From: martin.holst@gmail.com Date: Wed, 9 Oct 2013 19:08:17 +0000 (+0000) Subject: Fixed error with mifare_autopwn where keys were reversed, see http://www.proxmark... X-Git-Tag: v1.0.0~48 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/commitdiff_plain/b969713989de2ce3018c06fc86c4bf41a1297ddc?hp=b1231445c7e56f11d77c81c2e027e5fb85631ca0 Fixed error with mifare_autopwn where keys were reversed, see http://www.proxmark.org/forum/viewtopic.php?pid=8494#p8494 --- diff --git a/client/scripting.c b/client/scripting.c index f7c0b2a4..47f54819 100644 --- a/client/scripting.c +++ b/client/scripting.c @@ -151,7 +151,11 @@ static int l_nonce2key(lua_State *L){ //Push the retval on the stack lua_pushinteger(L,retval); //Push the key onto the stack - lua_pushlstring(L,(const char *) &key,sizeof(key)); + uint8_t dest_key[8]; + num_to_bytes(key,sizeof(dest_key),&dest_key); + + //printf("Pushing to lua stack: %012"llx"\n",key); + lua_pushlstring(L,(const char *) &dest_key,sizeof(dest_key)); return 2; //Two return values } @@ -173,9 +177,14 @@ static int l_foobar(lua_State *L) lua_settop(L, 0); printf("Arguments discarded, stack now contains %d elements", lua_gettop(L)); UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}}; - printf("Now returning a UsbCommand as a string"); - lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand)); - return 1; + printf("Now returning a uint64_t as a string"); + uint64_t x = 0xDEADBEEF; + uint8_t destination[8]; + num_to_bytes(x,sizeof(x),&destination); + lua_pushlstring(L,(const char *)&x,sizeof(x)); + lua_pushlstring(L,(const char *)&destination,sizeof(destination)); + + return 2; } diff --git a/client/scripts/mifare_autopwn.lua b/client/scripts/mifare_autopwn.lua index ccb46c53..cc9d1a32 100644 --- a/client/scripts/mifare_autopwn.lua +++ b/client/scripts/mifare_autopwn.lua @@ -171,7 +171,12 @@ function main(args) local key, cnt res,err = mfcrack() if not res then return oops(err) end - _,key = bin.unpack("H6",res) + -- The key is actually 8 bytes, so a + -- 6-byte key is sent as 00XXXXXX + -- This means we unpack it as first + -- two bytes, then six bytes actual key data + -- We can discard first and second return values + _,_,key = bin.unpack("H2H6",res) print("Key ", key) -- Use nested attack @@ -182,5 +187,6 @@ function main(args) end end +end -- Call the main main(args)