From bad5c1ea611f1cf1e88a0b700496431501c75bdd Mon Sep 17 00:00:00 2001 From: PhaseLoop Date: Sat, 27 May 2023 11:57:39 +0000 Subject: [PATCH] refactor bruteforce headers and namespace --- armsrc/em4x50.c | 6 +++--- client/src/cmdlfem4x50.c | 24 ++++++++++++------------ common/bruteforce.c | 24 ++++++++++++------------ common/bruteforce.h | 34 ++++++++++++++++++++-------------- 4 files changed, 47 insertions(+), 41 deletions(-) diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index d43a6a15f..31ea864a1 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -641,12 +641,12 @@ static bool brute(em4x50_data_t *etd, uint32_t *pwd) { int generator_ret = 0; int cnt = 0; - bf_generator_init(&ctx, etd->bruteforce_mode); + bf_generator_init(&ctx, etd->bruteforce_mode, BF_KEY_SIZE_32); - if (etd->bruteforce_mode == BRUTEFORCE_MODE_CHARSET) + if (etd->bruteforce_mode == BF_MODE_CHARSET) bf_generator_set_charset(&ctx, etd->bruteforce_charset); - while ((generator_ret = bf_generate32(&ctx)) == GENERATOR_NEXT) { + while ((generator_ret = bf_generate32(&ctx)) == BF_GENERATOR_NEXT) { *pwd = ctx.current_key32; WDT_HIT(); diff --git a/client/src/cmdlfem4x50.c b/client/src/cmdlfem4x50.c index 017f1c121..a45f8a11c 100644 --- a/client/src/cmdlfem4x50.c +++ b/client/src/cmdlfem4x50.c @@ -377,15 +377,15 @@ int CmdEM4x50Brute(const char *Cmd) { PrintAndLogEx(INFO, "Chosen mode: %s", mode); if (strcmp(mode, "range") == 0) { - etd.bruteforce_mode = BRUTEFORCE_MODE_RANGE; + etd.bruteforce_mode = BF_MODE_RANGE; } else if (strcmp(mode, "charset") == 0) { - etd.bruteforce_mode = BRUTEFORCE_MODE_CHARSET; + etd.bruteforce_mode = BF_MODE_CHARSET; } else { PrintAndLogEx(FAILED, "Unknown bruteforce mode: %s", mode); return PM3_EINVARG; } - if (etd.bruteforce_mode == BRUTEFORCE_MODE_RANGE) { + if (etd.bruteforce_mode == BF_MODE_RANGE) { int begin_len = 0; uint8_t begin[4] = {0x0}; CLIGetHexWithReturn(ctx, 2, begin, &begin_len); @@ -406,14 +406,14 @@ int CmdEM4x50Brute(const char *Cmd) { etd.password1 = BYTES2UINT32_BE(begin); etd.password2 = BYTES2UINT32_BE(end); - } else if (etd.bruteforce_mode == BRUTEFORCE_MODE_CHARSET) { + } else if (etd.bruteforce_mode == BF_MODE_CHARSET) { bool enable_digits = arg_get_lit(ctx, 4); bool enable_uppercase = arg_get_lit(ctx, 5); if (enable_digits) - etd.bruteforce_charset |= CHARSET_DIGITS; + etd.bruteforce_charset |= BF_CHARSET_DIGITS; if (enable_uppercase) - etd.bruteforce_charset |= CHARSET_UPPERCASE; + etd.bruteforce_charset |= BF_CHARSET_UPPERCASE; if (etd.bruteforce_charset == 0) { PrintAndLogEx(FAILED, "Please enable at least one charset when using charset bruteforce mode."); @@ -432,21 +432,21 @@ int CmdEM4x50Brute(const char *Cmd) { const int speed = 27; int no_iter = 0; - if (etd.bruteforce_mode == BRUTEFORCE_MODE_RANGE) { + if (etd.bruteforce_mode == BF_MODE_RANGE) { no_iter = etd.password2 - etd.password1 + 1; PrintAndLogEx(INFO, "Trying " _YELLOW_("%i") " passwords in range [0x%08x, 0x%08x]" , no_iter , etd.password1 , etd.password2 ); - } else if (etd.bruteforce_mode == BRUTEFORCE_MODE_CHARSET) { + } else if (etd.bruteforce_mode == BF_MODE_CHARSET) { unsigned int digits = 0; - if (etd.bruteforce_charset & CHARSET_DIGITS) - digits += CHARSET_DIGITS_SIZE; + if (etd.bruteforce_charset & BF_CHARSET_DIGITS) + digits += BF_CHARSET_DIGITS_SIZE; - if (etd.bruteforce_charset & CHARSET_UPPERCASE) - digits += CHARSET_UPPERCASE_SIZE; + if (etd.bruteforce_charset & BF_CHARSET_UPPERCASE) + digits += BF_CHARSET_UPPERCASE_SIZE; no_iter = pow(digits, 4); } diff --git a/common/bruteforce.c b/common/bruteforce.c index 891796690..7a4aa1ac4 100644 --- a/common/bruteforce.c +++ b/common/bruteforce.c @@ -28,22 +28,22 @@ uint8_t charset_uppercase[] = { 'X', 'Y', 'Z' }; -void bf_generator_init(generator_context_t *ctx, uint8_t mode) { +void bf_generator_init(generator_context_t *ctx, uint8_t mode, uint8_t key_size) { memset(ctx, 0, sizeof(generator_context_t)); ctx->mode = mode; } int bf_generator_set_charset(generator_context_t *ctx, uint8_t charsets) { - if (ctx->mode != BRUTEFORCE_MODE_CHARSET) { + if (ctx->mode != BF_MODE_CHARSET) { return -1; } - if (charsets & CHARSET_DIGITS) { + if (charsets & BF_CHARSET_DIGITS) { memcpy(ctx->charset, charset_digits, sizeof(charset_digits)); ctx->charset_length += sizeof(charset_digits); } - if (charsets & CHARSET_UPPERCASE) { + if (charsets & BF_CHARSET_UPPERCASE) { memcpy(ctx->charset + ctx->charset_length, charset_uppercase, sizeof(charset_uppercase)); ctx->charset_length += sizeof(charset_uppercase); } @@ -54,19 +54,19 @@ int bf_generator_set_charset(generator_context_t *ctx, uint8_t charsets) { int bf_generate32(generator_context_t *ctx) { switch (ctx->mode) { - case BRUTEFORCE_MODE_RANGE: + case BF_MODE_RANGE: return _bf_generate_mode_range32(ctx); - case BRUTEFORCE_MODE_CHARSET: + case BF_MODE_CHARSET: return _bf_generate_mode_charset32(ctx); } - return GENERATOR_ERROR; + return BF_GENERATOR_ERROR; } int _bf_generate_mode_range32(generator_context_t *ctx) { if (ctx->current_key32 >= ctx->range_high) { - return GENERATOR_END; + return BF_GENERATOR_END; } // we use flag1 as indicator if value of range_low was already emitted @@ -74,17 +74,17 @@ int _bf_generate_mode_range32(generator_context_t *ctx) { if (ctx->current_key32 <= ctx->range_low && ctx->flag1 == false) { ctx->current_key32 = ctx->range_low; ctx->pos[0] = true; - return GENERATOR_NEXT; + return BF_GENERATOR_NEXT; } ctx->current_key32++; - return GENERATOR_NEXT; + return BF_GENERATOR_NEXT; } int _bf_generate_mode_charset32(generator_context_t *ctx) { if (ctx->flag1) - return GENERATOR_END; + return BF_GENERATOR_END; ctx->current_key32 = ctx->charset[ctx->pos[0]] << 24 | ctx->charset[ctx->pos[1]] << 16 | ctx->charset[ctx->pos[2]] << 8 | ctx->charset[ctx->pos[3]]; @@ -94,7 +94,7 @@ int _bf_generate_mode_charset32(generator_context_t *ctx) { // set flag1 to emit value last time and end generation ctx->flag1 = true; - return GENERATOR_NEXT; + return BF_GENERATOR_NEXT; } // increments values in array with carryover using modulo limit for each byte diff --git a/common/bruteforce.h b/common/bruteforce.h index 91e01172d..beb44775e 100644 --- a/common/bruteforce.h +++ b/common/bruteforce.h @@ -22,28 +22,33 @@ #include "common.h" typedef uint8_t bruteforce_mode_t; + +#define BF_KEY_SIZE_32 4 +#define BF_KEY_SIZE_48 6 + // bruteforcing all keys sequentially between X and Y -#define BRUTEFORCE_MODE_RANGE 1 +#define BF_MODE_RANGE 1 // try keys based on limited charset/passphrases // some payment systems use user-provided passphrase as system key -#define BRUTEFORCE_MODE_CHARSET 2 +#define BF_MODE_CHARSET 2 // "smart" mode - try some predictable patterns -#define BRUTEFORCE_MODE_SMART 3 +#define BF_MODE_SMART 3 typedef uint8_t bruteforce_charset_t; // bit flags - can be used together using logical OR -#define CHARSET_DIGITS 1 -#define CHARSET_UPPERCASE 2 +#define BF_CHARSET_DIGITS 1 +#define BF_CHARSET_UPPERCASE 2 -#define GENERATOR_END 0 -#define GENERATOR_NEXT 1 -#define GENERATOR_ERROR 2 +#define BF_GENERATOR_END 0 +#define BF_GENERATOR_NEXT 1 +#define BF_GENERATOR_ERROR 2 + +#define BF_CHARSET_DIGITS_SIZE 10 +#define BF_CHARSET_UPPERCASE_SIZE 25 -#define CHARSET_DIGITS_SIZE 10 -#define CHARSET_UPPERCASE_SIZE 25 extern uint8_t charset_digits[]; extern uint8_t charset_uppercase[]; @@ -53,12 +58,13 @@ typedef struct { // position of each of 4 bytes in 32 bit key in charset mode // add more bytes to support larger keys // pos[0] is most significant byte - all maths avoid relying on little/big endian memory layout - uint8_t pos[4]; + uint8_t pos[6]; // max supported key is now 48 bit + uint8_t key_length; // bytes uint32_t current_key32; uint8_t mode; uint8_t charset[ - CHARSET_DIGITS_SIZE - + CHARSET_UPPERCASE_SIZE + BF_CHARSET_DIGITS_SIZE + + BF_CHARSET_UPPERCASE_SIZE ]; uint8_t charset_length; @@ -69,7 +75,7 @@ typedef struct { } generator_context_t; -void bf_generator_init(generator_context_t *ctx, uint8_t mode); +void bf_generator_init(generator_context_t *ctx, uint8_t mode, uint8_t key_size); int bf_generator_set_charset(generator_context_t *ctx, uint8_t charsets); int bf_generate32(generator_context_t *ctx); int _bf_generate_mode_range32(generator_context_t *ctx);