mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-20 15:26:13 +08:00
chg: 'lf hid brute' - now uses UP/DOWN to specify direction only, more verbose and actually exits when done.
This commit is contained in:
parent
a46227d96e
commit
c30bb354ac
|
@ -83,16 +83,18 @@ static int usage_lf_hid_brute(void) {
|
||||||
PrintAndLogEx(NORMAL, "This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
|
PrintAndLogEx(NORMAL, "This is a attack against reader. if cardnumber is given, it starts with it and goes up / down one step");
|
||||||
PrintAndLogEx(NORMAL, "if cardnumber is not given, it starts with 1 and goes up to 65535");
|
PrintAndLogEx(NORMAL, "if cardnumber is not given, it starts with 1 and goes up to 65535");
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(NORMAL, "Usage: lf hid brute [h] [v] w <format> [<field> (decimal)>] {...}");
|
PrintAndLogEx(NORMAL, "Usage: lf hid brute [h] [v] w <format> [<field> (decimal)>] [up|down] {...}");
|
||||||
PrintAndLogEx(NORMAL, "Options:");
|
PrintAndLogEx(NORMAL, "Options:");
|
||||||
PrintAndLogEx(NORMAL, " h : This help");
|
PrintAndLogEx(NORMAL, " h : This help");
|
||||||
PrintAndLogEx(NORMAL, " w <format> : see `wiegand list` for available formats");
|
PrintAndLogEx(NORMAL, " w <format> : see " _YELLOW_("`wiegand list`") "for available formats");
|
||||||
PrintAndLogEx(NORMAL, " f <facility-code> : facility code");
|
PrintAndLogEx(NORMAL, " f <facility-code> : facility code");
|
||||||
PrintAndLogEx(NORMAL, " c <cardnumber> : card number to start with");
|
PrintAndLogEx(NORMAL, " c <cardnumber> : card number to start with");
|
||||||
PrintAndLogEx(NORMAL, " i <issuelevel> : issue level");
|
PrintAndLogEx(NORMAL, " i <issuelevel> : issue level");
|
||||||
PrintAndLogEx(NORMAL, " o <oem> : OEM code");
|
PrintAndLogEx(NORMAL, " o <oem> : OEM code");
|
||||||
PrintAndLogEx(NORMAL, " d <delay> : delay betweens attempts in ms. Default 1000ms");
|
PrintAndLogEx(NORMAL, " d <delay> : delay betweens attempts in ms. Default 1000ms");
|
||||||
PrintAndLogEx(NORMAL, " v : verbose logging, show all tries");
|
PrintAndLogEx(NORMAL, " v : verbose logging, show all tries");
|
||||||
|
PrintAndLogEx(NORMAL, " up : direction to increment card number. (default is both directions)");
|
||||||
|
PrintAndLogEx(NORMAL, " down : direction to decrement card number. (default is both directions)");
|
||||||
PrintAndLogEx(NORMAL, "");
|
PrintAndLogEx(NORMAL, "");
|
||||||
PrintAndLogEx(NORMAL, "Examples:");
|
PrintAndLogEx(NORMAL, "Examples:");
|
||||||
PrintAndLogEx(NORMAL, " lf hid brute w H10301 f 224");
|
PrintAndLogEx(NORMAL, " lf hid brute w H10301 f 224");
|
||||||
|
@ -368,13 +370,28 @@ static int CmdHIDBrute(const char *Cmd) {
|
||||||
uint32_t delay = 1000;
|
uint32_t delay = 1000;
|
||||||
uint8_t cmdp = 0;
|
uint8_t cmdp = 0;
|
||||||
int format_idx = -1;
|
int format_idx = -1;
|
||||||
|
int direction = 0;
|
||||||
char format[16] = {0};
|
char format[16] = {0};
|
||||||
wiegand_card_t datahi;
|
|
||||||
memset(&datahi, 0, sizeof(wiegand_card_t));
|
wiegand_card_t cn_hi, cn_low;
|
||||||
wiegand_card_t datalo;
|
memset(&cn_hi, 0, sizeof(wiegand_card_t));
|
||||||
memset(&datalo, 0, sizeof(wiegand_card_t));
|
|
||||||
|
|
||||||
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
while (param_getchar(Cmd, cmdp) != 0x00 && !errors) {
|
||||||
|
|
||||||
|
char s[10] = {0};
|
||||||
|
if (param_getstr(Cmd, cmdp, s, sizeof(s)) > 0) {
|
||||||
|
if (strlen(s) > 1) {
|
||||||
|
str_lower((char *)s);
|
||||||
|
if (str_startswith(s, "up")) {
|
||||||
|
direction = 1;
|
||||||
|
} else if (str_startswith(s, "do")) {
|
||||||
|
direction = 2;
|
||||||
|
}
|
||||||
|
cmdp++;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
switch (tolower(param_getchar(Cmd, cmdp))) {
|
switch (tolower(param_getchar(Cmd, cmdp))) {
|
||||||
case 'h':
|
case 'h':
|
||||||
return usage_lf_hid_brute();
|
return usage_lf_hid_brute();
|
||||||
|
@ -388,8 +405,7 @@ static int CmdHIDBrute(const char *Cmd) {
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
case 'c':
|
case 'c':
|
||||||
datahi.CardNumber = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
cn_hi.CardNumber = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
||||||
datalo.CardNumber = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
case 'd':
|
case 'd':
|
||||||
|
@ -398,18 +414,15 @@ static int CmdHIDBrute(const char *Cmd) {
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
case 'f':
|
case 'f':
|
||||||
datahi.FacilityCode = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
cn_hi.FacilityCode = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
||||||
datalo.FacilityCode = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
case 'i':
|
case 'i':
|
||||||
datahi.IssueLevel = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
cn_hi.IssueLevel = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
||||||
datalo.IssueLevel = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
case 'o':
|
case 'o':
|
||||||
datahi.OEM = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
cn_hi.OEM = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
||||||
datalo.OEM = param_get32ex(Cmd, cmdp + 1, 0, 10);
|
|
||||||
cmdp += 2;
|
cmdp += 2;
|
||||||
break;
|
break;
|
||||||
case 'v':
|
case 'v':
|
||||||
|
@ -422,13 +435,45 @@ static int CmdHIDBrute(const char *Cmd) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (format_idx == -1) {
|
||||||
|
PrintAndLogEx(ERR, "You must select a wiegand format. See " _YELLOW_("`wiegand list`") "for available formats\n");
|
||||||
|
errors = true;
|
||||||
|
}
|
||||||
|
|
||||||
if (errors) return usage_lf_hid_brute();
|
if (errors) return usage_lf_hid_brute();
|
||||||
|
|
||||||
|
if (verbose) {
|
||||||
|
PrintAndLogEx(INFO, "Wiegand format#.. %i", format_idx);
|
||||||
|
PrintAndLogEx(INFO, "OEM#............. %u", cn_hi.OEM);
|
||||||
|
PrintAndLogEx(INFO, "ISSUE#........... %u", cn_hi.IssueLevel);
|
||||||
|
PrintAndLogEx(INFO, "Facility#........ %u", cn_hi.FacilityCode);
|
||||||
|
PrintAndLogEx(INFO, "Card#............ %u", cn_hi.CardNumber);
|
||||||
|
switch( direction) {
|
||||||
|
case 0:
|
||||||
|
PrintAndLogEx(INFO, "Brute-forcing direction: " _YELLOW_("BOTH"));
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
PrintAndLogEx(INFO, "Brute-forcing direction: " _YELLOW_("UP"));
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
PrintAndLogEx(INFO, "Brute-forcing direction: " _YELLOW_("DOWN"));
|
||||||
|
break;
|
||||||
|
default: break;
|
||||||
|
}
|
||||||
|
}
|
||||||
PrintAndLogEx(INFO, "Brute-forcing HID reader");
|
PrintAndLogEx(INFO, "Brute-forcing HID reader");
|
||||||
PrintAndLogEx(INFO, "Press pm3-button to abort simulation or run another command");
|
PrintAndLogEx(INFO, "Press pm3-button to abort simulation or press `enter` to exit");
|
||||||
|
|
||||||
|
// copy values to low.
|
||||||
|
cn_low = cn_hi;
|
||||||
|
|
||||||
// main loop
|
// main loop
|
||||||
for (;;) {
|
// iceman: could add options for bruteforcing OEM, ISSUE or FC aswell..
|
||||||
|
bool exitloop = false;
|
||||||
|
bool fin_hi, fin_low;
|
||||||
|
fin_hi = fin_low = false;
|
||||||
|
do {
|
||||||
|
|
||||||
if (!session.pm3_present) {
|
if (!session.pm3_present) {
|
||||||
PrintAndLogEx(WARNING, "Device offline\n");
|
PrintAndLogEx(WARNING, "Device offline\n");
|
||||||
|
@ -440,18 +485,44 @@ static int CmdHIDBrute(const char *Cmd) {
|
||||||
return sendPing();
|
return sendPing();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do one up
|
// do one up
|
||||||
if (datahi.CardNumber < 0xFFFF) {
|
if (direction != 2) {
|
||||||
datahi.CardNumber++;
|
if (cn_hi.CardNumber < 0xFFFF) {
|
||||||
if (sendTry(format_idx, &datahi, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT;
|
cn_hi.CardNumber++;
|
||||||
|
if (sendTry(format_idx, &cn_hi, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT;
|
||||||
|
} else {
|
||||||
|
fin_hi = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Do one up
|
// do one down
|
||||||
if (datalo.CardNumber > 1) {
|
if (direction != 1) {
|
||||||
datalo.CardNumber--;
|
if (cn_low.CardNumber > 0) {
|
||||||
if (sendTry(format_idx, &datalo, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT;
|
cn_low.CardNumber--;
|
||||||
|
if (sendTry(format_idx, &cn_low, delay, verbose) != PM3_SUCCESS) return PM3_ESOFT;
|
||||||
|
} else {
|
||||||
|
fin_low = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
switch (direction) {
|
||||||
|
case 0:
|
||||||
|
if (fin_hi && fin_low) {
|
||||||
|
exitloop = true;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 1:
|
||||||
|
exitloop = fin_hi;
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
exitloop = fin_low;
|
||||||
|
break;
|
||||||
|
default: break;
|
||||||
|
}
|
||||||
|
|
||||||
|
} while (exitloop == false);
|
||||||
|
|
||||||
|
PrintAndLogEx(INFO, "Brute forcing finished");
|
||||||
return PM3_SUCCESS;
|
return PM3_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue