client/luascripts/hf_mf_uidbruteforce.lua

   1 -- Run me like this (connected via USB): ./pm3 -l hf_mf_uidbruteforce.lua
   2 -- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_mf_uidbruteforce.lua
   3
   4 local getopt = require('getopt')
   5 local ansicolors  = require('ansicolors')
   6
   7 copyright = ''
   8 author = 'Daniel Underhay (updated), Keld Norman(original)'
   9 version = 'v2.0.1'
  10 desc =[[
  11 This script bruteforces 4 or 7 byte UID Mifare classic card numbers.
  12 ]]
  13 example =[[
  14 Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346.
  15
  16     script run hf_mf_uidbruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
  17
  18 Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679.
  19
  20     script run hf_mf_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
  21 ]]
  22 usage = [[
  23 script run hf_mf_uidbruteforce [-s <start_id>] [-e <end_id>] [-t <timeout>] [-x <mifare_card_type>]
  24 ]]
  25 arguments = [[
  26     -h       this help
  27     -s       0-0xFFFFFFFF         start id
  28     -e       0-0xFFFFFFFF         end id
  29     -t       0-99999, pause       timeout (ms) between cards
  30                                   (use the word 'pause' to wait for user input)
  31     -x       mfc, mfu             mifare type:
  32                                     mfc for Mifare Classic (default)
  33                                     mfu for Mifare Ultralight EV1
  34 ]]
  35
  36 local DEBUG = true
  37 ---
  38 -- Debug print function
  39 local function dbg(args)
  40     if not DEBUG then return end
  41     if type(args) == 'table' then
  42         local i = 1
  43         while result[i] do
  44             dbg(result[i])
  45             i = i+1
  46         end
  47     else
  48         print('###', args)
  49     end
  50 end
  51 ---
  52 -- When errors occur
  53 local function oops(err)
  54     print('ERROR:', err)
  55     core.clearCommandBuffer()
  56     return nil, err
  57 end
  58 ---
  59 -- Usage help
  60 local function help()
  61     print(copyright)
  62     print(author)
  63     print(version)
  64     print(desc)
  65     print(ansicolors.cyan..'Usage'..ansicolors.reset)
  66     print(usage)
  67     print(ansicolors.cyan..'Arguments'..ansicolors.reset)
  68     print(arguments)
  69     print(ansicolors.cyan..'Example usage'..ansicolors.reset)
  70     print(example)
  71 end
  72 ---
  73 --- Print user message
  74 local function msg(msg)
  75  print( string.rep('--',20) )
  76  print('')
  77  print(msg)
  78  print('')
  79  print( string.rep('--',20) )
  80 end
  81 ---
  82 -- Start
  83 local function main(args)
  84
  85     local timeout = 0
  86     local start_id = 0
  87     local end_id = 0xFFFFFFFFFFFFFF
  88     local mftype = 'mfc'
  89
  90     for o, a in getopt.getopt(args, 'e:s:t:x:h') do
  91         if o == 's' then start_id = a end
  92         if o == 'e' then end_id = a end
  93         if o == 't' then timeout = a end
  94         if o == 'x' then mftype = a end
  95         if o == 'h' then return print(usage) end
  96     end
  97
  98     -- template
  99     local command = ''
 100
 101     if mftype == 'mfc' then
 102         command = 'hf 14a sim -t 1 -u %014x'
 103         msg('Bruteforcing Mifare Classic card numbers')
 104     elseif mftype == 'mfu' then
 105         command = 'hf 14a sim -t 2 -u %014x'
 106         msg('Bruteforcing Mifare Ultralight card numbers')
 107     else
 108         return print(usage)
 109     end
 110
 111     if command == '' then return print(usage) end
 112
 113     for n = start_id, end_id do
 114         local c = string.format( command, n )
 115         print('Running: "'..c..'"')
 116         core.console(c)
 117         core.console('msleep '..timeout);
 118         core.console('hw ping')
 119     end
 120
 121 end
 122 main(args)