X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/2767fc02919545bd65082b4682b2331def9a5ad5..224ce36eb1037ecb48d55066ab2fe36f0a5064df:/client/scripts/tnp3dump.lua diff --git a/client/scripts/tnp3dump.lua b/client/scripts/tnp3dump.lua index dedd3df1..363998fb 100644 --- a/client/scripts/tnp3dump.lua +++ b/client/scripts/tnp3dump.lua @@ -7,17 +7,20 @@ local md5 = require('md5') local dumplib = require('html_dumplib') local toyNames = require('default_toys') + example =[[ - 1. script run tnp3dump - 2. script run tnp3dump -n - 3. script run tnp3dump -k aabbccddeeff - 4. script run tnp3dump -k aabbccddeeff -n - 5. script run tnp3dump -o myfile - 6. script run tnp3dump -n -o myfile - 7. script run tnp3dump -k aabbccddeeff -n -o myfile + script run tnp3dump + script run tnp3dump -n + script run tnp3dump -p + script run tnp3dump -k aabbccddeeff + script run tnp3dump -k aabbccddeeff -n + script run tnp3dump -o myfile + script run tnp3dump -n -o myfile + script run tnp3dump -p -o myfile + script run tnp3dump -k aabbccddeeff -n -o myfile ]] author = "Iceman" -usage = "script run tnp3dump -k -n -o " +usage = "script run tnp3dump -k -n -p -o " desc =[[ This script will try to dump the contents of a Mifare TNP3xxx card. It will need a valid KeyA in order to find the other keys and decode the card. @@ -25,6 +28,7 @@ Arguments: -h : this help -k : Sector 0 Key A. -n : Use the nested cmd to find all keys + -p : Use the precalc to find all keys -o : filename for the saved dumps ]] @@ -112,15 +116,17 @@ local function main(args) local cmd local err local useNested = false + local usePreCalc = false local cmdReadBlockString = 'hf mf rdbl %d A %s' local input = "dumpkeys.bin" local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M%S"); -- Arguments for the script - for o, a in getopt.getopt(args, 'hk:no:') do + for o, a in getopt.getopt(args, 'hk:npo:') do if o == "h" then return help() end if o == "k" then keyA = a end if o == "n" then useNested = true end + if o == "p" then usePreCalc = true end if o == "o" then outputTemplate = a end end @@ -142,29 +148,34 @@ local function main(args) core.clearCommandBuffer() if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx - return oops('This is not a TNP3xxx tag. aborting.') + -- return oops('This is not a TNP3xxx tag. aborting.') end -- Show tag info - print((' Found tag : %s'):format(result.name)) - print(('Using keyA : %s'):format(keyA)) + print((' Found tag %s'):format(result.name)) + + dbg(('Using keyA : %s'):format(keyA)) --Trying to find the other keys if useNested then core.console( ('hf mf nested 1 0 A %s d'):format(keyA) ) end - + core.clearCommandBuffer() - -- Loading keyfile - print('Loading dumpkeys.bin') - local hex, err = utils.ReadDumpFile(input) - if not hex then - return oops(err) + local akeys = '' + if usePreCalc then + local pre = require('precalc') + akeys = pre.GetAll(result.uid) + else + print('Loading dumpkeys.bin') + local hex, err = utils.ReadDumpFile(input) + if not hex then + return oops(err) + end + akeys = hex:sub(0,12*16) end - - local akeys = hex:sub(0,12*16) - + -- Read block 0 cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0,arg2 = 0,arg3 = 0, data = keyA} err = core.SendCommand(cmd:getBytes()) @@ -188,7 +199,7 @@ local function main(args) core.clearCommandBuffer() -- main loop - io.write('Decrypting blocks > ') + io.write('Reading blocks > ') for blockNo = 0, numBlocks-1, 1 do if core.ukbhit() then @@ -204,7 +215,9 @@ local function main(args) local blockdata, err = waitCmd() if err then return oops(err) end + if blockNo%4 ~= 3 then + if blockNo < 8 then -- Block 0-7 not encrypted blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,blockdata) @@ -249,23 +262,28 @@ local function main(args) end end - local uid = block0:sub(1,8) local itemtype = block1:sub(1,4) + local cardidLsw = block1:sub(9,16) + local cardidMsw = block1:sub(16,24) local cardid = block1:sub(9,24) local traptype = block1:sub(25,28) -- Write dump to files if not DEBUG then local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'_uid_'..uid..'.bin') - print(("Wrote a BIN dump to the file %s"):format(foo)) + print(("Wrote a BIN dump to: %s"):format(foo)) local bar = dumplib.SaveAsText(emldata, outputTemplate..'_uid_'..uid..'.eml') - print(("Wrote a EML dump to the file %s"):format(bar)) + print(("Wrote a EML dump to: %s"):format(bar)) end + local itemtypename = toyNames[itemtype] + if itemtypename == nil then + itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)] + end -- Show info print( string.rep('--',20) ) - print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) ) + print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) ) print( (' Alter ego / traptype : 0x%s'):format(traptype) ) print( (' UID : 0x%s'):format(uid) ) print( (' CARDID : 0x%s'):format(cardid ) )