text
[RRG-proxmark3.git] / client / luascripts / hf_mf_uidbruteforce.lua
blob88dca427335845ebdd8beb20b51f4db42ffaa05a
1 -- Run me like this (connected via USB): ./pm3 -l hf_mf_uidbruteforce.lua
2 -- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_mf_uidbruteforce.lua
4 local getopt = require('getopt')
5 local ansicolors = require('ansicolors')
7 copyright = ''
8 author = 'Daniel Underhay (updated), Keld Norman(original)'
9 version = 'v2.0.1'
10 desc =[[
11 This script bruteforces 4 or 7 byte UID Mifare classic card numbers.
13 example =[[
14 Bruteforce a 4 bytes UID Mifare classic card number, starting at 11223344, ending at 11223346.
16 script run hf_mf_uidbruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
18 Bruteforce a 7 bytes UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679.
20 script run hf_mf_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
22 usage = [[
23 script run hf_mf_uidbruteforce [-s <start_id>] [-e <end_id>] [-t <timeout>] [-x <mifare_card_type>]
25 arguments = [[
26 -h this help
27 -s 0-0xFFFFFFFF start id
28 -e 0-0xFFFFFFFF end id
29 -t 0-99999, pause timeout (ms) between cards
30 (use the word 'pause' to wait for user input)
31 -x mfc, mfc4, mfu mifare type:
32 mfc for Mifare Classic (default)
33 mfc4 for Mifare Classic 4K
34 mfu for Mifare Ultralight EV1
37 local DEBUG = true
38 ---
39 -- Debug print function
40 local function dbg(args)
41 if not DEBUG then return end
42 if type(args) == 'table' then
43 local i = 1
44 while result[i] do
45 dbg(result[i])
46 i = i+1
47 end
48 else
49 print('###', args)
50 end
51 end
52 ---
53 -- When errors occur
54 local function oops(err)
55 print('ERROR:', err)
56 core.clearCommandBuffer()
57 return nil, err
58 end
59 ---
60 -- Usage help
61 local function help()
62 print(copyright)
63 print(author)
64 print(version)
65 print(desc)
66 print(ansicolors.cyan..'Usage'..ansicolors.reset)
67 print(usage)
68 print(ansicolors.cyan..'Arguments'..ansicolors.reset)
69 print(arguments)
70 print(ansicolors.cyan..'Example usage'..ansicolors.reset)
71 print(example)
72 end
73 ---
74 --- Print user message
75 local function msg(msg)
76 print( string.rep('--',20) )
77 print('')
78 print(msg)
79 print('')
80 print( string.rep('--',20) )
81 end
82 ---
83 -- Start
84 local function main(args)
86 local timeout = 0
87 local start_id = 0
88 local end_id = 0xFFFFFFFFFFFFFF
89 local mftype = 'mfc'
90 local uid_format = '%14x'
92 for o, a in getopt.getopt(args, 'e:s:t:x:h') do
93 if o == 's' then start_id = a end
94 if o == 'e' then end_id = a end
95 if o == 't' then timeout = a end
96 if o == 'x' then mftype = a end
97 if o == 'h' then return help() end
98 end
100 -- template
101 local command = ''
103 -- if the end_id is equals or inferior to 0xFFFFFFFF then use the 4 bytes UID format by default
104 if string.len(end_id) <= 10 then
105 uid_format = '%08x'
108 if mftype == 'mfc' then
109 command = 'hf 14a sim -t 1 -u ' .. uid_format
110 msg('Bruteforcing Mifare Classic card numbers')
111 elseif mftype == 'mfc4' then
112 command = 'hf 14a sim -t 8 -u ' .. uid_format
113 msg('Bruteforcing Mifare Classic 4K card numbers')
114 elseif mftype == 'mfu' then
115 command = 'hf 14a sim -t 2 -u ' .. uid_format
116 msg('Bruteforcing Mifare Ultralight card numbers')
117 else
118 return print(usage)
121 if command == '' then return print(usage) end
123 for n = start_id, end_id do
124 local c = string.format( command, n )
125 print('Running: "'..c..'"')
126 core.console(c)
127 core.console('msleep -t'..timeout);
128 core.console('hw ping')
132 main(args)