client/luascripts/hf_mfu_uidkeycalc-italy.lua

   1 local bin = require('bin')
   2 local getopt = require('getopt')
   3 local lib14a = require('read14a')
   4 local utils =  require('utils')
   5 local ansicolors  = require('ansicolors')
   6
   7 copyright = ''
   8 author = "Iceman"
   9 version = 'v1.0.1'
  10 desc = [[
  11 This script calculates mifare Ultralight-EV1 pwd based on uid diversification for an Italian ticketsystem
  12 Algo not found by me.
  13 ]]
  14 example =[[
  15      -- if called without, it reads tag uid
  16      script run hf_mfu_uidkeycalc-italy
  17
  18      --
  19      script run hf_mfu_uidkeycalc-italy -u 11223344556677
  20 ]]
  21 usage = [[
  22 script run hf_mfu_uidkeycalc-italy -h -u <uid> "
  23 ]]
  24 arguments = [[
  25     -h             : this help
  26     -u <UID>       : UID
  27 ]]
  28
  29 local DEBUG = true
  30 local bxor = bit32.bxor
  31 ---
  32 -- A debug printout-function
  33 local function dbg(args)
  34     if not DEBUG then return end
  35     if type(args) == 'table' then
  36         local i = 1
  37         while args[i] do
  38             dbg(args[i])
  39             i = i+1
  40         end
  41     else
  42         print('###', args)
  43     end
  44 end
  45 ---
  46 -- This is only meant to be used when errors occur
  47 local function oops(err)
  48     print('ERROR: ', err)
  49     core.clearCommandBuffer()
  50     return nil, err
  51 end
  52 ---
  53 -- Usage help
  54 local function help()
  55     print(copyright)
  56     print(author)
  57     print(version)
  58     print(desc)
  59     print(ansicolors.cyan..'Usage'..ansicolors.reset)
  60     print(usage)
  61     print(ansicolors.cyan..'Arguments'..ansicolors.reset)
  62     print(arguments)
  63     print(ansicolors.cyan..'Example usage'..ansicolors.reset)
  64     print(example)
  65 end
  66 --
  67 -- Exit message
  68 local function exitMsg(msg)
  69     print( string.rep('--',20) )
  70     print( string.rep('--',20) )
  71     print(msg)
  72     print()
  73 end
  74
  75 local _xortable = {
  76     --[[ position, 4byte xor
  77     --]]
  78     {"00","4f2711c1"},
  79     {"01","07D7BB83"},
  80     {"02","9636EF07"},
  81     {"03","B5F4460E"},
  82     {"04","F271141C"},
  83     {"05","7D7BB038"},
  84     {"06","636EF871"},
  85     {"07","5F4468E3"},
  86     {"08","271149C7"},
  87     {"09","D7BB0B8F"},
  88     {"0A","36EF8F1E"},
  89     {"0B","F446863D"},
  90     {"0C","7114947A"},
  91     {"0D","7BB0B0F5"},
  92     {"0E","6EF8F9EB"},
  93     {"0F","44686BD7"},
  94     {"10","11494fAF"},
  95     {"11","BB0B075F"},
  96     {"12","EF8F96BE"},
  97     {"13","4686B57C"},
  98     {"14","1494F2F9"},
  99     {"15","B0B07DF3"},
 100     {"16","F8F963E6"},
 101     {"17","686B5FCC"},
 102     {"18","494F2799"},
 103     {"19","0B07D733"},
 104     {"1A","8F963667"},
 105     {"1B","86B5F4CE"},
 106     {"1C","94F2719C"},
 107     {"1D","B07D7B38"},
 108     {"1E","F9636E70"},
 109     {"1F","6B5F44E0"},
 110 }
 111
 112 local function findEntryByUid( uid )
 113
 114     -- xor UID4,UID5,UID6,UID7
 115     -- mod 0x20 (dec 32)
 116     local pos = (bxor(uid[4], uid[5], uid[6], uid[7])) % 32
 117
 118     -- convert to hexstring
 119     pos = string.format('%02X', pos)
 120
 121     for k, v in pairs(_xortable) do
 122         if ( v[1]  == pos ) then
 123             return utils.ConvertHexToBytes(v[2])
 124         end
 125     end
 126     return nil
 127 end
 128 ---
 129 -- create pwd
 130 local function pwdgen(uid)
 131     --  PWD CALC
 132     --  PWD0  =  T0 xor B xor C xor D
 133     --  PWD1  =  T1 xor A xor C xor E
 134     --  PWD2  =  T2 xor A xor B xor F
 135     --  PWD3  =  T3 xor G
 136     local uidbytes = utils.ConvertHexToBytes(uid)
 137     local entry = findEntryByUid(uidbytes)
 138     if entry == nil then return nil, "Can't find a xor entry" end
 139
 140     local pwd0 = bxor( entry[1], uidbytes[2], uidbytes[3], uidbytes[4])
 141     local pwd1 = bxor( entry[2], uidbytes[1], uidbytes[3], uidbytes[5])
 142     local pwd2 = bxor( entry[3], uidbytes[1], uidbytes[2], uidbytes[6])
 143     local pwd3 = bxor( entry[4], uidbytes[7])
 144     return string.format('%02X%02X%02X%02X', pwd0, pwd1, pwd2, pwd3)
 145 end
 146
 147 --
 148 -- main
 149 local function main(args)
 150
 151     print( string.rep('--',20) )
 152     print( string.rep('--',20) )
 153     print()
 154
 155     local uid = '04111211121110'
 156     local useUID = false
 157
 158     -- Arguments for the script
 159     for o, a in getopt.getopt(args, 'hu:') do
 160         if o == 'h' then return help() end
 161         if o == 'u' then uid = a; useUID = true end
 162     end
 163
 164     if useUID then
 165         -- uid string checks
 166         if uid == nil then return oops('empty uid string') end
 167         if #uid == 0 then return oops('empty uid string') end
 168         if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
 169     else
 170         -- GET TAG UID
 171         local tag, err = lib14a.read(false, true)
 172         if not tag then return oops(err) end
 173         core.clearCommandBuffer()
 174         uid = tag.uid
 175     end
 176
 177     print('UID | '..uid)
 178     local pwd, err = pwdgen(uid)
 179     if not pwd then return ooops(err) end
 180
 181     print(string.format('PWD | %s', pwd))
 182 end
 183
 184 main(args)