mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-03-07 05:26:30 +08:00
Merge pull request #1147 from tcprst/14a_cliparser
hf 14a cuids, sim - now use cliparser
This commit is contained in:
Philippe Teuwen
GitHub
commit
8084b3141f
6 changed files with 87 additions and 106 deletions
|
|
@ -99,10 +99,10 @@ local function main(args)
|
|||
local command = ''
|
||||
|
||||
if mftype == 'mfc' then
|
||||
command = 'hf 14a sim t 1 u %014x'
|
||||
command = 'hf 14a sim -t 1 -u %014x'
|
||||
msg('Bruteforcing Mifare Classic card numbers')
|
||||
elseif mftype == 'mfu' then
|
||||
command = 'hf 14a sim t 2 u %014x'
|
||||
command = 'hf 14a sim -t 2 -u %014x'
|
||||
msg('Bruteforcing Mifare Ultralight card numbers')
|
||||
else
|
||||
return print(usage)
|
||||
|
|
|
|||
|
|
@ -209,34 +209,6 @@ static int usage_hf_14a_config(void) {
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int usage_hf_14a_sim(void) {
|
||||
PrintAndLogEx(NORMAL, "\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n");
|
||||
PrintAndLogEx(NORMAL, "Usage: hf 14a sim [h] t <type> u <uid> [n <numreads>] [x] [e] [v]");
|
||||
PrintAndLogEx(NORMAL, "Options:");
|
||||
PrintAndLogEx(NORMAL, " h : This help");
|
||||
PrintAndLogEx(NORMAL, " t : 1 = MIFARE Classic 1k");
|
||||
PrintAndLogEx(NORMAL, " 2 = MIFARE Ultralight");
|
||||
PrintAndLogEx(NORMAL, " 3 = MIFARE Desfire");
|
||||
PrintAndLogEx(NORMAL, " 4 = ISO/IEC 14443-4");
|
||||
PrintAndLogEx(NORMAL, " 5 = MIFARE Tnp3xxx");
|
||||
PrintAndLogEx(NORMAL, " 6 = MIFARE Mini");
|
||||
PrintAndLogEx(NORMAL, " 7 = AMIIBO (NTAG 215), pack 0x8080");
|
||||
PrintAndLogEx(NORMAL, " 8 = MIFARE Classic 4k");
|
||||
PrintAndLogEx(NORMAL, " 9 = FM11RF005SH Shanghai Metro");
|
||||
PrintAndLogEx(NORMAL, " 10 = JCOP 31/41 Rothult");
|
||||
PrintAndLogEx(NORMAL, " u : 4, 7 or 10 byte UID");
|
||||
PrintAndLogEx(NORMAL, " n : (Optional) Exit simulation after <numreads> blocks have been read by reader. 0 = infinite");
|
||||
PrintAndLogEx(NORMAL, " x : (Optional) Performs the 'reader attack', nr/ar attack against a reader");
|
||||
PrintAndLogEx(NORMAL, " e : (Optional) Fill simulator keys from found keys");
|
||||
PrintAndLogEx(NORMAL, " v : (Optional) Verbose");
|
||||
PrintAndLogEx(NORMAL, "Examples:");
|
||||
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344 x"));
|
||||
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344"));
|
||||
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344556677"));
|
||||
PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 112233445566778899AA"));
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int CmdHF14AList(const char *Cmd) {
|
||||
char args[128] = {0};
|
||||
if (strlen(Cmd) == 0) {
|
||||
|
|
@ -595,10 +567,23 @@ static int CmdHF14AInfo(const char *Cmd) {
|
|||
|
||||
// Collect ISO14443 Type A UIDs
|
||||
static int CmdHF14ACUIDs(const char *Cmd) {
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 14a cuids",
|
||||
"Collect n>0 ISO14443-a UIDs in one go",
|
||||
"hf 14a cuids -n 5 <-- Collect 5 UIDs");
|
||||
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_int0("n", "num", "<dec>", "Number of UIDs to collect"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||
|
||||
// requested number of UIDs
|
||||
int n = atoi(Cmd);
|
||||
// collect at least 1 (e.g. if no parameter was given)
|
||||
n = n > 0 ? n : 1;
|
||||
int n = arg_get_int_def(ctx, 1, 1);
|
||||
|
||||
CLIParserFree(ctx);
|
||||
|
||||
uint64_t t1 = msclock();
|
||||
PrintAndLogEx(SUCCESS, "collecting %d UIDs", n);
|
||||
|
|
@ -633,83 +618,81 @@ static int CmdHF14ACUIDs(const char *Cmd) {
|
|||
PrintAndLogEx(SUCCESS, "end: %" PRIu64 " seconds", (msclock() - t1) / 1000);
|
||||
return 1;
|
||||
}
|
||||
|
||||
// ## simulate iso14443a tag
|
||||
int CmdHF14ASim(const char *Cmd) {
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 14a sim",
|
||||
"Simulate ISO/IEC 14443 type A tag with 4,7 or 10 byte UID",
|
||||
"hf 14a sim -t 1 --uid 11223344 -> MIFARE Classic 1k\n"
|
||||
"hf 14a sim -t 2 -> MIFARE Ultralight\n"
|
||||
"hf 14a sim -t 3 -> MIFARE Desfire\n"
|
||||
"hf 14a sim -t 4 -> ISO/IEC 14443-4\n"
|
||||
"hf 14a sim -t 5 -> MIFARE Tnp3xxx\n"
|
||||
"hf 14a sim -t 6 -> MIFARE Mini\n"
|
||||
"hf 14a sim -t 7 -> AMIIBO (NTAG 215), pack 0x8080\n"
|
||||
"hf 14a sim -t 8 -> MIFARE Classic 4k\n"
|
||||
"hf 14a sim -t 9 -> FM11RF005SH Shanghai Metro\n"
|
||||
"hf 14a sim -t 10 -> ST25TA IKEA Rothult\n");
|
||||
|
||||
int uidlen = 0;
|
||||
uint8_t flags = 0, tagtype = 1, cmdp = 0;
|
||||
uint8_t uid[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_int1("t", "type", "<1-10> ", "Simulation type to use"),
|
||||
arg_str0("u", "uid", "<hex>", "4, 7 or 10 byte UID"),
|
||||
arg_int0("n", "num", "<dec>", "Exit simulation after <numreads> blocks have been read by reader. 0 = infinite"),
|
||||
arg_lit0(NULL, "nr", "Performs the 'reader attack', nr/ar attack against a reader"),
|
||||
arg_lit0(NULL, "sk", "Fill simulator keys from found keys"),
|
||||
arg_lit0("v", "verbose", "verbose output"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||
|
||||
int tagtype = arg_get_int(ctx, 1);
|
||||
|
||||
int uid_len = 0;
|
||||
uint8_t uid[10] = {0};
|
||||
CLIGetHexWithReturn(ctx, 2, uid, &uid_len);
|
||||
|
||||
uint8_t flags = 0;
|
||||
bool useUIDfromEML = true;
|
||||
bool setEmulatorMem = false;
|
||||
bool verbose = false;
|
||||
bool errors = false;
|
||||
sector_t *k_sector = NULL;
|
||||
uint8_t k_sectorsCount = 40;
|
||||
uint8_t exitAfterNReads = 0;
|
||||
|
||||
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||
switch (tolower(param_getchar(Cmd, cmdp))) {
|
||||
case 'h':
|
||||
return usage_hf_14a_sim();
|
||||
case 't':
|
||||
// Retrieve the tag type
|
||||
tagtype = param_get8ex(Cmd, cmdp + 1, 0, 10);
|
||||
if (tagtype == 0)
|
||||
errors = true;
|
||||
cmdp += 2;
|
||||
if (uid_len > 0) {
|
||||
switch (uid_len) {
|
||||
case 10:
|
||||
flags |= FLAG_10B_UID_IN_DATA;
|
||||
break;
|
||||
case 'u':
|
||||
// Retrieve the full 4,7,10 byte long uid
|
||||
param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen);
|
||||
uidlen >>= 1;
|
||||
switch (uidlen) {
|
||||
case 10:
|
||||
flags |= FLAG_10B_UID_IN_DATA;
|
||||
break;
|
||||
case 7:
|
||||
flags |= FLAG_7B_UID_IN_DATA;
|
||||
break;
|
||||
case 4:
|
||||
flags |= FLAG_4B_UID_IN_DATA;
|
||||
break;
|
||||
default:
|
||||
errors = true;
|
||||
break;
|
||||
}
|
||||
if (!errors) {
|
||||
PrintAndLogEx(SUCCESS, "Emulating " _YELLOW_("ISO/IEC 14443 type A tag")" with " _GREEN_("%d byte UID (%s)"), uidlen, sprint_hex(uid, uidlen));
|
||||
useUIDfromEML = false;
|
||||
}
|
||||
cmdp += 2;
|
||||
case 7:
|
||||
flags |= FLAG_7B_UID_IN_DATA;
|
||||
break;
|
||||
case 'n':
|
||||
exitAfterNReads = param_get8(Cmd, cmdp + 1);
|
||||
cmdp += 2;
|
||||
break;
|
||||
case 'v':
|
||||
verbose = true;
|
||||
cmdp++;
|
||||
break;
|
||||
case 'x':
|
||||
flags |= FLAG_NR_AR_ATTACK;
|
||||
cmdp++;
|
||||
break;
|
||||
case 'e':
|
||||
setEmulatorMem = true;
|
||||
cmdp++;
|
||||
case 4:
|
||||
flags |= FLAG_4B_UID_IN_DATA;
|
||||
break;
|
||||
default:
|
||||
PrintAndLogEx(WARNING, "Unknown parameter " _RED_("'%c'"), param_getchar(Cmd, cmdp));
|
||||
errors = true;
|
||||
break;
|
||||
PrintAndLogEx(ERR, "Please specify a 4, 7, or 10 byte UID");
|
||||
CLIParserFree(ctx);
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
PrintAndLogEx(SUCCESS, "Emulating " _YELLOW_("ISO/IEC 14443 type A tag")" with " _GREEN_("%d byte UID (%s)"), uid_len, sprint_hex(uid, uid_len));
|
||||
useUIDfromEML = false;
|
||||
}
|
||||
|
||||
//Validations
|
||||
if (errors || cmdp == 0) return usage_hf_14a_sim();
|
||||
uint8_t exitAfterNReads = arg_get_int(ctx, 3);
|
||||
|
||||
if (useUIDfromEML)
|
||||
if (arg_get_lit(ctx, 4)) {
|
||||
flags |= FLAG_NR_AR_ATTACK;
|
||||
}
|
||||
|
||||
bool setEmulatorMem = arg_get_lit(ctx, 5);
|
||||
bool verbose = arg_get_lit(ctx, 6);
|
||||
|
||||
CLIParserFree(ctx);
|
||||
|
||||
sector_t *k_sector = NULL;
|
||||
uint8_t k_sectorsCount = 40;
|
||||
|
||||
if (useUIDfromEML) {
|
||||
flags |= FLAG_UID_IN_EMUL;
|
||||
}
|
||||
|
||||
struct {
|
||||
uint8_t tagtype;
|
||||
|
|
@ -721,7 +704,7 @@ int CmdHF14ASim(const char *Cmd) {
|
|||
payload.tagtype = tagtype;
|
||||
payload.flags = flags;
|
||||
payload.exitAfter = exitAfterNReads;
|
||||
memcpy(payload.uid, uid, uidlen);
|
||||
memcpy(payload.uid, uid, uid_len);
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO14443A_SIMULATE, (uint8_t *)&payload, sizeof(payload));
|
||||
|
|
@ -2327,11 +2310,11 @@ out:
|
|||
|
||||
static command_t CommandTable[] = {
|
||||
{"help", CmdHelp, AlwaysAvailable, "This help"},
|
||||
{"list", CmdHF14AList, AlwaysAvailable, "List ISO 14443-a history"},
|
||||
{"list", CmdHF14AList, AlwaysAvailable, "List ISO 14443-a history"},
|
||||
{"info", CmdHF14AInfo, IfPm3Iso14443a, "Tag information"},
|
||||
{"reader", CmdHF14AReader, IfPm3Iso14443a, "Act like an ISO14443-a reader"},
|
||||
{"cuids", CmdHF14ACUIDs, IfPm3Iso14443a, "<n> Collect n>0 ISO14443-a UIDs in one go"},
|
||||
{"sim", CmdHF14ASim, IfPm3Iso14443a, "<UID> -- Simulate ISO 14443-a tag"},
|
||||
{"cuids", CmdHF14ACUIDs, IfPm3Iso14443a, "Collect n>0 ISO14443-a UIDs in one go"},
|
||||
{"sim", CmdHF14ASim, IfPm3Iso14443a, "Simulate ISO 14443-a tag"},
|
||||
{"sniff", CmdHF14ASniff, IfPm3Iso14443a, "sniff ISO 14443-a traffic"},
|
||||
{"apdu", CmdHF14AAPDU, IfPm3Iso14443a, "Send ISO 14443-4 APDU to tag"},
|
||||
{"chaining", CmdHF14AChaining, IfPm3Iso14443a, "Control ISO 14443-4 input chaining"},
|
||||
|
|
|
|||
|
|
@ -351,7 +351,7 @@ static int cmd_hf_st_sim(const char *Cmd) {
|
|||
}
|
||||
|
||||
char param[40];
|
||||
snprintf(param, sizeof(param), "t 10 u %s", sprint_hex_inrow(uid, uidlen));
|
||||
snprintf(param, sizeof(param), "-t 10 -u %s", sprint_hex_inrow(uid, uidlen));
|
||||
return CmdHF14ASim(param);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,8 +41,6 @@ data print
|
|||
data samples
|
||||
data setdebugmode
|
||||
data tune
|
||||
hf 14a cuids
|
||||
hf 14a sim
|
||||
hf 14a config
|
||||
hf 14b sriwrite
|
||||
hf 15 dump
|
||||
|
|
|
|||
|
|
@ -134,8 +134,8 @@ Check column "offline" for their availability.
|
|||
|`hf 14a list `|Y |`List ISO 14443-a history`
|
||||
|`hf 14a info `|N |`Tag information`
|
||||
|`hf 14a reader `|N |`Act like an ISO14443-a reader`
|
||||
|`hf 14a cuids `|N |`<n> Collect n>0 ISO14443-a UIDs in one go`
|
||||
|`hf 14a sim `|N |`<UID> -- Simulate ISO 14443-a tag`
|
||||
|`hf 14a cuids `|N |`Collect n>0 ISO14443-a UIDs in one go`
|
||||
|`hf 14a sim `|N |`Simulate ISO 14443-a tag`
|
||||
|`hf 14a sniff `|N |`sniff ISO 14443-a traffic`
|
||||
|`hf 14a apdu `|N |`Send ISO 14443-4 APDU to tag`
|
||||
|`hf 14a chaining `|N |`Control ISO 14443-4 input chaining`
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
# -samy kamkar 05/28/2017
|
||||
#
|
||||
# hf mf eload u FILENAME_MINUS_EML
|
||||
# hf 14a sim t 7 u UID
|
||||
# hf 14a sim -t 7 -u UID
|
||||
|
||||
# perl -lne 'chomp; s/\s+(\S+)$//;$f=$1;if($f=~s/-(\S+)//){$g=hex($1);}else{$g=hex($f)}$f=hex($f); for$m($f..$g){print "0x" . substr(unpack("H4",pack("n",$m)),1) ." => \"$_\","}' /tmp/game >> game2
|
||||
# perl -lne 'if(/^(\S.*?)\s+\w?\w\w\w\w(\s*-\s*\w?\w\w\w\w)?\s*$/){$l=$1} s/(\w{4,5}\s*-\s*)?(\w{4,5})$//; $a=$1;$b=$2; $b=hex($b); $a=$a?hex($a):$b; for$m($a..$b){print "0x" . substr(unpack("H4",pack("n",$m)),0) ." => \"$l\","}' /tmp/g2
|
||||
|
|
@ -685,7 +685,7 @@ $uid = uc $uid;
|
|||
#print STDERR "amiitool -d -k ../client/amiitool/key_retail.bin -i $input -o $input.decrypted\n";
|
||||
$input =~ s/\....$//;
|
||||
print STDERR "hf mf eload u $input\n";
|
||||
print STDERR "hf 14a sim t 7 u $uid\n";
|
||||
print STDERR "hf 14a sim -t 7 -u $uid\n";
|
||||
|
||||
|
||||
__DATA__
|
||||
|
|
|
|||
Loading…
Reference in a new issue