return outResults\r
end,\r
\r
- ------------ CRC-16 ccitt checksums\r
\r
+ ------------ CRC-16 ccitt checksums\r
-- Takes a hex string and calculates a crc16\r
Crc16 = function(s)\r
if s == nil then return nil end\r
end\r
return nil\r
end,\r
-\r
+ \r
+ ------------ CRC-64 ecma checksums\r
+ -- Takes a hex string and calculates a crc64 ecma\r
+ Crc64 = function(s)\r
+ if s == nil then return nil end\r
+ if #s == 0 then return nil end\r
+ if type(s) == 'string' then\r
+ local utils = require('utils')\r
+ local asc = utils.ConvertHexToAscii(s)\r
+ local hash = core.crc64(asc)\r
+ return hash\r
+ end\r
+ return nil\r
+ end,\r
+ \r
+ \r
-- input parameter is a string\r
-- Swaps the endianess and returns a number, \r
-- IE: 'cd7a' -> '7acd' -> 0x7acd\r
end\r
return t\r
end,\r
- ConvertAsciiToBytes = function(s)\r
- local t={}\r
+ ConvertAsciiToBytes = function(s, reverse)\r
+ local t = {}\r
if s == nil then return t end\r
if #s == 0 then return t end\r
\r
for k in s:gmatch"(.)" do\r
table.insert(t, string.byte(k))\r
end\r
- return t\r
+ \r
+ if not reverse then\r
+ return t\r
+ end\r
+ \r
+ local rev = {}\r
+ if reverse then\r
+ for i = #t, 1,-1 do\r
+ table.insert(rev, t[i] )\r
+ end\r
+ end\r
+ return rev\r
end,\r
+ \r
ConvertHexToAscii = function(s)\r
local t={}\r
if s == nil then return t end\r
local dumplib = require('html_dumplib')
local toyNames = require('default_toys')
+
example =[[
- 1. script run tnp3dump
- 2. script run tnp3dump -n
- 3. script run tnp3dump -k aabbccddeeff
- 4. script run tnp3dump -k aabbccddeeff -n
- 5. script run tnp3dump -o myfile
- 6. script run tnp3dump -n -o myfile
- 7. script run tnp3dump -k aabbccddeeff -n -o myfile
+ script run tnp3dump
+ script run tnp3dump -n
+ script run tnp3dump -p
+ script run tnp3dump -k aabbccddeeff
+ script run tnp3dump -k aabbccddeeff -n
+ script run tnp3dump -o myfile
+ script run tnp3dump -n -o myfile
+ script run tnp3dump -p -o myfile
+ script run tnp3dump -k aabbccddeeff -n -o myfile
]]
author = "Iceman"
-usage = "script run tnp3dump -k <key> -n -o <filename>"
+usage = "script run tnp3dump -k <key> -n -p -o <filename>"
desc =[[
This script will try to dump the contents of a Mifare TNP3xxx card.
It will need a valid KeyA in order to find the other keys and decode the card.
-h : this help
-k <key> : Sector 0 Key A.
-n : Use the nested cmd to find all keys
+ -p : Use the precalc to find all keys
-o : filename for the saved dumps
]]
local cmd
local err
local useNested = false
+ local usePreCalc = false
local cmdReadBlockString = 'hf mf rdbl %d A %s'
local input = "dumpkeys.bin"
local outputTemplate = os.date("toydump_%Y-%m-%d_%H%M%S");
-- Arguments for the script
- for o, a in getopt.getopt(args, 'hk:no:') do
+ for o, a in getopt.getopt(args, 'hk:npo:') do
if o == "h" then return help() end
if o == "k" then keyA = a end
if o == "n" then useNested = true end
+ if o == "p" then usePreCalc = true end
if o == "o" then outputTemplate = a end
end
end
-- Show tag info
- print((' Found tag : %s'):format(result.name))
- print(('Using keyA : %s'):format(keyA))
+ print((' Found tag %s'):format(result.name))
+
+ dbg(('Using keyA : %s'):format(keyA))
--Trying to find the other keys
if useNested then
core.console( ('hf mf nested 1 0 A %s d'):format(keyA) )
end
-
+
core.clearCommandBuffer()
- -- Loading keyfile
- print('Loading dumpkeys.bin')
- local hex, err = utils.ReadDumpFile(input)
- if not hex then
- return oops(err)
+ local akeys = ''
+ if usePreCalc then
+ local pre = require('precalc')
+ akeys = pre.GetAll(result.uid)
+ else
+ print('Loading dumpkeys.bin')
+ local hex, err = utils.ReadDumpFile(input)
+ if not hex then
+ return oops(err)
+ end
+ akeys = hex:sub(0,12*16)
end
-
- local akeys = hex:sub(0,12*16)
-
+
-- Read block 0
cmd = Command:new{cmd = cmds.CMD_MIFARE_READBL, arg1 = 0,arg2 = 0,arg3 = 0, data = keyA}
err = core.SendCommand(cmd:getBytes())
core.clearCommandBuffer()
-- main loop
- io.write('Decrypting blocks > ')
+ io.write('Reading blocks > ')
for blockNo = 0, numBlocks-1, 1 do
if core.ukbhit() then
end
end
-
local uid = block0:sub(1,8)
local itemtype = block1:sub(1,4)
+ local cardidLsw = block1:sub(9,16)
+ local cardidMsw = block1:sub(16,24)
local cardid = block1:sub(9,24)
local traptype = block1:sub(25,28)
-- Write dump to files
if not DEBUG then
local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'_uid_'..uid..'.bin')
- print(("Wrote a BIN dump to the file %s"):format(foo))
+ print(("Wrote a BIN dump to: %s"):format(foo))
local bar = dumplib.SaveAsText(emldata, outputTemplate..'_uid_'..uid..'.eml')
- print(("Wrote a EML dump to the file %s"):format(bar))
+ print(("Wrote a EML dump to: %s"):format(bar))
end
+ local itemtypename = toyNames[itemtype]
+ if itemtypename == nil then
+ itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)]
+ end
-- Show info
print( string.rep('--',20) )
- print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
+ print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) )
print( (' Alter ego / traptype : 0x%s'):format(traptype) )
print( (' UID : 0x%s'):format(uid) )
print( (' CARDID : 0x%s'):format(cardid ) )
]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
-local DEBUG = true -- the debug flag
+local DEBUG = false -- the debug flag
+
+
+local band = bit32.band
+local bor = bit32.bor
+local lshift = bit32.lshift
+local rshift = bit32.rshift
+local byte = string.byte
+local char = string.char
+local sub = string.sub
+local format = string.format
+
---
-- A debug printout-function
function dbg(args)
print()
end
-
local function writedumpfile(infile)
t = infile:read("*all")
len = string.len(t)
io.write( ('TYPE 3 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk))
end
-
local function LoadEmulator(blocks)
local HASHCONSTANT = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20'
local cmd
io.write('\n')
end
+local function Num2Card(m, l)
+
+ local k = {
+ 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,0x42, 0x43, 0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B,
+ 0x4C, 0x4D, 0x4E, 0x50, 0x51, 0x52, 0x53, 0x54,0x56, 0x57, 0x58, 0x59, 0x5A, 0x00
+ }
+ local msw = tonumber(utils.SwapEndiannessStr(m,32),16)
+ local lsw = tonumber(utils.SwapEndiannessStr(l,32),16)
+
+ if msw > 0x17ea1 then
+ return "too big"
+ end
+
+ if msw == 0x17ea1 and lsw > 0x8931fee8 then
+ return "out of range"
+ end
+
+ local s = ""
+ local index
+ for i = 1,10 do
+ index, msw, lsw = DivideByK( msw, lsw)
+ if ( index <= 1 ) then
+ s = char(k[index]) .. s
+ else
+ s = char(k[index-1]) .. s
+ end
+ print (index-1, msw, lsw)
+ end
+ return s
+end
+--33LRT-LM9Q9
+--7, 122, 3474858630
+--20, 4, 1008436634
+--7, 0, 627182959
+--17, 0, 21626998
+--16, 0, 745758
+--23, 0, 25715
+--21, 0, 886
+--16, 0, 30
+--1, 0, 1
+--1, 0, 0
+
+function DivideByK(msw, lsw)
+
+ local lowLSW
+ local highLSW
+ local remainder = 0
+ local RADIX = 29
+
+ --local num = 0 | band( rshift(msw,16), 0xffff)
+ local num = band( rshift(msw, 16), 0xffff)
+
+ --highLSW = 0 | lshift( (num / RADIX) , 16)
+ highLSW = lshift( (num / RADIX) , 16)
+ remainder = num % RADIX
+
+ num = bor( lshift(remainder,16), band(msw, 0xffff))
+
+ --highLSW |= num / RADIX
+ highLSW = highLSW or (num / RADIX)
+ remainder = num % RADIX
+
+ num = bor( lshift(remainder,16), ( band(rshift(lsw,16), 0xffff)))
+
+ --lowLSW = 0 | (num / RADIX) << 16
+ lowLSW = 0 or (lshift( (num / RADIX), 16))
+ remainder = num % RADIX
+
+ num = bor( lshift(remainder,16) , band(lsw, 0xffff) )
+
+ lowLSW = bor(lowLSW, (num / RADIX))
+ remainder = num % RADIX
+ return remainder, highLSW, lowLSW
+
+ uint num = 0 | (msw >> 16) & 0xffff;
+
+ highLSW = 0 | (num / RADIX) << 16;
+ remainder = num % RADIX;
+
+ num = (remainder << 16) | (msw & 0xffff);
+
+ highLSW |= num / RADIX;
+ remainder = num % RADIX;
+
+ num = (remainder << 16) | ((lsw >> 16) & 0xffff);
+
+ lowLSW = 0 | (num / RADIX) << 16;
+ remainder = num % RADIX;
+
+ num = (remainder << 16) | (lsw & 0xffff);
+
+ lowLSW |= num / RADIX;
+ remainder = num % RADIX;
+
+end
+
local function main(args)
print( string.rep('--',20) )
print(' Gathering info')
local uid = blocks[0]:sub(1,8)
local itemtype = blocks[1]:sub(1,4)
- local cardid = blocks[1]:sub(9,24)
+ local cardidLsw = blocks[1]:sub(9,16)
+ local cardidMsw = blocks[1]:sub(17,24)
+ local itemtypename = toyNames[itemtype]
+ if itemtypename == nil then
+ itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)]
+ end
+
-- Show info
print( string.rep('--',20) )
- print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, toyNames[itemtype]) )
+ print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) )
print( (' UID : 0x%s'):format(uid) )
- print( (' CARDID : 0x%s'):format(cardid ) )
+ print( (' CARDID : 0x%s %s [%s]'):format(
+ cardidMsw,cardidLsw,
+ Num2Card(cardidMsw, cardidLsw))
+ )
print( string.rep('--',20) )
+
-- lets do something.
--
local experience = blocks[8]:sub(1,6)
projects / proxmark3-svn / commitdiff