]> git.zerfleddert.de Git - proxmark3-svn/blame - client/scripting.c
fix em410x XL bug
[proxmark3-svn] / client / scripting.c
CommitLineData
5b760b6c 1//-----------------------------------------------------------------------------
2// Copyright (C) 2013 m h swende <martin at swende.se>
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Some lua scripting glue to proxmark core.
9//-----------------------------------------------------------------------------
10
11#include <lua.h>
12#include <lualib.h>
13#include <lauxlib.h>
14#include "proxmark3.h"
15#include "usb_cmd.h"
16#include "cmdmain.h"
17#include "scripting.h"
44fffc54 18#include "util.h"
2dcdf1a6 19#include "nonce2key/nonce2key.h"
77cd612f 20#include "../common/iso15693tools.h"
be2d41b7 21#include "iso14443crc.h"
b915fda3 22#include "../common/crc16.h"
d730878d 23#include "../common/crc64.h"
1c4c0b06 24#include "../common/sha1.h"
1f6417a9 25#include "aes.h"
2e163546 26#include "cmdcrc.h"
5b760b6c 27/**
28 * The following params expected:
29 * UsbCommand c
30 *@brief l_SendCommand
31 * @param L
32 * @return
33 */
34static int l_SendCommand(lua_State *L){
35
d730878d 36 /*
37 *
38 The SendCommand (native) expects the following structure:
39
40 typedef struct {
41 uint64_t cmd; //8 bytes
42 uint64_t arg[3]; // 8*3 bytes = 24 bytes
43 union {
44 uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR)
45 uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes
46 } d;
47 } PACKED UsbCommand;
48
49 ==> A 544 byte buffer will do.
50 **/
51 //Pop cmd
52 size_t size;
53 const char *data = luaL_checklstring(L, 1, &size);
54 if(size != sizeof(UsbCommand))
55 {
56 printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
57 lua_pushstring(L,"Wrong data size");
58 return 1;
59 }
96e7a3a5 60
61// UsbCommand c = (*data);
d730878d 62 SendCommand((UsbCommand* )data);
63 return 0; // no return values
5b760b6c 64}
65/**
66 * @brief The following params expected:
67 * uint32_t cmd
68 * size_t ms_timeout
69 * @param L
70 * @return
71 */
72static int l_WaitForResponseTimeout(lua_State *L){
73
d730878d 74 uint32_t cmd = 0;
75 size_t ms_timeout = -1;
76
77 //Check number of arguments
78 int n = lua_gettop(L);
79 if(n == 0)
80 {
81 //signal error by returning Nil, errorstring
82 lua_pushnil(L);
83 lua_pushstring(L,"You need to supply at least command to wait for");
84 return 2; // two return values
85 }
86 if(n >= 1)
87 {
88 //pop cmd
89 cmd = luaL_checkunsigned(L,1);
90 }
91 if(n >= 2)
92 {
93 //Did the user send a timeout ?
94 //Check if the current top of stack is an integer
95 ms_timeout = luaL_checkunsigned(L,2);
96 //printf("Timeout set to %dms\n" , (int) ms_timeout);
97 }
98
99 UsbCommand response;
100
101 if(WaitForResponseTimeout(cmd, &response, ms_timeout))
102 {
103 //Push it as a string
104 lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand));
105
106 return 1;// return 1 to signal one return value
107 }else{
108 //Push a Nil instead
109 lua_pushnil(L);
110 return 1;// one return value
111 }
5b760b6c 112}
2dcdf1a6 113
114static int returnToLuaWithError(lua_State *L, const char* fmt, ...)
115{
d730878d 116 char buffer[200];
117 va_list args;
118 va_start(args,fmt);
119 vsnprintf(buffer, sizeof(buffer), fmt,args);
120 va_end(args);
121
122 lua_pushnil(L);
123 lua_pushstring(L,buffer);
124 return 2;
2dcdf1a6 125}
126
127static int l_nonce2key(lua_State *L){
128
d730878d 129 size_t size;
130 const char *p_uid = luaL_checklstring(L, 1, &size);
131 if(size != 4) return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size);
132
133 const char *p_nt = luaL_checklstring(L, 2, &size);
134 if(size != 4) return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size);
2dcdf1a6 135
d730878d 136 const char *p_nr = luaL_checklstring(L, 3, &size);
137 if(size != 4) return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size);
2dcdf1a6 138
d730878d 139 const char *p_par_info = luaL_checklstring(L, 4, &size);
140 if(size != 8) return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size);
2dcdf1a6 141
d730878d 142 const char *p_pks_info = luaL_checklstring(L, 5, &size);
143 if(size != 8) return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size);
2dcdf1a6 144
2dcdf1a6 145
d730878d 146 uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4);
147 uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4);
2dcdf1a6 148
d730878d 149 uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4);
150 uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8);
151 uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8);
2dcdf1a6 152
d730878d 153 uint64_t key = 0;
2dcdf1a6 154
d730878d 155 int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key);
2dcdf1a6 156
d730878d 157 //Push the retval on the stack
158 lua_pushinteger(L,retval);
2dcdf1a6 159
d730878d 160 //Push the key onto the stack
161 uint8_t dest_key[8];
162 num_to_bytes(key,sizeof(dest_key),dest_key);
b9697139 163
43534cba 164 //printf("Pushing to lua stack: %012" PRIx64 "\n",key);
d730878d 165 lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key));
2dcdf1a6 166
d730878d 167 return 2; //Two return values
2dcdf1a6 168}
42daa759 169//static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));}
44fffc54 170static int l_clearCommandBuffer(lua_State *L){
d730878d 171 clearCommandBuffer();
172 return 0;
44fffc54 173}
174/**
175 * @brief l_foobar is a dummy function to test lua-integration with
176 * @param L
177 * @return
178 */
179static int l_foobar(lua_State *L)
180{
d730878d 181 //Check number of arguments
182 int n = lua_gettop(L);
183 printf("foobar called with %d arguments" , n);
184 lua_settop(L, 0);
185 printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));
186
187 // todo: this is not used, where was it intended for?
188 // UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}};
189
190 printf("Now returning a uint64_t as a string");
191 uint64_t x = 0xDEADBEEF;
192 uint8_t destination[8];
193 num_to_bytes(x,sizeof(x),destination);
194 lua_pushlstring(L,(const char *)&x,sizeof(x));
195 lua_pushlstring(L,(const char *)destination,sizeof(destination));
196
197 return 2;
44fffc54 198}
199
2dcdf1a6 200
44fffc54 201/**
202 * @brief Utility to check if a key has been pressed by the user. This method does not block.
203 * @param L
204 * @return boolean, true if kbhit, false otherwise.
205 */
206static int l_ukbhit(lua_State *L)
207{
d730878d 208 lua_pushboolean(L,ukbhit() ? true : false);
209 return 1;
44fffc54 210}
0a85b725 211/**
212 * @brief Calls the command line parser to deal with the command. This enables
213 * lua-scripts to do stuff like "core.console('hf mf mifare')"
214 * @param L
215 * @return
216 */
217static int l_CmdConsole(lua_State *L)
218{
d730878d 219 CommandReceived((char *)luaL_checkstring(L, 1));
220 return 0;
0a85b725 221}
222
77cd612f 223static int l_iso15693_crc(lua_State *L)
224{
d730878d 225 // uint16_t Iso15693Crc(uint8_t *v, int n);
226 size_t size;
227 const char *v = luaL_checklstring(L, 1, &size);
228 uint16_t retval = Iso15693Crc((uint8_t *) v, size);
229 lua_pushinteger(L, (int) retval);
230 return 1;
77cd612f 231}
5b760b6c 232
be2d41b7 233static int l_iso14443b_crc(lua_State *L)
234{
235 /* void ComputeCrc14443(int CrcType,
236 const unsigned char *Data, int Length,
237 unsigned char *TransmitFirst,
238 unsigned char *TransmitSecond)
239 */
240 unsigned char buf[USB_CMD_DATA_SIZE];
241 size_t len = 0;
242 const char *data = luaL_checklstring(L, 1, &len);
243 if (USB_CMD_DATA_SIZE < len)
244 len = USB_CMD_DATA_SIZE-2;
245
246 for (int i = 0; i < len; i += 2) {
247 sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
248 }
249 ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]);
250
251 lua_pushlstring(L, (const char *)&buf, len+2);
252 return 1;
253}
b915fda3 254/*
255 Simple AES 128 cbc hook up to OpenSSL.
256 params: key, input
257*/
1c4c0b06 258static int l_aes128decrypt_cbc(lua_State *L)
b915fda3 259{
260 //Check number of arguments
261 int i;
d730878d 262 size_t size;
263 const char *p_key = luaL_checklstring(L, 1, &size);
264 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
265
266 const char *p_encTxt = luaL_checklstring(L, 2, &size);
b915fda3 267
1f6417a9
MHS
268 unsigned char indata[16] = {0x00};
269 unsigned char outdata[16] = {0x00};
d730878d 270 unsigned char aes_key[16] = {0x00};
1f6417a9 271 unsigned char iv[16] = {0x00};
d730878d 272
273 // convert key to bytearray and convert input to bytearray
b915fda3 274 for (i = 0; i < 32; i += 2) {
275 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
d730878d 276 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
b915fda3 277 }
d730878d 278
279 aes_context ctx;
280 aes_init(&ctx);
281 aes_setkey_dec(&ctx, aes_key, 128);
282 aes_crypt_cbc(&ctx,AES_DECRYPT,sizeof(indata), iv, indata,outdata );
283 //Push decrypted array as a string
284 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
285 return 1;// return 1 to signal one return value
286}
1c4c0b06 287static int l_aes128decrypt_ecb(lua_State *L)
288{
289 //Check number of arguments
290 int i;
291 size_t size;
292 const char *p_key = luaL_checklstring(L, 1, &size);
293 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
294
295 const char *p_encTxt = luaL_checklstring(L, 2, &size);
296
297 unsigned char indata[16] = {0x00};
298 unsigned char outdata[16] = {0x00};
299 unsigned char aes_key[16] = {0x00};
300
301 // convert key to bytearray and convert input to bytearray
302 for (i = 0; i < 32; i += 2) {
303 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
304 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
305 }
306 aes_context ctx;
307 aes_init(&ctx);
308 aes_setkey_dec(&ctx, aes_key, 128);
309 aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );
310
311 //Push decrypted array as a string
312 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
313 return 1;// return 1 to signal one return value
314}
315
316static int l_aes128encrypt_cbc(lua_State *L)
d730878d 317{
318 //Check number of arguments
319 int i;
320 size_t size;
321 const char *p_key = luaL_checklstring(L, 1, &size);
322 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
323
324 const char *p_txt = luaL_checklstring(L, 2, &size);
325
326 unsigned char indata[16] = {0x00};
327 unsigned char outdata[16] = {0x00};
328 unsigned char aes_key[16] = {0x00};
329 unsigned char iv[16] = {0x00};
b915fda3 330
b915fda3 331 for (i = 0; i < 32; i += 2) {
d730878d 332 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
b915fda3 333 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
334 }
1f6417a9 335
d730878d 336 aes_context ctx;
337 aes_init(&ctx);
338 aes_setkey_enc(&ctx, aes_key, 128);
339 aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
340 //Push encrypted array as a string
b915fda3 341 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
342 return 1;// return 1 to signal one return value
343}
344
1c4c0b06 345static int l_aes128encrypt_ecb(lua_State *L)
346{
347 //Check number of arguments
348 int i;
349 size_t size;
350 const char *p_key = luaL_checklstring(L, 1, &size);
351 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
352
353 const char *p_txt = luaL_checklstring(L, 2, &size);
354
355 unsigned char indata[16] = {0x00};
356 unsigned char outdata[16] = {0x00};
357 unsigned char aes_key[16] = {0x00};
358
359 for (i = 0; i < 32; i += 2) {
360 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
361 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
362 }
363 aes_context ctx;
364 aes_init(&ctx);
365 aes_setkey_enc(&ctx, aes_key, 128);
366 aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
367 //Push encrypted array as a string
368 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
369 return 1;// return 1 to signal one return value
370}
371
b915fda3 372static int l_crc16(lua_State *L)
373{
374 size_t size;
375 const char *p_str = luaL_checklstring(L, 1, &size);
d730878d 376
b915fda3 377 uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
d730878d 378 lua_pushinteger(L, (int) retval);
379 return 1;
380}
381
382static int l_crc64(lua_State *L)
383{
384 size_t size;
385 uint64_t crc = 0;
386 unsigned char outdata[8] = {0x00};
387
388 const char *p_str = luaL_checklstring(L, 1, &size);
389
390 crc64( (uint8_t*) p_str, size, &crc);
391
392 outdata[0] = (uint8_t)(crc >> 56) & 0xff;
393 outdata[1] = (uint8_t)(crc >> 48) & 0xff;
394 outdata[2] = (uint8_t)(crc >> 40) & 0xff;
395 outdata[3] = (uint8_t)(crc >> 32) & 0xff;
396 outdata[4] = (uint8_t)(crc >> 24) & 0xff;
397 outdata[5] = (uint8_t)(crc >> 16) & 0xff;
398 outdata[6] = (uint8_t)(crc >> 8) & 0xff;
399 outdata[7] = crc & 0xff;
400 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
401 return 1;
b915fda3 402}
403
1c4c0b06 404static int l_sha1(lua_State *L)
405{
406 size_t size;
407 const char *p_str = luaL_checklstring(L, 1, &size);
408 unsigned char outdata[20] = {0x00};
409 sha1( (uint8_t*) p_str, size, outdata);
410 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
411 return 1;
412}
413
2e163546 414static int l_reveng_models(lua_State *L){
415
416 char *models[80];
417 int count = 0;
53ee28cb 418 int in_width = luaL_checkinteger(L, 1);
2e163546 419
420 if( in_width > 89 ) return returnToLuaWithError(L,"Width cannot exceed 89, got %d", in_width);
421
d2219cae 422 uint8_t width[80];
423 width[0] = (uint8_t)in_width;
424 int ans = GetModels(models, &count, width);
2e163546 425 if (!ans) return 0;
426
427 lua_newtable(L);
428
429 for (int i = 0; i < count; i++){
430 lua_pushstring(L, (const char*)models[i]);
431 lua_rawseti(L,-2,i+1);
432 free(models[i]);
433 }
434
435 return 1;
436}
437
53ee28cb 438//Called with 4 parameters.
439// inModel ,string containing the crc model name: 'CRC-8'
440// inHexStr ,string containing the hex representation of the data that will be used for CRC calculations.
441// reverse ,int 0/1 (bool) if 1, calculate the reverse CRC
442// endian ,char, 'B','b','L','l','t','r' describing if Big-Endian or Little-Endian should be used in different combinations.
443//
444// outputs: string with hex representation of the CRC result
2e163546 445static int l_reveng_RunModel(lua_State *L){
446 //-c || -v
447 //inModel = valid model name string - CRC-8
448 //inHexStr = input hex string to calculate crc on
449 //reverse = reverse calc option if true
450 //endian = {0 = calc default endian input and output, b = big endian input and output, B = big endian output, r = right justified
451 // l = little endian input and output, L = little endian output only, t = left justified}
452 //result = calculated crc hex string
453 char result[50];
454
53ee28cb 455 const char *inModel = luaL_checkstring(L, 1);
456 const char *inHexStr = luaL_checkstring(L, 2);
457 bool reverse = lua_toboolean(L, 3);
458 const char endian = luaL_checkstring(L, 4)[0];
2e163546 459
460 //PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse);
461 //int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result)
53ee28cb 462 int ans = RunModel( (char *)inModel, (char *)inHexStr, reverse, endian, result);
2e163546 463 if (!ans)
464 return returnToLuaWithError(L,"Reveng failed");
465
466 lua_pushstring(L, (const char*)result);
467 return 1;
468}
469
686f0a17 470/**
471 * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
472 * able to do "require('foobar')" if foobar.lua is within lualibs folder.
473 * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c
474 * @param L
475 * @param path
476 * @return
477 */
478int setLuaPath( lua_State* L, const char* path )
479{
d730878d 480 lua_getglobal( L, "package" );
481 lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1)
482 const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack
483 int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it
484 char * buf = malloc(requiredLength);
485 snprintf(buf, requiredLength, "%s;%s", cur_path, path);
486 lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5
487 lua_pushstring( L, buf ); // push the new one
488 lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
489 lua_pop( L, 1 ); // get rid of package table from top of stack
490 free(buf);
491 return 0; // all done!
686f0a17 492}
493
494
f057bddb 495int set_pm3_libraries(lua_State *L)
5b760b6c 496{
686f0a17 497
d730878d 498 static const luaL_Reg libs[] = {
499 {"SendCommand", l_SendCommand},
500 {"WaitForResponseTimeout", l_WaitForResponseTimeout},
501 {"nonce2key", l_nonce2key},
502 //{"PrintAndLog", l_PrintAndLog},
503 {"foobar", l_foobar},
504 {"ukbhit", l_ukbhit},
505 {"clearCommandBuffer", l_clearCommandBuffer},
506 {"console", l_CmdConsole},
507 {"iso15693_crc", l_iso15693_crc},
be2d41b7 508 {"iso14443b_crc", l_iso14443b_crc},
1c4c0b06 509 {"aes128_decrypt", l_aes128decrypt_cbc},
510 {"aes128_decrypt_ecb", l_aes128decrypt_ecb},
511 {"aes128_encrypt", l_aes128encrypt_cbc},
512 {"aes128_encrypt_ecb", l_aes128encrypt_ecb},
b915fda3 513 {"crc16", l_crc16},
d730878d 514 {"crc64", l_crc64},
1c4c0b06 515 {"sha1", l_sha1},
2e163546 516 {"reveng_models", l_reveng_models},
517 {"reveng_runmodel", l_reveng_RunModel},
d730878d 518 {NULL, NULL}
519 };
520
521 lua_pushglobaltable(L);
522 // Core library is in this table. Contains '
523 //this is 'pm3' table
524 lua_newtable(L);
525
526 //Put the function into the hash table.
527 for (int i = 0; libs[i].name; i++) {
528 lua_pushcfunction(L, libs[i].func);
529 lua_setfield(L, -2, libs[i].name);//set the name, pop stack
530 }
531 //Name of 'core'
532 lua_setfield(L, -2, "core");
533
534 //-- remove the global environment table from the stack
535 lua_pop(L, 1);
536
537 //-- Last but not least, add to the LUA_PATH (package.path in lua)
538 // so we can load libraries from the ./lualib/ - directory
4197a3f6 539 char libraries_path[strlen(get_my_executable_directory()) + strlen(LUA_LIBRARIES_DIRECTORY) + strlen(LUA_LIBRARIES_WILDCARD) + 1];
540 strcpy(libraries_path, get_my_executable_directory());
541 strcat(libraries_path, LUA_LIBRARIES_DIRECTORY);
542 strcat(libraries_path, LUA_LIBRARIES_WILDCARD);
543 setLuaPath(L, libraries_path);
d730878d 544
545 return 1;
5b760b6c 546}
Impressum, Datenschutz