[proxmark3-svn] / client / scripts / mfkeys.lua

--[[
        This is an example of Lua-scripting within proxmark3. This is a lua-side
        implementation of hf mf chk  

        This code is licensed to you under the terms of the GNU GPL, version 2 or,
        at your option, any later version. See the LICENSE.txt file for the text of
        the license.
        
        Copyright (C) 2013 m h swende <martin at swende.se>
--]]
-- Loads the commands-library
local cmds = require('commands')
-- Load the default keys
local keys = require('mf_default_keys')
-- Ability to read what card is there
local reader = require('read14a')
-- Asks the user for input
local utils = require('utils')


local desc = ("This script implements check keys. \
It utilises a large list of default keys (currently %d keys).\
If you want to add more, just put them inside mf_default_keys.lua. "):format(#keys)

local TIMEOUT = 10000 -- 10 seconds


local function checkCommand(command)

        --print("Sending this command : " .. tostring(command))
        local usbcommand = command:getBytes()
        core.SendCommand(usbcommand)
        local result = core.WaitForResponseTimeout(cmds.CMD_ACK,TIMEOUT)
        if result then
                local count,cmd,arg0 = bin.unpack('LL',result)
                if(arg0==1) then
                        local count,arg1,arg2,data = bin.unpack('LLH511',result,count)
                        key = data:sub(1,12)
                        return key
                else
                        --print("Key not found...")
                        return nil
                end
        else
                print("Timeout while waiting for response. Increase TIMEOUT in keycheck.lua to wait longer")
                return nil, "Timeout while waiting for device to respond"
        end
end


function checkBlock(blockNo, keys, keyType)
        -- The command data is only 512 bytes, each key is 6 bytes, meaning that we can send max 85 keys in one go. 
        -- If there's more, we need to split it up
        local start, remaining= 1, #keys
        local arg1 = bit32.bor(bit32.lshift(keyType, 8), blockNo)
        local packets = {}
        while remaining > 0 do
                local n,data = remaining, nil
                if remaining > 85 then n = 85 end
                local data = table.concat(keys,"",start,n)
                --print("data",data)
                --print("data len", #data)
                print(("Testing block %d, keytype %d, with %d keys"):format(blockNo, keyType, n))
                local command = Command:new{cmd = cmds.CMD_MIFARE_CHKKEYS, 
                                                                arg1 = arg1, 
                                                                arg2 = 1, 
                                                                arg3 = n, 
                                                                data = data}
                local status = checkCommand(command)
                if status then return status, blockNo end
                start = start+n+1
                remaining = remaining - n
        end
        return nil
end

-- A function to display the results
local function displayresults(results)
        local sector, blockNo, keyA, keyB,_

        print("________________________________________")
        print("|Sector|Block|     A      |      B     |")
        print("|--------------------------------------|")

        for sector,_ in pairs(results) do
                blockNo, keyA, keyB = unpack(_)

                print(("| %3d  | %3d |%s|%s|"):format(sector, blockNo, keyA, keyB ))
        end
        print("|--------------------------------------|")

end
-- A little helper to place an item first in the list
local function placeFirst(akey, list)
        akey  = akey:lower()
        if list[1] == akey then 
                -- Already at pole position
                return list
        end
        local result = {akey}
        --print(("Putting '%s' first"):format(akey))
        for i,v in ipairs(list) do
                if v ~= akey then 
                        result[#result+1] = v
                end
        end
        return result
end
local function dumptofile(results)
        local sector, blockNo, keyA, keyB,_

        if utils.confirm("Do you wish to save the keys to dumpfile?") then 
                local destination = utils.input("Select a filename to store to", "dumpkeys.bin")
                local file = io.open(destination, "w")
                if file == nil then 
                        print("Could not write to file ", destination)
                        return
                end

                local key_a = ""
                local key_b = ""
                
                for sector,_ in pairs(results) do
                        blockNo, keyA, keyB = unpack(_)
                        key_a = key_a .. bin.pack("H",keyA);
                        key_b = key_b .. bin.pack("H",keyB);
                end
                file:write(key_a)
                file:write(key_b)
                file:close()
        end
end


local function main( args)

        print(desc);

        result, err = reader.read14443a(false, true)
        if not result then
                print(err)
                return
        end
        print(("Found a %s tag"):format(result.name))


        core.clearCommandBuffer()
        local blockNo
        local keyType = 0 -- A=0, B=1
        local numSectors = 16 

        if 0x18 == result.sak then --NXP MIFARE Classic 4k | Plus 4k
                -- IFARE Classic 4K offers 4096 bytes split into forty sectors, 
                -- of which 32 are same size as in the 1K with eight more that are quadruple size sectors. 
                numSectors = 40
        elseif 0x08 == result.sak then -- NXP MIFARE CLASSIC 1k | Plus 2k
                -- 1K offers 1024 bytes of data storage, split into 16 sector
                numSectors = 16
        elseif 0x09 == result.sak then -- NXP MIFARE Mini 0.3k
                -- MIFARE Classic mini offers 320 bytes split into five sectors.
                numSectors = 5
        elseif  0x10 == result.sak then-- "NXP MIFARE Plus 2k"
                numSectors = 32
        else
                print("I don't know how many sectors there are on this type of card, defaulting to 16")
        end

        result = {}
        for sector=1,numSectors,1 do

                --[[
                The mifare Classic 1k card has 16 sectors of 4 data blocks each. 
                The first 32 sectors of a mifare Classic 4k card consists of 4 data blocks and the remaining
                8 sectors consist of 16 data blocks. 
                --]]
                local blockNo = sector * 4 -1 
                
                if sector > 32 then
                        blockNo = 32*4+ (sector-32)*16 -1
                end

                local keyA = checkBlock(blockNo, keys, 0)
                if keyA then keys  = placeFirst(keyA, keys) end
                keyA = keyA or ""

                local keyB = checkBlock(blockNo, keys, 1)
                if keyB then keys  = placeFirst(keyB, keys) end
                keyB = keyB or ""

                result[sector] = {blockNo, keyA, keyB }

                -- Check if user aborted
                if core.ukbhit() then
                        print("Aborted by user")
                        break
                end
        end
        displayresults(result)
        dumptofile(result)
end

main( args)