X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/3bc7b13d237109c9dca948326315c1476f78c415..3fc01243b0320ef50492162d8f868981a3b07159:/client/scripts/mifare_autopwn.lua diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua index ce6db3c0..b1f3d357 100644 --- a/client/scripts/mifare_autopwn.lua +++ b/client/scripts/mifare_autopwn.lua @@ -28,6 +28,8 @@ Output files from this operation: -- Some utilities ------------------------------- local DEBUG = false +local MIFARE_AUTH_KEYA = 0x60 +local MIFARE_AUTH_KEYB = 0x61 --- -- A debug printout-function function dbg(args) @@ -66,7 +68,7 @@ end function mfcrack() core.clearCommandBuffer() -- Build the mifare-command - local cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 1} + local cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 1, arg2 = 0, arg3 = MIFARE_AUTH_KEYA} local retry = true while retry do @@ -78,12 +80,11 @@ function mfcrack() if errormessage then return nil, errormessage end -- Try again..set arg1 to 0 this time. - cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 0} + cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 0, arg2 = 0, arg3 = MIFARE_AUTH_KEYA} end return nil, "Aborted by user" end - function mfcrack_inner() while not core.ukbhit() do local result = core.WaitForResponseTimeout(cmds.CMD_ACK,1000) @@ -133,7 +134,7 @@ function mfcrack_inner() local uid,nt,pl = get(4),get(4),get(8) local ks,nr = get(8),get(4) - local status, key = core.nonce2key(uid,nt, nr, pl,ks) + local status, key = core.nonce2key(uid, nt, nr, pl, ks) if not status then return status,key end if status > 0 then @@ -187,10 +188,9 @@ end -- The main entry point function main(args) - local verbose, exit,res,uid,err,_,sak local seen_uids = {} - + local print_message = true -- Read the parameters for o, a in getopt.getopt(args, 'hd') do if o == "h" then help() return end @@ -198,6 +198,10 @@ function main(args) end while not exit do + if print_message then + print("Waiting for card or press any key to stop") + print_message = false + end res, err = wait_for_mifare() if err then return oops(err) end -- Seen already? @@ -206,7 +210,7 @@ function main(args) if not seen_uids[uid] then -- Store it seen_uids[uid] = uid - print("Card found, commencing crack", uid) + print("Card found, commencing crack on UID", uid) -- Crack it local key, cnt res,err = mfcrack() @@ -217,12 +221,13 @@ function main(args) -- two bytes, then six bytes actual key data -- We can discard first and second return values _,_,key = bin.unpack("H2H6",res) - print("Key ", key) + print("Found valid key: "..key); -- Use nested attack nested(key,sak) -- Dump info dump(uid) + print_message = true end end end