github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

ADD: added the possibility to load a default pwd file to be used with the "lf t55xx bruteforce" command.

Browse source 
new option:
      lf t55xx brutefore i default_pwd.dic    -  will load default pwds from file and test against tag.
This commit is contained in:
iceman1001 2015-12-01 13:07:01 +01:00
commit 21865cda09
3 changed files with 159 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
client/cmdhfmf.c
View file

@ -792,7 +792,6 @@ int CmdHF14AMfNested(const char *Cmd)
return 0; return 0;
} }
int CmdHF14AMfNestedHard(const char *Cmd) int CmdHF14AMfNestedHard(const char *Cmd)
{ {
uint8_t blockNo = 0; uint8_t blockNo = 0;
@ -889,7 +888,6 @@ int CmdHF14AMfNestedHard(const char *Cmd)
return 0; return 0;
} }
int CmdHF14AMfChk(const char *Cmd) int CmdHF14AMfChk(const char *Cmd)
{ {
if (strlen(Cmd)<3) { if (strlen(Cmd)<3) {

89
client/cmdlft55xx.c
View file

@ -150,10 +150,15 @@ int usage_t55xx_wakup(){
return 0; return 0;
} }
int usage_t55xx_bruteforce(){ int usage_t55xx_bruteforce(){
PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password>"); PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password> [i <*.dic>]");
PrintAndLog(" password must be 4 bytes (8 hex symbols)"); PrintAndLog(" password must be 4 bytes (8 hex symbols)");
PrintAndLog("Options:");
PrintAndLog(" h - this help");
PrintAndLog(" i <*.dic> - loads a default keys dictionary file <*.dic>");
PrintAndLog("");
PrintAndLog("Examples:"); PrintAndLog("Examples:");
PrintAndLog(" lf t55xx bruteforce aaaaaaaa bbbbbbbb"); PrintAndLog(" lf t55xx bruteforce aaaaaaaa bbbbbbbb");
PrintAndLog(" lf t55xx bruteforce i mykeys.dic");
PrintAndLog(""); PrintAndLog("");
return 0; return 0;
} }
@ -1316,13 +1321,91 @@ int CmdT55xxWipe(const char *Cmd) {
} }
int CmdT55xxBruteForce(const char *Cmd) { int CmdT55xxBruteForce(const char *Cmd) {
// load a default pwd file.
char buf[9];
char filename[FILE_PATH_SIZE]={0};
int keycnt = 0;
uint8_t stKeyBlock = 20;
uint8_t *keyBlock = NULL, *p;
keyBlock = calloc(stKeyBlock, 6);
if (keyBlock == NULL) return 1;
uint32_t start_password = 0x00000000; //start password uint32_t start_password = 0x00000000; //start password
uint32_t end_password = 0xFFFFFFFF; //end password uint32_t end_password = 0xFFFFFFFF; //end password
bool found = false; bool found = false;
char cmdp = param_getchar(Cmd, 0); char cmdp = param_getchar(Cmd, 0);
if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce(); if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();
if (cmdp == 'i' || cmdp == 'I') {
int len = strlen(Cmd+2);
if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;
memcpy(filename, Cmd+2, len);
FILE * f = fopen( filename , "r");
if ( !f ) {
PrintAndLog("File: %s: not found or locked.", filename);
free(keyBlock);
return 1;
}
while( fgets(buf, sizeof(buf), f) ){
if (strlen(buf) < 8 || buf[7] == '\n') continue;
while (fgetc(f) != '\n' && !feof(f)) ; //goto next line
//The line start with # is comment, skip
if( buf[0]=='#' ) continue;
if (!isxdigit(buf[0])){
PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf);
continue;
}
buf[8] = 0;
if ( stKeyBlock - keycnt < 2) {
p = realloc(keyBlock, 6*(stKeyBlock+=10));
if (!p) {
PrintAndLog("Cannot allocate memory for defaultKeys");
free(keyBlock);
return 2;
}
keyBlock = p;
}
memset(keyBlock + 4 * keycnt, 0, 4);
num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt);
PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4));
keycnt++;
memset(buf, 0, sizeof(buf));
}
fclose(f);
if (keycnt == 0) {
PrintAndLog("No keys found in file");
return 1;
}
// loop
uint32_t testpwd = 0x00;
for (uint16_t c = 0; c < keycnt; ++c ) {
testpwd = bytes_to_num(keyBlock + 4*keycnt, 4);
AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd);
found = tryDetectModulation();
if ( found ) {
PrintAndLog("Found valid password:[%08X]", testpwd);
return 0;
}
}
}
start_password = param_get32ex(Cmd, 0, 0, 16); start_password = param_get32ex(Cmd, 0, 0, 16);
end_password = param_get32ex(Cmd, 1, 0, 16); end_password = param_get32ex(Cmd, 1, 0, 16);
@ -1348,7 +1431,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
PrintAndLog(""); PrintAndLog("");
if (found) if (found)
PrintAndLog("Password found [%08x]", i); PrintAndLog("Found valid password: [%08x]", i);
else else
PrintAndLog("Password NOT found. Last tried: [%08x]", i); PrintAndLog("Password NOT found. Last tried: [%08x]", i);
return 0; return 0;

73
client/default_pwd.dic Normal file
View file

@ -0,0 +1,73 @@
# known cloners
# ref. http://www.proxmark.org/forum/viewtopic.php?id=2022
51243648,
000D8787,
# Default pwd, simple:
00000000,
11111111,
22222222,
33333333,
44444444,
55555555,
66666666,
77777777,
88888888,
99999999,
AAAAAAAA,
BBBBBBBB,
CCCCCCCC,
DDDDDDDD,
EEEEEEEE,
FFFFFFFF,
a0a1a2a3,
b0b1b2b3,
aabbccdd,
bbccddee,
ccddeeff,
00000001,
00000002,
0000000a,
0000000b,
01020304,
02030405,
03040506,
04050607,
05060708,
06070809,
0708090A,
08090A0B,
090A0B0C,
0A0B0C0D,
0B0C0D0E,
0C0D0E0F,
01234567,
12345678,
10000000,
20000000,
30000000,
40000000,
50000000,
60000000,
70000000,
80000000,
90000000,
A0000000,
B0000000,
C0000000,
D0000000,
E0000000,
F0000000,
10101010,
01010101,
11223344,
22334455,
33445566,
44556677,
55667788,
66778899,
778899AA,
8899AABB,
99AABBCC,
AABBCCDD,
BBCCDDEE,
CCDDEEFF,