github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 13:23:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #30 from RfidResearchGroup/master

Browse source 
Update
This commit is contained in:
mwalker33 2020-04-06 18:51:19 +10:00 committed by GitHub
commit 15d584e060
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
52 changed files with 1903 additions and 629 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGELOG.md
View file

@ -3,6 +3,12 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased]
- Updated helptext layout in all luascripts (@iceman1001)
- Change `hf mfdes info` - output and logging (@brkeler)
- Updated texts in legic commands (@ikarus23)
- Fix timing bug inside 40x5 (@mwalker33)
- Refactored all Hitag2 attacks (@doegox)
- Added two new Hitag2 attacks (@doegox)
- Change `hf search` - now continue to search in case of dual tech cards (@iceman1001) Thanks to @ikarus23 for the suggestion!
- Added `hf topas info` - old reader command, now also prints NDEF (@iceman1001)
- Change `hf topaz reader` - now only prints lighter info, like UID. (@iceman1001)

4
client/Makefile
View file

@ -205,6 +205,7 @@ CMDSRCS = crapto1/crapto1.c \
cmdhffido.c \
cmdhffelica.c \
cmdhfthinfilm.c \
cmdhfcryptorf.c \
cmdhflto.c \
cmdhw.c \
cmdlf.c \
@ -251,7 +252,8 @@ CMDSRCS = crapto1/crapto1.c \
flash.c \
wiegand_formats.c \
wiegand_formatutils.c \
cardhelper.c
cardhelper.c \
settings.c
cpu_arch = $(shell uname -m)
ifneq ($(findstring 86, $(cpu_arch)), )

15
client/cmdhf.c
View file

@ -34,6 +34,7 @@
#include "cmdhffido.h" // FIDO authenticators
#include "cmdhfthinfilm.h" // Thinfilm
#include "cmdhflto.h" // LTO-CM
#include "cmdhfcryptorf.h" // CryptoRF
#include "cmdtrace.h" // trace list
#include "ui.h"
#include "cmddata.h"
@ -149,11 +150,22 @@ int CmdHFSearch(const char *Cmd) {
res = PM3_SUCCESS;
}
}
/*
// 14b and iclass is the longest test (put last)
PROMPT_CLEARLINE;
PrintAndLogEx(INPLACE, "Searching for CryptoRF tag...");
if (IfPm3Iso14443b()) {
if (readHFCryptoRF(false) == PM3_SUCCESS) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("CryptoRF tag") "found\n");
res = PM3_SUCCESS;
}
}
*/
// 14b and iclass is the longest test (put last)
PROMPT_CLEARLINE;
PrintAndLogEx(INPLACE, "Searching for ISO14443-B tag...");
if (IfPm3Iso14443a()) {
if (IfPm3Iso14443b()) {
if (readHF14B(false) == 1) {
PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("ISO14443-B tag") "found\n");
res = PM3_SUCCESS;
@ -281,6 +293,7 @@ static command_t CommandTable[] = {
{"14a", CmdHF14A, AlwaysAvailable, "{ ISO14443A RFIDs... }"},
{"14b", CmdHF14B, AlwaysAvailable, "{ ISO14443B RFIDs... }"},
{"15", CmdHF15, AlwaysAvailable, "{ ISO15693 RFIDs... }"},
// {"cryptorf", CmdHFCryptoRF, AlwaysAvailable, "{ CryptoRF RFIDs... }"},
{"epa", CmdHFEPA, AlwaysAvailable, "{ German Identification Card... }"},
{"felica", CmdHFFelica, AlwaysAvailable, "{ ISO18092 / Felica RFIDs... }"},
{"fido", CmdHFFido, AlwaysAvailable, "{ FIDO and FIDO2 authenticators... }"},

268
client/cmdhf14a.c
View file

@ -1245,6 +1245,135 @@ int CmdHF14A(const char *Cmd) {
return CmdsParse(CommandTable, Cmd);
}
static void printTag(char *tag) {
PrintAndLogEx(SUCCESS, _YELLOW_(" %s"), tag);
}
typedef enum {
mtNone = 0,
mtClassic = 1,
mtMini = 2,
mtDESFire = 4,
mtPlus = 8,
mtUltralight = 16,
mtOther = 32
} nxp_mifare_type;
// According to NXP AN10833 Rev 3.6 MIFARE Type Identification, Table 6
int detect_nxp_card(uint8_t sak, uint16_t atqa) {
int type = mtNone;
if (sak == 0x00) {
printTag("MIFARE Ultralight C / Ultralight CL2");
type = mtUltralight;
}
if (sak == 0x01) {
printTag("TNP3xxx (Activision Game Appliance)");
type = mtOther;
}
if ((sak & 0x04) == 0x04) {
printTag("Any MIFARE CL1");
type |= mtDESFire;
}
if ((sak & 0x08) == 0x08) {
printTag("MIFARE Classic 1K / Classic 1K CL2");
printTag("MIFARE Plus 2K / Plus EV1 2K");
printTag("MIFARE Plus CL2 2K / Plus CL2 EV1 2K");
type |= mtClassic;
type |= mtPlus;
}
if ((sak & 0x09) == 0x09) {
printTag("MIFARE Mini 0.3K / Mini CL2 0.3K");
type |= mtMini;
}
if ((sak & 0x10) == 0x10) {
printTag("MIFARE Plus 2K / Plus CL2 2K");
type |= mtPlus;
}
if ((sak & 0x11) == 0x11) {
printTag("MIFARE Plus 4K / Plus CL2 4K");
type |= mtPlus;
}
if ((sak & 0x18) == 0x18) {
if (atqa == 0x0042) {
printTag("MIFARE Plus 4K / Plus EV1 4K");
printTag("MIFARE Plus CL2 4K / Plus CL2 EV1 4K");
type |= mtPlus;
} else {
printTag("MIFARE Classic 4K / Classic 4K CL2");
type |= mtClassic;
}
}
if ((sak & 0x20) == 0x20) {
if (atqa == 0x0344) {
printTag("MIFARE DESFire EV1 2K/4K/8K / DESFire EV1 CL2 2K/4K/8K");
type |= mtDESFire;
} else {
printTag("MIFARE Plus 2K / Plus EV1 2K");
printTag("MIFARE Plus 4K / Plus EV1 4K");
printTag("MIFARE Plus CL2 2K / Plus CL2 EV1 4K");
printTag("MIFARE Plus CL2 4K / Plus CL2 EV1 4K");
type |= mtPlus;
}
}
if ((sak & 0x24) == 0x24) {
if (atqa == 0x0344) {
printTag("MIFARE DESFire CL1 / DESFire EV1 CL1");
type |= mtDESFire;
}
}
if ((sak & 0x28) == 0x28) {
if (atqa == 0x0344) {
printTag("MIFARE DESFire CL1 / DESFire EV1 CL1");
type |= mtDESFire;
}
}
return type;
}
typedef struct {
uint8_t uid0;
uint8_t uid1;
char *desc;
} uidname;
const uidname uidmap[] = {
// UID0, UID1, TEXT
{0x02, 0x00, "SR176"},
{0x02, 0x03, "SRIX4K"},
{0x02, 0x0C, "SRT512"},
{0x02, 0x0F, "SRI2K"},
{0x02, 0x1B, "25TB512-AC"},
{0x02, 0x3D, "SRIX4K"},
{0x02, 0x3F, "25TB02K"},
{0x02, 0x4D, "SRIX512"},
{0x02, 0x6D, "SRI512"},
{0x02, 0x7D, "SRI4K"},
{0x02, 0x84, "M24SR64-Y"},
{0x02, 0xA3, "25TA02KB-P"},
{0x02, 0xC4, "25TA64K"},
{0x02, 0xE3, "25TA02KB"},
{0x02, 0xE4, "25TA512B"},
{0x02, 0xF3, "25TA02KB-D"},
{0x11, 0x22, "NTAG21x Modifiable"},
{0x00, 0x00, "None"}
};
void getTagLabel(uint8_t uid0, uint8_t uid1) {
int i = 0;
while (uidmap[i].uid0 != 0x00) {
if ((uidmap[i].uid0 == uid0) && (uidmap[i].uid1 == uid1)) {
PrintAndLogEx(SUCCESS, _YELLOW_(" %s"), uidmap[i].desc);
return;
}
i += 1;
}
return;
}
int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443A_READER, ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0, NULL, 0);
@ -1290,10 +1419,64 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
PrintAndLogEx(SUCCESS, " SAK: " _GREEN_("%02x [%" PRIu64 "]"), card.sak, resp.oldarg[0]);
bool isMifareClassic = true;
bool isMifareDesfire = false;
bool isMifareDESFire = false;
bool isMifarePlus = false;
bool isMifareUltralight = false;
int nxptype = mtNone;
// Double & triple sized UID, can be mapped to a manufacturer.
if (card.uidlen <= 4) {
nxptype = detect_nxp_card(card.sak, ((card.atqa[1] << 8) + card.atqa[0]));
if ((nxptype & mtClassic) == mtClassic) isMifareClassic = true;
else isMifareClassic = false;
if ((nxptype & mtDESFire) == mtDESFire) {
isMifareDESFire = true;
} else {
isMifareDESFire = false;
}
if ((nxptype & mtPlus) == mtPlus) isMifarePlus = true;
else isMifarePlus = false;
if ((nxptype & mtUltralight) == mtUltralight) isMifareUltralight = true;
else isMifareUltralight = false;
if ((nxptype & mtOther) == mtOther) isMifareClassic = true;
}
if (card.uidlen > 4) {
PrintAndLogEx(SUCCESS, "MANUFACTURER: " _YELLOW_("%s"), getTagInfo(card.uid[0]));
PrintAndLogEx(SUCCESS, "Possible Type:");
switch (card.uid[0]) {
case 0x04: // NXP
nxptype = detect_nxp_card(card.sak, ((card.atqa[1] << 8) + card.atqa[0]));
if ((nxptype & mtClassic) == mtClassic) isMifareClassic = true;
else isMifareClassic = false;
if ((nxptype & mtDESFire) == mtDESFire) {
isMifareDESFire = true;
} else {
isMifareDESFire = false;
}
if ((nxptype & mtPlus) == mtPlus) isMifarePlus = true;
else isMifarePlus = false;
if ((nxptype & mtUltralight) == mtUltralight) isMifareUltralight = true;
else isMifareUltralight = false;
if ((nxptype & mtOther) == mtOther) isMifareClassic = true;
break;
case 0x05: // Infineon
if ((card.uid[1] & 0xF0) == 0x10) {
printTag("my-d(tm) command set SLE 66R04/16/32P, SLE 66R04/16/32S");
} else if ((card.uid[1] & 0xF0) == 0x20) {
printTag("my-d(tm) command set SLE 66R01/16/32P (Type 2 Tag)");
} else if ((card.uid[1] & 0xF0) == 0x30) {
printTag("my-d(tm) move lean SLE 66R01P/66R01PN");
} else if ((card.uid[1] & 0xF0) == 0x70) {
printTag("my-d(tm) move lean SLE 66R01L");
}
if (card.sak == 0x88) {
printTag("Infineon MIFARE CLASSIC 1K");
}
getTagLabel(card.uid[0], card.uid[1]);
break;
default:
getTagLabel(card.uid[0], card.uid[1]);
switch (card.sak) {
case 0x00:
isMifareClassic = false;
@ -1305,8 +1488,9 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
if (tagT != UL_ERROR) {
ul_print_type(tagT, 0);
isMifareUltralight = true;
printTag("MIFARE Ultralight/C/NTAG Compatible");
} else {
PrintAndLogEx(SUCCESS, "TYPE: Possible AZTEK (iso14443a compliant)");
printTag("Possible AZTEK (iso14443a compliant)");
}
// reconnect for further tests
@ -1323,64 +1507,26 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
return select_status;
}
break;
case 0x01:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP TNP3xxx Activision Game Appliance"));
break;
case 0x04:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE (various !DESFire !DESFire EV1)"));
isMifareClassic = false;
isMifareDesfire = true;
break;
case 0x08:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1"));
break;
case 0x09:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Mini 0.3k"));
break;
case 0x0A:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("FM11RF005SH (Shanghai Metro)"));
break;
case 0x10:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Plus 2k SL2"));
isMifarePlus = true;
break;
case 0x11:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Plus 4k SL2"));
isMifarePlus = true;
break;
case 0x18:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE Classic 4k | Plus 4k SL1 | 4k Ev1"));
printTag("FM11RF005SH (Shanghai Metro)");
break;
case 0x20:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41"));
isMifareClassic = false;
isMifareDesfire = true;
isMifarePlus = true;
break;
case 0x24:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("NXP MIFARE DESFire | DESFire EV1"));
isMifareClassic = false;
isMifareDesfire = true;
printTag("JCOP 31/41");
break;
case 0x28:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("JCOP31 or JCOP41 v2.3.1"));
printTag("JCOP31 or JCOP41 v2.3.1");
break;
case 0x38:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("Nokia 6212 or 6131 MIFARE CLASSIC 4K"));
break;
case 0x88:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("Infineon MIFARE CLASSIC 1K"));
printTag("Nokia 6212 or 6131");
break;
case 0x98:
PrintAndLogEx(SUCCESS, "TYPE: " _YELLOW_("Gemplus MPCOS"));
printTag("Gemplus MPCOS");
break;
default:
;
break;
}
break;
}
// Double & triple sized UID, can be mapped to a manufacturer.
if (card.uidlen > 4) {
PrintAndLogEx(SUCCESS, "MANUFACTURER: " _YELLOW_("%s"), getTagInfo(card.uid[0]));
}
// try to request ATS even if tag claims not to support it
@ -1455,12 +1601,14 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
);
pos++;
}
if (tc1) {
PrintAndLogEx(SUCCESS, " - TC1 : NAD is%s supported, CID is%s supported",
(card.ats[pos] & 0x01) ? "" : " NOT",
(card.ats[pos] & 0x02) ? "" : " NOT");
pos++;
}
if (card.ats[0] > pos && card.ats[0] < card.ats_len - 2) {
const char *tip = "";
if (card.ats[0] - pos >= 7) {
@ -1477,14 +1625,14 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
switch (card.ats[pos + 2] & 0xf0) {
case 0x10:
PrintAndLogEx(SUCCESS, " 1x -> MIFARE DESFire");
isMifareDesfire = true;
isMifareDESFire = true;
isMifareClassic = false;
isMifarePlus = false;
break;
case 0x20:
PrintAndLogEx(SUCCESS, " 2x -> MIFARE Plus");
isMifarePlus = true;
isMifareDesfire = false;
isMifareDESFire = false;
isMifareClassic = false;
break;
}
@ -1607,6 +1755,17 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
PrintAndLogEx(INFO, "proprietary non iso14443-4 card found, RATS not supported");
}
if (isMifareUltralight) {
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfu info`"));
}
if (isMifarePlus) {
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfp info`"));
}
if (isMifareDESFire) {
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfdes info`"));
}
if (((card.sak & 0x08) == 0x08) || ((card.sak & 0x18) == 0x18)) {
detect_classic_magic();
if (isMifareClassic) {
@ -1626,18 +1785,9 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) {
PrintAndLogEx(SUCCESS, "Static nonce: " _YELLOW_("yes"));
if (res == 2 && verbose)
PrintAndLogEx(SUCCESS, "Static nonce: " _RED_("fail"));
}
if (isMifareUltralight) {
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfu info`"));
}
if (isMifarePlus) {
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfp info`"));
}
if (isMifareDesfire) {
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf mfdes info`"));
}
return select_status;
}

609
client/cmdhfcryptorf.c Normal file
View file

@ -0,0 +1,609 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 iceman
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// High frequency CryptoRF commands (ISO14443B)
//-----------------------------------------------------------------------------
#include "cmdhfcryptorf.h"
#include <ctype.h>
#include "fileutils.h"
#include "cmdparser.h" // command_t
#include "comms.h" // clearCommandBuffer
#include "cmdtrace.h"
#include "crc16.h"
#include "cmdhf14a.h"
#include "protocols.h" // definitions of ISO14B protocol
#define TIMEOUT 2000
static int CmdHelp(const char *Cmd);
static int usage_hf_cryptorf_info(void) {
PrintAndLogEx(NORMAL, "Usage: hf cryptorf info [h] [v]\n"
"Options:\n"
" h this help\n"
" v verbose\n"
"\n"
"Example:\n"
_YELLOW_(" hf cryptorf info")
);
return PM3_SUCCESS;
}
static int usage_hf_cryptorf_reader(void) {
PrintAndLogEx(NORMAL, "Usage: hf cryptorf reader [h] [v]\n"
"Options:\n"
" h this help\n"
" v verbose\n"
"\n"
"Example:\n"
_YELLOW_(" hf cryptorf reader")
);
return PM3_SUCCESS;
}
static int usage_hf_cryptorf_sniff(void) {
PrintAndLogEx(NORMAL, "It get data from the field and saves it into command buffer\n"
"Buffer accessible from command " _YELLOW_("'hf list cryptorf'") "\n"
"Usage: hf cryptorf sniff [h]\n"
"Options:\n"
" h this help\n"
"\n"
"Example:\n"
_YELLOW_(" hf cryptorf sniff")
);
return PM3_SUCCESS;
}
static int usage_hf_cryptorf_sim(void) {
PrintAndLogEx(NORMAL, "Emulating CryptoRF tag with 4 UID / PUPI\n"
"Usage: hf cryptorf sim [h] [u <uid>]\n"
"Options:\n"
" h this help\n"
" u 4byte UID/PUPI\n"
"\n"
"Example:\n"
_YELLOW_(" hf cryptorf sim")
);
return PM3_SUCCESS;
}
static int usage_hf_cryptorf_dump(void) {
PrintAndLogEx(NORMAL, "This command dumps the contents of a ISO-14443-B tag and save it to file\n"
"\n"
"Usage: hf cryptorf dump [h] [card memory] <f filname> \n"
"Options:\n"
" h this help\n"
" f <name> filename, if no <name> UID will be used as filename\n"
"\n"
"Examples:\n"
"\thf cryptorf dump\n"
"\thf cryptorf dump f mydump");
return PM3_SUCCESS;
}
static int usage_hf_cryptorf_eload(void) {
PrintAndLogEx(NORMAL, "It loads a binary dump into emulator memory\n"
"Usage: hf cryptorf eload [f <file name w/o `.eml`>]\n"
"Options:\n"
" h this help\n"
" f <name> filename, if no <name> UID will be used as filename\n"
"\n"
"Examples:\n"
_YELLOW_(" hf cryptorf eload f filename")
);
return PM3_SUCCESS;
}
static int usage_hf_cryptorf_esave(void) {
PrintAndLogEx(NORMAL, "It saves bin/eml/json dump file of emulator memory\n"
" Usage: hf cryptorf esave [f <file name w/o `.eml`>]\n"
"Options:\n"
" h this help\n"
" f <name> filename, if no <name> UID will be used as filename\n"
"\n"
"Examples:\n"
_YELLOW_(" hf cryptorf esave ")
_YELLOW_(" hf cryptorf esave f filename")
);
return PM3_SUCCESS;
}
static int switch_off_field_cryptorf(void) {
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_DISCONNECT, 0, 0, NULL, 0);
return PM3_SUCCESS;
}
static int CmdHFCryptoRFList(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
CmdTraceList("14b");
return PM3_SUCCESS;
}
static int CmdHFCryptoRFSim(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_hf_cryptorf_sim();
uint32_t pupi = 0;
if (cmdp == 'u') {
pupi = param_get32ex(Cmd, 1, 0, 16);
}
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443B_SIMULATE, pupi, 0, 0, NULL, 0);
return PM3_SUCCESS;
}
static int CmdHFCryptoRFSniff(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_hf_cryptorf_sniff();
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO14443B_SNIFF, NULL, 0);
return PM3_SUCCESS;
}
static bool get_14b_UID(iso14b_card_select_t *card) {
if (!card)
return false;
int8_t retry = 3;
PacketResponseNG resp;
// test for 14b SR
while (retry--) {
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_SR | ISO14B_DISCONNECT, 0, 0, NULL, 0);
if (WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
uint8_t status = resp.oldarg[0];
if (status == 0) {
memcpy(card, (iso14b_card_select_t *)resp.data.asBytes, sizeof(iso14b_card_select_t));
return true;
}
}
} // retry
// test 14b standard
retry = 3;
while (retry--) {
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_STD | ISO14B_DISCONNECT, 0, 0, NULL, 0);
if (WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
uint8_t status = resp.oldarg[0];
if (status == 0) {
memcpy(card, (iso14b_card_select_t *)resp.data.asBytes, sizeof(iso14b_card_select_t));
return true;
}
}
} // retry
if (retry <= 0)
PrintAndLogEx(WARNING, "timeout while waiting for reply.");
return false;
}
static int CmdHFCryptoRFInfo(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_hf_cryptorf_info();
bool verbose = (cmdp == 'v');
int res = infoHFCryptoRF(verbose);
if (res != PM3_SUCCESS && verbose) {
PrintAndLogEx(FAILED, "no 14443-B tag found");
}
return res;
}
static int CmdHFCryptoRFReader(const char *Cmd) {
char cmdp = tolower(param_getchar(Cmd, 0));
if (cmdp == 'h') return usage_hf_cryptorf_reader();
bool verbose = (cmdp == 'v');
int res = readHFCryptoRF(verbose);
if (res != PM3_SUCCESS && verbose) {
PrintAndLogEx(FAILED, "no 14443-B tag found");
}
return res;
}
// need to write to file
static int CmdHFCryptoRFDump(const char *Cmd) {
uint8_t fileNameLen = 0;
char filename[FILE_PATH_SIZE] = {0};
char *fptr = filename;
bool errors = false;
uint8_t cmdp = 0, cardtype = 1;
uint16_t cardsize = 0;
uint8_t blocks = 0;
iso14b_card_select_t card;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
return usage_hf_cryptorf_dump();
case 'f':
fileNameLen = param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE);
cmdp += 2;
break;
default:
if (cmdp == 0) {
cardtype = param_get8ex(Cmd, cmdp, 1, 10);
cmdp++;
} else {
PrintAndLogEx(WARNING, "Unknown parameter '%c'\n", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
}
//Validations
if (errors) return usage_hf_cryptorf_dump();
switch (cardtype) {
case 2:
cardsize = (512 / 8) + 4;
blocks = 0x0F;
break;
case 1:
default:
cardsize = (4096 / 8) + 4;
blocks = 0x7F;
break;
}
if (!get_14b_UID(&card)) {
PrintAndLogEx(WARNING, "No tag found.");
return PM3_SUCCESS;
}
if (fileNameLen < 1) {
PrintAndLogEx(INFO, "Using UID as filename");
fptr += sprintf(fptr, "hf-cryptorf-");
FillFileNameByUID(fptr, card.uid, "-dump", card.uidlen);
}
// detect blocksize from card :)
PrintAndLogEx(NORMAL, "Reading memory from tag UID %s", sprint_hex(card.uid, card.uidlen));
uint8_t data[cardsize];
memset(data, 0, sizeof(data));
int blocknum = 0;
uint8_t *recv = NULL;
PacketResponseNG resp;
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_SR, 0, 0, NULL, 0);
//select
if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
if (resp.oldarg[0]) {
PrintAndLogEx(INFO, "failed to select %" PRId64 " | %" PRId64, resp.oldarg[0], resp.oldarg[1]);
goto out;
}
}
uint8_t req[2] = {ISO14443B_READ_BLK};
for (int retry = 0; retry < 5; retry++) {
req[1] = blocknum;
clearCommandBuffer();
SendCommandOLD(CMD_HF_ISO14443B_COMMAND, ISO14B_APPEND_CRC | ISO14B_RAW, 2, 0, req, sizeof(req));
if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
uint8_t status = resp.oldarg[0] & 0xFF;
if (status > 0) {
continue;
}
uint16_t len = (resp.oldarg[1] & 0xFFFF);
recv = resp.data.asBytes;
if (!check_crc(CRC_14443_B, recv, len)) {
PrintAndLogEx(FAILED, "crc fail, retrying one more time");
continue;
}
memcpy(data + (blocknum * 4), resp.data.asBytes, 4);
if (blocknum == 0xFF) {
//last read.
break;
}
retry = 0;
blocknum++;
if (blocknum > blocks) {
// read config block
blocknum = 0xFF;
}
printf(".");
fflush(stdout);
}
}
if (blocknum != 0xFF) {
PrintAndLogEx(NORMAL, "\n Dump failed");
goto out;
}
PrintAndLogEx(NORMAL, "\n");
PrintAndLogEx(NORMAL, "block# | data | ascii");
PrintAndLogEx(NORMAL, "---------+--------------+----------");
for (int i = 0; i <= blocks; i++) {
PrintAndLogEx(NORMAL,
"%3d/0x%02X | %s | %s",
i,
i,
sprint_hex(data + (i * 4), 4),
sprint_ascii(data + (i * 4), 4)
);
}
PrintAndLogEx(NORMAL, "\n");
size_t datalen = (blocks + 1) * 4;
saveFileEML(filename, data, datalen, 4);
saveFile(filename, ".bin", data, datalen);
out:
return switch_off_field_cryptorf();
}
static int CmdHFCryptoRFELoad(const char *Cmd) {
size_t datalen = 1024;
char filename[FILE_PATH_SIZE] = {0x00};
bool errors = false, has_filename = false;
uint8_t cmdp = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h' :
return usage_hf_cryptorf_eload();
case 'f' :
if (param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE) >= FILE_PATH_SIZE) {
PrintAndLogEx(FAILED, "Filename too long");
errors = true;
break;
}
has_filename = true;
cmdp += 2;
break;
default :
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
if (has_filename == false)
errors = true;
//Validations
if (errors || strlen(Cmd) == 0) return usage_hf_cryptorf_eload();
// set up buffer
uint8_t *data = calloc(datalen, sizeof(uint8_t));
if (!data) {
PrintAndLogEx(WARNING, "Fail, cannot allocate memory");
return PM3_EMALLOC;
}
if (loadFile_safe(filename, ".bin", (void **)&data, &datalen) != PM3_SUCCESS) {
free(data);
PrintAndLogEx(WARNING, "Error, reading file");
return PM3_EFILE;
}
PrintAndLogEx(SUCCESS, "Uploading to emulator memory");
/*
// fast push mode
conn.block_after_ACK = true;
//Send to device
uint32_t bytes_sent = 0;
uint32_t bytes_remaining = bytes_read;
while (bytes_remaining > 0) {
uint32_t bytes_in_packet = MIN(PM3_CMD_DATA_SIZE, bytes_remaining);
if (bytes_in_packet == bytes_remaining) {
// Disable fast mode on last packet
conn.block_after_ACK = false;
}
clearCommandBuffer();
SendCommandOLD(CMD_HF_CRYPTORF_EML_MEMSET, bytes_sent, bytes_in_packet, 0, data + bytes_sent, bytes_in_packet);
bytes_remaining -= bytes_in_packet;
bytes_sent += bytes_in_packet;
}
*/
free(data);
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, "Done");
return PM3_SUCCESS;
}
static int CmdHFCryptoRFESave(const char *Cmd) {
char filename[FILE_PATH_SIZE] = {0};
char *fptr = filename;
int fileNameLen = 0;
size_t numofbytes = 1024;
bool errors = false;
uint8_t cmdp = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h' :
return usage_hf_cryptorf_esave();
case 'f' :
fileNameLen = param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE);
if (!fileNameLen)
errors = true;
if (fileNameLen > FILE_PATH_SIZE - 5)
fileNameLen = FILE_PATH_SIZE - 5;
cmdp += 2;
break;
default :
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
//Validations
if (errors || strlen(Cmd) == 0) return usage_hf_cryptorf_esave();
// set up buffer
uint8_t *data = calloc(numofbytes, sizeof(uint8_t));
if (!data) {
PrintAndLogEx(WARNING, "Fail, cannot allocate memory");
return PM3_EMALLOC;
}
// download emulator memory
PrintAndLogEx(SUCCESS, "Reading emulator memory...");
if (!GetFromDevice(BIG_BUF_EML, data, numofbytes, 0, NULL, 0, NULL, 2500, false)) {
PrintAndLogEx(WARNING, "Fail, transfer from device time-out");
free(data);
return PM3_ETIMEOUT;
}
// user supplied filename?
if (fileNameLen < 1) {
PrintAndLogEx(INFO, "Using UID as filename");
fptr += sprintf(fptr, "hf-cryptorf-");
FillFileNameByUID(fptr, data, "-dump", 4);
}
saveFile(filename, ".bin", data, numofbytes);
//needs to change
saveFileEML(filename, data, numofbytes, 8);
//needs to change
saveFileJSON(filename, jsfRaw, data, numofbytes);
return PM3_SUCCESS;
}
static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"dump", CmdHFCryptoRFDump, IfPm3Iso14443b, "Read all memory pages of an CryptoRF tag, save to file"},
{"info", CmdHFCryptoRFInfo, IfPm3Iso14443b, "Tag information"},
{"list", CmdHFCryptoRFList, AlwaysAvailable, "List ISO 14443B history"},
{"reader", CmdHFCryptoRFReader, IfPm3Iso14443b, "Act as a CryptoRF reader to identify a tag"},
{"sim", CmdHFCryptoRFSim, IfPm3Iso14443b, "Fake CryptoRF tag"},
{"sniff", CmdHFCryptoRFSniff, IfPm3Iso14443b, "Eavesdrop CryptoRF"},
{"eload", CmdHFCryptoRFELoad, AlwaysAvailable, "Load binary dump to emulator memory"},
{"esave", CmdHFCryptoRFESave, AlwaysAvailable, "Save emulator memory to binary file"},
{NULL, NULL, NULL, NULL}
};
static int CmdHelp(const char *Cmd) {
(void)Cmd; // Cmd is not used so far
CmdsHelp(CommandTable);
return PM3_SUCCESS;
}
int CmdHFCryptoRF(const char *Cmd) {
clearCommandBuffer();
return CmdsParse(CommandTable, Cmd);
}
// Print extented information about tag.
int infoHFCryptoRF(bool verbose) {
int res = PM3_ESOFT;
// 14b get and print UID only (general info)
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_STD | ISO14B_DISCONNECT, 0, 0, NULL, 0);
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
if (verbose) PrintAndLogEx(WARNING, "command execution timeout");
switch_off_field_cryptorf();
return false;
}
iso14b_card_select_t card;
memcpy(&card, (iso14b_card_select_t *)resp.data.asBytes, sizeof(iso14b_card_select_t));
uint64_t status = resp.oldarg[0];
switch (status) {
case 0:
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, " UID : %s", sprint_hex(card.uid, card.uidlen));
PrintAndLogEx(SUCCESS, " ATQB : %s", sprint_hex(card.atqb, sizeof(card.atqb)));
PrintAndLogEx(SUCCESS, " CHIPID : %02X", card.chipid);
res = PM3_SUCCESS;
break;
case 2:
if (verbose) PrintAndLogEx(FAILED, "ISO 14443-3 ATTRIB fail");
break;
case 3:
if (verbose) PrintAndLogEx(FAILED, "ISO 14443-3 CRC fail");
break;
default:
if (verbose) PrintAndLogEx(FAILED, "ISO 14443-b card select failed");
break;
}
return res;
}
// get and print general info cryptoRF
int readHFCryptoRF(bool verbose) {
int res = PM3_ESOFT;
// 14b get and print UID only (general info)
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_STD | ISO14B_DISCONNECT, 0, 0, NULL, 0);
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
if (verbose) PrintAndLogEx(WARNING, "command execution timeout");
return PM3_ETIMEOUT;
}
iso14b_card_select_t card;
memcpy(&card, (iso14b_card_select_t *)resp.data.asBytes, sizeof(iso14b_card_select_t));
uint64_t status = resp.oldarg[0];
switch (status) {
case 0:
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, " UID : %s", sprint_hex(card.uid, card.uidlen));
PrintAndLogEx(SUCCESS, " ATQB : %s", sprint_hex(card.atqb, sizeof(card.atqb)));
PrintAndLogEx(SUCCESS, " CHIPID : %02X", card.chipid);
res = PM3_SUCCESS;
break;
case 2:
if (verbose) PrintAndLogEx(FAILED, "ISO 14443-3 ATTRIB fail");
break;
case 3:
if (verbose) PrintAndLogEx(FAILED, "ISO 14443-3 CRC fail");
break;
default:
if (verbose) PrintAndLogEx(FAILED, "ISO 14443-b card select failed");
break;
}
return res;
}

20
client/cmdhfcryptorf.h Normal file
View file

@ -0,0 +1,20 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2020 iceman
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// High frequency CryptoRF commands (ISO14443B)
//-----------------------------------------------------------------------------
#ifndef CMDHFCRYPTORF_H__
#define CMDHFCRYPTORF_H__
#include "common.h"
int CmdHFCryptoRF(const char *Cmd);
int infoHFCryptoRF(bool verbose);
int readHFCryptoRF(bool verbose);
#endif

6
client/cmdhffelica.c
View file

@ -1847,7 +1847,7 @@ int readFelicaUid(bool verbose) {
}
static command_t CommandTable[] = {
{"----------- General -----------", CmdHelp, IfPm3Iso14443a, ""},
{"----------- General -----------", CmdHelp, AlwaysAvailable, ""},
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"list", CmdHFFelicaList, AlwaysAvailable, "List ISO 18092/FeliCa history"},
{"reader", CmdHFFelicaReader, IfPm3Felica, "Act like an ISO18092/FeliCa reader"},
@ -1855,7 +1855,7 @@ static command_t CommandTable[] = {
{"raw", CmdHFFelicaCmdRaw, IfPm3Felica, "Send raw hex data to tag"},
{"rdunencrypted", CmdHFFelicaReadWithoutEncryption, IfPm3Felica, "read Block Data from authentication-not-required Service."},
{"wrunencrypted", CmdHFFelicaWriteWithoutEncryption, IfPm3Felica, "write Block Data to an authentication-not-required Service."},
{"----------- FeliCa Standard -----------", CmdHelp, IfPm3Iso14443a, ""},
{"----------- FeliCa Standard -----------", CmdHelp, AlwaysAvailable, ""},
//{"dump", CmdHFFelicaDump, IfPm3Felica, "Wait for and try dumping FeliCa"},
{"rqservice", CmdHFFelicaRequestService, IfPm3Felica, "verify the existence of Area and Service, and to acquire Key Version."},
{"rqresponse", CmdHFFelicaRequestResponse, IfPm3Felica, "verify the existence of a card and its Mode."},
@ -1874,7 +1874,7 @@ static command_t CommandTable[] = {
//{"readv2", CmdHFFelicaNotImplementedYet, IfPm3Felica, "read Block Data from authentication-required Service."},
//{"writev2", CmdHFFelicaNotImplementedYet, IfPm3Felica, "write Block Data to authentication-required Service."},
//{"uprandomid", CmdHFFelicaNotImplementedYet, IfPm3Felica, "update Random ID (IDr)."},
{"----------- FeliCa Light -----------", CmdHelp, IfPm3Iso14443a, ""},
{"----------- FeliCa Light -----------", CmdHelp, AlwaysAvailable, ""},
{"litesim", CmdHFFelicaSimLite, IfPm3Felica, "<NDEF2> - only reply to poll request"},
{"litedump", CmdHFFelicaDumpLite, IfPm3Felica, "Wait for and try dumping FelicaLite"},
// {"sim", CmdHFFelicaSim, IfPm3Felica, "<UID> -- Simulate ISO 18092/FeliCa tag"}

2
client/cmdhficlass.c
View file

@ -2050,7 +2050,7 @@ static int CmdHFiClassReadTagFile(const char *Cmd) {
if (verbose) {
PrintAndLogEx(INFO, "File: " _YELLOW_("%s"), filename);
PrintAndLogEx(INFO, "File size %d bytes, file blocks %d (0x%02x)", bytes_read, bytes_read >> 3, bytes_read >> 3);
PrintAndLogEx(INFO, "File size %zu bytes, file blocks %d (0x%x)", bytes_read, (uint16_t)(bytes_read >> 3), (uint16_t)(bytes_read >> 3));
PrintAndLogEx(INFO, "Printing blocks from");
PrintAndLogEx(INFO, "start " _YELLOW_("0x%02x") "end " _YELLOW_("0x%02x"), (startblock == 0) ? 6 : startblock, endblock);
}

75
client/cmdhflegic.c
View file

@ -1013,43 +1013,47 @@ static int CmdLegicDump(const char *Cmd) {
saveFile(filename, ".bin", data, readlen);
saveFileEML(filename, data, readlen, 8);
saveFileJSON(filename, jsfLegic, data, readlen);
free(data);
return PM3_SUCCESS;
}
static int CmdLegicRestore(const char *Cmd) {
char filename[FILE_PATH_SIZE] = {0x00};
size_t fileNlen = 0;
bool errors = false, shall_obsfuscate = false;
bool errors = false, shall_obsfuscate = false, have_filename = false;
size_t numofbytes;
uint8_t cmdp = 0;
memset(filename, 0, sizeof(filename));
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
case 'h': {
errors = true;
break;
case 'f':
fileNlen = param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE);
if (!fileNlen)
errors = true;
if (fileNlen > FILE_PATH_SIZE - 5)
fileNlen = FILE_PATH_SIZE - 5;
}
case 'f': {
if (param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE) >= FILE_PATH_SIZE) {
PrintAndLogEx(FAILED, "Filename too long");
break;
}
have_filename = true;
cmdp += 2;
break;
case 'x':
}
case 'x': {
shall_obsfuscate = true;
cmdp++;
break;
default:
}
default: {
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
}
if (have_filename == false)
errors = true;
//Validations
if (errors || cmdp == 0) return usage_legic_restore();
@ -1076,7 +1080,7 @@ static int CmdLegicRestore(const char *Cmd) {
}
if (card.cardsize != numofbytes) {
PrintAndLogEx(WARNING, "Fail, filesize and cardsize is not equal. [%zu != %u]", card.cardsize, numofbytes);
PrintAndLogEx(WARNING, "Fail, filesize and cardsize is not equal. [%u != %zu]", card.cardsize, numofbytes);
free(data);
return PM3_EFILE;
}
@ -1132,45 +1136,54 @@ static int CmdLegicRestore(const char *Cmd) {
static int CmdLegicELoad(const char *Cmd) {
size_t numofbytes = 256;
int fileNameLen = 0;
char filename[FILE_PATH_SIZE] = {0x00};
bool errors = false, shall_obsfuscate = false;
bool errors = false, shall_obsfuscate = false, have_filename = false;
uint8_t cmdp = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h' :
case 'h' : {
return usage_legic_eload();
case 'f' :
fileNameLen = param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE);
if (!fileNameLen)
errors = true;
if (fileNameLen > FILE_PATH_SIZE - 5)
fileNameLen = FILE_PATH_SIZE - 5;
}
case 'f' : {
if (param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE) >= FILE_PATH_SIZE) {
PrintAndLogEx(FAILED, "Filename too long");
break;
}
have_filename = true;
cmdp += 2;
break;
case 'x':
}
case 'x': {
shall_obsfuscate = true;
cmdp++;
break;
case '0' :
}
case '0' : {
numofbytes = 22;
cmdp++;
break;
case '1' :
}
case '1' : {
numofbytes = 256;
cmdp++;
break;
case '2' :
}
case '2' : {
numofbytes = 1024;
cmdp++;
break;
default :
}
default : {
PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true;
break;
}
}
}
if (have_filename == false)
errors = true;
//Validations
if (errors || strlen(Cmd) == 0) return usage_legic_eload();
@ -1358,8 +1371,8 @@ static command_t CommandTable[] = {
{"sim", CmdLegicSim, IfPm3Legicrf, "Start tag simulator"},
{"wrbl", CmdLegicWrbl, IfPm3Legicrf, "Write data to a LEGIC Prime tag"},
{"crc", CmdLegicCalcCrc, AlwaysAvailable, "Calculate Legic CRC over given bytes"},
{"eload", CmdLegicELoad, IfPm3Legicrf, "Load binary dump to emulator memory"},
{"esave", CmdLegicESave, IfPm3Legicrf, "Save emulator memory to binary file"},
{"eload", CmdLegicELoad, AlwaysAvailable, "Load binary dump to emulator memory"},
{"esave", CmdLegicESave, AlwaysAvailable, "Save emulator memory to binary file"},
{"wipe", CmdLegicWipe, IfPm3Legicrf, "Wipe a LEGIC Prime tag"},
{NULL, NULL, NULL, NULL}
};

2
client/cmdhfmf.c
View file

@ -3712,7 +3712,7 @@ int CmdHF14AMfELoad(const char *Cmd) {
}
}
PrintAndLogEx(INFO, "Copying to emulator memory");
PrintAndLogEx(INFO, "Uploading to emulator memory");
// fast push mode
conn.block_after_ACK = true;

14
client/cmdhfmfu.c
View file

@ -2782,6 +2782,19 @@ static int CmdHF14MfuNDEF(const char *Cmd) {
maxsize = ndef_get_maxsize(data + 12);
}
// iceman: maybe always take MIN of tag identified size vs NDEF reported size?
// fix: UL_EV1 48bytes != NDEF reported size
for (uint8_t i = 0; i < ARRAYLEN(UL_TYPES_ARRAY); i++) {
if (tagtype & UL_TYPES_ARRAY[i]) {
if (maxsize != (UL_MEMORY_ARRAY[i] * 4) ) {
PrintAndLogEx(INFO, "Tag reported size vs NDEF reported size mismatch. Using smallest value");
}
maxsize = MIN(maxsize, (UL_MEMORY_ARRAY[i] * 4));
break;
}
}
// allocate mem
uint8_t *records = calloc(maxsize, sizeof(uint8_t));
if (records == NULL) {
@ -2795,6 +2808,7 @@ static int CmdHF14MfuNDEF(const char *Cmd) {
if (status == -1) {
DropField();
PrintAndLogEx(ERR, "Error: tag didn't answer to READ");
free(records);
return PM3_ESOFT;
}
}

4
client/emv/emvjson.c
View file

@ -94,6 +94,10 @@ int JsonSaveStr(json_t *root, const char *path, const char *value) {
return JsonSaveJsonObject(root, path, json_string(value));
};
int JsonSaveBoolean(json_t *root, const char *path, bool value) {
return JsonSaveJsonObject(root, path, json_boolean(value));
}
int JsonSaveBufAsHexCompact(json_t *elm, const char *path, uint8_t *data, size_t datalen) {
char *msg = sprint_hex_inrow(data, datalen);
if (msg && strlen(msg) && msg[strlen(msg) - 1] == ' ')

1
client/emv/emvjson.h
View file

@ -24,6 +24,7 @@ const char *GetApplicationDataName(tlv_tag_t tag);
int JsonSaveJsonObject(json_t *root, const char *path, json_t *value);
int JsonSaveStr(json_t *root, const char *path, const char *value);
int JsonSaveBoolean(json_t *root, const char *path, bool value);
int JsonSaveInt(json_t *root, const char *path, int value);
int JsonSaveBufAsHexCompact(json_t *elm, const char *path, uint8_t *data, size_t datalen);
int JsonSaveBufAsHex(json_t *elm, const char *path, uint8_t *data, size_t datalen);

8
client/fileutils.c
View file

@ -38,6 +38,7 @@
// this define is needed for scandir/alphasort to work
#define _GNU_SOURCE
#include "fileutils.h"
#include "settings.h"
#include <dirent.h>
#include <ctype.h>
@ -425,6 +426,9 @@ int saveFileJSON(const char *preferredName, JSONFileType ftype, uint8_t *data, s
}
}
break;
case jsfSettings:
settings_save_callback (root);
break;
default:
break;
}
@ -863,7 +867,9 @@ int loadFileJSON(const char *preferredName, void *data, size_t maxdatalen, size_
}
*datalen = sptr;
}
if (!strcmp(ctype,"settings")) {
settings_load_callback (root);
}
PrintAndLogEx(SUCCESS, "loaded from JSON file " _YELLOW_("%s"), fileName);
out:
json_decref(root);

1
client/fileutils.h
View file

@ -62,6 +62,7 @@ typedef enum {
jsfT55x7,
jsfT5555,
jsfMfPlusKeys,
jsfSettings,
} JSONFileType;
typedef enum {

4
client/luascripts/emul2dump.lua
View file

@ -7,7 +7,7 @@ copyright = ''
author = 'Iceman'
version = 'v1.0.2'
desc =[[
This script takes an dumpfile on EML (ASCII) format and converts it to the PM3 dumpbin file to be used with `hf mf restore`
This script takes an dumpfile in EML (ASCII) format and converts it to the PM3 dumpbin file to be used with `hf mf restore`
]]
example =[[
1. script run emul2dump
@ -25,7 +25,7 @@ arguments = [[
]]
---
-- This is only meant to be used when errors occur
local function dbg(err)
local function dbg(args)
if not DEBUG then return end
if type(args) == 'table' then
local i = 1

14
client/luascripts/formatMifare.lua
View file

@ -3,10 +3,11 @@ local getopt = require('getopt')
local bin = require('bin')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will generate 'hf mf wrbl' commands for each block to format a Mifare card.
@ -29,8 +30,8 @@ example = [[
]]
usage = [[
script run formatMifare -k <key> -n <key> -a <access> -x
Arguments:
]]
arguments = [[
-h - this help
-k <key> - the current six byte key with write access
-n <key> - the new key that will be written to the card
@ -71,9 +72,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

49
client/luascripts/hf_bruteforce.lua
View file

@ -2,38 +2,38 @@
-- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Daniel Underhay (updated), Keld Norman(original)'
version = 'v2.0.0'
usage = [[
pm3 --> script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type
Arguments:
-h this help
-s 0-0xFFFFFFFF start id
-e 0-0xFFFFFFFF end id
-t 0-99999, pause timeout (ms) between cards (use the word 'pause' to wait for user input)
-x mfc, mfu mifare type: mfc for Mifare Classic (default) or mfu for Mifare Ultralight EV1
Example:
pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
version = 'v2.0.1'
desc =[[
This script bruteforces 4 or 7 byte UID Mifare classic card numbers.
]]
example =[[
Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346.
pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679.
script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
]]
usage = [[
script run hf_bruteforce [-s <start_id>] [-e <end_id>] [-t <timeout>] [-x <mifare_card_type>]
]]
arguments = [[
-h this help
-s 0-0xFFFFFFFF start id
-e 0-0xFFFFFFFF end id
-t 0-99999, pause timeout (ms) between cards
(use the word 'pause' to wait for user input)
-x mfc, mfu mifare type:
mfc for Mifare Classic (default)
mfu for Mifare Ultralight EV1
]]
local DEBUG = true
---
-- Debug print function
local function dbg(args)
@ -62,9 +62,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
--- Print user message

60
client/luascripts/hf_read.lua
View file

@ -1,6 +1,65 @@
local reader = require('hf_reader')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = ''
version = 'v1.0.1'
desc = [[
This script tries to detect a HF card. Just like 'hf search' does but this is experimental
]]
example = [[
1. script run hf_read
]]
usage = [[
script run hf_read
]]
arguments = [[
-h - this help
]]
---
-- This is only meant to be used when errors occur
local function dbg(args)
if not DEBUG then return end
if type(args) == 'table' then
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
print('###', args)
end
end
---
-- This is only meant to be used when errors occur
local function oops(err)
print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end
---
-- Usage help
local function help()
print(copyright)
print(author)
print(version)
print(desc)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
--
local function main(args)
-- Arguments for the script
for o, a in getopt.getopt(args, 'h') do
if o == 'h' then return help() end
end
print("WORK IN PROGRESS - not expected to be functional yet")
info, err = reader.waitForTag()
@ -15,4 +74,5 @@ local function main(args)
end
return
end
main(args)

14
client/luascripts/htmldump.lua
View file

@ -3,10 +3,11 @@
getopt = require('getopt')
bin = require('bin')
dumplib = require('html_dumplib')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Martin Holst Swende'
version = 'v1.0.1'
version = 'v1.0.2'
desc =[[
This script takes a dumpfile and produces a html based dump, which is a
bit more easily analyzed.
@ -16,8 +17,8 @@ example = [[
]]
usage = [[
script run htmldump [-i <file>] [-o <file>]
Arguments:
]]
arguments = [[
-h This help
-i <file> Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
-o <filename> Speciies the output file. If omitted, <curtime>.html is used.
@ -55,9 +56,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local function main(args)

15
client/luascripts/init_rdv4.lua
View file

@ -1,21 +1,21 @@
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2019 IceSQL AB. All rights reserved.'
author = 'Christian Herrmann'
version = 'v1.0.0'
version = 'v1.0.1'
desc = [[
This script initialize a Proxmark3 RDV4.0 with
- uploading dictionary files to flashmem
- configuring the LF T55X7 device settings
]]
example = [[
script run init_rdv4
]]
usage = [[
script run init_rdv4 -h
Arguments:
]]
arguments = [[
-h : this help
]]
@ -48,9 +48,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- The main entry point

14
client/luascripts/iso15_magic.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local lib15 = require('read15')
local getopt = require('getopt')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2018 IceSQL AB. All rights reserved.'
author = 'Christian Herrmann'
version = 'v1.0.5'
version = 'v1.0.6'
desc = [[
This script tries to set UID on a IS15693 SLIX magic card
Remember the UID ->MUST<- start with 0xE0
@ -20,8 +21,8 @@ example = [[
]]
usage = [[
script run iso15_magic -h -u <uid>
Arguments:
]]
arguments = [[
-h : this help
-u <UID> : UID (16 hexsymbols)
-a : use offical pm3 repo ISO15 commands instead of iceman fork.
@ -56,9 +57,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
--- Set UID on magic command enabled on a ICEMAN based REPO

14
client/luascripts/legic_buffer2card.lua
View file

@ -1,10 +1,11 @@
local utils = require('utils')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
-- this script writes bytes 8 to 256 on the Legic MIM256
copyright = ''
author = 'Mosci'
version = 'v1.0.1'
version = 'v1.0.2'
desc =
[[
This is a script which writes value 0x01 to bytes from position 0x07 until 0xFF on a Legic Prime Tag (MIM256 or MIM1024) -- (created with 'hf legic save my_dump.hex') --
@ -14,8 +15,8 @@ example = [[
]]
usage = [[
script run legic_buffer2card -h
Arguments
]]
arguments = [[
-h - Help text
]]
@ -33,9 +34,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- simple loop-write from 0x07 to 0xff

255
client/luascripts/Legic_clone.lua → client/luascripts/legic_clone.lua
View file

@ -1,8 +1,12 @@
local utils = require('utils')
local cmds = require('commands')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
--[[
script to create a clone-dump with new crc
Author: mosci
my Fork: https://github.com/icsom/proxmark3.git
Upstream: https://github.com/Proxmark/proxmark3.git
1. read tag-dump, xor byte 22..end with byte 0x05 of the inputfile
2. write to outfile
@ -12,19 +16,18 @@
6. calculate new crc on each segment (needs to know the new MCD & MSN0..2)
simplest usage:
read a valid legic tag with 'hf legic reader'
save the dump with 'hf legic save orig.hex'
place your 'empty' tag on the reader and run 'script run Legic_clone -i orig.hex -w'
Dump a legic tag with 'hf legic dump'
place your 'empty' tag on the reader and run
'script run legic_clone -i orig.bin -w'
you will see some output like:
read 1024 bytes from legic_dumps/j_0000.hex
read 1024 bytes from orig.bin
place your empty tag onto the PM3 to read and display the MCD & MSN0..2
the values will be shown below
confirm when ready [y/n] ?y
#db# setting up legic card
#db# MIM 256 card found, reading card ...
#db# Card read, use 'hf legic decode' or
#db# 'data hexsamples 8' to view results
0b ad c0 de <- !! here you'll see the MCD & MSN of your empty tag, which has to be typed in manually as seen below !!
type in MCD as 2-digit value - e.g.: 00 (default: 79 )
> 0b
@ -86,49 +89,63 @@
copyright = ''
author = 'Mosci'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This is a script which creates a clone-dump of a dump from a Legic Prime Tag (MIM256 or MIM1024)
(created with 'hf legic save my_dump.hex')
This is a script which creates a clone-dump of a dump from a LEGIC Prime Tag (MIM256 or MIM1024)
Create a dump by running `hf legic dump`.
]]
example = [[
script run legic_clone -i my_dump.hex -o my_clone.hex -c f8
script run legic_clone -i my_dump.hex -d -s
script run legic_clone -i my_dump.bin -o my_clone.bin -c f8
script run legic_clone -i my_dump.bin -d -s
]]
usage = [[
script run legic_clone -h -i <file> -o <file> -c <crc> -d -s -w
script run legic_clone [-h] [-i <file>] [-o <file>] [-c <crc>] [-d] [-s] [-w]
]]
arguments = [[
required :
-i <input file> - file to read data from, must be in binary format (*.bin)
required arguments:
-i <input file> (file to read data from)
optional arguments :
optional :
-h - Help text
-o <output file> - requires option -c to be given
-c <new-tag crc> - requires option -o to be given
-d - Display content of found Segments
-s - Display summary at the end
-w - write directly to Tag - a file myLegicClone.hex wille be generated also
-w - write directly to tag - a file hf-legic-UID-dump.bin will also be generated
e.g.:
hint: using the CRC '00' will result in a plain dump ( -c 00 )
]]
local utils = require('utils')
local getopt = require('getopt')
local DEBUG = true
local bxor = bit32.bxor
---
-- This is only meant to be used when errors occur
local function dbg(args)
if not DEBUG then return end
if type(args) == 'table' then
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
print('###', args)
end
end
-- we need always 2 digits
local function prepend_zero(s)
if (string.len(s) == 1) then
if s == nil then return '..' end
if (#s == 1) then
return '0' .. s
else
if (string.len(s) == 0) then
if (#s == 0) then
return '00'
else
return s
end
end
end
---
-- This is only meant to be used when errors occur
local function oops(err)
@ -136,7 +153,6 @@ local function oops(err)
core.clearCommandBuffer()
return nil, err
end
---
-- Usage help
local function help()
@ -144,20 +160,38 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
-- read LEGIC data
local function readlegicdata(offset, length, iv)
-- Read data
local command = Command:newMIX{
cmd = cmds.CMD_HF_LEGIC_READER
, arg1 = offset
, arg2 = length
, arg3 = iv
, data = nil
}
local result, err = command:sendMIX()
if not result then return oops(err) end
-- result is a packed data structure, data starts at offset 33
return result
end
-- Check availability of file
local function file_check(file_name)
local file_found = io.open(file_name, "r")
if not file_found then
file_found = false
local exists = io.open(file_name, "r")
if not exists then
exists = false
else
file_found = true
exists = true
end
return file_found
return exists
end
--- xor-wrapper
@ -172,48 +206,28 @@ end
-- read input-file into array
local function getInputBytes(infile)
local line
local bytes = {}
local f = io.open(infile, "rb")
if f == nil then print("OOps ... failed to read from file ".. infile); return false; end
local fhi,err = io.open(infile)
if err then print("OOps ... faild to read from file ".. infile); return false; end
local str = f:read("*all")
f:close()
while true do
line = fhi:read()
if line == nil then break end
for byte in line:gmatch("%w+") do
table.insert(bytes, byte)
end
for c in (str or ''):gmatch'.' do
bytes[#bytes + 1] = ('%02x'):format(c:byte())
end
fhi:close()
print("\nread ".. #bytes .." bytes from ".. infile)
print("\nread ".. #bytes .." bytes from "..ansicolors.yellow..infile..ansicolors.reset)
return bytes
end
-- write to file
local function writeOutputBytes(bytes, outfile)
local line
local bcnt = 0
local fho,err = io.open(outfile,"w")
local fho,err = io.open(outfile, "wb")
if err then print("OOps ... faild to open output-file ".. outfile); return false; end
for i = 1, #bytes do
if (bcnt == 0) then
line = bytes[i]
elseif (bcnt <= 7) then
line = line.." "..bytes[i]
end
if (bcnt == 7) then
-- write line to new file
fho:write(line.."\n")
-- reset counter & line
bcnt = -1
line = ""
end
bcnt = bcnt + 1
fho:write(string.char(tonumber(bytes[i], 16)))
end
fho:close()
print("\nwrote ".. #bytes .." bytes to " .. outfile)
@ -237,7 +251,7 @@ local function xorBytes(inBytes, crc)
end
-- get raw segment-data
function getSegmentData(bytes, start, index)
local function getSegmentData(bytes, start, index)
local raw, len, valid, last, wrp, wrc, rd, crc
local segment = {}
segment[0] = bytes[start]..' '..bytes[start + 1]..' '..bytes[start + 2]..' '..bytes[start + 3]
@ -276,7 +290,7 @@ end
--- Kaba Group Header
-- checks if a segment does have a kghCRC
-- returns boolean false if no kgh has being detected or the kghCRC if a kgh was detected
function CheckKgh(bytes, segStart, segEnd)
local function CheckKgh(bytes, segStart, segEnd)
if (bytes[8] == '9f' and bytes[9] == 'ff' and bytes[13] == '11') then
local i
local data = {}
@ -304,7 +318,7 @@ function CheckKgh(bytes, segStart, segEnd)
end
-- get only the addresses of segemnt-crc's and the length of bytes
function getSegmentCrcBytes(bytes)
local function getSegmentCrcBytes(bytes)
local start = 23
local index = 0
local crcbytes = {}
@ -318,8 +332,22 @@ function getSegmentCrcBytes(bytes)
return crcbytes
end
-- print segment-data (hf legic decode like)
function displaySegments(bytes)
-- print Segment values
local function printSegment(SegmentData)
res = "\nSegment "..SegmentData[9]..": "
res = res.. "raw header="..SegmentData[0]..", "
res = res.. "flag="..SegmentData[1].." (valid="..SegmentData[2].." last="..SegmentData[3].."), "
res = res.. "len="..("%04d"):format(SegmentData[4])..", "
res = res.. "WRP="..prepend_zero(SegmentData[5])..", "
res = res.. "WRC="..prepend_zero(SegmentData[6])..", "
res = res.. "RD="..SegmentData[7]..", "
res = res.. "crc="..SegmentData[8]
print(res)
end
-- print segment-data (hf legic info like)
local function displaySegments(bytes)
--display segment header(s)
start = 23
index = '00'
@ -330,7 +358,10 @@ function displaySegments(bytes)
wrp = ''
pld = ''
Seg = getSegmentData(bytes, start, index)
if Seg == nil then return OOps("segment is nil") end
KGH = CheckKgh(bytes, start, (start + tonumber(Seg[4], 10)))
printSegment(Seg)
-- wrc
@ -361,7 +392,7 @@ function displaySegments(bytes)
end
print(pld)
if (KGH) then
print("'Kaba Group Header' detected")
print(ansicolors.yellow.."'Kaba Group Header' detected"..ansicolors.reset)
end
start = start + Seg[4]
index = prepend_zero(tonumber(Seg[9]) + 1)
@ -369,43 +400,33 @@ function displaySegments(bytes)
until (Seg[3] == 1 or tonumber(Seg[9]) == 126 )
end
-- print Segment values
function printSegment(SegmentData)
res = "\nSegment "..SegmentData[9]..": "
res = res.. "raw header="..SegmentData[0]..", "
res = res.. "flag="..SegmentData[1].." (valid="..SegmentData[2].." last="..SegmentData[3].."), "
res = res.. "len="..("%04d"):format(SegmentData[4])..", "
res = res.. "WRP="..prepend_zero(SegmentData[5])..", "
res = res.. "WRC="..prepend_zero(SegmentData[6])..", "
res = res.. "RD="..SegmentData[7]..", "
res = res.. "crc="..SegmentData[8]
print(res)
end
-- write clone-data to tag
function writeToTag(plainBytes)
local function writeToTag(plainBytes)
local SegCrcs = {}
if(utils.confirm("\nplace your empty tag onto the PM3 to read and display the MCD & MSN0..2\nthe values will be shown below\n confirm when ready") == false) then
local output
local readbytes
if (utils.confirm("\nplace your empty tag onto the PM3 to restore the data of the input file\nthe CRCs will be calculated as needed\n confirm when ready") == false) then
return
end
readbytes = readlegicdata(0, 4, 0x55)
-- gather MCD & MSN from new Tag - this must be enterd manually
cmd = 'hf legic read 0x00 0x04'
core.console(cmd)
print("\nthese are the MCD MSN0 MSN1 MSN2 from the Tag that has being read:")
cmd = 'data hexsamples 4'
core.console(cmd)
print("^^ use this values as input for the following answers (one 2-digit-value per question/answer):")
-- enter MCD & MSN (in hex)
MCD = utils.input("type in MCD as 2-digit value - e.g.: 00", plainBytes[1])
MSN0 = utils.input("type in MSN0 as 2-digit value - e.g.: 01", plainBytes[2])
MSN1 = utils.input("type in MSN1 as 2-digit value - e.g.: 02", plainBytes[3])
MSN2 = utils.input("type in MSN2 as 2-digit value - e.g.: 03", plainBytes[4])
-- readbytes is a usbcommandOLD package, hence 32 bytes offset until data.
plainBytes[1] = ('%02x'):format(readbytes:byte(33))
plainBytes[2] = ('%02x'):format(readbytes:byte(34))
plainBytes[3] = ('%02x'):format(readbytes:byte(35))
plainBytes[4] = ('%02x'):format(readbytes:byte(36))
MCD = plainBytes[1]
MSN0 = plainBytes[2]
MSN1 = plainBytes[3]
MSN2 = plainBytes[4]
-- calculate crc8 over MCD & MSN
cmd = MCD..MSN0..MSN1..MSN2
MCC = ("%02x"):format(utils.Crc8Legic(cmd))
print("MCD:"..MCD..", MSN:"..MSN0.." "..MSN1.." "..MSN2..", MCC:"..MCC)
print("MCD:"..ansicolors.green..MCD..ansicolors.reset..", MSN:"..ansicolors.green..MSN0.." "..MSN1.." "..MSN2..ansicolors.reset..", MCC:"..MCC)
-- calculate new Segment-CRC for each valid segment
SegCrcs = getSegmentCrcBytes(plainBytes)
@ -433,32 +454,15 @@ function writeToTag(plainBytes)
bytes = xorBytes(plainBytes, MCC)
-- write data to file
if (writeOutputBytes(bytes, "myLegicClone.hex")) then
WriteBytes = utils.input("enter number of bytes to write?", SegCrcs[#SegCrcs])
-- load file into pm3-buffer
cmd = 'hf legic eload myLegicClone.hex'
core.console(cmd)
if (writeOutputBytes(bytes, "hf-legic-UID-dump.bin")) then
-- write pm3-buffer to Tag
for i=0, WriteBytes do
if ( i<5 or i>6) then
cmd = ('hf legic write o %02x d 01'):format(i)
cmd = ('hf legic restore f hf-legic-UID-dump')
core.console(cmd)
elseif (i == 6) then
-- write DCF in reverse order (requires 'mosci-patch')
cmd = 'hf legic write o 05 d 02'
core.console(cmd)
else
print("skipping byte 0x05 - will be written next step")
end
utils.Sleep(0.2)
end
end
end
-- main function
function main(args)
local function main(args)
-- some variables
local i = 0
local oldcrc, newcrc, infile, outfile
@ -479,19 +483,18 @@ function main(args)
-- input file
if o == 'i' then
infile = a
if (file_check(infile)==false) then
return oops('input file: '..infile..' not found')
else
if (file_check(infile) == false) then return oops('input file: '..infile..' not found') end
bytes = getInputBytes(infile)
oldcrc = bytes[5]
ifs = true
if (bytes == false) then return oops('couldnt get input bytes') end
end
if (bytes == false) then return oops('couldnt read file') end
i = i + 1
end
-- new crc
if o == 'c' then
newcrc = a
newcrc = a:lower()
ncs = true
end
-- display segments switch
@ -504,7 +507,7 @@ function main(args)
if o == 'h' then return help() end
end
if (not ifs) then return oops('option -i <input file> is required but missing') end
if (not ifs) then return oops('option -i <input file> is required') end
-- bytes to plain
bytes = xorBytes(bytes, oldcrc)
@ -526,12 +529,14 @@ function main(args)
res = "\n+-------------------------------------------- Summary -------------------------------------------+"
res = res .."\ncreated clone_dump from\n\t"..infile.." crc: "..oldcrc.."\ndump_file:"
res = res .."\n\t"..outfile.." crc: "..string.sub(newcrc, -2)
res = res .."\nyou may load the new file with: hf legic load "..outfile
res = res .."\nyou may load the new file with:"
res = res ..ansicolors.yellow.."hf legic eload f "..outfile..ansicolors.reset
res = res .."\n\nif you don't write to tag immediately ('-w' switch) you will need to recalculate each segmentCRC"
res = res .."\nafter writing this dump to a tag!"
res = res .."\n\na segmentCRC gets calculated over MCD,MSN0..3, Segment-Header0..3"
res = res .."\ne.g. (based on Segment00 of the data from "..infile.."):"
res = res .."\nhf legic crc8 "..bytes[1]..bytes[2]..bytes[3]..bytes[4]..bytes[23]..bytes[24]..bytes[25]..bytes[26]
res = res .."\n"
res = res ..ansicolors.yellow.."hf legic crc d "..bytes[1]..bytes[2]..bytes[3]..bytes[4]..bytes[23]..bytes[24]..bytes[25]..bytes[26].." u "..newcrc.." c 8"..ansicolors.reset
-- this can not be calculated without knowing the new MCD, MSN0..2
print(res)
end
@ -545,7 +550,7 @@ function main(args)
end
end
-- write to tag
if (ws and #bytes == 1024) then
if (ws and ( #bytes == 1024 or #bytes == 256)) then
writeToTag(bytes)
end
end

14
client/luascripts/lf_bulk.lua
View file

@ -3,10 +3,11 @@
-- Updated 2017-04-18
-- Updated 2018-02-20 iceman
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = "Brian Redbeard"
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
Perform bulk enrollment of 26 bit H10301 style RFID Tags
For more info, check the comments in the code
@ -17,8 +18,8 @@ example = [[
]]
usage = [[
script run lf_bulk.lua -f facility -b base_id_num -c count
Arguments:
]]
arguments = [[
-h : this help
-f : facility id
-b : starting card id
@ -56,9 +57,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- Exit message

14
client/luascripts/lto_dump.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Kevin'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This is a script that reads LTO-CM ISO14443a tags.
It starts from block 0 and ends at default block 254.
@ -19,8 +20,8 @@ example = [[
]]
usage = [[
script run lto_dump -h -s -e
Arguments:
]]
arguments = [[
h this helptext
s start block in decimal
e end block in decimal
@ -58,9 +59,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local function sendRaw(rawdata, options)

31
client/luascripts/luxeodump.lua
View file

@ -12,9 +12,9 @@ local ansicolors = require('ansicolors')
copyright = ''
author = '0xdrrb'
version = 'v0.1.0'
version = 'v0.1.1'
desc = [[
This is a script to dump and decrypt the data of a specific type of Mifare laundromat token.
This is a script that tries to dump and decrypt the data of a specific type of Mifare laundromat token. OBS! Tag must be on the antenna.
]]
example = [[
script run luxeodump
@ -22,7 +22,9 @@ example = [[
usage = [[
script run luxeodump
]]
arguments = [[
-h This help
]]
local PM3_SUCCESS = 0
-- Some shortcuts
@ -48,7 +50,22 @@ local function oops(err)
core.clearCommandBuffer()
return nil, err
end
---
-- Usage help
local function help()
print(copyright)
print(author)
print(version)
print(desc)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
--
local function setdevicedebug( status )
local c = 'hw dbg '
if status then
@ -180,6 +197,12 @@ end
local function main(args)
-- Arguments for the script
for o, a in getopt.getopt(args, 'h') do
if o == 'h' then return help() end
end
local xteakey = {}
-- local v = {}
local edata = {}

18
client/luascripts/mfckeys.lua
View file

@ -13,10 +13,11 @@ local keylist = require('mfc_default_keys')
local lib14a = require('read14a')
local getopt = require('getopt')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = "Holiman"
version = 'v1.0.1'
version = 'v1.0.2'
desc = ("This script implements Mifare check keys.\
It utilises a large list of default keys (currently %d keys).\
If you want to add more, just put them inside /lualibs/mfc_default_keys.lua\n"):format(#keylist)
@ -24,7 +25,9 @@ example = [[
1. script run mfckeys
]]
usage = [[
Arguments:
script run mfckeys [-p]
]]
arguments = [[
-h : this help
-p : print keys
]]
@ -46,9 +49,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- waits for answer from pm3 device
@ -269,8 +275,6 @@ end
-- The main entry point
local function main(args)
local numSectors = 16
-- Arguments for the script
for o, a in getopt.getopt(args, 'hp') do
if o == 'h' then return help() end
@ -280,6 +284,8 @@ local function main(args)
tag, err = lib14a.read(false, true)
if not tag then return oops(err) end
local numSectors = 16
-- detect sectors and print taginfo
numsectors = taginfo(tag)

21
client/luascripts/mfu_magic.lua
View file

@ -2,6 +2,7 @@ local cmds = require('commands')
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
-- global
local DEBUG = false -- the debug flag
@ -11,10 +12,9 @@ local err_lock = 'use -k or change cfg0 block'
copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.'
author = 'Christian Herrmann'
version = 'v1.1.2'
version = 'v1.1.3'
desc = 'This script enables easy programming of a MAGIC NTAG 21* card'
example =
[[
example = [[
-- wipe tag
script run mfu_magic -w
@ -36,12 +36,10 @@ example =
-- set signature
script run mfu_magic -s 1122334455667788990011223344556677889900112233445566778899001122
]]
usage =
[[
Usage:
usage = [[
script run mfu_magic -h -k <passwd> -c -w -u <uid> -t <type> -p <passwd> -a <pack> -s <signature> -o <otp> -v <version>
Arguments:
]]
arguments = [[
-h this help
-c read magic configuration
-u UID (14 hexsymbols), set UID on tag
@ -94,9 +92,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- set the global password variable

16
client/luascripts/mifare_access.lua
View file

@ -1,8 +1,9 @@
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = "Neuromancer"
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script tries to decode Mifare Classic Access bytes
]]
@ -10,9 +11,9 @@ example = [[
1. script run mifare_access -a 7F0F0869
]]
usage = [[
script run mifare_access -h -a <access bytes>
Arguments:
script run mifare_access [-h] [-a <access bytes>]
]]
arguments = [[
-h : this help
-a <access bytes> : 4 bytes ACCESS CONDITIONS
]]
@ -50,9 +51,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local access_condition_sector_trailer = {}

16
client/luascripts/mifare_autopwn.lua
View file

@ -2,20 +2,23 @@ local getopt = require('getopt')
local lib14a = require('read14a')
local cmds = require('commands')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = "Martin Holst Swende"
version = 'v1.0.2'
version = 'v1.0.3'
desc = [[
This is a script which automates cracking and dumping mifare classic cards. It sets itself into
'listening'-mode, after which it cracks and dumps any mifare classic card that you
place by the device.
]]
example = [[
script run mifare_autopwn
1. script run mifare_autopwn
]]
usage = [[
Arguments:
script run mifare_autopwn [-h] [-d] [-k <key>]
]]
arguments = [[
-h this help
-d debug logging on
-k known key for Sector 0 , keytype A
@ -61,9 +64,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- Waits for a mifare card to be placed within the vicinity of the reader.

22
client/luascripts/mifareplus.lua
View file

@ -1,12 +1,12 @@
local cmds = require('commands')
local lib14a = require('read14a')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Dominic Celiano'
version = 'v1.0.1'
desc =
[[
version = 'v1.0.2'
desc = [[
Purpose: Lua script to communicate with the Mifare Plus EV1, including personalization (setting the keys) and proximity check. Manually edit the file to add to the commands you can send the card.
Please read the NXP manual before running this script to prevent making irreversible changes. Also note:
- The Mifare Plus must start in SL0 for personalization. Card can then be moved to SL1 or SL3.
@ -15,13 +15,12 @@ Please read the NXP manual before running this script to prevent making irrevers
Small changes can be to made this script to communicate with the Mifare Plus S, X, or SE.
]]
example = [[
-- default
script run mifareplus
1. script run mifareplus
]]
usage = [[
script run mifareplus -h
Arguments:
script run mifareplus [-h]
]]
arguments = [[
-h : this help
]]
@ -57,9 +56,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- Used to send raw data to the firmware to subsequently forward the data to the card.

16
client/luascripts/ndef_dump.lua
View file

@ -2,11 +2,12 @@ local getopt = require('getopt')
local cmds = require('commands')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
--
-- Refactored iceman, 2019
copyright = ''
author = 'Martin Holst Swende & Asper'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will automatically recognize and dump full content of a NFC NDEF Initialized tag; non-initialized tags will be ignored.
@ -23,9 +24,9 @@ example = [[
1. script run ndef_dump
]]
usage = [[
script run ndef_dump
Arguments:
script run ndef_dump [-h] [-d] [-v]
]]
arguments = [[
-h this help
-d debug logging on
-v verbose output (from ndef parsing)
@ -63,9 +64,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Sends an instruction to do nothing, only disconnect

16
client/luascripts/ntag_3d.lua
View file

@ -1,10 +1,11 @@
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.'
author = "Christian Herrmann"
version = 'v1.0.4'
version = 'v1.0.5'
desc = [[
This script writes a empty template for 3D printing system onto a empty NTAG213 or MAGIC NTAG21*
@ -21,9 +22,9 @@ example =[[
script run ntag_3d -u 11223344556677 -c 46 -m 50 -p 5448 -s 4555 -l 200 -1
]]
usage = [[
script run ntag_3d -h -t -u <uid> -c <color> -m <material> -p <region> -s <region> -l <length>
Arguments:
script run ntag_3d [-h] [-t] [-u <uid>] [-c <color>] [-m <material>] [-p <region>] [-s <region>] [-l <length>]
]]
arguments = [[
-h : this help
-t : selftest
-u <UID> : UID
@ -168,9 +169,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

23
client/luascripts/parameters.lua
View file

@ -1,19 +1,31 @@
-- The getopt-functionality is loaded from pm3/getopt.lua
-- Have a look there for further details
getopt = require('getopt')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
usage = 'script run parameters.lua -a 1 -blala -c -de'
author = 'Martin Holst Swende'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This is an example script to demonstrate handle parameters in scripts.
For more info, check the comments in the code
]]
example = [[
1. script run parameters -a mytestparam_input -c
]]
usage = [[
script run parameters [-h] [-a <txt>] [-b <txt>] [-c] [-d] [-e]
]]
arguments = [[
-h This help
-a <txt> text
-b <txt> text
-c test param w/o input
-d test param w/o input
-e test param w/o input
]]
---
-- Usage help
local function help()
@ -21,9 +33,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local function main(args)

26
client/luascripts/read_pwd_mem.lua
View file

@ -1,11 +1,11 @@
local getopt = require('getopt')
local bin = require('bin')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2018 Bogito. All rights reserved.'
author = 'Bogito'
version = 'v1.0.3'
desc =
[[
version = 'v1.0.4'
desc = [[
This script will read the flash memory of RDV4 and print the stored passwords/keys.
It was meant to be used as a help tool after using the BogRun standalone mode before SPIFFS.
@ -13,8 +13,7 @@ You should now use read_pwd_mem_spiffs instead after the updated BogRun standalo
(Iceman) script adapted to read and print keys in the default dictionary flashmemory sections.
]]
example =
[[
example = [[
-- This will scan the first 256 bytes of flash memory for stored passwords
script run read_pwd_mem
@ -33,12 +32,10 @@ example =
-- This will print the stored iClass dictionary keys
script run read_pwd_mem -i
]]
usage =
[[
Usage:
script run read_pwd_mem -h -o <offset> -l <length> -k <keylength>
Arguments:
usage = [[
script run read_pwd_mem [-h] [-o <offset>] [-l <length>] [-k <keylength>] [-m] [-t] [-i]
]]
arguments = [[
-h : this help
-o <offset> : memory offset, default is 0
-l <length> : length in bytes, default is 256
@ -61,9 +58,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- The main entry point

26
client/luascripts/read_pwd_mem_spiffs.lua
View file

@ -1,16 +1,15 @@
local getopt = require('getopt')
local bin = require('bin')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2019 Bogito. All rights reserved.'
author = 'Bogito'
version = 'v1.1.1'
desc =
[[
version = 'v1.1.2'
desc = [[
This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords.
It was meant to be used as a help tool after using the BogRun standalone mode.
]]
example =
[[
example = [[
-- This will read the hf_bog.log file in SPIFFS and print the stored passwords
script run read_pwd_mem_spiffs
@ -20,12 +19,10 @@ example =
-- This will delete the hf_bog.log file from SPIFFS
script run read_pwd_mem_spiffs -r
]]
usage =
[[
Usage:
script run read_pwd_mem_spiffs -h -f <filename> -r
Arguments:
usage = [[
script run read_pwd_mem_spiffs [-h] [-f <filename>] [-r]
]]
arguments = [[
-h : this help
-f <filename> : filename in SPIFFS
-r : delete filename from SPIFFS
@ -44,9 +41,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- The main entry point

19
client/luascripts/remagic.lua
View file

@ -1,10 +1,10 @@
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
desc =
[[
version = 'v1.0.2'
desc = [[
This is a script that tries to bring back a chinese magic card (1k generation1)
from the dead when it's block 0 has been written with bad values.
or mifare Ultralight magic card which answers to chinese backdoor commands
@ -15,9 +15,9 @@ example = [[
]]
usage = [[
script run remagic
Arguments:
script run remagic [-h] [-u]
]]
arguments = [[
-h this help
-u remagic a Ultralight tag w 7 bytes UID.
]]
@ -49,9 +49,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
local function cmdUltralight()

17
client/luascripts/test_t55x7.lua
View file

@ -2,13 +2,14 @@ local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
local ansicolors = require('ansicolors')
local format = string.format
local floor = math.floor
copyright = ''
author = "Iceman"
version = 'v1.0.1'
version = 'v1.0.2'
desc =[[
This script will program a T55x7 TAG with a configuration and four blocks of data.
It will then try to detect and read back those block data and compare if read data matches the expected data.
@ -32,10 +33,9 @@ example = [[
1. script run test_t55x7
]]
usage = [[
script run test_t55x7
Arguments:
script run test_t55x7 [-h]
]]
arguments = [[
-h this help
]]
@ -79,9 +79,12 @@ local function help()
print(author)
print(version)
print(desc)
print("Example usage")
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- Exit message

16
client/luascripts/test_t55x7_ask.lua
View file

@ -2,13 +2,14 @@ local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
local ansicolors = require('ansicolors')
local format=string.format
local floor=math.floor
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following:
@ -41,9 +42,9 @@ example =[[
1. script run test_t55x7_ask
]]
usage = [[
script run test_t55x7_ask
Arguments:
script run test_t55x7_ask [-h]
]]
arguments = [[
-h : this help
]]
@ -87,9 +88,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

16
client/luascripts/test_t55x7_bi.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040
The outlined procedure is as following:
@ -35,9 +36,9 @@ example = [[
1. script run test_t55x7_bi
]]
usage = [[
script run test_t55x7_bi
Arguments:
script run test_t55x7_bi [-h]
]]
arguments = [[
-h : this help
]]
@ -81,9 +82,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

16
client/luascripts/test_t55x7_fsk.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following:
@ -37,9 +38,9 @@ example = [[
1. script run test_t55x7_fsk
]]
usage = [[
script run test_t55x7_fsk
Arguments:
script run test_t55x7_fsk [-h]
]]
arguments = [[
-h : this help
]]
@ -83,9 +84,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

16
client/luascripts/test_t55x7_psk.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040
The outlined procedure is as following:
@ -33,9 +34,9 @@ example = [[
2. script run test_t55x7_psk -o
]]
usage = [[
script run test_t55x7_psk
Arguments:
script run test_t55x7_psk [-h]
]]
arguments = [[
-h : this help
]]
@ -82,9 +83,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

16
client/luascripts/tnp3clone.lua
View file

@ -4,6 +4,7 @@ local lib14a = require('read14a')
local utils = require('utils')
local pre = require('precalc')
local toys = require('default_toys')
local ansicolors = require('ansicolors')
local lsh = bit32.lshift
local rsh = bit32.rshift
@ -12,7 +13,7 @@ local band = bit32.band
copyright = ''
author = "Iceman"
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will try making a barebone clone of a tnp3 tag on to a magic generation1 card.
]]
@ -24,9 +25,9 @@ example =[[
]]
usage = [[
script run tnp3clone -t <toytype> -s <subtype>
Arguments:
script run tnp3clone [-h] [-t <toytype>] [-s <subtype>]
]]
arguments = [[
-h : this help
-l : list all known toy tokens
-t <data> : toytype id, 4hex symbols
@ -56,9 +57,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
-- decode response and get the blockdata from a normal mifare read command

16
client/luascripts/tnp3dump.lua
View file

@ -6,10 +6,11 @@ local utils = require('utils')
local md5 = require('md5')
local dumplib = require('html_dumplib')
local toys = require('default_toys')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will try to dump the contents of a Mifare TNP3xxx card.
It will need a valid KeyA in order to find the other keys and decode the card.
@ -26,9 +27,9 @@ example = [[
script run tnp3dump -k aabbccddeeff -n -o myfile
]]
usage = [[
script run tnp3dump -k <key> -n -p -o <filename>
Arguments:
script run tnp3dump [-h] [-k <key>] [-n] [-p] [-o <filename>]
]]
arguments = [[
-h : this help
-k <key> : Sector 0 Key A.
-n : Use the nested cmd to find all keys
@ -69,9 +70,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

16
client/luascripts/tnp3sim.lua
View file

@ -6,10 +6,11 @@ local utils = require('utils')
local md5 = require('md5')
local toys = require('default_toys')
local pre = require('precalc')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will try to load a binary datadump of a Mifare TNP3xxx card.
It vill try to validate all checksums and view some information stored in the dump
@ -22,9 +23,9 @@ example =[[
3. script run tnp3sim -m -i myfile
]]
usage = [[
script run tnp3sim -h -m -i <filename>
Arguments:
script run tnp3sim [-h] [-m] [-i <filename>]
]]
arguments = [[
-h : this help
-m : Maxed out items (experimental)
-i : filename for the datadump to read (bin)
@ -70,9 +71,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

18
client/luascripts/tracetest.lua
View file

@ -3,10 +3,11 @@ local getopt = require('getopt')
local bin = require('bin')
local utils = require('utils')
local dumplib = require('html_dumplib')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script will load several traces files in ../traces/ folder and do
"data load"
@ -17,12 +18,12 @@ The following tracefiles will be loaded:
m*.pm3
]]
example = [[
script run tracetest
1. script run tracetest
]]
usage = [[
script run tracetest -h
Arguments:
script run tracetest [-h]
]]
arguments = [[
-h : this help
]]
local DEBUG = true -- the debug flag
@ -54,9 +55,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
-- Exit message

20
client/luascripts/ufodump.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = 'Iceman'
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This is a script that reads AZTEK ISO14443a tags.
It starts from block 0 and ends at default block 20. Use 'b' to say different endblock.
@ -19,11 +20,11 @@ example = [[
script run ufodump -b 10
]]
usage = [[
script run ufudump -h -b
Arguments:
h this helptext
b endblock in decimal (1-255, default 20)
script run ufudump [-h] [-b]
]]
arguments = [[
-h This help
-b endblock in decimal (1-255, default 20)
]]
-- Some globals
@ -56,9 +57,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
--- Picks out and displays the data read from a tag

16
client/luascripts/ul_uid.lua
View file

@ -1,9 +1,10 @@
local getopt = require('getopt')
local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = ''
author = "Iceman"
version = 'v1.0.1'
version = 'v1.0.2'
desc = [[
This script tries to set UID on a mifare Ultralight magic card which either
- answers to chinese backdoor commands
@ -17,9 +18,9 @@ example = [[
script run ul_uid -b -u 11223344556677
]]
usage = [[
script run ul_uid -h -b -u <uid>
Arguments:
script run ul_uid [-h] [-b] [-u <uid>]
]]
arguments = [[
-h : this help
-u <UID> : UID (14 hexsymbols)
-b : write to brickable magic tag
@ -55,9 +56,12 @@ local function help()
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
--
--- Set UID on magic command enabled

7
client/proxmark3.c
View file

@ -27,6 +27,7 @@
#include "comms.h"
#include "fileutils.h"
#include "flash.h"
#include "settings.h"
static void showBanner(void) {
g_printAndLog = PRINTANDLOG_PRINT;
@ -581,6 +582,12 @@ int main(int argc, char *argv[]) {
set_my_executable_path();
set_my_user_directory();
// Settings Load and Test
// settings_load ();
// settings_save ();
// printf ("Ver : %s\n",mySettings.version);
// End Settings
for (int i = 1; i < argc; i++) {
if (argv[i][0] != '-') {

184
client/settings.c Normal file
View file

@ -0,0 +1,184 @@
/*****************************************************************************
* WARNING
*
* THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY.
*
* USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL
* PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL,
* AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES.
*
* THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS.
*
*****************************************************************************
*
* This file is part of loclass. It is a reconstructon of the cipher engine
* used in iClass, and RFID techology.
*
* The implementation is based on the work performed by
* Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and
* Milosch Meriac in the paper "Dismantling IClass".
*
* Copyright (C) 2014 Martin Holst Swende
*
* This is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as published
* by the Free Software Foundation, or, at your option, any later version.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with loclass. If not, see <http://www.gnu.org/licenses/>.
*
*
****************************************************************************/
//-----------------------------------------------------------------------------
// Settings Functions
//-----------------------------------------------------------------------------
#include "settings.h"
#include "comms.h"
#include "emv/emvjson.h"
// Load all settings into memory (struct)
int settings_load (void)
{
// loadFileJson wants these, so pass in place holder values, though not used
// in settings load;
uint8_t dummyData = 0x00;
size_t dummyDL = 0x00;
// clear all settings
memset (&mySettings,0x00,sizeof(mySettings));
if (loadFileJSON(settingsFilename, &dummyData, sizeof(dummyData), &dummyDL) == PM3_SUCCESS) {
printf ("==> Settings Loaded\n");
mySettings.loaded = true;
}
// Test results
/*
bool os_windows_usecolor;
bool os_windows_useansicolor;
int window_xpos;
int window_ypos;
int window_hsize;
int window_wsize;
*/
printf (" Settings Version : [%s]\n",mySettings.version);
printf (" os_windows_usecolor (bool) : [%d]\n",mySettings.os_windows_usecolor);
printf (" os_windows_useAnsicolor (bool) : [%d]\n",mySettings.os_windows_useansicolor);
printf (" window_xpos (int) : [%d]\n",mySettings.window_xpos);
printf (" window_ypos (int) : [%d]\n",mySettings.window_ypos);
printf (" window_hsize (int) : [%d]\n",mySettings.window_hsize);
printf (" window_wsize (int) : [%d]\n",mySettings.window_wsize);
return PM3_SUCCESS;
}
// Save all settings from memory (struct) to file
int settings_save (void)
{
// Note sure if backup has value ?
char backupFilename[500];
snprintf (backupFilename,sizeof(backupFilename),"%s.bak",settingsFilename);
if (fileExists (backupFilename)) {
if (remove (backupFilename) != 0) {
PrintAndLogEx (FAILED, "Error - could not delete old settings backup file \"%s\"",backupFilename);
return PM3_ESOFT;
}
}
if (fileExists (settingsFilename)) {
if (rename (settingsFilename,backupFilename) != 0) {
PrintAndLogEx (FAILED, "Error - could not backup settings file \"%s\" to \"%s\"",settingsFilename,backupFilename);
return PM3_ESOFT;
}
}
uint8_t dummyData = 0x00;
size_t dummyDL = 0x00;
// int saveFileJSON(const char *preferredName, JSONFileType ftype, uint8_t *data, size_t datalen);
if (saveFileJSON(settingsFilename, jsfSettings, &dummyData, dummyDL) == PM3_SUCCESS)
PrintAndLogEx (NORMAL, "settings have been saved to \"%s\"",settingsFilename);
return PM3_SUCCESS;
}
void settings_save_callback (json_t *root)
{
// extern settings_t mySettings;
printf ("==> Save Settings\n");
//JsonSaveStr(root, "FileType", "settings");
//JsonSaveStr (root,"Test1.Test2","test settings");
/*
"version": "1.0 Nov 2019",
"os.windows.usecolor": true,
"os.windows.useAnsiColor": true,
"window.xpos": 10,
"window.ypos": 10,
"window.hsize": 300,
"window.wsize": 600
*/
JsonSaveStr (root,"FileType","settings");
JsonSaveStr (root,"version","1.0 Nov 2019");//mySettings.version);
JsonSaveBoolean (root,"os.windows.useColor",mySettings.os_windows_usecolor);
JsonSaveBoolean (root,"os.windows.useAnsiColor",mySettings.os_windows_useansicolor);
JsonSaveInt (root,"window.xpos",mySettings.window_xpos);
JsonSaveInt (root,"window.ypos",mySettings.window_ypos);
JsonSaveInt (root,"window.hsize",mySettings.window_hsize);
JsonSaveInt (root,"window.wsize",mySettings.window_wsize);
}
void settings_load_callback (json_t *root)
{
// extern settings_t mySettings;
json_error_t up_error = {0};
int b1;
int i1;
const char *s1;
if (json_unpack_ex(root, &up_error , 0, "{s:s}","version",&s1) == 0)
strncpy (mySettings.version,s1,sizeof (mySettings.version) - 1);
else
strncpy (mySettings.version,"unknown",sizeof (mySettings.version) - 1);
// os.windows...
if (json_unpack_ex(root,&up_error, 0, "{s:b}","os.windows.useColor",&b1) == 0)
mySettings.os_windows_usecolor = b1;
else // default
mySettings.os_windows_useansicolor = false;
if (json_unpack_ex(root,&up_error, 0, "{s:b}","os.windows.useAnsiColor",&b1) == 0)
mySettings.os_windows_useansicolor = b1;
else // default
mySettings.os_windows_useansicolor = false;
// window...
if (json_unpack_ex(root,&up_error, 0, "{s:i}","window.xpos",&i1) == 0)
mySettings.window_xpos = i1;
else // default
mySettings.window_xpos = 0;
if (json_unpack_ex(root,&up_error, 0, "{s:i}","window.ypos",&i1) == 0)
mySettings.window_ypos = i1;
else // default
mySettings.window_ypos = 0;
if (json_unpack_ex(root,&up_error, 0, "{s:i}","window.hsize",&i1) == 0)
mySettings.window_hsize = i1;
else // default
mySettings.window_hsize = 0;
if (json_unpack_ex(root,&up_error, 0, "{s:i}","window.wsize",&i1) == 0)
mySettings.window_wsize = i1;
else // default
mySettings.window_wsize = 0;
}

38
client/settings.h Normal file
View file

@ -0,0 +1,38 @@
//-----------------------------------------------------------------------------
// Copyright (C) 2009 Michael Gernoth <michael at gernoth.net>
// Copyright (C) 2010 iZsh <izsh at fail0verflow.com>
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Settings Functions
//-----------------------------------------------------------------------------
#ifndef settings_h
#define settings_h
#include "fileutils.h"
#define settingsFilename "settings.json"
typedef struct {
bool loaded;
char version[20];
bool os_windows_usecolor;
bool os_windows_useansicolor;
int window_xpos;
int window_ypos;
int window_hsize;
int window_wsize;
} settings_t;
// Settings struct so as to be available to other modules by including settings.h
settings_t mySettings;
int settings_load (void);
int settings_save (void);
void settings_save_callback (json_t *root);
void settings_load_callback (json_t *root);
#endif