proxmark3/client/luascripts/calc_di.lua

179 lines
4.2 KiB
Lua
Raw Normal View History

2017-08-15 21:11:57 +08:00
local bin = require('bin')
local getopt = require('getopt')
local lib14a = require('read14a')
local utils = require('utils')
copyright = ''
2017-08-15 21:11:57 +08:00
author = "Iceman"
version = 'v1.0.0'
desc = [[
2019-03-09 17:34:43 +08:00
This script calculates mifare keys based on uid diversification for DI.
2017-08-15 21:11:57 +08:00
Algo not found by me.
]]
example = [[
2019-03-09 17:34:43 +08:00
-- if called without, it reads tag uid
script run calc_di
--
script run calc_di -u 11223344556677
2017-08-15 21:11:57 +08:00
]]
usage = [[
2017-08-15 21:11:57 +08:00
script run calc_di -h -u <uid>
Arguments:
2019-03-09 17:34:43 +08:00
-h : this help
-u <UID> : UID
2017-08-15 21:11:57 +08:00
]]
local DEBUG = true
local BAR = '286329204469736E65792032303133'
local MIS = '0A14FD0507FF4BCD026BA83F0A3B89A9'
local bxor = bit32.bxor
2019-03-09 17:34:43 +08:00
---
2017-08-15 21:11:57 +08:00
-- A debug printout-function
local function dbg(args)
if not DEBUG then return end
2019-05-08 04:08:46 +08:00
if type(args) == 'table' then
2019-03-09 17:34:43 +08:00
local i = 1
while args[i] do
dbg(args[i])
i = i+1
end
else
2019-05-08 04:08:46 +08:00
print('###', args)
2019-03-09 17:34:43 +08:00
end
end
---
2017-08-15 21:11:57 +08:00
-- This is only meant to be used when errors occur
local function oops(err)
2019-05-08 04:08:46 +08:00
print('ERROR: ', err)
core.clearCommandBuffer()
return nil, err
2017-08-15 21:11:57 +08:00
end
2019-03-09 17:34:43 +08:00
---
2017-08-15 21:11:57 +08:00
-- Usage help
local function help()
2019-03-09 17:34:43 +08:00
print(copyright)
print(author)
print(version)
print(desc)
print('Example usage')
print(example)
2019-05-08 04:08:46 +08:00
print(usage)
2017-08-15 21:11:57 +08:00
end
---
2017-08-15 21:11:57 +08:00
-- Exit message
local function exitMsg(msg)
2019-03-09 17:34:43 +08:00
print( string.rep('--',20) )
print( string.rep('--',20) )
print(msg)
print()
2017-08-15 21:11:57 +08:00
end
---
-- dumps all keys to file
local function dumptofile(keys)
2019-03-09 17:34:43 +08:00
dbg('dumping keys to file')
2019-03-09 17:34:43 +08:00
if utils.confirm('Do you wish to save the keys to dumpfile?') then
local destination = utils.input('Select a filename to store to', 'dumpkeys.bin')
local file = io.open(destination, 'wb')
if file == nil then
print('Could not write to file ', destination)
return
end
2017-08-15 21:11:57 +08:00
2019-03-09 17:34:43 +08:00
-- Mifare Mini has 5 sectors,
local key_a = ''
local key_b = ''
for sector = 0, #keys do
local keyA, keyB = unpack(keys[sector])
key_a = key_a .. bin.pack('H', keyA);
key_b = key_b .. bin.pack('H', keyB);
end
file:write(key_a)
file:write(key_b)
file:close()
end
end
---
2017-08-15 21:11:57 +08:00
-- create key
local function keygen(uid)
2019-03-09 17:34:43 +08:00
local data = MIS..uid..BAR
local hash = utils.ConvertAsciiToBytes(utils.Sha1Hex(data))
return string.format("%02X%02X%02X%02X%02X%02X",
hash[3+1],
hash[2+1],
hash[1+1],
hash[0+1],
hash[7+1],
hash[6+1]
)
2017-08-15 21:11:57 +08:00
end
---
-- print keys
local function printKeys(keys)
2019-03-09 17:34:43 +08:00
print('|---|----------------|---|----------------|---|')
print('|sec|key A |res|key B |res|')
print('|---|----------------|---|----------------|---|')
for sector = 0, #keys do
local keyA, keyB = unpack(keys[sector])
print(('|%03d| %s | %s | %s | %s |'):format(sector, keyA, 1, keyB, 1))
end
print('|---|----------------|---|----------------|---|')
2017-08-15 21:11:57 +08:00
end
---
-- createfull set of keys
local function createKeys(uid)
2019-03-09 17:34:43 +08:00
local key = keygen(uid)
local k = {}
for i = 0,4 do
k[i] = { key, key }
end
return k
2017-08-15 21:11:57 +08:00
end
---
-- main
local function main(args)
2019-03-09 17:34:43 +08:00
print( string.rep('==', 30) )
print()
local uid
local useUID = false
-- Arguments for the script
for o, a in getopt.getopt(args, 'hu:') do
2019-05-08 04:08:46 +08:00
if o == 'h' then return help() end
if o == 'u' then uid = a; useUID = true end
2019-03-09 17:34:43 +08:00
end
if useUID then
-- uid string checks if supplied
if uid == nil then return oops('empty uid string') end
if #uid == 0 then return oops('empty uid string') end
if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
else
-- GET TAG UID
local tag, err = lib14a.read(false, true)
if not tag then return oops(err) end
core.clearCommandBuffer()
-- simple tag check
if 0x09 ~= tag.sak then
if 0x4400 ~= tag.atqa then
2019-05-08 04:08:46 +08:00
return oops(('[!] found tag %s :: looking for Mifare Mini 0.3k'):format(tag.name))
2019-03-09 17:34:43 +08:00
end
end
uid = tag.uid
end
2017-08-15 21:11:57 +08:00
2019-03-09 17:34:43 +08:00
print('|UID|', uid)
2017-08-15 21:11:57 +08:00
2019-03-09 17:34:43 +08:00
local keys, err = createKeys( uid )
printKeys( keys )
dumptofile( keys )
2017-08-15 21:11:57 +08:00
end
2019-03-12 07:12:26 +08:00
main(args)