ADD: `analyse nuid` - generates NUID 4byte from a UID 7byte. Mifare Classic Ev1...

[proxmark3-svn] / client / scripts / mifare_autopwn.lua

diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua
index ce6db3c00767091c2ab5cd3a61e7d643bcea8d5a..eb93669c7cef8cbf55f65e6d2e0a78d4953c3cdf 100644 (file)
--- a/client/scripts/mifare_autopwn.lua
+++ b/client/scripts/mifare_autopwn.lua
@@ -4,8 +4,6 @@ local cmds = require('commands')
 
 example = "script run mifare_autopwn"
 author = "Martin Holst Swende"
-
-
 desc =
 [[
 This is a which automates cracking and dumping mifare classic cards. It sets itself into 
@@ -28,6 +26,8 @@ Output files from this operation:
 -- Some utilities 
 -------------------------------
 local DEBUG = false
+local MIFARE_AUTH_KEYA = 0x60
+local MIFARE_AUTH_KEYB = 0x61
 --- 
 -- A debug printout-function
 function dbg(args)
@@ -66,7 +66,7 @@ end
 function mfcrack()
        core.clearCommandBuffer()
        -- Build the mifare-command
-       local cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 1}
+       local cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 1, arg2 = 0, arg3 = MIFARE_AUTH_KEYA}
        
        local retry = true
        while retry do
@@ -78,12 +78,11 @@ function mfcrack()
                if errormessage then return nil, errormessage end
                -- Try again..set arg1 to 0 this time. 
 
-               cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 0}
+               cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 0, arg2 = 0, arg3 = MIFARE_AUTH_KEYA}
        end     
        return nil, "Aborted by user"
 end
 
-
 function mfcrack_inner()
        while not core.ukbhit() do              
                local result = core.WaitForResponseTimeout(cmds.CMD_ACK,1000)
@@ -133,7 +132,7 @@ function mfcrack_inner()
                        local uid,nt,pl = get(4),get(4),get(8)
                        local ks,nr = get(8),get(4)
 
-                       local status, key = core.nonce2key(uid,nt, nr, pl,ks)
+                       local status, key = core.nonce2key(uid, nt, nr, pl, ks)
                        if not status then return status,key end
 
                        if status > 0 then 
@@ -187,10 +186,9 @@ end
 -- The main entry point
 function main(args)
 
-
        local verbose, exit,res,uid,err,_,sak
        local seen_uids = {}
-
+       local print_message = true
        -- Read the parameters
        for o, a in getopt.getopt(args, 'hd') do
                if o == "h" then help() return end
@@ -198,6 +196,10 @@ function main(args)
        end
 
        while not exit do
+               if print_message then
+                       print("Waiting for card or press any key to stop")
+                       print_message = false
+               end
                res, err = wait_for_mifare()
                if err then return oops(err) end
                -- Seen already?
@@ -206,7 +208,7 @@ function main(args)
                if not seen_uids[uid] then
                        -- Store it
                        seen_uids[uid] = uid
-                       print("Card found, commencing crack", uid)
+                       print("Card found, commencing crack on UID", uid)
                        -- Crack it
                        local key, cnt
                        res,err = mfcrack()
@@ -217,12 +219,13 @@ function main(args)
                        -- two bytes, then six bytes actual key data
                        -- We can discard first and second return values
                        _,_,key = bin.unpack("H2H6",res)
-                       print("Key ", key)
+                       print("Found valid key: "..key);
 
                        -- Use nested attack
                        nested(key,sak)
                        -- Dump info
                        dump(uid)
+                       print_message = true
                end
        end
 end