X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/3bc7b13d237109c9dca948326315c1476f78c415..7cc8fee9860fde8e5b6ed58bfd185c8177f2a0f8:/client/scripts/mifare_autopwn.lua

diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua
index ce6db3c0..b1f3d357 100644
--- a/client/scripts/mifare_autopwn.lua
+++ b/client/scripts/mifare_autopwn.lua
@@ -28,6 +28,8 @@ Output files from this operation:
 -- Some utilities 
 -------------------------------
 local DEBUG = false
+local MIFARE_AUTH_KEYA = 0x60
+local MIFARE_AUTH_KEYB = 0x61
 --- 
 -- A debug printout-function
 function dbg(args)
@@ -66,7 +68,7 @@ end
 function mfcrack()
 	core.clearCommandBuffer()
 	-- Build the mifare-command
-	local cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 1}
+	local cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 1, arg2 = 0, arg3 = MIFARE_AUTH_KEYA}
 	
 	local retry = true
 	while retry do
@@ -78,12 +80,11 @@ function mfcrack()
 		if errormessage then return nil, errormessage end
 		-- Try again..set arg1 to 0 this time. 
 
-		cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 0}
+		cmd = Command:new{cmd = cmds.CMD_READER_MIFARE, arg1 = 0, arg2 = 0, arg3 = MIFARE_AUTH_KEYA}
 	end	
 	return nil, "Aborted by user"
 end
 
-
 function mfcrack_inner()
 	while not core.ukbhit() do		
 		local result = core.WaitForResponseTimeout(cmds.CMD_ACK,1000)
@@ -133,7 +134,7 @@ function mfcrack_inner()
 			local uid,nt,pl = get(4),get(4),get(8)
 			local ks,nr = get(8),get(4)
 
-			local status, key = core.nonce2key(uid,nt, nr, pl,ks)
+			local status, key = core.nonce2key(uid, nt, nr, pl, ks)
 			if not status then return status,key end
 
 			if status > 0 then 
@@ -187,10 +188,9 @@ end
 -- The main entry point
 function main(args)
 
-
 	local verbose, exit,res,uid,err,_,sak
 	local seen_uids = {}
-
+	local print_message = true
 	-- Read the parameters
 	for o, a in getopt.getopt(args, 'hd') do
 		if o == "h" then help() return end
@@ -198,6 +198,10 @@ function main(args)
 	end
 
 	while not exit do
+		if print_message then
+			print("Waiting for card or press any key to stop")
+			print_message = false
+		end
 		res, err = wait_for_mifare()
 		if err then return oops(err) end
 		-- Seen already?
@@ -206,7 +210,7 @@ function main(args)
 		if not seen_uids[uid] then
 			-- Store it
 			seen_uids[uid] = uid
-			print("Card found, commencing crack", uid)
+			print("Card found, commencing crack on UID", uid)
 			-- Crack it
 			local key, cnt
 			res,err = mfcrack()
@@ -217,12 +221,13 @@ function main(args)
 			-- two bytes, then six bytes actual key data
 			-- We can discard first and second return values
 			_,_,key = bin.unpack("H2H6",res)
-			print("Key ", key)
+			print("Found valid key: "..key);
 
 			-- Use nested attack
 			nested(key,sak)
 			-- Dump info
 			dump(uid)
+			print_message = true
 		end
 	end
 end