From 16136469886f5941fef3260a812944f4fb404f66 Mon Sep 17 00:00:00 2001 From: nigolas Date: Sat, 5 Feb 2022 18:51:11 -0300 Subject: [PATCH 1/3] New luascript file to format Sector Trailers on the MiFare emulator --- client/luascripts/hf_mf_efmt.lua | 136 +++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 client/luascripts/hf_mf_efmt.lua diff --git a/client/luascripts/hf_mf_efmt.lua b/client/luascripts/hf_mf_efmt.lua new file mode 100644 index 000000000..3ce8bb474 --- /dev/null +++ b/client/luascripts/hf_mf_efmt.lua @@ -0,0 +1,136 @@ +local getopt = require('getopt') +local ansicolors = require('ansicolors') + +--Copyright +copyright = '' +author = 'nisgola' +version = 'v1' + +-- Script description +desc = [[ +This is a script that write Sector Trailers to the emulator memory. + +By default, both keys A and B are set to 0xFFFFFFFFFFFF. +The Access Bytes are set to 0xFF0780 and User Bytes to 0x00. +]] +example = [[ + -- Use default formatting + 1. script run hf_mf_efmt + + -- Change keys A and B + 2. script run hf_mf_efmt -a 112233445566 -b AABBCCDDEEFF + + -- Define access bits and User byte + 3. script run hf_mf_efmt -x 00f0ff -u 12 + + -- Format as 4K card + 4. script run hf_mf_efmt -4 +]] + +-- Usage info +usage = [[ +script run hf_mf_efmt [-h] [-4] [-a ] [-b ] [-x ] [-u ] +]] + +-- Arguments +arguments = [[ + -h this help + -4 Format as 4K card instead of the default 1K + -a define key A + -b define key B + -x define Access Byts + -u define User Byte + +]] + +-- Help function +local function help() + print(copyright) + print(author) + print(version) + print(desc) + print(ansicolors.cyan..'Usage'..ansicolors.reset) + print(usage) + print(ansicolors.cyan..'Arguments'..ansicolors.reset) + print(arguments) + print(ansicolors.cyan..'Example usage'..ansicolors.reset) + print(example) +end + +-- Print error +local function oops(err) + print('ERROR:', err) + core.clearCommandBuffer() + return nil, err +end + +-- Command function +local function cmdFormatEmul() + local arr = {} + for i = 0, 15 do + local blk = 3 + (4*i) + arr[i] = 'hf mf esetblk --blk '..blk..' -d '..KeyA..''..Accessbit..''..User..''..KeyB..'' + end + +-- This looks horrible, but I don't know anything about Lua + if S70 then + for i = 16, 31 do + local blk = 3 + (4*i) + arr[i] = 'hf mf esetblk --blk '..blk..' -d '..KeyA..''..Accessbit..''..User..''..KeyB..'' + end + for i = 32, 40 do + local blk = 127 + (16*(i-32)) + arr[i] = 'hf mf esetblk --blk '..blk..' -d '..KeyA..''..Accessbit..''..User..''..KeyB..'' + end + end + return arr +end +local function sendCmds( cmds ) + for i = 0, #cmds do + if cmds[i] then + print ( cmds[i] ) + core.console( cmds[i] ) + core.clearCommandBuffer() + end + end +end + +-- main function +function main(args) + + local i + local cmds = {} + + -- Receive parameters + for o, a in getopt.getopt(args, 'ha:b:x:u:4') do + if o == 'h' then return help() end + if o == 'a' then KeyA = a end + if o == 'b' then KeyB = a end + if o == 'x' then Accessbit = a end + if o == 'u' then User = a end + if o == '4' then S70 = true end + end + + -- Validate inputs + KeyA = KeyA or 'FFFFFFFFFFFF' + if #(KeyA) ~= 12 then + return oops( string.format('Wrong length of the Key A (was %d) expected 12', #KeyA)) + end + KeyB = KeyB or 'FFFFFFFFFFFF' + if #(KeyB) ~= 12 then + return oops( string.format('Wrong length of the Key B (was %d) expected 12', #KeyB)) + end + Accessbit = Accessbit or 'FF0780' + if #(Accessbit) ~= 6 then + return oops( string.format('Wrong length of the Acces bit (was %d) expected 6', #Accessbit)) + end + User = User or '00' + if #(User) ~= 2 then + return oops( string.format('Wrong lenght for the user defined byte, (was %d) expected 2', #User)) + end + + -- Send commands to proxmark + core.clearCommandBuffer() + sendCmds( cmdFormatEmul() ) +end +main (args) From 44e10bad153dff0c15be128d1b64ec7c17f8492a Mon Sep 17 00:00:00 2001 From: nigolas Date: Sat, 5 Feb 2022 21:15:42 -0300 Subject: [PATCH 2/3] Updated script name --- .../{hf_mf_efmt.lua => hf_mf_em_util.lua} | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) rename client/luascripts/{hf_mf_efmt.lua => hf_mf_em_util.lua} (91%) diff --git a/client/luascripts/hf_mf_efmt.lua b/client/luascripts/hf_mf_em_util.lua similarity index 91% rename from client/luascripts/hf_mf_efmt.lua rename to client/luascripts/hf_mf_em_util.lua index 3ce8bb474..a148a3272 100644 --- a/client/luascripts/hf_mf_efmt.lua +++ b/client/luascripts/hf_mf_em_util.lua @@ -15,21 +15,21 @@ The Access Bytes are set to 0xFF0780 and User Bytes to 0x00. ]] example = [[ -- Use default formatting - 1. script run hf_mf_efmt + 1. script run hf_mf_em_util -- Change keys A and B - 2. script run hf_mf_efmt -a 112233445566 -b AABBCCDDEEFF + 2. script run hf_mf_em_util -a 112233445566 -b AABBCCDDEEFF -- Define access bits and User byte - 3. script run hf_mf_efmt -x 00f0ff -u 12 + 3. script run hf_mf_em_util -x 00f0ff -u 12 -- Format as 4K card - 4. script run hf_mf_efmt -4 + 4. script run hf_mf_em_util -4 ]] -- Usage info usage = [[ -script run hf_mf_efmt [-h] [-4] [-a ] [-b ] [-x ] [-u ] +script run hf_mf_em_util [-h] [-4] [-a ] [-b ] [-x ] [-u ] ]] -- Arguments @@ -38,7 +38,7 @@ arguments = [[ -4 Format as 4K card instead of the default 1K -a define key A -b define key B - -x define Access Byts + -x define Access Bytes -u define User Byte ]] @@ -100,7 +100,7 @@ function main(args) local i local cmds = {} - + -- Receive parameters for o, a in getopt.getopt(args, 'ha:b:x:u:4') do if o == 'h' then return help() end From b21ac98d92c40bf5b54408e51ece15114ef4396b Mon Sep 17 00:00:00 2001 From: nigolas Date: Sun, 6 Feb 2022 11:19:57 -0300 Subject: [PATCH 3/3] Code optimization --- CHANGELOG.md | 1 + client/luascripts/hf_mf_em_util.lua | 116 +++++++++++----------------- 2 files changed, 45 insertions(+), 72 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e2359f72..2c8ba75ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Addes luascript `hf_mf_em_util.lua` - Script for emulator configuration (@nisgola) - Fixes `hf mf restore` - now takes bin/eml/json as dump files (@iceman1001) - Fixes `script run some_python_script` segfault on armhf architecture (@doegox) - Added `trace extract` - extract authentication parts from trace (@iceman1001) diff --git a/client/luascripts/hf_mf_em_util.lua b/client/luascripts/hf_mf_em_util.lua index a148a3272..69537d7dd 100644 --- a/client/luascripts/hf_mf_em_util.lua +++ b/client/luascripts/hf_mf_em_util.lua @@ -22,27 +22,20 @@ example = [[ -- Define access bits and User byte 3. script run hf_mf_em_util -x 00f0ff -u 12 - - -- Format as 4K card - 4. script run hf_mf_em_util -4 ]] - -- Usage info usage = [[ script run hf_mf_em_util [-h] [-4] [-a ] [-b ] [-x ] [-u ] ]] - -- Arguments arguments = [[ -h this help - -4 Format as 4K card instead of the default 1K + -4 format as 4K card -a define key A -b define key B -x define Access Bytes - -u define User Byte - + -u define User Byte ]] - -- Help function local function help() print(copyright) @@ -56,81 +49,60 @@ local function help() print(ansicolors.cyan..'Example usage'..ansicolors.reset) print(example) end - -- Print error local function oops(err) print('ERROR:', err) - core.clearCommandBuffer() - return nil, err + return nil,err end --- Command function -local function cmdFormatEmul() - local arr = {} - for i = 0, 15 do - local blk = 3 + (4*i) - arr[i] = 'hf mf esetblk --blk '..blk..' -d '..KeyA..''..Accessbit..''..User..''..KeyB..'' - end - --- This looks horrible, but I don't know anything about Lua - if S70 then - for i = 16, 31 do - local blk = 3 + (4*i) - arr[i] = 'hf mf esetblk --blk '..blk..' -d '..KeyA..''..Accessbit..''..User..''..KeyB..'' - end - for i = 32, 40 do - local blk = 127 + (16*(i-32)) - arr[i] = 'hf mf esetblk --blk '..blk..' -d '..KeyA..''..Accessbit..''..User..''..KeyB..'' - end - end - return arr -end -local function sendCmds( cmds ) - for i = 0, #cmds do - if cmds[i] then - print ( cmds[i] ) - core.console( cmds[i] ) - core.clearCommandBuffer() +-- Memory formatting +local function card_format(key_a,key_b,ab,user,s70) + local blocks = {3,7,11,15,19,23,27,31,35,39,43,47,51,55,59,63,67,71,75,79,83,87,91,95,99,103,107,111,115,119,123,127,143,159,175,191,207,223,239,255} + for k,v in ipairs(blocks) do + local cmd = string.format("hf mf esetblk --blk %s -d %s%s%s%s",v,key_a,ab,user,key_b) + core.console(cmd) + print(cmd) + core.clearCommandBuffer() + if s70 == false and k > 15 then + return end end end --- main function -function main(args) +local function main(args) + -- Receive parameters + for o, a in getopt.getopt(args, 'ha:b:x:u:4') do + if o == 'h' then return help() end + if o == 'a' then KeyA = a end + if o == 'b' then KeyB = a end + if o == 'x' then Accessbit = a end + if o == 'u' then User = a end + if o == '4' then kkkk = true end + end - local i - local cmds = {} + local KeyA = KeyA or 'FFFFFFFFFFFF' + if #(KeyA) ~= 12 then + return oops( string.format('Wrong length of the Key A, receveid %d, expected 12', #KeyA)) + end - -- Receive parameters - for o, a in getopt.getopt(args, 'ha:b:x:u:4') do - if o == 'h' then return help() end - if o == 'a' then KeyA = a end - if o == 'b' then KeyB = a end - if o == 'x' then Accessbit = a end - if o == 'u' then User = a end - if o == '4' then S70 = true end - end + local KeyB = KeyB or 'FFFFFFFFFFFF' + if #(KeyB) ~= 12 then + return oops( string.format('Wrong length of the Key B, received %d, expected 12', #KeyB)) + end - -- Validate inputs - KeyA = KeyA or 'FFFFFFFFFFFF' - if #(KeyA) ~= 12 then - return oops( string.format('Wrong length of the Key A (was %d) expected 12', #KeyA)) - end - KeyB = KeyB or 'FFFFFFFFFFFF' - if #(KeyB) ~= 12 then - return oops( string.format('Wrong length of the Key B (was %d) expected 12', #KeyB)) - end - Accessbit = Accessbit or 'FF0780' - if #(Accessbit) ~= 6 then - return oops( string.format('Wrong length of the Acces bit (was %d) expected 6', #Accessbit)) - end - User = User or '00' - if #(User) ~= 2 then - return oops( string.format('Wrong lenght for the user defined byte, (was %d) expected 2', #User)) - end + local Accessbit = Accessbit or 'FF0780' + if #(Accessbit) ~= 6 then + return oops( string.format('Wrong length of the Access bit, received %d, expected 6', #Accessbit)) + end - -- Send commands to proxmark - core.clearCommandBuffer() - sendCmds( cmdFormatEmul() ) + local User = User or '00' + if #(User) ~= 2 then + return oops( string.format('Wrong lenght for the user defined byte, received %d, expected 2', #User)) + end + + local kkkk = kkkk or false + + -- Call card_format function + card_format(KeyA,KeyB,Accessbit,User,kkkk) end main (args)