github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-07-30 11:39:14 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: 'script run mfkeys' : uses NG

Browse source 
chg: 'hf mf chk' : uses old/mix
This commit is contained in:
iceman1001 2019-04-29 12:12:14 +02:00
parent 7454a4dcf2
commit 03d6454d95
4 changed files with 50 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

23
armsrc/mifarecmd.c
View file

@ -1529,13 +1529,22 @@ void MifareChkKeys(uint16_t arg0, uint8_t arg1, uint8_t arg2, uint8_t *datain, b
uint64_t key = 0; uint64_t key = 0;
uint32_t cuid = 0; uint32_t cuid = 0;
int i, res; int i, res;
uint8_t blockNo = arg0 & 0xFF; uint8_t cascade_levels = 0, isOK = 0;
uint8_t keyType = (arg0 >> 8) & 0xFF; uint8_t blockNo, keyType, keyCount;
uint8_t keyCount = arg2; bool clearTrace, have_uid = false;
uint8_t cascade_levels = 0;
uint8_t isOK = 0; if (ng) {
bool have_uid = false; keyType = datain[0];
bool clearTrace = arg1 & 0xFF; blockNo = datain[1];
clearTrace = datain[2];
keyCount = datain[3];
datain += 4;
} else {
blockNo = arg0 & 0xFF;
keyType = (arg0 >> 8) & 0xFF;
clearTrace = arg1;
keyCount = arg2;
}
LEDsoff(); LEDsoff();
LED_A_ON(); LED_A_ON();

18
client/lualibs/commands.lua
View file

@ -33,7 +33,7 @@ Command = {
if (type(data) == 'string') then if (type(data) == 'string') then
-- We need to check if it is correct length, otherwise pad it -- We need to check if it is correct length, otherwise pad it
local len = string.len(data) local len = #data
if (len < 1024) then if (len < 1024) then
--Should be 1024 hex characters to represent 512 bytes of data --Should be 1024 hex characters to represent 512 bytes of data
data = data .. string.rep("0",1024 - len ) data = data .. string.rep("0",1024 - len )
@ -42,7 +42,7 @@ Command = {
-- OOps, a bit too much data here -- OOps, a bit too much data here
print( ( "WARNING: data size too large, was %s chars, will be truncated "):format(len) ) print( ( "WARNING: data size too large, was %s chars, will be truncated "):format(len) )
-- --
data = data:sub(1,1024) data = data:sub(1, 1024)
end end
else else
print(("WARNING; data was NOT a (hex-) string, but was %s"):format(type(data))) print(("WARNING; data was NOT a (hex-) string, but was %s"):format(type(data)))
@ -67,7 +67,7 @@ Command = {
-- OOps, a bit too much data here -- OOps, a bit too much data here
print( ( "WARNING: data size too large, was %s chars, will be truncated "):format( #data) ) print( ( "WARNING: data size too large, was %s chars, will be truncated "):format( #data) )
-- --
data = data:sub(1,1024) data = data:sub(1, 1024)
end end
end end
o.data = data o.data = data
@ -87,7 +87,7 @@ Command = {
-- OOps, a bit too much data here -- OOps, a bit too much data here
print( ( "WARNING: data size too large, was %s chars, will be truncated "):format( #data) ) print( ( "WARNING: data size too large, was %s chars, will be truncated "):format( #data) )
-- --
data = data:sub(1,1024) data = data:sub(1, 1024)
end end
end end
o.data = data o.data = data
@ -129,7 +129,7 @@ function Command:__responsetostring()
tostring(self.resp_arg2), tostring(self.resp_arg2),
tostring(self.resp_arg3))) tostring(self.resp_arg3)))
print('NG ::', self.resp_ng) print('NG ::', self.resp_ng)
print('package ::', self.resp_response) print('Data ::', self.resp_data)
end end
@ -194,12 +194,13 @@ function Command:sendNG( ignore_response, timeout )
return nil, 'Error, waiting for response timed out :: '..msg return nil, 'Error, waiting for response timed out :: '..msg
end end
-- lets digest --[[ uncomment if you want to debug
-- lets digest response NG package.
local data local data
local count, cmd, length, magic, status, crc, arg1, arg2, arg3 = bin.unpack('SSIsSLLL', response) local count, cmd, length, magic, status, crc, arg1, arg2, arg3 = bin.unpack('SSIsSLLL', response)
count, data, ng = bin.unpack('H'..length..'C', response, count) count, data, ng = bin.unpack('H'..length..'C', response, count)
--[[ uncomment if you want to debug
self.resp_cmd = cmd self.resp_cmd = cmd
self.resp_length = length self.resp_length = length
self.resp_magic = magic self.resp_magic = magic
@ -213,8 +214,7 @@ function Command:sendNG( ignore_response, timeout )
self:__responsetostring() self:__responsetostring()
--]] --]]
local packed = bin.pack("LLLLH", cmd, arg1, arg2, arg3, data) return response
return packed, nil;
end end
return _commands return _commands

2
client/scripting.c
View file

@ -162,7 +162,7 @@ static int l_SendCommandNG(lua_State *L) {
return returnToLuaWithError(L, "You need to supply two parameters"); return returnToLuaWithError(L, "You need to supply two parameters");
// parse input // parse input
uint64_t cmd = luaL_checknumber(L, 1); uint16_t cmd = luaL_checknumber(L, 1);
// data // data
const char *p_data = luaL_checklstring(L, 2, &size); const char *p_data = luaL_checklstring(L, 2, &size);

40
client/scripts/mfkeys.lua
View file

@ -29,6 +29,8 @@ Arguments:
-p : print keys -p : print keys
]] ]]
local PM3_SUCCESS = 0 -- needs to be refactored into own like usb_cmd
local TIMEOUT = 10000 -- 10 seconds local TIMEOUT = 10000 -- 10 seconds
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
@ -56,8 +58,11 @@ local function checkCommand(response)
return nil, "Timeout while waiting for device to respond" return nil, "Timeout while waiting for device to respond"
end end
local count, cmd, arg0, arg1, arg2, data = bin.unpack('LLLLH40',result) local data
if arg0 == 1 then local count, cmd, length, magic, status, crc, arg1, arg2, arg3 = bin.unpack('SSIsSLLL', response)
count, data, ng = bin.unpack('H'..length..'C', response, count)
if status == PM3_SUCCESS then
key = data:sub(1, 12) key = data:sub(1, 12)
return key return key
end end
@ -67,34 +72,37 @@ end
local function checkBlock(blockno, testkeys, keytype) local function checkBlock(blockno, testkeys, keytype)
-- The command data is only 512 bytes, each key is 6 bytes, meaning that we can send max 85 keys in one go. -- The command data is only 512 bytes,
-- each key is 6 bytes,
-- NG args inside dataarray is 4 bytes. That give us (512-4)/6 or max 84 keys in one go.
-- If there's more, we need to split it up -- If there's more, we need to split it up
local arg1 = bit32.bor(bit32.lshift(keytype, 8), blockno) local arg1 = bit32.bor(bit32.lshift(keytype, 8), blockno)
local arg2 = '00' -- don't clear trace
local start, remaining = 1, #testkeys local start, remaining = 1, #testkeys
local maxchunk = math.floor((512-4)/6)
local chunksize = remaining local chunksize = remaining
if remaining > 85 then chunksize = 85 end if remaining > maxchunk then chunksize = maxchunk end
local n = chunksize local n = chunksize
while remaining > 0 do while remaining > 0 do
--print('start', start, 'chunksize', chunksize, 'testkeys kvar', remaining, 'N-index=', n) -- print('start', start, 'chunksize', chunksize, 'testkeys kvar', remaining, 'N-index=', n)
local d0 = ('%04X%02X%02X'):format(arg1, arg2, chunksize)
local d1 = table.concat(testkeys, "", start, n) local d1 = table.concat(testkeys, "", start, n)
core.clearCommandBuffer()
core.clearCommandBuffer()
print(("Testing block %d, keytype %d, with %d keys"):format(blockno, keytype, chunksize)) print(("Testing block %d, keytype %d, with %d keys"):format(blockno, keytype, chunksize))
local c = Command:newNG{cmd = cmds.CMD_MIFARE_CHKKEYS,
arg1 = arg1,
arg3 = chunksize,
data = d1}
status, err = checkCommand(c:sendNG(false, TIMEOUT))
if status then return status, blockno end local c = Command:newNG{cmd = cmds.CMD_MIFARE_CHKKEYS, data = d0..d1}
key, err = checkCommand(c:sendNG(false, TIMEOUT))
if key then return key, blockno end
start = start + chunksize start = start + chunksize
remaining = remaining - chunksize remaining = remaining - chunksize
if remaining < 85 then chunksize = remaining end if remaining < maxchunk then chunksize = remaining end
n = n + chunksize n = n + chunksize
end end
return nil return nil