]> git.zerfleddert.de Git - proxmark3-svn/blob - client/scripting.c
fixing iso14443b (issue #103):
[proxmark3-svn] / client / scripting.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2013 m h swende <martin at swende.se>
3 //
4 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
5 // at your option, any later version. See the LICENSE.txt file for the text of
6 // the license.
7 //-----------------------------------------------------------------------------
8 // Some lua scripting glue to proxmark core.
9 //-----------------------------------------------------------------------------
10
11 #include <lua.h>
12 #include <lualib.h>
13 #include <lauxlib.h>
14 #include "proxmark3.h"
15 #include "usb_cmd.h"
16 #include "cmdmain.h"
17 #include "scripting.h"
18 #include "util.h"
19 #include "nonce2key/nonce2key.h"
20 #include "../common/iso15693tools.h"
21 #include "../common/crc16.h"
22 #include "../common/crc64.h"
23 #include "../common/sha1.h"
24 #include "aes.h"
25 /**
26 * The following params expected:
27 * UsbCommand c
28 *@brief l_SendCommand
29 * @param L
30 * @return
31 */
32 static int l_SendCommand(lua_State *L){
33
34 /*
35 *
36 The SendCommand (native) expects the following structure:
37
38 typedef struct {
39 uint64_t cmd; //8 bytes
40 uint64_t arg[3]; // 8*3 bytes = 24 bytes
41 union {
42 uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR)
43 uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes
44 } d;
45 } PACKED UsbCommand;
46
47 ==> A 544 byte buffer will do.
48 **/
49 //Pop cmd
50 size_t size;
51 const char *data = luaL_checklstring(L, 1, &size);
52 if(size != sizeof(UsbCommand))
53 {
54 printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
55 lua_pushstring(L,"Wrong data size");
56 return 1;
57 }
58
59 // UsbCommand c = (*data);
60 SendCommand((UsbCommand* )data);
61 return 0; // no return values
62 }
63 /**
64 * @brief The following params expected:
65 * uint32_t cmd
66 * size_t ms_timeout
67 * @param L
68 * @return
69 */
70 static int l_WaitForResponseTimeout(lua_State *L){
71
72 uint32_t cmd = 0;
73 size_t ms_timeout = -1;
74
75 //Check number of arguments
76 int n = lua_gettop(L);
77 if(n == 0)
78 {
79 //signal error by returning Nil, errorstring
80 lua_pushnil(L);
81 lua_pushstring(L,"You need to supply at least command to wait for");
82 return 2; // two return values
83 }
84 if(n >= 1)
85 {
86 //pop cmd
87 cmd = luaL_checkunsigned(L,1);
88 }
89 if(n >= 2)
90 {
91 //Did the user send a timeout ?
92 //Check if the current top of stack is an integer
93 ms_timeout = luaL_checkunsigned(L,2);
94 //printf("Timeout set to %dms\n" , (int) ms_timeout);
95 }
96
97 UsbCommand response;
98
99 if(WaitForResponseTimeout(cmd, &response, ms_timeout))
100 {
101 //Push it as a string
102 lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand));
103
104 return 1;// return 1 to signal one return value
105 }else{
106 //Push a Nil instead
107 lua_pushnil(L);
108 return 1;// one return value
109 }
110 }
111
112 static int returnToLuaWithError(lua_State *L, const char* fmt, ...)
113 {
114 char buffer[200];
115 va_list args;
116 va_start(args,fmt);
117 vsnprintf(buffer, sizeof(buffer), fmt,args);
118 va_end(args);
119
120 lua_pushnil(L);
121 lua_pushstring(L,buffer);
122 return 2;
123 }
124
125 static int l_nonce2key(lua_State *L){
126
127 size_t size;
128 const char *p_uid = luaL_checklstring(L, 1, &size);
129 if(size != 4) return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size);
130
131 const char *p_nt = luaL_checklstring(L, 2, &size);
132 if(size != 4) return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size);
133
134 const char *p_nr = luaL_checklstring(L, 3, &size);
135 if(size != 4) return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size);
136
137 const char *p_par_info = luaL_checklstring(L, 4, &size);
138 if(size != 8) return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size);
139
140 const char *p_pks_info = luaL_checklstring(L, 5, &size);
141 if(size != 8) return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size);
142
143
144 uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4);
145 uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4);
146
147 uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4);
148 uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8);
149 uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8);
150
151 uint64_t key = 0;
152
153 int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key);
154
155 //Push the retval on the stack
156 lua_pushinteger(L,retval);
157
158 //Push the key onto the stack
159 uint8_t dest_key[8];
160 num_to_bytes(key,sizeof(dest_key),dest_key);
161
162 //printf("Pushing to lua stack: %012"llx"\n",key);
163 lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key));
164
165 return 2; //Two return values
166 }
167 //static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));}
168 static int l_clearCommandBuffer(lua_State *L){
169 clearCommandBuffer();
170 return 0;
171 }
172 /**
173 * @brief l_foobar is a dummy function to test lua-integration with
174 * @param L
175 * @return
176 */
177 static int l_foobar(lua_State *L)
178 {
179 //Check number of arguments
180 int n = lua_gettop(L);
181 printf("foobar called with %d arguments" , n);
182 lua_settop(L, 0);
183 printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));
184
185 // todo: this is not used, where was it intended for?
186 // UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}};
187
188 printf("Now returning a uint64_t as a string");
189 uint64_t x = 0xDEADBEEF;
190 uint8_t destination[8];
191 num_to_bytes(x,sizeof(x),destination);
192 lua_pushlstring(L,(const char *)&x,sizeof(x));
193 lua_pushlstring(L,(const char *)destination,sizeof(destination));
194
195 return 2;
196 }
197
198
199 /**
200 * @brief Utility to check if a key has been pressed by the user. This method does not block.
201 * @param L
202 * @return boolean, true if kbhit, false otherwise.
203 */
204 static int l_ukbhit(lua_State *L)
205 {
206 lua_pushboolean(L,ukbhit() ? true : false);
207 return 1;
208 }
209 /**
210 * @brief Calls the command line parser to deal with the command. This enables
211 * lua-scripts to do stuff like "core.console('hf mf mifare')"
212 * @param L
213 * @return
214 */
215 static int l_CmdConsole(lua_State *L)
216 {
217 CommandReceived((char *)luaL_checkstring(L, 1));
218 return 0;
219 }
220
221 static int l_iso15693_crc(lua_State *L)
222 {
223 // uint16_t Iso15693Crc(uint8_t *v, int n);
224 size_t size;
225 const char *v = luaL_checklstring(L, 1, &size);
226 uint16_t retval = Iso15693Crc((uint8_t *) v, size);
227 lua_pushinteger(L, (int) retval);
228 return 1;
229 }
230
231 /*
232 Simple AES 128 cbc hook up to OpenSSL.
233 params: key, input
234 */
235 static int l_aes128decrypt_cbc(lua_State *L)
236 {
237 //Check number of arguments
238 int i;
239 size_t size;
240 const char *p_key = luaL_checklstring(L, 1, &size);
241 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
242
243 const char *p_encTxt = luaL_checklstring(L, 2, &size);
244
245 unsigned char indata[16] = {0x00};
246 unsigned char outdata[16] = {0x00};
247 unsigned char aes_key[16] = {0x00};
248 unsigned char iv[16] = {0x00};
249
250 // convert key to bytearray and convert input to bytearray
251 for (i = 0; i < 32; i += 2) {
252 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
253 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
254 }
255
256 aes_context ctx;
257 aes_init(&ctx);
258 aes_setkey_dec(&ctx, aes_key, 128);
259 aes_crypt_cbc(&ctx,AES_DECRYPT,sizeof(indata), iv, indata,outdata );
260 //Push decrypted array as a string
261 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
262 return 1;// return 1 to signal one return value
263 }
264 static int l_aes128decrypt_ecb(lua_State *L)
265 {
266 //Check number of arguments
267 int i;
268 size_t size;
269 const char *p_key = luaL_checklstring(L, 1, &size);
270 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
271
272 const char *p_encTxt = luaL_checklstring(L, 2, &size);
273
274 unsigned char indata[16] = {0x00};
275 unsigned char outdata[16] = {0x00};
276 unsigned char aes_key[16] = {0x00};
277
278 // convert key to bytearray and convert input to bytearray
279 for (i = 0; i < 32; i += 2) {
280 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
281 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
282 }
283 aes_context ctx;
284 aes_init(&ctx);
285 aes_setkey_dec(&ctx, aes_key, 128);
286 aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );
287
288 //Push decrypted array as a string
289 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
290 return 1;// return 1 to signal one return value
291 }
292
293 static int l_aes128encrypt_cbc(lua_State *L)
294 {
295 //Check number of arguments
296 int i;
297 size_t size;
298 const char *p_key = luaL_checklstring(L, 1, &size);
299 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
300
301 const char *p_txt = luaL_checklstring(L, 2, &size);
302
303 unsigned char indata[16] = {0x00};
304 unsigned char outdata[16] = {0x00};
305 unsigned char aes_key[16] = {0x00};
306 unsigned char iv[16] = {0x00};
307
308 for (i = 0; i < 32; i += 2) {
309 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
310 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
311 }
312
313 aes_context ctx;
314 aes_init(&ctx);
315 aes_setkey_enc(&ctx, aes_key, 128);
316 aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
317 //Push encrypted array as a string
318 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
319 return 1;// return 1 to signal one return value
320 }
321
322 static int l_aes128encrypt_ecb(lua_State *L)
323 {
324 //Check number of arguments
325 int i;
326 size_t size;
327 const char *p_key = luaL_checklstring(L, 1, &size);
328 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
329
330 const char *p_txt = luaL_checklstring(L, 2, &size);
331
332 unsigned char indata[16] = {0x00};
333 unsigned char outdata[16] = {0x00};
334 unsigned char aes_key[16] = {0x00};
335
336 for (i = 0; i < 32; i += 2) {
337 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
338 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
339 }
340 aes_context ctx;
341 aes_init(&ctx);
342 aes_setkey_enc(&ctx, aes_key, 128);
343 aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
344 //Push encrypted array as a string
345 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
346 return 1;// return 1 to signal one return value
347 }
348
349 static int l_crc16(lua_State *L)
350 {
351 size_t size;
352 const char *p_str = luaL_checklstring(L, 1, &size);
353
354 uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
355 lua_pushinteger(L, (int) retval);
356 return 1;
357 }
358
359 static int l_crc64(lua_State *L)
360 {
361 size_t size;
362 uint64_t crc = 0;
363 unsigned char outdata[8] = {0x00};
364
365 const char *p_str = luaL_checklstring(L, 1, &size);
366
367 crc64( (uint8_t*) p_str, size, &crc);
368
369 outdata[0] = (uint8_t)(crc >> 56) & 0xff;
370 outdata[1] = (uint8_t)(crc >> 48) & 0xff;
371 outdata[2] = (uint8_t)(crc >> 40) & 0xff;
372 outdata[3] = (uint8_t)(crc >> 32) & 0xff;
373 outdata[4] = (uint8_t)(crc >> 24) & 0xff;
374 outdata[5] = (uint8_t)(crc >> 16) & 0xff;
375 outdata[6] = (uint8_t)(crc >> 8) & 0xff;
376 outdata[7] = crc & 0xff;
377 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
378 return 1;
379 }
380
381 static int l_sha1(lua_State *L)
382 {
383 size_t size;
384 const char *p_str = luaL_checklstring(L, 1, &size);
385 unsigned char outdata[20] = {0x00};
386 sha1( (uint8_t*) p_str, size, outdata);
387 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
388 return 1;
389 }
390
391 /**
392 * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
393 * able to do "require('foobar')" if foobar.lua is within lualibs folder.
394 * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c
395 * @param L
396 * @param path
397 * @return
398 */
399 int setLuaPath( lua_State* L, const char* path )
400 {
401 lua_getglobal( L, "package" );
402 lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1)
403 const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack
404 int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it
405 char * buf = malloc(requiredLength);
406 snprintf(buf, requiredLength, "%s;%s", cur_path, path);
407 lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5
408 lua_pushstring( L, buf ); // push the new one
409 lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
410 lua_pop( L, 1 ); // get rid of package table from top of stack
411 free(buf);
412 return 0; // all done!
413 }
414
415
416 int set_pm3_libraries(lua_State *L)
417 {
418
419 static const luaL_Reg libs[] = {
420 {"SendCommand", l_SendCommand},
421 {"WaitForResponseTimeout", l_WaitForResponseTimeout},
422 {"nonce2key", l_nonce2key},
423 //{"PrintAndLog", l_PrintAndLog},
424 {"foobar", l_foobar},
425 {"ukbhit", l_ukbhit},
426 {"clearCommandBuffer", l_clearCommandBuffer},
427 {"console", l_CmdConsole},
428 {"iso15693_crc", l_iso15693_crc},
429 {"aes128_decrypt", l_aes128decrypt_cbc},
430 {"aes128_decrypt_ecb", l_aes128decrypt_ecb},
431 {"aes128_encrypt", l_aes128encrypt_cbc},
432 {"aes128_encrypt_ecb", l_aes128encrypt_ecb},
433 {"crc16", l_crc16},
434 {"crc64", l_crc64},
435 {"sha1", l_sha1},
436 {NULL, NULL}
437 };
438
439 lua_pushglobaltable(L);
440 // Core library is in this table. Contains '
441 //this is 'pm3' table
442 lua_newtable(L);
443
444 //Put the function into the hash table.
445 for (int i = 0; libs[i].name; i++) {
446 lua_pushcfunction(L, libs[i].func);
447 lua_setfield(L, -2, libs[i].name);//set the name, pop stack
448 }
449 //Name of 'core'
450 lua_setfield(L, -2, "core");
451
452 //-- remove the global environment table from the stack
453 lua_pop(L, 1);
454
455 //-- Last but not least, add to the LUA_PATH (package.path in lua)
456 // so we can load libraries from the ./lualib/ - directory
457 setLuaPath(L,"./lualibs/?.lua");
458
459 return 1;
460 }
Impressum, Datenschutz