From 4003ad72fe9cfab3db019dbb6fe24bb9900d190a Mon Sep 17 00:00:00 2001
From: PhaseLoop <phaseloop@protonmail.com>
Date: Mon, 16 Oct 2023 19:19:30 +0000
Subject: [PATCH] update

---
 armsrc/em4x50.c          |  6 ++++-
 client/src/cmdlfem4x50.c | 13 +++++++---
 common/bruteforce.c      | 55 +++++++++++++++++++++++++++++-----------
 common/bruteforce.h      |  2 +-
 4 files changed, 56 insertions(+), 20 deletions(-)

diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c
index a05fab35f..84cae8aed 100644
--- a/armsrc/em4x50.c
+++ b/armsrc/em4x50.c
@@ -643,8 +643,12 @@ static bool brute(em4x50_data_t *etd, uint32_t *pwd) {
 
     bf_generator_init(&ctx, etd->bruteforce_mode, BF_KEY_SIZE_32);
 
-    if (etd->bruteforce_mode == BF_MODE_CHARSET)
+    if (etd->bruteforce_mode == BF_MODE_CHARSET){
         bf_generator_set_charset(&ctx, etd->bruteforce_charset);
+    } else if (etd->bruteforce_mode == BF_MODE_RANGE){
+        ctx.range_low = etd->password1;
+        ctx.range_high = etd->password2;
+    }
 
     while ((generator_ret = bf_generate(&ctx)) == BF_GENERATOR_NEXT) {
         *pwd = bf_get_key32(&ctx);
diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c
index a45f8a11c..b210ec73c 100644
--- a/client/src/cmdlfem4x50.c
+++ b/client/src/cmdlfem4x50.c
@@ -354,11 +354,12 @@ int CmdEM4x50Brute(const char *Cmd) {
 
                   "lf em 4x50 brute --mode range --begin 12330000 --end 12340000 -> tries pwds from 0x12330000 to 0x12340000\n"
                   "lf em 4x50 brute --mode charset --digits --uppercase -> tries all combinations of ASCII codes for digits and uppercase letters\n"
+                  "lf em 4x50 brute --mode smart -> enable 'smart' pattern key cracking\n"
                  );
 
     void *argtable[] = {
         arg_param_begin,
-        arg_str1(NULL, "mode", "<str>", "Bruteforce mode (range|charset)"),
+        arg_str1(NULL, "mode", "<str>", "Bruteforce mode (range|charset|smart)"),
         arg_str0(NULL, "begin", "<hex>",   "Range mode - start of the key range"),
         arg_str0(NULL, "end", "<hex>",   "Range mode - end of the key range"),
         arg_lit0(NULL, "digits",  "Charset mode - include ASCII codes for digits"),
@@ -380,7 +381,10 @@ int CmdEM4x50Brute(const char *Cmd) {
         etd.bruteforce_mode = BF_MODE_RANGE;
     } else if (strcmp(mode, "charset") == 0) {
         etd.bruteforce_mode = BF_MODE_CHARSET;
-    } else {
+    } else if (strcmp(mode, "smart") == 0){
+        etd.bruteforce_mode = BF_MODE_SMART;
+    } else
+    {
         PrintAndLogEx(FAILED, "Unknown bruteforce mode: %s", mode);
         return PM3_EINVARG;
     }
@@ -458,7 +462,10 @@ int CmdEM4x50Brute(const char *Cmd) {
 
     dur_s -= dur_h * 3600 + dur_m * 60;
 
-    PrintAndLogEx(INFO, "Estimated duration: %ih %im %is", dur_h, dur_m, dur_s);
+    if ( no_iter > 0 )
+        PrintAndLogEx(INFO, "Estimated duration: %ih %im %is", dur_h, dur_m, dur_s);
+    else
+        PrintAndLogEx(INFO, "Estimated duration: unknown");
 
     // start
     clearCommandBuffer();
diff --git a/common/bruteforce.c b/common/bruteforce.c
index 21c7a3daa..4ac8834c8 100644
--- a/common/bruteforce.c
+++ b/common/bruteforce.c
@@ -29,15 +29,15 @@ uint8_t charset_uppercase[] = {
 };
 
 smart_generator_t *smart_generators[] = {
-    smart_generator_test1, 
-    smart_generator_test2,
+    smart_generator_byte_repeat,
     NULL
 };
 
 
-void bf_generator_init(generator_context_t *ctx, uint8_t mode, uint8_t key_size) {
+void bf_generator_init(generator_context_t *ctx, uint8_t mode, uint8_t key_length) {
     memset(ctx, 0, sizeof(generator_context_t));
     ctx->mode = mode;
+    ctx->key_length = key_length;
 }
 
 int bf_generator_set_charset(generator_context_t *ctx, uint8_t charsets) {
@@ -65,7 +65,10 @@ int bf_generate(generator_context_t *ctx) {
             return _bf_generate_mode_range(ctx);
         case BF_MODE_CHARSET:
             return _bf_generate_mode_charset(ctx);
-    }
+
+        case BF_MODE_SMART:
+            return _bf_generate_mode_smart(ctx);
+        }
 
     return BF_GENERATOR_ERROR;
 }
@@ -112,6 +115,14 @@ uint64_t bf_get_key48(generator_context_t *ctx){
     return ctx->current_key & 0xFFFFFFFFFFFF;
 }
 
+void bf_generator_clear(generator_context_t *ctx){
+    ctx->flag1 = 0;
+    ctx->flag2 = 0;
+    ctx->flag3 = 0;
+    ctx->counter1 = 0;
+    ctx->counter2 = 0;
+}
+
 int _bf_generate_mode_range(generator_context_t *ctx) {
 
     if (ctx->key_length != BF_KEY_SIZE_32 && ctx->key_length != BF_KEY_SIZE_48)
@@ -135,35 +146,35 @@ int _bf_generate_mode_range(generator_context_t *ctx) {
 
 int _bf_generate_mode_charset(generator_context_t *ctx) {
 
-    if (ctx->key_length != BF_KEY_SIZE_32 && ctx->key_length != BF_KEY_SIZE_48)
+    if (ctx->key_length != BF_KEY_SIZE_32 && ctx->key_length != BF_KEY_SIZE_48){
         return BF_GENERATOR_ERROR;
+    }
 
     if (ctx->flag1)
         return BF_GENERATOR_END;
 
     uint8_t key_byte = 0;
+    ctx->current_key = 0;
 
-    for (key_byte = 0; key_byte < ctx->key_length;key_byte++){
-        ctx->current_key |= ctx->charset[ctx->pos[key_byte]] << ((ctx->key_length - key_byte) - 1 * 8);
+    for (key_byte = 0; key_byte < ctx->key_length; key_byte++)
+    {
+        ctx->current_key |=  (uint64_t) ctx->charset[ctx->pos[key_byte]] << ((ctx->key_length - key_byte - 1) * 8);
     }
 
-
-
     if (bf_array_increment(ctx->pos, ctx->key_length, ctx->charset_length) == -1)
-        // set flag1 to emit value last time and end generation
+        // set flag1 to emit value last time and end generation on next call
         ctx->flag1 = true;
 
     return BF_GENERATOR_NEXT;
 }
 
-int bf_generate_mode_smart(generator_context_t *ctx){
+int _bf_generate_mode_smart(generator_context_t *ctx){
 
     int ret;
 
     while(1){
-
         if (smart_generators[ctx->smart_mode_stage] == NULL)
-            return BF_GENERATOR_END;
+        return BF_GENERATOR_END;
 
         ret = smart_generators[ctx->smart_mode_stage](ctx);
 
@@ -174,14 +185,28 @@ int bf_generate_mode_smart(generator_context_t *ctx){
                 return ret;
             case BF_GENERATOR_END:
                 ctx->smart_mode_stage++;
+                bf_generator_clear(ctx);
                 continue;
         }
     }
 }
 
 
-int smart_generator_test1(generator_context_t *ctx){
-    return 0;
+int smart_generator_byte_repeat(generator_context_t *ctx){
+    // key consists of repeated single byte
+    uint32_t current_byte = ctx->counter1;
+
+    if (current_byte > 0xFF)
+        return BF_GENERATOR_END;
+
+    ctx->current_key = 0;
+
+    for (uint8_t key_byte = 0; key_byte < ctx->key_length;key_byte++){
+        ctx->current_key |=  (uint64_t)current_byte << ((ctx->key_length - key_byte - 1) * 8);
+    }
+
+    ctx->counter1++;
+    return BF_GENERATOR_NEXT;
 }
 int smart_generator_test2(generator_context_t *ctx){
     return 0;
diff --git a/common/bruteforce.h b/common/bruteforce.h
index 70dd8a535..16258465e 100644
--- a/common/bruteforce.h
+++ b/common/bruteforce.h
@@ -95,7 +95,7 @@ typedef int (smart_generator_t)(generator_context_t *ctx);
 
 int bf_generate_mode_smart(generator_context_t *ctx);
 
-int smart_generator_test1(generator_context_t *ctx);
+int smart_generator_byte_repeat(generator_context_t *ctx);
 int smart_generator_test2(generator_context_t *ctx);
 
 extern smart_generator_t *smart_generators[]; // array of smart cracking functions