From 8e0cf02308a732bf5ddf5bd9263e2895905a9d59 Mon Sep 17 00:00:00 2001 From: marshmellow42 Date: Fri, 10 Apr 2015 00:06:59 -0400 Subject: [PATCH] minor change to lf em4x menu & iceman script... ...updates --- client/cmdlfem4x.c | 4 +-- client/lualibs/default_toys.lua | 17 ++++++---- client/scripts/tnp3clone.lua | 8 +++++ client/scripts/tnp3dump.lua | 55 ++++++++++----------------------- 4 files changed, 38 insertions(+), 46 deletions(-) diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index 614624a6..c492a64d 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -604,11 +604,11 @@ static command_t CommandTable[] = { {"help", CmdHelp, 1, "This help"}, {"em410xdemod", CmdEMdemodASK, 0, "[findone] -- Extract ID from EM410x tag (option 0 for continuous loop, 1 for only 1 tag)"}, - {"em410xread", CmdEM410xRead, 1, "[clock rate] -- Extract ID from EM410x tag"}, + {"em410xread", CmdEM410xRead, 1, "[clock rate] -- Extract ID from EM410x tag in GraphBuffer"}, {"em410xsim", CmdEM410xSim, 0, " -- Simulate EM410x tag"}, {"em410xwatch", CmdEM410xWatch, 0, "['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)"}, {"em410xspoof", CmdEM410xWatchnSpoof, 0, "['h'] --- Watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)" }, - {"em410xwrite", CmdEM410xWrite, 1, " <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate"}, + {"em410xwrite", CmdEM410xWrite, 0, " <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate"}, {"em4x50read", CmdEM4x50Read, 1, "Extract data from EM4x50 tag"}, {"readword", CmdReadWord, 1, " -- Read EM4xxx word data"}, {"readwordPWD", CmdReadWordPWD, 1, " -- Read EM4xxx word data in password mode"}, diff --git a/client/lualibs/default_toys.lua b/client/lualibs/default_toys.lua index 64eed9b3..f34d510d 100644 --- a/client/lualibs/default_toys.lua +++ b/client/lualibs/default_toys.lua @@ -45,6 +45,7 @@ local _names = { --{"26", "1a00", "0030", "life", "regular", "Elite Stealth Elf"}, --{"26", "1a00", "0030", "life", "regular", "Dark Stealth Elf"}, {"27", "1b00", "0030", "life", "regular", "Stump Smash"}, +{"27", "1b00", "0118", "life", "regular", "Stump Smash"}, --{"27", "1b00", "0030", "life", "regular", "Autumn Stump Smash"}, {"28", "1c00", "0030", "magic", "regular", "Dark Spyro"}, --{"28", "1c00", "0030", "magic", "regular", "Elite Spyro"}, @@ -70,7 +71,7 @@ local _names = { --{"107", "6b00", "0030", "water", "giant", "Admiral Thumpback"}, {"108", "6c00", "0030", "magic", "giant", "Pop Fizz"}, --{"108", "6c00", "0030", "magic", "giant", "Hoppity Pop Fizz"}, ---{"108", "6c00", "0030", "magic", "giant", "Love Potion Pop Fizz"}, +{"108", "6c00", "023c", "magic", "giant", "Love Potion Pop Fizz"}, --{"108", "6c00", "0030", "magic", "giant", "Punch Pop Fizz"}, {"109", "6d00", "0030", "magic", "giant", "Nin Jini"}, {"110", "6e00", "0030", "tech", "giant", "Bouncer"}, @@ -174,8 +175,8 @@ local _names = { {"304", "3001", "0030", "none", "location", "Volcanic Vault"}, {"305", "3101", "0030", "none", "location", "Mirror Of Mystery"}, {"306", "3201", "0030", "none", "location", "Nightmare Express"}, -{"307", "3301", "0030", "none", "location", "Sunscraper Spire"}, -{"308", "3401", "0030", "none", "location", "Midnight Museum"}, +{"307", "3301", "0030", "light", "location", "Sunscraper Spire"}, +{"308", "3401", "0030", "dark", "location", "Midnight Museum"}, {"404", "9401", "0030", "earth", "legendary","Bash"}, {"416", "a001", "0030", "magic", "legendary", "Spyro"}, @@ -219,7 +220,7 @@ local _names = { {"461", "cd01", "0030", "fire", "regular", "Torch"}, {"462", "ce01", "0030", "water", "trapmaster", "Snap Shot"}, {"462", "ce01", "0234", "water", "trapmaster", "Dark Snap Shot"}, ---, "water", "trapmaster", "Instant Snap Shot"}, +{"462", "6c00", "023c", "water", "trapmaster", "Instant Snap Shot"}, --, "water", "trapmaster", "Merry Snap Shot"}, {"463", "cf01", "0030", "water", "trapmaster", "Lob Star"}, {"463", "cf01", "0234", "water", "trapmaster", "Winterfest Lob Star"}, @@ -245,6 +246,7 @@ local _names = { {"475", "db01", "0030", "life", "trapmaster", "Tuff Luck"}, --{"475", "db01", "0234", "life", "trapmaster", "Special Tuff Luck"}, {"476", "dc01", "0030", "life", "regular", "Food Fight"}, +{"476", "dc01", "0612", "life", "regular", "LightCore Food Fight"}, --{"476", "dc01", "0030", "life", "regular", "Dark Food Fight"}, --{"476", "dc01", "0030", "life", "regular", "Frosted Food Fight"}, --{"476", "dc01", "0030", "life", "regular", "Instant Food Fight"}, @@ -255,6 +257,7 @@ local _names = { --{"479", "df01", "0234", "undead", "trapmaster", "Special Short Cut"}, {"480", "e001", "0030", "undead", "regular", "Bat Spin"}, {"481", "e101", "0030", "undead", "regular", "Funny Bone"}, +{"481", "e101", "0612", "undead", "regular", "LightCore Funny Bone"}, --{"481", "e101", "0030", "undead", "regular", "Fortune Funny Bone"}, {"482", "e201", "0030", "light", "trapmaster", "Knight light"}, --{"482", "e201", "0234", "light", "trapmaster", "Special Knight light"}, @@ -292,6 +295,7 @@ local _names = { --{"3002", "ba0b", "0030", "earth", "SWAPFORCE", "Dark Slobber Tooth"}, --{"3002", "ba0b", "0030", "earth", "SWAPFORCE", "Sundae Slobber Tooth"}, {"3003", "bb0b", "0030", "earth", "SWAPFORCE", "Scorp"}, +{"3004", "bc0b", "0030", "fire", "SWAPFORCE", "Fryno"}, {"3004", "bc0b", "0138", "fire", "SWAPFORCE", "Hog Wild Fryno"}, --{"3004", "bc0b", "0138", "fire", "SWAPFORCE", "Flip flop Fryno"}, {"3005", "bd0b", "0030", "fire", "SWAPFORCE", "Smolderdash"}, @@ -314,9 +318,10 @@ local _names = { } local function find( main, sub) - + main = main:lower() + sub = sub:lower() for k, v in pairs(_names) do - if ( v[2] == main and v[3] == sub) then + if ( v[2]:lower() == main and v[3]:lower() == sub) then return v end end diff --git a/client/scripts/tnp3clone.lua b/client/scripts/tnp3clone.lua index cad1ab70..6c4a148c 100644 --- a/client/scripts/tnp3clone.lua +++ b/client/scripts/tnp3clone.lua @@ -25,6 +25,14 @@ Arguments: -h : this help -t : toytype id, 4hex symbols. -s : subtype id, 4hex symbols + + For fun, try the following subtype id: + 0612 - Lightcore + 0118 - Series 1 + 0138 - Series 2 + 0234 - Special + 023c - Special + ]] diff --git a/client/scripts/tnp3dump.lua b/client/scripts/tnp3dump.lua index f93f9728..cd547e8a 100644 --- a/client/scripts/tnp3dump.lua +++ b/client/scripts/tnp3dump.lua @@ -30,9 +30,7 @@ Arguments: -p : Use the precalc to find all keys -o : filename for the saved dumps ]] - -local HASHCONSTANT = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20' - +local RANDOM = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20' local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds local DEBUG = false -- the debug flag local numBlocks = 64 @@ -96,16 +94,6 @@ local function waitCmd() return nil, "No response from device" end -local function computeCrc16(s) - local hash = core.crc16(utils.ConvertHexToAscii(s)) - return hash -end - -local function reverseCrcBytes(crc) - crc2 = crc:sub(3,4)..crc:sub(1,2) - return tonumber(crc2,16) -end - local function main(args) print( string.rep('--',20) ) @@ -146,10 +134,6 @@ local function main(args) core.clearCommandBuffer() - if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx - -- return oops('This is not a TNP3xxx tag. aborting.') - end - -- Show tag info print((' Found tag %s'):format(result.name)) @@ -189,6 +173,8 @@ local function main(args) local block1, err = waitCmd() if err then return oops(err) end + local tmpHash = block0..block1..'%02x'..RANDOM + local key local pos = 0 local blockNo @@ -221,20 +207,16 @@ local function main(args) -- Block 0-7 not encrypted blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,blockdata) else - local base = ('%s%s%02x%s'):format(block0, block1, blockNo, HASHCONSTANT) - local baseStr = utils.ConvertHexToAscii(base) - local md5hash = md5.sumhexa(baseStr) - local aestest = core.aes(md5hash, blockdata) - - local hex = utils.ConvertAsciiToBytes(aestest) - hex = utils.ConvertBytesToHex(hex) - -- blocks with zero not encrypted. if string.find(blockdata, '^0+$') then blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,blockdata) else - blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,hex) - io.write( blockNo..',') + local baseStr = utils.ConvertHexToAscii(tmpHash:format(blockNo)) + local key = md5.sumhexa(baseStr) + local aestest = core.aes128_decrypt(key, blockdata) + local hex = utils.ConvertAsciiToBytes(aestest) + hex = utils.ConvertBytesToHex(hex) + blocks[blockNo+1] = ('%02d :: %s'):format(blockNo,hex) end end else @@ -258,11 +240,10 @@ local function main(args) emldata = emldata..slice..'\n' for c in (str):gmatch('.') do bindata[#bindata+1] = c - end + end end print( string.rep('--',20) ) - local uid = block0:sub(1,8) local toytype = block1:sub(1,4) @@ -273,26 +254,24 @@ local function main(args) -- Write dump to files if not DEBUG then - local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'_uid_'..uid..'.bin') + local foo = dumplib.SaveAsBinary(bindata, outputTemplate..'-'..uid..'.bin') print(("Wrote a BIN dump to: %s"):format(foo)) - local bar = dumplib.SaveAsText(emldata, outputTemplate..'_uid_'..uid..'.eml') + local bar = dumplib.SaveAsText(emldata, outputTemplate..'-'..uid..'.eml') print(("Wrote a EML dump to: %s"):format(bar)) end + + print( string.rep('--',20) ) + -- Show info local item = toys.Find(toytype, subtype) if item then - local itemStr = ('%s - %s (%s)'):format(item[6],item[5], item[4]) - print(' ITEM TYPE : '..itemStr ) + print((' ITEM TYPE : %s - %s (%s)'):format(item[6],item[5], item[4]) ) else print((' ITEM TYPE : 0x%s 0x%s'):format(toytype, subtype)) end - - -- Show info - print( (' Alter ego / traptype : 0x%s'):format(traptype) ) + print( (' UID : 0x%s'):format(uid) ) print( (' CARDID : 0x%s'):format(cardid ) ) - print( string.rep('--',20) ) - end main(args) \ No newline at end of file -- 2.39.5