client/luascripts/data_mf_accessdecode.lua

   1 local getopt = require('getopt')
   2 local ansicolors  = require('ansicolors')
   3
   4 copyright = ''
   5 author = "Neuromancer"
   6 version = 'v1.0.2'
   7 desc = [[
   8 This script tries to decode Mifare Classic Access bytes
   9 ]]
  10 example = [[
  11     1. script run data_mf_accessdecode -a 7F0F0869
  12 ]]
  13 usage = [[
  14 script run data_mf_accessdecode [-h] [-a <access bytes>]
  15 ]]
  16 arguments = [[
  17     -h                   : this help
  18     -a <access bytes>    : 4 bytes ACCESS CONDITIONS
  19 ]]
  20
  21 local DEBUG = true
  22 local bxor = bit32.bxor
  23 local band = bit32.band
  24 local rshift = bit32.rshift
  25
  26 ---
  27 -- A debug printout-function
  28 local function dbg(args)
  29     if not DEBUG then return end
  30     if type(args) == 'table' then
  31         local i = 1
  32         while args[i] do
  33             dbg(args[i])
  34             i = i+1
  35         end
  36     else
  37         print('###', args)
  38     end
  39 end
  40 ---
  41 -- This is only meant to be used when errors occur
  42 local function oops(err)
  43     print('ERROR:', err)
  44     core.clearCommandBuffer()
  45     return nil, err
  46 end
  47 ---
  48 -- Usage help
  49 local function help()
  50     print(copyright)
  51     print(author)
  52     print(version)
  53     print(desc)
  54     print(ansicolors.cyan..'Usage'..ansicolors.reset)
  55     print(usage)
  56     print(ansicolors.cyan..'Arguments'..ansicolors.reset)
  57     print(arguments)
  58     print(ansicolors.cyan..'Example usage'..ansicolors.reset)
  59     print(example)
  60 end
  61
  62 local access_condition_sector_trailer = {}
  63 access_condition_sector_trailer[0x0] = {'never','key A','key A','never','key A','key A'}
  64 access_condition_sector_trailer[0x2] = {'never','never','key A','never','key A','never'}
  65 access_condition_sector_trailer[0x4] = {'never','key B','key A|B','never','never','key B'}
  66 access_condition_sector_trailer[0x6] = {'never','never','key A|B','never','never','never'}
  67 access_condition_sector_trailer[0x1] = {'never','key A','key A','key A','key A','key A'}
  68 access_condition_sector_trailer[0x3] = {'never','key B','key A|B','key B','never','key B'}
  69 access_condition_sector_trailer[0x5] = {'never','never','key A|B','key B','never','never'}
  70 access_condition_sector_trailer[0x7] = {'never','never','key A|B','never','never','never'}
  71
  72 local access_condition_data_block = {}
  73 access_condition_data_block[0x0] = {'key A|B','key A|B','key A|B','key A|B'}
  74 access_condition_data_block[0x2] = {'key A|B','never','never','never'}
  75 access_condition_data_block[0x4] = {'key A|B','key B','never','never'}
  76 access_condition_data_block[0x6] = {'key A|B','key B','key B','key A|B'}
  77 access_condition_data_block[0x1] = {'key A|B','never','never','key A|B'}
  78 access_condition_data_block[0x3] = {'key B','key B','never','never'}
  79 access_condition_data_block[0x5] = {'key B','never','never','never'}
  80 access_condition_data_block[0x7] = {'never','never','never','never'}
  81
  82 local function main(args)
  83
  84     print( string.rep('--',20) )
  85     print( string.rep('--',20) )
  86     print()
  87
  88     local access = ''
  89
  90     -- Read the parameters
  91     for o, a in getopt.getopt(args, 'ha:') do
  92         if o == 'h' then return help() end
  93         if o == 'a' then access = a end
  94     end
  95
  96     if access == nil then return oops('empty ACCESS CONDITIONS') end
  97     if #access == 0 then return oops('empty ACCESS CONDITIONS') end
  98     if #access ~= 8 then return oops('Wrong length. Should be 4 hex bytes ACCESS CONDITIONS (e.g. 7F0F0869)') end
  99
 100     local c2_b = tonumber(string.sub(access, 1, 1), 16)
 101     local c1_b = tonumber(string.sub(access, 2, 2), 16)
 102     local c1 = tonumber(string.sub(access, 3, 3), 16)
 103     local c3_b = tonumber(string.sub(access, 4, 4), 16)
 104     local c3 = tonumber(string.sub(access, 5, 5), 16)
 105     local c2 = tonumber(string.sub(access, 6, 6), 16)
 106     local gpb = string.sub(access, 7, 8)
 107
 108     if bxor(c1, c1_b) ~= 0xF then print('!!! bitflip in c1') end
 109     if bxor(c2, c2_b) ~= 0xF then print('!!! bitflip in c2') end
 110     if bxor(c3, c3_b) ~= 0xF then print('!!! bitflip in c3') end
 111
 112     local ab = c1 * 256 + c2 * 16 + c3
 113
 114     for block = 0,3 do
 115         print('--> block '..block)
 116         -- mask bits for block
 117         local abi = band(rshift(ab, block), 0x111)
 118         -- compress bits
 119         abi = band(abi + rshift(abi, 3) + rshift(abi, 6),7)
 120         -- print(abi)
 121         if block == 3 then
 122             print('     KEYSECXA read: '..access_condition_sector_trailer[abi][1])
 123             print('    KEYSECXA write: '..access_condition_sector_trailer[abi][2])
 124             print(' ACCESS COND. read: '..access_condition_sector_trailer[abi][3])
 125             print('ACCESS COND. write: '..access_condition_sector_trailer[abi][4])
 126             print('     KEYSECXB read: '..access_condition_sector_trailer[abi][5])
 127             print('    KEYSECXB write: '..access_condition_sector_trailer[abi][6])
 128         else
 129             print('                   read: '..access_condition_data_block[abi][1])
 130             print('                  write: '..access_condition_data_block[abi][2])
 131             print('                    inc: '..access_condition_data_block[abi][3])
 132             print('decr, transfer, restore: '..access_condition_data_block[abi][4])
 133         end
 134     end
 135
 136     print('GPB: '..gpb)
 137 end
 138 main(args)