added ht_reblay support python scripts (@salmg)

2024-12-28 19:31:19 +08:00 · 2021-07-07 13:39:52 +02:00 · 2021-07-07 13:39:52 +02:00 · 94236fa02c
commit 94236fa02c
parent 2c9851d751
3 changed files with 125 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...

 ## [unreleased][unreleased]
+ - Added support python scripts (@salmg)
 - Add new standalone mode `hf_reblay` -  relay 14a over bt (@salmg)
 - Added one new key from gun cloner found in wild (@scott4290)
 - Fix `hf_msdsal` standalone in simulation flow (@salmg)
--- a/tools/pm3_reblay-emulating.py
+++ b/tools/pm3_reblay-emulating.py
@ -0,0 +1,55 @@
+"""
+//-----------------------------------------------------------------------------
+// Salvador Mendoza (salmg.net), 2021
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Code to test Proxmark3 Standalone mode aka reblay by Salvador Mendoza
+//-----------------------------------------------------------------------------
+"""
+
+import serial
+from smartcard.util import toHexString, toBytes
+from smartcard.CardType import AnyCardType
+from smartcard.CardRequest import CardRequest
+
+ser = serial.Serial('/dev/rfcomm0')  # open Proxmark3 Bluetooth port
+
+def pd(data):
+        rapdu = map(ord, data)
+        return rapdu
+
+apdu = [
+        [0x6F, 0x23, 0x84, 0x0E, 0x32, 0x50, 0x41, 0x59, 0x2E, 0x53, 0x59, 0x53, 0x2E, 0x44, 0x44, 0x46, 0x30, 0x31, 0xA5, 0x11, 0xBF, 0x0C, 0x0E, 0x61, 0x0C, 0x4F, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10, 0x87, 0x01, 0x01, 0x90, 0x00],
+        [0x6F, 0x1E, 0x84, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10, 0xA5, 0x13, 0x50, 0x0B, 0x56, 0x49, 0x53, 0x41, 0x20, 0x43, 0x52, 0x45, 0x44, 0x49, 0x54, 0x9F, 0x38, 0x03, 0x9F, 0x66, 0x02, 0x90, 0x00],
+        [0x80, 0x06, 0x00, 0x80, 0x08, 0x01, 0x01, 0x00, 0x90, 0x00],
+        [0x70,0x15,0x57,0x13,0x46,0x50,0x98,0x29,0x81,0x62,0x29,0x58,0xd2,0x40,0x32,0x01,0x14,0x69,0x00,0x00,0x13,0x83,0x44,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xd0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x8f,0x90,0x00],
+        [0x6f, 0x00],
+        [0x6f, 0x00]
+]
+
+print('Testing code: bluetooth has to be connected with the right rfcomm port!')
+print('Waiting for data...')
+initd = ser.read(1)
+
+bufferlen = pd(initd)[0]
+rping = ser.read(bufferlen)
+ping = pd(rping)
+
+print('Terminal command:'),
+print(toHexString(ping))
+
+for x in apdu:
+        print('Sending cmd: '),
+        ser.write(x)
+        print(toHexString(x))
+        print('--')
+
+        lenpk = ser.read(1) #first byte is the buffer length 
+        bufferlen = pd(lenpk)[0] 
+
+        buffer = pd(ser.read(bufferlen)) 
+        print('Terminal command:'),
+        print(toHexString(buffer))
--- a/tools/pm3_reblay-reading.py
+++ b/tools/pm3_reblay-reading.py
@ -0,0 +1,69 @@
+"""
+//-----------------------------------------------------------------------------
+// Salvador Mendoza (salmg.net), 2021
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Code to test Proxmark3 Standalone mode aka reblay by Salvador Mendoza
+//-----------------------------------------------------------------------------
+"""
+
+import serial
+from smartcard.util import toHexString
+
+ser = serial.Serial('/dev/rfcomm0')  # open Proxmark3 Bluetooth port
+
+def pd(data):
+        rapdu = map(ord, data)
+        return rapdu
+
+apdu = [
+        [0x00, 0xA4, 0x04, 0x00, 0x0e, 0x32, 0x50, 0x41, 0x59, 0x2e, 0x53, 0x59, 0x53, 0x2e, 0x44, 0x44, 0x46, 0x30, 0x31, 0x00], # PPSE
+        [0x00, 0xA4, 0x04, 0x00, 0x07, 0xa0, 0x00, 0x00, 0x00, 0x03, 0x10, 0x10, 0x00], # Visa card
+        [0x80, 0xA8, 0x00, 0x00, 0x02, 0x83, 0x00, 0x00], # GET PROCESSING
+        [0x00, 0xb2, 0x01, 0x0c, 0x00] # SFI
+]
+
+print('Testing code: bluetooth has to be connected with the right rfcomm port!')
+print('Waiting for data...')
+initd = ser.read(1)
+
+bufferlen = pd(initd)[0]
+rping = ser.read(bufferlen)
+
+ping = pd(rping)
+if (len(ping) == 7):
+        print('UID:'),
+        print(toHexString(ping[:4]))
+        print('ATQA:'),
+        print(toHexString(ping[4:-1]))
+        print('SAK:'),
+        print(toHexString(ping[-1:]))
+elif (len(ping) == 10):
+        print('UID:'),
+        print(toHexString(ping[:7]))
+        print('ATQA:'),
+        print(toHexString(ping[7:-1]))
+        print('SAK:'),
+        print(toHexString(ping[-1:]))
+else:
+        print('got ping, no sure what it means: '),
+        print(ping)
+
+for x in apdu:
+        print('Sending cmd: '),
+        ser.write(x)
+        print(toHexString(x))
+
+        lenpk = ser.read(1) #first byte is the buffer length 
+        bufferlen = pd(lenpk)[0] 
+
+        buffer = pd(ser.read(bufferlen)) 
+        print('Card Response:'),
+        print(toHexString(buffer))
+        print('--')
+
+ser.write(b'1') #tell Proxmark3 that we finish the communication
+ser.close()