github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: next batch of scripts

Browse source
This commit is contained in:
iceman1001 2019-04-28 19:26:26 +02:00
commit 02c2ea5a15
8 changed files with 184 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

56
client/scripts/test_t55x7_ask.lua
View file

@ -6,11 +6,9 @@ local utils = require('utils')
local format=string.format local format=string.format
local floor=math.floor local floor=math.floor
example =[[ copyright = ''
1. script run test_t55x7_ask author = 'Iceman'
]] version = 'v1.0.1'
author = "Iceman"
usage = "script run test_t55x7_ask"
desc =[[ desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following: The outlined procedure is as following:
@ -38,12 +36,17 @@ Loop:
testsuit for the ASK/MANCHESTER demod testsuit for the ASK/MANCHESTER demod
]]
example =[[
1. script run test_t55x7_ask
]]
usage = [[
script run test_t55x7_ask
Arguments: Arguments:
-h : this help -h : this help
]] ]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag local DEBUG = true -- the debug flag
--BLOCK 0 = 00008040 ASK / MAN --BLOCK 0 = 00008040 ASK / MAN
@ -58,31 +61,34 @@ local procedurecmds = {
--- ---
-- A debug printout-function -- A debug printout-function
local function dbg(args) local function dbg(args)
if not DEBUG then if not DEBUG then return end
return if type(args) == 'table' then
end
if type(args) == "table" then
local i = 1 local i = 1
while args[i] do while result[i] do
dbg(args[i]) dbg(result[i])
i = i+1 i = i+1
end end
else else
print("###", args) print('###', args)
end end
end end
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function oops(err) local function oops(err)
print("ERROR: ",err) print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end end
--- ---
-- Usage help -- Usage help
local function help() local function help()
print(copyright)
print(author)
print(version)
print(desc) print(desc)
print("Example usage") print('Example usage')
print(example) print(example)
print(usage)
end end
-- --
-- Exit message -- Exit message
@ -95,7 +101,7 @@ end
local function test() local function test()
local y local y
local block = "00" local block = '00'
for y = 0x0, 0x1d, 0x4 do for y = 0x0, 0x1d, 0x4 do
for _ = 1, #procedurecmds do for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_] local pcmd = procedurecmds[_]
@ -106,12 +112,14 @@ local function test()
local config = pcmd:format(config1, y, config2) local config = pcmd:format(config1, y, config2)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write b 0 d %s'):format(config))
config = tonumber(config,16) config = tonumber(config, 16)
local wc = Command:newMIX{
local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"} cmd = cmds.CMD_T55XX_WRITE_BLOCK
local err = core.SendCommand(writecmd:getBytes()) , arg1 = config
if err then return oops(err) end , arg2 = block
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) }
local reponse, err = wc:sendMIX(false)
if not response then return oops(err) end
else else
dbg(pcmd) dbg(pcmd)
@ -130,7 +138,7 @@ local function main(args)
-- Arguments for the script -- Arguments for the script
for o, arg in getopt.getopt(args, 'h') do for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end if o == 'h' then return help() end
end end
core.clearCommandBuffer() core.clearCommandBuffer()

53
client/scripts/test_t55x7_bi.lua
View file

@ -3,12 +3,10 @@ local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
example =[[ copyright = ''
1. script run test_t55x7_bi author = 'Iceman'
]] version = 'v1.0.1'
author = "Iceman" desc = [[
usage = "script run test_t55x7_bi"
desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040
The outlined procedure is as following: The outlined procedure is as following:
@ -32,12 +30,17 @@ Loop:
testsuit for the BIPHASE demod testsuit for the BIPHASE demod
]]
example = [[
1. script run test_t55x7_bi
]]
usage = [[
script run test_t55x7_bi
Arguments: Arguments:
-h : this help -h : this help
]] ]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag local DEBUG = true -- the debug flag
--BLOCK 0 = 00010040 BIPHASE --BLOCK 0 = 00010040 BIPHASE
@ -52,31 +55,34 @@ local procedurecmds = {
--- ---
-- A debug printout-function -- A debug printout-function
local function dbg(args) local function dbg(args)
if not DEBUG then if not DEBUG then return end
return if type(args) == 'table' then
end
if type(args) == "table" then
local i = 1 local i = 1
while args[i] do while args[i] do
dbg(args[i]) dbg(args[i])
i = i+1 i = i+1
end end
else else
print("###", args) print('###', args)
end end
end end
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function oops(err) local function oops(err)
print("ERROR: ",err) print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end end
--- ---
-- Usage help -- Usage help
local function help() local function help()
print(copyright)
print(author)
print(version)
print(desc) print(desc)
print("Example usage") print('Example usage')
print(example) print(example)
print(usage)
end end
-- --
-- Exit message -- Exit message
@ -89,7 +95,7 @@ end
local function test() local function test()
local y local y
local block = "00" local block = '00'
for y = 1, 0x1D, 4 do for y = 1, 0x1D, 4 do
for _ = 1, #procedurecmds do for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_] local pcmd = procedurecmds[_]
@ -101,11 +107,14 @@ local function test()
local config = pcmd:format(config1, y, config2) local config = pcmd:format(config1, y, config2)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write b 0 d %s'):format(config))
config = tonumber(config,16) config = tonumber(config, 16)
local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"} local wc = Command:newMIX{
local err = core.SendCommand(writecmd:getBytes()) cmd = cmds.CMD_T55XX_WRITE_BLOCK
if err then return oops(err) end , arg1 = config
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) , arg2 = block
}
local reponse, err = wc:sendMIX(false)
if not response then return oops(err) end
else else
dbg(pcmd) dbg(pcmd)
core.console( pcmd ) core.console( pcmd )
@ -124,7 +133,7 @@ local function main(args)
-- Arguments for the script -- Arguments for the script
for o, arg in getopt.getopt(args, 'h') do for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end if o == 'h' then return help() end
end end
core.clearCommandBuffer() core.clearCommandBuffer()

53
client/scripts/test_t55x7_fsk.lua
View file

@ -3,12 +3,10 @@ local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
example =[[ copyright = ''
1. script run test_t55x7_fsk author = 'Iceman'
]] version = 'v1.0.1'
author = "Iceman" desc = [[
usage = "script run test_t55x7_fsk"
desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following: The outlined procedure is as following:
@ -33,14 +31,18 @@ Loop:
-xx 18 xxxx = RF/100 -xx 18 xxxx = RF/100
-xx 1C xxxx = RF/128 -xx 1C xxxx = RF/128
testsuit for the ASK/MANCHESTER demod testsuit for the ASK/MANCHESTER demod
]]
example = [[
1. script run test_t55x7_fsk
]]
usage = [[
script run test_t55x7_fsk
Arguments: Arguments:
-h : this help -h : this help
]] ]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag local DEBUG = true -- the debug flag
--BLOCK 0 = 00008040 FSK --BLOCK 0 = 00008040 FSK
@ -55,31 +57,34 @@ local procedurecmds = {
--- ---
-- A debug printout-function -- A debug printout-function
local function dbg(args) local function dbg(args)
if not DEBUG then if not DEBUG then return end
return if type(args) == 'table' then
end
if type(args) == "table" then
local i = 1 local i = 1
while args[i] do while args[i] do
dbg(args[i]) dbg(args[i])
i = i+1 i = i+1
end end
else else
print("###", args) print('###', args)
end end
end end
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function oops(err) local function oops(err)
print("ERROR: ",err) print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end end
--- ---
-- Usage help -- Usage help
local function help() local function help()
print(copyright)
print(author)
print(version)
print(desc) print(desc)
print("Example usage") print('Example usage')
print(example) print(example)
print(usage)
end end
-- --
-- Exit message -- Exit message
@ -92,7 +97,7 @@ end
local function test(modulation) local function test(modulation)
local y local y
local block = "00" local block = '00'
for y = 0x0, 0x1d, 0x4 do for y = 0x0, 0x1d, 0x4 do
for _ = 1, #procedurecmds do for _ = 1, #procedurecmds do
local pcmd = procedurecmds[_] local pcmd = procedurecmds[_]
@ -105,11 +110,13 @@ local function test(modulation)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write b 0 d %s'):format(config))
config = tonumber(config,16) config = tonumber(config,16)
local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"} local wc = Command:newMIX{
local err = core.SendCommand(writecmd:getBytes()) cmd = cmds.CMD_T55XX_WRITE_BLOCK
if err then return oops(err) end , arg1 = config
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) , arg2 = block
}
local reponse, err = wc:sendMIX(false)
if not response then return oops(err) end
else else
dbg(pcmd) dbg(pcmd)
core.console( pcmd ) core.console( pcmd )
@ -127,7 +134,7 @@ local function main(args)
-- Arguments for the script -- Arguments for the script
for o, arg in getopt.getopt(args, 'h') do for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end if o == 'h' then return help() end
end end
core.clearCommandBuffer() core.clearCommandBuffer()

59
client/scripts/test_t55x7_psk.lua
View file

@ -3,13 +3,10 @@ local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
example =[[ copyright = ''
1. script run test_t55x7_psk author = 'Iceman'
2. script run test_t55x7_psk -o version = 'v1.0.1'
]] desc = [[
author = "Iceman"
usage = "script run test_t55x7_psk"
desc =[[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040
The outlined procedure is as following: The outlined procedure is as following:
@ -30,12 +27,18 @@ Loop OUTER:
XXXXX8XX = PSK RF/8 XXXXX8XX = PSK RF/8
In all 12 individual test for the PSK demod In all 12 individual test for the PSK demod
]]
example = [[
1. script run test_t55x7_psk
2. script run test_t55x7_psk -o
]]
usage = [[
script run test_t55x7_psk
Arguments: Arguments:
-h : this help -h : this help
]] ]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag local DEBUG = true -- the debug flag
-- --BLOCK 0 = 00 08 80 40 PSK -- --BLOCK 0 = 00 08 80 40 PSK
@ -53,31 +56,34 @@ local procedurecmds = {
--- ---
-- A debug printout-function -- A debug printout-function
local function dbg(args) local function dbg(args)
if not DEBUG then if not DEBUG then return end
return if type(args) == 'table' then
end
if type(args) == "table" then
local i = 1 local i = 1
while args[i] do while args[i] do
dbg(args[i]) dbg(args[i])
i = i+1 i = i+1
end end
else else
print("###", args) print('###', args)
end end
end end
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function oops(err) local function oops(err)
print("ERROR: ",err) print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end end
--- ---
-- Usage help -- Usage help
local function help() local function help()
print(copyright)
print(author)
print(version)
print(desc) print(desc)
print("Example usage") print('Example usage')
print(example) print(example)
print(usage)
end end
-- --
-- Exit message -- Exit message
@ -91,7 +97,7 @@ end
local function test(modulation) local function test(modulation)
local bitrate local bitrate
local clockrate local clockrate
local block = "00" local block = '00'
for bitrate = 0x0, 0x1d, 0x4 do for bitrate = 0x0, 0x1d, 0x4 do
for clockrate = 0,8,4 do for clockrate = 0,8,4 do
@ -103,16 +109,19 @@ local function test(modulation)
elseif _ == 1 then elseif _ == 1 then
dbg("Writing to T55x7 TAG") dbg('Writing to T55x7 TAG')
local config = cmd:format(bitrate, modulation, clockrate) local config = cmd:format(bitrate, modulation, clockrate)
dbg(('lf t55xx write b 0 d %s'):format(config)) dbg(('lf t55xx write b 0 d %s'):format(config))
config = tonumber(config,16) config = tonumber(config, 16)
local writecmd = Command:new{cmd = cmds.CMD_T55XX_WRITE_BLOCK,arg1 = config, arg2 = block, arg3 = "00", data = "00"} local wc = Command:newMIX{
local err = core.SendCommand(writecmd:getBytes()) cmd = cmds.CMD_T55XX_WRITE_BLOCK
if err then return oops(err) end , arg1 = config
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT) , arg2 = block
}
local reponse, err = wc:sendMIX(false)
if not response then return oops(err) end
else else
dbg(cmd) dbg(cmd)
core.console( cmd ) core.console( cmd )
@ -131,7 +140,7 @@ local function main(args)
-- Arguments for the script -- Arguments for the script
for o, arg in getopt.getopt(args, 'h') do for o, arg in getopt.getopt(args, 'h') do
if o == "h" then return help() end if o == 'h' then return help() end
end end
core.clearCommandBuffer() core.clearCommandBuffer()

86
client/scripts/tnp3clone.lua
View file

@ -10,6 +10,12 @@ local rsh = bit32.rshift
local bor = bit32.bor local bor = bit32.bor
local band = bit32.band local band = bit32.band
copyright = ''
author = "Iceman"
version = 'v1.0.1'
desc =[[
This script will try making a barebone clone of a tnp3 tag on to a magic generation1 card.
]]
example =[[ example =[[
script run tnp3clone script run tnp3clone
script run tnp3clone -h script run tnp3clone -h
@ -17,10 +23,8 @@ example =[[
script run tnp3clone -t aa00 -s 0030 script run tnp3clone -t aa00 -s 0030
]] ]]
author = "Iceman" usage = [[
usage = "script run tnp3clone -t <toytype> -s <subtype>" script run tnp3clone -t <toytype> -s <subtype>
desc =[[
This script will try making a barebone clone of a tnp3 tag on to a magic generation1 card.
Arguments: Arguments:
-h : this help -h : this help
@ -36,51 +40,59 @@ Arguments:
023c - Special 023c - Special
0020 - Swapforce 0020 - Swapforce
]] ]]
---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function oops(err) local function oops(err)
print("ERROR: ",err) print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end end
-- Usage help -- Usage help
local function help() local function help()
print(copyright)
print(author)
print(version)
print(desc) print(desc)
print("Example usage") print('Example usage')
print(example) print(example)
print(usage)
end end
---
local function waitCmd() -- decode response and get the blockdata from a normal mifare read command
local response = core.WaitForResponseTimeout(cmds.CMD_ACK,2000) local function getblockdata(response)
if response then if not response then
local count,cmd,arg0 = bin.unpack('LL',response) return nil, 'No response from device'
if(arg0==1) then end
local count,arg1,arg2,data = bin.unpack('LLH511',response,count)
return data:sub(1,32) local count, cmd, arg0 = bin.unpack('LL', response)
else if arg0 == 1 then
return nil, "Couldn't read block." local count, arg1, arg2, data = bin.unpack('LLH511', response, count)
end return data:sub(1, 32)
else
return nil, "Couldn't read block.. ["..arg0.."]"
end end
return nil, "No response from device"
end end
local function readblock( blocknum, keyA ) local function readblock( blocknum, keyA )
-- Read block N -- Read block N
cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = blocknum, arg2 = 0, arg3 = 0, data = keyA} local c = Command:newMIX{cmd = cmds.CMD_MIFARE_READBL, arg1 = blocknum, data = keyA}
err = core.SendCommand(cmd:getBytes()) local b, err = getblockdata(c:sendMIX())
if err then return nil, err end if not b then return oops(err) end
local block0, err = waitCmd() return b
if err then return nil, err end
return block0
end end
---
-- decode response and get the blockdata from backdoor magic command
local function readmagicblock( blocknum ) local function readmagicblock( blocknum )
-- Read block N -- Read block N
local CSETBLOCK_SINGLE_OPERATION = 0x1F local CSETBLOCK_SINGLE_OPERATION = 0x1F
cmd = Command:new{cmd = cmds.CMD_MIFARE_CGETBLOCK, arg1 = CSETBLOCK_SINGLE_OPERATION, arg2 = 0, arg3 = blocknum} local c = Command:newMIX{
err = core.SendCommand(cmd:getBytes()) cmd = cmds.CMD_MIFARE_CGETBLOCK
if err then return nil, err end , arg1 = CSETBLOCK_SINGLE_OPERATION
local block0, err = waitCmd() , arg3 = blocknum
if err then return nil, err end }
return block0 local b, err = getblockdata(c:sendMIX())
if not b then return oops(err) end
return b
end end
local function main(args) local function main(args)
@ -103,10 +115,10 @@ local function main(args)
-- Arguments for the script -- Arguments for the script
for o, a in getopt.getopt(args, 'ht:s:l') do for o, a in getopt.getopt(args, 'ht:s:l') do
if o == "h" then return help() end if o == 'h' then return help() end
if o == "t" then toytype = a end if o == 't' then toytype = a end
if o == "s" then subtype = a end if o == 's' then subtype = a end
if o == "l" then return toys.List() end if o == 'l' then return toys.List() end
end end
if #toytype ~= 4 then return oops('[!] Wrong size - toytype. (4hex symbols)') end if #toytype ~= 4 then return oops('[!] Wrong size - toytype. (4hex symbols)') end
@ -115,7 +127,7 @@ local function main(args)
-- look up type, find & validate types -- look up type, find & validate types
local item = toys.Find( toytype, subtype) local item = toys.Find( toytype, subtype)
if item then if item then
print( ('[+] Looking up input: Found %s - %s (%s)'):format(item[6],item[5], item[4]) ) print( ('[+] Looking up input: Found %s - %s (%s)'):format(item[6], item[5], item[4]) )
else else
print('[-] Didn\'t find item type. If you are sure about it, post on forum') print('[-] Didn\'t find item type. If you are sure about it, post on forum')
end end

5
client/scripts/tnp3dump.lua
View file

@ -131,7 +131,8 @@ local function main(args)
-- Turn off Debug -- Turn off Debug
local cmdSetDbgOff = "hf mf dbg 0" local cmdSetDbgOff = "hf mf dbg 0"
core.console( cmdSetDbgOff) core.console( cmdSetDbgOff)
utils.Sleep(0.5)
result, err = lib14a.read(false, true) result, err = lib14a.read(false, true)
if not result then return oops(err) end if not result then return oops(err) end
@ -166,7 +167,7 @@ local function main(args)
local block0, block1 local block0, block1
-- Read block 0 -- Read block 0
dbg('Reading block 0') dbg('Reading block 0')
cmd = Command:newMIX{cmd = cmds.CMD_MIFARE_READBL, data = keyA} cmd = Command:newMIX{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0, data = keyA}
block0, err = getblockdata(cmd:sendMIX(false)) block0, err = getblockdata(cmd:sendMIX(false))
if not block0 then return oops(err) end if not block0 then return oops(err) end

5
client/scripts/tnp3sim.lua
View file

@ -235,7 +235,6 @@ local function LoadEmulator(uid, blocks)
local key = md5.sumhexa(baseStr) local key = md5.sumhexa(baseStr)
local enc = core.aes128_encrypt(key, blockdata) local enc = core.aes128_encrypt(key, blockdata)
blockdata = utils.ConvertAsciiToHex(enc) blockdata = utils.ConvertAsciiToHex(enc)
io.write( _..',')
end end
else else
-- add keys if not existing.. -- add keys if not existing..
@ -243,6 +242,9 @@ local function LoadEmulator(uid, blocks)
blockdata = AddKey(keys, _, blockdata) blockdata = AddKey(keys, _, blockdata)
end end
end end
io.write( _..',')
io.flush()
core.clearCommandBuffer() core.clearCommandBuffer()
cmd = Command:newMIX{cmd = cmds.CMD_MIFARE_EML_MEMSET, arg1 = _ ,arg2 = 1,arg3 = 16, data = blockdata} cmd = Command:newMIX{cmd = cmds.CMD_MIFARE_EML_MEMSET, arg1 = _ ,arg2 = 1,arg3 = 16, data = blockdata}
local err, msg = cmd:sendMIX(true) local err, msg = cmd:sendMIX(true)
@ -368,6 +370,7 @@ local function main(args)
-- Turn off Debug -- Turn off Debug
local cmdSetDbgOff = 'hf mf dbg 0' local cmdSetDbgOff = 'hf mf dbg 0'
core.console( cmdSetDbgOff) core.console( cmdSetDbgOff)
utils.Sleep(0.5)
-- Load dump.bin file -- Load dump.bin file
print( ('Load data from %s'):format(inputTemplate)) print( ('Load data from %s'):format(inputTemplate))

2
client/scripts/ul_uid.lua
View file

@ -45,7 +45,7 @@ end
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function oops(err) local function oops(err)
print('ERROR:', err) print('ERROR:', err)
core.clearCommandBuffer() core.clearCommandBuffer()
return nil, err return nil, err
end end
--- ---