github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-20 21:33:47 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chg: added the possibility to read tag.uid

Browse source
This commit is contained in:
iceman1001 2017-08-15 21:23:55 +02:00
commit 926277507a
3 changed files with 155 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

21
client/scripts/calc_di.lua
View file

@ -3,22 +3,21 @@ local getopt = require('getopt')
local lib14a = require('read14a') local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.' copyright = ''
author = "Iceman" author = "Iceman"
version = 'v1.0.0' version = 'v1.0.0'
desc = [[ This script calculates mifare keys based on uid diversification for DI. desc = [[
This script calculates mifare keys based on uid diversification for DI.
Algo not found by me. Algo not found by me.
]] ]]
example = example = [[
[[
-- if called without, it reads tag uid -- if called without, it reads tag uid
script run calc_di script run calc_di
-- --
script run calc_di -u 11223344556677 script run calc_di -u 11223344556677
]] ]]
usage = usage = [[
[[
script run calc_di -h -u <uid> script run calc_di -h -u <uid>
Arguments: Arguments:
@ -52,7 +51,7 @@ local function oops(err)
end end
--- ---
-- Usage help -- Usage help
function help() local function help()
print(copyright) print(copyright)
print(version) print(version)
print(desc) print(desc)
@ -61,7 +60,7 @@ function help()
end end
-- --
-- Exit message -- Exit message
function exitMsg(msg) local function exitMsg(msg)
print( string.rep('--',20) ) print( string.rep('--',20) )
print( string.rep('--',20) ) print( string.rep('--',20) )
print(msg) print(msg)
@ -105,7 +104,7 @@ local function main(args)
print( string.rep('==', 30) ) print( string.rep('==', 30) )
print() print()
local i, uid, key local uid
local useUID = false local useUID = false
-- Arguments for the script -- Arguments for the script
@ -119,10 +118,9 @@ local function main(args)
if uid == nil then return oops('empty uid string') end if uid == nil then return oops('empty uid string') end
if #uid == 0 then return oops('empty uid string') end if #uid == 0 then return oops('empty uid string') end
if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
key = keygen(uid)
else else
-- GET TAG UID -- GET TAG UID
tag, err = lib14a.read1443a(false) local tag, err = lib14a.read1443a(false)
if not tag then return oops(err) end if not tag then return oops(err) end
core.clearCommandBuffer() core.clearCommandBuffer()
@ -136,6 +134,7 @@ local function main(args)
end end
print('|UID|', uid) print('|UID|', uid)
local key = keygen(uid)
printKeys(key) printKeys(key)
end end

82
client/scripts/calc_ev1_it.lua
View file

@ -1,23 +1,35 @@
local bin = require('bin') local bin = require('bin')
local getopt = require('getopt') local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local bxor=bit32.bxor copyright = ''
author = "Iceman"
version = 'v1.0.0'
desc = [[
This script calculates mifare Ultralight-EV1 pwd based on uid diversification for an Italian ticketsystem
Algo not found by me.
]]
example =[[ example =[[
-- if called without, it reads tag uid
script run calc_ev1_it script run calc_ev1_it
--
script run calc_ev1_it -u 11223344556677 script run calc_ev1_it -u 11223344556677
]] ]]
author = "Iceman" usage = [[
usage = "script run calc_ev1_it -u <uid> " script run calc_ev1_it -h -u <uid> "
desc =[[
Arguments: Arguments:
-h : this help -h : this help
-u <UID> : UID -u <UID> : UID
]] ]]
local DEBUG = true
local bxor = bit32.bxor
--- ---
-- A debug printout-function -- A debug printout-function
function dbg(args) local function dbg(args)
if type(args) == "table" then if type(args) == "table" then
local i = 1 local i = 1
while args[i] do while args[i] do
@ -30,13 +42,15 @@ function dbg(args)
end end
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
function oops(err) local function oops(err)
print("ERROR: ",err) print("ERROR: ",err)
return nil,err return nil,err
end end
--- ---
-- Usage help -- Usage help
function help() local function help()
print(copyright)
print(version)
print(desc) print(desc)
print("Example usage") print("Example usage")
print(example) print(example)
@ -103,45 +117,59 @@ local function findEntryByUid( uid )
end end
return nil return nil
end end
---
-- create pwd
local function pwdgen(uid)
-- PWD CALC
-- PWD0 = T0 xor B xor C xor D
-- PWD1 = T1 xor A xor C xor E
-- PWD2 = T2 xor A xor B xor F
-- PWD3 = T3 xor G
local uidbytes = utils.ConvertHexToBytes(uid)
local entry = findEntryByUid(uidbytes)
if entry == nil then return nil, "Can't find a xor entry" end
local pwd0 = bxor( bxor( bxor( entry[1], uidbytes[2]), uidbytes[3]), uidbytes[4])
local pwd1 = bxor( bxor( bxor( entry[2], uidbytes[1]), uidbytes[3]), uidbytes[5])
local pwd2 = bxor( bxor( bxor( entry[3], uidbytes[1]), uidbytes[2]), uidbytes[6])
local pwd3 = bxor( entry[4], uidbytes[7])
return string.format('%02X%02X%02X%02X', pwd0, pwd1, pwd2, pwd3)
end
--
-- main
local function main(args) local function main(args)
print( string.rep('--',20) ) print( string.rep('--',20) )
print( string.rep('--',20) ) print( string.rep('--',20) )
print() print()
local i,j, pwd
local uid = '04111211121110' local uid = '04111211121110'
local useUID = false
-- Arguments for the script -- Arguments for the script
for o, a in getopt.getopt(args, 'hu:') do for o, a in getopt.getopt(args, 'hu:') do
if o == "h" then return help() end if o == "h" then return help() end
if o == "u" then uid = a end if o == "u" then uid = a; useUID = true end
end end
if useUID then
-- uid string checks -- uid string checks
if uid == nil then return oops('empty uid string') end if uid == nil then return oops('empty uid string') end
if #uid == 0 then return oops('empty uid string') end if #uid == 0 then return oops('empty uid string') end
if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
else
local uidbytes = utils.ConvertHexToBytes(uid) -- GET TAG UID
local tag, err = lib14a.read1443a(false)
local entry = findEntryByUid(uidbytes) if not tag then return oops(err) end
if entry == nil then return oops("Can't find a xor entry") end core.clearCommandBuffer()
uid = tag.uid
-- PWD CALC end
-- PWD0 = T0 xor B xor C xor D
-- PWD1 = T1 xor A xor C xor E
-- PWD2 = T2 xor A xor B xor F
-- PWD3 = T3 xor G
local pwd0 = bxor( bxor( bxor( entry[1], uidbytes[2]), uidbytes[3]), uidbytes[4])
local pwd1 = bxor( bxor( bxor( entry[2], uidbytes[1]), uidbytes[3]), uidbytes[5])
local pwd2 = bxor( bxor( bxor( entry[3], uidbytes[1]), uidbytes[2]), uidbytes[6])
local pwd3 = bxor( entry[4], uidbytes[7])
print('UID | '..uid) print('UID | '..uid)
print(string.format('PWD | %02X%02X%02X%02X', pwd0, pwd1, pwd2, pwd3)) local pwd, err = pwdgen(uid)
if not pwd then return ooops(err) end
print(string.format('PWD | %s', pwd))
end end
main(args) main(args)

125
client/scripts/calc_mizip.lua
View file

@ -1,25 +1,41 @@
local bin = require('bin') local bin = require('bin')
local getopt = require('getopt') local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local bxor=bit32.bxor author = 'Iceman'
version = 'v1.0.0'
example =[[
script run calc_mizip
script run calc_mizip -u 11223344
]]
author = "Iceman"
usage = "script run calc_mizip -u <uid>"
desc = [[ desc = [[
This script calculates mifare keys based on uid diversification for mizip. This script calculates mifare keys based on uid diversification for mizip.
Algo not found by me. Algo not found by me.
]]
example = [[
-- if called without, it reads tag uid
script run calc_mizip
--
script run calc_mizip -u 11223344
]]
usage = [[
script run calc_mizip -h -u <uid>
Arguments: Arguments:
-h : this help -h : this help
-u <UID> : UID -u <UID> : UID
]] ]]
local DEBUG = true
local bxor = bit32.bxor
local _xortable = {
--[[ sector key A/B, 6byte xor
--]]
{"001","09125a2589e5","F12C8453D821"},
{"002","AB75C937922F","73E799FE3241"},
{"003","E27241AF2C09","AA4D137656AE"},
{"004","317AB72F4490","B01327272DFD"},
}
--- ---
-- A debug printout-function -- A debug printout-function
function dbg(args) local function dbg(args)
if type(args) == "table" then if type(args) == "table" then
local i = 1 local i = 1
while args[i] do while args[i] do
@ -32,40 +48,34 @@ function dbg(args)
end end
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
function oops(err) local function oops(err)
print("ERROR: ",err) print("ERROR: ",err)
return nil,err return nil,err
end end
--- ---
-- Usage help -- Usage help
function help() local function help()
print(copyright)
print(version)
print(desc) print(desc)
print("Example usage") print("Example usage")
print(example) print(example)
end end
-- --
-- Exit message -- Exit message
function exitMsg(msg) local function exitMsg(msg)
print( string.rep('--',20) ) print( string.rep('--',20) )
print( string.rep('--',20) ) print( string.rep('--',20) )
print(msg) print(msg)
print() print()
end end
---
local _xortable = { -- key bytes to string
--[[ sector key A/B, 6byte xor
--]]
{"001","09125a2589e5","F12C8453D821"},
{"002","AB75C937922F","73E799FE3241"},
{"003","E27241AF2C09","AA4D137656AE"},
{"004","317AB72F4490","B01327272DFD"},
}
local function printRow(sector, keyA, keyB)
print('|'..sector..'| '..keyA..' | '..keyB..' |' )
end
local function keyStr(p1, p2, p3, p4, p5, p6) local function keyStr(p1, p2, p3, p4, p5, p6)
return string.format('%02X%02X%02X%02X%02X%02X',p1, p2, p3, p4, p5, p6) return string.format('%02X%02X%02X%02X%02X%02X',p1, p2, p3, p4, p5, p6)
end end
---
-- create key
local function calckey(uid, xorkey, keytype) local function calckey(uid, xorkey, keytype)
local p1,p2,p3,p4,p5,p6 local p1,p2,p3,p4,p5,p6
if keytype == 'A' then if keytype == 'A' then
@ -85,33 +95,20 @@ local function calckey(uid, xorkey, keytype)
end end
return keyStr(p1,p2,p3,p4,p5,p6) return keyStr(p1,p2,p3,p4,p5,p6)
end end
local function main(args) ---
-- print one row with keys
print( string.rep('==', 30) ) local function printRow(sector, keyA, keyB)
print() print('|'..sector..'| '..keyA..' | '..keyB..' |' )
local i,j, pwd
local uid = '11223344'
-- Arguments for the script
for o, a in getopt.getopt(args, 'hu:') do
if o == "h" then return help() end
if o == "u" then uid = a end
end end
---
-- uid string checks -- print keys
if uid == nil then return oops('empty uid string') end local function printKeys(uid)
if #uid == 0 then return oops('empty uid string') end
if #uid ~= 8 then return oops('uid wrong length. Should be 4 hex bytes') end
local uidbytes = utils.ConvertHexToBytes(uid)
print('|UID|', uid)
print('|---|----------------|----------------|') print('|---|----------------|----------------|')
print('|sec|key A |key B |') print('|sec|key A |key B |')
print('|---|----------------|----------------|') print('|---|----------------|----------------|')
printRow('000', keyStr(0xA0,0xA1,0xA2,0xA3,0xA4,0xA5), keyStr(0xB4,0xC1,0x32,0x43,0x9e,0xef) ) printRow('000', keyStr(0xA0,0xA1,0xA2,0xA3,0xA4,0xA5), keyStr(0xB4,0xC1,0x32,0x43,0x9e,0xef) )
local uidbytes = utils.ConvertHexToBytes(uid)
for k, v in pairs(_xortable) do for k, v in pairs(_xortable) do
local keyA = calckey(uidbytes, utils.ConvertHexToBytes(v[2]), 'A') local keyA = calckey(uidbytes, utils.ConvertHexToBytes(v[2]), 'A')
local keyB = calckey(uidbytes, utils.ConvertHexToBytes(v[3]), 'B') local keyB = calckey(uidbytes, utils.ConvertHexToBytes(v[3]), 'B')
@ -119,5 +116,43 @@ local function main(args)
end end
print('|---|----------------|----------------|') print('|---|----------------|----------------|')
end end
---
-- main
local function main(args)
print( string.rep('==', 30) )
print()
local uid = '11223344'
local useUID = false
-- Arguments for the script
for o, a in getopt.getopt(args, 'hu:') do
if o == "h" then return help() end
if o == "u" then uid = a ; useUID = true end
end
if useUID then
-- uid string checks
if uid == nil then return oops('empty uid string') end
if #uid == 0 then return oops('empty uid string') end
if #uid ~= 8 then return oops('uid wrong length. Should be 4 hex bytes') end
else
-- GET TAG UID
local tag, err = lib14a.read1443a(false)
if not tag then return oops(err) end
core.clearCommandBuffer()
-- simple tag check
if 0x09 ~= tag.sak then
if 0x4400 ~= tag.atqa then
return oops(('[fail] found tag %s :: looking for Mifare Mini 0.3k'):format(tag.name))
end
end
uid = tag.uid
end
print('|UID|', uid)
printKeys(uid)
end
main(args) main(args)