local lib14a = require('read14a')
local utils = require('utils')
local md5 = require('md5')
+local toyNames = require('default_toys')
example =[[
1. script run tnp3
local function main(args)
print( string.rep('--',20) )
- print( string.rep('--',20) )
- print()
+ --print( string.rep('--',20) )
+ --print()
local keyA
local cmd
if #(keyA) ~= 12 then
return oops( string.format('Wrong length of write key (was %d) expected 12', #keyA))
end
+
+ -- Turn off Debug
+ local cmdSetDbgOff = "hf mf dbg 0"
+ core.console( cmdSetDbgOff)
result, err = lib14a.read1443a(false)
if not result then
return oops(err)
end
- print((' Found tag : %s'):format(result.name))
-
core.clearCommandBuffer()
if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx
return oops('This is not a TNP3xxx tag. aborting.')
end
+ print((' Found tag : %s'):format(result.name))
+
-- Show info
print(('Using keyA : %s'):format(keyA))
print( string.rep('--',20) )
- print('Trying to find other keys.')
+ --Trying to find the other keys
if useNested then
core.console( ('hf mf nested 1 0 A %s d'):format(keyA) )
end
-- Loading keyfile
+ print('Loading dumpkeys.bin')
local infile = io.open(input, "rb")
if infile == nil then
return oops('Could not read file ', input)
end
local akeys = readdumpkeys(infile):sub(0,12*16)
-
+
-- Read block 0
cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0,arg2 = 0,arg3 = 0, data = keyA}
err = core.SendCommand(cmd:getBytes())
local blockNo
local blocks = {}
+ print('Reading card data')
+
-- main loop
- for blockNo = 8, numBlocks-1, 1 do
+ for blockNo = 0, numBlocks-1, 1 do
+
+ if core.ukbhit() then
+ print("aborted by user")
+ break
+ end
+
+ pos = (math.floor( blockNo / 4 ) * 12)+1
+ key = akeys:sub(pos, pos + 11 )
+ cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = blockNo ,arg2 = 0,arg3 = 0, data = key}
+ local err = core.SendCommand(cmd:getBytes())
+ if err then return oops(err) end
+ local blockdata, err = waitCmd()
+ if err then return oops(err) end
+
local b = blockNo%4
+
if b ~= 3 then
- pos = (math.floor( blockNo / 4 ) * 12)+1
- key = akeys:sub(pos, pos + 12 )
- cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = blockNo ,arg2 = 0,arg3 = 0, data = key}
- local err = core.SendCommand(cmd:getBytes())
- if err then return oops(err) end
- local blockdata, err = waitCmd()
- if err then return oops(err) end
-
- local base = ('%s%s%d%s'):format(block0, block1, blockNo, hashconstant)
- local md5hash = md5.sumhexa(base)
- local aestest = core.aes(md5hash, blockdata)
-
- local _,hex = bin.unpack(("H%d"):format(16),aestest)
-
- -- local hexascii = string.gsub(hex, '(%x%x)',
- -- function(value)
- -- return string.char(tonumber(value, 16))
- -- end
- -- )
-
- if string.find(blockdata, '^0+$') then
- blocks[blockNo] = ('%02d :: %s :: %s'):format(blockNo,blockdata,blockdata)
+ if blockNo < 8 then
+ -- Block 0-7 not encrypted
+ blocks[blockNo+1] = ('%02d :: %s :: %s'):format(blockNo,blockdata,blockdata)
else
- --blocks[blockNo] = ('%02d :: %s :: %s :: %s '):format(blockNo,key,md5hash,hex)
- blocks[blockNo] = ('%02d :: %s :: %s'):format(blockNo,blockdata,blockdata)
- end
-
- if core.ukbhit() then
- print("aborted by user")
- break
+ local base = ('%s%s%d%s'):format(block0, block1, blockNo, hashconstant) local md5hash = md5.sumhexa(base)
+ local aestest = core.aes(md5hash, blockdata)
+
+ local _,hex = bin.unpack(("H%d"):format(16),aestest)
+
+ -- local hexascii = string.gsub(hex, '(%x%x)',
+ -- function(value)
+ -- return string.char(tonumber(value, 16))
+ -- end
+ -- )
+
+ if string.find(blockdata, '^0+$') then
+ blocks[blockNo+1] = ('%02d :: %s :: %s'):format(blockNo,blockdata,blockdata)
+ else
+ --blocks[blockNo+1] = ('%02d :: %s :: %s :: %s '):format(blockNo,key,md5hash,hex)
+ blocks[blockNo+1] = ('%02d :: %s :: %s'):format(blockNo,blockdata,hex)
+ end
end
+
+ else
+ -- Sectorblocks, not encrypted
+ blocks[blockNo+1] = ('%02d :: %s :: %s'):format(blockNo,blockdata,blockdata)
end
end
-- Print results
+ local uid = block0:sub(1,8)
+ local itemtype = block1:sub(1,4)
+ local cardid = block1:sub(9,24)
+ print( (' UID : %s'):format(uid) )
+ print( (' ITEM TYPE : %s - %s'):format(itemtype, toyNames[itemtype]) )
+ print( (' CARDID : %s'):format(cardid ) )
print('BLK :: DATA DECRYPTED' )
print( string.rep('--',36) )
for _,s in pairs(blocks) do
projects / proxmark3-svn / blobdiff