ADD: added the possibility to load a default pwd file to be used with the "lf t55xx...

      new option:
      lf t55xx brutefore i default_pwd.dic    -  will load default pwds from file and test against tag.

diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index ae380b3c348ce87e174d7d498ad829041863321b..5b5be6f2066f2d7a6c5d12286b5a5bcf3c39e14d 100644 (file)
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -792,7 +792,6 @@ int CmdHF14AMfNested(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfNestedHard(const char *Cmd)\r
 {\r
        uint8_t blockNo = 0;\r
@@ -889,7 +888,6 @@ int CmdHF14AMfNestedHard(const char *Cmd)
        return 0;\r
 }\r
 \r
-\r
 int CmdHF14AMfChk(const char *Cmd)\r
 {\r
        if (strlen(Cmd)<3) {\r

diff --git a/client/cmdlft55xx.c b/client/cmdlft55xx.c
index 43a760958410ce51a23648af4da4496bdb4c912b..ba82087af0fa8a775b00f0a9e4c4703a1b476ef0 100644 (file)
--- a/client/cmdlft55xx.c
+++ b/client/cmdlft55xx.c
@@ -150,10 +150,15 @@ int usage_t55xx_wakup(){
        return 0;\r
 }\r
 int usage_t55xx_bruteforce(){\r
-    PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password>");\r
+    PrintAndLog("Usage: lf t55xx bruteforce <start password> <end password> [i <*.dic>]");\r
     PrintAndLog("       password must be 4 bytes (8 hex symbols)");\r
+       PrintAndLog("Options:");\r
+       PrintAndLog("     h                     - this help");\r
+    PrintAndLog("     i <*.dic>        - loads a default keys dictionary file <*.dic>");\r
+    PrintAndLog("");\r
     PrintAndLog("Examples:");\r
     PrintAndLog("       lf t55xx bruteforce aaaaaaaa bbbbbbbb");\r
+       PrintAndLog("       lf t55xx bruteforce i mykeys.dic");\r
     PrintAndLog("");\r
     return 0;\r
 }\r
@@ -1316,13 +1321,91 @@ int CmdT55xxWipe(const char *Cmd) {
 }\r
 \r
 int CmdT55xxBruteForce(const char *Cmd) {\r
+       \r
+       // load a default pwd file.\r
+       char buf[9];\r
+       char filename[FILE_PATH_SIZE]={0};\r
+       int     keycnt = 0;\r
+       uint8_t stKeyBlock = 20;\r
+       uint8_t *keyBlock = NULL, *p;\r
+       keyBlock = calloc(stKeyBlock, 6);\r
+       if (keyBlock == NULL) return 1;\r
+       \r
     uint32_t start_password = 0x00000000; //start password\r
     uint32_t end_password   = 0xFFFFFFFF; //end   password\r
-\r
     bool found = false;\r
+\r
     char cmdp = param_getchar(Cmd, 0);\r
     if (cmdp == 'h' || cmdp == 'H') return usage_t55xx_bruteforce();\r
 \r
+       if (cmdp == 'i' || cmdp == 'I') {\r
+       \r
+               int len = strlen(Cmd+2);\r
+               if (len > FILE_PATH_SIZE) len = FILE_PATH_SIZE;\r
+               memcpy(filename, Cmd+2, len);\r
+       \r
+               FILE * f = fopen( filename , "r");\r
+               \r
+               if ( !f ) {\r
+                       PrintAndLog("File: %s: not found or locked.", filename);\r
+                       free(keyBlock);\r
+                       return 1;\r
+               }                       \r
+                       \r
+               while( fgets(buf, sizeof(buf), f) ){\r
+                       if (strlen(buf) < 8 || buf[7] == '\n') continue;\r
+               \r
+                       while (fgetc(f) != '\n' && !feof(f)) ;  //goto next line\r
+                       \r
+                       //The line start with # is comment, skip\r
+                       if( buf[0]=='#' ) continue;\r
+\r
+                       if (!isxdigit(buf[0])){\r
+                               PrintAndLog("File content error. '%s' must include 8 HEX symbols", buf);\r
+                               continue;\r
+                       }\r
+                       \r
+                       buf[8] = 0;\r
+\r
+                       if ( stKeyBlock - keycnt < 2) {\r
+                               p = realloc(keyBlock, 6*(stKeyBlock+=10));\r
+                               if (!p) {\r
+                                       PrintAndLog("Cannot allocate memory for defaultKeys");\r
+                                       free(keyBlock);\r
+                                       return 2;\r
+                               }\r
+                               keyBlock = p;\r
+                       }\r
+                       memset(keyBlock + 4 * keycnt, 0, 4);\r
+                       num_to_bytes(strtoll(buf, NULL, 16), 4, keyBlock + 4*keycnt);\r
+                       PrintAndLog("chk custom pwd[%2d] %08X", keycnt, bytes_to_num(keyBlock + 4*keycnt, 4));\r
+                       keycnt++;\r
+                       memset(buf, 0, sizeof(buf));\r
+               }               \r
+               fclose(f);\r
+               \r
+               if (keycnt == 0) {\r
+                       PrintAndLog("No keys found in file");\r
+                       return 1;\r
+               }\r
+               \r
+               // loop\r
+               uint32_t testpwd = 0x00;\r
+               for (uint16_t c = 0; c < keycnt; ++c ) {\r
+       \r
+                       testpwd = bytes_to_num(keyBlock + 4*keycnt, 4);\r
+                       \r
+                       AquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, TRUE, testpwd);\r
+                       found = tryDetectModulation();\r
+               \r
+                       if ( found ) {\r
+                               PrintAndLog("Found valid password:[%08X]", testpwd);\r
+                               return 0;\r
+                       } \r
+               }\r
+       }\r
+       \r
+       \r
     start_password = param_get32ex(Cmd, 0, 0, 16);\r
        end_password = param_get32ex(Cmd, 1, 0, 16);\r
        \r
@@ -1348,7 +1431,7 @@ int CmdT55xxBruteForce(const char *Cmd) {
     PrintAndLog("");\r
        \r
     if (found)\r
-               PrintAndLog("Password found [%08x]", i);\r
+               PrintAndLog("Found valid password: [%08x]", i);\r
     else\r
                PrintAndLog("Password NOT found. Last tried: [%08x]", i);\r
     return 0;\r

diff --git a/client/default_pwd.dic b/client/default_pwd.dic
new file mode 100644 (file)
index 0000000..1ec49d4
--- /dev/null
+++ b/client/default_pwd.dic
@@ -0,0 +1,73 @@
+# known cloners
+# ref. http://www.proxmark.org/forum/viewtopic.php?id=2022
+51243648,
+000D8787,
+# Default pwd, simple:
+00000000,
+11111111,
+22222222,
+33333333,
+44444444,
+55555555,
+66666666,
+77777777,
+88888888,
+99999999,
+AAAAAAAA,
+BBBBBBBB,
+CCCCCCCC,
+DDDDDDDD,
+EEEEEEEE,
+FFFFFFFF,
+a0a1a2a3,
+b0b1b2b3,
+aabbccdd,
+bbccddee,
+ccddeeff,
+00000001,
+00000002,
+0000000a,
+0000000b,
+01020304,
+02030405,
+03040506,
+04050607,
+05060708,
+06070809,
+0708090A,
+08090A0B,
+090A0B0C,
+0A0B0C0D,
+0B0C0D0E,
+0C0D0E0F,
+01234567,
+12345678,
+10000000,
+20000000,
+30000000,
+40000000,
+50000000,
+60000000,
+70000000,
+80000000,
+90000000,
+A0000000,
+B0000000,
+C0000000,
+D0000000,
+E0000000,
+F0000000,
+10101010,
+01010101,
+11223344,
+22334455,
+33445566,
+44556677,
+55667788,
+66778899,
+778899AA,
+8899AABB,
+99AABBCC,
+AABBCCDD,
+BBCCDDEE,
+CCDDEEFF,
\ No newline at end of file