diff --git a/armsrc/Makefile b/armsrc/Makefile index c0703ccf4..4a088cbf6 100644 --- a/armsrc/Makefile +++ b/armsrc/Makefile @@ -46,6 +46,7 @@ SRC_CRC = crc.c crc16.c crc32.c SRC_ICLASS = iclass.c optimized_cipherutils.c optimized_ikeys.c optimized_elite.c optimized_cipher.c SRC_LEGIC = legicrf.c legicrfsim.c legic_prng.c SRC_NFCBARCODE = thinfilm.c +SRC_BRUTEFORCE = bruteforce.c # SRC_BEE = bee.c @@ -143,6 +144,7 @@ THUMBSRC = start.c \ $(SRC_FELICA) \ $(SRC_STANDALONE) \ $(SRC_ZX) \ + $(SRC_BRUTEFORCE) \ appmain.c \ printf.c \ dbprint.c \ diff --git a/armsrc/em4x50.c b/armsrc/em4x50.c index ed1fdad0e..5043d753b 100644 --- a/armsrc/em4x50.c +++ b/armsrc/em4x50.c @@ -633,12 +633,21 @@ static int login(uint32_t password) { return PM3_EFAILED; } -// searching for password in given range -static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) { +// searching for password using chosen bruteforce algorithm +static bool brute(em4x50_data_t *etd, uint32_t *pwd) { + + generator_context_t ctx; bool pwd_found = false; + int generator_ret = 0; int cnt = 0; - for (*pwd = start; *pwd <= stop; (*pwd)++) { + bf_generator_init(&ctx, etd->bruteforce_mode); + + if(etd->bruteforce_mode == BRUTEFORCE_MODE_CHARSET) + bf_generator_set_charset(&ctx, etd->bruteforce_charset); + + while ( (generator_ret=bf_generate32(&ctx)) == GENERATOR_NEXT) { + *pwd = ctx.current_key32; WDT_HIT(); @@ -715,7 +724,7 @@ void em4x50_brute(em4x50_data_t *etd, bool ledcontrol) { LED_C_OFF(); LED_D_ON(); } - bsuccess = brute(etd->password1, etd->password2, &pwd); + bsuccess = brute(etd, &pwd); } if (ledcontrol) LEDsoff(); diff --git a/common/bruteforce.c b/common/bruteforce.c index 1d5535277..62d411240 100644 --- a/common/bruteforce.c +++ b/common/bruteforce.c @@ -28,12 +28,12 @@ uint8_t charset_uppercase[] = { 'X', 'Y', 'Z' }; -void generator_init(generator_context_t* ctx, uint8_t mode){ +void bf_generator_init(generator_context_t* ctx, uint8_t mode){ memset(ctx, 0, sizeof(generator_context_t)); ctx->mode = mode; } -int generator_set_charset(generator_context_t* ctx, uint8_t charsets){ +int bf_generator_set_charset(generator_context_t* ctx, uint8_t charsets){ if (ctx->mode != BRUTEFORCE_MODE_CHARSET){ return -1; } @@ -47,19 +47,23 @@ int generator_set_charset(generator_context_t* ctx, uint8_t charsets){ memcpy(ctx->charset+ctx->charset_length, charset_uppercase, sizeof(charset_uppercase)); ctx->charset_length += sizeof(charset_uppercase); } + + return 0; } -int generate32(generator_context_t *ctx){ +int bf_generate32(generator_context_t *ctx){ switch(ctx->mode){ case BRUTEFORCE_MODE_RANGE: - return _generate_mode_range32(ctx); + return _bf_generate_mode_range32(ctx); case BRUTEFORCE_MODE_CHARSET: - return _generate_mode_charset32(ctx); + return _bf_generate_mode_charset32(ctx); } + + return GENERATOR_ERROR; } -int _generate_mode_range32(generator_context_t *ctx){ +int _bf_generate_mode_range32(generator_context_t *ctx){ if(ctx->current_key32 >= ctx->range_high){ return GENERATOR_END; @@ -77,22 +81,16 @@ int _generate_mode_range32(generator_context_t *ctx){ return GENERATOR_NEXT; } -int _generate_mode_charset32(generator_context_t *ctx){ +int _bf_generate_mode_charset32(generator_context_t *ctx){ if(ctx->flag1) return GENERATOR_END; - char str[5]; - for (int i = 0; i < 5;i++) - str[i] = ctx->charset[ctx->pos[i]]; - str[4] = 0; - printf("%s\n", str); - ctx->current_key32 = ctx->charset[ctx->pos[0]] << 24 | ctx->charset[ctx->pos[1]] << 16 | ctx->charset[ctx->pos[2]] << 8 | ctx->charset[ctx->pos[3]]; - if(array_increment(ctx->pos, 4, ctx->charset_length) == -1) + if(bf_array_increment(ctx->pos, 4, ctx->charset_length) == -1) // set flag1 to emit value last time and end generation ctx->flag1 = true; @@ -102,7 +100,7 @@ int _generate_mode_charset32(generator_context_t *ctx){ // increments values in array with carryover using modulo limit for each byte // this is used to iterate each byte in key over charset table // returns -1 if incrementing reaches its end -int array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo){ +int bf_array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo){ uint8_t prev_value; diff --git a/common/bruteforce.h b/common/bruteforce.h index f01cfd3ca..b8ed3d9ca 100644 --- a/common/bruteforce.h +++ b/common/bruteforce.h @@ -13,11 +13,11 @@ // // See LICENSE.txt for the text of the license. //----------------------------------------------------------------------------- -// functions for bruteforcing card keys +// functions for bruteforcing card keys - key generators //----------------------------------------------------------------------------- -#ifndef __BRUTEFORCE_H -#define __BRUTEFORCE_H +#ifndef BRUTEFORCE_H__ +#define BRUTEFORCE_H__ #include "common.h" @@ -69,11 +69,11 @@ typedef struct { } generator_context_t; -void generator_init(generator_context_t *ctx, uint8_t mode); -int generator_set_charset(generator_context_t *ctx, uint8_t charsets); -int generate32(generator_context_t *ctx); -int _generate_mode_range32(generator_context_t *ctx); -int _generate_mode_charset32(generator_context_t *ctx); -int _generate_mode_smart32(generator_context_t *ctx); -int array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo); -#endif \ No newline at end of file +void bf_generator_init(generator_context_t *ctx, uint8_t mode); +int bf_generator_set_charset(generator_context_t *ctx, uint8_t charsets); +int bf_generate32(generator_context_t *ctx); +int _bf_generate_mode_range32(generator_context_t *ctx); +int _bf_generate_mode_charset32(generator_context_t *ctx); +int _bf_generate_mode_smart32(generator_context_t *ctx); +int bf_array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo); +#endif // BRUTEFORCE_H__ \ No newline at end of file