/EvilAppleJuice-ESP32

Spam Apple Proximity Messages via an ESP32

Primary LanguageC++Do What The F*ck You Want To Public LicenseWTFPL

EvilAppleJuice ESP32

Spam BLE advertisements on iPhones!

iPhone 15s (latest) Older iPhones
iphone_15.mp4
iphone_old.mp4

Based off of the work of ronaldstoner in the AppleJuice repository.

Also thanks to simondankelmann for their discoveries in new advertising messages to pop-up new notifications in iOS devices source

With the randomization optimizations it can render an iPhone almost useless with a single ESP32 (a new notification as soon as you close the old one).

Confirmed on:

  • iPhone 15 (running iOS 17.1.2)
  • iPhone 14 Pro Max (running iOS 17.2 b3) (See #19)
  • iPhone 14 Pro (running iOS 16.6.1)
  • iPhone 13 Pro (running iOS 17.4 (21E5184k))
  • iPhone 11 (running iOS 16.6.1)
  • iPhone X (running iOS 14.8 (18H17)) - only "AppleTV Keyboard", "TV Color Balance", "AppleTV Setup", "AppleTV Homekit Setup", "AppleTV New User".
  • iPad Pro 11 (running iPadOS 17.3 (21D50))

Not working on:

  • iPhone 4S (running iOS 10.3 (14E277))

Other observations:

  • Doesn't seem to spawn notifications if Keyboard is open / Camera is open

Video Demo

Single ESP32 vs. iPhone 14 Pro @ iOS 16.6.1

applexd.mp4

Notable Differences

This implementation makes the following changes:

  • Random source MAC address (including BLE_ADDR_TYPE_RANDOM)
  • Randomly pick BLE Advertisement Type (this may lead to more success)
  • Randomly pick one of the possible devices
  • Sets the ESP32 BLE Power to the maximum (9dBm) to increase range

And it makes these random choices every time it runs (default re-advertise every second).

Given the 29 devices and the 3 advertisement types, there are a total of 87 unique possible advertisements (ignoring the random source MAC) possible, of which one is broadcast every second.

Usage

Clone the repo, and easiest would be to use VS Code w/ PlatformIO to upload it to your ESP32.

This project has been tested on an ESP32-C3 from AirM2M.

Via Arduino-CLI

Windows

If you've setup the Arduino CLI, e.g. via https://wellys.com/posts/esp32_cli/ , then you can cd into the src folder, and run the following:

arduino-cli compile --fqbn esp32:esp32:esp32c6 EvilAppleJuice-ESP32-INO -v
arduino-cli upload -p COM4 --fqbn esp32:esp32:esp32c6 EvilAppleJuice-ESP32-INO -v
arduino-cli monitor -c baudrate=115200 -p COM4

Replace COM4 with the port the ESP32 is on, and esp32c6 with the appropriate board.

Spamming a specific device

Some basic instructions are here: ckcr4lyf#42 (comment) , but if you're not a script kiddie you can probably figure it out.