diff --git a/armsrc/Standalone/hf_aveful.c b/armsrc/Standalone/hf_aveful.c index b59f1a34a..9a56be82c 100644 --- a/armsrc/Standalone/hf_aveful.c +++ b/armsrc/Standalone/hf_aveful.c @@ -187,7 +187,7 @@ void RunMod(void) { read_successful = false; break; } - // We're skipping 14 blocks (56 bytes) here, as that "[...] has version/signature/counter data here" according to comments on dumptoemul-mfu + // We're skipping 14 blocks (56 bytes) here, as that "[...] has version/signature/counter data here" according to comments on hf_mfu_dumptoemulator // When converting a bin, it's almost all 0 other than one 0x0F byte, and functionality seems to be unaffected if that byte is set to 0x00. emlSetMem_xt(dataout, 14 + i, 1, 4); Dbhexdump(4, dataout, 0); diff --git a/armsrc/Standalone/hf_bog.c b/armsrc/Standalone/hf_bog.c index 50e1d824f..1d766aa52 100644 --- a/armsrc/Standalone/hf_bog.c +++ b/armsrc/Standalone/hf_bog.c @@ -15,7 +15,7 @@ The retrieved sniffing session can be acquired by connecting the device to a client that supports the reconnect capability and issue 'hf 14a list'. In order to view the grabbed authentication attempts in the flash mem, -you can simply run 'script run read_pwd_mem' or just 'mem dump p l 256' +you can simply run 'script run mem_readpwd' or just 'mem dump p l 256' from the client to view the stored quadlets. */ @@ -249,5 +249,5 @@ void RunMod(void) { LEDsoff(); SpinDelay(300); Dbprintf("- [ End ] -> You can take shell back ..."); - Dbprintf("- [ ! ] -> use 'script run read_pwd_mem_spiffs' to print passwords"); + Dbprintf("- [ ! ] -> use 'script run data_read_pwd_mem_spiffs' to print passwords"); } diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 8378a281e..26f1513da 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1363,7 +1363,8 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_MIFARE_CIDENT: { - MifareCIdent(); + bool is_mfc = packet->data.asBytes[0]; + MifareCIdent(is_mfc); break; } // Gen 3 magic cards diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 3344368cf..76cbea5c1 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2236,14 +2236,14 @@ void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain) { OnSuccessMagic(); } -void MifareCIdent(void) { +void MifareCIdent(bool is_mfc) { // variables uint8_t isGen = 0; uint8_t rec[1] = {0x00}; uint8_t recpar[1] = {0x00}; uint8_t rats[4] = { ISO14443A_CMD_RATS, 0x80, 0x31, 0x73 }; - uint8_t rdbl[4] = { ISO14443A_CMD_READBLOCK, 0xF0, 0x8D, 0x5f}; - uint8_t rdbl0[4] = { ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8}; + uint8_t rdblf0[4] = { ISO14443A_CMD_READBLOCK, 0xF0, 0x8D, 0x5f}; + uint8_t rdbl00[4] = { ISO14443A_CMD_READBLOCK, 0x00, 0x02, 0xa8}; uint8_t *par = BigBuf_malloc(MAX_PARITY_SIZE); uint8_t *buf = BigBuf_malloc(PM3_CMD_DATA_SIZE); uint8_t *uid = BigBuf_malloc(10); @@ -2323,29 +2323,32 @@ void MifareCIdent(void) { goto OUT; } - // magic ntag test - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(40); - iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true); - if (res == 2) { - ReaderTransmit(rdbl, sizeof(rdbl), NULL); - res = ReaderReceive(buf, par); - if (res == 18) { - isGen = MAGIC_NTAG21X; + if (! is_mfc) { + // magic ntag test + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(40); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true); + if (res == 2) { + ReaderTransmit(rdblf0, sizeof(rdblf0), NULL); + res = ReaderReceive(buf, par); + if (res == 18) { + isGen = MAGIC_NTAG21X; + } } } - - // magic MFC Gen3 test - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - SpinDelay(40); - iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); - res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true); - if (res == 2) { - ReaderTransmit(rdbl0, sizeof(rdbl0), NULL); - res = ReaderReceive(buf, par); - if (res == 18) { - isGen = MAGIC_GEN_3; + if (is_mfc) { + // magic MFC Gen3 test + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + SpinDelay(40); + iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); + res = iso14443a_select_card(uid, NULL, &cuid, true, 0, true); + if (res == 2) { + ReaderTransmit(rdbl00, sizeof(rdbl00), NULL); + res = ReaderReceive(buf, par); + if (res == 18) { + isGen = MAGIC_GEN_3; + } } } }; diff --git a/armsrc/mifarecmd.h b/armsrc/mifarecmd.h index b024d2d1b..58cec9b49 100644 --- a/armsrc/mifarecmd.h +++ b/armsrc/mifarecmd.h @@ -41,7 +41,7 @@ int MifareECardLoadExt(uint8_t sectorcnt, uint8_t keytype); void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain); // Work with "magic Chinese" card void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint8_t *datain); -void MifareCIdent(void); // is "magic chinese" card? +void MifareCIdent(bool is_mfc); // is "magic chinese" card? void MifareHasStaticNonce(void); // Has the tag a static nonce? int DoGen3Cmd(uint8_t *cmd, uint8_t cmd_len); diff --git a/client/luascripts/data_mfc_accessdecode.lua b/client/luascripts/data_mf_accessdecode.lua similarity index 97% rename from client/luascripts/data_mfc_accessdecode.lua rename to client/luascripts/data_mf_accessdecode.lua index 9c65036bb..551080b5d 100644 --- a/client/luascripts/data_mfc_accessdecode.lua +++ b/client/luascripts/data_mf_accessdecode.lua @@ -8,10 +8,10 @@ desc = [[ This script tries to decode Mifare Classic Access bytes ]] example = [[ - 1. script run data_mfc_accessdecode -a 7F0F0869 + 1. script run data_mf_accessdecode -a 7F0F0869 ]] usage = [[ -script run data_mfc_accessdecode [-h] [-a ] +script run data_mf_accessdecode [-h] [-a ] ]] arguments = [[ -h : this help diff --git a/client/luascripts/hf_mf_dumptoemulator.lua b/client/luascripts/data_mf_bin2eml.lua similarity index 96% rename from client/luascripts/hf_mf_dumptoemulator.lua rename to client/luascripts/data_mf_bin2eml.lua index 2c7106928..ef48ead16 100644 --- a/client/luascripts/hf_mf_dumptoemulator.lua +++ b/client/luascripts/data_mf_bin2eml.lua @@ -12,10 +12,10 @@ This script takes a dumpfile from 'hf mf dump' and converts it to a format that by the emulator ]] example = [[ - script run hf_mf_dumptoemulator -i dumpdata-foobar.bin + script run data_mf_bin2eml -i dumpdata-foobar.bin ]] usage = [[ -script run hf_mf_dumptoemulator [-i ] [-o ] +script run data_mf_bin2eml [-i ] [-o ] ]] arguments = [[ -h This help diff --git a/client/luascripts/data_dumptohtml.lua b/client/luascripts/data_mf_bin2html.lua similarity index 95% rename from client/luascripts/data_dumptohtml.lua rename to client/luascripts/data_mf_bin2html.lua index 0a6f9b1d1..c33b4782b 100644 --- a/client/luascripts/data_dumptohtml.lua +++ b/client/luascripts/data_mf_bin2html.lua @@ -13,10 +13,10 @@ This script takes a dumpfile and produces a html based dump, which is a bit more easily analyzed. ]] example = [[ - script run data_dumptohtml -o mifarecard_foo.html + script run data_mf_bin2html -o mifarecard_foo.html ]] usage = [[ -script run data_dumptohtml [-i ] [-o ] +script run data_mf_bin2html [-i ] [-o ] ]] arguments = [[ -h This help diff --git a/client/luascripts/data_emulatortodump.lua b/client/luascripts/data_mf_eml2bin.lua similarity index 90% rename from client/luascripts/data_emulatortodump.lua rename to client/luascripts/data_mf_eml2bin.lua index e40875529..d31b58418 100644 --- a/client/luascripts/data_emulatortodump.lua +++ b/client/luascripts/data_mf_eml2bin.lua @@ -10,12 +10,12 @@ desc =[[ This script takes an dumpfile in EML (ASCII) format and converts it to the PM3 dumpbin file to be used with `hf mf restore` ]] example =[[ - 1. script run data_emulatortodump - 2. script run data_emulatortodump -i myfile.eml - 3. script run data_emulatortodump -i myfile.eml -o myfile.bin + 1. script run data_mf_eml2bin + 2. script run data_mf_eml2bin -i myfile.eml + 3. script run data_mf_eml2bin -i myfile.eml -o myfile.bin ]] usage = [[ -script run data_emulatortodump [-i ] [-o ] +script run data_mf_eml2bin [-i ] [-o ] ]] arguments = [[ -h This help diff --git a/client/luascripts/data_emulatortohtml.lua b/client/luascripts/data_mf_eml2html.lua similarity index 95% rename from client/luascripts/data_emulatortohtml.lua rename to client/luascripts/data_mf_eml2html.lua index 19e57493d..9b2edbe87 100644 --- a/client/luascripts/data_emulatortohtml.lua +++ b/client/luascripts/data_mf_eml2html.lua @@ -13,10 +13,10 @@ This script takes a dumpfile on EML (ASCII) format and produces a html based dum bit more easily analyzed. ]] example = [[ - script run data_emulatortohtml -o dumpdata.eml + script run data_mf_eml2html -o dumpdata.eml ]] usage = [[ -script run data_emulatortohtml [-i ] [-o ] +script run data_mf_eml2html [-i ] [-o ] ]] arguments = [[ -h This help diff --git a/client/luascripts/data_example_cmdline.lua b/client/luascripts/examples/example_cmdline.lua similarity index 100% rename from client/luascripts/data_example_cmdline.lua rename to client/luascripts/examples/example_cmdline.lua diff --git a/client/luascripts/data_example_parameters.lua b/client/luascripts/examples/example_parameters.lua similarity index 88% rename from client/luascripts/data_example_parameters.lua rename to client/luascripts/examples/example_parameters.lua index f31bb607c..0925f7d2c 100644 --- a/client/luascripts/data_example_parameters.lua +++ b/client/luascripts/examples/example_parameters.lua @@ -4,7 +4,7 @@ local getopt = require('getopt') local ansicolors = require('ansicolors') copyright = '' -usage = 'script run parameters.lua -a 1 -blala -c -de' +usage = 'script run example_parameters.lua -a 1 -blala -c -de' author = 'Martin Holst Swende' version = 'v1.0.2' desc = [[ @@ -12,10 +12,10 @@ This is an example script to demonstrate handle parameters in scripts. For more info, check the comments in the code ]] example = [[ - 1. script run data_example_parameters -a mytestparam_input -c + 1. script run example_parameters -a mytestparam_input -c ]] usage = [[ -script run data_example_parameters [-h] [-a ] [-b ] [-c] [-d] [-e] +script run example_parameters [-h] [-a ] [-b ] [-c] [-d] [-e] ]] arguments = [[ -h This help @@ -52,7 +52,7 @@ local function main(args) 5 parameters; two with values and three flags. The following should be valid: - script run parameters.lua -a 1 -blala -c -de + script run example_parameters.lua -a 1 -blala -c -de Notice two things: 1. 'blala' works just like 'b lala', both set 'b' to 'lala' diff --git a/client/luascripts/hf_14a_raw.lua b/client/luascripts/hf_14a_raw.lua index 3b747aa17..35d2cff87 100644 --- a/client/luascripts/hf_14a_raw.lua +++ b/client/luascripts/hf_14a_raw.lua @@ -7,7 +7,7 @@ copyright = '' author = "Martin Holst Swende" version = 'v1.0.2' desc = [[ -This is a script to allow raw 1444a commands to be sent and received. +This is a script to allow raw 14443a commands to be sent and received. ]] example = [[ # 1. Connect and don't disconnect diff --git a/client/luascripts/iso15_magic.lua b/client/luascripts/hf_15_magic.lua similarity index 95% rename from client/luascripts/iso15_magic.lua rename to client/luascripts/hf_15_magic.lua index 94f1d8f97..173cf1ee7 100644 --- a/client/luascripts/iso15_magic.lua +++ b/client/luascripts/hf_15_magic.lua @@ -15,12 +15,12 @@ example = [[ -- ISO15693 slix magic tag - script run iso15_magic -u E004013344556677 + script run hf_15_magic -u E004013344556677 - script run iso15_magic -u E004013344556677 -a + script run hf_15_magic -u E004013344556677 -a ]] usage = [[ -script run iso15_magic -h -u +script run hf_15_magic -h -u ]] arguments = [[ -h : this help diff --git a/client/luascripts/legic.lua b/client/luascripts/hf_legic.lua similarity index 99% rename from client/luascripts/legic.lua rename to client/luascripts/hf_legic.lua index 393cc9e52..1715bf400 100644 --- a/client/luascripts/legic.lua +++ b/client/luascripts/hf_legic.lua @@ -96,7 +96,7 @@ Known issues; needs to be fixed: * last byte in last segment is handled incorrectly when it is the last bytes on the card itself (MIM256: => byte 256) --]] -example = "script run legic" +example = "script run hf_legic" author = "Mosci, uhei" version = "1.0.4" diff --git a/client/luascripts/legic_buffer2card.lua b/client/luascripts/hf_legic_buffer2card.lua similarity index 95% rename from client/luascripts/legic_buffer2card.lua rename to client/luascripts/hf_legic_buffer2card.lua index d0a018d83..eac8f1ed2 100644 --- a/client/luascripts/legic_buffer2card.lua +++ b/client/luascripts/hf_legic_buffer2card.lua @@ -11,10 +11,10 @@ desc = This is a script which writes value 0x01 to bytes from position 0x07 until 0xFF on a Legic Prime Tag (MIM256 or MIM1024) -- (created with 'hf legic save my_dump.hex') -- ]] example = [[ - script run legic_buffer2card + script run hf_legic_buffer2card ]] usage = [[ -script run legic_buffer2card -h +script run hf_legic_buffer2card -h ]] arguments = [[ -h - Help text diff --git a/client/luascripts/legic_clone.lua b/client/luascripts/hf_legic_clone.lua similarity index 98% rename from client/luascripts/legic_clone.lua rename to client/luascripts/hf_legic_clone.lua index 0f03157e5..28a95bca7 100644 --- a/client/luascripts/legic_clone.lua +++ b/client/luascripts/hf_legic_clone.lua @@ -18,7 +18,7 @@ local ansicolors = require('ansicolors') simplest usage: Dump a legic tag with 'hf legic dump' place your 'empty' tag on the reader and run - 'script run legic_clone -i orig.bin -w' + 'script run hf_legic_clone -i orig.bin -w' you will see some output like: @@ -95,11 +95,11 @@ This is a script which creates a clone-dump of a dump from a LEGIC Prime Tag (MI Create a dump by running `hf legic dump`. ]] example = [[ - script run legic_clone -i my_dump.bin -o my_clone.bin -c f8 - script run legic_clone -i my_dump.bin -d -s + script run hf_legic_clone -i my_dump.bin -o my_clone.bin -c f8 + script run hf_legic_clone -i my_dump.bin -d -s ]] usage = [[ -script run legic_clone [-h] [-i ] [-o ] [-c ] [-d] [-s] [-w] +script run hf_legic_clone [-h] [-i ] [-o ] [-c ] [-d] [-s] [-w] ]] arguments = [[ required : diff --git a/client/luascripts/hf_mf_autopwn.lua b/client/luascripts/hf_mf_autopwn.lua index 831a1111e..f7ea2a832 100644 --- a/client/luascripts/hf_mf_autopwn.lua +++ b/client/luascripts/hf_mf_autopwn.lua @@ -128,10 +128,10 @@ local function dump_tag(uid, numsectors) -- Save the global args, those are *our* arguments local myargs = args - -- Set the arguments for htmldump script + -- Set the arguments for data_mf_bin2html script args =('-i %s.bin -o %s.html'):format(dumpfile, dumpfile) -- call it - require('htmldump') + require('data_mf_bin2html') -- Set back args. Not that it's used, just for the karma... args = myargs diff --git a/client/luascripts/hf_mf_dump-laundromat.lua b/client/luascripts/hf_mf_dump-luxeo.lua similarity index 98% rename from client/luascripts/hf_mf_dump-laundromat.lua rename to client/luascripts/hf_mf_dump-luxeo.lua index 7614bded4..3ee86ecbc 100644 --- a/client/luascripts/hf_mf_dump-laundromat.lua +++ b/client/luascripts/hf_mf_dump-luxeo.lua @@ -1,7 +1,7 @@ --- -- This Lua script is designed to run with Iceman/RRG Proxmark3 fork --- Just copy luxeodump.lua to client/luascripts/ --- and run "script run luxeodump" +-- Just copy hf_mf_dump-luxeo.lua to client/luascripts/ +-- and run "script run hf_mf_dump-luxeo" -- requirements local cmds = require('commands') @@ -17,10 +17,10 @@ desc = [[ This is a script that tries to dump and decrypt the data of a specific type of Mifare laundromat token. OBS! Tag must be on the antenna. ]] example = [[ - script run hf_mf_dump-laundromat + script run hf_mf_dump-luxeo ]] usage = [[ -script run hf_mf_dump-laundromat +script run hf_mf_dump-luxeo ]] arguments = [[ -h This help diff --git a/client/luascripts/mfc_gen3_writer.lua b/client/luascripts/hf_mf_gen3_writer.lua similarity index 98% rename from client/luascripts/mfc_gen3_writer.lua rename to client/luascripts/hf_mf_gen3_writer.lua index 9e78b2aee..7795ac26c 100644 --- a/client/luascripts/mfc_gen3_writer.lua +++ b/client/luascripts/hf_mf_gen3_writer.lua @@ -12,8 +12,7 @@ local read14a = require('read14a') --[[ ---Suggestions of improvement: --- Add support another types of dumps: BIN, JSON ---- Maybe it will be not only as `mfc_gen3_writer`, like a universal dump manager. ---- Add undependence from the operation system. At the moment code not working in Linux. +--- Maybe it will be not only as `hf_mf_gen3_writer`, like a universal dump manager. --- Hide system messages when you writing a dumps, replace it to some of like [#####----------] 40% -- iceman notes: diff --git a/client/luascripts/hf_mf_keycheck.lua b/client/luascripts/hf_mf_keycheck.lua index d50bb00f9..59680cbe4 100644 --- a/client/luascripts/hf_mf_keycheck.lua +++ b/client/luascripts/hf_mf_keycheck.lua @@ -60,7 +60,7 @@ end -- waits for answer from pm3 device local function checkCommand(response) if not response then - print("Timeout while waiting for response. Increase TIMEOUT in mfckeys.lua to wait longer") + print("Timeout while waiting for response. Increase TIMEOUT in hf_mf_keycheck.lua to wait longer") return nil, "Timeout while waiting for device to respond" end @@ -237,7 +237,7 @@ local function perform_check(uid, numsectors) local end_time = os.time() print('') - print('[+] mfckeys - Checkkey execution time: '..os.difftime(end_time, start_time)..' sec') + print('[+] hf_mf_keycheck - Checkkey execution time: '..os.difftime(end_time, start_time)..' sec') core.fast_push_mode(false) diff --git a/client/luascripts/hf_mf_magicrevive.lua b/client/luascripts/hf_mf_magicrevive.lua index dcbb886e1..abbb45576 100644 --- a/client/luascripts/hf_mf_magicrevive.lua +++ b/client/luascripts/hf_mf_magicrevive.lua @@ -19,7 +19,7 @@ script run hf_mf_magicrevive [-h] [-u] ]] arguments = [[ -h this help - -u remagic a Ultralight tag w 7 bytes UID. + -u try to revive a bricked magic Ultralight tag w 7 bytes UID. ]] --- -- A debug printout-function diff --git a/client/luascripts/hf_mfm_dumpdecrypt.lua b/client/luascripts/hf_mf_mini_dumpdecrypt.lua similarity index 98% rename from client/luascripts/hf_mfm_dumpdecrypt.lua rename to client/luascripts/hf_mf_mini_dumpdecrypt.lua index 4801aeb96..ec6006ed2 100644 --- a/client/luascripts/hf_mfm_dumpdecrypt.lua +++ b/client/luascripts/hf_mf_mini_dumpdecrypt.lua @@ -16,19 +16,19 @@ This is a script to dump and decrypt the data of a specific type of Mifare Mini The dump is decrypted. If a raw dump is wanted, use the -r parameter ]] example = [[ - script run hf_mfm_dumpdecrypt + script run hf_mf_mini_dumpdecrypt -- selftest - script run hf_mfm_dumpdecrypt -t + script run hf_mf_mini_dumpdecrypt -t -- Generate raw dump, into json. - script run hf_mfm_dumpdecrypt -r + script run hf_mf_mini_dumpdecrypt -r -- load file - script run hf_mfm_dumpdecrypt -i dumpdata.json + script run hf_mf_mini_dumpdecrypt -i dumpdata.json ]] usage = [[ -script run hf_mfm_dumpdecrypt -h -t -r -d -e -v -i dumpdata.json +script run hf_mf_mini_dumpdecrypt -h -t -r -d -e -v -i dumpdata.json ]] arguments = [[ h this helptext diff --git a/client/luascripts/hf_mf_clone-tnp3.lua b/client/luascripts/hf_mf_tnp3_clone.lua similarity index 96% rename from client/luascripts/hf_mf_clone-tnp3.lua rename to client/luascripts/hf_mf_tnp3_clone.lua index 59b954023..490c49242 100644 --- a/client/luascripts/hf_mf_clone-tnp3.lua +++ b/client/luascripts/hf_mf_tnp3_clone.lua @@ -18,14 +18,14 @@ desc = [[ This script will try to make a barebones clone of a tnp3 tag on to a magic generation1 card. ]] example = [[ - script run hf_mf_clone-tnp3 - script run hf_mf_clone-tnp3 -h - script run hf_mf_clone-tnp3 -l - script run hf_mf_clone-tnp3 -t aa00 -s 0030 + script run hf_mf_tnp3_clone + script run hf_mf_tnp3_clone -h + script run hf_mf_tnp3_clone -l + script run hf_mf_tnp3_clone -t aa00 -s 0030 ]] usage = [[ -script run hf_mf_clone-tnp3 [-h] [-t ] [-s ] +script run hf_mf_tnp3_clone [-h] [-t ] [-s ] ]] arguments = [[ -h : this help diff --git a/client/luascripts/hf_mf_dump-tnp3.lua b/client/luascripts/hf_mf_tnp3_dump.lua similarity index 94% rename from client/luascripts/hf_mf_dump-tnp3.lua rename to client/luascripts/hf_mf_tnp3_dump.lua index 6cfddd0bf..ee59046eb 100644 --- a/client/luascripts/hf_mf_dump-tnp3.lua +++ b/client/luascripts/hf_mf_tnp3_dump.lua @@ -16,18 +16,18 @@ This script will try to dump the contents of a Mifare TNP3xxx card. It will need a valid KeyA in order to find the other keys and decode the card. ]] example = [[ - script run hf_mf_dump-tnp3 - script run hf_mf_dump-tnp3 -n - script run hf_mf_dump-tnp3 -p - script run hf_mf_dump-tnp3 -k aabbccddeeff - script run hf_mf_dump-tnp3 -k aabbccddeeff -n - script run hf_mf_dump-tnp3 -o myfile - script run hf_mf_dump-tnp3 -n -o myfile - script run hf_mf_dump-tnp3 -p -o myfile - script run hf_mf_dump-tnp3 -k aabbccddeeff -n -o myfile + script run hf_mf_tnp3_dump + script run hf_mf_tnp3_dump -n + script run hf_mf_tnp3_dump -p + script run hf_mf_tnp3_dump -k aabbccddeeff + script run hf_mf_tnp3_dump -k aabbccddeeff -n + script run hf_mf_tnp3_dump -o myfile + script run hf_mf_tnp3_dump -n -o myfile + script run hf_mf_tnp3_dump -p -o myfile + script run hf_mf_tnp3_dump -k aabbccddeeff -n -o myfile ]] usage = [[ -script run hf_mf_dump-tnp3 [-h] [-k ] [-n] [-p] [-o ] +script run hf_mf_tnp3_dump [-h] [-k ] [-n] [-p] [-o ] ]] arguments = [[ -h : this help diff --git a/client/luascripts/hf_mf_autosim.lua b/client/luascripts/hf_mf_tnp3_sim.lua similarity index 98% rename from client/luascripts/hf_mf_autosim.lua rename to client/luascripts/hf_mf_tnp3_sim.lua index 255b4e00b..dded9327a 100644 --- a/client/luascripts/hf_mf_autosim.lua +++ b/client/luascripts/hf_mf_tnp3_sim.lua @@ -18,12 +18,12 @@ For an experimental mode, it tries to manipulate some data. At last it sends all data to the PM3 device memory where it can be used in the command "hf mf sim" ]] example = [[ - 1. script run hf_mf_autosim - 2. script run hf_mf_autosim -m - 3. script run hf_mf_autosim -m -i myfile + 1. script run hf_mf_tnp3_sim + 2. script run hf_mf_tnp3_sim -m + 3. script run hf_mf_tnp3_sim -m -i myfile ]] usage = [[ -script run hf_mf_autosim [-h] [-m] [-i ] +script run hf_mf_tnp3_sim [-h] [-m] [-i ] ]] arguments = [[ -h : this help diff --git a/client/luascripts/hf_mfc_uidbruteforce.lua b/client/luascripts/hf_mf_uidbruteforce.lua similarity index 88% rename from client/luascripts/hf_mfc_uidbruteforce.lua rename to client/luascripts/hf_mf_uidbruteforce.lua index 17a731e3a..461e8aad3 100644 --- a/client/luascripts/hf_mfc_uidbruteforce.lua +++ b/client/luascripts/hf_mf_uidbruteforce.lua @@ -1,5 +1,5 @@ --- Run me like this (connected via USB): ./pm3 -l hf_bruteforce.lua --- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua +-- Run me like this (connected via USB): ./pm3 -l hf_mf_uidbruteforce.lua +-- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_mf_uidbruteforce.lua local getopt = require('getopt') local ansicolors = require('ansicolors') @@ -13,14 +13,14 @@ This script bruteforces 4 or 7 byte UID Mifare classic card numbers. example =[[ Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346. - script run hf_mfc_uidbruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc + script run hf_mf_uidbruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679. - script run hf_mfc_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu + script run hf_mf_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu ]] usage = [[ -script run hf_mfc_uidbruteforce [-s ] [-e ] [-t ] [-x ] +script run hf_mf_uidbruteforce [-s ] [-e ] [-t ] [-x ] ]] arguments = [[ -h this help diff --git a/client/luascripts/hf_ntag-3d.lua b/client/luascripts/hf_ntag-3d.lua index 9b87d34ff..e46705bd1 100644 --- a/client/luascripts/hf_ntag-3d.lua +++ b/client/luascripts/hf_ntag-3d.lua @@ -221,13 +221,13 @@ local function configure_magic_ntag(uid) local pwd, pack = core.keygen_algo_d(uid) - -- Set the arguments for mfu_magic script v1.0.8 + -- Set the arguments for hf_mfu_magicwrite script v1.0.8 -- -t 12 == configure NTAG213F -- -u == set UID -- -p == set pwd -- -a == set pack args =('-t 12 -u %s -p %08X -a %04X'):format(uid, pwd, pack) - require('mfu_magic') + require('hf_mfu_magicwrite') -- Set back args. Not that it's used, just for the karma... args = myargs diff --git a/client/luascripts/lf_hid_bulkclone.lua b/client/luascripts/lf_hid_bulkclone.lua index 14af4b553..dae59a53c 100644 --- a/client/luascripts/lf_hid_bulkclone.lua +++ b/client/luascripts/lf_hid_bulkclone.lua @@ -1,5 +1,5 @@ -- --- lf_bulk.lua - A tool to clone a large number of tags at once. +-- lf_hid_bulkclone.lua - A tool to clone a large number of tags at once. -- Updated 2017-04-18 -- Updated 2018-02-20 iceman local getopt = require('getopt') diff --git a/client/luascripts/data_readpwdmem.lua b/client/luascripts/mem_readpwd.lua similarity index 91% rename from client/luascripts/data_readpwdmem.lua rename to client/luascripts/mem_readpwd.lua index 29cd087fa..82343b943 100644 --- a/client/luascripts/data_readpwdmem.lua +++ b/client/luascripts/mem_readpwd.lua @@ -9,31 +9,31 @@ desc = [[ This script will read the flash memory of RDV4 and print the stored passwords/keys. It was meant to be used as a help tool after using the BogRun standalone mode before SPIFFS. -You should now use read_pwd_mem_spiffs instead after the updated BogRun standalone mode. +You should now use data_read_pwd_mem_spiffs instead after the updated BogRun standalone mode. (Iceman) script adapted to read and print keys in the default dictionary flashmemory sections. ]] example = [[ -- This will scan the first 256 bytes of flash memory for stored passwords - script run data_readpwdmem + script run mem_readpwd -- This will scan 256 bytes of flash memory at offset 64 for stored passwords - script run data_readpwdmem -o 64 + script run mem_readpwd -o 64 -- This will scan 32 bytes of flash memory at offset 64 for stored passwords - script run data_readpwdmem -o 64 -l 32 + script run mem_readpwd -o 64 -l 32 -- This will print the stored Mifare dictionary keys - script run data_readpwdmem -m + script run mem_readpwd -m -- This will print the stored t55xx dictionary passwords - script run data_readpwdmem -t + script run mem_readpwd -t -- This will print the stored iClass dictionary keys - script run data_readpwdmem -i + script run mem_readpwd -i ]] usage = [[ - script run data_readpwdmem [-h] [-o ] [-l ] [-k ] [-m] [-t] [-i] + script run mem_readpwd [-h] [-o ] [-l ] [-k ] [-m] [-t] [-i] ]] arguments = [[ -h : this help diff --git a/client/luascripts/data_readpwdmem-spiffs.lua b/client/luascripts/mem_spiffs_readpwd.lua similarity index 92% rename from client/luascripts/data_readpwdmem-spiffs.lua rename to client/luascripts/mem_spiffs_readpwd.lua index 1ad6876c0..b4995e406 100644 --- a/client/luascripts/data_readpwdmem-spiffs.lua +++ b/client/luascripts/mem_spiffs_readpwd.lua @@ -11,16 +11,16 @@ It was meant to be used as a help tool after using the BogRun standalone mode. ]] example = [[ -- This will read the hf_bog.log file in SPIFFS and print the stored passwords - script run data_readpwdmem-spiffs + script run mem_spiffs_readpwd -- This will read the other.log file in SPIFFS and print the stored passwords - script run data_readpwdmem-spiffs -f other.log + script run mem_spiffs_readpwd -f other.log -- This will delete the hf_bog.log file from SPIFFS - script run data_readpwdmem-spiffs -r + script run mem_spiffs_readpwd -r ]] usage = [[ - script run data_readpwdmem-spiffs [-h] [-f ] [-r] + script run mem_spiffs_readpwd [-h] [-f ] [-r] ]] arguments = [[ -h : this help diff --git a/client/luascripts/hf_lf_multi_bruteforce.lua b/client/luascripts/multi_bruteforce.lua similarity index 96% rename from client/luascripts/hf_lf_multi_bruteforce.lua rename to client/luascripts/multi_bruteforce.lua index 733c3feab..ef1edc697 100644 --- a/client/luascripts/hf_lf_multi_bruteforce.lua +++ b/client/luascripts/multi_bruteforce.lua @@ -26,16 +26,16 @@ It uses both LF and HF simulations. -- Author note -- I wrote this as i was doing a PACS audit. This is far from complete, but is easily expandable. -- The idea was based on proxbrute, but i needed more options, and support for different readers. - -- I dont know LUA, so I used Brian Redbeards lf_bulk_program.lua script as a starting point, sorry if its kludgy. + -- I dont know LUA, so I used Brian Redbeards lf_hid_bulkclone.lua script as a starting point, sorry if its kludgy. ]] example = [[ -- (the above example would bruteforce pyramid tags, starting at 10:1000, ending at 10:991, and waiting 1 second between each card) - script run hf_lf_multi_bruteforce -r pyramid -f 10 -b 1000 -c 10 -t 1 -d down + script run multi_bruteforce -r pyramid -f 10 -b 1000 -c 10 -t 1 -d down ]] usage = [[ -script run hf_lf_multi_bruteforce -r rfid_tag -f facility_code -b base_card_number -c count -t timeout -d direction +script run multi_bruteforce -r rfid_tag -f facility_code -b base_card_number -c count -t timeout -d direction ]] arguments = [[ -h this help @@ -110,7 +110,7 @@ local function isempty(s) return s == nil or s == '' end --- The code below was blatantly stolen from Brian Redbeard's lf_bulk_program.lua script +-- The code below was blatantly stolen from Brian Redbeard's lf_hid_bulkclone.lua script local function toBits(num, bits) bits = bits or math.max(1, select(2, math.frexp(num))) local t = {} diff --git a/client/luascripts/data_tracetest.lua b/client/luascripts/tests/data_tracetest.lua similarity index 100% rename from client/luascripts/data_tracetest.lua rename to client/luascripts/tests/data_tracetest.lua diff --git a/client/luascripts/hf_read.lua b/client/luascripts/tests/hf_read.lua similarity index 100% rename from client/luascripts/hf_read.lua rename to client/luascripts/tests/hf_read.lua diff --git a/client/luascripts/lf_t55xx_defaultask.lua b/client/luascripts/tests/lf_t55xx_defaultask.lua similarity index 100% rename from client/luascripts/lf_t55xx_defaultask.lua rename to client/luascripts/tests/lf_t55xx_defaultask.lua diff --git a/client/luascripts/lf_t55xx_defaultbi.lua b/client/luascripts/tests/lf_t55xx_defaultbi.lua similarity index 100% rename from client/luascripts/lf_t55xx_defaultbi.lua rename to client/luascripts/tests/lf_t55xx_defaultbi.lua diff --git a/client/luascripts/lf_t55xx_defaultfsk.lua b/client/luascripts/tests/lf_t55xx_defaultfsk.lua similarity index 100% rename from client/luascripts/lf_t55xx_defaultfsk.lua rename to client/luascripts/tests/lf_t55xx_defaultfsk.lua diff --git a/client/luascripts/lf_t55xx_defaultpsk.lua b/client/luascripts/tests/lf_t55xx_defaultpsk.lua similarity index 100% rename from client/luascripts/lf_t55xx_defaultpsk.lua rename to client/luascripts/tests/lf_t55xx_defaultpsk.lua diff --git a/client/luascripts/lf_t55xx_writetest.lua b/client/luascripts/tests/lf_t55xx_writetest.lua similarity index 99% rename from client/luascripts/lf_t55xx_writetest.lua rename to client/luascripts/tests/lf_t55xx_writetest.lua index c7caaffda..cfe46d565 100644 --- a/client/luascripts/lf_t55xx_writetest.lua +++ b/client/luascripts/tests/lf_t55xx_writetest.lua @@ -35,7 +35,7 @@ example = [[ 3. script run lf_t55xx_writetest -t PSK1 ]] usage = [[ -script run test_t55x7 [-h] [-t +script run lf_t55xx_writetest [-h] [-t ]] arguments = [[ -h this help diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index fbd9fc618..cc6a7caab 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -1979,32 +1979,33 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } int isMagic = 0; - if (isMifareClassic || isMifareUltralight) { - isMagic = detect_classic_magic(); + if (isMifareClassic) { + isMagic = detect_mf_magic(true); + } + if (isMifareUltralight) { + isMagic = detect_mf_magic(false); + } + if (isMifareClassic) { + int res = detect_classic_static_nonce(); + if (res == NONCE_STATIC) + PrintAndLogEx(SUCCESS, "Static nonce: " _YELLOW_("yes")); - if (isMifareClassic) { + if (res == NONCE_FAIL && verbose) + PrintAndLogEx(SUCCESS, "Static nonce: " _RED_("read failed")); - int res = detect_classic_static_nonce(); - if (res == NONCE_STATIC) - PrintAndLogEx(SUCCESS, "Static nonce: " _YELLOW_("yes")); + if (res == NONCE_NORMAL) { - if (res == NONCE_FAIL && verbose) - PrintAndLogEx(SUCCESS, "Static nonce: " _RED_("read failed")); + // not static + res = detect_classic_prng(); + if (res == 1) + PrintAndLogEx(SUCCESS, "Prng detection: " _GREEN_("weak")); + else if (res == 0) + PrintAndLogEx(SUCCESS, "Prng detection: " _YELLOW_("hard")); + else + PrintAndLogEx(FAILED, "Prng detection: " _RED_("fail")); - if (res == NONCE_NORMAL) { - - // not static - res = detect_classic_prng(); - if (res == 1) - PrintAndLogEx(SUCCESS, "Prng detection: " _GREEN_("weak")); - else if (res == 0) - PrintAndLogEx(SUCCESS, "Prng detection: " _YELLOW_("hard")); - else - PrintAndLogEx(FAILED, "Prng detection: " _RED_("fail")); - - if (do_nack_test) - detect_classic_nackbug(false); - } + if (do_nack_test) + detect_classic_nackbug(false); } } diff --git a/client/src/cmdhfmfu.c b/client/src/cmdhfmfu.c index a9b03cb46..2a642d4c8 100644 --- a/client/src/cmdhfmfu.c +++ b/client/src/cmdhfmfu.c @@ -136,7 +136,7 @@ static int usage_hf_mfu_wrbl(void) { static int usage_hf_mfu_eload(void) { PrintAndLogEx(NORMAL, "It loads emul dump from the file " _YELLOW_("`filename.eml`")); - PrintAndLogEx(NORMAL, "Hint: See " _YELLOW_("`script run dumptoemul-mfu`") " to convert the .bin to the eml"); + PrintAndLogEx(NORMAL, "Hint: See " _YELLOW_("`script run hf_mfu_dumptoemulator`") " to convert the .bin to the eml"); PrintAndLogEx(NORMAL, "Usage: hf mfu eload u [numblocks]"); PrintAndLogEx(NORMAL, " Options:"); PrintAndLogEx(NORMAL, " h : this help"); @@ -1984,6 +1984,7 @@ static int CmdHF14AMfUDump(const char *Cmd) { iso14a_card_select_t card; mfu_dump_t dump_file_data; + memset(&dump_file_data, 0, sizeof(dump_file_data)); uint8_t get_version[] = {0, 0, 0, 0, 0, 0, 0, 0}; uint8_t get_counter_tearing[][4] = {{0, 0, 0, 0}, {0, 0, 0, 0}, {0, 0, 0, 0}}; uint8_t get_signature[32]; diff --git a/client/src/mifare/mifarehost.c b/client/src/mifare/mifarehost.c index 032c9eccf..78fca3487 100644 --- a/client/src/mifare/mifarehost.c +++ b/client/src/mifare/mifarehost.c @@ -1154,13 +1154,14 @@ int detect_classic_static_nonce(void) { return NONCE_FAIL; } -/* try to see if card responses to "chinese magic backdoor" commands. */ -int detect_classic_magic(void) { +/* try to see if card responses to "Chinese magic backdoor" commands. */ +int detect_mf_magic(bool is_mfc) { uint8_t isGeneration = 0; PacketResponseNG resp; clearCommandBuffer(); - SendCommandNG(CMD_HF_MIFARE_CIDENT, NULL, 0); + uint8_t payload[] = { is_mfc }; + SendCommandNG(CMD_HF_MIFARE_CIDENT, payload, sizeof(payload)); if (WaitForResponseTimeout(CMD_HF_MIFARE_CIDENT, &resp, 1500)) { if (resp.status == PM3_SUCCESS) isGeneration = resp.data.asBytes[0]; diff --git a/client/src/mifare/mifarehost.h b/client/src/mifare/mifarehost.h index 1e693174e..7a3535257 100644 --- a/client/src/mifare/mifarehost.h +++ b/client/src/mifare/mifarehost.h @@ -88,7 +88,7 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int detect_classic_prng(void); int detect_classic_nackbug(bool verbose); -int detect_classic_magic(void); +int detect_mf_magic(bool is_mfc); int detect_classic_static_nonce(void); void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted); #endif diff --git a/client/src/scripting.c b/client/src/scripting.c index 64dd0f84a..fed896970 100644 --- a/client/src/scripting.c +++ b/client/src/scripting.c @@ -55,7 +55,7 @@ static int l_clearCommandBuffer(lua_State *L) { } /** - * Enable / Disable fast push mode for lua scripts like mfckeys + * Enable / Disable fast push mode for lua scripts like hf_mf_keycheck * The following params expected: * *@brief l_fast_push_mode diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index a032d620d..7da56cbcd 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -233,7 +233,7 @@ Options --- i : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used -pm3 --> script run dumptoemul -i dumpdata.bin +pm3 --> script run data_mf_bin2eml -i dumpdata.bin ``` Write to MIFARE block @@ -285,7 +285,7 @@ Simulate MIFARE Sequence ``` pm3 --> hf mf chk *1 ? d mfc_default_keys pm3 --> hf mf dump 1 -pm3 --> script run dumptoemul -i dumpdata.bin +pm3 --> script run data_mf_bin2eml -i dumpdata.bin pm3 --> hf mf eload 353C2AA6 pm3 --> hf mf sim u 353c2aa6 ``` @@ -305,19 +305,19 @@ pm3 --> hf mfu info Clone MIFARE Ultralight EV1 Sequence ``` pm3 --> hf mfu dump k FFFFFFFF -pm3 --> script run dumptoemul-mfu -i hf-mfu-XXXX-dump.bin -o hf-mfu-XXXX-dump.eml +pm3 --> script run hf_mfu_dumptoemulator -i hf-mfu-XXXX-dump.bin -o hf-mfu-XXXX-dump.eml pm3 --> hf mfu eload u hf-mfu-XXXX-dump.eml pm3 --> hf mfu sim t 7 u hf-mfu-XXXX-dump.eml ``` Bruteforce MIFARE Classic card numbers from 11223344 to 11223346 ``` -pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc +pm3 --> script run hf_mf_uidbruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc ``` Bruteforce MIFARE Ultralight EV1 card numbers from 11223344556677 to 11223344556679 ``` -pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu +pm3 --> script run hf_mf_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu ``` ## Wiegand manipulation @@ -563,7 +563,7 @@ Options -i Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used -o Specifies the output file. If omitted, .eml is used -pm3 --> script run dumptoemul -i xxxxxxxxxxxxxx.bin +pm3 --> script run data_mf_bin2eml -i xxxxxxxxxxxxxx.bin ``` Convert .eml to .bin @@ -573,7 +573,7 @@ Options -i Specifies the dump-file (input). If omitted, 'dumpdata.eml' is used -o Specifies the output file. If omitted, .bin is used -pm3 --> script run emul2dump -i myfile.eml -o myfile.bin +pm3 --> script run data_mf_eml2bin -i myfile.eml -o myfile.bin ``` Format Mifare card @@ -585,7 +585,7 @@ Options -a The new access bytes that will be written to the card -x Execute the commands aswell -pm3 --> script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x +pm3 --> script run hf_mf_format -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x ``` ## Memory diff --git a/doc/magic_cards_notes.md b/doc/magic_cards_notes.md index c02b59e53..ffa10f04c 100644 --- a/doc/magic_cards_notes.md +++ b/doc/magic_cards_notes.md @@ -195,7 +195,7 @@ hf mf csetuid 11223344 0044 18 ``` ``` -script run remagic +script run run hf_mf_magicrevive ``` To execute commands manually: @@ -443,7 +443,7 @@ hf mf gen3freeze ``` See also ``` -script run mfc_gen3_writer -h +script run hf_mf_gen3_writer -h ``` Equivalent: @@ -518,14 +518,14 @@ Only 7b versions ### Proxmark3 commands ``` -script run ul_uid -h +script run hf_mfu_setuid -h ``` When "soft-bricked" (by writing invalid data in block0), these ones may help: ``` hf 14a config h -script run remagic -u +script run run hf_mf_magicrevive -u ``` ## MIFARE Ultralight DirectWrite @@ -723,7 +723,7 @@ Emulates partially UL EV1 48k/128k, NTAG210, NTAG212, NTAGI2C 1K/2K, NTAGI2C 1K ### Proxmark3 commands ``` -script run mfu_magic -h +script run hf_mfu_magicwrite -h ``` # DESFire @@ -840,5 +840,5 @@ hf 15 csetuid E011223344556677 ``` or (ignore errors): ``` -script run iso15_magic -u E004013344556677 +script run hf_15_magic -u E004013344556677 ```