From 6cb1ee44e3957ac10f51b4a6c422e0932defaec4 Mon Sep 17 00:00:00 2001
From: David Bryan <dave@drstrangelove.net>
Date: Mon, 28 Oct 2019 06:30:52 +0000
Subject: [PATCH] stuff and things.. it mostly works.

---
 install-all.sh       |  3 +-
 proxmark3-web.py     | 66 ++++++++++++++++++++++++-------
 templates/cards.html | 94 ++++++++++++++++++++++++++++++++++++++++++++
 templates/main.html  |  3 +-
 templates/nav.html   | 15 +++++++
 5 files changed, 164 insertions(+), 17 deletions(-)
 create mode 100644 templates/cards.html
 create mode 100644 templates/nav.html

diff --git a/install-all.sh b/install-all.sh
index f2f20cd..06b0735 100755
--- a/install-all.sh
+++ b/install-all.sh
@@ -3,10 +3,9 @@
 # this script will install proxmark3-rdv4, and all the things.
 
 sudo apt-get update && sudo apt-get -y install --no-install-recommends git ca-certificates build-essential pkg-config \
-libreadline-dev gcc-arm-none-eabi libnewlib-dev python3-flask hostapd python3-pip python3-dateutil python3-dateparser libev-dev && \
+libreadline-dev gcc-arm-none-eabi libnewlib-dev python3-flask python3-flask-sqlalchemy hostapd python3-pip python3-dateutil python3-dateparser libev-dev gunicorn3 && \
 sudo pip3 install --upgrade pip && \
 sudo pip3 install datetime && \
-sudo pip3 install bjoern && \
 cd ~ && git clone https://github.com/RfidResearchGroup/proxmark3.git &&\
 cd ~/proxmark3/ && git pull && make clean && make all && sudo make install &&\
 cd ~/proxmark3-web && \
diff --git a/proxmark3-web.py b/proxmark3-web.py
index b5b307e..6f5aec3 100755
--- a/proxmark3-web.py
+++ b/proxmark3-web.py
@@ -1,19 +1,21 @@
 #!/usr/bin/env python3
 # vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
 
-import os, string, subprocess, sys, time
+import os, string, subprocess, sys, time, random
 #import subprocess
 
 from flask import Flask, flash, redirect, render_template, \
      request, url_for
-
+from flask_sqlalchemy import SQLAlchemy
 from datetime import datetime
 
-debug=0
+debug=1
 
 proxmark3_rdv4_dir='../proxmark3'
 proxmark3_rdv4_client=proxmark3_rdv4_dir + '/client/proxmark3'
 logfile = "../card-reads.log"
+db_file="/home/pi/proxmark3.db"
+
 # Setup a dictionary for the serial port types
 serial_port_list = { '/dev/tty.usbmodemiceman1', '/dev/ttyACM0' }
 
@@ -34,6 +36,14 @@ def get_card_data(data):
             #print('Raw: '+ raw_cardnumber +' Card Number: '+ card_number +' Card format: '+ format_len +' Facility: '+ facility_code )
             return(card_data)
 
+def log_card_data(card_data):
+    if debug: 
+        print("Writing date to the database...") 
+        print(card_data)
+    addCard = card_tbl(card_raw=card_data['raw_cardnumber'], card_number = card_data['card_number'], card_format = card_data['format_len'], card_oem = card_data['oem'], card_facility_code = card_data['facility_code'])
+    db.session.add(addCard)
+    db.session.commit()
+
 def exists(path):
     """Test whether a path exists.  Returns False for broken symbolic links"""
     try:
@@ -55,21 +65,35 @@ while not serial_port:
         time.sleep(delay)
 
 if(True):
-    app = Flask(__name__, instance_relative_config=True)
-
     # create and configure the app
-#    app = Flask(__name__, instance_relative_config=True)
+    app = Flask(__name__, instance_relative_config=True)
+    #Set up the Database for storing cards
+    app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:////' + db_file
+    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+    db = SQLAlchemy(app)
+
+    # Database Classes
+    class card_tbl(db.Model):
+        id = db.Column(db.Integer, primary_key=True)
+        time_stamp = db.Column(db.DateTime, nullable=False,
+        default=datetime.utcnow)
+        card_raw = db.Column(db.String(128))
+        card_number = db.Column(db.String(128))
+        card_format = db.Column(db.String(128))
+        card_oem = db.Column(db.String(128))
+        card_facility_code = db.Column(db.String(128))
+
+        def __repr__(self):
+            return '<card_raw {}>'.format(self.card_raw)
+        #    return "<id(id='%s', time_stamp='%s', card_raw='%s', card_format='%s', card_oem='%s', card_facility_code='%s')>" % (
+        #            self.id, self.time_stamp, self.card_raw, self.card_number, self.card_format, self.card_oem, self.card_facility_code)
+
     app.config.from_mapping(
-        SECRET_KEY='djjslekrjgi348gj38fd225u8g',
-#        DATABASE=os.path.join(app.instance_path, 'flaskr.sqlite'),
+        SECRET_KEY=str(random.getrandbits(64))
     )
 
-#    if test_config is None:
-#        # load the instance config, if it exists, when not testing
-#        app.config.from_pyfile('config.py', silent=True)
-#    else:
-        # load the test config if passed in
-#        app.config.from_mapping(test_config)
+    if not os.path.exists(db_file):
+        db.create_all()
 
     # ensure the instance folder exists
     try:
@@ -115,6 +139,7 @@ if(True):
         if(cardnumber.returncode == 0):
             if('HID Prox TAG ID:' in cardnumber.stdout.decode('ASCII')):
                 card = get_card_data(cardnumber.stdout.decode('ASCII'))
+                log_card_data(card)
                 if(debug): print("Card number:" + str(card))
                 current_time=str(datetime.now().isoformat(timespec='seconds'))
                 print(current_time + ' _Card Used_ ' + str(card), file=open(logfile, "a"))
@@ -150,6 +175,19 @@ if(True):
                 flash('ERROR: CARD DID NOT PROGRAM... TRY AGIAN.')
                 return redirect(url_for('index'))
 
+    @app.route('/card/list')
+    def card_list():
+        card = card_tbl.query.all()
+        #for line in card:
+        #    print(line['card_number'])
+
+        return render_template('cards.html', card = card)
+
+    @app.route('/card/<card_raw>')
+    def card_mod(card_raw):
+        card_raw = card_tbl.query.filter_by(card_raw=card_raw).all()
+        print(card)
+        return render_template('card.html', card_raw = card)
 
     @app.route('/wipe_card')
     def wipe_card():
diff --git a/templates/cards.html b/templates/cards.html
new file mode 100644
index 0000000..20fb00c
--- /dev/null
+++ b/templates/cards.html
@@ -0,0 +1,94 @@
+<!doctype html>
+<link rel="stylesheet" href="/static/css/bootstrap.min.css">
+<title>Cards Captured</title>
+
+<body class="bg-dark">
+{% include "nav.html" %}
+<div class="container-fluid">
+   <div class="row border">
+      <div class="col-md-2 py-5">
+         <img class="img-fluid" src="/static/images/X-Force_Red_Logo_For_Dark_Backgrounds.png">
+      </div>
+   </div>
+
+   <div class="row text-white border">
+      <div class="col border">
+	      Action:
+      </div>
+      <div class="col border">
+	Facility Code:
+      </div>
+      <div class="col border">
+        Card Number:
+      </div>
+      <div class="col border">
+        Raw HID Formated Card: 
+      </div>
+      <div class="col border">
+        OEM Code:
+      </div>
+   </div>
+{% for row in card %}
+   <div class="row text-white border p-1">
+	 <div class="col">
+		 <form action="/write" method="get">
+			 <input type="hidden" name="raw_cardnumber" value={{ row['card_raw'] }} />
+			 <button type="submit" class="btn btn-primary">Clone</button>
+		 </form>
+	 </div>
+	 <div class="col">
+		 {{ row['card_facility_code'] }}
+	 </div>
+	 <div class="col">
+		 {{ row['card_number'] }}
+	 </div>
+	 <div class="col">
+		 {{ row['card_raw'] }}
+	 </div>
+	 <div class="col">
+		 {{ row['card_oem'] }}
+	 </div>
+   </div>
+{% endfor %}
+</div>
+  <div class="row">
+    <div class="col text-white">
+      <p>
+        {% with messages = get_flashed_messages() %}
+        {% if messages %}
+        Status:
+        {% for message in messages %}
+          {{ message }}
+        {% endfor %}
+        {% endif %}
+        {% endwith %}
+        &nbsp;
+      </p>
+    </div>
+  </div>
+</div>
+
+  <div class="row">
+    <div class="col">
+      <hr style="border-color: #fff;">
+    </div>
+  </div>
+
+  <div class="row">
+
+    <div class="col">
+      <a href="/provision_card" type="button" class="btn btn-danger btn-lg">CREATE X-Force Red Card</a>
+    </div>
+
+    <div class="col text-center">
+      <a href="/wipe_card" type="submit" class="btn btn-warning btn-lg" formaction="/wipe_card">Wipe Card</a>
+    </div>
+
+    <div class="col text-right">
+      <a href="/" type="submit" class="btn btn-secondary btn-lg" formaction="/">RESTART</a>
+    </div>
+  </div>
+</div>
+
+<!-- I am a code comment. I have a Key for you. 2005FFFFFF. -->
+</body>
diff --git a/templates/main.html b/templates/main.html
index 23bd73e..e62591a 100644
--- a/templates/main.html
+++ b/templates/main.html
@@ -3,10 +3,11 @@
 <title>XFR-Card-Cloning-Demo</title>
 
 <body class="bg-dark">
+{% include "nav.html" %}
 
 <div class="container">
 	<div class="row">
-		<div class="col-md-4 py-2">
+		<div class="col-md-2 py-2">
 			<img class="img-fluid" src="/static/images/X-Force_Red_Logo_For_Dark_Backgrounds.png">
 		</div>
 	</div>
diff --git a/templates/nav.html b/templates/nav.html
new file mode 100644
index 0000000..5ccae5b
--- /dev/null
+++ b/templates/nav.html
@@ -0,0 +1,15 @@
+<nav class="navbar navbar-expand-sm fixed-top navbar-light bg-light">
+    <div class="container">
+        <a class="navbar-brand" href="/">Main</a>
+        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbar1">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+        <div class="collapse navbar-collapse" id="navbar1">
+            <ul class="navbar-nav nav nav-fill w-50">
+                <li class="nav-item">
+                    <a class="nav-link active" href="/card/list">CardList</a>
+                </li>
+            </ul>
+        </div>
+    </div>
+</nav>