RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-01-26 10:04:24 +08:00
Code Issues Projects Releases Packages Wiki Activity

Added lua script to read stored pwds in flashmem

Browse source
This commit is contained in:
bogiton 2018-11-06 13:37:34 +00:00 committed by GitHub
parent d6d96eb7fe
commit db37458545
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 86 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
client/scripts/read_pwd_mem.lua Normal file
View file

@ -0,0 +1,86 @@
local getopt = require('getopt')
local bin = require('bin')
author = "Bogito"
version = 'v1.0.0'
desc =[[
This script will read the flash memory of RDV4 and print the stored passwords.
It was meant to be used as a help tool after using the BogRun standalone mode.
]]
usage = [[
Usage:
script run read_pwd_mem -h -o <offset> -l <length>
Arguments:
-h : this help
-o <OFFSET> : Memory offset. Default is 0.
-l <LENGTH> : Length in bytes. Default is 256.
]]
example =[[
Examples:
-- This will scan the first 256 bytes of flash memory for stored passwords
script run read_pwd_mem
-- This will scan 256 bytes of flash memory at offset 64 for stored passwords
script run read_pwd_mem -o 64
-- This will scan 32 bytes of flash memory at offset 64 for stored passwords
script run read_pwd_mem -o 64 -l 32
]]
-- Usage help
local function help()
print(desc)
print(usage)
print(example)
end
local function main(args)
local data, err, quadlet, pwdcnt
local offset = 0
local length = 256
-- Read the parameters
for o, a in getopt.getopt(args, 'ho:l:') do
if o == "h" then return help() end
if o == "o" then offset = tonumber(a) end
if o == "l" then length = tonumber(a) end
end
if length < 0 or length > 256 then
return print('Error: Length is not valid. Must be less than 256')
end
if ((offset < 0) or (offset % 4 ~= 0)) then
return print('Error: Offset is not valid. Mod-4 values are only allowed.')
end
print('Offset: ' .. offset)
print('Length: ' .. length)
print()
data, err = core.GetFromFlashMem(offset, length)
if err then
print(err)
return
end
local count, s = bin.unpack('H'..length, data)
pwdcnt = 0
for i = 1,(length/4),1
do
quadlet = string.sub(s, (i-1)*8+1, i*8)
if quadlet == "FFFFFFFF" then break end
print(string.format("[%02d]",i) .. ' ' .. quadlet)
pwdcnt = pwdcnt + 1
end
print()
print('Found passwords: ' .. pwdcnt)
end
main(args)