X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/0dae56d81ed737be4f2fa010326cbf41ea0af228..4df54240c1350a946b86983eb6785af03046b5bd:/client/scripts/mifare_autopwn.lua

diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua
index ccb46c53..eb98ffbf 100644
--- a/client/scripts/mifare_autopwn.lua
+++ b/client/scripts/mifare_autopwn.lua
@@ -123,8 +123,22 @@ function mfcrack_inner()
 	return nil, "Aborted by user"
 end
 
-function nested(key)
-	local cmd = string.format("hf mf nested 1 0 A %s d",key)
+function nested(key,sak)
+	local typ = 1
+	if 0x18 == sak then --NXP MIFARE Classic 4k | Plus 4k
+		typ = 4
+	elseif 0x08 == sak then -- NXP MIFARE CLASSIC 1k | Plus 2k
+		typ= 1
+	elseif 0x09 == sak then -- NXP MIFARE Mini 0.3k
+		typ = 0
+	elseif  0x10 == sak then-- "NXP MIFARE Plus 2k"
+		typ = 2
+	elseif  0x01 == sak then-- "NXP MIFARE TNP3xxx 1K"
+		typ = 1
+	else
+		print("I don't know how many sectors there are on this type of card, defaulting to 16")
+	end
+	local cmd = string.format("hf mf nested %d 0 A %s d",typ,key)
 	core.console(cmd)
 end
 
@@ -149,7 +163,7 @@ end
 function main(args)
 
 
-	local verbose, exit,res,uid,err,_
+	local verbose, exit,res,uid,err,_,sak
 	local seen_uids = {}
 
 	-- Read the parameters
@@ -163,6 +177,7 @@ function main(args)
 		if err then return oops(err) end
 		-- Seen already?
 		uid = res.uid
+		sak = res.sak
 		if not seen_uids[uid] then
 			-- Store it
 			seen_uids[uid] = uid
@@ -171,11 +186,16 @@ function main(args)
 			local key, cnt
 			res,err = mfcrack()
 			if not res then return oops(err) end
-			_,key = bin.unpack("H6",res)
+			-- The key is actually 8 bytes, so a 
+			-- 6-byte key is sent as 00XXXXXX
+			-- This means we unpack it as first
+			-- two bytes, then six bytes actual key data
+			-- We can discard first and second return values
+			_,_,key = bin.unpack("H2H6",res)
 			print("Key ", key)
 
 			-- Use nested attack
-			nested(key)
+			nested(key,sak)
 			-- Dump info
 			dump(uid)
 		end