chg: 'script run mifare_autopwn' - added a option to use a key.

This commit is contained in:
iceman1001 2017-12-10 09:05:30 +01:00
commit 79494182cd

View file

@ -29,8 +29,16 @@ local DEBUG = false
--- ---
-- A debug printout-function -- A debug printout-function
local function dbg(args) local function dbg(args)
if DEBUG then if not DEBUG then return end
print(":: ", args)
if type(args) == 'table' then
local i = 1
while result[i] do
dbg(result[i])
i = i+1
end
else
print('###', args)
end end
end end
--- ---
@ -39,7 +47,6 @@ local function oops(err)
print("ERROR: ",err) print("ERROR: ",err)
return nil,err return nil,err
end end
--- ---
-- Usage help -- Usage help
local function help() local function help()
@ -47,7 +54,6 @@ local function help()
print("Example usage") print("Example usage")
print(example) print(example)
end end
--- ---
-- Waits for a mifare card to be placed within the vicinity of the reader. -- Waits for a mifare card to be placed within the vicinity of the reader.
-- @return if successfull: an table containing card info -- @return if successfull: an table containing card info
@ -81,6 +87,10 @@ local function nested(key,sak)
end end
local function dump(uid) local function dump(uid)
dbg('dumping tag memory')
if utils.confirm('Do you wish to create a memory dump of tag?') then
core.console("hf mf dump") core.console("hf mf dump")
-- Save the global args, those are *our* arguments -- Save the global args, those are *our* arguments
local myargs = args local myargs = args
@ -95,6 +105,7 @@ local function dump(uid)
-- Set back args. Not that it's used, just for the karma... -- Set back args. Not that it's used, just for the karma...
args = myargs args = myargs
end end
end
-- --
-- performs a test if tag nonce uses weak or hardend prng -- performs a test if tag nonce uses weak or hardend prng
local function perform_prng_test() local function perform_prng_test()
@ -114,11 +125,13 @@ local function main(args)
local verbose, exit, res, uid, err, _, sak local verbose, exit, res, uid, err, _, sak
local seen_uids = {} local seen_uids = {}
local key = ''
local print_message = true local print_message = true
-- Read the parameters -- Read the parameters
for o, a in getopt.getopt(args, 'hd') do for o, a in getopt.getopt(args, 'hdk:') do
if o == "h" then help() return end if o == "h" then help() return end
if o == "d" then DEBUG = true end if o == "d" then DEBUG = true end
if o == 'k' then key = a end
end end
while not exit do while not exit do
@ -132,8 +145,6 @@ local function main(args)
uid = res.uid uid = res.uid
sak = res.sak sak = res.sak
if not seen_uids[uid] then if not seen_uids[uid] then
-- Store it -- Store it
seen_uids[uid] = uid seen_uids[uid] = uid
@ -141,6 +152,10 @@ local function main(args)
-- check if PRNG is WEAK -- check if PRNG is WEAK
if perform_prng_test() then if perform_prng_test() then
print("Card found, commencing crack on UID", uid) print("Card found, commencing crack on UID", uid)
if #key == 12 then
print("Using key: "..key);
else
-- Crack it -- Crack it
local key, cnt local key, cnt
err, res = core.mfDarkside() err, res = core.mfDarkside()
@ -159,7 +174,7 @@ local function main(args)
-- We can discard first and second return values -- We can discard first and second return values
_,_,key = bin.unpack("H2H6",res) _,_,key = bin.unpack("H2H6",res)
print("Found valid key: "..key); print("Found valid key: "..key);
end
-- Use nested attack -- Use nested attack
nested(key,sak) nested(key,sak)
-- Dump info -- Dump info