search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #969 from pwpiwi/gcc10_fixes
[legacy-proxmark3.git] / client / scripts / mfkeys.lua
blobe8abd0b904e411c2e2a2d27ba6ee991f793e7dcb
1 --[[
2 This is an example of Lua-scripting within proxmark3. This is a lua-side
3 implementation of hf mf chk
4
5 This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 at your option, any later version. See the LICENSE.txt file for the text of
7 the license.
8
9 Copyright (C) 2013 m h swende <martin at swende.se>
10 --]]
11 -- Loads the commands-library
12 local cmds = require('commands')
13 -- Load the default keys
14 local keys = require('mf_default_keys')
15 -- Ability to read what card is there
16 local reader = require('read14a')
17 -- Asks the user for input
18 local utils = require('utils')
19
20
21 local desc = ("This script implements check keys. \
22 It utilises a large list of default keys (currently %d keys).\
23 If you want to add more, just put them inside mf_default_keys.lua. "):format(#keys)
24
25 local TIMEOUT = 10000 -- 10 seconds
26
27
28 local function checkCommand(command)
29
30 --print("Sending this command : " .. tostring(command))
31 local usbcommand = command:getBytes()
32 core.SendCommand(usbcommand)
33 local result = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
34 if result then
35 local count,cmd,arg0 = bin.unpack('LL',result)
36 if(arg0==1) then
37 local count,arg1,arg2,data = bin.unpack('LLH511',result,count)
38 key = data:sub(1,12)
39 return key
40 else
41 --print("Key not found...")
42 return nil
43 end
44 else
45 print("Timeout while waiting for response. Increase TIMEOUT in keycheck.lua to wait longer")
46 return nil, "Timeout while waiting for device to respond"
47 end
48 end
49
50
51 function checkBlock(blockNo, keys, keyType)
52 -- The command data is only 512 bytes, each key is 6 bytes, meaning that we can send max 85 keys in one go.
53 -- If there's more, we need to split it up
54 local start, remaining= 1, #keys
55 local arg1 = bit32.bor(bit32.lshift(keyType, 8), blockNo)
56 local packets = {}
57 while remaining > 0 do
58 local n,data = remaining, nil
59 if remaining > 85 then n = 85 end
60 local data = table.concat(keys, "", start, start + n - 1)
61 --print("data",data)
62 --print("data len", #data)
63 print(("Testing block %d, keytype %d, with %d keys"):format(blockNo, keyType, n))
64 local command = Command:new{cmd = cmds.CMD_MIFARE_CHKKEYS,
65 arg1 = arg1,
66 arg2 = 1,
67 arg3 = n,
68 data = data}
69 local status = checkCommand(command)
70 if status then return status, blockNo end
71 start = start + n
72 remaining = remaining - n
73 end
74 return nil
75 end
76
77 -- A function to display the results
78 local function displayresults(results)
79 local sector, blockNo, keyA, keyB,_
80
81 print("________________________________________")
82 print("|Sector|Block| A | B |")
83 print("|--------------------------------------|")
84
85 for sector,_ in pairs(results) do
86 blockNo, keyA, keyB = unpack(_)
87
88 print(("| %3d | %3d |%12s|%12s|"):format(sector, blockNo, keyA, keyB))
89 end
90 print("|--------------------------------------|")
91
92 end
93
94 -- A little helper to place an item first in the list
95 local function placeFirst(akey, list)
96 akey = akey:lower()
97 if list[1] == akey then
98 -- Already at pole position
99 return list
100 end
101 local result = {akey}
102 --print(("Putting '%s' first"):format(akey))
103 for i,v in ipairs(list) do
104 if v ~= akey then
105 result[#result+1] = v
106 end
107 end
108 return result
109 end
110
111 local function dumptofile(results)
112 local sector, blockNo, keyA, keyB,_
113
114 if utils.confirm("Do you wish to save the keys to dumpfile?") then
115 local destination = utils.input("Select a filename to store to", "dumpkeys.bin")
116 local file = io.open(destination, "w")
117 if file == nil then
118 print("Could not write to file ", destination)
119 return
120 end
121
122 local key_a = ""
123 local key_b = ""
124
125 for sector,_ in pairs(results) do
126 blockNo, keyA, keyB = unpack(_)
127 key_a = key_a .. bin.pack("H",keyA);
128 key_b = key_b .. bin.pack("H",keyB);
129 end
130 file:write(key_a)
131 file:write(key_b)
132 file:close()
133 end
134 end
135
136
137 local function main(args)
138
139 print(desc);
140
141 result, err = reader.read14443a(false, true)
142 if not result then
143 print(err)
144 return
145 end
146 print(("Found a %s tag"):format(result.name))
147
148
149 core.clearCommandBuffer()
150 local blockNo
151 local keyType = 0 -- A=0, B=1
152 local numSectors = 16
153
154 if 0x18 == result.sak then -- NXP MIFARE Classic 4k | Plus 4k
155 -- IFARE Classic 4K offers 4096 bytes split into forty sectors,
156 -- of which 32 are same size as in the 1K with eight more that are quadruple size sectors.
157 numSectors = 40
158 elseif 0x08 == result.sak then -- NXP MIFARE CLASSIC 1k | Plus 2k
159 -- 1K offers 1024 bytes of data storage, split into 16 sector
160 numSectors = 16
161 elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k
162 -- MIFARE Classic mini offers 320 bytes split into five sectors.
163 numSectors = 5
164 elseif 0x10 == result.sak then -- NXP MIFARE Plus 2k
165 numSectors = 32
166 else
167 print("I don't know how many sectors there are on this type of card, defaulting to 16")
168 end
169
170 result = {}
171 for sector=1,numSectors,1 do
172
173 --[[
174 The mifare Classic 1k card has 16 sectors of 4 data blocks each.
175 The first 32 sectors of a mifare Classic 4k card consists of 4 data blocks and the remaining
176 8 sectors consist of 16 data blocks.
177 --]]
178 local blockNo = sector * 4 - 1
179
180 if sector > 32 then
181 blockNo = 32*4 + (sector-32)*16 - 1
182 end
183
184 local keyA = checkBlock(blockNo, keys, 0)
185 if keyA then keys = placeFirst(keyA, keys) end
186 keyA = keyA or ""
187
188 local keyB = checkBlock(blockNo, keys, 1)
189 if keyB then keys = placeFirst(keyB, keys) end
190 keyB = keyB or ""
191
192 result[sector] = {blockNo, keyA, keyB}
193
194 -- Check if user aborted
195 if core.ukbhit() then
196 print("Aborted by user")
197 break
198 end
199 end
200 displayresults(result)
201 dumptofile(result)
202 end
203
204 main(args)
Proxmark3 - the RFID research Swiss army knife. Official firmware