diff --git a/client/scripts/calc_di.lua b/client/scripts/calc_di.lua index 4fa97a1af..997202df9 100644 --- a/client/scripts/calc_di.lua +++ b/client/scripts/calc_di.lua @@ -3,22 +3,21 @@ local getopt = require('getopt') local lib14a = require('read14a') local utils = require('utils') -copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.' +copyright = '' author = "Iceman" version = 'v1.0.0' -desc = [[ This script calculates mifare keys based on uid diversification for DI. +desc = [[ +This script calculates mifare keys based on uid diversification for DI. Algo not found by me. ]] -example = -[[ - -- if called without, it reads tag uid +example = [[ + -- if called without, it reads tag uid script run calc_di -- script run calc_di -u 11223344556677 ]] -usage = -[[ +usage = [[ script run calc_di -h -u Arguments: @@ -29,7 +28,7 @@ Arguments: local DEBUG = true local BAR = '286329204469736E65792032303133' local MIS = '0A14FD0507FF4BCD026BA83F0A3B89A9' -local bxor=bit32.bxor +local bxor = bit32.bxor --- -- A debug printout-function local function dbg(args) @@ -52,7 +51,7 @@ local function oops(err) end --- -- Usage help -function help() +local function help() print(copyright) print(version) print(desc) @@ -61,7 +60,7 @@ function help() end -- -- Exit message -function exitMsg(msg) +local function exitMsg(msg) print( string.rep('--',20) ) print( string.rep('--',20) ) print(msg) @@ -105,7 +104,7 @@ local function main(args) print( string.rep('==', 30) ) print() - local i, uid, key + local uid local useUID = false -- Arguments for the script @@ -119,10 +118,9 @@ local function main(args) if uid == nil then return oops('empty uid string') end if #uid == 0 then return oops('empty uid string') end if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end - key = keygen(uid) else -- GET TAG UID - tag, err = lib14a.read1443a(false) + local tag, err = lib14a.read1443a(false) if not tag then return oops(err) end core.clearCommandBuffer() @@ -134,8 +132,9 @@ local function main(args) end uid = tag.uid end - - print('|UID|', uid) + + print('|UID|', uid) + local key = keygen(uid) printKeys(key) end diff --git a/client/scripts/calc_ev1_it.lua b/client/scripts/calc_ev1_it.lua index 0471da70e..d3583732d 100644 --- a/client/scripts/calc_ev1_it.lua +++ b/client/scripts/calc_ev1_it.lua @@ -1,23 +1,35 @@ local bin = require('bin') local getopt = require('getopt') +local lib14a = require('read14a') local utils = require('utils') -local bxor=bit32.bxor - +copyright = '' +author = "Iceman" +version = 'v1.0.0' +desc = [[ +This script calculates mifare Ultralight-EV1 pwd based on uid diversification for an Italian ticketsystem +Algo not found by me. +]] example =[[ + -- if called without, it reads tag uid script run calc_ev1_it + + -- script run calc_ev1_it -u 11223344556677 ]] -author = "Iceman" -usage = "script run calc_ev1_it -u " -desc =[[ +usage = [[ +script run calc_ev1_it -h -u " + Arguments: -h : this help -u : UID ]] + +local DEBUG = true +local bxor = bit32.bxor --- -- A debug printout-function -function dbg(args) +local function dbg(args) if type(args) == "table" then local i = 1 while args[i] do @@ -30,13 +42,15 @@ function dbg(args) end --- -- This is only meant to be used when errors occur -function oops(err) +local function oops(err) print("ERROR: ",err) return nil,err end --- -- Usage help -function help() +local function help() + print(copyright) + print(version) print(desc) print("Example usage") print(example) @@ -103,45 +117,59 @@ local function findEntryByUid( uid ) end return nil end +--- +-- create pwd +local function pwdgen(uid) + -- PWD CALC + -- PWD0 = T0 xor B xor C xor D + -- PWD1 = T1 xor A xor C xor E + -- PWD2 = T2 xor A xor B xor F + -- PWD3 = T3 xor G + local uidbytes = utils.ConvertHexToBytes(uid) + local entry = findEntryByUid(uidbytes) + if entry == nil then return nil, "Can't find a xor entry" end + local pwd0 = bxor( bxor( bxor( entry[1], uidbytes[2]), uidbytes[3]), uidbytes[4]) + local pwd1 = bxor( bxor( bxor( entry[2], uidbytes[1]), uidbytes[3]), uidbytes[5]) + local pwd2 = bxor( bxor( bxor( entry[3], uidbytes[1]), uidbytes[2]), uidbytes[6]) + local pwd3 = bxor( entry[4], uidbytes[7]) + return string.format('%02X%02X%02X%02X', pwd0, pwd1, pwd2, pwd3) +end +-- +-- main local function main(args) print( string.rep('--',20) ) print( string.rep('--',20) ) print() - local i,j, pwd local uid = '04111211121110' + local useUID = false -- Arguments for the script for o, a in getopt.getopt(args, 'hu:') do if o == "h" then return help() end - if o == "u" then uid = a end + if o == "u" then uid = a; useUID = true end end - -- uid string checks - if uid == nil then return oops('empty uid string') end - if #uid == 0 then return oops('empty uid string') end - if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end - - local uidbytes = utils.ConvertHexToBytes(uid) - - local entry = findEntryByUid(uidbytes) - if entry == nil then return oops("Can't find a xor entry") end - - -- PWD CALC - -- PWD0 = T0 xor B xor C xor D - -- PWD1 = T1 xor A xor C xor E - -- PWD2 = T2 xor A xor B xor F - -- PWD3 = T3 xor G - - local pwd0 = bxor( bxor( bxor( entry[1], uidbytes[2]), uidbytes[3]), uidbytes[4]) - local pwd1 = bxor( bxor( bxor( entry[2], uidbytes[1]), uidbytes[3]), uidbytes[5]) - local pwd2 = bxor( bxor( bxor( entry[3], uidbytes[1]), uidbytes[2]), uidbytes[6]) - local pwd3 = bxor( entry[4], uidbytes[7]) + if useUID then + -- uid string checks + if uid == nil then return oops('empty uid string') end + if #uid == 0 then return oops('empty uid string') end + if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end + else + -- GET TAG UID + local tag, err = lib14a.read1443a(false) + if not tag then return oops(err) end + core.clearCommandBuffer() + uid = tag.uid + end print('UID | '..uid) - print(string.format('PWD | %02X%02X%02X%02X', pwd0, pwd1, pwd2, pwd3)) + local pwd, err = pwdgen(uid) + if not pwd then return ooops(err) end + + print(string.format('PWD | %s', pwd)) end main(args) \ No newline at end of file diff --git a/client/scripts/calc_mizip.lua b/client/scripts/calc_mizip.lua index 8aa4f1c36..115beb282 100644 --- a/client/scripts/calc_mizip.lua +++ b/client/scripts/calc_mizip.lua @@ -1,25 +1,41 @@ local bin = require('bin') local getopt = require('getopt') +local lib14a = require('read14a') local utils = require('utils') -local bxor=bit32.bxor - -example =[[ - script run calc_mizip - script run calc_mizip -u 11223344 -]] -author = "Iceman" -usage = "script run calc_mizip -u " -desc =[[ +author = 'Iceman' +version = 'v1.0.0' +desc = [[ This script calculates mifare keys based on uid diversification for mizip. Algo not found by me. +]] +example = [[ + -- if called without, it reads tag uid + script run calc_mizip + + -- + script run calc_mizip -u 11223344 +]] +usage = [[ +script run calc_mizip -h -u + Arguments: -h : this help -u : UID ]] +local DEBUG = true +local bxor = bit32.bxor +local _xortable = { + --[[ sector key A/B, 6byte xor + --]] + {"001","09125a2589e5","F12C8453D821"}, + {"002","AB75C937922F","73E799FE3241"}, + {"003","E27241AF2C09","AA4D137656AE"}, + {"004","317AB72F4490","B01327272DFD"}, +} --- -- A debug printout-function -function dbg(args) +local function dbg(args) if type(args) == "table" then local i = 1 while args[i] do @@ -32,40 +48,34 @@ function dbg(args) end --- -- This is only meant to be used when errors occur -function oops(err) +local function oops(err) print("ERROR: ",err) return nil,err end --- -- Usage help -function help() +local function help() + print(copyright) + print(version) print(desc) print("Example usage") print(example) end -- -- Exit message -function exitMsg(msg) +local function exitMsg(msg) print( string.rep('--',20) ) print( string.rep('--',20) ) print(msg) print() end - -local _xortable = { - --[[ sector key A/B, 6byte xor - --]] - {"001","09125a2589e5","F12C8453D821"}, - {"002","AB75C937922F","73E799FE3241"}, - {"003","E27241AF2C09","AA4D137656AE"}, - {"004","317AB72F4490","B01327272DFD"}, -} -local function printRow(sector, keyA, keyB) - print('|'..sector..'| '..keyA..' | '..keyB..' |' ) -end +--- +-- key bytes to string local function keyStr(p1, p2, p3, p4, p5, p6) return string.format('%02X%02X%02X%02X%02X%02X',p1, p2, p3, p4, p5, p6) end +--- +-- create key local function calckey(uid, xorkey, keytype) local p1,p2,p3,p4,p5,p6 if keytype == 'A' then @@ -85,33 +95,20 @@ local function calckey(uid, xorkey, keytype) end return keyStr(p1,p2,p3,p4,p5,p6) end -local function main(args) - - print( string.rep('==', 30) ) - print() - - local i,j, pwd - local uid = '11223344' - - -- Arguments for the script - for o, a in getopt.getopt(args, 'hu:') do - if o == "h" then return help() end - if o == "u" then uid = a end - end - - -- uid string checks - if uid == nil then return oops('empty uid string') end - if #uid == 0 then return oops('empty uid string') end - if #uid ~= 8 then return oops('uid wrong length. Should be 4 hex bytes') end - - local uidbytes = utils.ConvertHexToBytes(uid) - - print('|UID|', uid) +--- +-- print one row with keys +local function printRow(sector, keyA, keyB) + print('|'..sector..'| '..keyA..' | '..keyB..' |' ) +end +--- +-- print keys +local function printKeys(uid) print('|---|----------------|----------------|') print('|sec|key A |key B |') print('|---|----------------|----------------|') printRow('000', keyStr(0xA0,0xA1,0xA2,0xA3,0xA4,0xA5), keyStr(0xB4,0xC1,0x32,0x43,0x9e,0xef) ) + local uidbytes = utils.ConvertHexToBytes(uid) for k, v in pairs(_xortable) do local keyA = calckey(uidbytes, utils.ConvertHexToBytes(v[2]), 'A') local keyB = calckey(uidbytes, utils.ConvertHexToBytes(v[3]), 'B') @@ -119,5 +116,43 @@ local function main(args) end print('|---|----------------|----------------|') end +--- +-- main +local function main(args) + + print( string.rep('==', 30) ) + print() + + local uid = '11223344' + local useUID = false + + -- Arguments for the script + for o, a in getopt.getopt(args, 'hu:') do + if o == "h" then return help() end + if o == "u" then uid = a ; useUID = true end + end + + if useUID then + -- uid string checks + if uid == nil then return oops('empty uid string') end + if #uid == 0 then return oops('empty uid string') end + if #uid ~= 8 then return oops('uid wrong length. Should be 4 hex bytes') end + else + -- GET TAG UID + local tag, err = lib14a.read1443a(false) + if not tag then return oops(err) end + core.clearCommandBuffer() + + -- simple tag check + if 0x09 ~= tag.sak then + if 0x4400 ~= tag.atqa then + return oops(('[fail] found tag %s :: looking for Mifare Mini 0.3k'):format(tag.name)) + end + end + uid = tag.uid + end + print('|UID|', uid) + printKeys(uid) +end main(args) \ No newline at end of file