chg: added the possibility to read tag.uid

2025-03-23 05:27:40 +08:00 · 2017-08-15 21:23:55 +02:00 · 2017-08-15 21:23:55 +02:00 · 926277507a
commit 926277507a
parent b3d0bf697a
3 changed files with 155 additions and 93 deletions
--- a/client/scripts/calc_di.lua
+++ b/client/scripts/calc_di.lua
@ -3,22 +3,21 @@ local getopt = require('getopt')
 local lib14a = require('read14a')
 local utils =  require('utils')

-copyright = 'Copyright (c) 2017 IceSQL AB. All rights reserved.'
+copyright = ''
 author = "Iceman"
 version = 'v1.0.0'
-desc = [[ This script calculates mifare keys based on uid diversification for DI. 
+desc = [[
+This script calculates mifare keys based on uid diversification for DI. 
 Algo not found by me.
 ]]
-example =
-[[
-	-- if called without, it reads tag uid
+example = [[
+	 -- if called without, it reads tag uid
 	 script run calc_di
 	 
 	 -- 
 	 script run calc_di -u 11223344556677
 ]]
-usage =
-[[
+usage = [[
 script run calc_di -h -u <uid>

 Arguments:
@ -29,7 +28,7 @@ Arguments:
 local DEBUG = true
 local BAR = '286329204469736E65792032303133'
 local MIS = '0A14FD0507FF4BCD026BA83F0A3B89A9'
-local bxor=bit32.bxor
+local bxor = bit32.bxor
 --- 
 -- A debug printout-function
 local function dbg(args)
@ -52,7 +51,7 @@ local function oops(err)
 end
 --- 
 -- Usage help
-function help()
+local function help()
 	print(copyright)
 	print(version)	
 	print(desc)
@ -61,7 +60,7 @@ function help()
 end
 --
 -- Exit message
-function exitMsg(msg)
+local function exitMsg(msg)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	print(msg)
@ -105,7 +104,7 @@ local function main(args)
 	print( string.rep('==', 30) )
 	print()
 			
-	local i, uid, key
+	local uid
 	local useUID = false
 	
 	-- Arguments for the script
@ -119,10 +118,9 @@ local function main(args)
 		if uid == nil then return oops('empty uid string') end
 		if #uid == 0 then return oops('empty uid string') end
 		if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
-		key = keygen(uid)
 	else
 		-- GET TAG UID	
-		tag, err = lib14a.read1443a(false)
+		local tag, err = lib14a.read1443a(false)
 		if not tag then return oops(err) end
 		core.clearCommandBuffer()

@ -134,8 +132,9 @@ local function main(args)
 		end		
 		uid = tag.uid
 	end
-
-	print('|UID|', uid)
+	
+	print('|UID|', uid)	
+	local key = keygen(uid)
 	printKeys(key)
 end

--- a/client/scripts/calc_ev1_it.lua
+++ b/client/scripts/calc_ev1_it.lua
@ -1,23 +1,35 @@
 local bin = require('bin')
 local getopt = require('getopt')
+local lib14a = require('read14a')
 local utils =  require('utils')

-local bxor=bit32.bxor
-
+copyright = ''
+author = "Iceman"
+version = 'v1.0.0'
+desc = [[
+This script calculates mifare Ultralight-EV1 pwd based on uid diversification for an Italian ticketsystem
+Algo not found by me.
+]]
 example =[[
+     -- if called without, it reads tag uid
 	 script run calc_ev1_it
+	 
+	 --
 	 script run calc_ev1_it -u 11223344556677
 ]]
-author = "Iceman"
-usage = "script run calc_ev1_it -u <uid> "
-desc =[[
+usage = [[
+script run calc_ev1_it -h -u <uid> "
+
 Arguments:
 	-h             : this help
 	-u <UID>       : UID
 ]]
+
+local DEBUG = true
+local bxor = bit32.bxor
 --- 
 -- A debug printout-function
-function dbg(args)
+local function dbg(args)
    if type(args) == "table" then
 		local i = 1
 		while args[i] do
@ -30,13 +42,15 @@ function dbg(args)
 end	
 --- 
 -- This is only meant to be used when errors occur
-function oops(err)
+local function oops(err)
 	print("ERROR: ",err)
 	return nil,err
 end
 --- 
 -- Usage help
-function help()
+local function help()
+	print(copyright)
+	print(version)	
 	print(desc)
 	print("Example usage")
 	print(example)
@ -103,45 +117,59 @@ local function findEntryByUid( uid )
 	end
 	return nil
 end
+---
+-- create pwd
+local function pwdgen(uid)
+	--  PWD CALC	
+	--	PWD0  =  T0 xor B xor C xor D
+	--	PWD1  =  T1 xor A xor C xor E 
+	--	PWD2  =  T2 xor A xor B xor F 
+	--	PWD3  =  T3 xor G 
+	local uidbytes = utils.ConvertHexToBytes(uid)
+    local entry = findEntryByUid(uidbytes)
+	if entry == nil then return nil, "Can't find a xor entry" end

+    local pwd0 = bxor( bxor( bxor( entry[1], uidbytes[2]), uidbytes[3]), uidbytes[4])
+	local pwd1 = bxor( bxor( bxor( entry[2], uidbytes[1]), uidbytes[3]), uidbytes[5])
+	local pwd2 = bxor( bxor( bxor( entry[3], uidbytes[1]), uidbytes[2]), uidbytes[6])
+	local pwd3 = bxor( entry[4], uidbytes[7])
+	return string.format('%02X%02X%02X%02X', pwd0, pwd1, pwd2, pwd3)
+end
+--
+-- main
 local function main(args)

 	print( string.rep('--',20) )
 	print( string.rep('--',20) )	
 	print()
 			
-	local i,j, pwd
 	local uid = '04111211121110'
+	local useUID = false
 	
 	-- Arguments for the script
 	for o, a in getopt.getopt(args, 'hu:') do
 		if o == "h" then return help() end		
-		if o == "u" then uid = a end		
+		if o == "u" then uid = a; useUID = true end		
 	end

-	-- uid string checks
-	if uid == nil then return oops('empty uid string') end
-	if #uid == 0 then return oops('empty uid string') end
-	if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
-
-	local uidbytes = utils.ConvertHexToBytes(uid)
-
-    local entry = findEntryByUid(uidbytes)
-	if entry == nil then return oops("Can't find a xor entry") end
-
-	--  PWD CALC	
-	--	PWD0  =  T0 xor B xor C xor D
-	--	PWD1  =  T1 xor A xor C xor E 
-	--	PWD2  =  T2 xor A xor B xor F 
-	--	PWD3  =  T3 xor G 
-  
-    local pwd0 = bxor( bxor( bxor( entry[1], uidbytes[2]), uidbytes[3]), uidbytes[4])
-	local pwd1 = bxor( bxor( bxor( entry[2], uidbytes[1]), uidbytes[3]), uidbytes[5])
-	local pwd2 = bxor( bxor( bxor( entry[3], uidbytes[1]), uidbytes[2]), uidbytes[6])
-	local pwd3 = bxor( entry[4], uidbytes[7])
+	if useUID then
+		-- uid string checks
+		if uid == nil then return oops('empty uid string') end
+		if #uid == 0 then return oops('empty uid string') end
+		if #uid ~= 14 then return oops('uid wrong length. Should be 7 hex bytes') end
+	else
+		-- GET TAG UID	
+		local tag, err = lib14a.read1443a(false)
+		if not tag then return oops(err) end
+		core.clearCommandBuffer()
+		uid = tag.uid	
+	end
 	
 	print('UID | '..uid)
-	print(string.format('PWD | %02X%02X%02X%02X', pwd0, pwd1, pwd2, pwd3))
+	local pwd, err = pwdgen(uid)
+	if not pwd then return ooops(err) end
+	
+	print(string.format('PWD | %s', pwd))
 end

 main(args)
--- a/client/scripts/calc_mizip.lua
+++ b/client/scripts/calc_mizip.lua
@ -1,25 +1,41 @@
 local bin = require('bin')
 local getopt = require('getopt')
+local lib14a = require('read14a')
 local utils =  require('utils')

-local bxor=bit32.bxor
-
-example =[[
-	 script run calc_mizip
-	 script run calc_mizip -u 11223344
-]]
-author = "Iceman"
-usage = "script run calc_mizip -u <uid>"
-desc =[[
+author = 'Iceman'
+version = 'v1.0.0'
+desc = [[
 This script calculates mifare keys based on uid diversification for mizip. 
 Algo not found by me.
+]]
+example = [[
+	 -- if called without, it reads tag uid
+	 script run calc_mizip
+	 
+	 --
+	 script run calc_mizip -u 11223344
+]]
+usage = [[
+script run calc_mizip -h -u <uid>
+
 Arguments:
 	-h             : this help
 	-u <UID>       : UID
 ]]
+local DEBUG = true
+local bxor = bit32.bxor
+local _xortable = {
+    --[[ sector key A/B, 6byte xor
+    --]]
+	{"001","09125a2589e5","F12C8453D821"},
+	{"002","AB75C937922F","73E799FE3241"},
+	{"003","E27241AF2C09","AA4D137656AE"},
+	{"004","317AB72F4490","B01327272DFD"},
+}
 --- 
 -- A debug printout-function
-function dbg(args)
+local function dbg(args)
    if type(args) == "table" then
 		local i = 1
 		while args[i] do
@ -32,40 +48,34 @@ function dbg(args)
 end	
 --- 
 -- This is only meant to be used when errors occur
-function oops(err)
+local function oops(err)
 	print("ERROR: ",err)
 	return nil,err
 end
 --- 
 -- Usage help
-function help()
+local function help()
+	print(copyright)
+	print(version)	
 	print(desc)
 	print("Example usage")
 	print(example)
 end
 --
 -- Exit message
-function exitMsg(msg)
+local function exitMsg(msg)
 	print( string.rep('--',20) )
 	print( string.rep('--',20) )
 	print(msg)
 	print()
 end
-
-local _xortable = {
-    --[[ sector key A/B, 6byte xor
-    --]]
-	{"001","09125a2589e5","F12C8453D821"},
-	{"002","AB75C937922F","73E799FE3241"},
-	{"003","E27241AF2C09","AA4D137656AE"},
-	{"004","317AB72F4490","B01327272DFD"},
-}
-local function printRow(sector, keyA, keyB)
-	print('|'..sector..'|  '..keyA..'  |  '..keyB..'  |' )
-end
+---
+-- key bytes to string
 local function keyStr(p1, p2, p3, p4, p5, p6)
 	return string.format('%02X%02X%02X%02X%02X%02X',p1, p2, p3, p4, p5, p6)
 end
+---
+-- create key
 local function calckey(uid, xorkey, keytype)
 	local p1,p2,p3,p4,p5,p6
 	if keytype == 'A' then 
@ -85,33 +95,20 @@ local function calckey(uid, xorkey, keytype)
 	end
 	return keyStr(p1,p2,p3,p4,p5,p6)
 end 
-local function main(args)
-
-	print( string.rep('==', 30) )
-	print()
-			
-	local i,j, pwd
-	local uid = '11223344'
-	
-	-- Arguments for the script
-	for o, a in getopt.getopt(args, 'hu:') do
-		if o == "h" then return help() end		
-		if o == "u" then uid = a end		
-	end
-
-	-- uid string checks
-	if uid == nil then return oops('empty uid string') end
-	if #uid == 0 then return oops('empty uid string') end
-	if #uid ~= 8 then return oops('uid wrong length. Should be 4 hex bytes') end
-
-	local uidbytes = utils.ConvertHexToBytes(uid)
-
-	print('|UID|', uid)
+---
+-- print one row with keys
+local function printRow(sector, keyA, keyB)
+	print('|'..sector..'|  '..keyA..'  |  '..keyB..'  |' )
+end
+---
+-- print keys
+local function printKeys(uid)
 	print('|---|----------------|----------------|')
 	print('|sec|key A           |key B           |')
 	print('|---|----------------|----------------|')
 	printRow('000', keyStr(0xA0,0xA1,0xA2,0xA3,0xA4,0xA5), keyStr(0xB4,0xC1,0x32,0x43,0x9e,0xef) )

+	local uidbytes = utils.ConvertHexToBytes(uid)
    for k, v in pairs(_xortable) do
 		local keyA = calckey(uidbytes, utils.ConvertHexToBytes(v[2]), 'A')
 		local keyB = calckey(uidbytes, utils.ConvertHexToBytes(v[3]), 'B')
@ -119,5 +116,43 @@ local function main(args)
 	end
 	print('|---|----------------|----------------|')	
 end
+---
+-- main
+local function main(args)
+
+	print( string.rep('==', 30) )
+	print()
+			
+	local uid = '11223344'
+	local useUID = false
+	
+	-- Arguments for the script
+	for o, a in getopt.getopt(args, 'hu:') do
+		if o == "h" then return help() end		
+		if o == "u" then uid = a ; useUID = true end		
+	end
+
+	if useUID then
+		-- uid string checks
+		if uid == nil then return oops('empty uid string') end
+		if #uid == 0 then return oops('empty uid string') end
+		if #uid ~= 8 then return oops('uid wrong length. Should be 4 hex bytes') end
+	else
+		-- GET TAG UID	
+		local tag, err = lib14a.read1443a(false)
+		if not tag then return oops(err) end
+		core.clearCommandBuffer()
+
+		-- simple tag check
+		if 0x09 ~= tag.sak then
+			if 0x4400 ~= tag.atqa then 
+				return oops(('[fail] found tag %s :: looking for Mifare Mini 0.3k'):format(tag.name)) 
+			end
+		end		
+		uid = tag.uid
+	end	
+	print('|UID|', uid)
+	printKeys(uid)
+end

 main(args)