diff --git a/armsrc/Standalone/hf_bog.c b/armsrc/Standalone/hf_bog.c index ac0bb7749..d1cc2e202 100644 --- a/armsrc/Standalone/hf_bog.c +++ b/armsrc/Standalone/hf_bog.c @@ -249,5 +249,5 @@ void RunMod() { LEDsoff(); SpinDelay(300); Dbprintf("- [ End ] -> You can take shell back ..."); - Dbprintf("- [ ! ] -> use 'script run read_pwd_mem' to print passwords"); + Dbprintf("- [ ! ] -> use 'script run read_pwd_mem_spiffs' to print passwords"); } diff --git a/client/luascripts/read_pwd_mem.lua b/client/luascripts/read_pwd_mem.lua index 4a097d26d..8456fd51f 100644 --- a/client/luascripts/read_pwd_mem.lua +++ b/client/luascripts/read_pwd_mem.lua @@ -3,11 +3,13 @@ local bin = require('bin') copyright = 'Copyright (c) 2018 Bogito. All rights reserved.' author = 'Bogito' -version = 'v1.0.2' +version = 'v1.0.3' desc = [[ -This script will read the flash memory of RDV4 and print the stored passwords. -It was meant to be used as a help tool after using the BogRun standalone mode. +This script will read the flash memory of RDV4 and print the stored passwords/keys. + +It was meant to be used as a help tool after using the BogRun standalone mode before SPIFFS. +You should now use read_pwd_mem_spiffs instead after the updated BogRun standalone mode. (Iceman) script adapted to read and print keys in the default dictionary flashmemory sections. ]] @@ -22,8 +24,14 @@ example = -- This will scan 32 bytes of flash memory at offset 64 for stored passwords script run read_pwd_mem -o 64 -l 32 - -- This will print found - script run read_pwd_mem -o 241664 -k 6 + -- This will print the stored Mifare dictionary keys + script run read_pwd_mem -m + + -- This will print the stored t55xx dictionary passwords + script run read_pwd_mem -t + + -- This will print the stored iClass dictionary keys + script run read_pwd_mem -i ]] usage = [[ @@ -66,7 +74,6 @@ local function main(args) print() local data, err, quadlet - local cnt = 0 local offset = 0 local length = 256 local keylength = 4 diff --git a/client/luascripts/read_pwd_mem_spiffs.lua b/client/luascripts/read_pwd_mem_spiffs.lua index d316d7766..33afa0fe9 100644 --- a/client/luascripts/read_pwd_mem_spiffs.lua +++ b/client/luascripts/read_pwd_mem_spiffs.lua @@ -3,7 +3,7 @@ local bin = require('bin') copyright = 'Copyright (c) 2019 Bogito. All rights reserved.' author = 'Bogito' -version = 'v1.1.0' +version = 'v1.1.1' desc = [[ This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords. @@ -16,15 +16,19 @@ example = -- This will read the other.log file in SPIFFS and print the stored passwords script run read_pwd_mem_spiffs -f other.log + + -- This will delete the hf_bog.log file from SPIFFS + script run read_pwd_mem_spiffs -r ]] usage = [[ Usage: - script run read_pwd_mem_spiffs -h -f + script run read_pwd_mem_spiffs -h -f -r Arguments: -h : this help -f : filename in SPIFFS + -r : delete filename from SPIFFS ]] --- -- This is only meant to be used when errors occur @@ -49,42 +53,49 @@ end local function main(args) print( string.rep('--',20) ) - print('Read passwords stored in memory (SPIFFS)') + print('Read passwords stored in memory (SPIFFS)') print( string.rep('--',20) ) print() - local data, length, err - local cnt = 0 + local data, length, err, removeflag local filename = 'hf_bog.log' - local keylength = 4 + local keylength = 4 - for o, a in getopt.getopt(args, 'f:h') do + for o, a in getopt.getopt(args, 'rf:h') do -- help if o == 'h' then return help() end -- offset if o == 'f' then filename = a end + + -- remove + if o == 'r' then removeflag = true end - end + end + if removeflag then + print('Deleting file '..filename.. ' from SPIFFS if exists') + core.console("mem spiffs remove " ..filename) + return + end + data, length, err = core.GetFromFlashMemSpiffs(filename) if data == nil then return oops('Problem while reading file from SPIFFS') end --print('Filename', filename) - --print('Filesize (B)', length) + --print('Filesize (B)', length) - _, s = bin.unpack('H'..length, data) + _, s = bin.unpack('H'..length, data) - local cnt = 0, i - for i = 1, length/keylength do - key = string.sub(s, (i-1)*8+1, i*8) - if key == 'FFFFFFFF' then break end - print(string.format('[%02d] %s',i, key)) - cnt = cnt + 1 - end - print( string.rep('--',20) ) - print( ('[+] found %d passwords'):format(cnt)) + local cnt = 0, i + for i = 1, length/keylength do + key = string.sub(s, (i-1)*8+1, i*8) + print(string.format('[%02d] %s',i, key)) + cnt = cnt + 1 + end + print( string.rep('--',20) ) + print( ('[+] found %d passwords'):format(cnt)) end