mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-08-20 21:33:47 -07:00
chg: 'lf awid brute' - added verbose logging option
chg: 'lf hid brute' - added verbose logging option
This commit is contained in:
parent
6ad546fa13
commit
b4d7ed4862
2 changed files with 48 additions and 29 deletions
|
@ -70,18 +70,19 @@ int usage_lf_awid_brute(void){
|
||||||
PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
|
PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
|
||||||
PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
|
PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
|
||||||
PrintAndLog("");
|
PrintAndLog("");
|
||||||
PrintAndLog("Usage: lf awid brute [h] a <format> f <facility-code> c <cardnumber> d <delay>");
|
PrintAndLog("Usage: lf awid brute [h] [v] a <format> f <facility-code> c <cardnumber> d <delay>");
|
||||||
PrintAndLog("Options:");
|
PrintAndLog("Options:");
|
||||||
PrintAndLog(" h : This help");
|
PrintAndLog(" h : This help");
|
||||||
PrintAndLog(" a <format> : format length 26|50");
|
PrintAndLog(" a <format> : format length 26|50");
|
||||||
PrintAndLog(" f <facility-code> : 8|16bit value facility code");
|
PrintAndLog(" f <facility-code> : 8|16bit value facility code");
|
||||||
PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535");
|
PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535");
|
||||||
PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms");
|
PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms");
|
||||||
|
PrintAndLog(" v : verbose logging, show all tries");
|
||||||
PrintAndLog("");
|
PrintAndLog("");
|
||||||
PrintAndLog("Samples:");
|
PrintAndLog("Samples:");
|
||||||
PrintAndLog(" lf awid brute a 26 f 224");
|
PrintAndLog(" lf awid brute a 26 f 224");
|
||||||
PrintAndLog(" lf awid brute a 50 f 2001 d 2000");
|
PrintAndLog(" lf awid brute a 50 f 2001 d 2000");
|
||||||
PrintAndLog(" lf awid brute a 50 f 2001 c 200 d 2000");
|
PrintAndLog(" lf awid brute v a 50 f 2001 c 200 d 2000");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -97,9 +98,12 @@ static int sendPing(void){
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bs, size_t bs_len){
|
static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bits, size_t bs_len, bool verbose){
|
||||||
|
|
||||||
|
if ( verbose )
|
||||||
PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
|
PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
|
||||||
if ( !getAWIDBits(fmtlen, fc, cn, bs)) {
|
|
||||||
|
if ( !getAWIDBits(fmtlen, fc, cn, bits)) {
|
||||||
PrintAndLog("Error with tag bitstream generation.");
|
PrintAndLog("Error with tag bitstream generation.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -109,9 +113,10 @@ static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, ui
|
||||||
uint64_t arg2 = (invert << 8) + clk;
|
uint64_t arg2 = (invert << 8) + clk;
|
||||||
|
|
||||||
UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, bs_len}};
|
UsbCommand c = {CMD_FSK_SIM_TAG, {arg1, arg2, bs_len}};
|
||||||
memcpy(c.d.asBytes, bs, bs_len);
|
memcpy(c.d.asBytes, bits, bs_len);
|
||||||
clearCommandBuffer();
|
clearCommandBuffer();
|
||||||
SendCommand(&c);
|
SendCommand(&c);
|
||||||
|
|
||||||
msleep(delay);
|
msleep(delay);
|
||||||
sendPing();
|
sendPing();
|
||||||
return true;
|
return true;
|
||||||
|
@ -458,13 +463,12 @@ int CmdAWIDClone(const char *Cmd) {
|
||||||
|
|
||||||
int CmdAWIDBrute(const char *Cmd) {
|
int CmdAWIDBrute(const char *Cmd) {
|
||||||
|
|
||||||
bool errors = false;
|
bool errors = false, verbose = false;
|
||||||
uint32_t fc = 0, cn = 0, delay = 1000;
|
uint32_t fc = 0, cn = 0, delay = 1000;
|
||||||
uint8_t fmtlen = 0;
|
uint8_t fmtlen = 0;
|
||||||
uint8_t bits[96];
|
uint8_t bits[96];
|
||||||
uint8_t *bs = bits;
|
|
||||||
size_t size = sizeof(bits);
|
size_t size = sizeof(bits);
|
||||||
memset(bs, 0x00, size);
|
memset(bits, 0x00, size);
|
||||||
uint8_t cmdp = 0;
|
uint8_t cmdp = 0;
|
||||||
|
|
||||||
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||||
|
@ -497,6 +501,11 @@ int CmdAWIDBrute(const char *Cmd) {
|
||||||
fmtlen = param_get8(Cmd, cmdp+1);
|
fmtlen = param_get8(Cmd, cmdp+1);
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
|
case 'v':
|
||||||
|
case 'V':
|
||||||
|
verbose = true;
|
||||||
|
cmdp++;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
|
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
|
||||||
errors = true;
|
errors = true;
|
||||||
|
@ -528,6 +537,7 @@ int CmdAWIDBrute(const char *Cmd) {
|
||||||
uint16_t up = cn;
|
uint16_t up = cn;
|
||||||
uint16_t down = cn;
|
uint16_t down = cn;
|
||||||
|
|
||||||
|
// main loop
|
||||||
for (;;){
|
for (;;){
|
||||||
|
|
||||||
if ( offline ) {
|
if ( offline ) {
|
||||||
|
@ -542,12 +552,12 @@ int CmdAWIDBrute(const char *Cmd) {
|
||||||
|
|
||||||
// Do one up
|
// Do one up
|
||||||
if ( up < 0xFFFF )
|
if ( up < 0xFFFF )
|
||||||
if ( !sendTry(fmtlen, fc, up++, delay, bs, size)) return 1;
|
if ( !sendTry(fmtlen, fc, up++, delay, bits, size, verbose)) return 1;
|
||||||
|
|
||||||
// Do one down (if cardnumber is given)
|
// Do one down (if cardnumber is given)
|
||||||
if ( cn > 1 )
|
if ( cn > 1 )
|
||||||
if ( down > 1 )
|
if ( down > 1 )
|
||||||
if ( !sendTry(fmtlen, fc, --down, delay, bs, size)) return 1;
|
if ( !sendTry(fmtlen, fc, --down, delay, bits, size, verbose)) return 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,8 +65,8 @@ int usage_lf_hid_clone(void){
|
||||||
PrintAndLog(" ID - HID id");
|
PrintAndLog(" ID - HID id");
|
||||||
PrintAndLog(" L - 84bit ID");
|
PrintAndLog(" L - 84bit ID");
|
||||||
PrintAndLog("Samples:");
|
PrintAndLog("Samples:");
|
||||||
PrintAndLog(" lf hid clone 224");
|
PrintAndLog(" lf hid clone 2006ec0c86");
|
||||||
PrintAndLog(" lf hid clone 224 L");
|
PrintAndLog(" lf hid clone 2006ec0c86 L");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
int usage_lf_hid_brute(void){
|
int usage_lf_hid_brute(void){
|
||||||
|
@ -74,21 +74,23 @@ int usage_lf_hid_brute(void){
|
||||||
PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
|
PrintAndLog("This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
|
||||||
PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
|
PrintAndLog("if cardnumber is not given, it starts with 1 and goes up to 65535");
|
||||||
PrintAndLog("");
|
PrintAndLog("");
|
||||||
PrintAndLog("Usage: lf hid brute [h] a <format> f <facility-code> c <cardnumber> d <delay>");
|
PrintAndLog("Usage: lf hid brute [h] [v] a <format> f <facility-code> c <cardnumber> d <delay>");
|
||||||
PrintAndLog("Options :");
|
PrintAndLog("Options :");
|
||||||
PrintAndLog(" h : This help");
|
PrintAndLog(" h : This help");
|
||||||
PrintAndLog(" a <format> : 26|33|34|35|37|40|44|84");
|
PrintAndLog(" a <format> : 26|33|34|35|37|40|44|84");
|
||||||
PrintAndLog(" f <facility-code> : 8-bit value HID facility code");
|
PrintAndLog(" f <facility-code> : 8-bit value HID facility code");
|
||||||
PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535");
|
PrintAndLog(" c <cardnumber> : (optional) cardnumber to start with, max 65535");
|
||||||
PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms");
|
PrintAndLog(" d <delay> : delay betweens attempts in ms. Default 1000ms");
|
||||||
|
PrintAndLog(" v : verbose logging, show all tries");
|
||||||
PrintAndLog("");
|
PrintAndLog("");
|
||||||
PrintAndLog("Samples:");
|
PrintAndLog("Samples:");
|
||||||
PrintAndLog(" lf hid brute a 26 f 224");
|
PrintAndLog(" lf hid brute a 26 f 224");
|
||||||
PrintAndLog(" lf hid brute a 26 f 21 d 2000");
|
PrintAndLog(" lf hid brute a 26 f 21 d 2000");
|
||||||
PrintAndLog(" lf hid brute a 26 f 21 c 200 d 2000");
|
PrintAndLog(" lf hid brute v a 26 f 21 c 200 d 2000");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// sending three times. Didn't seem to break the previous sim?
|
||||||
static int sendPing(void){
|
static int sendPing(void){
|
||||||
UsbCommand ping = {CMD_PING, {1, 2, 3}};
|
UsbCommand ping = {CMD_PING, {1, 2, 3}};
|
||||||
SendCommand(&ping);
|
SendCommand(&ping);
|
||||||
|
@ -100,17 +102,20 @@ static int sendPing(void){
|
||||||
return 0;
|
return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bs){
|
static bool sendTry(uint8_t fmtlen, uint32_t fc, uint32_t cn, uint32_t delay, uint8_t *bits, bool verbose){
|
||||||
|
|
||||||
|
// this should be optional.
|
||||||
|
if ( verbose )
|
||||||
PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
|
PrintAndLog("Trying FC: %u; CN: %u", fc, cn);
|
||||||
|
|
||||||
calcWiegand( fmtlen, fc, cn, bs);
|
calcWiegand( fmtlen, fc, cn, bits);
|
||||||
|
|
||||||
uint64_t arg1 = bytebits_to_byte(bs,32);
|
uint64_t arg1 = bytebits_to_byte(bits, 32);
|
||||||
uint64_t arg2 = bytebits_to_byte(bs+32,32);
|
uint64_t arg2 = bytebits_to_byte(bits + 32, 32);
|
||||||
UsbCommand c = {CMD_HID_SIM_TAG, {arg1, arg2, 0}};
|
UsbCommand c = {CMD_HID_SIM_TAG, {arg1, arg2, 0}};
|
||||||
clearCommandBuffer();
|
clearCommandBuffer();
|
||||||
SendCommand(&c);
|
SendCommand(&c);
|
||||||
|
|
||||||
msleep(delay);
|
msleep(delay);
|
||||||
sendPing();
|
sendPing();
|
||||||
return true;
|
return true;
|
||||||
|
@ -195,6 +200,7 @@ int CmdHIDDemod(const char *Cmd) {
|
||||||
}
|
}
|
||||||
PrintAndLog("HID Prox TAG ID: %x%08x (%u) - Format Len: %ubit - FC: %u - Card: %u", hi, lo, (lo>>1) & 0xFFFF, fmtLen, fc, cardnum);
|
PrintAndLog("HID Prox TAG ID: %x%08x (%u) - Format Len: %ubit - FC: %u - Card: %u", hi, lo, (lo>>1) & 0xFFFF, fmtLen, fc, cardnum);
|
||||||
}
|
}
|
||||||
|
|
||||||
setDemodBuf(BitStream, BitLen, idx);
|
setDemodBuf(BitStream, BitLen, idx);
|
||||||
setClockGrid(50, waveIdx + (idx*50));
|
setClockGrid(50, waveIdx + (idx*50));
|
||||||
|
|
||||||
|
@ -268,9 +274,7 @@ int CmdHIDClone(const char *Cmd) {
|
||||||
hi = (hi << 4) | (lo >> 28);
|
hi = (hi << 4) | (lo >> 28);
|
||||||
lo = (lo << 4) | (n & 0xf);
|
lo = (lo << 4) | (n & 0xf);
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintAndLog("Cloning tag with ID %x%08x", hi, lo);
|
PrintAndLog("Cloning tag with ID %x%08x", hi, lo);
|
||||||
|
|
||||||
hi2 = 0;
|
hi2 = 0;
|
||||||
c.d.asBytes[0] = 0;
|
c.d.asBytes[0] = 0;
|
||||||
}
|
}
|
||||||
|
@ -471,12 +475,11 @@ int CmdHIDWiegand(const char *Cmd) {
|
||||||
|
|
||||||
int CmdHIDBrute(const char *Cmd){
|
int CmdHIDBrute(const char *Cmd){
|
||||||
|
|
||||||
bool errors = false;
|
bool errors = false, verbose = false;
|
||||||
uint32_t fc = 0, cn = 0, delay = 1000;
|
uint32_t fc = 0, cn = 0, delay = 1000;
|
||||||
uint8_t fmtlen = 0;
|
uint8_t fmtlen = 0;
|
||||||
uint8_t bits[96];
|
uint8_t bits[96];
|
||||||
uint8_t *bs = bits;
|
memset(bits, 0, sizeof(bits));
|
||||||
memset(bs, 0, sizeof(bits));
|
|
||||||
uint8_t cmdp = 0;
|
uint8_t cmdp = 0;
|
||||||
|
|
||||||
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
while(param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||||
|
@ -518,6 +521,11 @@ int CmdHIDBrute(const char *Cmd){
|
||||||
// negated
|
// negated
|
||||||
errors = !is_ftm_ok;
|
errors = !is_ftm_ok;
|
||||||
break;
|
break;
|
||||||
|
case 'v':
|
||||||
|
case 'V':
|
||||||
|
verbose = true;
|
||||||
|
cmdp++;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
|
PrintAndLog("Unknown parameter '%c'", param_getchar(Cmd, cmdp));
|
||||||
errors = true;
|
errors = true;
|
||||||
|
@ -533,6 +541,7 @@ int CmdHIDBrute(const char *Cmd){
|
||||||
uint16_t up = cn;
|
uint16_t up = cn;
|
||||||
uint16_t down = cn;
|
uint16_t down = cn;
|
||||||
|
|
||||||
|
// main loop
|
||||||
for (;;){
|
for (;;){
|
||||||
|
|
||||||
if ( offline ) {
|
if ( offline ) {
|
||||||
|
@ -548,12 +557,12 @@ int CmdHIDBrute(const char *Cmd){
|
||||||
|
|
||||||
// Do one up
|
// Do one up
|
||||||
if ( up < 0xFFFF )
|
if ( up < 0xFFFF )
|
||||||
if ( !sendTry(fmtlen, fc, up++, delay, bs)) return 1;
|
if ( !sendTry(fmtlen, fc, up++, delay, bits, verbose)) return 1;
|
||||||
|
|
||||||
// Do one down (if cardnumber is given)
|
// Do one down (if cardnumber is given)
|
||||||
if ( cn > 1 )
|
if ( cn > 1 )
|
||||||
if ( down > 1 )
|
if ( down > 1 )
|
||||||
if ( !sendTry(fmtlen, fc, --down, delay, bs)) return 1;
|
if ( !sendTry(fmtlen, fc, --down, delay, bits, verbose)) return 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue