github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #471 from bogiton/master

Browse source 
read_pwd_mem lua scripts update
This commit is contained in:
Iceman 2019-11-08 20:23:34 +01:00 committed by GitHub
commit ed0bbe45f3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
armsrc/Standalone/hf_bog.c
View file

@ -249,5 +249,5 @@ void RunMod() {
LEDsoff(); LEDsoff();
SpinDelay(300); SpinDelay(300);
Dbprintf("- [ End ] -> You can take shell back ..."); Dbprintf("- [ End ] -> You can take shell back ...");
Dbprintf("- [ ! ] -> use 'script run read_pwd_mem' to print passwords"); Dbprintf("- [ ! ] -> use 'script run read_pwd_mem_spiffs' to print passwords");
} }

19
client/luascripts/read_pwd_mem.lua
View file

@ -3,11 +3,13 @@ local bin = require('bin')
copyright = 'Copyright (c) 2018 Bogito. All rights reserved.' copyright = 'Copyright (c) 2018 Bogito. All rights reserved.'
author = 'Bogito' author = 'Bogito'
version = 'v1.0.2' version = 'v1.0.3'
desc = desc =
[[ [[
This script will read the flash memory of RDV4 and print the stored passwords. This script will read the flash memory of RDV4 and print the stored passwords/keys.
It was meant to be used as a help tool after using the BogRun standalone mode.
It was meant to be used as a help tool after using the BogRun standalone mode before SPIFFS.
You should now use read_pwd_mem_spiffs instead after the updated BogRun standalone mode.
(Iceman) script adapted to read and print keys in the default dictionary flashmemory sections. (Iceman) script adapted to read and print keys in the default dictionary flashmemory sections.
]] ]]
@ -22,8 +24,14 @@ example =
-- This will scan 32 bytes of flash memory at offset 64 for stored passwords -- This will scan 32 bytes of flash memory at offset 64 for stored passwords
script run read_pwd_mem -o 64 -l 32 script run read_pwd_mem -o 64 -l 32
-- This will print found -- This will print the stored Mifare dictionary keys
script run read_pwd_mem -o 241664 -k 6 script run read_pwd_mem -m
-- This will print the stored t55xx dictionary passwords
script run read_pwd_mem -t
-- This will print the stored iClass dictionary keys
script run read_pwd_mem -i
]] ]]
usage = usage =
[[ [[
@ -66,7 +74,6 @@ local function main(args)
print() print()
local data, err, quadlet local data, err, quadlet
local cnt = 0
local offset = 0 local offset = 0
local length = 256 local length = 256
local keylength = 4 local keylength = 4

49
client/luascripts/read_pwd_mem_spiffs.lua
View file

@ -3,7 +3,7 @@ local bin = require('bin')
copyright = 'Copyright (c) 2019 Bogito. All rights reserved.' copyright = 'Copyright (c) 2019 Bogito. All rights reserved.'
author = 'Bogito' author = 'Bogito'
version = 'v1.1.0' version = 'v1.1.1'
desc = desc =
[[ [[
This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords. This script will read the flash memory of RDV4 using SPIFFS and print the stored passwords.
@ -16,15 +16,19 @@ example =
-- This will read the other.log file in SPIFFS and print the stored passwords -- This will read the other.log file in SPIFFS and print the stored passwords
script run read_pwd_mem_spiffs -f other.log script run read_pwd_mem_spiffs -f other.log
-- This will delete the hf_bog.log file from SPIFFS
script run read_pwd_mem_spiffs -r
]] ]]
usage = usage =
[[ [[
Usage: Usage:
script run read_pwd_mem_spiffs -h -f <filename> script run read_pwd_mem_spiffs -h -f <filename> -r
Arguments: Arguments:
-h : this help -h : this help
-f <filename> : filename in SPIFFS -f <filename> : filename in SPIFFS
-r : delete filename from SPIFFS
]] ]]
--- ---
-- This is only meant to be used when errors occur -- This is only meant to be used when errors occur
@ -49,16 +53,15 @@ end
local function main(args) local function main(args)
print( string.rep('--',20) ) print( string.rep('--',20) )
print('Read passwords stored in memory (SPIFFS)') print('Read passwords stored in memory (SPIFFS)')
print( string.rep('--',20) ) print( string.rep('--',20) )
print() print()
local data, length, err local data, length, err, removeflag
local cnt = 0
local filename = 'hf_bog.log' local filename = 'hf_bog.log'
local keylength = 4 local keylength = 4
for o, a in getopt.getopt(args, 'f:h') do for o, a in getopt.getopt(args, 'rf:h') do
-- help -- help
if o == 'h' then return help() end if o == 'h' then return help() end
@ -66,25 +69,33 @@ local function main(args)
-- offset -- offset
if o == 'f' then filename = a end if o == 'f' then filename = a end
end -- remove
if o == 'r' then removeflag = true end
end
if removeflag then
print('Deleting file '..filename.. ' from SPIFFS if exists')
core.console("mem spiffs remove " ..filename)
return
end
data, length, err = core.GetFromFlashMemSpiffs(filename) data, length, err = core.GetFromFlashMemSpiffs(filename)
if data == nil then return oops('Problem while reading file from SPIFFS') end if data == nil then return oops('Problem while reading file from SPIFFS') end
--print('Filename', filename) --print('Filename', filename)
--print('Filesize (B)', length) --print('Filesize (B)', length)
_, s = bin.unpack('H'..length, data) _, s = bin.unpack('H'..length, data)
local cnt = 0, i local cnt = 0, i
for i = 1, length/keylength do for i = 1, length/keylength do
key = string.sub(s, (i-1)*8+1, i*8) key = string.sub(s, (i-1)*8+1, i*8)
if key == 'FFFFFFFF' then break end print(string.format('[%02d] %s',i, key))
print(string.format('[%02d] %s',i, key)) cnt = cnt + 1
cnt = cnt + 1 end
end print( string.rep('--',20) )
print( string.rep('--',20) ) print( ('[+] found %d passwords'):format(cnt))
print( ('[+] found %d passwords'):format(cnt))
end end