enable em4x50 bruteforce in proxmark firmware

armsrc/Makefile

@@ -46,6 +46,7 @@ SRC_CRC = crc.c crc16.c crc32.c
 SRC_ICLASS = iclass.c optimized_cipherutils.c optimized_ikeys.c optimized_elite.c optimized_cipher.c
 SRC_LEGIC = legicrf.c legicrfsim.c legic_prng.c
 SRC_NFCBARCODE = thinfilm.c
+SRC_BRUTEFORCE = bruteforce.c
 
 #   SRC_BEE = bee.c
 
@@ -143,6 +144,7 @@ THUMBSRC = start.c \
     $(SRC_FELICA) \
     $(SRC_STANDALONE) \
     $(SRC_ZX) \
+    $(SRC_BRUTEFORCE) \
     appmain.c \
     printf.c \
     dbprint.c \

armsrc/em4x50.c

@@ -633,12 +633,21 @@ static int login(uint32_t password) {
     return PM3_EFAILED;
 }
 
-// searching for password in given range
+// searching for password using chosen bruteforce algorithm
-static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
+static bool brute(em4x50_data_t *etd, uint32_t *pwd) {
+
+    generator_context_t ctx;
     bool pwd_found = false;
+    int generator_ret = 0;
     int cnt = 0;
 
-    for (*pwd = start; *pwd <= stop; (*pwd)++) {
+    bf_generator_init(&ctx, etd->bruteforce_mode);
+
+    if(etd->bruteforce_mode == BRUTEFORCE_MODE_CHARSET)
+        bf_generator_set_charset(&ctx, etd->bruteforce_charset);
+
+    while ( (generator_ret=bf_generate32(&ctx)) == GENERATOR_NEXT) {
+        *pwd = ctx.current_key32;
 
         WDT_HIT();
 
@@ -715,7 +724,7 @@ void em4x50_brute(em4x50_data_t *etd, bool ledcontrol) {
             LED_C_OFF();
             LED_D_ON();
         }
-        bsuccess = brute(etd->password1, etd->password2, &pwd);
+        bsuccess = brute(etd, &pwd);
     }
 
     if (ledcontrol) LEDsoff();

common/bruteforce.c

@@ -28,12 +28,12 @@ uint8_t charset_uppercase[] = {
     'X', 'Y', 'Z'
 };
 
-void generator_init(generator_context_t* ctx, uint8_t mode){
+void bf_generator_init(generator_context_t* ctx, uint8_t mode){
     memset(ctx, 0, sizeof(generator_context_t));
     ctx->mode = mode;
 }
 
-int generator_set_charset(generator_context_t* ctx, uint8_t charsets){
+int bf_generator_set_charset(generator_context_t* ctx, uint8_t charsets){
     if (ctx->mode != BRUTEFORCE_MODE_CHARSET){
         return -1;
     }
@@ -47,19 +47,23 @@ int generator_set_charset(generator_context_t* ctx, uint8_t charsets){
         memcpy(ctx->charset+ctx->charset_length, charset_uppercase, sizeof(charset_uppercase));
         ctx->charset_length += sizeof(charset_uppercase);
     }
+
+    return 0;
 }
 
-int generate32(generator_context_t *ctx){
+int bf_generate32(generator_context_t *ctx){
 
     switch(ctx->mode){
         case BRUTEFORCE_MODE_RANGE:
-            return _generate_mode_range32(ctx);
+            return _bf_generate_mode_range32(ctx);
         case BRUTEFORCE_MODE_CHARSET:
-            return _generate_mode_charset32(ctx);
+            return _bf_generate_mode_charset32(ctx);
         }
+
+        return GENERATOR_ERROR;
 }
 
-int _generate_mode_range32(generator_context_t *ctx){
+int _bf_generate_mode_range32(generator_context_t *ctx){
     
     if(ctx->current_key32 >= ctx->range_high){
         return GENERATOR_END;
@@ -77,22 +81,16 @@ int _generate_mode_range32(generator_context_t *ctx){
     return GENERATOR_NEXT;
 }
 
-int _generate_mode_charset32(generator_context_t *ctx){
+int _bf_generate_mode_charset32(generator_context_t *ctx){
 
     if(ctx->flag1)
         return GENERATOR_END;
 
-    char str[5];
-    for (int i = 0; i < 5;i++)
-        str[i] = ctx->charset[ctx->pos[i]];
-    str[4] = 0;
-    printf("%s\n", str);
-
     ctx->current_key32 = ctx->charset[ctx->pos[0]] << 24 | ctx->charset[ctx->pos[1]] << 16 |
                          ctx->charset[ctx->pos[2]] << 8 | ctx->charset[ctx->pos[3]];
 
     
-    if(array_increment(ctx->pos, 4, ctx->charset_length) == -1)
+    if(bf_array_increment(ctx->pos, 4, ctx->charset_length) == -1)
         // set flag1 to emit value last time and end generation
         ctx->flag1 = true;
     
@@ -102,7 +100,7 @@ int _generate_mode_charset32(generator_context_t *ctx){
 // increments values in array with carryover using modulo limit for each byte
 // this is used to iterate each byte in key over charset table
 // returns -1 if incrementing reaches its end
-int array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo){
+int bf_array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo){
     
     uint8_t prev_value;
 

common/bruteforce.h

@@ -13,11 +13,11 @@
 //
 // See LICENSE.txt for the text of the license.
 //-----------------------------------------------------------------------------
-// functions for bruteforcing card keys
+// functions for bruteforcing card keys - key generators
 //-----------------------------------------------------------------------------
 
-#ifndef __BRUTEFORCE_H
+#ifndef BRUTEFORCE_H__
-#define __BRUTEFORCE_H
+#define BRUTEFORCE_H__
 
 #include "common.h"
 
@@ -69,11 +69,11 @@ typedef struct {
 
 } generator_context_t;
 
-void generator_init(generator_context_t *ctx, uint8_t mode);
+void bf_generator_init(generator_context_t *ctx, uint8_t mode);
-int generator_set_charset(generator_context_t *ctx, uint8_t charsets);
+int bf_generator_set_charset(generator_context_t *ctx, uint8_t charsets);
-int generate32(generator_context_t *ctx);
+int bf_generate32(generator_context_t *ctx);
-int _generate_mode_range32(generator_context_t *ctx);
+int _bf_generate_mode_range32(generator_context_t *ctx);
-int _generate_mode_charset32(generator_context_t *ctx);
+int _bf_generate_mode_charset32(generator_context_t *ctx);
-int _generate_mode_smart32(generator_context_t *ctx);
+int _bf_generate_mode_smart32(generator_context_t *ctx);
-int array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo);
+int bf_array_increment(uint8_t *data, uint8_t data_len, uint8_t modulo);
-#endif
+#endif // BRUTEFORCE_H__