//-----------------------------------------------------------------------------\r
-// Copyright (C) 2011 Merlok\r
+// Copyright (C) 2011,2012 Merlok\r
//\r
// This code is licensed to you under the terms of the GNU GPL, version 2 or,\r
// at your option, any later version. See the LICENSE.txt file for the text of\r
uint32_t nt = 0;\r
uint64_t par_list = 0, ks_list = 0, r_key = 0;\r
uint8_t isOK = 0;\r
- uint8_t keyBlock[6] = {0,0,0,0,0,0};\r
+ uint8_t keyBlock[8] = {0};\r
\r
if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, keyBlock, 8)) {\r
PrintAndLog("Nt must include 8 HEX symbols");\r
// message\r
printf("-------------------------------------------------------------------------\n");\r
printf("Executing command. It may take up to 30 min.\n");\r
- printf("Press the key on proxmark3 device to abort proxmark3.\n");\r
printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r
printf("-------------------------------------------------------------------------\n");\r
\r
else\r
{\r
PrintAndLog("Found invalid key. ( Nt=%08x ,Trying use it to run again...", nt); \r
- c.d.asDwords[0] = nt;\r
+ c.arg[0] = nt;\r
goto start;\r
}\r
\r
}\r
}\r
\r
+int CmdHF14AMfSniff(const char *Cmd){\r
+ // params\r
+ bool wantLogToFile = 0;\r
+ bool wantDecrypt = 0;\r
+ //bool wantSaveToEml = 0; TODO\r
+ bool wantSaveToEmlFile = 0;\r
+\r
+ //var \r
+ int res = 0;\r
+ int len = 0;\r
+ int blockLen = 0;\r
+ int num = 0;\r
+ int pckNum = 0;\r
+ uint8_t uid[8];\r
+ uint8_t atqa[2];\r
+ uint8_t sak;\r
+ bool isTag;\r
+ uint32_t parity;\r
+ uint8_t buf[3000];\r
+ uint8_t * bufPtr = buf;\r
+ memset(buf, 0x00, 3000);\r
+ \r
+ if (param_getchar(Cmd, 0) == 'h') {\r
+ PrintAndLog("It continuously get data from the field and saves it to: log, emulator, emulator file.");\r
+ PrintAndLog("You can specify:");\r
+ PrintAndLog(" l - save encrypted sequence to logfile `uid.log`");\r
+ PrintAndLog(" d - decrypt sequence and put it to log file `uid.log`");\r
+ PrintAndLog(" n/a e - decrypt sequence, collect read and write commands and save the result of the sequence to emulator memory");\r
+ PrintAndLog(" r - decrypt sequence, collect read and write commands and save the result of the sequence to emulator dump file `uid.eml`");\r
+ PrintAndLog("Usage: hf mf sniff [l][d][e][r]");\r
+ PrintAndLog(" sample: hf mf sniff l d e");\r
+ return 0;\r
+ } \r
+ \r
+ for (int i = 0; i < 4; i++) {\r
+ char ctmp = param_getchar(Cmd, i);\r
+ if (ctmp == 'l' || ctmp == 'L') wantLogToFile = true;\r
+ if (ctmp == 'd' || ctmp == 'D') wantDecrypt = true;\r
+ //if (ctmp == 'e' || ctmp == 'E') wantSaveToEml = true; TODO\r
+ if (ctmp == 'f' || ctmp == 'F') wantSaveToEmlFile = true;\r
+ }\r
+ \r
+ printf("-------------------------------------------------------------------------\n");\r
+ printf("Executing command. \n");\r
+ printf("Press the key on the proxmark3 device to abort both proxmark3 and client.\n");\r
+ printf("Press the key on pc keyboard to abort the client.\n");\r
+ printf("-------------------------------------------------------------------------\n");\r
+\r
+ UsbCommand c = {CMD_MIFARE_SNIFFER, {0, 0, 0}};\r
+ SendCommand(&c);\r
+\r
+ // wait cycle\r
+ while (true) {\r
+ printf(".");\r
+ fflush(stdout);\r
+ if (ukbhit()) {\r
+ getchar();\r
+ printf("\naborted via keyboard!\n");\r
+ break;\r
+ }\r
+ \r
+ UsbCommand * resp = WaitForResponseTimeout(CMD_ACK, 2000);\r
+ if (resp != NULL) {\r
+ res = resp->arg[0] & 0xff;\r
+ len = resp->arg[1];\r
+ num = resp->arg[2];\r
+ \r
+ if (res == 0) return 0;\r
+ if (res == 1) {\r
+ if (num ==0) {\r
+ bufPtr = buf;\r
+ memset(buf, 0x00, 3000);\r
+ }\r
+ memcpy(bufPtr, resp->d.asBytes, len);\r
+ bufPtr += len;\r
+ pckNum++;\r
+ }\r
+ if (res == 2) {\r
+ blockLen = bufPtr - buf;\r
+ bufPtr = buf;\r
+ printf(">\n");\r
+ PrintAndLog("received trace len: %d packages: %d", blockLen, pckNum);\r
+ num = 0;\r
+ while (bufPtr - buf + 9 < blockLen) {\r
+ isTag = bufPtr[3] & 0x80 ? true:false;\r
+ bufPtr += 4;\r
+ parity = *((uint32_t *)(bufPtr));\r
+ bufPtr += 4;\r
+ len = bufPtr[0];\r
+ bufPtr++;\r
+ if ((len == 14) && (bufPtr[0] = 0xff) && (bufPtr[1] = 0xff)) {\r
+ memcpy(uid, bufPtr + 2, 7);\r
+ memcpy(atqa, bufPtr + 2 + 7, 2);\r
+ sak = bufPtr[11];\r
+ \r
+ PrintAndLog("tag select uid:%s atqa:%02x %02x sak:0x%02x", sprint_hex(uid, 7), atqa[0], atqa[1], sak);\r
+ if (wantLogToFile) {\r
+ FillFileNameByUID(logHexFileName, uid, ".log", 7);\r
+ AddLogCurrentDT(logHexFileName);\r
+ } \r
+ if (wantDecrypt) mfTraceInit(uid, atqa, sak, wantSaveToEmlFile);\r
+ } else {\r
+ PrintAndLog("%s(%d):%s", isTag ? "TAG":"RDR", num, sprint_hex(bufPtr, len));\r
+ if (wantLogToFile) AddLogHex(logHexFileName, isTag ? "TAG: ":"RDR: ", bufPtr, len);\r
+ if (wantDecrypt) mfTraceDecode(bufPtr, len, parity, wantSaveToEmlFile);\r
+ }\r
+ bufPtr += len;\r
+ num++;\r
+ }\r
+ }\r
+ } // resp not NILL\r
+ } // while (true)\r
+ return 0;\r
+}\r
+\r
static command_t CommandTable[] =\r
{\r
{"help", CmdHelp, 1, "This help"},\r
{"chk", CmdHF14AMfChk, 0, "Test block keys"},\r
{"mifare", CmdHF14AMifare, 0, "Read parity error messages. param - <used card nonce>"},\r
{"nested", CmdHF14AMfNested, 0, "Test nested authentication"},\r
+ {"sniff", CmdHF14AMfSniff, 0, "Sniff card-reader communication"},\r
{"sim", CmdHF14AMf1kSim, 0, "Simulate MIFARE card"},\r
{"eclr", CmdHF14AMfEClear, 0, "Clear simulator memory block"},\r
{"eget", CmdHF14AMfEGet, 0, "Get simulator memory block"},\r
projects / proxmark3-svn / blobdiff