chg: 'lf awid brute' - added verbose logging option

chg: 'lf hid brute' - added verbose logging option
This commit is contained in:
iceman1001 2017-08-11 18:13:58 +02:00
commit b4d7ed4862
2 changed files with 48 additions and 29 deletions

View file

@ -70,18 +70,19 @@ int usage_lf_awid_brute(void){
PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step"); PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535"); PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Usage: lf awid brute [h] a <format> f <facility-code> c <cardnumber> d <delay>"); PrintAndLog("Usage: lf awid brute [h] [v] a <format> f <facility-code> c <cardnumber> d <delay>");
PrintAndLog("Options:"); PrintAndLog("Options:");
PrintAndLog(" h : This help"); PrintAndLog(" h : This help");
PrintAndLog(" a <format> : format length 26|50"); PrintAndLog(" a <format> : format length 26|50");
PrintAndLog(" f <facility-code> : 8|16bit value facility code"); PrintAndLog(" f <facility-code> : 8|16bit value facility code");
PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535"); PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535");
PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms"); PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms");
PrintAndLog(" v : verbose logging, show all tries");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Samples:"); PrintAndLog("Samples:");
PrintAndLog(" lf awid brute a 26 f 224"); PrintAndLog(" lf awid brute a 26 f 224");
PrintAndLog(" lf awid brute a 50 f 2001 d 2000"); PrintAndLog(" lf awid brute a 50 f 2001 d 2000");
PrintAndLog(" lf awid brute a 50 f 2001 c 200 d 2000"); PrintAndLog(" lf awid brute v a 50 f 2001 c 200 d 2000");
return 0; return 0;
} }
@ -97,9 +98,12 @@ static int sendPing(void){
return 1; return 1;
} }
static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bs, size_t bs_len){ static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bits, size_t bs_len, bool verbose){
if ( verbose )
PrintAndLog("Trying FC: %u; CN: %u", fc, cn); PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
if ( !getAWIDBits(fmtlen, fc, cn, bs)) {
if ( !getAWIDBits(fmtlen, fc, cn, bits)) {
PrintAndLog("Error with tag bitstream generation."); PrintAndLog("Error with tag bitstream generation.");
return false; return false;
} }
@ -109,9 +113,10 @@ static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, ui
uint64_t arg2 = (invert << 8) + clk; uint64_t arg2 = (invert << 8) + clk;
UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, bs_len}}; UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, bs_len}};
memcpy(c.d.asBytes, bs, bs_len); memcpy(c.d.asBytes, bits, bs_len);
clearCommandBuffer(); clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
msleep(delay); msleep(delay);
sendPing(); sendPing();
return true; return true;
@ -458,13 +463,12 @@ int CmdAWIDClone(const char *Cmd) {
int CmdAWIDBrute(const char *Cmd) { int CmdAWIDBrute(const char *Cmd) {
bool errors = false; bool errors = false, verbose = false;
uint32_t fc = 0, cn = 0, delay = 1000; uint32_t fc = 0, cn = 0, delay = 1000;
uint8_t fmtlen = 0; uint8_t fmtlen = 0;
uint8_t bits[96]; uint8_t bits[96];
uint8_t *bs = bits;
size_t size = sizeof(bits); size_t size = sizeof(bits);
memset(bs, 0x00, size); memset(bits, 0x00, size);
uint8_t cmdp = 0; uint8_t cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) { while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
@ -497,6 +501,11 @@ int CmdAWIDBrute(const char *Cmd) {
fmtlen = param_get8(Cmd, cmdp+1); fmtlen = param_get8(Cmd, cmdp+1);
cmdp += 2; cmdp += 2;
break; break;
case 'v':
case 'V':
verbose = true;
cmdp++;
break;
default: default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -528,6 +537,7 @@ int CmdAWIDBrute(const char *Cmd) {
uint16_t up = cn; uint16_t up = cn;
uint16_t down = cn; uint16_t down = cn;
// main loop
for (;;){ for (;;){
if ( offline ) { if ( offline ) {
@ -542,12 +552,12 @@ int CmdAWIDBrute(const char *Cmd) {
// Do one up // Do one up
if ( up < 0xFFFF ) if ( up < 0xFFFF )
if ( !sendTry(fmtlen, fc, up++, delay, bs, size)) return 1; if ( !sendTry(fmtlen, fc, up++, delay, bits, size, verbose)) return 1;
// Do one down (if cardnumber is given) // Do one down (if cardnumber is given)
if ( cn > 1 ) if ( cn > 1 )
if ( down > 1 ) if ( down > 1 )
if ( !sendTry(fmtlen, fc, --down, delay, bs, size)) return 1; if ( !sendTry(fmtlen, fc, --down, delay, bits, size, verbose)) return 1;
} }
return 0; return 0;
} }

View file

@ -65,8 +65,8 @@ int usage_lf_hid_clone(void){
PrintAndLog(" ID - HID id"); PrintAndLog(" ID - HID id");
PrintAndLog(" L - 84bit ID"); PrintAndLog(" L - 84bit ID");
PrintAndLog("Samples:"); PrintAndLog("Samples:");
PrintAndLog(" lf hid clone 224"); PrintAndLog(" lf hid clone 2006ec0c86");
PrintAndLog(" lf hid clone 224 L"); PrintAndLog(" lf hid clone 2006ec0c86 L");
return 0; return 0;
} }
int usage_lf_hid_brute(void){ int usage_lf_hid_brute(void){
@ -74,21 +74,23 @@ int usage_lf_hid_brute(void){
PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step"); PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535"); PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Usage: lf hid brute [h] a <format> f <facility-code> c <cardnumber> d <delay>"); PrintAndLog("Usage: lf hid brute [h] [v] a <format> f <facility-code> c <cardnumber> d <delay>");
PrintAndLog("Options :"); PrintAndLog("Options :");
PrintAndLog(" h : This help"); PrintAndLog(" h : This help");
PrintAndLog(" a <format> : 26|33|34|35|37|40|44|84"); PrintAndLog(" a <format> : 26|33|34|35|37|40|44|84");
PrintAndLog(" f <facility-code> : 8-bit value HID facility code"); PrintAndLog(" f <facility-code> : 8-bit value HID facility code");
PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535"); PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535");
PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms"); PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms");
PrintAndLog(" v : verbose logging, show all tries");
PrintAndLog(""); PrintAndLog("");
PrintAndLog("Samples:"); PrintAndLog("Samples:");
PrintAndLog(" lf hid brute a 26 f 224"); PrintAndLog(" lf hid brute a 26 f 224");
PrintAndLog(" lf hid brute a 26 f 21 d 2000"); PrintAndLog(" lf hid brute a 26 f 21 d 2000");
PrintAndLog(" lf hid brute a 26 f 21 c 200 d 2000"); PrintAndLog(" lf hid brute v a 26 f 21 c 200 d 2000");
return 0; return 0;
} }
// sending three times. Didn't seem to break the previous sim?
static int sendPing(void){ static int sendPing(void){
UsbCommand ping = {CMD_PING, {1, 2, 3}}; UsbCommand ping = {CMD_PING, {1, 2, 3}};
SendCommand(&ping); SendCommand(&ping);
@ -100,17 +102,20 @@ static int sendPing(void){
return 0; return 0;
return 1; return 1;
} }
static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bs){ static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bits, bool verbose){
// this should be optional.
if ( verbose )
PrintAndLog("Trying FC: %u; CN: %u", fc, cn); PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
calcWiegand( fmtlen, fc, cn, bs); calcWiegand( fmtlen, fc, cn, bits);
uint64_t arg1 = bytebits_to_byte(bs,32); uint64_t arg1 = bytebits_to_byte(bits, 32);
uint64_t arg2 = bytebits_to_byte(bs+32,32); uint64_t arg2 = bytebits_to_byte(bits + 32, 32);
UsbCommand c = {CMD_HID_SIM_TAG, {arg1, arg2, 0}}; UsbCommand c = {CMD_HID_SIM_TAG, {arg1, arg2, 0}};
clearCommandBuffer(); clearCommandBuffer();
SendCommand(&c); SendCommand(&c);
msleep(delay); msleep(delay);
sendPing(); sendPing();
return true; return true;
@ -195,6 +200,7 @@ int CmdHIDDemod(const char *Cmd) {
} }
PrintAndLog("HID Prox TAG ID: %x%08x (%u) - Format Len: %ubit - FC: %u - Card: %u", hi, lo, (lo>>1) & 0xFFFF, fmtLen, fc, cardnum); PrintAndLog("HID Prox TAG ID: %x%08x (%u) - Format Len: %ubit - FC: %u - Card: %u", hi, lo, (lo>>1) & 0xFFFF, fmtLen, fc, cardnum);
} }
setDemodBuf(BitStream, BitLen, idx); setDemodBuf(BitStream, BitLen, idx);
setClockGrid(50, waveIdx + (idx*50)); setClockGrid(50, waveIdx + (idx*50));
@ -268,9 +274,7 @@ int CmdHIDClone(const char *Cmd) {
hi = (hi << 4) | (lo >> 28); hi = (hi << 4) | (lo >> 28);
lo = (lo << 4) | (n & 0xf); lo = (lo << 4) | (n & 0xf);
} }
PrintAndLog("Cloning tag with ID %x%08x", hi, lo); PrintAndLog("Cloning tag with ID %x%08x", hi, lo);
hi2 = 0; hi2 = 0;
c.d.asBytes[0] = 0; c.d.asBytes[0] = 0;
} }
@ -471,12 +475,11 @@ int CmdHIDWiegand(const char *Cmd) {
int CmdHIDBrute(const char *Cmd){ int CmdHIDBrute(const char *Cmd){
bool errors = false; bool errors = false, verbose = false;
uint32_t fc = 0, cn = 0, delay = 1000; uint32_t fc = 0, cn = 0, delay = 1000;
uint8_t fmtlen = 0; uint8_t fmtlen = 0;
uint8_t bits[96]; uint8_t bits[96];
uint8_t *bs = bits; memset(bits, 0, sizeof(bits));
memset(bs, 0, sizeof(bits));
uint8_t cmdp = 0; uint8_t cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) { while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
@ -518,6 +521,11 @@ int CmdHIDBrute(const char *Cmd){
// negated // negated
errors = !is_ftm_ok; errors = !is_ftm_ok;
break; break;
case 'v':
case 'V':
verbose = true;
cmdp++;
break;
default: default:
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp)); PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
errors = true; errors = true;
@ -533,6 +541,7 @@ int CmdHIDBrute(const char *Cmd){
uint16_t up = cn; uint16_t up = cn;
uint16_t down = cn; uint16_t down = cn;
// main loop
for (;;){ for (;;){
if ( offline ) { if ( offline ) {
@ -548,12 +557,12 @@ int CmdHIDBrute(const char *Cmd){
// Do one up // Do one up
if ( up < 0xFFFF ) if ( up < 0xFFFF )
if ( !sendTry(fmtlen, fc, up++, delay, bs)) return 1; if ( !sendTry(fmtlen, fc, up++, delay, bits, verbose)) return 1;
// Do one down (if cardnumber is given) // Do one down (if cardnumber is given)
if ( cn > 1 ) if ( cn > 1 )
if ( down > 1 ) if ( down > 1 )
if ( !sendTry(fmtlen, fc, --down, delay, bs)) return 1; if ( !sendTry(fmtlen, fc, --down, delay, bits, verbose)) return 1;
} }
return 0; return 0;
} }