Initial commit — FlipperDroid v0.1.0-poc

KernelSU module + Flipper Zero FAP that bridges both devices into a unified pentesting platform over USB CDC serial / BT rfcomm. Android side: bridge daemon, WebUI (:8089), bind mount namespace isolation stealth engine. Flipper side: proper FAP with 4-view GUI, GPIO/SubGHz/IR/file command handlers, async event streaming.
2026-03-31 21:26:58 -07:00
commit be81a92d44
22 changed files with 4191 additions and 0 deletions
--- a/flipper/fd_protocol.h
+++ b/flipper/fd_protocol.h
@@ -0,0 +1,90 @@
+/**
+ * FlipperDroid Bridge Protocol v0.1
+ * Shared definitions between all source files.
+ */
+
+#pragma once
+
+#include <stdint.h>
+#include <stdbool.h>
+
+/* Wire format: [MAGIC_HI][MAGIC_LO][LEN_HI][LEN_LO][CMD][PAYLOAD...][CRC8] */
+#define FD_MAGIC_HI    0xFD
+#define FD_MAGIC_LO    0x01
+#define FD_MAX_PAYLOAD 2048
+#define FD_VERSION     "0.1.0"
+#define FD_DEVICE_NAME "FlipperDroid"
+
+/* ---- Commands (Phone -> Flipper) ---- */
+typedef enum {
+    FdCmdPing          = 0x01,
+    FdCmdVersion       = 0x02,
+    FdCmdCapabilities  = 0x03,
+    FdCmdStatus        = 0x04,
+
+    FdCmdGpioInit      = 0x10,
+    FdCmdGpioWrite     = 0x11,
+    FdCmdGpioRead      = 0x12,
+    FdCmdGpioPwm       = 0x13,
+    FdCmdGpioAdcRead   = 0x14,
+
+    FdCmdSubghzSetFreq = 0x20,
+    FdCmdSubghzTx      = 0x21,
+    FdCmdSubghzRxStart = 0x22,
+    FdCmdSubghzRxStop  = 0x23,
+    FdCmdSubghzGetRssi = 0x24,
+
+    FdCmdIrTx          = 0x50,
+    FdCmdIrTxRaw       = 0x51,
+    FdCmdIrRxStart     = 0x52,
+    FdCmdIrRxStop      = 0x53,
+
+    FdCmdFileList      = 0x90,
+    FdCmdFileRead      = 0x91,
+    FdCmdFileWrite     = 0x92,
+    FdCmdFileDelete    = 0x93,
+} FdCommand;
+
+/* ---- Events (Flipper -> Phone, async push) ---- */
+typedef enum {
+    FdEventGpioIrq   = 0xA0,
+    FdEventSubghzRx  = 0xA1,
+    FdEventIrRx      = 0xA2,
+    FdEventButton    = 0xA4,
+    FdEventCpuReq    = 0xA5,
+} FdEvent;
+
+/* Response / Error */
+#define FD_RESP_OK   0xFE
+#define FD_RESP_ERR  0xFF
+
+typedef enum {
+    FdErrUnknownCmd    = 0x01,
+    FdErrInvalidParams = 0x02,
+    FdErrDisabled      = 0x03,
+    FdErrHardware      = 0x04,
+    FdErrBusy          = 0x05,
+    FdErrTimeout       = 0x06,
+    FdErrNotSupported  = 0x07,
+} FdError;
+
+/* Capability bitmask reported by 0x03 */
+#define FD_CAP_GPIO    (1 << 0)
+#define FD_CAP_SUBGHZ  (1 << 1)
+#define FD_CAP_RFID    (1 << 2)
+#define FD_CAP_NFC     (1 << 3)
+#define FD_CAP_IR      (1 << 4)
+#define FD_CAP_IBUTTON (1 << 5)
+#define FD_CAP_BADUSB  (1 << 6)
+#define FD_CAP_CPU     (1 << 7)
+
+/* CRC8 Dallas/Maxim 0x31 */
+static inline uint8_t fd_crc8(const uint8_t* data, uint16_t len) {
+    uint8_t crc = 0;
+    for(uint16_t i = 0; i < len; i++) {
+        crc ^= data[i];
+        for(uint8_t j = 0; j < 8; j++)
+            crc = (crc & 0x80) ? ((crc << 1) ^ 0x31) : (crc << 1);
+    }
+    return crc;
+}