]> git.zerfleddert.de Git - proxmark3-svn/blob - client/scripts/didump.lua
CHG: all @marshmellow42 's changes to make the reveng work.
[proxmark3-svn] / client / scripts / didump.lua
1 local cmds = require('commands')
2 local getopt = require('getopt')
3 local utils = require('utils')
4 local lib14a = require('read14a')
5
6 example =[[
7 script run didump
8 script run didump -k aabbccddeeff
9 ]]
10 author = "Iceman"
11 usage = "script run didump -k <key> "
12 desc = [[
13 This is a script to dump and decrypt the data of a specific type of Mifare Mini token.
14
15 Arguments:
16 -h : this help
17 -t : selftest
18 -k <key> : Mifare Key A.
19 ]]
20
21 local band=bit32.band
22 local bor=bit32.bor
23 local bnot=bit32.bnot
24 local bxor=bit32.bxor
25 local lshift=bit32.lshift
26 local rshift=bit32.rshift
27
28 local FOO = 'AF62D2EC0491968CC52A1A7165F865FE'
29 local BAR = '286329204469736E65792032303133'
30 local RANDOM = FOO..BAR
31 local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M%S");
32 local TIMEOUT = 2000
33 local DEBUG = false
34 local numBlocks = 20
35 local numSectors = 5
36 local CHECKSUM_OFFSET = 12; -- +1???
37 ---
38 -- A debug printout-function
39 function dbg(args)
40 if DEBUG then
41 print("###", args)
42 end
43 end
44 ---
45 -- This is only meant to be used when errors occur
46 function oops(err)
47 print("ERROR: ",err)
48 core.clearCommandBuffer()
49 end
50 ---
51 -- Usage help
52 function help()
53 print(desc)
54 print("Example usage")
55 print(example)
56 end
57 ---
58 -- Get checksum,
59 -- called: data is string (32 hex digits)
60 -- returns: number
61 local function getChecksum(data)
62 local chksum = data:sub(25,32)
63 return tonumber(chksum,16)
64 end
65 ---
66 -- calculate checksum
67 -- called: data is bytes (24 hex digits)
68 -- returns: number
69 local function calculateChecksum(data)
70
71 -- Generate table
72 local _tbl = {}
73 _tbl[0] = { 0x0 }
74 _tbl[1] = { 0x77073096 }
75 _tbl[2] = { 0xEE0E612C }
76 _tbl[3] = { 0x990951BA }
77 _tbl[4] = { 0x76DC419 }
78 _tbl[5] = { 0x706AF48F }
79 _tbl[6] = { 0xE963A535 }
80 _tbl[7] = { 0x9E6495A3 }
81 _tbl[8] = { 0xEDB8832 }
82 _tbl[9] = { 0x79DCB8A4 }
83 _tbl[10] = { 0xE0D5E91E }
84 _tbl[11] = { 0x97D2D988 }
85 _tbl[12] = { 0x9B64C2B }
86 _tbl[13] = { 0x7EB17CBD }
87 _tbl[14] = { 0xE7B82D07 }
88 _tbl[15] = { 0x90BF1D91 }
89 _tbl[16] = { 0x1DB71064 }
90 _tbl[17] = { 0x6AB020F2 }
91 _tbl[18] = { 0xF3B97148 }
92 _tbl[19] = { 0x84BE41DE }
93 _tbl[20] = { 0x1ADAD47D }
94 _tbl[21] = { 0x6DDDE4EB }
95 _tbl[22] = { 0xF4D4B551 }
96 _tbl[23] = { 0x83D385C7 }
97 _tbl[24] = { 0x136C9856 }
98 _tbl[25] = { 0x646BA8C0 }
99 _tbl[26] = { 0xFD62F97A }
100 _tbl[27] = { 0x8A65C9EC }
101 _tbl[28] = { 0x14015C4F }
102 _tbl[29] = { 0x63066CD9 }
103 _tbl[30] = { 0xFA0F3D63 }
104 _tbl[31] = { 0x8D080DF5 }
105 _tbl[32] = { 0x3B6E20C8 }
106 _tbl[33] = { 0x4C69105E }
107 _tbl[34] = { 0xD56041E4 }
108 _tbl[35] = { 0xA2677172 }
109 _tbl[36] = { 0x3C03E4D1 }
110 _tbl[37] = { 0x4B04D447 }
111 _tbl[38] = { 0xD20D85FD }
112 _tbl[39] = { 0xA50AB56B }
113 _tbl[40] = { 0x35B5A8FA }
114 _tbl[41] = { 0x42B2986C }
115 _tbl[42] = { 0xDBBBC9D6 }
116 _tbl[43] = { 0xACBCF940 }
117 _tbl[44] = { 0x32D86CE3 }
118 _tbl[45] = { 0x45DF5C75 }
119 _tbl[46] = { 0xDCD60DCF }
120 _tbl[47] = { 0xABD13D59 }
121 _tbl[48] = { 0x26D930AC }
122 _tbl[49] = { 0x51DE003A }
123 _tbl[50] = { 0xC8D75180 }
124 _tbl[51] = { 0xBFD06116 }
125 _tbl[52] = { 0x21B4F4B5 }
126 _tbl[53] = { 0x56B3C423 }
127 _tbl[54] = { 0xCFBA9599 }
128 _tbl[55] = { 0xB8BDA50F }
129 _tbl[56] = { 0x2802B89E }
130 _tbl[57] = { 0x5F058808 }
131 _tbl[58] = { 0xC60CD9B2 }
132 _tbl[59] = { 0xB10BE924 }
133 _tbl[60] = { 0x2F6F7C87 }
134 _tbl[61] = { 0x58684C11 }
135 _tbl[62] = { 0xC1611DAB }
136 _tbl[63] = { 0xB6662D3D }
137 _tbl[64] = { 0x76DC4190 }
138 _tbl[65] = { 0x1DB7106 }
139 _tbl[66] = { 0x98D220BC }
140 _tbl[67] = { 0xEFD5102A }
141 _tbl[68] = { 0x71B18589 }
142 _tbl[69] = { 0x6B6B51F }
143 _tbl[70] = { 0x9FBFE4A5 }
144 _tbl[71] = { 0xE8B8D433 }
145 _tbl[72] = { 0x7807C9A2 }
146 _tbl[73] = { 0xF00F934 }
147 _tbl[74] = { 0x9609A88E }
148 _tbl[75] = { 0xE10E9818 }
149 _tbl[76] = { 0x7F6A0DBB }
150 _tbl[77] = { 0x86D3D2D }
151 _tbl[78] = { 0x91646C97 }
152 _tbl[79] = { 0xE6635C01 }
153 _tbl[80] = { 0x6B6B51F4 }
154 _tbl[81] = { 0x1C6C6162 }
155 _tbl[82] = { 0x856530D8 }
156 _tbl[83] = { 0xF262004E }
157 _tbl[84] = { 0x6C0695ED }
158 _tbl[85] = { 0x1B01A57B }
159 _tbl[86] = { 0x8208F4C1 }
160 _tbl[87] = { 0xF50FC457 }
161 _tbl[88] = { 0x65B0D9C6 }
162 _tbl[89] = { 0x12B7E950 }
163 _tbl[90] = { 0x8BBEB8EA }
164 _tbl[91] = { 0xFCB9887C }
165 _tbl[92] = { 0x62DD1DDF }
166 _tbl[93] = { 0x15DA2D49 }
167 _tbl[94] = { 0x8CD37CF3 }
168 _tbl[95] = { 0xFBD44C65 }
169 _tbl[96] = { 0x4DB26158 }
170 _tbl[97] = { 0x3AB551CE }
171 _tbl[98] = { 0xA3BC0074 }
172 _tbl[99] = { 0xD4BB30E2 }
173 _tbl[100] = { 0x4ADFA541 }
174 _tbl[101] = { 0x3DD895D7 }
175 _tbl[102] = { 0xA4D1C46D }
176 _tbl[103] = { 0xD3D6F4FB }
177 _tbl[104] = { 0x4369E96A }
178 _tbl[105] = { 0x346ED9FC }
179 _tbl[106] = { 0xAD678846 }
180 _tbl[107] = { 0xDA60B8D0 }
181 _tbl[108] = { 0x44042D73 }
182 _tbl[109] = { 0x33031DE5 }
183 _tbl[110] = { 0xAA0A4C5F }
184 _tbl[111] = { 0xDD0D7CC9 }
185 _tbl[112] = { 0x5005713C }
186 _tbl[113] = { 0x270241AA }
187 _tbl[114] = { 0xBE0B1010 }
188 _tbl[115] = { 0xC90C2086 }
189 _tbl[116] = { 0x5768B525 }
190 _tbl[117] = { 0x206F85B3 }
191 _tbl[118] = { 0xB966D409 }
192 _tbl[119] = { 0xCE61E49F }
193 _tbl[120] = { 0x5EDEF90E }
194 _tbl[121] = { 0x29D9C998 }
195 _tbl[122] = { 0xB0D09822 }
196 _tbl[123] = { 0xC7D7A8B4 }
197 _tbl[124] = { 0x59B33D17 }
198 _tbl[125] = { 0x2EB40D81 }
199 _tbl[126] = { 0xB7BD5C3B }
200 _tbl[127] = { 0xC0BA6CAD }
201 _tbl[128] = { 0xEDB88320 }
202 _tbl[129] = { 0x9ABFB3B6 }
203 _tbl[130] = { 0x3B6E20C }
204 _tbl[131] = { 0x74B1D29A }
205 _tbl[132] = { 0xEAD54739 }
206 _tbl[133] = { 0x9DD277AF }
207 _tbl[134] = { 0x4DB2615 }
208 _tbl[135] = { 0x73DC1683 }
209 _tbl[136] = { 0xE3630B12 }
210 _tbl[137] = { 0x94643B84 }
211 _tbl[138] = { 0xD6D6A3E }
212 _tbl[139] = { 0x7A6A5AA8 }
213 _tbl[140] = { 0xE40ECF0B }
214 _tbl[141] = { 0x9309FF9D }
215 _tbl[142] = { 0xA00AE27 }
216 _tbl[143] = { 0x7D079EB1 }
217 _tbl[144] = { 0xF00F9344 }
218 _tbl[145] = { 0x8708A3D2 }
219 _tbl[146] = { 0x1E01F268 }
220 _tbl[147] = { 0x6906C2FE }
221 _tbl[148] = { 0xF762575D }
222 _tbl[149] = { 0x806567CB }
223 _tbl[150] = { 0x196C3671 }
224 _tbl[151] = { 0x6E6B06E7 }
225 _tbl[152] = { 0xFED41B76 }
226 _tbl[153] = { 0x89D32BE0 }
227 _tbl[154] = { 0x10DA7A5A }
228 _tbl[155] = { 0x67DD4ACC }
229 _tbl[156] = { 0xF9B9DF6F }
230 _tbl[157] = { 0x8EBEEFF9 }
231 _tbl[158] = { 0x17B7BE43 }
232 _tbl[159] = { 0x60B08ED5 }
233 _tbl[160] = { 0xD6D6A3E8 }
234 _tbl[161] = { 0xA1D1937E }
235 _tbl[162] = { 0x38D8C2C4 }
236 _tbl[163] = { 0x4FDFF252 }
237 _tbl[164] = { 0xD1BB67F1 }
238 _tbl[165] = { 0xA6BC5767 }
239 _tbl[166] = { 0x3FB506DD }
240 _tbl[167] = { 0x48B2364B }
241 _tbl[168] = { 0xD80D2BDA }
242 _tbl[169] = { 0xAF0A1B4C }
243 _tbl[170] = { 0x36034AF6 }
244 _tbl[171] = { 0x41047A60 }
245 _tbl[172] = { 0xDF60EFC3 }
246 _tbl[173] = { 0xA867DF55 }
247 _tbl[174] = { 0x316E8EEF }
248 _tbl[175] = { 0x4669BE79 }
249 _tbl[176] = { 0xCB61B38C }
250 _tbl[177] = { 0xBC66831A }
251 _tbl[178] = { 0x256FD2A0 }
252 _tbl[179] = { 0x5268E236 }
253 _tbl[180] = { 0xCC0C7795 }
254 _tbl[181] = { 0xBB0B4703 }
255 _tbl[182] = { 0x220216B9 }
256 _tbl[183] = { 0x5505262F }
257 _tbl[184] = { 0xC5BA3BBE }
258 _tbl[185] = { 0xB2BD0B28 }
259 _tbl[186] = { 0x2BB45A92 }
260 _tbl[187] = { 0x5CB36A04 }
261 _tbl[188] = { 0xC2D7FFA7 }
262 _tbl[189] = { 0xB5D0CF31 }
263 _tbl[190] = { 0x2CD99E8B }
264 _tbl[191] = { 0x5BDEAE1D }
265 _tbl[192] = { 0x9B64C2B0 }
266 _tbl[193] = { 0xEC63F226 }
267 _tbl[194] = { 0x756AA39C }
268 _tbl[195] = { 0x26D930A }
269 _tbl[196] = { 0x9C0906A9 }
270 _tbl[197] = { 0xEB0E363F }
271 _tbl[198] = { 0x72076785 }
272 _tbl[199] = { 0x5005713 }
273 _tbl[200] = { 0x95BF4A82 }
274 _tbl[201] = { 0xE2B87A14 }
275 _tbl[202] = { 0x7BB12BAE }
276 _tbl[203] = { 0xCB61B38 }
277 _tbl[204] = { 0x92D28E9B }
278 _tbl[205] = { 0xE5D5BE0D }
279 _tbl[206] = { 0x7CDCEFB7 }
280 _tbl[207] = { 0xBDBDF21 }
281 _tbl[208] = { 0x86D3D2D4 }
282 _tbl[209] = { 0xF1D4E242 }
283 _tbl[210] = { 0x68DDB3F8 }
284 _tbl[211] = { 0x1FDA836E }
285 _tbl[212] = { 0x81BE16CD }
286 _tbl[213] = { 0xF6B9265B }
287 _tbl[214] = { 0x6FB077E1 }
288 _tbl[215] = { 0x18B74777 }
289 _tbl[216] = { 0x88085AE6 }
290 _tbl[217] = { 0xFF0F6A70 }
291 _tbl[218] = { 0x66063BCA }
292 _tbl[219] = { 0x11010B5C }
293 _tbl[220] = { 0x8F659EFF }
294 _tbl[221] = { 0xF862AE69 }
295 _tbl[222] = { 0x616BFFD3 }
296 _tbl[223] = { 0x166CCF45 }
297 _tbl[224] = { 0xA00AE278 }
298 _tbl[225] = { 0xD70DD2EE }
299 _tbl[226] = { 0x4E048354 }
300 _tbl[227] = { 0x3903B3C2 }
301 _tbl[228] = { 0xA7672661 }
302 _tbl[229] = { 0xD06016F7 }
303 _tbl[230] = { 0x4969474D }
304 _tbl[231] = { 0x3E6E77DB }
305 _tbl[232] = { 0xAED16A4A }
306 _tbl[233] = { 0xD9D65ADC }
307 _tbl[234] = { 0x40DF0B66 }
308 _tbl[235] = { 0x37D83BF0 }
309 _tbl[236] = { 0xA9BCAE53 }
310 _tbl[237] = { 0xDEBB9EC5 }
311 _tbl[238] = { 0x47B2CF7F }
312 _tbl[239] = { 0x30B5FFE9 }
313 _tbl[240] = { 0xBDBDF21C }
314 _tbl[241] = { 0xCABAC28A }
315 _tbl[242] = { 0x53B39330 }
316 _tbl[243] = { 0x24B4A3A6 }
317 _tbl[244] = { 0xBAD03605 }
318 _tbl[245] = { 0xCDD70693 }
319 _tbl[246] = { 0x54DE5729 }
320 _tbl[247] = { 0x23D967BF }
321 _tbl[248] = { 0xB3667A2E }
322 _tbl[249] = { 0xC4614AB8 }
323 _tbl[250] = { 0x5D681B02 }
324 _tbl[251] = { 0x2A6F2B94 }
325 _tbl[252] = { 0xB40BBE37 }
326 _tbl[253] = { 0xC30C8EA1 }
327 _tbl[254] = { 0x5A05DF1B }
328 _tbl[255] = { 0x2D02EF8D }
329
330
331 -- Calculate it
332 local ret = 0
333 for i,item in pairs(data) do
334 local tmp = band(ret, 0xFF)
335 local index = band( bxor(tmp, item), 0xFF)
336 ret = bxor(rshift(ret,8), _tbl[index][1])
337 end
338 return ret
339 end
340 ---
341 -- update checksum
342 -- called: data is string, ( >= 24 hex digits )
343 -- returns: string, (data concat new checksum)
344 local function updateChecksum(data)
345 local part = data:sub(1,24)
346 local chksum = calculateChecksum( utils.ConvertHexToBytes(part))
347 return string.format("%s%X", part, chksum)
348 end
349 ---
350 -- receives the answer from deviceside, used with a readblock command
351 local function waitCmd()
352 local response = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
353 if response then
354 local count,cmd,arg0 = bin.unpack('LL',response)
355 if(arg0==1) then
356 local count,arg1,arg2,data = bin.unpack('LLH511',response,count)
357 return data:sub(1,32)
358 else
359 return nil, "Couldn't read block.."
360 end
361 end
362 return nil, "No response from device"
363 end
364
365 local function selftest()
366 local testdata = '000F42430D0A14000001D11F'..'5D738517'
367 local chksum = getChecksum(testdata)
368 local calc = calculateChecksum( utils.ConvertHexToBytes(testdata:sub(1,24)))
369 local isValid = false
370 local validStr = "FAIL"
371 if calc == chksum then
372 isValid = true
373 validStr = "OK"
374 end
375 local newtestdata = updateChecksum(testdata)
376 local revalidated = "FAIL"
377 if newtestdata == testdata then
378 revalidated = "OK"
379 end
380 print ('TESTDATA :: '..testdata)
381 print ('DATA :: '..testdata:sub(1,24))
382 print (('VALID CHKSUM :: %s'):format(validStr ))
383 print (('UPDATE CHKSUM :: %s'):format(revalidated))
384 end
385 ---
386 -- The main entry point
387 -- -d decrypt
388 -- -e encrypt
389 -- -v validate
390 function main(args)
391
392 local cmd, result, err, blockNo, keyA
393 local blocks = {}
394 local magic = ''
395
396 -- Read the parameters
397 for o, a in getopt.getopt(args, 'hk:t') do
398 if o == "h" then help() return end
399 if o == "k" then keyA = a end
400 if o == "t" then return selftest() end
401 end
402
403 -- validate input args.
404 keyA = keyA or '6dd747e86975'
405 if #(keyA) ~= 12 then
406 return oops( string.format('Wrong length of write key (was %d) expected 12', #keyA))
407 end
408
409 -- Turn off Debug
410 local cmdSetDbgOff = "hf mf dbg 0"
411 core.console( cmdSetDbgOff)
412
413 -- GET TAG UID
414
415 result, err = lib14a.read1443a(false)
416 if not result then
417 return oops(err)
418 end
419 core.clearCommandBuffer()
420
421 -- Show tag info
422 print((' Found tag %s'):format(result.name))
423
424 local longrandom = RANDOM..result.uid
425 local res = utils.Sha1Hex(longrandom)
426 res = utils.ConvertBytesToHex(utils.ConvertAsciiToBytes(res:sub(1,16)))
427 magic = utils.SwapEndiannessStr(res:sub(1,8) , 32)
428 magic = magic..utils.SwapEndiannessStr( res:sub(9,16),32)
429 magic = magic..utils.SwapEndiannessStr( res:sub(17,24),32)
430 magic = magic..utils.SwapEndiannessStr( res:sub(25,32),32)
431 print('Reading card data')
432 print('Raw','Decrypted')
433 for blockNo = 0, numBlocks-1, 1 do
434
435 if core.ukbhit() then
436 print("aborted by user")
437 break
438 end
439
440 cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = blockNo ,arg2 = 0,arg3 = 0, data = keyA}
441 local err = core.SendCommand(cmd:getBytes())
442 if err then return oops(err) end
443 local blockdata, err = waitCmd()
444 if err then return oops(err) end
445
446 if blockNo%4 ~= 3 then
447
448 -- blocks with zero not encrypted.
449 if string.find(blockdata, '^0+$') then
450 print(blockdata, blockdata)
451 else
452 local aes = core.aes128_decrypt_ecb(magic, blockdata)
453 local bytes = utils.ConvertAsciiToBytes(aes)
454 local hex = utils.ConvertBytesToHex(bytes)
455 print(blockdata , hex)
456 end
457 elseif blockNo == 0 then
458 print(blockdata,blockdata)
459 else
460 -- Sectorblocks, not encrypted
461 local sectortrailer = keyA..blockdata:sub(13,20)..keyA
462 print(sectortrailer, sectortrailer, blockdata:sub(13,20))
463 end
464 end
465 end
466
467 main(args)
Impressum, Datenschutz