From 19d7851c732781215ec163fca123410442c5ab6f Mon Sep 17 00:00:00 2001 From: PhaseLoop Date: Mon, 8 May 2023 17:08:24 +0000 Subject: [PATCH] run "make style" --- armsrc/em4x50.c | 4 +- client/src/cmdlfem4x50.c | 48 +++++++-------- client/src/pm3line_vocabulory.h | 1 + common/bruteforce.c | 54 ++++++++--------- common/bruteforce.h | 10 ++-- doc/commands.json | 100 ++++++++++++++++++++------------ doc/commands.md | 5 +- 7 files changed, 124 insertions(+), 98 deletions(-) diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index 5043d753b..d43a6a15f 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -643,10 +643,10 @@ static bool brute(em4x50_data_t *etd, uint32_t *pwd) { bf_generator_init(&ctx, etd->bruteforce_mode); - if(etd->bruteforce_mode == BRUTEFORCE_MODE_CHARSET) + if (etd->bruteforce_mode == BRUTEFORCE_MODE_CHARSET) bf_generator_set_charset(&ctx, etd->bruteforce_charset); - while ( (generator_ret=bf_generate32(&ctx)) == GENERATOR_NEXT) { + while ((generator_ret = bf_generate32(&ctx)) == GENERATOR_NEXT) { *pwd = ctx.current_key32; WDT_HIT(); diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index a67508848..aeffb9c18 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -373,19 +373,19 @@ int CmdEM4x50Brute(const char *Cmd) { int mode_len = 64; char mode[64]; - CLIGetStrWithReturn(ctx, 1, (uint8_t*) mode, &mode_len); + CLIGetStrWithReturn(ctx, 1, (uint8_t *) mode, &mode_len); PrintAndLogEx(INFO, "Chosen mode: %s", mode); - if(strcmp(mode, "range") == 0){ + if (strcmp(mode, "range") == 0) { etd.bruteforce_mode = BRUTEFORCE_MODE_RANGE; - } else if(strcmp(mode, "charset") == 0){ + } else if (strcmp(mode, "charset") == 0) { etd.bruteforce_mode = BRUTEFORCE_MODE_CHARSET; } else { PrintAndLogEx(FAILED, "Unknown bruteforce mode: %s", mode); return PM3_EINVARG; } - if(etd.bruteforce_mode == BRUTEFORCE_MODE_RANGE){ + if (etd.bruteforce_mode == BRUTEFORCE_MODE_RANGE) { int begin_len = 0; uint8_t begin[4] = {0x0}; CLIGetHexWithReturn(ctx, 2, begin, &begin_len); @@ -394,58 +394,58 @@ int CmdEM4x50Brute(const char *Cmd) { uint8_t end[4] = {0x0}; CLIGetHexWithReturn(ctx, 3, end, &end_len); - if(begin_len!=4){ + if (begin_len != 4) { PrintAndLogEx(FAILED, "'begin' parameter must be 4 bytes"); return PM3_EINVARG; } - if(end_len!=4){ + if (end_len != 4) { PrintAndLogEx(FAILED, "'end' parameter must be 4 bytes"); return PM3_EINVARG; } etd.password1 = BYTES2UINT32_BE(begin); etd.password2 = BYTES2UINT32_BE(end); - } else if(etd.bruteforce_mode == BRUTEFORCE_MODE_CHARSET){ + } else if (etd.bruteforce_mode == BRUTEFORCE_MODE_CHARSET) { bool enable_digits = arg_get_lit(ctx, 4); bool enable_uppercase = arg_get_lit(ctx, 5); - if(enable_digits) + if (enable_digits) etd.bruteforce_charset |= CHARSET_DIGITS; - if(enable_uppercase) + if (enable_uppercase) etd.bruteforce_charset |= CHARSET_UPPERCASE; - - if(etd.bruteforce_charset == 0){ + + if (etd.bruteforce_charset == 0) { PrintAndLogEx(FAILED, "Please enable at least one charset when using charset bruteforce mode."); return PM3_EINVARG; } - PrintAndLogEx(INFO, "Enabled charsets: %s%s", - enable_digits ? "digits " : "", - enable_uppercase ? "uppercase " : ""); + PrintAndLogEx(INFO, "Enabled charsets: %s%s", + enable_digits ? "digits " : "", + enable_uppercase ? "uppercase " : ""); } CLIParserFree(ctx); - + // 27 passwords/second (empirical value) const int speed = 27; int no_iter = 0; - if(etd.bruteforce_mode == BRUTEFORCE_MODE_RANGE){ + if (etd.bruteforce_mode == BRUTEFORCE_MODE_RANGE) { no_iter = etd.password2 - etd.password1 + 1; PrintAndLogEx(INFO, "Trying " _YELLOW_("%i") " passwords in range [0x%08x, 0x%08x]" - , no_iter - , etd.password1 - , etd.password2 - ); - } else if(etd.bruteforce_mode == BRUTEFORCE_MODE_CHARSET){ + , no_iter + , etd.password1 + , etd.password2 + ); + } else if (etd.bruteforce_mode == BRUTEFORCE_MODE_CHARSET) { unsigned int digits = 0; - if(etd.bruteforce_charset & CHARSET_DIGITS) + if (etd.bruteforce_charset & CHARSET_DIGITS) digits += CHARSET_DIGITS_SIZE; - if(etd.bruteforce_charset & CHARSET_UPPERCASE) + if (etd.bruteforce_charset & CHARSET_UPPERCASE) digits += CHARSET_UPPERCASE_SIZE; no_iter = pow(digits, 4); @@ -457,7 +457,7 @@ int CmdEM4x50Brute(const char *Cmd) { int dur_m = (dur_s - dur_h * 3600) / 60; dur_s -= dur_h * 3600 + dur_m * 60; - + PrintAndLogEx(INFO, "Estimated duration: %ih %im %is", dur_h, dur_m, dur_s); // start diff --git a/client/src/pm3line_vocabulory.h b/client/src/pm3line_vocabulory.h index 6b15007c3..f70717c8f 100644 --- a/client/src/pm3line_vocabulory.h +++ b/client/src/pm3line_vocabulory.h @@ -349,6 +349,7 @@ const static vocabulory_t vocabulory[] = { { 0, "hf mf gen3freeze" }, { 0, "hf mf ggetblk" }, { 0, "hf mf gload" }, + { 0, "hf mf gsave" }, { 0, "hf mf gsetblk" }, { 0, "hf mf gview" }, { 0, "hf mf ndefformat" }, diff --git a/common/bruteforce.c b/common/bruteforce.c index 62d411240..d4855aefa 100644 --- a/common/bruteforce.c +++ b/common/bruteforce.c @@ -28,50 +28,50 @@ uint8_t charset_uppercase[] = { 'X', 'Y', 'Z' }; -void bf_generator_init(generator_context_t* ctx, uint8_t mode){ +void bf_generator_init(generator_context_t *ctx, uint8_t mode) { memset(ctx, 0, sizeof(generator_context_t)); ctx->mode = mode; } -int bf_generator_set_charset(generator_context_t* ctx, uint8_t charsets){ - if (ctx->mode != BRUTEFORCE_MODE_CHARSET){ +int bf_generator_set_charset(generator_context_t *ctx, uint8_t charsets) { + if (ctx->mode != BRUTEFORCE_MODE_CHARSET) { return -1; } - if(charsets & CHARSET_DIGITS){ + if (charsets & CHARSET_DIGITS) { memcpy(ctx->charset, charset_digits, sizeof(charset_digits)); ctx->charset_length += sizeof(charset_digits); } - if(charsets & CHARSET_UPPERCASE){ - memcpy(ctx->charset+ctx->charset_length, charset_uppercase, sizeof(charset_uppercase)); + if (charsets & CHARSET_UPPERCASE) { + memcpy(ctx->charset + ctx->charset_length, charset_uppercase, sizeof(charset_uppercase)); ctx->charset_length += sizeof(charset_uppercase); } return 0; } -int bf_generate32(generator_context_t *ctx){ +int bf_generate32(generator_context_t *ctx) { - switch(ctx->mode){ + switch (ctx->mode) { case BRUTEFORCE_MODE_RANGE: return _bf_generate_mode_range32(ctx); case BRUTEFORCE_MODE_CHARSET: return _bf_generate_mode_charset32(ctx); - } + } - return GENERATOR_ERROR; + return GENERATOR_ERROR; } -int _bf_generate_mode_range32(generator_context_t *ctx){ - - if(ctx->current_key32 >= ctx->range_high){ +int _bf_generate_mode_range32(generator_context_t *ctx) { + + if (ctx->current_key32 >= ctx->range_high) { return GENERATOR_END; } // we use flag1 as indicator if value of range_low was already emitted // so the range generated is - if(ctx->current_key32 <= ctx->range_low && ctx->flag1==false){ + if (ctx->current_key32 <= ctx->range_low && ctx->flag1 == false) { ctx->current_key32 = ctx->range_low; ctx->pos[0] = true; return GENERATOR_NEXT; @@ -81,44 +81,44 @@ int _bf_generate_mode_range32(generator_context_t *ctx){ return GENERATOR_NEXT; } -int _bf_generate_mode_charset32(generator_context_t *ctx){ +int _bf_generate_mode_charset32(generator_context_t *ctx) { - if(ctx->flag1) + if (ctx->flag1) return GENERATOR_END; ctx->current_key32 = ctx->charset[ctx->pos[0]] << 24 | ctx->charset[ctx->pos[1]] << 16 | ctx->charset[ctx->pos[2]] << 8 | ctx->charset[ctx->pos[3]]; - - if(bf_array_increment(ctx->pos, 4, ctx->charset_length) == -1) + + if (bf_array_increment(ctx->pos, 4, ctx->charset_length) == -1) // set flag1 to emit value last time and end generation ctx->flag1 = true; - + return GENERATOR_NEXT; } // increments values in array with carryover using modulo limit for each byte // this is used to iterate each byte in key over charset table // returns -1 if incrementing reaches its end -int bf_array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo){ - +int bf_array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo) { + uint8_t prev_value; // check if we reached max value already uint8_t i; for (i = 0; i < data_len; i++) - if(data[i] < modulo - 1) + if (data[i] < modulo - 1) break; - if(i == data_len) - return -1; + if (i == data_len) + return -1; - for (uint8_t pos = data_len - 1;; pos--){ + for (uint8_t pos = data_len - 1;; pos--) { prev_value = ++data[pos]; data[pos] = data[pos] % modulo; if (prev_value == data[pos]) return 0; - else if (pos == 0){ + else if (pos == 0) { // we cannot carryover to next byte // with the max value check in place before, we should not reach this place return -1; @@ -144,4 +144,4 @@ int main(){ // printf("Uppercase len: %d\n", sizeof(charset_uppercase)); return 1; } -*/ \ No newline at end of file +*/ diff --git a/common/bruteforce.h b/common/bruteforce.h index b8ed3d9ca..91e01172d 100644 --- a/common/bruteforce.h +++ b/common/bruteforce.h @@ -25,11 +25,11 @@ typedef uint8_t bruteforce_mode_t; // bruteforcing all keys sequentially between X and Y #define BRUTEFORCE_MODE_RANGE 1 -// try keys based on limited charset/passphrases +// try keys based on limited charset/passphrases // some payment systems use user-provided passphrase as system key #define BRUTEFORCE_MODE_CHARSET 2 -// "smart" mode - try some predictable patterns +// "smart" mode - try some predictable patterns #define BRUTEFORCE_MODE_SMART 3 @@ -57,8 +57,8 @@ typedef struct { uint32_t current_key32; uint8_t mode; uint8_t charset[ - CHARSET_DIGITS_SIZE - + CHARSET_UPPERCASE_SIZE + CHARSET_DIGITS_SIZE + + CHARSET_UPPERCASE_SIZE ]; uint8_t charset_length; @@ -76,4 +76,4 @@ int _bf_generate_mode_range32(generator_context_t *ctx); int _bf_generate_mode_charset32(generator_context_t *ctx); int _bf_generate_mode_smart32(generator_context_t *ctx); int bf_array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo); -#endif // BRUTEFORCE_H__ \ No newline at end of file +#endif // BRUTEFORCE_H__ diff --git a/doc/commands.json b/doc/commands.json index a94e5bc6a..633dd198e 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -3391,6 +3391,20 @@ ], "usage": "hf jooki sim [-h] [-b ]" }, + "hf ksx6924 balance": { + "command": "hf ksx6924 balance", + "description": "Gets the current purse balance", + "notes": [ + "hf ksx6924 balance" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-k, --keep keep field ON for next command", + "-a, --apdu Show APDU requests and responses" + ], + "usage": "hf ksx6924 balance [-hka]" + }, "hf ksx6924 help": { "command": "hf ksx6924 help", "description": "help This help", @@ -3399,19 +3413,6 @@ "options": [], "usage": "" }, - "hf ksx6924 select": { - "command": "hf ksx6924 select", - "description": "Selects KS X 6924 application, and leaves field up", - "notes": [ - "hf ksx6924 select" - ], - "offline": false, - "options": [ - "-h, --help This help", - "-a, --apdu Show APDU requests and responses" - ], - "usage": "hf ksx6924 select [-ha]" - }, "hf ksx6924 info": { "command": "hf ksx6924 info", "description": "Get info about a KS X 6924 transit card. This application is used by T-Money (South Korea) and Snapper+ (Wellington, New Zealand).", @@ -3426,23 +3427,9 @@ ], "usage": "hf ksx6924 info [-hka]" }, - "hf ksx6924 balance": { - "command": "hf ksx6924 balance", - "description": "Gets the current purse balance", - "notes": [ - "hf ksx6924 balance" - ], - "offline": false, - "options": [ - "-h, --help This help", - "-k, --keep keep field ON for next command", - "-a, --apdu Show APDU requests and responses" - ], - "usage": "hf ksx6924 balance [-hka]" - }, "hf ksx6924 init": { "command": "hf ksx6924 init", - "description": "Perform transaction initialization (mpda)", + "description": "Perform transaction initialization with Mpda (Money of Purchase Transaction)", "notes": [ "hf ksx6924 init 000003e8 -> Mpda" ], @@ -3468,7 +3455,19 @@ ], "usage": "hf ksx6924 prec [-hka] " }, - + "hf ksx6924 select": { + "command": "hf ksx6924 select", + "description": "Selects KS X 6924 application, and leaves field up", + "notes": [ + "hf ksx6924 select" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-a, --apdu Show APDU requests and responses" + ], + "usage": "hf ksx6924 select [-ha]" + }, "hf legic crc": { "command": "hf legic crc", "description": "Calculates the legic crc8/crc16 on the given data", @@ -3971,7 +3970,7 @@ "--1k MIFARE Classic 1k / S50 (def)", "--2k MIFARE Classic/Plus 2k", "--4k MIFARE Classic 4k / S70", - "--emu from emulator memory" + "--emu to emulator memory" ], "usage": "hf mf csave [-h] [-f ] [--mini] [--1k] [--2k] [--4k] [--emu]" }, @@ -4348,6 +4347,27 @@ ], "usage": "hf mf gload [-hv] [--mini] [--1k] [--2k] [--4k] [-p ] [-f ] [--emu] [--start ] [--end ]" }, + "hf mf gsave": { + "command": "hf mf gsave", + "description": "Save `magic gen4 gtu` card memory into three files (BIN/EML/JSON)or into emulator memory", + "notes": [ + "hf mf gsave", + "hf mf gsave --4k", + "hf mf gsave -p DEADBEEF -f hf-mf-01020304.json" + ], + "offline": false, + "options": [ + "-h, --help This help", + "--mini MIFARE Classic Mini / S20", + "--1k MIFARE Classic 1k / S50 (def)", + "--2k MIFARE Classic/Plus 2k", + "--4k MIFARE Classic 4k / S70", + "-p, --pwd password 4bytes", + "-f, --file filename of dump", + "--emu to emulator memory" + ], + "usage": "hf mf gsave [-h] [--mini] [--1k] [--2k] [--4k] [-p ] [-f ] [--emu]" + }, "hf mf gsetblk": { "command": "hf mf gsetblk", "description": "Set block data on a magic gen4 GTU card", @@ -6176,7 +6196,7 @@ }, "hf mfu esave": { "command": "hf mfu esave", - "description": "Saves emulator memory to a MIFARE Ultralight/NTAG dump file (bin/eml/json) By default number of pages saved depends on defined tag type. You can overrife this with option --end.", + "description": "Saves emulator memory to a MIFARE Ultralight/NTAG dump file (bin/eml/json) By default number of pages saved depends on defined tag type. You can override this with option --end.", "notes": [ "hf mfu esave", "hf mfu esave --end 255 -> saves whole memory", @@ -6192,7 +6212,7 @@ }, "hf mfu eview": { "command": "hf mfu eview", - "description": "Displays emulator memory By default number of pages shown depends on defined tag type. You can overrife this with option --end.", + "description": "Displays emulator memory By default number of pages shown depends on defined tag type. You can override this with option --end.", "notes": [ "hf mfu eview", "hf mfu eview --end 255 -> dumps whole memory" @@ -7799,15 +7819,19 @@ "command": "lf em 4x50 brute", "description": "Tries to bruteforce the password of a EM4x50 card. Function can be stopped by pressing pm3 button.", "notes": [ - "lf em 4x50 brute --first 12330000 --last 12340000 -> tries pwds from 0x12330000 to 0x1234000000" + "lf em 4x50 brute --mode range --begin 12330000 --end 12340000 -> tries pwds from 0x12330000 to 0x12340000", + "lf em 4x50 brute --mode charset --digits --uppercase -> tries all combinations of ASCII codes for digits and uppercase letters" ], "offline": false, "options": [ "-h, --help This help", - "--first first password (start), 4 bytes, lsb", - "--last last password (stop), 4 bytes, lsb" + "--mode Bruteforce mode (range|charset)", + "--begin Range mode - start of the key range", + "--end Range mode - end of the key range", + "--digits Charset mode - include ASCII codes for digits", + "--uppercase Charset mode - include ASCII codes for uppercase letters" ], - "usage": "lf em 4x50 brute [-h] --first --last " + "usage": "lf em 4x50 brute [-h] --mode [--begin ] [--end ] [--digits] [--uppercase]" }, "lf em 4x50 chk": { "command": "lf em 4x50 chk", @@ -11616,8 +11640,8 @@ } }, "metadata": { - "commands_extracted": 732, + "commands_extracted": 733, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2022-11-20T20:19:15" + "extracted_on": "2023-05-08T17:05:11" } } \ No newline at end of file diff --git a/doc/commands.md b/doc/commands.md index 4b91901f4..2cd9fe2b3 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -370,7 +370,7 @@ Check column "offline" for their availability. |`hf ksx6924 select `|N |`Select application, and leave field up` |`hf ksx6924 info `|N |`Get info about a KS X 6924 (T-Money, Snapper+) transit card` |`hf ksx6924 balance `|N |`Get current purse balance` -|`hf ksx6924 init `|N |`Perform transaction initialization with Mpda (Money of Purchase Transaction)` +|`hf ksx6924 init `|N |`Perform transaction initialization with Mpda` |`hf ksx6924 prec `|N |`Send proprietary get record command (CLA=90, INS=4C)` @@ -512,6 +512,7 @@ Check column "offline" for their availability. |`hf mf gen3freeze `|N |`Perma lock UID changes. irreversible` |`hf mf ggetblk `|N |`Read block from card` |`hf mf gload `|N |`Load dump to card` +|`hf mf gsave `|N |`Save dump from card into file or emulator` |`hf mf gsetblk `|N |`Write block to card` |`hf mf gview `|N |`View card` |`hf mf ndefformat `|N |`Format MIFARE Classic Tag as NFC Tag` @@ -851,7 +852,7 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`lf em 4x50 help `|Y |`This help` -|`lf em 4x50 brute `|N |`Simple bruteforce attack to find password` +|`lf em 4x50 brute `|N |`Bruteforce attack to find password` |`lf em 4x50 chk `|N |`Check passwords from dictionary` |`lf em 4x50 dump `|N |`Dump EM4x50 tag` |`lf em 4x50 info `|N |`Tag information`