FIX: correct some lookups in tnp3dump.lua, tnp3sim.lua

ADD: added optional parameter (-p) to tnp3dump.lua

client/lualibs/utils.lua

@@ -71,8 +71,8 @@ local Utils =
 		return outResults
 	end,
 	
-	------------ CRC-16 ccitt checksums
 	
+	------------ CRC-16 ccitt checksums
 	-- Takes a hex string and calculates a crc16
 	Crc16 = function(s)
 		if s == nil then return nil end
@@ -86,6 +86,21 @@ local Utils =
 		return nil
 	end,
 	
+	------------ CRC-64 ecma checksums
+	-- Takes a hex string and calculates a crc64 ecma
+	Crc64 = function(s)
+		if s == nil then return nil end
+		if #s == 0 then return nil end
+		if  type(s) == 'string' then
+			local utils = require('utils')
+			local asc = utils.ConvertHexToAscii(s)
+			local hash = core.crc64(asc)
+			return hash
+		end
+		return nil
+	end,
+	
+	
 	-- input parameter is a string
 	-- Swaps the endianess and returns a number,  
 	-- IE:  'cd7a' -> '7acd'  -> 0x7acd
@@ -171,16 +186,28 @@ local Utils =
 		end
 		return t
 	end,
-	ConvertAsciiToBytes = function(s)
+	ConvertAsciiToBytes = function(s, reverse)
-		local t={}
+		local t = {}
 		if s == nil then return t end
 		if #s == 0 then return t end
 		
 		for k in s:gmatch"(.)" do
 			table.insert(t, string.byte(k))
 		end
-		return t
+		
+		if not reverse then
+			return t
+		end
+	
+		local rev = {}
+		if reverse then
+			for i = #t, 1,-1 do
+				table.insert(rev, t[i] )
+			end
+		end
+		return rev
 	end,
+	
 	ConvertHexToAscii = function(s)
 		local t={}
 		if s == nil then return t end

client/scripts/tnp3dump.lua

@@ -7,17 +7,20 @@ local md5 = require('md5')
 local dumplib = require('html_dumplib')
 local toyNames = require('default_toys')
 
+
 example =[[
-	1. script run tnp3dump
+	script run tnp3dump
-	2. script run tnp3dump -n
+	script run tnp3dump -n
-	3. script run tnp3dump -k aabbccddeeff
+	script run tnp3dump -p
-	4. script run tnp3dump -k aabbccddeeff -n
+	script run tnp3dump -k aabbccddeeff
-	5. script run tnp3dump -o myfile 
+	script run tnp3dump -k aabbccddeeff -n
-	6. script run tnp3dump -n -o myfile 
+	script run tnp3dump -o myfile 
-	7. script run tnp3dump -k aabbccddeeff -n -o myfile 
+	script run tnp3dump -n -o myfile 
+	script run tnp3dump -p -o myfile 
+	script run tnp3dump -k aabbccddeeff -n -o myfile 
 ]]
 author = "Iceman"
-usage = "script run tnp3dump -k <key> -n -o <filename>"
+usage = "script run tnp3dump -k <key> -n -p -o <filename>"
 desc =[[
 This script will try to dump the contents of a Mifare TNP3xxx card.
 It will need a valid KeyA in order to find the other keys and decode the card.
@@ -25,6 +28,7 @@ Arguments:
 	-h             : this help
 	-k <key>       : Sector 0 Key A.
 	-n             : Use the nested cmd to find all keys
+	-p             : Use the precalc to find all keys
 	-o             : filename for the saved dumps
 ]]
 
@@ -112,15 +116,17 @@ local function main(args)
 	local cmd
 	local err
 	local useNested = false
+	local usePreCalc = false
 	local cmdReadBlockString = 'hf mf rdbl %d A %s'
 	local input = "dumpkeys.bin"
 	local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M%S");
 
 	-- Arguments for the script
-	for o, a in getopt.getopt(args, 'hk:no:') do
+	for o, a in getopt.getopt(args, 'hk:npo:') do
 		if o == "h" then return help() end		
 		if o == "k" then keyA = a end
 		if o == "n" then useNested = true end
+		if o == "p" then usePreCalc = true end
 		if o == "o" then outputTemplate = a end		
 	end
 
@@ -146,8 +152,9 @@ local function main(args)
 	end	
 
 	-- Show tag info
-	print((' Found tag : %s'):format(result.name))
+	print((' Found tag %s'):format(result.name))
-	print(('Using keyA : %s'):format(keyA))
+
+	dbg(('Using keyA : %s'):format(keyA))
 
 	--Trying to find the other keys
 	if useNested then
@@ -156,15 +163,19 @@ local function main(args)
 
 	core.clearCommandBuffer()
 	
-	-- Loading keyfile
+	local akeys = ''
-	print('Loading dumpkeys.bin')
+	if usePreCalc then
-	local hex, err = utils.ReadDumpFile(input)
+		local pre = require('precalc')
-	if not hex then
+		akeys = pre.GetAll(result.uid)
-		return oops(err)
+	else
+		print('Loading dumpkeys.bin')
+		local hex, err = utils.ReadDumpFile(input)
+		if not hex then
+			return oops(err)
+		end
+		akeys = hex:sub(0,12*16)
 	end
 	
-	local akeys = hex:sub(0,12*16)
-
 	-- Read block 0
 	cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0,arg2 = 0,arg3 = 0, data = keyA}
 	err = core.SendCommand(cmd:getBytes())
@@ -188,7 +199,7 @@ local function main(args)
 	core.clearCommandBuffer()
 		
 	-- main loop
-	io.write('Decrypting blocks > ')
+	io.write('Reading blocks > ')
 	for blockNo = 0, numBlocks-1, 1 do
 
 		if core.ukbhit() then
@@ -249,23 +260,28 @@ local function main(args)
 		end
 	end 
 	
-
 	local uid = block0:sub(1,8)
 	local itemtype = block1:sub(1,4)
+	local cardidLsw = block1:sub(9,16)
+	local cardidMsw = block1:sub(16,24)
 	local cardid = block1:sub(9,24)
 	local traptype = block1:sub(25,28)
 	
 	-- Write dump to files
 	if not DEBUG then
 		local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'_uid_'..uid..'.bin')
-		print(("Wrote a BIN dump to the file %s"):format(foo))
+		print(("Wrote a BIN dump to:  %s"):format(foo))
 		local bar = dumplib.SaveAsText(emldata, outputTemplate..'_uid_'..uid..'.eml')
-		print(("Wrote a EML dump to the file %s"):format(bar))
+		print(("Wrote a EML dump to:  %s"):format(bar))
 	end
 
+	local itemtypename = toyNames[itemtype]
+	if itemtypename == nil then
+		itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)]
+	end
 	-- Show info 
 	print( string.rep('--',20) )
-	print( ('            ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
+	print( ('            ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) )
 	print( (' Alter ego / traptype : 0x%s'):format(traptype) )
 	print( ('                  UID : 0x%s'):format(uid) )
 	print( ('               CARDID : 0x%s'):format(cardid ) )

client/scripts/tnp3sim.lua

@@ -26,7 +26,18 @@ Arguments:
 ]]
 
 local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
-local DEBUG = true -- the debug flag
+local DEBUG = false -- the debug flag
+
+
+local band = bit32.band
+local bor = bit32.bor
+local lshift = bit32.lshift
+local rshift = bit32.rshift
+local byte = string.byte
+local char = string.char
+local sub = string.sub
+local format = string.format
+
 --- 
 -- A debug printout-function
 function dbg(args)
@@ -65,7 +76,6 @@ function ExitMsg(msg)
 	print()
 end
 
-
 local function writedumpfile(infile)
 	 t = infile:read("*all")
 	 len = string.len(t)
@@ -187,7 +197,6 @@ local function ValidateCheckSums(blocks)
 	io.write( ('TYPE 3 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
 end
 
-
 local function LoadEmulator(blocks)
 	local HASHCONSTANT = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'
 	local cmd
@@ -219,6 +228,102 @@ local function LoadEmulator(blocks)
 	io.write('\n')
 end
 
+local function Num2Card(m, l)
+
+	local k = {
+		0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,0x42, 0x43, 0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B,
+		0x4C, 0x4D, 0x4E, 0x50, 0x51, 0x52, 0x53, 0x54,0x56, 0x57, 0x58, 0x59, 0x5A, 0x00
+	}
+	local msw = tonumber(utils.SwapEndiannessStr(m,32),16)
+	local lsw = tonumber(utils.SwapEndiannessStr(l,32),16)
+
+	if msw > 0x17ea1 then
+		return "too big"
+	end
+
+	if msw == 0x17ea1 and lsw > 0x8931fee8 then
+		return "out of range"
+	end
+
+	local s = ""
+	local index
+	for i = 1,10 do
+		index, msw, lsw = DivideByK( msw, lsw)
+		if ( index <= 1 ) then
+			s = char(k[index]) .. s
+		else
+			s = char(k[index-1]) .. s
+		end 
+		print (index-1, msw, lsw)
+	end
+    return s
+end
+--33LRT-LM9Q9
+--7, 122, 3474858630
+--20, 4, 1008436634
+--7, 0, 627182959
+--17, 0, 21626998
+--16, 0, 745758
+--23, 0, 25715
+--21, 0, 886
+--16, 0, 30
+--1, 0, 1
+--1, 0, 0
+
+function DivideByK(msw, lsw)
+
+	local lowLSW
+	local highLSW
+	local remainder = 0
+	local RADIX = 29
+
+	--local num = 0 | band( rshift(msw,16), 0xffff)
+	local num = band( rshift(msw, 16), 0xffff)
+ 
+	--highLSW = 0 | lshift( (num / RADIX) , 16)
+	highLSW = lshift( (num / RADIX) , 16)
+	remainder = num % RADIX
+
+	num =  bor( lshift(remainder,16), band(msw, 0xffff))
+
+	--highLSW |= num / RADIX
+	highLSW = highLSW or (num / RADIX)
+	remainder = num % RADIX
+
+	num =  bor( lshift(remainder,16), ( band(rshift(lsw,16), 0xffff)))
+
+	--lowLSW = 0 | (num / RADIX) << 16
+	lowLSW = 0 or (lshift( (num / RADIX), 16))
+	remainder = num % RADIX
+
+	num =  bor( lshift(remainder,16) , band(lsw, 0xffff) )
+
+	lowLSW = bor(lowLSW, (num / RADIX))
+	remainder = num % RADIX
+	return remainder, highLSW, lowLSW
+	
+	            uint num = 0 | (msw >> 16) & 0xffff;
+ 
+            highLSW = 0 | (num / RADIX) << 16;
+            remainder = num % RADIX;
+
+            num = (remainder << 16) | (msw & 0xffff);
+ 
+            highLSW |= num / RADIX;
+            remainder = num % RADIX;
+
+            num = (remainder << 16) | ((lsw >> 16) & 0xffff);
+
+            lowLSW = 0 | (num / RADIX) << 16;
+            remainder = num % RADIX;
+
+            num = (remainder << 16) | (lsw & 0xffff);
+
+            lowLSW |= num / RADIX;
+            remainder = num % RADIX;
+
+end
+
 local function main(args)
 
 	print( string.rep('--',20) )
@@ -278,15 +383,25 @@ local function main(args)
 	print(' Gathering info')
 	local uid = blocks[0]:sub(1,8)
 	local itemtype = blocks[1]:sub(1,4)
-	local cardid = blocks[1]:sub(9,24)
+	local cardidLsw = blocks[1]:sub(9,16)
+	local cardidMsw = blocks[1]:sub(17,24)
+
+	local itemtypename = toyNames[itemtype]
+	if itemtypename == nil then
+		itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)]
+	end
 	
 	-- Show info 
 	print( string.rep('--',20) )
-	print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
+	print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) )
 	print( ('       UID : 0x%s'):format(uid) )
-	print( ('    CARDID : 0x%s'):format(cardid ) )	
+	print( ('    CARDID : 0x%s %s [%s]'):format(
+								cardidMsw,cardidLsw, 
+								Num2Card(cardidMsw, cardidLsw))
+								)
 	print( string.rep('--',20) )
 
+
 	-- lets do something.
 	-- 
 	local experience = blocks[8]:sub(1,6)