Initial commit — FlipperDroid v0.1.0-poc

KernelSU module + Flipper Zero FAP that bridges both devices into a
unified pentesting platform over USB CDC serial / BT rfcomm.

Android side: bridge daemon, WebUI (:8089), bind mount namespace
isolation stealth engine. Flipper side: proper FAP with 4-view GUI,
GPIO/SubGHz/IR/file command handlers, async event streaming.

service.sh

@@ -0,0 +1,188 @@
+#!/system/bin/sh
+# FlipperDroid — late service script
+# Discovers Flipper Zero, starts bridge daemon and WebUI
+
+MODDIR=${0%/*}
+CONFIG_DIR="/data/adb/flipperdroid"
+CONFIG_FILE="$CONFIG_DIR/config.sh"
+LOG_FILE="$CONFIG_DIR/logs/flipperdroid.log"
+PID_FILE="$CONFIG_DIR/daemon.pid"
+BRIDGE_PID_FILE="$CONFIG_DIR/bridge.pid"
+
+log() {
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >> "$LOG_FILE"
+}
+
+mkdir -p "$CONFIG_DIR/logs"
+source "$CONFIG_FILE" 2>/dev/null
+
+log "FlipperDroid service starting"
+
+#############################
+# Discover Flipper Zero
+#############################
+
+discover_flipper_usb() {
+  local flipper_dev=""
+
+  # Flipper Zero USB VID:PID = 0483:5740
+  for dev in /sys/bus/usb/devices/*; do
+    [ -f "$dev/idVendor" ] || continue
+    local vid=$(cat "$dev/idVendor" 2>/dev/null)
+    local pid=$(cat "$dev/idProduct" 2>/dev/null)
+
+    if [ "$vid" = "0483" ] && [ "$pid" = "5740" ]; then
+      local serial=$(cat "$dev/serial" 2>/dev/null)
+      local product=$(cat "$dev/product" 2>/dev/null)
+      log "Found Flipper Zero: $product (serial: $serial)"
+      echo "$product" > "$CONFIG_DIR/flipper_product"
+      echo "$serial" > "$CONFIG_DIR/flipper_serial"
+
+      # Find the associated ttyACM device
+      for tty in /dev/ttyACM*; do
+        if [ -c "$tty" ]; then
+          # Verify this tty belongs to the Flipper
+          local tty_num=$(echo "$tty" | grep -o '[0-9]*$')
+          local tty_dev_path=$(readlink -f "/sys/class/tty/ttyACM${tty_num}/device" 2>/dev/null)
+          if echo "$tty_dev_path" | grep -q "$vid"; then
+            flipper_dev="$tty"
+            break
+          fi
+        fi
+      done
+
+      # Fallback: just use first ttyACM if verification failed
+      if [ -z "$flipper_dev" ]; then
+        for tty in /dev/ttyACM*; do
+          [ -c "$tty" ] && flipper_dev="$tty" && break
+        done
+      fi
+      break
+    fi
+  done
+
+  echo "$flipper_dev"
+}
+
+discover_flipper_bt() {
+  # Look for paired Flipper via BT serial
+  # Flipper Zero advertises as "Flipper <name>"
+  local bt_dev=""
+
+  # Check rfcomm devices
+  for dev in /dev/rfcomm*; do
+    [ -c "$dev" ] && bt_dev="$dev" && break
+  done
+
+  # If no rfcomm, try to find via bluetoothctl paired devices
+  if [ -z "$bt_dev" ]; then
+    local flipper_mac=$(bluetoothctl paired-devices 2>/dev/null | grep -i "flipper" | awk '{print $2}')
+    if [ -n "$flipper_mac" ]; then
+      log "Found paired Flipper at $flipper_mac, attempting rfcomm bind"
+      rfcomm bind 0 "$flipper_mac" 1 2>/dev/null
+      sleep 1
+      [ -c /dev/rfcomm0 ] && bt_dev="/dev/rfcomm0"
+    fi
+  fi
+
+  echo "$bt_dev"
+}
+
+find_flipper() {
+  local conn_mode="${CONN_MODE:-auto}"
+  local device=""
+
+  case "$conn_mode" in
+    usb)
+      device=$(discover_flipper_usb)
+      ;;
+    bluetooth)
+      device=$(discover_flipper_bt)
+      ;;
+    auto)
+      # Try USB first (faster, more reliable), fall back to BT
+      device=$(discover_flipper_usb)
+      if [ -z "$device" ]; then
+        log "No USB Flipper found, trying Bluetooth..."
+        device=$(discover_flipper_bt)
+        [ -n "$device" ] && echo "bluetooth" > "$CONFIG_DIR/conn_type" || echo "none" > "$CONFIG_DIR/conn_type"
+      else
+        echo "usb" > "$CONFIG_DIR/conn_type"
+      fi
+      ;;
+  esac
+
+  echo "$device"
+}
+
+#############################
+# Wait for Flipper connection
+#############################
+
+FLIPPER_DEV=""
+RETRY_COUNT=0
+MAX_RETRIES=30
+
+while [ -z "$FLIPPER_DEV" ] && [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
+  FLIPPER_DEV=$(find_flipper)
+  if [ -z "$FLIPPER_DEV" ]; then
+    RETRY_COUNT=$((RETRY_COUNT + 1))
+    if [ $RETRY_COUNT -eq 1 ]; then
+      log "Waiting for Flipper Zero connection..."
+    fi
+    sleep 2
+  fi
+done
+
+if [ -z "$FLIPPER_DEV" ]; then
+  log "No Flipper Zero detected after ${MAX_RETRIES} attempts. Running in standby mode."
+  echo "disconnected" > "$CONFIG_DIR/status"
+  echo "" > "$CONFIG_DIR/flipper_dev"
+else
+  log "Flipper Zero connected on $FLIPPER_DEV"
+  echo "connected" > "$CONFIG_DIR/status"
+  echo "$FLIPPER_DEV" > "$CONFIG_DIR/flipper_dev"
+
+  # Set serial parameters
+  stty -F "$FLIPPER_DEV" ${BAUD_RATE:-115200} raw -echo -echoe -echok 2>/dev/null
+fi
+
+#############################
+# Start bridge daemon
+#############################
+
+if [ -f "$BRIDGE_PID_FILE" ]; then
+  kill $(cat "$BRIDGE_PID_FILE") 2>/dev/null
+  rm -f "$BRIDGE_PID_FILE"
+fi
+
+log "Starting FlipperDroid bridge daemon"
+nohup /system/bin/flipperdroidd >> "$LOG_FILE" 2>&1 &
+echo $! > "$BRIDGE_PID_FILE"
+
+#############################
+# Start WebUI
+#############################
+
+if [ -f "$PID_FILE" ]; then
+  kill $(cat "$PID_FILE") 2>/dev/null
+  rm -f "$PID_FILE"
+fi
+
+log "Starting WebUI on port ${WEBUI_PORT:-8089}"
+nohup /system/bin/flipperdroid-webui >> "$LOG_FILE" 2>&1 &
+echo $! > "$PID_FILE"
+
+#############################
+# Apply stealth layer
+#############################
+
+if [ -f "$CONFIG_DIR/stealth_map.conf" ]; then
+  log "Applying stealth namespace isolation"
+  /system/bin/fd-stealth apply >> "$LOG_FILE" 2>&1
+else
+  # Still apply basic FlipperDroid hiding (port firewall, config perms)
+  /system/bin/fd-stealth hide-dev >> "$LOG_FILE" 2>&1
+fi
+
+log "FlipperDroid service started (bridge PID: $(cat $BRIDGE_PID_FILE), webui PID: $(cat $PID_FILE))"