Merge pull request #462 from bogiton/master

Fixed hf_bog standalone and added new lua script to use SPIFFS

armsrc/Standalone/hf_bog.c

@@ -216,13 +216,11 @@ void RAMFUNC SniffAndStore(uint8_t param) {
     if (auth_attempts > 0) {
         if (DBGLEVEL > 1)
             Dbprintf("[!] Authentication attempts = %u", auth_attempts);
-        size_t size = 4 * auth_attempts;
-        uint8_t *buf = BigBuf_malloc(size);
 
         if (!exists_in_spiffs((char *)HF_BOG_LOGFILE)) {
-            rdv40_spiffs_write((char *)HF_BOG_LOGFILE, buf, size, RDV40_SPIFFS_SAFETY_SAFE);
+            rdv40_spiffs_write((char *)HF_BOG_LOGFILE, capturedPwds, 4 * auth_attempts, RDV40_SPIFFS_SAFETY_SAFE);
         } else {
-            rdv40_spiffs_append((char *)HF_BOG_LOGFILE, buf, size, RDV40_SPIFFS_SAFETY_SAFE);
+            rdv40_spiffs_append((char *)HF_BOG_LOGFILE, capturedPwds, 4 * auth_attempts, RDV40_SPIFFS_SAFETY_SAFE);
         }
     }
 

client/luascripts/read_pwd_mem_spiffs.lua

@@ -0,0 +1,91 @@
+local getopt = require('getopt')
+local bin = require('bin')
+
+copyright = 'Copyright (c) 2019 Bogito. All rights reserved.'
+author = 'Bogito'
+version = 'v1.1.0'
+desc =
+[[
+This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords.
+It was meant to be used as a help tool after using the BogRun standalone mode.
+]]
+example =
+[[
+    -- This will read the hf_bog.log file in SPIFFS and print the stored passwords
+    script run read_pwd_mem_spiffs
+
+    -- This will read the other.log file in SPIFFS and print the stored passwords
+    script run read_pwd_mem_spiffs -f other.log
+]]
+usage =
+[[
+Usage:
+    script run read_pwd_mem_spiffs -h -f <filename>
+
+Arguments:
+    -h              :  this help
+    -f <filename>   :  filename in SPIFFS
+]]
+---
+-- This is only meant to be used when errors occur
+local function oops(err)
+    print('ERROR:', err)
+    core.clearCommandBuffer()
+    return nil, err
+end
+---
+-- Usage help
+local function help()
+    print(copyright)
+    print(author)
+    print(version)
+    print(desc)
+    print('Example usage')
+    print(example)
+    print(usage)
+end
+---
+-- The main entry point
+local function main(args)
+
+    print( string.rep('--',20) )
+	print('Read passwords stored in memory (SPIFFS)')
+    print( string.rep('--',20) )
+    print()
+
+    local data, length, err
+    local cnt = 0
+    local filename = 'hf_bog.log'
+	local keylength = 4
+
+    for o, a in getopt.getopt(args, 'f:h') do
+	
+        -- help
+        if o == 'h' then return help() end
+
+        -- offset
+        if o == 'f' then filename = a end
+		
+	end
+	
+    data, length, err = core.GetFromFlashMemSpiffs(filename)
+    if data == nil then return oops('Problem while reading file from SPIFFS') end
+
+    --print('Filename', filename)	
+	--print('Filesize (B)', length)
+	
+	_, s = bin.unpack('H'..length, data)
+
+	local cnt = 0, i
+	for i = 1, length/keylength do
+		key  = string.sub(s, (i-1)*8+1, i*8)
+		if key == 'FFFFFFFF' then break end
+		print(string.format('[%02d] %s',i, key))
+		cnt = cnt + 1
+	end
+	print( string.rep('--',20) )
+	print( ('[+] found %d passwords'):format(cnt))
+
+end
+
+main(args)

client/scripting.c

@@ -304,6 +304,61 @@ static int l_GetFromFlashMem(lua_State *L) {
 }
 
 
+/**
+ * @brief The following params expected:
+ * uint8_t *destfilename
+ * @param L
+ * @return
+ */
+static int l_GetFromFlashMemSpiffs(lua_State *L) {
+
+    if (IfPm3Flash()) {
+        uint32_t start_index = 0, len = 0x40000; //FLASH_MEM_MAX_SIZE
+		char destfilename[32] = {0};
+		size_t size;
+
+        int n = lua_gettop(L);
+        if (n == 0)
+            return returnToLuaWithError(L, "You need to supply the destination filename");
+
+        if (n >= 1) {
+			const char *p_filename = luaL_checklstring(L, 1, &size);
+			if (size != 0)
+				memcpy(destfilename, p_filename, 31);
+		}
+		
+		if (destfilename[0] == '\0')
+			return returnToLuaWithError(L, "Filename missing or invalid");
+		
+		// get size from spiffs itself !
+		SendCommandMIX(CMD_SPIFFS_STAT, 0, 0, 0, (uint8_t *)destfilename, 32);
+		PacketResponseNG resp;
+		if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000))
+			return returnToLuaWithError(L, "No response from the device");
+
+		len = resp.oldarg[0];
+	
+        if (len <= 0)
+            return returnToLuaWithError(L, "Filename invalid or empty");
+	
+        uint8_t *data = calloc(len, sizeof(uint8_t));
+        if (!data)
+            return returnToLuaWithError(L, "Allocating memory failed");
+
+		if (!GetFromDevice(SPIFFS, data, len, start_index, (uint8_t *)destfilename, 32, NULL, -1, true)) {
+			free(data);
+			return returnToLuaWithError(L, "ERROR; downloading from spiffs(flashmemory)");
+		}
+
+        lua_pushlstring(L, (const char *)data, len);
+		lua_pushunsigned(L, len);
+        free(data);
+        return 2;
+    } else {
+        return returnToLuaWithError(L, "No FLASH MEM support");
+    }
+}
+
 /**
  * @brief The following params expected:
  * uint32_t cmd
@@ -1128,6 +1183,7 @@ int set_pm3_libraries(lua_State *L) {
         {"SendCommandNG",               l_SendCommandNG},
         {"GetFromBigBuf",               l_GetFromBigBuf},
         {"GetFromFlashMem",             l_GetFromFlashMem},
+        {"GetFromFlashMemSpiffs",       l_GetFromFlashMemSpiffs},
         {"WaitForResponseTimeout",      l_WaitForResponseTimeout},
         {"mfDarkside",                  l_mfDarkside},
         {"foobar",                      l_foobar},