github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-22 06:13:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #4 from RfidResearchGroup/master

Browse source 
Update
This commit is contained in:
Bjoern Kerler 2020-04-05 21:35:22 +02:00 committed by GitHub
commit e128a340b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 1092 additions and 324 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGELOG.md
View file

@ -3,6 +3,12 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Updated helptext layout in all luascripts (@iceman1001)
- Change `hf mfdes info` - output and logging (@brkeler)
- Updated texts in legic commands (@ikarus23)
- Fix timing bug inside 40x5 (@mwalker33)
- Refactored all Hitag2 attacks (@doegox)
- Added two new Hitag2 attacks (@doegox)
- Change `hf search` - now continue to search in case of dual tech cards (@iceman1001) Thanks to @ikarus23 for the suggestion! - Change `hf search` - now continue to search in case of dual tech cards (@iceman1001) Thanks to @ikarus23 for the suggestion!
- Added `hf topas info` - old reader command, now also prints NDEF (@iceman1001) - Added `hf topas info` - old reader command, now also prints NDEF (@iceman1001)
- Change `hf topaz reader` - now only prints lighter info, like UID. (@iceman1001) - Change `hf topaz reader` - now only prints lighter info, like UID. (@iceman1001)

13
client/cmdhfmfu.c
View file

@ -2782,6 +2782,19 @@ static int CmdHF14MfuNDEF(const char *Cmd) {
maxsize = ndef_get_maxsize(data + 12); maxsize = ndef_get_maxsize(data + 12);
} }
// iceman: maybe always take MIN of tag identified size vs NDEF reported size?
// fix: UL_EV1 48bytes != NDEF reported size
for (uint8_t i = 0; i < ARRAYLEN(UL_TYPES_ARRAY); i++) {
if (tagtype & UL_TYPES_ARRAY[i]) {
if (maxsize != (UL_MEMORY_ARRAY[i] * 4) ) {
PrintAndLogEx(INFO, "Tag reported size vs NDEF reported size mismatch. Using smallest value");
}
maxsize = MIN(maxsize, (UL_MEMORY_ARRAY[i] * 4));
break;
}
}
// allocate mem // allocate mem
uint8_t *records = calloc(maxsize, sizeof(uint8_t)); uint8_t *records = calloc(maxsize, sizeof(uint8_t));
if (records == NULL) { if (records == NULL) {

143
client/luascripts/Legic_clone.lua
View file

@ -1,3 +1,7 @@
local utils = require('utils')
local cmds = require('commands')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
--[[ --[[
script to create a clone-dump with new crc script to create a clone-dump with new crc
Author: mosci Author: mosci
@ -13,10 +17,10 @@
simplest usage: simplest usage:
read a valid legic tag with 'hf legic reader' read a valid legic tag with 'hf legic reader'
save the dump with 'hf legic save orig.hex' save the dump with 'hf legic dump o orig'
place your 'empty' tag on the reader and run 'script run Legic_clone -i orig.hex -w' place your 'empty' tag on the reader and run 'script run Legic_clone -i orig.bin -w'
you will see some output like: you will see some output like:
read 1024 bytes from legic_dumps/j_0000.hex read 1024 bytes from orig.bin
place your empty tag onto the PM3 to read and display the MCD & MSN0..2 place your empty tag onto the PM3 to read and display the MCD & MSN0..2
the values will be shown below the values will be shown below
@ -86,34 +90,34 @@
copyright = '' copyright = ''
author = 'Mosci' author = 'Mosci'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This is a script which creates a clone-dump of a dump from a Legic Prime Tag (MIM256 or MIM1024) This is a script which creates a clone-dump of a dump from a Legic Prime Tag (MIM256 or MIM1024)
(created with 'hf legic save my_dump.hex') (created with 'hf legic dump f my_dump')
]] ]]
example = [[ example = [[
script run legic_clone -i my_dump.hex -o my_clone.hex -c f8 script run legic_clone -i my_dump.bin -o my_clone.bin -c f8
script run legic_clone -i my_dump.hex -d -s script run legic_clone -i my_dump.bin -d -s
]] ]]
usage = [[ usage = [[
script run legic_clone -h -i <file> -o <file> -c <crc> -d -s -w script run legic_clone -h -i <file> -o <file> -c <crc> -d -s -w
]]
arguments = [[
required :
-i <input file> (file to read data from, must be in binary format (*.bin))
required arguments: optional :
-i <input file> (file to read data from)
optional arguments :
-h - Help text -h - Help text
-o <output file> - requires option -c to be given -o <output file> - requires option -c to be given
-c <new-tag crc> - requires option -o to be given -c <new-tag crc> - requires option -o to be given
-d - Display content of found Segments -d - Display content of found Segments
-s - Display summary at the end -s - Display summary at the end
-w - write directly to Tag - a file myLegicClone.hex wille be generated also -w - write directly to Tag - a file myLegicClone.bin will be generated also
e.g.: e.g.:
hint: using the CRC '00' will result in a plain dump ( -c 00 ) hint: using the CRC '00' will result in a plain dump ( -c 00 )
]] ]]
local utils = require('utils')
local getopt = require('getopt')
local bxor = bit32.bxor local bxor = bit32.bxor
-- we need always 2 digits -- we need always 2 digits
@ -128,7 +132,6 @@ local function prepend_zero(s)
end end
end end
end end
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function oops(err) local function oops(err)
@ -137,6 +140,22 @@ local function oops(err)
return nil, err return nil, err
end end
-- read LEGIC data
local function readlegicdata( offset, length, iv )
-- Read data
local command = Command:newMIX{
cmd = cmds.CMD_HF_LEGIC_READER
, arg1 = offset
, arg2 = length
, arg3 = iv
, data = nil
}
local result, err = command:sendMIX()
if not result then return oops(err) end
-- result is a packed data structure, data starts at offset 33
return result
end
--- ---
-- Usage help -- Usage help
local function help() local function help()
@ -144,9 +163,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- Check availability of file -- Check availability of file
@ -175,16 +197,12 @@ local function getInputBytes(infile)
local line local line
local bytes = {} local bytes = {}
local fhi,err = io.open(infile) local fhi,err = io.open(infile,"rb")
if err then print("OOps ... faild to read from file ".. infile); return false; end if err then print("OOps ... faild to read from file ".. infile); return false; end
while true do str = fhi:read("*all")
line = fhi:read() for c in (str or ''):gmatch'.' do
if line == nil then break end bytes[#bytes+1] = ('%02x'):format(c:byte())
for byte in line:gmatch("%w+") do
table.insert(bytes, byte)
end
end end
fhi:close() fhi:close()
@ -195,25 +213,11 @@ end
-- write to file -- write to file
local function writeOutputBytes(bytes, outfile) local function writeOutputBytes(bytes, outfile)
local line local fho,err = io.open(outfile,"wb")
local bcnt = 0
local fho,err = io.open(outfile,"w")
if err then print("OOps ... faild to open output-file ".. outfile); return false; end if err then print("OOps ... faild to open output-file ".. outfile); return false; end
for i = 1, #bytes do for i = 1, #bytes do
if (bcnt == 0) then fho:write(string.char(tonumber(bytes[i],16)))
line = bytes[i]
elseif (bcnt <= 7) then
line = line.." "..bytes[i]
end
if (bcnt == 7) then
-- write line to new file
fho:write(line.."\n")
-- reset counter & line
bcnt = -1
line = ""
end
bcnt = bcnt + 1
end end
fho:close() fho:close()
print("\nwrote ".. #bytes .." bytes to " .. outfile) print("\nwrote ".. #bytes .." bytes to " .. outfile)
@ -318,7 +322,7 @@ function getSegmentCrcBytes(bytes)
return crcbytes return crcbytes
end end
-- print segment-data (hf legic decode like) -- print segment-data (hf legic info like)
function displaySegments(bytes) function displaySegments(bytes)
--display segment header(s) --display segment header(s)
start = 23 start = 23
@ -385,23 +389,25 @@ end
-- write clone-data to tag -- write clone-data to tag
function writeToTag(plainBytes) function writeToTag(plainBytes)
local SegCrcs = {} local SegCrcs = {}
if(utils.confirm("\nplace your empty tag onto the PM3 to read and display the MCD & MSN0..2\nthe values will be shown below\n confirm when ready") == false) then local output
local readbytes
if(utils.confirm("\nplace your empty tag onto the PM3 to restore the data of the input file\nthe CRCs will be calculated as needed\n confirm when ready") == false) then
return return
end end
readbytes = readlegicdata(0, 4, 0x55)
-- gather MCD & MSN from new Tag - this must be enterd manually -- gather MCD & MSN from new Tag - this must be enterd manually
cmd = 'hf legic read 0x00 0x04'
core.console(cmd)
print("\nthese are the MCD MSN0 MSN1 MSN2 from the Tag that has being read:") print("\nthese are the MCD MSN0 MSN1 MSN2 from the Tag that has being read:")
cmd = 'data hexsamples 4'
core.console(cmd)
print("^^ use this values as input for the following answers (one 2-digit-value per question/answer):")
-- enter MCD & MSN (in hex)
MCD = utils.input("type in MCD as 2-digit value - e.g.: 00", plainBytes[1])
MSN0 = utils.input("type in MSN0 as 2-digit value - e.g.: 01", plainBytes[2])
MSN1 = utils.input("type in MSN1 as 2-digit value - e.g.: 02", plainBytes[3])
MSN2 = utils.input("type in MSN2 as 2-digit value - e.g.: 03", plainBytes[4])
plainBytes[1] = ('%02x'):format(readbytes:byte(33))
plainBytes[2] = ('%02x'):format(readbytes:byte(34))
plainBytes[3] = ('%02x'):format(readbytes:byte(35))
plainBytes[4] = ('%02x'):format(readbytes:byte(36))
MCD = plainBytes[1]
MSN0 = plainBytes[2]
MSN1 = plainBytes[3]
MSN2 = plainBytes[4]
-- calculate crc8 over MCD & MSN -- calculate crc8 over MCD & MSN
cmd = MCD..MSN0..MSN1..MSN2 cmd = MCD..MSN0..MSN1..MSN2
MCC = ("%02x"):format(utils.Crc8Legic(cmd)) MCC = ("%02x"):format(utils.Crc8Legic(cmd))
@ -433,27 +439,10 @@ function writeToTag(plainBytes)
bytes = xorBytes(plainBytes, MCC) bytes = xorBytes(plainBytes, MCC)
-- write data to file -- write data to file
if (writeOutputBytes(bytes, "myLegicClone.hex")) then if (writeOutputBytes(bytes, "myLegicClone.bin")) then
WriteBytes = utils.input("enter number of bytes to write?", SegCrcs[#SegCrcs])
-- load file into pm3-buffer
cmd = 'hf legic eload myLegicClone.hex'
core.console(cmd)
-- write pm3-buffer to Tag -- write pm3-buffer to Tag
for i=0, WriteBytes do cmd = ('hf legic restore f myLegicClone')
if ( i<5 or i>6) then core.console(cmd)
cmd = ('hf legic write o %02x d 01'):format(i)
core.console(cmd)
elseif (i == 6) then
-- write DCF in reverse order (requires 'mosci-patch')
cmd = 'hf legic write o 05 d 02'
core.console(cmd)
else
print("skipping byte 0x05 - will be written next step")
end
utils.Sleep(0.2)
end
end end
end end
@ -491,7 +480,7 @@ function main(args)
end end
-- new crc -- new crc
if o == 'c' then if o == 'c' then
newcrc = a newcrc = a:lower()
ncs = true ncs = true
end end
-- display segments switch -- display segments switch
@ -526,12 +515,12 @@ function main(args)
res = "\n+-------------------------------------------- Summary -------------------------------------------+" res = "\n+-------------------------------------------- Summary -------------------------------------------+"
res = res .."\ncreated clone_dump from\n\t"..infile.." crc: "..oldcrc.."\ndump_file:" res = res .."\ncreated clone_dump from\n\t"..infile.." crc: "..oldcrc.."\ndump_file:"
res = res .."\n\t"..outfile.." crc: "..string.sub(newcrc,-2) res = res .."\n\t"..outfile.." crc: "..string.sub(newcrc,-2)
res = res .."\nyou may load the new file with: hf legic load "..outfile res = res .."\nyou may load the new file with: hf legic eload "..outfile
res = res .."\n\nif you don't write to tag immediately ('-w' switch) you will need to recalculate each segmentCRC" res = res .."\n\nif you don't write to tag immediately ('-w' switch) you will need to recalculate each segmentCRC"
res = res .."\nafter writing this dump to a tag!" res = res .."\nafter writing this dump to a tag!"
res = res .."\n\na segmentCRC gets calculated over MCD,MSN0..3,Segment-Header0..3" res = res .."\n\na segmentCRC gets calculated over MCD,MSN0..3,Segment-Header0..3"
res = res .."\ne.g. (based on Segment00 of the data from "..infile.."):" res = res .."\ne.g. (based on Segment00 of the data from "..infile.."):"
res = res .."\nhf legic crc8 "..bytes[1]..bytes[2]..bytes[3]..bytes[4]..bytes[23]..bytes[24]..bytes[25]..bytes[26] res = res .."\nhf legic crc d "..bytes[1]..bytes[2]..bytes[3]..bytes[4]..bytes[23]..bytes[24]..bytes[25]..bytes[26].." u "..newcrc.." c 8"
-- this can not be calculated without knowing the new MCD, MSN0..2 -- this can not be calculated without knowing the new MCD, MSN0..2
print(res) print(res)
end end
@ -545,7 +534,7 @@ function main(args)
end end
end end
-- write to tag -- write to tag
if (ws and #bytes == 1024) then if (ws and ( #bytes == 1024 or #bytes == 256)) then
writeToTag(bytes) writeToTag(bytes)
end end
end end

6
client/luascripts/emul2dump.lua
View file

@ -1,13 +1,13 @@
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local dumplib = require('html_dumplib') local dumplib = require('html_dumplib')
local ansicolors = require('ansicolors') local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.2' version = 'v1.0.2'
desc =[[ desc =[[
This script takes an dumpfile on EML (ASCII) format and converts it to the PM3 dumpbin file to be used with `hf mf restore` This script takes an dumpfile in EML (ASCII) format and converts it to the PM3 dumpbin file to be used with `hf mf restore`
]] ]]
example =[[ example =[[
1. script run emul2dump 1. script run emul2dump
@ -25,7 +25,7 @@ arguments = [[
]] ]]
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
local function dbg(err) local function dbg(args)
if not DEBUG then return end if not DEBUG then return end
if type(args) == 'table' then if type(args) == 'table' then
local i = 1 local i = 1

14
client/luascripts/formatMifare.lua
View file

@ -3,10 +3,11 @@ local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local lib14a = require('read14a') local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This script will generate 'hf mf wrbl' commands for each block to format a Mifare card. This script will generate 'hf mf wrbl' commands for each block to format a Mifare card.
@ -29,8 +30,8 @@ example = [[
]] ]]
usage = [[ usage = [[
script run formatMifare -k <key> -n <key> -a <access> -x script run formatMifare -k <key> -n <key> -a <access> -x
]]
Arguments: arguments = [[
-h - this help -h - this help
-k <key> - the current six byte key with write access -k <key> - the current six byte key with write access
-n <key> - the new key that will be written to the card -n <key> - the new key that will be written to the card
@ -71,9 +72,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

49
client/luascripts/hf_bruteforce.lua
View file

@ -2,38 +2,38 @@
-- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua -- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua
local getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Daniel Underhay (updated), Keld Norman(original)' author = 'Daniel Underhay (updated), Keld Norman(original)'
version = 'v2.0.0' version = 'v2.0.1'
usage = [[ desc =[[
This script bruteforces 4 or 7 byte UID Mifare classic card numbers.
pm3 --> script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type ]]
example =[[
Arguments:
-h this help
-s 0-0xFFFFFFFF start id
-e 0-0xFFFFFFFF end id
-t 0-99999, pause timeout (ms) between cards (use the word 'pause' to wait for user input)
-x mfc, mfu mifare type: mfc for Mifare Classic (default) or mfu for Mifare Ultralight EV1
Example:
pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346. Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346.
script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679. Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679.
script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
]]
usage = [[
script run hf_bruteforce [-s <start_id>] [-e <end_id>] [-t <timeout>] [-x <mifare_card_type>]
]]
arguments = [[
-h this help
-s 0-0xFFFFFFFF start id
-e 0-0xFFFFFFFF end id
-t 0-99999, pause timeout (ms) between cards
(use the word 'pause' to wait for user input)
-x mfc, mfu mifare type:
mfc for Mifare Classic (default)
mfu for Mifare Ultralight EV1
]] ]]
local DEBUG = true local DEBUG = true
--- ---
-- Debug print function -- Debug print function
local function dbg(args) local function dbg(args)
@ -62,9 +62,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
--- Print user message --- Print user message

60
client/luascripts/hf_read.lua
View file

@ -1,6 +1,65 @@
local reader = require('hf_reader') local reader = require('hf_reader')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = ''
author = ''
version = 'v1.0.1'
desc = [[
This script tries to detect a HF card. Just like 'hf search' does but this is experimental
]]
example = [[
1. script run hf_read
]]
usage = [[
script run hf_read
]]
arguments = [[
-h - this help
]]
---
-- This is only meant to be used when errors occur
local function dbg(args)
if not DEBUG then return end
if type(args) == 'table' then
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
print('###', args)
end
end
---
-- This is only meant to be used when errors occur
local function oops(err)
print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end
---
-- Usage help
local function help()
print(copyright)
print(author)
print(version)
print(desc)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
--
local function main(args) local function main(args)
-- Arguments for the script
for o, a in getopt.getopt(args, 'h') do
if o == 'h' then return help() end
end
print("WORK IN PROGRESS - not expected to be functional yet") print("WORK IN PROGRESS - not expected to be functional yet")
info, err = reader.waitForTag() info, err = reader.waitForTag()
@ -15,4 +74,5 @@ local function main(args)
end end
return return
end end
main(args) main(args)

14
client/luascripts/htmldump.lua
View file

@ -3,10 +3,11 @@
getopt = require('getopt') getopt = require('getopt')
bin = require('bin') bin = require('bin')
dumplib = require('html_dumplib') dumplib = require('html_dumplib')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Martin Holst Swende' author = 'Martin Holst Swende'
version = 'v1.0.1' version = 'v1.0.2'
desc =[[ desc =[[
This script takes a dumpfile and produces a html based dump, which is a This script takes a dumpfile and produces a html based dump, which is a
bit more easily analyzed. bit more easily analyzed.
@ -16,8 +17,8 @@ example = [[
]] ]]
usage = [[ usage = [[
script run htmldump [-i <file>] [-o <file>] script run htmldump [-i <file>] [-o <file>]
]]
Arguments: arguments = [[
-h This help -h This help
-i <file> Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used -i <file> Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
-o <filename> Speciies the output file. If omitted, <curtime>.html is used. -o <filename> Speciies the output file. If omitted, <curtime>.html is used.
@ -55,9 +56,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
local function main(args) local function main(args)

15
client/luascripts/init_rdv4.lua
View file

@ -1,21 +1,21 @@
local getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2019 IceSQL AB. All rights reserved.' copyright = 'Copyright (c) 2019 IceSQL AB. All rights reserved.'
author = 'Christian Herrmann' author = 'Christian Herrmann'
version = 'v1.0.0' version = 'v1.0.1'
desc = [[ desc = [[
This script initialize a Proxmark3 RDV4.0 with This script initialize a Proxmark3 RDV4.0 with
- uploading dictionary files to flashmem - uploading dictionary files to flashmem
- configuring the LF T55X7 device settings - configuring the LF T55X7 device settings
]] ]]
example = [[ example = [[
script run init_rdv4 script run init_rdv4
]] ]]
usage = [[ usage = [[
script run init_rdv4 -h script run init_rdv4 -h
]]
Arguments: arguments = [[
-h : this help -h : this help
]] ]]
@ -48,9 +48,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- The main entry point -- The main entry point

14
client/luascripts/iso15_magic.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local lib15 = require('read15') local lib15 = require('read15')
local getopt = require('getopt') local getopt = require('getopt')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2018 IceSQL AB. All rights reserved.' copyright = 'Copyright (c) 2018 IceSQL AB. All rights reserved.'
author = 'Christian Herrmann' author = 'Christian Herrmann'
version = 'v1.0.5' version = 'v1.0.6'
desc = [[ desc = [[
This script tries to set UID on a IS15693 SLIX magic card This script tries to set UID on a IS15693 SLIX magic card
Remember the UID ->MUST<- start with 0xE0 Remember the UID ->MUST<- start with 0xE0
@ -20,8 +21,8 @@ example = [[
]] ]]
usage = [[ usage = [[
script run iso15_magic -h -u <uid> script run iso15_magic -h -u <uid>
]]
Arguments: arguments = [[
-h : this help -h : this help
-u <UID> : UID (16 hexsymbols) -u <UID> : UID (16 hexsymbols)
-a : use offical pm3 repo ISO15 commands instead of iceman fork. -a : use offical pm3 repo ISO15 commands instead of iceman fork.
@ -56,9 +57,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
--- Set UID on magic command enabled on a ICEMAN based REPO --- Set UID on magic command enabled on a ICEMAN based REPO

14
client/luascripts/legic_buffer2card.lua
View file

@ -1,10 +1,11 @@
local utils = require('utils') local utils = require('utils')
local getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
-- this script writes bytes 8 to 256 on the Legic MIM256 -- this script writes bytes 8 to 256 on the Legic MIM256
copyright = '' copyright = ''
author = 'Mosci' author = 'Mosci'
version = 'v1.0.1' version = 'v1.0.2'
desc = desc =
[[ [[
This is a script which writes value 0x01 to bytes from position 0x07 until 0xFF on a Legic Prime Tag (MIM256 or MIM1024) -- (created with 'hf legic save my_dump.hex') -- This is a script which writes value 0x01 to bytes from position 0x07 until 0xFF on a Legic Prime Tag (MIM256 or MIM1024) -- (created with 'hf legic save my_dump.hex') --
@ -14,8 +15,8 @@ example = [[
]] ]]
usage = [[ usage = [[
script run legic_buffer2card -h script run legic_buffer2card -h
]]
Arguments arguments = [[
-h - Help text -h - Help text
]] ]]
@ -33,9 +34,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- simple loop-write from 0x07 to 0xff -- simple loop-write from 0x07 to 0xff

559
client/luascripts/legic_clone.lua Normal file
View file

@ -0,0 +1,559 @@
local utils = require('utils')
local cmds = require('commands')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
--[[
script to create a clone-dump with new crc
Author: mosci
my Fork: https://github.com/icsom/proxmark3.git
1. read tag-dump, xor byte 22..end with byte 0x05 of the inputfile
2. write to outfile
3. set byte 0x05 to newcrc
4. until byte 0x21 plain like in inputfile
5. from 0x22..end xored with newcrc
6. calculate new crc on each segment (needs to know the new MCD & MSN0..2)
simplest usage:
Dump a legic tag with 'hf legic dump'
place your 'empty' tag on the reader and run
'script run legic_clone -i orig.bin -w'
you will see some output like:
read 1024 bytes from orig.bin
place your empty tag onto the PM3 to read and display the MCD & MSN0..2
the values will be shown below
confirm when ready [y/n] ?y
0b ad c0 de <- !! here you'll see the MCD & MSN of your empty tag, which has to be typed in manually as seen below !!
type in MCD as 2-digit value - e.g.: 00 (default: 79 )
> 0b
type in MSN0 as 2-digit value - e.g.: 01 (default: 28 )
> ad
type in MSN1 as 2-digit value - e.g.: 02 (default: d1 )
> c0
type in MSN2 as 2-digit value - e.g.: 03 (default: 43 )
> de
MCD:0b, MSN:ad c0 de, MCC:79 <- this crc is calculated from the MCD & MSN and must match the one on yout empty tag
wrote 1024 bytes to myLegicClone.hex
enter number of bytes to write? (default: 86 )
loaded 1024 samples
#db# setting up legic card
#db# MIM 256 card found, writing 0x00 - 0x01 ...
#db# write successful
...
#db# setting up legic card
#db# MIM 256 card found, writing 0x56 - 0x01 ...
#db# write successful
proxmark3>
the default value (number of bytes to write) is calculated over all valid segments and should be ok - just hit enter, wait until write has finished
and your clone should be ready (except there has to be a additional KGH-CRC to be calculated - which credentials are unknown until yet)
the '-w' switch will only work with my fork - it needs the binary legic_crc8 which is not part of the proxmark3-master-branch
also the ability to write DCF is not possible with the proxmark3-master-branch
but creating dumpfile-clone files will be possible (without valid segment-crc - this has to done manually with)
(example) Legic-Prime Layout with 'Kaba Group Header'
+----+----+----+----+----+----+----+----+
0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 9f |
+----+----+----+----+----+----+----+----+
0x08| ff | 00 | 00 | 00 | 11 |Bck0|Bck1|Bck2|
+----+----+----+----+----+----+----+----+
0x10|Bck3|Bck4|Bck5|BCC | 00 | 00 |Seg0|Seg1|
+----+----+----+----+----+----+----+----+
0x18|Seg2|Seg3|SegC|Stp0|Stp1|Stp2|Stp3|UID0|
+----+----+----+----+----+----+----+----+
0x20|UID1|UID2|kghC|
+----+----+----+
MCD= ManufacturerID (1 Byte)
MSN0..2= ManufactureSerialNumber (3 Byte)
MCC= CRC (1 Byte) calculated over MCD,MSN0..2
DCF= DecrementalField (2 Byte) 'credential' (enduser-Tag) seems to have always DCF-low=0x60 DCF-high=0xea
Bck0..5= Backup (6 Byte) Bck0 'dirty-flag', Bck1..5 SegmentHeader-Backup
BCC= BackupCRC (1 Byte) CRC calculated over Bck1..5
Seg0..3= SegmentHeader (on MIM 4 Byte )
SegC= SegmentCRC (1 Byte) calculated over MCD,MSN0..2,Seg0..3
Stp0..n= Stamp0... (variable length) length = Segment-Len - UserData - 1
UID0..n= UserDater (variable length - with KGH hex 0x00-0x63 / dec 0-99) length = Segment-Len - WRP - WRC - 1
kghC= KabaGroupHeader (1 Byte + addr 0x0c must be 0x11)
as seen on this example: addr 0x05..0x08 & 0x0c must have been set to this values - otherwise kghCRC will not be created by a official reader (not accepted)
--]]
copyright = ''
author = 'Mosci'
version = 'v1.0.2'
desc = [[
This is a script which creates a clone-dump of a dump from a LEGIC Prime Tag (MIM256 or MIM1024)
Create a dump by running `hf legic dump`.
]]
example = [[
script run legic_clone -i my_dump.bin -o my_clone.bin -c f8
script run legic_clone -i my_dump.bin -d -s
]]
usage = [[
script run legic_clone [-h] [-i <file>] [-o <file>] [-c <crc>] [-d] [-s] [-w]
]]
arguments = [[
required :
-i <input file> - file to read data from, must be in binary format (*.bin)
optional :
-h - Help text
-o <output file> - requires option -c to be given
-c <new-tag crc> - requires option -o to be given
-d - Display content of found Segments
-s - Display summary at the end
-w - write directly to tag - a file hf-legic-UID-dump.bin will also be generated
e.g.:
hint: using the CRC '00' will result in a plain dump ( -c 00 )
]]
local DEBUG = true
local bxor = bit32.bxor
---
-- This is only meant to be used when errors occur
local function dbg(args)
if not DEBUG then return end
if type(args) == 'table' then
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
print('###', args)
end
end
-- we need always 2 digits
local function prepend_zero(s)
if s == nil then return '..' end
if (#s == 1) then
return '0' .. s
else
if (#s == 0) then
return '00'
else
return s
end
end
end
---
-- This is only meant to be used when errors occur
local function oops(err)
print('ERROR:', err)
core.clearCommandBuffer()
return nil, err
end
---
-- Usage help
local function help()
print(copyright)
print(author)
print(version)
print(desc)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
-- read LEGIC data
local function readlegicdata(offset, length, iv)
-- Read data
local command = Command:newMIX{
cmd = cmds.CMD_HF_LEGIC_READER
, arg1 = offset
, arg2 = length
, arg3 = iv
, data = nil
}
local result, err = command:sendMIX()
if not result then return oops(err) end
-- result is a packed data structure, data starts at offset 33
return result
end
-- Check availability of file
local function file_check(file_name)
local exists = io.open(file_name, "r")
if not exists then
exists = false
else
exists = true
end
return exists
end
--- xor-wrapper
-- xor all from addr 0x22 (start counting from 1 => 23)
local function xorme(hex, xor, index)
if ( index >= 23 ) then
return ('%02x'):format(bxor( tonumber(hex, 16) , tonumber(xor, 16) ))
else
return hex
end
end
-- read input-file into array
local function getInputBytes(infile)
local bytes = {}
local f = io.open(infile, "rb")
if f == nil then print("OOps ... failed to read from file ".. infile); return false; end
local str = f:read("*all")
f:close()
for c in (str or ''):gmatch'.' do
bytes[#bytes + 1] = ('%02x'):format(c:byte())
end
print("\nread ".. #bytes .." bytes from "..ansicolors.yellow..infile..ansicolors.reset)
return bytes
end
-- write to file
local function writeOutputBytes(bytes, outfile)
local fho,err = io.open(outfile, "wb")
if err then print("OOps ... faild to open output-file ".. outfile); return false; end
for i = 1, #bytes do
fho:write(string.char(tonumber(bytes[i], 16)))
end
fho:close()
print("\nwrote ".. #bytes .." bytes to " .. outfile)
return true
end
-- xore certain bytes
local function xorBytes(inBytes, crc)
local bytes = {}
for index = 1, #inBytes do
bytes[index] = xorme(inBytes[index], crc, index)
end
if (#inBytes == #bytes) then
-- replace crc
bytes[5] = string.sub(crc, -2)
return bytes
else
print("error: byte-count missmatch")
return false
end
end
-- get raw segment-data
local function getSegmentData(bytes, start, index)
local raw, len, valid, last, wrp, wrc, rd, crc
local segment = {}
segment[0] = bytes[start]..' '..bytes[start + 1]..' '..bytes[start + 2]..' '..bytes[start + 3]
-- flag = high nibble of byte 1
segment[1] = string.sub(bytes[start + 1], 0, 1)
-- valid = bit 6 of byte 1
segment[2] = tonumber(bit32.extract('0x'..bytes[start + 1], 6, 1), 16)
-- last = bit 7 of byte 1
segment[3] = tonumber(bit32.extract('0x'..bytes[start + 1], 7, 1), 16)
-- len = (byte 0)+(bit0-3 of byte 1)
segment[4] = tonumber(('%03x'):format(tonumber(bit32.extract('0x'..bytes[start + 1], 0, 3), 16)..tonumber(bytes[start], 16)), 16)
-- wrp (write proteted) = byte 2
segment[5] = tonumber(bytes[start + 2])
-- wrc (write control) - bit 4-6 of byte 3
segment[6] = tonumber(bit32.extract('0x'..bytes[start + 3], 4, 3), 16)
-- rd (read disabled) - bit 7 of byte 3
segment[7] = tonumber(bit32.extract('0x'..bytes[start + 3], 7, 1), 16)
-- crc byte 4
segment[8] = bytes[start + 4]
-- segment index
segment[9] = index
-- # crc-byte
segment[10] = start + 4
return segment
end
--- Kaba Group Header
-- checks if a segment does have a kghCRC
-- returns boolean false if no kgh has being detected or the kghCRC if a kgh was detected
local function CheckKgh(bytes, segStart, segEnd)
if (bytes[8] == '9f' and bytes[9] == 'ff' and bytes[13] == '11') then
local i
local data = {}
segStart = tonumber(segStart, 10)
segEnd = tonumber(segEnd, 10)
local dataLen = segEnd - segStart - 5
--- gather creadentials for verify
local WRP = bytes[(segStart + 2)]
local WRC = ("%02x"):format(tonumber(bit32.extract("0x"..bytes[segStart+3], 4, 3), 16))
local RD = ("%02x"):format(tonumber(bit32.extract("0x"..bytes[segStart+3], 7, 1), 16))
local XX = "00"
cmd = bytes[1]..bytes[2]..bytes[3]..bytes[4]..WRP..WRC..RD..XX
for i = (segStart + 5), (segStart + 5 + dataLen - 2) do
cmd = cmd..bytes[i]
end
local KGH = ("%02x"):format(utils.Crc8Legic(cmd))
if (KGH == bytes[segEnd - 1]) then
return KGH
else
return false
end
else
return false
end
end
-- get only the addresses of segemnt-crc's and the length of bytes
local function getSegmentCrcBytes(bytes)
local start = 23
local index = 0
local crcbytes = {}
repeat
seg = getSegmentData(bytes, start, index)
crcbytes[index] = seg[10]
start = start + seg[4]
index = index + 1
until (seg[3] == 1 or tonumber(seg[9]) == 126 )
crcbytes[index] = start
return crcbytes
end
-- print Segment values
local function printSegment(SegmentData)
res = "\nSegment "..SegmentData[9]..": "
res = res.. "raw header="..SegmentData[0]..", "
res = res.. "flag="..SegmentData[1].." (valid="..SegmentData[2].." last="..SegmentData[3].."), "
res = res.. "len="..("%04d"):format(SegmentData[4])..", "
res = res.. "WRP="..prepend_zero(SegmentData[5])..", "
res = res.. "WRC="..prepend_zero(SegmentData[6])..", "
res = res.. "RD="..SegmentData[7]..", "
res = res.. "crc="..SegmentData[8]
print(res)
end
-- print segment-data (hf legic info like)
local function displaySegments(bytes)
--display segment header(s)
start = 23
index = '00'
--repeat until last-flag ist set to 1 or segment-index has reached 126
repeat
wrc = ''
wrp = ''
pld = ''
Seg = getSegmentData(bytes, start, index)
if Seg == nil then return OOps("segment is nil") end
KGH = CheckKgh(bytes, start, (start + tonumber(Seg[4], 10)))
printSegment(Seg)
-- wrc
if (Seg[6] > 0) then
print("WRC protected area:")
-- length of wrc = wrc
for i = 1, Seg[6] do
-- starts at (segment-start + segment-header + segment-crc)-1
wrc = wrc..bytes[(start + 4 + 1 + i) - 1]..' '
end
print(wrc)
elseif (Seg[5] > 0) then
print("Remaining write protected area:")
-- length of wrp = (wrp-wrc)
for i = 1, (Seg[5] - Seg[6]) do
-- starts at (segment-start + segment-header + segment-crc + wrc)-1
wrp = wrp..bytes[(start + 4 + 1 + Seg[6] + i) - 1]..' '
end
print(wrp)
end
-- payload
print("Remaining segment payload:")
--length of payload = segment-len - segment-header - segment-crc - wrp -wrc
for i = 1, (Seg[4] - 4 - 1 - Seg[5] - Seg[6]) do
-- starts at (segment-start + segment-header + segment-crc + segment-wrp + segemnt-wrc)-1
pld = pld..bytes[(start + 4 + 1 + Seg[5] + Seg[6] + i) - 1]..' '
end
print(pld)
if (KGH) then
print(ansicolors.yellow.."'Kaba Group Header' detected"..ansicolors.reset)
end
start = start + Seg[4]
index = prepend_zero(tonumber(Seg[9]) + 1)
until (Seg[3] == 1 or tonumber(Seg[9]) == 126 )
end
-- write clone-data to tag
local function writeToTag(plainBytes)
local SegCrcs = {}
local output
local readbytes
if (utils.confirm("\nplace your empty tag onto the PM3 to restore the data of the input file\nthe CRCs will be calculated as needed\n confirm when ready") == false) then
return
end
readbytes = readlegicdata(0, 4, 0x55)
-- gather MCD & MSN from new Tag - this must be enterd manually
print("\nthese are the MCD MSN0 MSN1 MSN2 from the Tag that has being read:")
-- readbytes is a usbcommandOLD package, hence 32 bytes offset until data.
plainBytes[1] = ('%02x'):format(readbytes:byte(33))
plainBytes[2] = ('%02x'):format(readbytes:byte(34))
plainBytes[3] = ('%02x'):format(readbytes:byte(35))
plainBytes[4] = ('%02x'):format(readbytes:byte(36))
MCD = plainBytes[1]
MSN0 = plainBytes[2]
MSN1 = plainBytes[3]
MSN2 = plainBytes[4]
-- calculate crc8 over MCD & MSN
cmd = MCD..MSN0..MSN1..MSN2
MCC = ("%02x"):format(utils.Crc8Legic(cmd))
print("MCD:"..ansicolors.green..MCD..ansicolors.reset..", MSN:"..ansicolors.green..MSN0.." "..MSN1.." "..MSN2..ansicolors.reset..", MCC:"..MCC)
-- calculate new Segment-CRC for each valid segment
SegCrcs = getSegmentCrcBytes(plainBytes)
for i = 0, (#SegCrcs - 1) do
-- SegCrcs[i]-4 = address of first byte of segmentHeader (low byte segment-length)
segLen = tonumber(("%1x"):format(tonumber(bit32.extract("0x"..plainBytes[(SegCrcs[i] - 3)], 0, 3), 16))..("%02x"):format(tonumber(plainBytes[SegCrcs[i] - 4], 16)), 16)
segStart = (SegCrcs[i] - 4)
segEnd = (SegCrcs[i] - 4 + segLen)
KGH = CheckKgh(plainBytes, segStart, segEnd)
if (KGH) then
print("'Kaba Group Header' detected - re-calculate...")
end
cmd = MCD..MSN0..MSN1..MSN2..plainBytes[SegCrcs[i]-4]..plainBytes[SegCrcs[i]-3]..plainBytes[SegCrcs[i]-2]..plainBytes[SegCrcs[i]-1]
plainBytes[SegCrcs[i]] = ("%02x"):format(utils.Crc8Legic(cmd))
end
-- apply MCD & MSN to plain data
plainBytes[1] = MCD
plainBytes[2] = MSN0
plainBytes[3] = MSN1
plainBytes[4] = MSN2
plainBytes[5] = MCC
-- prepare plainBytes for writing (xor plain data with new MCC)
bytes = xorBytes(plainBytes, MCC)
-- write data to file
if (writeOutputBytes(bytes, "hf-legic-UID-dump.bin")) then
-- write pm3-buffer to Tag
cmd = ('hf legic restore f hf-legic-UID-dump')
core.console(cmd)
end
end
-- main function
local function main(args)
-- some variables
local i = 0
local oldcrc, newcrc, infile, outfile
local bytes = {}
local segments = {}
-- parse arguments for the script
for o, a in getopt.getopt(args, 'hwsdc:i:o:') do
-- output file
if o == 'o' then
outfile = a
ofs = true
if (file_check(a)) then
local answer = utils.confirm('\nthe output-file '..a..' already exists!\nthis will delete the previous content!\ncontinue?')
if (answer == false) then return oops('quiting') end
end
end
-- input file
if o == 'i' then
infile = a
if (file_check(infile) == false) then return oops('input file: '..infile..' not found') end
bytes = getInputBytes(infile)
oldcrc = bytes[5]
ifs = true
if (bytes == false) then return oops('couldnt read file') end
i = i + 1
end
-- new crc
if o == 'c' then
newcrc = a:lower()
ncs = true
end
-- display segments switch
if o == 'd' then ds = true; end
-- display summary switch
if o == 's' then ss = true; end
-- write to tag switch
if o == 'w' then ws = true; end
-- help
if o == 'h' then return help() end
end
if (not ifs) then return oops('option -i <input file> is required') end
-- bytes to plain
bytes = xorBytes(bytes, oldcrc)
-- show segments (works only on plain bytes)
if (ds) then
print("+------------------------------------------- Segments -------------------------------------------+")
displaySegments(bytes);
end
if (ofs and ncs) then
-- xor bytes with new crc
newBytes = xorBytes(bytes, newcrc)
-- write output
if (writeOutputBytes(newBytes, outfile)) then
-- show summary if requested
if (ss) then
-- information
res = "\n+-------------------------------------------- Summary -------------------------------------------+"
res = res .."\ncreated clone_dump from\n\t"..infile.." crc: "..oldcrc.."\ndump_file:"
res = res .."\n\t"..outfile.." crc: "..string.sub(newcrc, -2)
res = res .."\nyou may load the new file with:"
res = res ..ansicolors.yellow.."hf legic eload f "..outfile..ansicolors.reset
res = res .."\n\nif you don't write to tag immediately ('-w' switch) you will need to recalculate each segmentCRC"
res = res .."\nafter writing this dump to a tag!"
res = res .."\n\na segmentCRC gets calculated over MCD,MSN0..3, Segment-Header0..3"
res = res .."\ne.g. (based on Segment00 of the data from "..infile.."):"
res = res .."\n"
res = res ..ansicolors.yellow.."hf legic crc d "..bytes[1]..bytes[2]..bytes[3]..bytes[4]..bytes[23]..bytes[24]..bytes[25]..bytes[26].." u "..newcrc.." c 8"..ansicolors.reset
-- this can not be calculated without knowing the new MCD, MSN0..2
print(res)
end
end
else
if (ss) then
-- show why the output-file was not written
print("\nnew file not written - some arguments are missing ..")
print("output file: ".. (ofs and outfile or "not given"))
print("new crc: ".. (ncs and newcrc or "not given"))
end
end
-- write to tag
if (ws and ( #bytes == 1024 or #bytes == 256)) then
writeToTag(bytes)
end
end
-- call main with arguments
main(args)

14
client/luascripts/lf_bulk.lua
View file

@ -3,10 +3,11 @@
-- Updated 2017-04-18 -- Updated 2017-04-18
-- Updated 2018-02-20 iceman -- Updated 2018-02-20 iceman
local getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = "Brian Redbeard" author = "Brian Redbeard"
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
Perform bulk enrollment of 26 bit H10301 style RFID Tags Perform bulk enrollment of 26 bit H10301 style RFID Tags
For more info, check the comments in the code For more info, check the comments in the code
@ -17,8 +18,8 @@ example = [[
]] ]]
usage = [[ usage = [[
script run lf_bulk.lua -f facility -b base_id_num -c count script run lf_bulk.lua -f facility -b base_id_num -c count
]]
Arguments: arguments = [[
-h : this help -h : this help
-f : facility id -f : facility id
-b : starting card id -b : starting card id
@ -56,9 +57,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- Exit message -- Exit message

14
client/luascripts/lto_dump.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local lib14a = require('read14a') local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Kevin' author = 'Kevin'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This is a script that reads LTO-CM ISO14443a tags. This is a script that reads LTO-CM ISO14443a tags.
It starts from block 0 and ends at default block 254. It starts from block 0 and ends at default block 254.
@ -19,8 +20,8 @@ example = [[
]] ]]
usage = [[ usage = [[
script run lto_dump -h -s -e script run lto_dump -h -s -e
]]
Arguments: arguments = [[
h this helptext h this helptext
s start block in decimal s start block in decimal
e end block in decimal e end block in decimal
@ -58,9 +59,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
local function sendRaw(rawdata, options) local function sendRaw(rawdata, options)

59
client/luascripts/luxeodump.lua
View file

@ -12,9 +12,9 @@ local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = '0xdrrb' author = '0xdrrb'
version = 'v0.1.0' version = 'v0.1.1'
desc = [[ desc = [[
This is a script to dump and decrypt the data of a specific type of Mifare laundromat token. This is a script that tries to dump and decrypt the data of a specific type of Mifare laundromat token. OBS! Tag must be on the antenna.
]] ]]
example = [[ example = [[
script run luxeodump script run luxeodump
@ -22,7 +22,9 @@ example = [[
usage = [[ usage = [[
script run luxeodump script run luxeodump
]] ]]
arguments = [[
-h This help
]]
local PM3_SUCCESS = 0 local PM3_SUCCESS = 0
-- Some shortcuts -- Some shortcuts
@ -48,7 +50,22 @@ local function oops(err)
core.clearCommandBuffer() core.clearCommandBuffer()
return nil, err return nil, err
end end
---
-- Usage help
local function help()
print(copyright)
print(author)
print(version)
print(desc)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
--
local function setdevicedebug( status ) local function setdevicedebug( status )
local c = 'hw dbg ' local c = 'hw dbg '
if status then if status then
@ -72,8 +89,8 @@ local function xteaCrypt(num_rounds, v, key)
-- v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]); -- v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
v1 = band(bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]) + v1, 0xFFFFFFFF) v1 = band(bxor(bxor(lsh(v0,4), rsh(v0,5)) + v0, sum + key[band(rsh(sum,11),3)]) + v1, 0xFFFFFFFF)
end end
v[0]=v0 v[0] = v0
v[1]=v1 v[1] = v1
end end
local function xteaDecrypt(num_rounds, v, key) local function xteaDecrypt(num_rounds, v, key)
@ -89,8 +106,8 @@ local function xteaDecrypt(num_rounds, v, key)
-- v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]); -- v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
v0 = band(v0 - bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]), 0xFFFFFFFF) v0 = band(v0 - bxor(bxor(lsh(v1,4), rsh(v1,5)) + v1, sum + key[band(sum,3)]), 0xFFFFFFFF)
end end
v[0]=v0 v[0] = v0
v[1]=v1 v[1] = v1
end end
local function createxteakey(mfuid) local function createxteakey(mfuid)
@ -150,7 +167,7 @@ local function readtag(mfkey,xteakey)
-- Read 4 sectors and build table -- Read 4 sectors and build table
for sect = 8, 11 do for sect = 8, 11 do
for blockn = sect*4, (sect*4)+2 do for blockn = sect * 4, (sect * 4) + 2 do
local blockdata = readblock(blockn, mfkey) local blockdata = readblock(blockn, mfkey)
if not blockdata then return oops('[!] failed reading block') end if not blockdata then return oops('[!] failed reading block') end
table.insert(tagdata, blockdata) table.insert(tagdata, blockdata)
@ -160,17 +177,17 @@ local function readtag(mfkey,xteakey)
-- Decrypt data and build clear table -- Decrypt data and build clear table
for key,value in ipairs(tagdata) do for key,value in ipairs(tagdata) do
local clearblockdata local clearblockdata
v[0]=utils.SwapEndianness(value:sub(1,8),32) v[0] = utils.SwapEndianness(value:sub(1, 8), 32)
v[1]=utils.SwapEndianness(value:sub(9,16),32) v[1] = utils.SwapEndianness(value:sub(9, 16), 32)
xteaDecrypt(16, v, xteakey) xteaDecrypt(16, v, xteakey)
vv[0]=utils.SwapEndianness(value:sub(17,24),32) vv[0] = utils.SwapEndianness(value:sub(17, 24), 32)
vv[1]=utils.SwapEndianness(value:sub(25,32),32) vv[1] = utils.SwapEndianness(value:sub(25, 32), 32)
xteaDecrypt(16, vv, xteakey) xteaDecrypt(16, vv, xteakey)
clearblockdata=string.format("%08X%08X%08X%08X", clearblockdata=string.format("%08X%08X%08X%08X",
utils.SwapEndianness(string.format("%08X", v[0]),32), utils.SwapEndianness(string.format("%08X", v[0]), 32),
utils.SwapEndianness(string.format("%08X", v[1]),32), utils.SwapEndianness(string.format("%08X", v[1]), 32),
utils.SwapEndianness(string.format("%08X", vv[0]),32), utils.SwapEndianness(string.format("%08X", vv[0]), 32),
utils.SwapEndianness(string.format("%08X", vv[1]),32)) utils.SwapEndianness(string.format("%08X", vv[1]), 32))
table.insert(cleardata, clearblockdata) table.insert(cleardata, clearblockdata)
end end
@ -180,6 +197,12 @@ end
local function main(args) local function main(args)
-- Arguments for the script
for o, a in getopt.getopt(args, 'h') do
if o == 'h' then return help() end
end
local xteakey = {} local xteakey = {}
-- local v = {} -- local v = {}
local edata = {} local edata = {}
@ -207,7 +230,7 @@ local function main(args)
print(acblue.."UID: "..tag.uid..acoff) print(acblue.."UID: "..tag.uid..acoff)
print(acblue..string.format("XTEA key: %08X %08X %08X %08X", xteakey[0], xteakey[1], xteakey[2], xteakey[3])..acoff) print(acblue..string.format("XTEA key: %08X %08X %08X %08X", xteakey[0], xteakey[1], xteakey[2], xteakey[3])..acoff)
edata, cdata = readtag("415A54454B4D",xteakey) edata, cdata = readtag("415A54454B4D", xteakey)
if edata == nil or cdata == nil then if edata == nil or cdata == nil then
print("ERROR Reading tag!") print("ERROR Reading tag!")

18
client/luascripts/mfckeys.lua
View file

@ -13,10 +13,11 @@ local keylist = require('mfc_default_keys')
local lib14a = require('read14a') local lib14a = require('read14a')
local getopt = require('getopt') local getopt = require('getopt')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = "Holiman" author = "Holiman"
version = 'v1.0.1' version = 'v1.0.2'
desc = ("This script implements Mifare check keys.\ desc = ("This script implements Mifare check keys.\
It utilises a large list of default keys (currently %d keys).\ It utilises a large list of default keys (currently %d keys).\
If you want to add more, just put them inside /lualibs/mfc_default_keys.lua\n"):format(#keylist) If you want to add more, just put them inside /lualibs/mfc_default_keys.lua\n"):format(#keylist)
@ -24,7 +25,9 @@ example = [[
1. script run mfckeys 1. script run mfckeys
]] ]]
usage = [[ usage = [[
Arguments: script run mfckeys [-p]
]]
arguments = [[
-h : this help -h : this help
-p : print keys -p : print keys
]] ]]
@ -46,9 +49,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- waits for answer from pm3 device -- waits for answer from pm3 device
@ -269,8 +275,6 @@ end
-- The main entry point -- The main entry point
local function main(args) local function main(args)
local numSectors = 16
-- Arguments for the script -- Arguments for the script
for o, a in getopt.getopt(args, 'hp') do for o, a in getopt.getopt(args, 'hp') do
if o == 'h' then return help() end if o == 'h' then return help() end
@ -280,6 +284,8 @@ local function main(args)
tag, err = lib14a.read(false, true) tag, err = lib14a.read(false, true)
if not tag then return oops(err) end if not tag then return oops(err) end
local numSectors = 16
-- detect sectors and print taginfo -- detect sectors and print taginfo
numsectors = taginfo(tag) numsectors = taginfo(tag)

21
client/luascripts/mfu_magic.lua
View file

@ -2,6 +2,7 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local lib14a = require('read14a') local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
-- global -- global
local DEBUG = false -- the debug flag local DEBUG = false -- the debug flag
@ -11,10 +12,9 @@ local err_lock = 'use -k or change cfg0 block'
copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.' copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.'
author = 'Christian Herrmann' author = 'Christian Herrmann'
version = 'v1.1.2' version = 'v1.1.3'
desc = 'This script enables easy programming of a MAGIC NTAG 21* card' desc = 'This script enables easy programming of a MAGIC NTAG 21* card'
example = example = [[
[[
-- wipe tag -- wipe tag
script run mfu_magic -w script run mfu_magic -w
@ -36,12 +36,10 @@ example =
-- set signature -- set signature
script run mfu_magic -s 1122334455667788990011223344556677889900112233445566778899001122 script run mfu_magic -s 1122334455667788990011223344556677889900112233445566778899001122
]] ]]
usage = usage = [[
[[
Usage:
script run mfu_magic -h -k <passwd> -c -w -u <uid> -t <type> -p <passwd> -a <pack> -s <signature> -o <otp> -v <version> script run mfu_magic -h -k <passwd> -c -w -u <uid> -t <type> -p <passwd> -a <pack> -s <signature> -o <otp> -v <version>
]]
Arguments: arguments = [[
-h this help -h this help
-c read magic configuration -c read magic configuration
-u UID (14 hexsymbols), set UID on tag -u UID (14 hexsymbols), set UID on tag
@ -94,9 +92,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- set the global password variable -- set the global password variable

16
client/luascripts/mifare_access.lua
View file

@ -1,8 +1,9 @@
local getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = "Neuromancer" author = "Neuromancer"
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This script tries to decode Mifare Classic Access bytes This script tries to decode Mifare Classic Access bytes
]] ]]
@ -10,9 +11,9 @@ example = [[
1. script run mifare_access -a 7F0F0869 1. script run mifare_access -a 7F0F0869
]] ]]
usage = [[ usage = [[
script run mifare_access -h -a <access bytes> script run mifare_access [-h] [-a <access bytes>]
]]
Arguments: arguments = [[
-h : this help -h : this help
-a <access bytes> : 4 bytes ACCESS CONDITIONS -a <access bytes> : 4 bytes ACCESS CONDITIONS
]] ]]
@ -50,9 +51,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
local access_condition_sector_trailer = {} local access_condition_sector_trailer = {}

16
client/luascripts/mifare_autopwn.lua
View file

@ -2,20 +2,23 @@ local getopt = require('getopt')
local lib14a = require('read14a') local lib14a = require('read14a')
local cmds = require('commands') local cmds = require('commands')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = "Martin Holst Swende" author = "Martin Holst Swende"
version = 'v1.0.2' version = 'v1.0.3'
desc = [[ desc = [[
This is a script which automates cracking and dumping mifare classic cards. It sets itself into This is a script which automates cracking and dumping mifare classic cards. It sets itself into
'listening'-mode, after which it cracks and dumps any mifare classic card that you 'listening'-mode, after which it cracks and dumps any mifare classic card that you
place by the device. place by the device.
]] ]]
example = [[ example = [[
script run mifare_autopwn 1. script run mifare_autopwn
]] ]]
usage = [[ usage = [[
Arguments: script run mifare_autopwn [-h] [-d] [-k <key>]
]]
arguments = [[
-h this help -h this help
-d debug logging on -d debug logging on
-k known key for Sector 0 , keytype A -k known key for Sector 0 , keytype A
@ -61,9 +64,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- Waits for a mifare card to be placed within the vicinity of the reader. -- Waits for a mifare card to be placed within the vicinity of the reader.

22
client/luascripts/mifareplus.lua
View file

@ -1,12 +1,12 @@
local cmds = require('commands') local cmds = require('commands')
local lib14a = require('read14a') local lib14a = require('read14a')
local getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Dominic Celiano' author = 'Dominic Celiano'
version = 'v1.0.1' version = 'v1.0.2'
desc = desc = [[
[[
Purpose: Lua script to communicate with the Mifare Plus EV1, including personalization (setting the keys) and proximity check. Manually edit the file to add to the commands you can send the card. Purpose: Lua script to communicate with the Mifare Plus EV1, including personalization (setting the keys) and proximity check. Manually edit the file to add to the commands you can send the card.
Please read the NXP manual before running this script to prevent making irreversible changes. Also note: Please read the NXP manual before running this script to prevent making irreversible changes. Also note:
- The Mifare Plus must start in SL0 for personalization. Card can then be moved to SL1 or SL3. - The Mifare Plus must start in SL0 for personalization. Card can then be moved to SL1 or SL3.
@ -15,13 +15,12 @@ Please read the NXP manual before running this script to prevent making irrevers
Small changes can be to made this script to communicate with the Mifare Plus S, X, or SE. Small changes can be to made this script to communicate with the Mifare Plus S, X, or SE.
]] ]]
example = [[ example = [[
-- default 1. script run mifareplus
script run mifareplus
]] ]]
usage = [[ usage = [[
script run mifareplus -h script run mifareplus [-h]
]]
Arguments: arguments = [[
-h : this help -h : this help
]] ]]
@ -57,9 +56,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- Used to send raw data to the firmware to subsequently forward the data to the card. -- Used to send raw data to the firmware to subsequently forward the data to the card.

16
client/luascripts/ndef_dump.lua
View file

@ -2,11 +2,12 @@ local getopt = require('getopt')
local cmds = require('commands') local cmds = require('commands')
local lib14a = require('read14a') local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
-- --
-- Refactored iceman, 2019 -- Refactored iceman, 2019
copyright = '' copyright = ''
author = 'Martin Holst Swende & Asper' author = 'Martin Holst Swende & Asper'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This script will automatically recognize and dump full content of a NFC NDEF Initialized tag; non-initialized tags will be ignored. This script will automatically recognize and dump full content of a NFC NDEF Initialized tag; non-initialized tags will be ignored.
@ -23,9 +24,9 @@ example = [[
1. script run ndef_dump 1. script run ndef_dump
]] ]]
usage = [[ usage = [[
script run ndef_dump script run ndef_dump [-h] [-d] [-v]
]]
Arguments: arguments = [[
-h this help -h this help
-d debug logging on -d debug logging on
-v verbose output (from ndef parsing) -v verbose output (from ndef parsing)
@ -63,9 +64,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Sends an instruction to do nothing, only disconnect -- Sends an instruction to do nothing, only disconnect

16
client/luascripts/ntag_3d.lua
View file

@ -1,10 +1,11 @@
local getopt = require('getopt') local getopt = require('getopt')
local lib14a = require('read14a') local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.' copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.'
author = "Christian Herrmann" author = "Christian Herrmann"
version = 'v1.0.4' version = 'v1.0.5'
desc = [[ desc = [[
This script writes a empty template for 3D printing system onto a empty NTAG213 or MAGIC NTAG21* This script writes a empty template for 3D printing system onto a empty NTAG213 or MAGIC NTAG21*
@ -21,9 +22,9 @@ example =[[
script run ntag_3d -u 11223344556677 -c 46 -m 50 -p 5448 -s 4555 -l 200 -1 script run ntag_3d -u 11223344556677 -c 46 -m 50 -p 5448 -s 4555 -l 200 -1
]] ]]
usage = [[ usage = [[
script run ntag_3d -h -t -u <uid> -c <color> -m <material> -p <region> -s <region> -l <length> script run ntag_3d [-h] [-t] [-u <uid>] [-c <color>] [-m <material>] [-p <region>] [-s <region>] [-l <length>]
]]
Arguments: arguments = [[
-h : this help -h : this help
-t : selftest -t : selftest
-u <UID> : UID -u <UID> : UID
@ -168,9 +169,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

23
client/luascripts/parameters.lua
View file

@ -1,19 +1,31 @@
-- The getopt-functionality is loaded from pm3/getopt.lua -- The getopt-functionality is loaded from pm3/getopt.lua
-- Have a look there for further details -- Have a look there for further details
getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
usage = 'script run parameters.lua -a 1 -blala -c -de' usage = 'script run parameters.lua -a 1 -blala -c -de'
author = 'Martin Holst Swende' author = 'Martin Holst Swende'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This is an example script to demonstrate handle parameters in scripts. This is an example script to demonstrate handle parameters in scripts.
For more info, check the comments in the code For more info, check the comments in the code
]] ]]
example = [[ example = [[
1. script run parameters -a mytestparam_input -c
]] ]]
usage = [[ usage = [[
script run parameters [-h] [-a <txt>] [-b <txt>] [-c] [-d] [-e]
]] ]]
arguments = [[
-h This help
-a <txt> text
-b <txt> text
-c test param w/o input
-d test param w/o input
-e test param w/o input
]]
--- ---
-- Usage help -- Usage help
local function help() local function help()
@ -21,9 +33,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
local function main(args) local function main(args)

26
client/luascripts/read_pwd_mem.lua
View file

@ -1,11 +1,11 @@
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2018 Bogito. All rights reserved.' copyright = 'Copyright (c) 2018 Bogito. All rights reserved.'
author = 'Bogito' author = 'Bogito'
version = 'v1.0.3' version = 'v1.0.4'
desc = desc = [[
[[
This script will read the flash memory of RDV4 and print the stored passwords/keys. This script will read the flash memory of RDV4 and print the stored passwords/keys.
It was meant to be used as a help tool after using the BogRun standalone mode before SPIFFS. It was meant to be used as a help tool after using the BogRun standalone mode before SPIFFS.
@ -13,8 +13,7 @@ You should now use read_pwd_mem_spiffs instead after the updated BogRun standalo
(Iceman) script adapted to read and print keys in the default dictionary flashmemory sections. (Iceman) script adapted to read and print keys in the default dictionary flashmemory sections.
]] ]]
example = example = [[
[[
-- This will scan the first 256 bytes of flash memory for stored passwords -- This will scan the first 256 bytes of flash memory for stored passwords
script run read_pwd_mem script run read_pwd_mem
@ -33,12 +32,10 @@ example =
-- This will print the stored iClass dictionary keys -- This will print the stored iClass dictionary keys
script run read_pwd_mem -i script run read_pwd_mem -i
]] ]]
usage = usage = [[
[[ script run read_pwd_mem [-h] [-o <offset>] [-l <length>] [-k <keylength>] [-m] [-t] [-i]
Usage: ]]
script run read_pwd_mem -h -o <offset> -l <length> -k <keylength> arguments = [[
Arguments:
-h : this help -h : this help
-o <offset> : memory offset, default is 0 -o <offset> : memory offset, default is 0
-l <length> : length in bytes, default is 256 -l <length> : length in bytes, default is 256
@ -61,9 +58,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- The main entry point -- The main entry point

26
client/luascripts/read_pwd_mem_spiffs.lua
View file

@ -1,16 +1,15 @@
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local ansicolors = require('ansicolors')
copyright = 'Copyright (c) 2019 Bogito. All rights reserved.' copyright = 'Copyright (c) 2019 Bogito. All rights reserved.'
author = 'Bogito' author = 'Bogito'
version = 'v1.1.1' version = 'v1.1.2'
desc = desc = [[
[[
This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords. This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords.
It was meant to be used as a help tool after using the BogRun standalone mode. It was meant to be used as a help tool after using the BogRun standalone mode.
]] ]]
example = example = [[
[[
-- This will read the hf_bog.log file in SPIFFS and print the stored passwords -- This will read the hf_bog.log file in SPIFFS and print the stored passwords
script run read_pwd_mem_spiffs script run read_pwd_mem_spiffs
@ -20,12 +19,10 @@ example =
-- This will delete the hf_bog.log file from SPIFFS -- This will delete the hf_bog.log file from SPIFFS
script run read_pwd_mem_spiffs -r script run read_pwd_mem_spiffs -r
]] ]]
usage = usage = [[
[[ script run read_pwd_mem_spiffs [-h] [-f <filename>] [-r]
Usage: ]]
script run read_pwd_mem_spiffs -h -f <filename> -r arguments = [[
Arguments:
-h : this help -h : this help
-f <filename> : filename in SPIFFS -f <filename> : filename in SPIFFS
-r : delete filename from SPIFFS -r : delete filename from SPIFFS
@ -44,9 +41,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- The main entry point -- The main entry point

19
client/luascripts/remagic.lua
View file

@ -1,10 +1,10 @@
local getopt = require('getopt') local getopt = require('getopt')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc = desc = [[
[[
This is a script that tries to bring back a chinese magic card (1k generation1) This is a script that tries to bring back a chinese magic card (1k generation1)
from the dead when it's block 0 has been written with bad values. from the dead when it's block 0 has been written with bad values.
or mifare Ultralight magic card which answers to chinese backdoor commands or mifare Ultralight magic card which answers to chinese backdoor commands
@ -15,9 +15,9 @@ example = [[
]] ]]
usage = [[ usage = [[
script run remagic script run remagic [-h] [-u]
]]
Arguments: arguments = [[
-h this help -h this help
-u remagic a Ultralight tag w 7 bytes UID. -u remagic a Ultralight tag w 7 bytes UID.
]] ]]
@ -49,9 +49,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
local function cmdUltralight() local function cmdUltralight()

17
client/luascripts/test_t55x7.lua
View file

@ -2,13 +2,14 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
local format = string.format local format = string.format
local floor = math.floor local floor = math.floor
copyright = '' copyright = ''
author = "Iceman" author = "Iceman"
version = 'v1.0.1' version = 'v1.0.2'
desc =[[ desc =[[
This script will program a T55x7 TAG with a configuration and four blocks of data. This script will program a T55x7 TAG with a configuration and four blocks of data.
It will then try to detect and read back those block data and compare if read data matches the expected data. It will then try to detect and read back those block data and compare if read data matches the expected data.
@ -32,10 +33,9 @@ example = [[
1. script run test_t55x7 1. script run test_t55x7
]] ]]
usage = [[ usage = [[
script run test_t55x7 [-h]
script run test_t55x7 ]]
arguments = [[
Arguments:
-h this help -h this help
]] ]]
@ -79,9 +79,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print("Example usage") print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- Exit message -- Exit message

18
client/luascripts/test_t55x7_ask.lua
View file

@ -2,14 +2,15 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
local format=string.format local format=string.format
local floor=math.floor local floor=math.floor
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc =[[ desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following: The outlined procedure is as following:
@ -41,9 +42,9 @@ example =[[
1. script run test_t55x7_ask 1. script run test_t55x7_ask
]] ]]
usage = [[ usage = [[
script run test_t55x7_ask script run test_t55x7_ask [-h]
]]
Arguments: arguments = [[
-h : this help -h : this help
]] ]]
@ -87,9 +88,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

16
client/luascripts/test_t55x7_bi.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00010040
The outlined procedure is as following: The outlined procedure is as following:
@ -35,9 +36,9 @@ example = [[
1. script run test_t55x7_bi 1. script run test_t55x7_bi
]] ]]
usage = [[ usage = [[
script run test_t55x7_bi script run test_t55x7_bi [-h]
]]
Arguments: arguments = [[
-h : this help -h : this help
]] ]]
@ -81,9 +82,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

16
client/luascripts/test_t55x7_fsk.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x000100
The outlined procedure is as following: The outlined procedure is as following:
@ -37,9 +38,9 @@ example = [[
1. script run test_t55x7_fsk 1. script run test_t55x7_fsk
]] ]]
usage = [[ usage = [[
script run test_t55x7_fsk script run test_t55x7_fsk [-h]
]]
Arguments: arguments = [[
-h : this help -h : this help
]] ]]
@ -83,9 +84,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

16
client/luascripts/test_t55x7_psk.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040 This script will program a T55x7 TAG with the configuration: block 0x00 data 0x00088040
The outlined procedure is as following: The outlined procedure is as following:
@ -33,9 +34,9 @@ example = [[
2. script run test_t55x7_psk -o 2. script run test_t55x7_psk -o
]] ]]
usage = [[ usage = [[
script run test_t55x7_psk script run test_t55x7_psk [-h]
]]
Arguments: arguments = [[
-h : this help -h : this help
]] ]]
@ -82,9 +83,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

20
client/luascripts/tnp3clone.lua
View file

@ -4,6 +4,7 @@ local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local pre = require('precalc') local pre = require('precalc')
local toys = require('default_toys') local toys = require('default_toys')
local ansicolors = require('ansicolors')
local lsh = bit32.lshift local lsh = bit32.lshift
local rsh = bit32.rshift local rsh = bit32.rshift
@ -12,11 +13,11 @@ local band = bit32.band
copyright = '' copyright = ''
author = "Iceman" author = "Iceman"
version = 'v1.0.1' version = 'v1.0.2'
desc =[[ desc = [[
This script will try making a barebone clone of a tnp3 tag on to a magic generation1 card. This script will try making a barebone clone of a tnp3 tag on to a magic generation1 card.
]] ]]
example =[[ example = [[
script run tnp3clone script run tnp3clone
script run tnp3clone -h script run tnp3clone -h
script run tnp3clone -l script run tnp3clone -l
@ -24,9 +25,9 @@ example =[[
]] ]]
usage = [[ usage = [[
script run tnp3clone -t <toytype> -s <subtype> script run tnp3clone [-h] [-t <toytype>] [-s <subtype>]
]]
Arguments: arguments = [[
-h : this help -h : this help
-l : list all known toy tokens -l : list all known toy tokens
-t <data> : toytype id, 4hex symbols -t <data> : toytype id, 4hex symbols
@ -56,9 +57,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
--- ---
-- decode response and get the blockdata from a normal mifare read command -- decode response and get the blockdata from a normal mifare read command

18
client/luascripts/tnp3dump.lua
View file

@ -6,11 +6,12 @@ local utils = require('utils')
local md5 = require('md5') local md5 = require('md5')
local dumplib = require('html_dumplib') local dumplib = require('html_dumplib')
local toys = require('default_toys') local toys = require('default_toys')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc =[[ desc = [[
This script will try to dump the contents of a Mifare TNP3xxx card. This script will try to dump the contents of a Mifare TNP3xxx card.
It will need a valid KeyA in order to find the other keys and decode the card. It will need a valid KeyA in order to find the other keys and decode the card.
]] ]]
@ -26,9 +27,9 @@ example = [[
script run tnp3dump -k aabbccddeeff -n -o myfile script run tnp3dump -k aabbccddeeff -n -o myfile
]] ]]
usage = [[ usage = [[
script run tnp3dump -k <key> -n -p -o <filename> script run tnp3dump [-h] [-k <key>] [-n] [-p] [-o <filename>]
]]
Arguments: arguments = [[
-h : this help -h : this help
-k <key> : Sector 0 Key A. -k <key> : Sector 0 Key A.
-n : Use the nested cmd to find all keys -n : Use the nested cmd to find all keys
@ -69,9 +70,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

20
client/luascripts/tnp3sim.lua
View file

@ -6,25 +6,26 @@ local utils = require('utils')
local md5 = require('md5') local md5 = require('md5')
local toys = require('default_toys') local toys = require('default_toys')
local pre = require('precalc') local pre = require('precalc')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc =[[ desc = [[
This script will try to load a binary datadump of a Mifare TNP3xxx card. This script will try to load a binary datadump of a Mifare TNP3xxx card.
It vill try to validate all checksums and view some information stored in the dump It vill try to validate all checksums and view some information stored in the dump
For an experimental mode, it tries to manipulate some data. For an experimental mode, it tries to manipulate some data.
At last it sends all data to the PM3 device memory where it can be used in the command "hf mf sim" At last it sends all data to the PM3 device memory where it can be used in the command "hf mf sim"
]] ]]
example =[[ example = [[
1. script run tnp3sim 1. script run tnp3sim
2. script run tnp3sim -m 2. script run tnp3sim -m
3. script run tnp3sim -m -i myfile 3. script run tnp3sim -m -i myfile
]] ]]
usage = [[ usage = [[
script run tnp3sim -h -m -i <filename> script run tnp3sim [-h] [-m] [-i <filename>]
]]
Arguments: arguments = [[
-h : this help -h : this help
-m : Maxed out items (experimental) -m : Maxed out items (experimental)
-i : filename for the datadump to read (bin) -i : filename for the datadump to read (bin)
@ -70,9 +71,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

22
client/luascripts/tracetest.lua
View file

@ -3,11 +3,12 @@ local getopt = require('getopt')
local bin = require('bin') local bin = require('bin')
local utils = require('utils') local utils = require('utils')
local dumplib = require('html_dumplib') local dumplib = require('html_dumplib')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc =[[ desc = [[
This script will load several traces files in ../traces/ folder and do This script will load several traces files in ../traces/ folder and do
"data load" "data load"
"lf search 1 u" "lf search 1 u"
@ -16,13 +17,13 @@ The following tracefiles will be loaded:
em*.pm3 em*.pm3
m*.pm3 m*.pm3
]] ]]
example =[[ example = [[
script run tracetest 1. script run tracetest
]] ]]
usage = [[ usage = [[
script run tracetest -h script run tracetest [-h]
]]
Arguments: arguments = [[
-h : this help -h : this help
]] ]]
local DEBUG = true -- the debug flag local DEBUG = true -- the debug flag
@ -54,9 +55,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
-- Exit message -- Exit message

20
client/luascripts/ufodump.lua
View file

@ -2,10 +2,11 @@ local cmds = require('commands')
local getopt = require('getopt') local getopt = require('getopt')
local lib14a = require('read14a') local lib14a = require('read14a')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = 'Iceman' author = 'Iceman'
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This is a script that reads AZTEK ISO14443a tags. This is a script that reads AZTEK ISO14443a tags.
It starts from block 0 and ends at default block 20. Use 'b' to say different endblock. It starts from block 0 and ends at default block 20. Use 'b' to say different endblock.
@ -19,11 +20,11 @@ example = [[
script run ufodump -b 10 script run ufodump -b 10
]] ]]
usage = [[ usage = [[
script run ufudump -h -b script run ufudump [-h] [-b]
]]
Arguments: arguments = [[
h this helptext -h This help
b endblock in decimal (1-255, default 20) -b endblock in decimal (1-255, default 20)
]] ]]
-- Some globals -- Some globals
@ -56,9 +57,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
--- Picks out and displays the data read from a tag --- Picks out and displays the data read from a tag

16
client/luascripts/ul_uid.lua
View file

@ -1,9 +1,10 @@
local getopt = require('getopt') local getopt = require('getopt')
local utils = require('utils') local utils = require('utils')
local ansicolors = require('ansicolors')
copyright = '' copyright = ''
author = "Iceman" author = "Iceman"
version = 'v1.0.1' version = 'v1.0.2'
desc = [[ desc = [[
This script tries to set UID on a mifare Ultralight magic card which either This script tries to set UID on a mifare Ultralight magic card which either
- answers to chinese backdoor commands - answers to chinese backdoor commands
@ -17,9 +18,9 @@ example = [[
script run ul_uid -b -u 11223344556677 script run ul_uid -b -u 11223344556677
]] ]]
usage = [[ usage = [[
script run ul_uid -h -b -u <uid> script run ul_uid [-h] [-b] [-u <uid>]
]]
Arguments: arguments = [[
-h : this help -h : this help
-u <UID> : UID (14 hexsymbols) -u <UID> : UID (14 hexsymbols)
-b : write to brickable magic tag -b : write to brickable magic tag
@ -55,9 +56,12 @@ local function help()
print(author) print(author)
print(version) print(version)
print(desc) print(desc)
print('Example usage') print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(example)
print(usage) print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end end
-- --
--- Set UID on magic command enabled --- Set UID on magic command enabled