[proxmark3-svn] / client / scripting.c

//-----------------------------------------------------------------------------
// Copyright (C) 2013 m h swende <martin at swende.se>
// Modified 2015,2016, iceman 
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// Some lua scripting glue to proxmark core.
//-----------------------------------------------------------------------------
#include "scripting.h"

/**
 * The following params expected:
 *  UsbCommand c
 *@brief l_SendCommand
 * @param L
 * @return
 */
static int l_SendCommand(lua_State *L){

    /*
     *
     The SendCommand (native) expects the following structure:

     typedef struct {
      uint64_t cmd; //8 bytes
      uint64_t arg[3]; // 8*3 bytes = 24 bytes
      union {
        uint8_t  asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR)
        uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes
      } d;
    } PACKED UsbCommand;

    ==> A 544 byte buffer will do.
    **/
    //Pop cmd
    size_t size;
    const char *data = luaL_checklstring(L, 1, &size);
    if(size != sizeof(UsbCommand))
    {
		printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
        lua_pushstring(L,"Wrong data size");
        return 1;
    }

    SendCommand((UsbCommand* )data);
    return 0; // no return values
}
/**
 * @brief The following params expected:
 * uint32_t cmd
 * size_t ms_timeout
 * @param L
 * @return
 */
static int l_WaitForResponseTimeout(lua_State *L){

    uint32_t cmd = 0;
    size_t ms_timeout = -1;

    //Check number of arguments
    int n = lua_gettop(L);
    if(n == 0)
    {
        //signal error by returning Nil, errorstring
        lua_pushnil(L);
        lua_pushstring(L,"You need to supply at least command to wait for");
        return 2; // two return values
    }
    if(n >= 1)
    {
        //pop cmd
        cmd = luaL_checkunsigned(L,1);
    }
    if(n >= 2)
    {
        //Did the user send a timeout ?
        //Check if the current top of stack is an integer
        ms_timeout = luaL_checkunsigned(L,2);
        //printf("Timeout set to %dms\n" , (int) ms_timeout);
    }

    UsbCommand response;

    if(WaitForResponseTimeout(cmd, &response, ms_timeout))
    {
        //Push it as a string
         lua_pushlstring(L,(const char *)&response, sizeof(UsbCommand));

        return 1;// return 1 to signal one return value
    }else{
        //Push a Nil instead
        lua_pushnil(L);
        return 1;// one return value
    }
}

static int returnToLuaWithError(lua_State *L, const char* fmt, ...)
{
    char buffer[200];
    va_list args;
    va_start(args,fmt);
    vsnprintf(buffer, sizeof(buffer), fmt,args);
    va_end(args);

    lua_pushnil(L);
    lua_pushstring(L,buffer);
    return 2;
}

static int l_nonce2key(lua_State *L){

    size_t size;
    const char *p_uid = luaL_checklstring(L, 1, &size);
    if(size != 4)  return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size);

    const char *p_nt = luaL_checklstring(L, 2, &size);
    if(size != 4)  return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size);

    const char *p_nr = luaL_checklstring(L, 3, &size);
    if(size != 4)  return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size);

    const char *p_par_info = luaL_checklstring(L, 4, &size);
    if(size != 8)  return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size);

    const char *p_pks_info = luaL_checklstring(L, 5, &size);
    if(size != 8)  return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size);


    uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4);
    uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4);

    uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4);
    uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8);
    uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8);

    uint64_t key = 0;

    int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key);

    //Push the retval on the stack
    lua_pushinteger(L,retval);

    //Push the key onto the stack
    uint8_t dest_key[8];
    num_to_bytes(key,sizeof(dest_key),dest_key);

    //printf("Pushing to lua stack: %012"llx"\n",key);
    lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key));

    return 2; //Two return values
}
//static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));}
static int l_clearCommandBuffer(lua_State *L){
    clearCommandBuffer();
    return 0;
}
/**
 * @brief l_foobar is a dummy function to test lua-integration with
 * @param L
 * @return
 */
static int l_foobar(lua_State *L)
{
    //Check number of arguments
    int n = lua_gettop(L);
    printf("foobar called with %d arguments" , n);
    lua_settop(L, 0);
    printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));

    // todo: this is not used, where was it intended for?
    // UsbCommand response =  {CMD_MIFARE_READBL, {1337, 1338, 1339}};

    printf("Now returning a uint64_t as a string");
    uint64_t x = 0xDEADBEEF;
    uint8_t destination[8];
    num_to_bytes(x,sizeof(x),destination);
    lua_pushlstring(L,(const char *)&x,sizeof(x));
    lua_pushlstring(L,(const char *)destination,sizeof(destination));

    return 2;
}


/**
 * @brief Utility to check if a key has been pressed by the user. This method does not block.
 * @param L
 * @return boolean, true if kbhit, false otherwise.
 */
static int l_ukbhit(lua_State *L)
{
    lua_pushboolean(L,ukbhit() ? true : false);
    return 1;
}
/**
 * @brief Calls the command line parser to deal with the command. This enables
 * lua-scripts to do stuff like "core.console('hf mf mifare')"
 * @param L
 * @return
 */
static int l_CmdConsole(lua_State *L)
{
    CommandReceived((char *)luaL_checkstring(L, 1));
    return 0;
}

static int l_iso15693_crc(lua_State *L)
{
    //    uint16_t Iso15693Crc(uint8_t *v, int n);
    size_t size;
    const char *v = luaL_checklstring(L, 1, &size);
    uint16_t retval = Iso15693Crc((uint8_t *) v, size);
    lua_pushinteger(L, (int) retval);
    return 1;
}

static int l_iso14443b_crc(lua_State *L)
{
	/* void ComputeCrc14443(int CrcType,
                     const unsigned char *Data, int Length,
                     unsigned char *TransmitFirst,
                     unsigned char *TransmitSecond)
	*/
	unsigned char buf[USB_CMD_DATA_SIZE];
    size_t len = 0;	
    const char *data = luaL_checklstring(L, 1, &len);
	if (USB_CMD_DATA_SIZE < len)
		len =  USB_CMD_DATA_SIZE-2;
	
	for (int i = 0; i < len; i += 2) {
		sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
	}	
	ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]);
	
    lua_pushlstring(L, (const char *)&buf, len+2);
    return 1;
}

/*
 Simple AES 128 cbc hook up to OpenSSL.
 params:  key, input
*/
static int l_aes128decrypt_cbc(lua_State *L)
{
	//Check number of arguments
	int i;
    size_t size;
    const char *p_key = luaL_checklstring(L, 1, &size);
    if(size != 32)  return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);

    const char *p_encTxt = luaL_checklstring(L, 2, &size);

	unsigned char indata[16] = {0x00};
	unsigned char outdata[16] = {0x00};
    unsigned char aes_key[16] = {0x00};
	unsigned char iv[16] = {0x00};

	// convert key to bytearray and convert input to bytearray
	for (i = 0; i < 32; i += 2) {
		sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
		sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
	}

    aes_context ctx;
    aes_init(&ctx);
	aes_setkey_dec(&ctx, aes_key, 128);
	aes_crypt_cbc(&ctx, AES_DECRYPT, sizeof(indata), iv, indata, outdata );
    //Push decrypted array as a string
	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	return 1;// return 1 to signal one return value
}
static int l_aes128decrypt_ecb(lua_State *L)
{
	//Check number of arguments
	int i;
    size_t size;
    const char *p_key = luaL_checklstring(L, 1, &size);
    if(size != 32)  return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);

    const char *p_encTxt = luaL_checklstring(L, 2, &size);

	unsigned char indata[16] = {0x00};
	unsigned char outdata[16] = {0x00};
    unsigned char aes_key[16] = {0x00};

	// convert key to bytearray and convert input to bytearray
	for (i = 0; i < 32; i += 2) {
		sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
		sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
	}
    aes_context ctx;
    aes_init(&ctx);
	aes_setkey_dec(&ctx, aes_key, 128);
	aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );

    //Push decrypted array as a string
	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	return 1;// return 1 to signal one return value
}

static int l_aes128encrypt_cbc(lua_State *L)
{
	//Check number of arguments
	int i;
    size_t size;
    const char *p_key = luaL_checklstring(L, 1, &size);
    if(size != 32)  return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);

    const char *p_txt = luaL_checklstring(L, 2, &size);
    
	unsigned char indata[16] = {0x00};
	unsigned char outdata[16] = {0x00};
    unsigned char aes_key[16] = {0x00};
	unsigned char iv[16] = {0x00};
	
	for (i = 0; i < 32; i += 2) {
		sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
		sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
	}

    aes_context ctx;
    aes_init(&ctx);
	aes_setkey_enc(&ctx, aes_key, 128);
	aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
	//Push encrypted array as a string
	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	return 1;// return 1 to signal one return value
}

static int l_aes128encrypt_ecb(lua_State *L)
{
	//Check number of arguments
	int i;
    size_t size;
    const char *p_key = luaL_checklstring(L, 1, &size);
    if(size != 32)  return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);

    const char *p_txt = luaL_checklstring(L, 2, &size);
    
	unsigned char indata[16] = {0x00};
	unsigned char outdata[16] = {0x00};
    unsigned char aes_key[16] = {0x00};
	
	for (i = 0; i < 32; i += 2) {
		sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
		sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
	}	
    aes_context ctx;
    aes_init(&ctx);
	aes_setkey_enc(&ctx, aes_key, 128);
	aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
	//Push encrypted array as a string
	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	return 1;// return 1 to signal one return value
}

static int l_crc8legic(lua_State *L)
{
	size_t size;
	const char *p_str = luaL_checklstring(L, 1, &size);

	uint16_t retval = CRC8Legic( (uint8_t*) p_str, size);
    lua_pushinteger(L, (int) retval);
    return 1;
}

static int l_crc16(lua_State *L)
{
	size_t size;
	const char *p_str = luaL_checklstring(L, 1, &size);

	uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
    lua_pushinteger(L, (int) retval);
    return 1;
}

static int l_crc64(lua_State *L)
{
	size_t size;
	uint64_t crc = 0; 
	unsigned char outdata[8] = {0x00};

	const char *p_str = luaL_checklstring(L, 1, &size);

	crc64( (uint8_t*) p_str, size, &crc);

	outdata[0] = (uint8_t)(crc >> 56) & 0xff;
	outdata[1] = (uint8_t)(crc >> 48) & 0xff;
	outdata[2] = (uint8_t)(crc >> 40) & 0xff;
	outdata[3] = (uint8_t)(crc >> 32) & 0xff;
	outdata[4] = (uint8_t)(crc >> 24) & 0xff;
	outdata[5] = (uint8_t)(crc >> 16) & 0xff;
	outdata[6] = (uint8_t)(crc >> 8) & 0xff;
	outdata[7] = crc & 0xff;
	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	return 1;
}

static int l_sha1(lua_State *L)
{
	size_t size;
	const char *p_str = luaL_checklstring(L, 1, &size);	
	unsigned char outdata[20] = {0x00};                                                                                                                                                                     
    sha1( (uint8_t*) p_str, size, outdata);                                                                                                                                                                 
    lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
    return 1;	
}

static int l_reveng_models(lua_State *L){

	char *models[80];
	int count = 0;
	int in_width = luaL_checkinteger(L, 1);
	
	if( in_width > 89 ) return returnToLuaWithError(L,"Width cannot exceed 89, got %d", in_width);

	uint8_t width[80];
	width[0] = (uint8_t)in_width;
	int ans = GetModels(models, &count, width);
	if (!ans) return 0;
	
	lua_newtable(L);
	
	for (int i = 0; i < count; i++){
		lua_pushstring(L,  (const char*)models[i]);
		lua_rawseti(L,-2,i+1);
		free(models[i]);
	}

	return 1;
}

//Called with 4 parameters.
// inModel   ,string containing the crc model name: 'CRC-8'
// inHexStr  ,string containing the hex representation of the data that will be used for CRC calculations.
// reverse   ,int 0/1  (bool) if 1, calculate the reverse CRC
// endian    ,char,  'B','b','L','l','t','r' describing if Big-Endian or Little-Endian should be used in different combinations.
//
// outputs:  string with hex representation of the CRC result
static int l_reveng_RunModel(lua_State *L){
	//-c || -v
	//inModel = valid model name string - CRC-8
	//inHexStr = input hex string to calculate crc on
	//reverse = reverse calc option if true
	//endian = {0 = calc default endian input and output, b = big endian input and output, B = big endian output, r = right justified
	//          l = little endian input and output, L = little endian output only, t = left justified}
	//result = calculated crc hex string	
	char result[50];
	
	const char *inModel = luaL_checkstring(L, 1);
	const char *inHexStr = luaL_checkstring(L, 2);
    bool reverse =  lua_toboolean(L, 3);
	const char endian = luaL_checkstring(L, 4)[0];

	//PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse);
	//    int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result)
	int ans = RunModel( (char *)inModel, (char *)inHexStr, reverse, endian, result);
	if (!ans) 	
		return returnToLuaWithError(L,"Reveng failed");

	lua_pushstring(L, (const char*)result); 
	return 1;
}

/**
 * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
 * able to do "require('foobar')" if foobar.lua is within lualibs folder.
 * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c
 * @param L
 * @param path
 * @return
 */
int setLuaPath( lua_State* L, const char* path )
{
    lua_getglobal( L, "package" );
    lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1)
    const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack
    int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it
    char * buf = malloc(requiredLength);
    snprintf(buf, requiredLength, "%s;%s", cur_path, path);
    lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5
    lua_pushstring( L, buf ); // push the new one
    lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
    lua_pop( L, 1 ); // get rid of package table from top of stack
	free(buf);
	return 0; // all done!
}


int set_pm3_libraries(lua_State *L)
{

    static const luaL_Reg libs[] = {
        {"SendCommand",                 l_SendCommand},
        {"WaitForResponseTimeout",      l_WaitForResponseTimeout},
        {"nonce2key",                   l_nonce2key},
        //{"PrintAndLog",                 l_PrintAndLog},
        {"foobar",                      l_foobar},
        {"ukbhit",                      l_ukbhit},
        {"clearCommandBuffer",          l_clearCommandBuffer},
		{"console",                     l_CmdConsole},
		{"iso15693_crc",                l_iso15693_crc},
		{"iso14443b_crc",				l_iso14443b_crc},
		{"aes128_decrypt",              l_aes128decrypt_cbc},
		{"aes128_decrypt_ecb",          l_aes128decrypt_ecb},
		{"aes128_encrypt",              l_aes128encrypt_cbc},		
		{"aes128_encrypt_ecb",          l_aes128encrypt_ecb},
		{"crc8legic",					l_crc8legic},
		{"crc16",                       l_crc16},
		{"crc64",                       l_crc64},
		{"sha1",						l_sha1},
		{"reveng_models",				l_reveng_models},
		{"reveng_runmodel",				l_reveng_RunModel},
        {NULL, NULL}
    };

    lua_pushglobaltable(L);
    // Core library is in this table. Contains '
    //this is 'pm3' table
    lua_newtable(L);

    //Put the function into the hash table.
    for (int i = 0; libs[i].name; i++) {
        lua_pushcfunction(L, libs[i].func);
        lua_setfield(L, -2, libs[i].name);//set the name, pop stack
    }
    //Name of 'core'
    lua_setfield(L, -2, "core");

    //-- remove the global environment table from the stack
    lua_pop(L, 1);

    //-- Last but not least, add to the LUA_PATH (package.path in lua)
    // so we can load libraries from the ./lualib/ - directory
    setLuaPath(L,"./lualibs/?.lua");

    return 1;
}
Commit	Line	Data
5b760b6c	1	//-----------------------------------------------------------------------------
5b760b6c	2	// Copyright (C) 2013 m h swende <martin at swende.se>
a75d63f1	3	// Modified 2015,2016, iceman
5b760b6c	4	//
	5	// This code is licensed to you under the terms of the GNU GPL, version 2 or,
	6	// at your option, any later version. See the LICENSE.txt file for the text of
	7	// the license.
	8	//-----------------------------------------------------------------------------
	9	// Some lua scripting glue to proxmark core.
	10	//-----------------------------------------------------------------------------
5b760b6c	11	#include "scripting.h"
a75d63f1	12
5b760b6c	13	/**
	14	* The following params expected:
	15	* UsbCommand c
	16	*@brief l_SendCommand
	17	* @param L
	18	* @return
	19	*/
	20	static int l_SendCommand(lua_State *L){
	21
	22	/*
	23	*
	24	The SendCommand (native) expects the following structure:
	25
	26	typedef struct {
	27	uint64_t cmd; //8 bytes
	28	uint64_t arg[3]; // 8*3 bytes = 24 bytes
	29	union {
	30	uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR)
	31	uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes
	32	} d;
	33	} PACKED UsbCommand;
	34
	35	==> A 544 byte buffer will do.
	36	**/
	37	//Pop cmd
96e7a3a5	38	size_t size;
	39	const char *data = luaL_checklstring(L, 1, &size);
	40	if(size != sizeof(UsbCommand))
	41	{
1d0ccbe0	42	printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
96e7a3a5	43	lua_pushstring(L,"Wrong data size");
	44	return 1;
	45	}
	46
42daa759	47	SendCommand((UsbCommand* )data);
44fffc54	48	return 0; // no return values
5b760b6c	49	}
	50	/**
	51	* @brief The following params expected:
	52	* uint32_t cmd
	53	* size_t ms_timeout
	54	* @param L
	55	* @return
	56	*/
	57	static int l_WaitForResponseTimeout(lua_State *L){
	58
44fffc54	59	uint32_t cmd = 0;
44fffc54	60	size_t ms_timeout = -1;
5b760b6c	61
44fffc54	62	//Check number of arguments
	63	int n = lua_gettop(L);
	64	if(n == 0)
5b760b6c	65	{
44fffc54	66	//signal error by returning Nil, errorstring
	67	lua_pushnil(L);
	68	lua_pushstring(L,"You need to supply at least command to wait for");
	69	return 2; // two return values
	70	}
	71	if(n >= 1)
	72	{
	73	//pop cmd
	74	cmd = luaL_checkunsigned(L,1);
	75	}
	76	if(n >= 2)
	77	{
	78	//Did the user send a timeout ?
	79	//Check if the current top of stack is an integer
5b760b6c	80	ms_timeout = luaL_checkunsigned(L,2);
44fffc54	81	//printf("Timeout set to %dms\n" , (int) ms_timeout);
5b760b6c	82	}
5b760b6c	83
44fffc54	84	UsbCommand response;
	85
	86	if(WaitForResponseTimeout(cmd, &response, ms_timeout))
5b760b6c	87	{
44fffc54	88	//Push it as a string
5de79e20	89	lua_pushlstring(L,(const char *)&response, sizeof(UsbCommand));
44fffc54	90
	91	return 1;// return 1 to signal one return value
	92	}else{
5b760b6c	93	//Push a Nil instead
5b760b6c	94	lua_pushnil(L);
44fffc54	95	return 1;// one return value
5b760b6c	96	}
5b760b6c	97	}
2dcdf1a6	98
	99	static int returnToLuaWithError(lua_State L, const char fmt, ...)
	100	{
	101	char buffer[200];
	102	va_list args;
	103	va_start(args,fmt);
	104	vsnprintf(buffer, sizeof(buffer), fmt,args);
	105	va_end(args);
	106
	107	lua_pushnil(L);
	108	lua_pushstring(L,buffer);
	109	return 2;
	110	}
	111
	112	static int l_nonce2key(lua_State *L){
	113
	114	size_t size;
	115	const char *p_uid = luaL_checklstring(L, 1, &size);
	116	if(size != 4) return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size);
	117
	118	const char *p_nt = luaL_checklstring(L, 2, &size);
	119	if(size != 4) return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size);
	120
	121	const char *p_nr = luaL_checklstring(L, 3, &size);
	122	if(size != 4) return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size);
	123
	124	const char *p_par_info = luaL_checklstring(L, 4, &size);
	125	if(size != 8) return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size);
	126
	127	const char *p_pks_info = luaL_checklstring(L, 5, &size);
	128	if(size != 8) return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size);
	129
	130
	131	uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4);
	132	uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4);
	133
	134	uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4);
	135	uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8);
	136	uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8);
	137
	138	uint64_t key = 0;
	139
	140	int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key);
	141
	142	//Push the retval on the stack
	143	lua_pushinteger(L,retval);
2dcdf1a6	144
2dcdf1a6	145	//Push the key onto the stack
05f23c59	146	uint8_t dest_key[8];
05f23c59	147	num_to_bytes(key,sizeof(dest_key),dest_key);
b9697139	148
05f23c59	149	//printf("Pushing to lua stack: %012"llx"\n",key);
05f23c59	150	lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key));
2dcdf1a6	151
	152	return 2; //Two return values
	153	}
42daa759	154	//static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));}
44fffc54	155	static int l_clearCommandBuffer(lua_State *L){
44fffc54	156	clearCommandBuffer();
42daa759	157	return 0;
44fffc54	158	}
	159	/**
	160	* @brief l_foobar is a dummy function to test lua-integration with
	161	* @param L
	162	* @return
	163	*/
	164	static int l_foobar(lua_State *L)
	165	{
	166	//Check number of arguments
	167	int n = lua_gettop(L);
	168	printf("foobar called with %d arguments" , n);
	169	lua_settop(L, 0);
	170	printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));
bcf61bd3	171
05f23c59	172	// todo: this is not used, where was it intended for?
05f23c59	173	// UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}};
bcf61bd3	174
05f23c59	175	printf("Now returning a uint64_t as a string");
	176	uint64_t x = 0xDEADBEEF;
	177	uint8_t destination[8];
	178	num_to_bytes(x,sizeof(x),destination);
	179	lua_pushlstring(L,(const char *)&x,sizeof(x));
	180	lua_pushlstring(L,(const char *)destination,sizeof(destination));
	181
	182	return 2;
44fffc54	183	}
44fffc54	184
2dcdf1a6	185
44fffc54	186	/**
	187	* @brief Utility to check if a key has been pressed by the user. This method does not block.
	188	* @param L
	189	* @return boolean, true if kbhit, false otherwise.
	190	*/
	191	static int l_ukbhit(lua_State *L)
	192	{
	193	lua_pushboolean(L,ukbhit() ? true : false);
	194	return 1;
	195	}
0a85b725	196	/**
	197	* @brief Calls the command line parser to deal with the command. This enables
	198	* lua-scripts to do stuff like "core.console('hf mf mifare')"
	199	* @param L
	200	* @return
	201	*/
	202	static int l_CmdConsole(lua_State *L)
	203	{
	204	CommandReceived((char *)luaL_checkstring(L, 1));
	205	return 0;
	206	}
	207
77cd612f	208	static int l_iso15693_crc(lua_State *L)
	209	{
	210	// uint16_t Iso15693Crc(uint8_t *v, int n);
	211	size_t size;
	212	const char *v = luaL_checklstring(L, 1, &size);
	213	uint16_t retval = Iso15693Crc((uint8_t *) v, size);
	214	lua_pushinteger(L, (int) retval);
	215	return 1;
	216	}
5b760b6c	217
5de79e20	218	static int l_iso14443b_crc(lua_State *L)
	219	{
	220	/* void ComputeCrc14443(int CrcType,
	221	const unsigned char *Data, int Length,
	222	unsigned char *TransmitFirst,
	223	unsigned char *TransmitSecond)
	224	*/
	225	unsigned char buf[USB_CMD_DATA_SIZE];
	226	size_t len = 0;
	227	const char *data = luaL_checklstring(L, 1, &len);
	228	if (USB_CMD_DATA_SIZE < len)
	229	len = USB_CMD_DATA_SIZE-2;
	230
	231	for (int i = 0; i < len; i += 2) {
	232	sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
	233	}
	234	ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]);
	235
	236	lua_pushlstring(L, (const char *)&buf, len+2);
	237	return 1;
	238	}
	239
c15d2bdc	240	/*
	241	Simple AES 128 cbc hook up to OpenSSL.
	242	params: key, input
	243	*/
b18948fd	244	static int l_aes128decrypt_cbc(lua_State *L)
c15d2bdc	245	{
	246	//Check number of arguments
	247	int i;
	248	size_t size;
	249	const char *p_key = luaL_checklstring(L, 1, &size);
	250	if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
	251
	252	const char *p_encTxt = luaL_checklstring(L, 2, &size);
b915fda3	253
1f6417a9 MHS	254	unsigned char indata[16] = {0x00};
	255	unsigned char outdata[16] = {0x00};
	256	unsigned char aes_key[16] = {0x00};
	257	unsigned char iv[16] = {0x00};
d87779d6	258
d730878d	259	// convert key to bytearray and convert input to bytearray
c15d2bdc	260	for (i = 0; i < 32; i += 2) {
c15d2bdc	261	sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
d87779d6	262	sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
c15d2bdc	263	}
d87779d6	264
	265	aes_context ctx;
	266	aes_init(&ctx);
d87779d6	267	aes_setkey_dec(&ctx, aes_key, 128);
	268	aes_crypt_cbc(&ctx, AES_DECRYPT, sizeof(indata), iv, indata, outdata );
	269	//Push decrypted array as a string
	270	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	271	return 1;// return 1 to signal one return value
	272	}
b18948fd	273	static int l_aes128decrypt_ecb(lua_State *L)
	274	{
	275	//Check number of arguments
	276	int i;
	277	size_t size;
	278	const char *p_key = luaL_checklstring(L, 1, &size);
	279	if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
	280
	281	const char *p_encTxt = luaL_checklstring(L, 2, &size);
	282
	283	unsigned char indata[16] = {0x00};
	284	unsigned char outdata[16] = {0x00};
	285	unsigned char aes_key[16] = {0x00};
	286
	287	// convert key to bytearray and convert input to bytearray
	288	for (i = 0; i < 32; i += 2) {
	289	sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
	290	sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
	291	}
	292	aes_context ctx;
	293	aes_init(&ctx);
	294	aes_setkey_dec(&ctx, aes_key, 128);
	295	aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );
	296
	297	//Push decrypted array as a string
	298	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	299	return 1;// return 1 to signal one return value
	300	}
	301
	302	static int l_aes128encrypt_cbc(lua_State *L)
d87779d6	303	{
	304	//Check number of arguments
	305	int i;
	306	size_t size;
	307	const char *p_key = luaL_checklstring(L, 1, &size);
	308	if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
	309
	310	const char *p_txt = luaL_checklstring(L, 2, &size);
	311
	312	unsigned char indata[16] = {0x00};
	313	unsigned char outdata[16] = {0x00};
	314	unsigned char aes_key[16] = {0x00};
	315	unsigned char iv[16] = {0x00};
c15d2bdc	316
c15d2bdc	317	for (i = 0; i < 32; i += 2) {
d87779d6	318	sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
c15d2bdc	319	sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
c15d2bdc	320	}
1f6417a9 MHS	321
	322	aes_context ctx;
	323	aes_init(&ctx);
d730878d	324	aes_setkey_enc(&ctx, aes_key, 128);
d87779d6	325	aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
d730878d	326	//Push encrypted array as a string
c15d2bdc	327	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	328	return 1;// return 1 to signal one return value
	329	}
	330
b18948fd	331	static int l_aes128encrypt_ecb(lua_State *L)
	332	{
	333	//Check number of arguments
	334	int i;
	335	size_t size;
	336	const char *p_key = luaL_checklstring(L, 1, &size);
	337	if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
	338
	339	const char *p_txt = luaL_checklstring(L, 2, &size);
	340
	341	unsigned char indata[16] = {0x00};
	342	unsigned char outdata[16] = {0x00};
	343	unsigned char aes_key[16] = {0x00};
	344
	345	for (i = 0; i < 32; i += 2) {
	346	sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
	347	sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
	348	}
	349	aes_context ctx;
	350	aes_init(&ctx);
	351	aes_setkey_enc(&ctx, aes_key, 128);
	352	aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
	353	//Push encrypted array as a string
	354	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	355	return 1;// return 1 to signal one return value
	356	}
	357
a75d63f1	358	static int l_crc8legic(lua_State *L)
	359	{
	360	size_t size;
	361	const char *p_str = luaL_checklstring(L, 1, &size);
	362
	363	uint16_t retval = CRC8Legic( (uint8_t*) p_str, size);
	364	lua_pushinteger(L, (int) retval);
	365	return 1;
	366	}
	367
47cbb2d4	368	static int l_crc16(lua_State *L)
	369	{
	370	size_t size;
	371	const char *p_str = luaL_checklstring(L, 1, &size);
d730878d	372
06b58a94	373	uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
47cbb2d4	374	lua_pushinteger(L, (int) retval);
	375	return 1;
	376	}
	377
3ee8c808	378	static int l_crc64(lua_State *L)
	379	{
	380	size_t size;
	381	uint64_t crc = 0;
	382	unsigned char outdata[8] = {0x00};
	383
	384	const char *p_str = luaL_checklstring(L, 1, &size);
d730878d	385
3ee8c808	386	crc64( (uint8_t*) p_str, size, &crc);
	387
	388	outdata[0] = (uint8_t)(crc >> 56) & 0xff;
	389	outdata[1] = (uint8_t)(crc >> 48) & 0xff;
	390	outdata[2] = (uint8_t)(crc >> 40) & 0xff;
	391	outdata[3] = (uint8_t)(crc >> 32) & 0xff;
	392	outdata[4] = (uint8_t)(crc >> 24) & 0xff;
	393	outdata[5] = (uint8_t)(crc >> 16) & 0xff;
	394	outdata[6] = (uint8_t)(crc >> 8) & 0xff;
	395	outdata[7] = crc & 0xff;
	396	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
d730878d	397	return 1;
3ee8c808	398	}
3ee8c808	399
2d2f7d19	400	static int l_sha1(lua_State *L)
2d2f7d19	401	{
ea75b30c	402	size_t size;
	403	const char *p_str = luaL_checklstring(L, 1, &size);
	404	unsigned char outdata[20] = {0x00};
	405	sha1( (uint8_t*) p_str, size, outdata);
	406	lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
	407	return 1;
	408	}
	409
60e86577	410	static int l_reveng_models(lua_State *L){
	411
	412	char *models[80];
	413	int count = 0;
dd1df490	414	int in_width = luaL_checkinteger(L, 1);
60e86577	415
	416	if( in_width > 89 ) return returnToLuaWithError(L,"Width cannot exceed 89, got %d", in_width);
	417
99789601	418	uint8_t width[80];
	419	width[0] = (uint8_t)in_width;
	420	int ans = GetModels(models, &count, width);
	421	if (!ans) return 0;
60e86577	422
	423	lua_newtable(L);
	424
	425	for (int i = 0; i < count; i++){
	426	lua_pushstring(L, (const char*)models[i]);
	427	lua_rawseti(L,-2,i+1);
	428	free(models[i]);
	429	}
	430
	431	return 1;
	432	}
	433
dd1df490	434	//Called with 4 parameters.
	435	// inModel ,string containing the crc model name: 'CRC-8'
	436	// inHexStr ,string containing the hex representation of the data that will be used for CRC calculations.
	437	// reverse ,int 0/1 (bool) if 1, calculate the reverse CRC
	438	// endian ,char, 'B','b','L','l','t','r' describing if Big-Endian or Little-Endian should be used in different combinations.
	439	//
	440	// outputs: string with hex representation of the CRC result
60e86577	441	static int l_reveng_RunModel(lua_State *L){
	442	//-c \|\| -v
	443	//inModel = valid model name string - CRC-8
	444	//inHexStr = input hex string to calculate crc on
	445	//reverse = reverse calc option if true
	446	//endian = {0 = calc default endian input and output, b = big endian input and output, B = big endian output, r = right justified
	447	// l = little endian input and output, L = little endian output only, t = left justified}
	448	//result = calculated crc hex string
	449	char result[50];
	450
dd1df490	451	const char *inModel = luaL_checkstring(L, 1);
	452	const char *inHexStr = luaL_checkstring(L, 2);
	453	bool reverse = lua_toboolean(L, 3);
	454	const char endian = luaL_checkstring(L, 4)[0];
60e86577	455
60e86577	456	//PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse);
dd1df490	457	// int RunModel(char inModel, char inHexStr, bool reverse, char endian, char *result)
dd1df490	458	int ans = RunModel( (char )inModel, (char )inHexStr, reverse, endian, result);
60e86577	459	if (!ans)
	460	return returnToLuaWithError(L,"Reveng failed");
	461
	462	lua_pushstring(L, (const char*)result);
	463	return 1;
	464	}
	465
686f0a17	466	/**
	467	* @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
	468	* able to do "require('foobar')" if foobar.lua is within lualibs folder.
	469	* Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c
	470	* @param L
	471	* @param path
	472	* @return
	473	*/
	474	int setLuaPath( lua_State* L, const char* path )
	475	{
	476	lua_getglobal( L, "package" );
	477	lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1)
	478	const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack
	479	int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it
	480	char * buf = malloc(requiredLength);
	481	snprintf(buf, requiredLength, "%s;%s", cur_path, path);
	482	lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5
	483	lua_pushstring( L, buf ); // push the new one
	484	lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
	485	lua_pop( L, 1 ); // get rid of package table from top of stack
d730878d	486	free(buf);
664bb5ae	487	return 0; // all done!
686f0a17	488	}
	489
	490
f057bddb	491	int set_pm3_libraries(lua_State *L)
5b760b6c	492	{
686f0a17	493
5b760b6c	494	static const luaL_Reg libs[] = {
	495	{"SendCommand", l_SendCommand},
	496	{"WaitForResponseTimeout", l_WaitForResponseTimeout},
2dcdf1a6	497	{"nonce2key", l_nonce2key},
42daa759	498	//{"PrintAndLog", l_PrintAndLog},
44fffc54	499	{"foobar", l_foobar},
	500	{"ukbhit", l_ukbhit},
	501	{"clearCommandBuffer", l_clearCommandBuffer},
d730878d	502	{"console", l_CmdConsole},
d730878d	503	{"iso15693_crc", l_iso15693_crc},
5de79e20	504	{"iso14443b_crc", l_iso14443b_crc},
b18948fd	505	{"aes128_decrypt", l_aes128decrypt_cbc},
	506	{"aes128_decrypt_ecb", l_aes128decrypt_ecb},
	507	{"aes128_encrypt", l_aes128encrypt_cbc},
	508	{"aes128_encrypt_ecb", l_aes128encrypt_ecb},
a75d63f1	509	{"crc8legic", l_crc8legic},
47cbb2d4	510	{"crc16", l_crc16},
d730878d	511	{"crc64", l_crc64},
ea75b30c	512	{"sha1", l_sha1},
60e86577	513	{"reveng_models", l_reveng_models},
60e86577	514	{"reveng_runmodel", l_reveng_RunModel},
5b760b6c	515	{NULL, NULL}
	516	};
	517
	518	lua_pushglobaltable(L);
	519	// Core library is in this table. Contains '
	520	//this is 'pm3' table
	521	lua_newtable(L);
	522
	523	//Put the function into the hash table.
	524	for (int i = 0; libs[i].name; i++) {
	525	lua_pushcfunction(L, libs[i].func);
	526	lua_setfield(L, -2, libs[i].name);//set the name, pop stack
	527	}
	528	//Name of 'core'
	529	lua_setfield(L, -2, "core");
	530
	531	//-- remove the global environment table from the stack
	532	lua_pop(L, 1);
686f0a17	533
	534	//-- Last but not least, add to the LUA_PATH (package.path in lua)
	535	// so we can load libraries from the ./lualib/ - directory
	536	setLuaPath(L,"./lualibs/?.lua");
	537
5b760b6c	538	return 1;
5b760b6c	539	}