mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2025-02-12 18:25:07 +08:00
Add Mifare Ultralight bruteforce support to hf_bruteforce lua script
This commit is contained in:
Daniel Underhay
parent
52618303f3
commit
fa1103bbc3
3 changed files with 56 additions and 30 deletions
|
|
@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file.
|
|||
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
|
||||
|
||||
## [unreleased][unreleased]
|
||||
- Change `script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type` - The hf_bruteforce card script now requires Mifare type (mfc or mfu) (@dunderhay)
|
||||
- Updated `hf_bruteforce.lua` script - added support for brute forcing Mifare Ultralight EV1 cards (@dunderhay)
|
||||
- Added `hf mf personlize` - personalize the UID of a Mifare Classic EV1 card (@pwpiwi)
|
||||
- Change - hint texts added to all lf clone commands (@iceman1001)
|
||||
- Change `lf keri demod` - adjusted the internal id. (@mwalker33)
|
||||
|
|
|
|||
|
|
@ -1,27 +1,34 @@
|
|||
-- Run me like this: proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua
|
||||
-- Run me like this (connected via USB): ./pm3 -l hf_bruteforce.lua
|
||||
-- Run me like this (connected via Blueshark addon): ./client/proxmark3 /dev/rfcomm0 -l ./hf_bruteforce.lua
|
||||
|
||||
local getopt = require('getopt')
|
||||
|
||||
copyright = ''
|
||||
author = 'Keld Norman'
|
||||
version = 'v1.0.0'
|
||||
desc = [[
|
||||
|
||||
]]
|
||||
example = [[
|
||||
-- (the above example would bruteforce card number, starting at 1, ending at 10, and waiting 1 second between each card)
|
||||
|
||||
script run hf_bruteforce -s 1 -e 10 -t 1000
|
||||
]]
|
||||
author = 'Daniel Underhay (updated), Keld Norman(original)'
|
||||
version = 'v2.0.0'
|
||||
usage = [[
|
||||
|
||||
script run hf_bruteforce -s start_id -e end_id -t timeout -d direction
|
||||
pm3 --> script run hf_bruteforce -s start_id -e end_id -t timeout -x mifare_card_type
|
||||
|
||||
Arguments:
|
||||
-h this help
|
||||
-s 0-0xFFFFFFFF start id
|
||||
-e 0-0xFFFFFFFF end id
|
||||
-t 0-99999, pause timeout (ms) between cards (use the word 'pause' to wait for user input)
|
||||
-x mfc, mfu mifare type: mfc for Mifare Classic (default) or mfu for Mifare Ultralight EV1
|
||||
|
||||
|
||||
Example:
|
||||
|
||||
pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
|
||||
|
||||
Bruteforce a 4 byte UID Mifare classic card number, starting at 11223344, ending at 11223346.
|
||||
|
||||
|
||||
pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
|
||||
|
||||
Bruteforce a 7 byte UID Mifare Ultralight card number, starting at 11223344556677, ending at 11223344556679.
|
||||
|
||||
]]
|
||||
|
||||
|
||||
|
|
@ -60,37 +67,45 @@ local function help()
|
|||
print(usage)
|
||||
end
|
||||
---
|
||||
-- Exit message
|
||||
local function exitMsg(msg)
|
||||
--- Print user message
|
||||
local function msg(msg)
|
||||
print( string.rep('--',20) )
|
||||
print('')
|
||||
print(msg)
|
||||
print('')
|
||||
print( string.rep('--',20) )
|
||||
print()
|
||||
end
|
||||
---
|
||||
-- Start
|
||||
local function main(args)
|
||||
|
||||
print( string.rep('--',20) )
|
||||
print( string.rep('--',20) )
|
||||
print()
|
||||
local timeout = 0
|
||||
local start_id = 0
|
||||
local end_id = 0xFFFFFFFF
|
||||
local end_id = 0xFFFFFFFFFFFFFF
|
||||
local mftype = 'mfc'
|
||||
|
||||
for o, a in getopt.getopt(args, 'e:s:t:h') do
|
||||
for o, a in getopt.getopt(args, 'e:s:t:x:h') do
|
||||
if o == 's' then start_id = a end
|
||||
if o == 'e' then end_id = a end
|
||||
if o == 't' then timeout = a end
|
||||
if o == 'x' then mftype = a end
|
||||
if o == 'h' then return print(usage) end
|
||||
end
|
||||
|
||||
-- template
|
||||
local command = 'hf 14a sim t 1 u %08X'
|
||||
local command = ''
|
||||
|
||||
print(' Bruteforcing MFC card numbers from 00000000 to FFFFFFFF using delay: '..timeout)
|
||||
print('')
|
||||
print( string.rep('--',20) )
|
||||
if mftype == 'mfc' then
|
||||
command = 'hf 14a sim t 1 u %14X'
|
||||
msg('Bruteforcing Mifare Classic card numbers')
|
||||
elseif mftype == 'mfu' then
|
||||
command = 'hf 14a sim t 2 u %14X'
|
||||
msg('Bruteforcing Mifare Ultralight card numbers')
|
||||
else
|
||||
return print(usage)
|
||||
end
|
||||
|
||||
if command == '' then return print(usage) end
|
||||
|
||||
for n = start_id, end_id do
|
||||
local c = string.format( command, n )
|
||||
|
|
@ -102,4 +117,3 @@ local function main(args)
|
|||
|
||||
end
|
||||
main(args)
|
||||
|
||||
|
|
|
|||
|
|
@ -290,6 +290,16 @@ pm3 --> hf mfu eload u hf-mfu-XXXX-dump.eml
|
|||
pm3 --> hf mfu sim t 7 u hf-mfu-XXXX-dump.eml
|
||||
```
|
||||
|
||||
Bruteforce Mifare Classic card numbers from 11223344 to 11223346
|
||||
```
|
||||
pm3 --> script run hf_bruteforce -s 0x11223344 -e 0x11223346 -t 1000 -x mfc
|
||||
```
|
||||
|
||||
Bruteforce Mifare Ultralight EV1 card numbers from 11223344556677 to 11223344556679
|
||||
```
|
||||
pm3 --> script run hf_bruteforce -s 0x11223344556677 -e 0x11223344556679 -t 1000 -x mfu
|
||||
```
|
||||
|
||||
## Wiegand manipulation
|
||||
^[Top](#top)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue