github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 05:13:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

hf 14a cuids, sim - now use cliparser

Browse source
This commit is contained in:
tcprst 2020-12-29 20:58:13 -05:00
commit 49990ab11d
No known key found for this signature in database
GPG key ID: 9145EAF5121AED25
6 changed files with 87 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

4
client/luascripts/hf_mf_uidbruteforce.lua
View file

@ -99,10 +99,10 @@ local function main(args)
local command = '' local command = ''
if mftype == 'mfc' then if mftype == 'mfc' then
command = 'hf 14a sim t 1 u %014x' command = 'hf 14a sim -t 1 -u %014x'
msg('Bruteforcing Mifare Classic card numbers') msg('Bruteforcing Mifare Classic card numbers')
elseif mftype == 'mfu' then elseif mftype == 'mfu' then
command = 'hf 14a sim t 2 u %014x' command = 'hf 14a sim -t 2 -u %014x'
msg('Bruteforcing Mifare Ultralight card numbers') msg('Bruteforcing Mifare Ultralight card numbers')
else else
return print(usage) return print(usage)

177
client/src/cmdhf14a.c
View file

@ -209,34 +209,6 @@ static int usage_hf_14a_config(void) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int usage_hf_14a_sim(void) {
PrintAndLogEx(NORMAL, "\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n");
PrintAndLogEx(NORMAL, "Usage: hf 14a sim [h] t <type> u <uid> [n <numreads>] [x] [e] [v]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h : This help");
PrintAndLogEx(NORMAL, " t : 1 = MIFARE Classic 1k");
PrintAndLogEx(NORMAL, " 2 = MIFARE Ultralight");
PrintAndLogEx(NORMAL, " 3 = MIFARE Desfire");
PrintAndLogEx(NORMAL, " 4 = ISO/IEC 14443-4");
PrintAndLogEx(NORMAL, " 5 = MIFARE Tnp3xxx");
PrintAndLogEx(NORMAL, " 6 = MIFARE Mini");
PrintAndLogEx(NORMAL, " 7 = AMIIBO (NTAG 215), pack 0x8080");
PrintAndLogEx(NORMAL, " 8 = MIFARE Classic 4k");
PrintAndLogEx(NORMAL, " 9 = FM11RF005SH Shanghai Metro");
PrintAndLogEx(NORMAL, " 10 = JCOP 31/41 Rothult");
PrintAndLogEx(NORMAL, " u : 4, 7 or 10 byte UID");
PrintAndLogEx(NORMAL, " n : (Optional) Exit simulation after <numreads> blocks have been read by reader. 0 = infinite");
PrintAndLogEx(NORMAL, " x : (Optional) Performs the 'reader attack', nr/ar attack against a reader");
PrintAndLogEx(NORMAL, " e : (Optional) Fill simulator keys from found keys");
PrintAndLogEx(NORMAL, " v : (Optional) Verbose");
PrintAndLogEx(NORMAL, "Examples:");
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344 x"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344556677"));
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 112233445566778899AA"));
return PM3_SUCCESS;
}
static int CmdHF14AList(const char *Cmd) { static int CmdHF14AList(const char *Cmd) {
char args[128] = {0}; char args[128] = {0};
if (strlen(Cmd) == 0) { if (strlen(Cmd) == 0) {
@ -595,10 +567,23 @@ static int CmdHF14AInfo(const char *Cmd) {
// Collect ISO14443 Type A UIDs // Collect ISO14443 Type A UIDs
static int CmdHF14ACUIDs(const char *Cmd) { static int CmdHF14ACUIDs(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 14a cuids",
"Collect n>0 ISO14443-a UIDs in one go",
"hf 14a cuids -n 5 <-- Collect 5 UIDs");
void *argtable[] = {
arg_param_begin,
arg_int0("n", "num", "<dec>", "Number of UIDs to collect"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
// requested number of UIDs // requested number of UIDs
int n = atoi(Cmd);
// collect at least 1 (e.g. if no parameter was given) // collect at least 1 (e.g. if no parameter was given)
n = n > 0 ? n : 1; int n = arg_get_int_def(ctx, 1, 1);
CLIParserFree(ctx);
uint64_t t1 = msclock(); uint64_t t1 = msclock();
PrintAndLogEx(SUCCESS, "collecting %d UIDs", n); PrintAndLogEx(SUCCESS, "collecting %d UIDs", n);
@ -633,83 +618,81 @@ static int CmdHF14ACUIDs(const char *Cmd) {
PrintAndLogEx(SUCCESS, "end: %" PRIu64 " seconds", (msclock() - t1) / 1000); PrintAndLogEx(SUCCESS, "end: %" PRIu64 " seconds", (msclock() - t1) / 1000);
return 1; return 1;
} }
// ## simulate iso14443a tag // ## simulate iso14443a tag
int CmdHF14ASim(const char *Cmd) { int CmdHF14ASim(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 14a sim",
"Simulate ISO/IEC 14443 type A tag with 4,7 or 10 byte UID",
"hf 14a sim -t 1 --uid 11223344 -> MIFARE Classic 1k\n"
"hf 14a sim -t 2 -> MIFARE Ultralight\n"
"hf 14a sim -t 3 -> MIFARE Desfire\n"
"hf 14a sim -t 4 -> ISO/IEC 14443-4\n"
"hf 14a sim -t 5 -> MIFARE Tnp3xxx\n"
"hf 14a sim -t 6 -> MIFARE Mini\n"
"hf 14a sim -t 7 -> AMIIBO (NTAG 215), pack 0x8080\n"
"hf 14a sim -t 8 -> MIFARE Classic 4k\n"
"hf 14a sim -t 9 -> FM11RF005SH Shanghai Metro\n"
"hf 14a sim -t 10 -> ST25TA IKEA Rothult\n");
int uidlen = 0; void *argtable[] = {
uint8_t flags = 0, tagtype = 1, cmdp = 0; arg_param_begin,
uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; arg_int1("t", "type", "<1-10> ", "Simulation type to use"),
arg_str0("u", "uid", "<hex>", "4, 7 or 10 byte UID"),
arg_int0("n", "num", "<dec>", "Exit simulation after <numreads> blocks have been read by reader. 0 = infinite"),
arg_lit0(NULL, "nr", "Performs the 'reader attack', nr/ar attack against a reader"),
arg_lit0(NULL, "sk", "Fill simulator keys from found keys"),
arg_lit0("v", "verbose", "verbose output"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
int tagtype = arg_get_int(ctx, 1);
int uid_len = 0;
uint8_t uid[10] = {0};
CLIGetHexWithReturn(ctx, 2, uid, &uid_len);
uint8_t flags = 0;
bool useUIDfromEML = true; bool useUIDfromEML = true;
bool setEmulatorMem = false;
bool verbose = false;
bool errors = false;
sector_t *k_sector = NULL;
uint8_t k_sectorsCount = 40;
uint8_t exitAfterNReads = 0;
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { if (uid_len > 0) {
switch (tolower(param_getchar(Cmd, cmdp))) { switch (uid_len) {
case 'h': case 10:
return usage_hf_14a_sim(); flags |= FLAG_10B_UID_IN_DATA;
case 't':
// Retrieve the tag type
tagtype = param_get8ex(Cmd, cmdp + 1, 0, 10);
if (tagtype == 0)
errors = true;
cmdp += 2;
break; break;
case 'u': case 7:
// Retrieve the full 4,7,10 byte long uid flags |= FLAG_7B_UID_IN_DATA;
param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen);
uidlen >>= 1;
switch (uidlen) {
case 10:
flags |= FLAG_10B_UID_IN_DATA;
break;
case 7:
flags |= FLAG_7B_UID_IN_DATA;
break;
case 4:
flags |= FLAG_4B_UID_IN_DATA;
break;
default:
errors = true;
break;
}
if (!errors) {
PrintAndLogEx(SUCCESS, "Emulating " _YELLOW_("ISO/IEC 14443 type A tag")" with " _GREEN_("%d byte UID (%s)"), uidlen, sprint_hex(uid, uidlen));
useUIDfromEML = false;
}
cmdp += 2;
break; break;
case 'n': case 4:
exitAfterNReads = param_get8(Cmd, cmdp + 1); flags |= FLAG_4B_UID_IN_DATA;
cmdp += 2;
break;
case 'v':
verbose = true;
cmdp++;
break;
case 'x':
flags |= FLAG_NR_AR_ATTACK;
cmdp++;
break;
case 'e':
setEmulatorMem = true;
cmdp++;
break; break;
default: default:
PrintAndLogEx(WARNING, "Unknown parameter " _RED_("'%c'"), param_getchar(Cmd, cmdp)); PrintAndLogEx(ERR, "Please specify a 4, 7, or 10 byte UID");
errors = true; CLIParserFree(ctx);
break; return PM3_EINVARG;
} }
PrintAndLogEx(SUCCESS, "Emulating " _YELLOW_("ISO/IEC 14443 type A tag")" with " _GREEN_("%d byte UID (%s)"), uid_len, sprint_hex(uid, uid_len));
useUIDfromEML = false;
} }
//Validations uint8_t exitAfterNReads = arg_get_int(ctx, 3);
if (errors || cmdp == 0) return usage_hf_14a_sim();
if (useUIDfromEML) if (arg_get_lit(ctx, 4)) {
flags |= FLAG_NR_AR_ATTACK;
}
bool setEmulatorMem = arg_get_lit(ctx, 5);
bool verbose = arg_get_lit(ctx, 6);
CLIParserFree(ctx);
sector_t *k_sector = NULL;
uint8_t k_sectorsCount = 40;
if (useUIDfromEML) {
flags |= FLAG_UID_IN_EMUL; flags |= FLAG_UID_IN_EMUL;
}
struct { struct {
uint8_t tagtype; uint8_t tagtype;
@ -721,7 +704,7 @@ int CmdHF14ASim(const char *Cmd) {
payload.tagtype = tagtype; payload.tagtype = tagtype;
payload.flags = flags; payload.flags = flags;
payload.exitAfter = exitAfterNReads; payload.exitAfter = exitAfterNReads;
memcpy(payload.uid, uid, uidlen); memcpy(payload.uid, uid, uid_len);
clearCommandBuffer(); clearCommandBuffer();
SendCommandNG(CMD_HF_ISO14443A_SIMULATE, (uint8_t *)&payload, sizeof(payload)); SendCommandNG(CMD_HF_ISO14443A_SIMULATE, (uint8_t *)&payload, sizeof(payload));
@ -2327,11 +2310,11 @@ out:
static command_t CommandTable[] = { static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"}, {"help", CmdHelp, AlwaysAvailable, "This help"},
{"list", CmdHF14AList, AlwaysAvailable, "List ISO 14443-a history"}, {"list", CmdHF14AList, AlwaysAvailable, "List ISO 14443-a history"},
{"info", CmdHF14AInfo, IfPm3Iso14443a, "Tag information"}, {"info", CmdHF14AInfo, IfPm3Iso14443a, "Tag information"},
{"reader", CmdHF14AReader, IfPm3Iso14443a, "Act like an ISO14443-a reader"}, {"reader", CmdHF14AReader, IfPm3Iso14443a, "Act like an ISO14443-a reader"},
{"cuids", CmdHF14ACUIDs, IfPm3Iso14443a, "<n> Collect n>0 ISO14443-a UIDs in one go"}, {"cuids", CmdHF14ACUIDs, IfPm3Iso14443a, "Collect n>0 ISO14443-a UIDs in one go"},
{"sim", CmdHF14ASim, IfPm3Iso14443a, "<UID> -- Simulate ISO 14443-a tag"}, {"sim", CmdHF14ASim, IfPm3Iso14443a, "Simulate ISO 14443-a tag"},
{"sniff", CmdHF14ASniff, IfPm3Iso14443a, "sniff ISO 14443-a traffic"}, {"sniff", CmdHF14ASniff, IfPm3Iso14443a, "sniff ISO 14443-a traffic"},
{"apdu", CmdHF14AAPDU, IfPm3Iso14443a, "Send ISO 14443-4 APDU to tag"}, {"apdu", CmdHF14AAPDU, IfPm3Iso14443a, "Send ISO 14443-4 APDU to tag"},
{"chaining", CmdHF14AChaining, IfPm3Iso14443a, "Control ISO 14443-4 input chaining"}, {"chaining", CmdHF14AChaining, IfPm3Iso14443a, "Control ISO 14443-4 input chaining"},

2
client/src/cmdhfst.c
View file

@ -351,7 +351,7 @@ static int cmd_hf_st_sim(const char *Cmd) {
} }
char param[40]; char param[40];
snprintf(param, sizeof(param), "t 10 u %s", sprint_hex_inrow(uid, uidlen)); snprintf(param, sizeof(param), "-t 10 -u %s", sprint_hex_inrow(uid, uidlen));
return CmdHF14ASim(param); return CmdHF14ASim(param);
} }

2
doc/cliparser_todo.txt
View file

@ -41,8 +41,6 @@ data print
data samples data samples
data setdebugmode data setdebugmode
data tune data tune
hf 14a cuids
hf 14a sim
hf 14a config hf 14a config
hf 14b sriwrite hf 14b sriwrite
hf 15 dump hf 15 dump

4
doc/commands.md
View file

@ -134,8 +134,8 @@ Check column "offline" for their availability.
|`hf 14a list `|Y |`List ISO 14443-a history` |`hf 14a list `|Y |`List ISO 14443-a history`
|`hf 14a info `|N |`Tag information` |`hf 14a info `|N |`Tag information`
|`hf 14a reader `|N |`Act like an ISO14443-a reader` |`hf 14a reader `|N |`Act like an ISO14443-a reader`
|`hf 14a cuids `|N |`<n> Collect n>0 ISO14443-a UIDs in one go` |`hf 14a cuids `|N |`Collect n>0 ISO14443-a UIDs in one go`
|`hf 14a sim `|N |`<UID> -- Simulate ISO 14443-a tag` |`hf 14a sim `|N |`Simulate ISO 14443-a tag`
|`hf 14a sniff `|N |`sniff ISO 14443-a traffic` |`hf 14a sniff `|N |`sniff ISO 14443-a traffic`
|`hf 14a apdu `|N |`Send ISO 14443-4 APDU to tag` |`hf 14a apdu `|N |`Send ISO 14443-4 APDU to tag`
|`hf 14a chaining `|N |`Control ISO 14443-4 input chaining` |`hf 14a chaining `|N |`Control ISO 14443-4 input chaining`

4
tools/pm3_amii_bin2eml.pl
View file

@ -7,7 +7,7 @@
# -samy kamkar 05/28/2017 # -samy kamkar 05/28/2017
# #
# hf mf eload u FILENAME_MINUS_EML # hf mf eload u FILENAME_MINUS_EML
# hf 14a sim t 7 u UID # hf 14a sim -t 7 -u UID
# perl -lne 'chomp; s/\s+(\S+)$//;$f=$1;if($f=~s/-(\S+)//){$g=hex($1);}else{$g=hex($f)}$f=hex($f); for$m($f..$g){print "0x" . substr(unpack("H4",pack("n",$m)),1) ." => \"$_\","}' /tmp/game >> game2 # perl -lne 'chomp; s/\s+(\S+)$//;$f=$1;if($f=~s/-(\S+)//){$g=hex($1);}else{$g=hex($f)}$f=hex($f); for$m($f..$g){print "0x" . substr(unpack("H4",pack("n",$m)),1) ." => \"$_\","}' /tmp/game >> game2
# perl -lne 'if(/^(\S.*?)\s+\w?\w\w\w\w(\s*-\s*\w?\w\w\w\w)?\s*$/){$l=$1} s/(\w{4,5}\s*-\s*)?(\w{4,5})$//; $a=$1;$b=$2; $b=hex($b); $a=$a?hex($a):$b; for$m($a..$b){print "0x" . substr(unpack("H4",pack("n",$m)),0) ." => \"$l\","}' /tmp/g2 # perl -lne 'if(/^(\S.*?)\s+\w?\w\w\w\w(\s*-\s*\w?\w\w\w\w)?\s*$/){$l=$1} s/(\w{4,5}\s*-\s*)?(\w{4,5})$//; $a=$1;$b=$2; $b=hex($b); $a=$a?hex($a):$b; for$m($a..$b){print "0x" . substr(unpack("H4",pack("n",$m)),0) ." => \"$l\","}' /tmp/g2
@ -685,7 +685,7 @@ $uid = uc $uid;
#print STDERR "amiitool -d -k ../client/amiitool/key_retail.bin -i $input -o $input.decrypted\n"; #print STDERR "amiitool -d -k ../client/amiitool/key_retail.bin -i $input -o $input.decrypted\n";
$input =~ s/\....$//; $input =~ s/\....$//;
print STDERR "hf mf eload u $input\n"; print STDERR "hf mf eload u $input\n";
print STDERR "hf 14a sim t 7 u $uid\n"; print STDERR "hf 14a sim -t 7 -u $uid\n";
__DATA__ __DATA__