[proxmark3-svn] / client / scripts / tnp3sim.lua

local cmds = require('commands')
local getopt = require('getopt')
local bin = require('bin')
local lib14a = require('read14a')
local utils = require('utils')
local md5 = require('md5')
local toys = require('default_toys')

example =[[
	1. script run tnp3sim
	2. script run tnp3sim -m
	3. script run tnp3sim -m -i myfile
]]
author = "Iceman"
usage = "script run tnp3sim -h -m -i <filename>"
desc =[[
This script will try to load a binary datadump of a Mifare TNP3xxx card.
It vill try to validate all checksums and view some information stored in the dump
For an experimental mode, it tries to manipulate some data.
At last it sends all data to the PM3 device memory where it can be used in the command  "hf mf sim"

Arguments:
	-h             : this help
	-m             : Maxed out items (experimental)
	-i             : filename for the datadump to read (bin)

	]]

local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = false -- the debug flag
local RANDOM = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'

local band = bit32.band
local bor = bit32.bor
local lshift = bit32.lshift
local rshift = bit32.rshift
local byte = string.byte
local char = string.char
local sub = string.sub
local format = string.format

--- 
-- A debug printout-function
function dbg(args)
	if not DEBUG then
		return
	end
	
    if type(args) == "table" then
		local i = 1
		while result[i] do
			dbg(result[i])
			i = i+1
		end
	else
		print("###", args)
	end	
end	
--- 
-- This is only meant to be used when errors occur
function oops(err)
	print("ERROR: ",err)
	return nil,err
end
--- 
-- Usage help
function help()
	print(desc)
	print("Example usage")
	print(example)
end
--
-- Exit message
function ExitMsg(msg)
	print( string.rep('--',20) )
	print( string.rep('--',20) )
	print(msg)
	print()
end

local function writedumpfile(infile)
	 t = infile:read("*all")
	 len = string.len(t)
	 local len,hex = bin.unpack(("H%d"):format(len),t)
	 return hex
end
-- blocks with data
-- there are two dataareas, in block 8 or block 36,   ( 1==8 ,
-- checksum type =  0, 1, 2, 3
local function GetCheckSum(blocks, dataarea, chksumtype)

	local crc
	local area = 36
	if  dataarea == 1 then
		area = 8
	end
	
	if chksumtype == 0 then
		crc = blocks[1]:sub(29,32)
	elseif chksumtype == 1 then
		crc = blocks[area]:sub(29,32)
	elseif chksumtype == 2 then	
		crc = blocks[area]:sub(25,28)
	elseif chksumtype == 3 then
		crc = blocks[area]:sub(21,24)		
	end
	return utils.SwapEndianness(crc,16)
end

local function SetCheckSum(blocks, chksumtype)

	if blocks == nil then return nil, 'Argument \"blocks\" nil' end
	local newcrc
	local area1 = 8
	local area2 = 36
	
	if chksumtype == 0 then
		newcrc = ('%04X'):format(CalcCheckSum(blocks,1,0))	
		blocks[1] = blocks[1]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
	elseif chksumtype == 1 then
		newcrc = ('%04X'):format(CalcCheckSum(blocks,1,1))	
		blocks[area1] = blocks[area1]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
		newcrc = ('%04X'):format(CalcCheckSum(blocks,2,1))	
		blocks[area2] = blocks[area2]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
	elseif chksumtype == 2 then	
		newcrc = ('%04X'):format(CalcCheckSum(blocks,1,2))	
		blocks[area1] = blocks[area1]:sub(1,24)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area1]:sub(29,32)
		newcrc = ('%04X'):format(CalcCheckSum(blocks,2,2))	
		blocks[area2] = blocks[area2]:sub(1,24)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area2]:sub(29,32)
	elseif chksumtype == 3 then
		newcrc = ('%04X'):format(CalcCheckSum(blocks,1,3))	
		blocks[area1] = blocks[area1]:sub(1,20)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area1]:sub(25,32)
		newcrc = ('%04X'):format(CalcCheckSum(blocks,2,3))	
		blocks[area2] = blocks[area2]:sub(1,20)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area2]:sub(25,32)
	end
end

function CalcCheckSum(blocks, dataarea, chksumtype)
	local area = 36
	if dataarea == 1 then
		area = 8
	end
	
	if chksumtype == 0 then
		data = blocks[0]..blocks[1]:sub(1,28)
	elseif chksumtype == 1 then
		data = blocks[area]:sub(1,28)..'0500'
	elseif chksumtype == 2 then	
		data =	blocks[area+1]..blocks[area+2]..blocks[area+4]
	elseif chksumtype == 3 then
		data =  blocks[area+5]..blocks[area+6]..blocks[area+8]..string.rep('00',0xe0)	
	end
	return utils.Crc16(data)
end

local function ValidateCheckSums(blocks)

	local isOk, crc, calc
	-- Checksum Type 0
	crc = GetCheckSum(blocks,1,0)
	calc = CalcCheckSum(blocks, 1, 0)
	if crc == calc then isOk='Ok' else isOk = 'Error' end
	io.write( ('TYPE 0       : %04x = %04x -- %s\n'):format(crc,calc,isOk))

	-- Checksum Type 1 (DATAAREAHEADER 1)
	crc = GetCheckSum(blocks,1,1)
	calc = CalcCheckSum(blocks,1,1)
	if crc == calc then isOk='Ok' else isOk = 'Error' end
	io.write( ('TYPE 1 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))
	
	-- Checksum Type 1 (DATAAREAHEADER 2)
	crc = GetCheckSum(blocks,2,1)
	calc = CalcCheckSum(blocks,2,1)
	if crc == calc then isOk='Ok' else isOk = 'Error' end
	io.write( ('TYPE 1 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
	
	-- Checksum Type 2 (DATAAREA 1)
	crc = GetCheckSum(blocks,1,2)
	calc = CalcCheckSum(blocks,1,2)
	if crc == calc then isOk='Ok' else isOk = 'Error' end	
	io.write( ('TYPE 2 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))

	-- Checksum Type 2 (DATAAREA 2)
	crc = GetCheckSum(blocks,2,2)
	calc = CalcCheckSum(blocks,2,2)
	if crc == calc then isOk='Ok' else isOk = 'Error' end	
	io.write( ('TYPE 2 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))

	-- Checksum Type 3 (DATAAREA 1)
	crc = GetCheckSum(blocks,1,3)
	calc = CalcCheckSum(blocks,1,3)
	if crc == calc then isOk='Ok' else isOk = 'Error' end	
	io.write( ('TYPE 3 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))

	-- Checksum Type 3 (DATAAREA 2)
	crc = GetCheckSum(blocks,2,3)
	calc = CalcCheckSum(blocks,2,3)
	if crc == calc then isOk='Ok' else isOk = 'Error' end	
	io.write( ('TYPE 3 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))

	local cmd
	local blockdata
	for _,b in pairs(blocks) do 
		
		blockdata = b
		
		if  _%4 ~= 3 then
			if (_ >= 8 and _<=21)  or  (_ >= 36 and _<=49) then
				local base = ('%s%s%02x%s'):format(blocks[0], blocks[1], _ , RANDOM)	
				local baseStr = utils.ConvertHexToAscii(base)
				local key = md5.sumhexa(baseStr)
				local enc = core.aes128_encrypt(key, blockdata)
				local hex = utils.ConvertAsciiToBytes(enc)
				hex = utils.ConvertBytesToHex(hex)
			
				blockdata = hex
				io.write( _..',')
			end
		end

		cmd = Command:new{cmd = cmds.CMD_MIFARE_EML_MEMSET, arg1 = _ ,arg2 = 1,arg3 = 0, data = blockdata}
		local err = core.SendCommand(cmd:getBytes())
		if err then 
			return err
		end
	end
	io.write('\n')
end

local function Num2Card(m, l)

	local k = {
		0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,0x42, 0x43, 0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B,
		0x4C, 0x4D, 0x4E, 0x50, 0x51, 0x52, 0x53, 0x54,0x56, 0x57, 0x58, 0x59, 0x5A, 0x00
	}
	local msw = tonumber(utils.SwapEndiannessStr(m,32),16)
	local lsw = tonumber(utils.SwapEndiannessStr(l,32),16)

	if msw > 0x17ea1 then
		return "too big"
	end

	if msw == 0x17ea1 and lsw > 0x8931fee8 then
		return "out of range"
	end

	local s = ""
	local index
	for i = 1,10 do
		index, msw, lsw = DivideByK( msw, lsw)
		if ( index <= 1 ) then
			s = char(k[index]) .. s
		else
			s = char(k[index-1]) .. s
		end 
		print (index-1, msw, lsw)
	end
    return s
end
--33LRT-LM9Q9
--7, 122, 3474858630
--20, 4, 1008436634
--7, 0, 627182959
--17, 0, 21626998
--16, 0, 745758
--23, 0, 25715
--21, 0, 886
--16, 0, 30
--1, 0, 1
--1, 0, 0

function DivideByK(msw, lsw)

	local lowLSW
	local highLSW
	local remainder = 0
	local RADIX = 29

	--local num = 0 | band( rshift(msw,16), 0xffff)
	local num = band( rshift(msw, 16), 0xffff)
 
	--highLSW = 0 | lshift( (num / RADIX) , 16)
	highLSW = lshift( (num / RADIX) , 16)
	remainder = num % RADIX

	num =  bor( lshift(remainder,16), band(msw, 0xffff))

	--highLSW |= num / RADIX
	highLSW = highLSW or (num / RADIX)
	remainder = num % RADIX

	num =  bor( lshift(remainder,16), ( band(rshift(lsw,16), 0xffff)))

	--lowLSW = 0 | (num / RADIX) << 16
	lowLSW = 0 or (lshift( (num / RADIX), 16))
	remainder = num % RADIX

	num =  bor( lshift(remainder,16) , band(lsw, 0xffff) )

	lowLSW = bor(lowLSW, (num / RADIX))
	remainder = num % RADIX
	return remainder, highLSW, lowLSW
	
	            -- uint num = 0 | (msw >> 16) & 0xffff;
 
            -- highLSW = 0 | (num / RADIX) << 16;
            -- remainder = num % RADIX;

            -- num = (remainder << 16) | (msw & 0xffff);
 
            -- highLSW |= num / RADIX;
            -- remainder = num % RADIX;

            -- num = (remainder << 16) | ((lsw >> 16) & 0xffff);

            -- lowLSW = 0 | (num / RADIX) << 16;
            -- remainder = num % RADIX;

            -- num = (remainder << 16) | (lsw & 0xffff);

            -- lowLSW |= num / RADIX;
            -- remainder = num % RADIX;

end

local function main(args)

	print( string.rep('--',20) )
	print( string.rep('--',20) )
	
	local result, err, hex
	local maxed = false
	local inputTemplate = "dumpdata.bin"
	local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M");
	
		-- Arguments for the script
	for o, a in getopt.getopt(args, 'hmi:o:') do
		if o == "h" then return help() end		
		if o == "m" then maxed = true end
		if o == "o" then outputTemplate = a end		
		if o == "i" then inputTemplate = a end
	end
	
	-- Turn off Debug
	local cmdSetDbgOff = "hf mf dbg 0"
	core.console( cmdSetDbgOff) 
	
	-- Load dump.bin file
	print( (' Load data from %s'):format(inputTemplate))
	hex, err = utils.ReadDumpFile(inputTemplate)
	if not hex then return oops(err) end
	
	local blocks = {}
	local blockindex = 0
	for i = 1, #hex, 32 do
		blocks[blockindex] = hex:sub(i,i+31)
		blockindex = blockindex + 1
	end

	if DEBUG then
		print(' Validating checksums')
		ValidateCheckSums(blocks)
	end
	
	--
	print( string.rep('--',20) )	
	print(' Gathering info')
	local uid = blocks[0]:sub(1,8)
	local toytype = blocks[1]:sub(1,4)
	local cardidLsw = blocks[1]:sub(9,16)
	local cardidMsw = blocks[1]:sub(17,24)
	local subtype  = blocks[1]:sub(25,28)

	-- Show info 
	print( string.rep('--',20) )
	
	local item = toys.Find( toytype, subtype)
	if item then
		local itemStr = ('%s - %s (%s)'):format(item[6],item[5], item[4])
		print(' ITEM TYPE : '..itemStr )
	else
		print( (' ITEM TYPE : 0x%s 0x%s'):format(toytype, subtype) )
	end	
	
	print( ('       UID : 0x%s'):format(uid) )
	print( ('    CARDID : 0x%s %s [%s]'):format(
								cardidMsw,cardidLsw, 
								--Num2Card(cardidMsw, cardidLsw))
								'')
								)
	print( string.rep('--',20) )


	-- Experience should be:  	
	local experience = blocks[8]:sub(1,6)
	print(('Experience  : %d'):format(utils.SwapEndianness(experience,16)))
	
	local money = blocks[8]:sub(7,10)
	print(('Money       : %d'):format(utils.SwapEndianness(money,16)))

	-- 
	
	-- Sequence number
	local seqnum = blocks[8]:sub(18,19)
	print(('Sequence number : %d'):format( tonumber(seqnum,16)))
	
	local fairy = blocks[9]:sub(1,8)
	--FD0F = Left, FF0F = Right
	local path = 'not choosen'
	if fairy:sub(2,2) == 'D' then
		path = 'Left'
	elseif fairy:sub(2,2) == 'F' then
		path = 'Right'
	end
	print(('Fairy       : %d [Path: %s] '):format(utils.SwapEndianness(fairy,24),path))
	
	local hat = blocks[9]:sub(8,11)
	print(('Hat         : %d'):format(utils.SwapEndianness(hat,16)))

	local level = blocks[13]:sub(27,28)
	print(('LEVEL : %d'):format( tonumber(level,16)))
Commit	Line	Data
b915fda3	1	local cmds = require('commands')
	2	local getopt = require('getopt')
	3	local bin = require('bin')
	4	local lib14a = require('read14a')
	5	local utils = require('utils')
	6	local md5 = require('md5')
cff17e78	7	local toys = require('default_toys')
b915fda3	8
	9	example =[[
	10	1. script run tnp3sim
	11	2. script run tnp3sim -m
	12	3. script run tnp3sim -m -i myfile
	13	]]
	14	author = "Iceman"
	15	usage = "script run tnp3sim -h -m -i <filename>"
	16	desc =[[
	17	This script will try to load a binary datadump of a Mifare TNP3xxx card.
	18	It vill try to validate all checksums and view some information stored in the dump
	19	For an experimental mode, it tries to manipulate some data.
	20	At last it sends all data to the PM3 device memory where it can be used in the command "hf mf sim"
	21
	22	Arguments:
	23	-h : this help
	24	-m : Maxed out items (experimental)
	25	-i : filename for the datadump to read (bin)
b915fda3	26
1b3c567d	27	]]
04a6113f	28
1b3c567d	29	local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
	30	local DEBUG = false -- the debug flag
	31	local RANDOM = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'
04a6113f	32
	33	local band = bit32.band
	34	local bor = bit32.bor
	35	local lshift = bit32.lshift
	36	local rshift = bit32.rshift
	37	local byte = string.byte
	38	local char = string.char
	39	local sub = string.sub
	40	local format = string.format
	41
b915fda3	42	---
	43	-- A debug printout-function
	44	function dbg(args)
	45	if not DEBUG then
	46	return
	47	end
	48
	49	if type(args) == "table" then
	50	local i = 1
	51	while result[i] do
	52	dbg(result[i])
	53	i = i+1
	54	end
	55	else
	56	print("###", args)
	57	end
	58	end
	59	---
	60	-- This is only meant to be used when errors occur
	61	function oops(err)
	62	print("ERROR: ",err)
3b4fa542	63	return nil,err
b915fda3	64	end
	65	---
	66	-- Usage help
	67	function help()
	68	print(desc)
	69	print("Example usage")
	70	print(example)
	71	end
	72	--
	73	-- Exit message
	74	function ExitMsg(msg)
	75	print( string.rep('--',20) )
	76	print( string.rep('--',20) )
	77	print(msg)
	78	print()
	79	end
	80
b915fda3	81	local function writedumpfile(infile)
	82	t = infile:read("*all")
	83	len = string.len(t)
	84	local len,hex = bin.unpack(("H%d"):format(len),t)
	85	return hex
	86	end
	87	-- blocks with data
	88	-- there are two dataareas, in block 8 or block 36, ( 1==8 ,
	89	-- checksum type = 0, 1, 2, 3
	90	local function GetCheckSum(blocks, dataarea, chksumtype)
	91
	92	local crc
	93	local area = 36
	94	if dataarea == 1 then
	95	area = 8
	96	end
	97
	98	if chksumtype == 0 then
	99	crc = blocks[1]:sub(29,32)
	100	elseif chksumtype == 1 then
	101	crc = blocks[area]:sub(29,32)
	102	elseif chksumtype == 2 then
	103	crc = blocks[area]:sub(25,28)
	104	elseif chksumtype == 3 then
	105	crc = blocks[area]:sub(21,24)
	106	end
	107	return utils.SwapEndianness(crc,16)
	108	end
	109
	110	local function SetCheckSum(blocks, chksumtype)
	111
	112	if blocks == nil then return nil, 'Argument \"blocks\" nil' end
	113	local newcrc
	114	local area1 = 8
	115	local area2 = 36
	116
	117	if chksumtype == 0 then
	118	newcrc = ('%04X'):format(CalcCheckSum(blocks,1,0))
	119	blocks[1] = blocks[1]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
	120	elseif chksumtype == 1 then
	121	newcrc = ('%04X'):format(CalcCheckSum(blocks,1,1))
	122	blocks[area1] = blocks[area1]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
	123	newcrc = ('%04X'):format(CalcCheckSum(blocks,2,1))
	124	blocks[area2] = blocks[area2]:sub(1,28)..newcrc:sub(3,4)..newcrc:sub(1,2)
	125	elseif chksumtype == 2 then
	126	newcrc = ('%04X'):format(CalcCheckSum(blocks,1,2))
	127	blocks[area1] = blocks[area1]:sub(1,24)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area1]:sub(29,32)
	128	newcrc = ('%04X'):format(CalcCheckSum(blocks,2,2))
	129	blocks[area2] = blocks[area2]:sub(1,24)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area2]:sub(29,32)
	130	elseif chksumtype == 3 then
	131	newcrc = ('%04X'):format(CalcCheckSum(blocks,1,3))
	132	blocks[area1] = blocks[area1]:sub(1,20)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area1]:sub(25,32)
	133	newcrc = ('%04X'):format(CalcCheckSum(blocks,2,3))
	134	blocks[area2] = blocks[area2]:sub(1,20)..newcrc:sub(3,4)..newcrc:sub(1,2)..blocks[area2]:sub(25,32)
	135	end
	136	end
	137
	138	function CalcCheckSum(blocks, dataarea, chksumtype)
	139	local area = 36
	140	if dataarea == 1 then
	141	area = 8
	142	end
	143
	144	if chksumtype == 0 then
145	data = blocks[0]..blocks[1]:sub(1,28)
146	elseif chksumtype == 1 then
147	data = blocks[area]:sub(1,28)..'0500'
148	elseif chksumtype == 2 then
149	data = blocks[area+1]..blocks[area+2]..blocks[area+4]
150	elseif chksumtype == 3 then
151	data = blocks[area+5]..blocks[area+6]..blocks[area+8]..string.rep('00',0xe0)
152	end
153	return utils.Crc16(data)
154	end
155
156	local function ValidateCheckSums(blocks)
157
158	local isOk, crc, calc
159	-- Checksum Type 0
160	crc = GetCheckSum(blocks,1,0)
161	calc = CalcCheckSum(blocks, 1, 0)
162	if crc == calc then isOk='Ok' else isOk = 'Error' end
163	io.write( ('TYPE 0 : %04x = %04x -- %s\n'):format(crc,calc,isOk))
164
165	-- Checksum Type 1 (DATAAREAHEADER 1)
166	crc = GetCheckSum(blocks,1,1)
167	calc = CalcCheckSum(blocks,1,1)
168	if crc == calc then isOk='Ok' else isOk = 'Error' end
169	io.write( ('TYPE 1 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))
170
171	-- Checksum Type 1 (DATAAREAHEADER 2)
172	crc = GetCheckSum(blocks,2,1)
173	calc = CalcCheckSum(blocks,2,1)
174	if crc == calc then isOk='Ok' else isOk = 'Error' end
175	io.write( ('TYPE 1 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
176
177	-- Checksum Type 2 (DATAAREA 1)
178	crc = GetCheckSum(blocks,1,2)
179	calc = CalcCheckSum(blocks,1,2)
180	if crc == calc then isOk='Ok' else isOk = 'Error' end
181	io.write( ('TYPE 2 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))
182
183	-- Checksum Type 2 (DATAAREA 2)
184	crc = GetCheckSum(blocks,2,2)
185	calc = CalcCheckSum(blocks,2,2)
186	if crc == calc then isOk='Ok' else isOk = 'Error' end
187	io.write( ('TYPE 2 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
188
189	-- Checksum Type 3 (DATAAREA 1)
190	crc = GetCheckSum(blocks,1,3)
191	calc = CalcCheckSum(blocks,1,3)
192	if crc == calc then isOk='Ok' else isOk = 'Error' end
193	io.write( ('TYPE 3 area 1: %04x = %04x -- %s\n'):format(crc,calc,isOk))
194
195	-- Checksum Type 3 (DATAAREA 2)
196	crc = GetCheckSum(blocks,2,3)
197	calc = CalcCheckSum(blocks,2,3)
198	if crc == calc then isOk='Ok' else isOk = 'Error' end
199	io.write( ('TYPE 3 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
b915fda3	200
b915fda3	201	local cmd
	202	local blockdata
	203	for _,b in pairs(blocks) do
	204
	205	blockdata = b
	206
	207	if _%4 ~= 3 then
	208	if (_ >= 8 and _<=21) or (_ >= 36 and _<=49) then
1b3c567d	209	local base = ('%s%s%02x%s'):format(blocks[0], blocks[1], _ , RANDOM)
b915fda3	210	local baseStr = utils.ConvertHexToAscii(base)
b915fda3	211	local key = md5.sumhexa(baseStr)
1b3c567d	212	local enc = core.aes128_encrypt(key, blockdata)
b915fda3	213	local hex = utils.ConvertAsciiToBytes(enc)
	214	hex = utils.ConvertBytesToHex(hex)
	215
	216	blockdata = hex
	217	io.write( _..',')
	218	end
	219	end
	220
	221	cmd = Command:new{cmd = cmds.CMD_MIFARE_EML_MEMSET, arg1 = _ ,arg2 = 1,arg3 = 0, data = blockdata}
	222	local err = core.SendCommand(cmd:getBytes())
	223	if err then
	224	return err
	225	end
	226	end
	227	io.write('\n')
	228	end
	229
04a6113f	230	local function Num2Card(m, l)
	231
	232	local k = {
	233	0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,0x42, 0x43, 0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B,
	234	0x4C, 0x4D, 0x4E, 0x50, 0x51, 0x52, 0x53, 0x54,0x56, 0x57, 0x58, 0x59, 0x5A, 0x00
	235	}
	236	local msw = tonumber(utils.SwapEndiannessStr(m,32),16)
	237	local lsw = tonumber(utils.SwapEndiannessStr(l,32),16)
	238
	239	if msw > 0x17ea1 then
	240	return "too big"
	241	end
	242
	243	if msw == 0x17ea1 and lsw > 0x8931fee8 then
	244	return "out of range"
	245	end
	246
	247	local s = ""
	248	local index
	249	for i = 1,10 do
	250	index, msw, lsw = DivideByK( msw, lsw)
	251	if ( index <= 1 ) then
	252	s = char(k[index]) .. s
	253	else
	254	s = char(k[index-1]) .. s
	255	end
	256	print (index-1, msw, lsw)
	257	end
	258	return s
	259	end
	260	--33LRT-LM9Q9
	261	--7, 122, 3474858630
	262	--20, 4, 1008436634
	263	--7, 0, 627182959
	264	--17, 0, 21626998
	265	--16, 0, 745758
	266	--23, 0, 25715
	267	--21, 0, 886
	268	--16, 0, 30
	269	--1, 0, 1
	270	--1, 0, 0
	271
	272	function DivideByK(msw, lsw)
	273
	274	local lowLSW
	275	local highLSW
	276	local remainder = 0
	277	local RADIX = 29
	278
	279	--local num = 0 \| band( rshift(msw,16), 0xffff)
	280	local num = band( rshift(msw, 16), 0xffff)
	281
	282	--highLSW = 0 \| lshift( (num / RADIX) , 16)
	283	highLSW = lshift( (num / RADIX) , 16)
	284	remainder = num % RADIX
	285
	286	num = bor( lshift(remainder,16), band(msw, 0xffff))
	287
	288	--highLSW \|= num / RADIX
	289	highLSW = highLSW or (num / RADIX)
	290	remainder = num % RADIX
	291
	292	num = bor( lshift(remainder,16), ( band(rshift(lsw,16), 0xffff)))
	293
294	--lowLSW = 0 \| (num / RADIX) << 16
295	lowLSW = 0 or (lshift( (num / RADIX), 16))
296	remainder = num % RADIX
297
298	num = bor( lshift(remainder,16) , band(lsw, 0xffff) )
299
300	lowLSW = bor(lowLSW, (num / RADIX))
301	remainder = num % RADIX
302	return remainder, highLSW, lowLSW
303
40762506	304	-- uint num = 0 \| (msw >> 16) & 0xffff;
04a6113f	305
40762506	306	-- highLSW = 0 \| (num / RADIX) << 16;
40762506	307	-- remainder = num % RADIX;
04a6113f	308
40762506	309	-- num = (remainder << 16) \| (msw & 0xffff);
04a6113f	310
40762506	311	-- highLSW \|= num / RADIX;
40762506	312	-- remainder = num % RADIX;
04a6113f	313
40762506	314	-- num = (remainder << 16) \| ((lsw >> 16) & 0xffff);
04a6113f	315
40762506	316	-- lowLSW = 0 \| (num / RADIX) << 16;
40762506	317	-- remainder = num % RADIX;
04a6113f	318
40762506	319	-- num = (remainder << 16) \| (lsw & 0xffff);
04a6113f	320
40762506	321	-- lowLSW \|= num / RADIX;
40762506	322	-- remainder = num % RADIX;
04a6113f	323
	324	end
	325
b915fda3	326	local function main(args)
	327
	328	print( string.rep('--',20) )
	329	print( string.rep('--',20) )
	330
	331	local result, err, hex
	332	local maxed = false
	333	local inputTemplate = "dumpdata.bin"
	334	local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M");
	335
	336	-- Arguments for the script
	337	for o, a in getopt.getopt(args, 'hmi:o:') do
	338	if o == "h" then return help() end
	339	if o == "m" then maxed = true end
	340	if o == "o" then outputTemplate = a end
	341	if o == "i" then inputTemplate = a end
	342	end
	343
	344	-- Turn off Debug
	345	local cmdSetDbgOff = "hf mf dbg 0"
	346	core.console( cmdSetDbgOff)
	347
b915fda3	348	-- Load dump.bin file
	349	print( (' Load data from %s'):format(inputTemplate))
	350	hex, err = utils.ReadDumpFile(inputTemplate)
	351	if not hex then return oops(err) end
	352
	353	local blocks = {}
	354	local blockindex = 0
	355	for i = 1, #hex, 32 do
	356	blocks[blockindex] = hex:sub(i,i+31)
	357	blockindex = blockindex + 1
	358	end
	359
	360	if DEBUG then
1b3c567d	361	print(' Validating checksums')
b915fda3	362	ValidateCheckSums(blocks)
	363	end
	364
	365	--
	366	print( string.rep('--',20) )
	367	print(' Gathering info')
	368	local uid = blocks[0]:sub(1,8)
c3fe354b	369	local toytype = blocks[1]:sub(1,4)
04a6113f	370	local cardidLsw = blocks[1]:sub(9,16)
04a6113f	371	local cardidMsw = blocks[1]:sub(17,24)
c3fe354b	372	local subtype = blocks[1]:sub(25,28)
b915fda3	373
	374	-- Show info
	375	print( string.rep('--',20) )
c3fe354b	376
	377	local item = toys.Find( toytype, subtype)
	378	if item then
	379	local itemStr = ('%s - %s (%s)'):format(item[6],item[5], item[4])
1b3c567d	380	print(' ITEM TYPE : '..itemStr )
c3fe354b	381	else
	382	print( (' ITEM TYPE : 0x%s 0x%s'):format(toytype, subtype) )
	383	end
	384
b915fda3	385	print( (' UID : 0x%s'):format(uid) )
04a6113f	386	print( (' CARDID : 0x%s %s [%s]'):format(
04a6113f	387	cardidMsw,cardidLsw,
40762506	388	--Num2Card(cardidMsw, cardidLsw))
40762506	389	'')
04a6113f	390	)
b915fda3	391	print( string.rep('--',20) )
b915fda3	392
04a6113f	393
1b3c567d	394	-- Experience should be:
b915fda3	395	local experience = blocks[8]:sub(1,6)
1b3c567d	396	print(('Experience : %d'):format(utils.SwapEndianness(experience,16)))
1b3c567d	397
b915fda3	398	local money = blocks[8]:sub(7,10)
b915fda3	399	print(('Money : %d'):format(utils.SwapEndianness(money,16)))
1b3c567d	400
	401	--
	402
	403	-- Sequence number
	404	local seqnum = blocks[8]:sub(18,19)
	405	print(('Sequence number : %d'):format( tonumber(seqnum,16)))
	406
b915fda3	407	local fairy = blocks[9]:sub(1,8)
	408	--FD0F = Left, FF0F = Right
	409	local path = 'not choosen'
	410	if fairy:sub(2,2) == 'D' then
	411	path = 'Left'
	412	elseif fairy:sub(2,2) == 'F' then
	413	path = 'Right'
	414	end
	415	print(('Fairy : %d [Path: %s] '):format(utils.SwapEndianness(fairy,24),path))
	416
	417	local hat = blocks[9]:sub(8,11)
	418	print(('Hat : %d'):format(utils.SwapEndianness(hat,16)))
1b3c567d	419
	420	local level = blocks[13]:sub(27,28)
	421	print(('LEVEL : %d'):format( tonumber(level,16)))
fb2d2488	422