("_airplay._tcp") >= 0 || data.indexOf("_raop._tcp") >= 0) { IPAddress remoteIP = udp.remoteIP(); if (!alreadyDiscovered(remoteIP) && deviceCount < MAX_DEVICES) { discoveredIPs[deviceCount] = remoteIP; deviceCount++; Serial.println("================================="); Serial.println("New AirPlay Device Found (WiFi)"); Serial.print("IP: "); Serial.println(remoteIP); Serial.print("Total Devices: "); Serial.println(deviceCount); Serial.println("================================="); } } } } delay(10); } Greetings to :============================================================================== jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)| ============================================================================================
Vote for this issue:
50%
50%
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。