X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0dae56d81ed737be4f2fa010326cbf41ea0af228..0c8d25ebd826f709b8e6cc2c8c1f185c633e326c:/client/scripts/mifare_autopwn.lua diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua index ccb46c53..eb98ffbf 100644 --- a/client/scripts/mifare_autopwn.lua +++ b/client/scripts/mifare_autopwn.lua @@ -123,8 +123,22 @@ function mfcrack_inner() return nil, "Aborted by user" end -function nested(key) - local cmd = string.format("hf mf nested 1 0 A %s d",key) +function nested(key,sak) + local typ = 1 + if 0x18 == sak then --NXP MIFARE Classic 4k | Plus 4k + typ = 4 + elseif 0x08 == sak then -- NXP MIFARE CLASSIC 1k | Plus 2k + typ= 1 + elseif 0x09 == sak then -- NXP MIFARE Mini 0.3k + typ = 0 + elseif 0x10 == sak then-- "NXP MIFARE Plus 2k" + typ = 2 + elseif 0x01 == sak then-- "NXP MIFARE TNP3xxx 1K" + typ = 1 + else + print("I don't know how many sectors there are on this type of card, defaulting to 16") + end + local cmd = string.format("hf mf nested %d 0 A %s d",typ,key) core.console(cmd) end @@ -149,7 +163,7 @@ end function main(args) - local verbose, exit,res,uid,err,_ + local verbose, exit,res,uid,err,_,sak local seen_uids = {} -- Read the parameters @@ -163,6 +177,7 @@ function main(args) if err then return oops(err) end -- Seen already? uid = res.uid + sak = res.sak if not seen_uids[uid] then -- Store it seen_uids[uid] = uid @@ -171,11 +186,16 @@ function main(args) local key, cnt res,err = mfcrack() if not res then return oops(err) end - _,key = bin.unpack("H6",res) + -- The key is actually 8 bytes, so a + -- 6-byte key is sent as 00XXXXXX + -- This means we unpack it as first + -- two bytes, then six bytes actual key data + -- We can discard first and second return values + _,_,key = bin.unpack("H2H6",res) print("Key ", key) -- Use nested attack - nested(key) + nested(key,sak) -- Dump info dump(uid) end