]>
Commit | Line | Data |
---|---|---|
5b760b6c | 1 | //----------------------------------------------------------------------------- |
2 | // Copyright (C) 2013 m h swende <martin at swende.se> | |
3 | // | |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
5 | // at your option, any later version. See the LICENSE.txt file for the text of | |
6 | // the license. | |
7 | //----------------------------------------------------------------------------- | |
8 | // Some lua scripting glue to proxmark core. | |
9 | //----------------------------------------------------------------------------- | |
10 | ||
7779d73c | 11 | #include "scripting.h" |
12 | ||
06919754 | 13 | #include <stdlib.h> |
5b760b6c | 14 | #include <lua.h> |
15 | #include <lualib.h> | |
16 | #include <lauxlib.h> | |
17 | #include "proxmark3.h" | |
ad939de5 | 18 | #include "comms.h" |
5b760b6c | 19 | #include "usb_cmd.h" |
20 | #include "cmdmain.h" | |
44fffc54 | 21 | #include "util.h" |
7779d73c | 22 | #include "mifarehost.h" |
77cd612f | 23 | #include "../common/iso15693tools.h" |
be2d41b7 | 24 | #include "iso14443crc.h" |
b915fda3 | 25 | #include "../common/crc16.h" |
d730878d | 26 | #include "../common/crc64.h" |
d03fb293 OM |
27 | #include "../common/polarssl/sha1.h" |
28 | #include "../common/polarssl/aes.h" | |
757221f5 | 29 | |
5b760b6c | 30 | /** |
31 | * The following params expected: | |
32 | * UsbCommand c | |
33 | *@brief l_SendCommand | |
34 | * @param L | |
35 | * @return | |
36 | */ | |
37 | static int l_SendCommand(lua_State *L){ | |
38 | ||
d730878d | 39 | /* |
40 | * | |
41 | The SendCommand (native) expects the following structure: | |
42 | ||
43 | typedef struct { | |
44 | uint64_t cmd; //8 bytes | |
45 | uint64_t arg[3]; // 8*3 bytes = 24 bytes | |
46 | union { | |
47 | uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR) | |
48 | uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes | |
49 | } d; | |
50 | } PACKED UsbCommand; | |
51 | ||
52 | ==> A 544 byte buffer will do. | |
53 | **/ | |
54 | //Pop cmd | |
55 | size_t size; | |
56 | const char *data = luaL_checklstring(L, 1, &size); | |
57 | if(size != sizeof(UsbCommand)) | |
58 | { | |
59 | printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand)); | |
60 | lua_pushstring(L,"Wrong data size"); | |
61 | return 1; | |
62 | } | |
96e7a3a5 | 63 | |
64 | // UsbCommand c = (*data); | |
d730878d | 65 | SendCommand((UsbCommand* )data); |
66 | return 0; // no return values | |
5b760b6c | 67 | } |
68 | /** | |
69 | * @brief The following params expected: | |
70 | * uint32_t cmd | |
71 | * size_t ms_timeout | |
72 | * @param L | |
73 | * @return | |
74 | */ | |
75 | static int l_WaitForResponseTimeout(lua_State *L){ | |
76 | ||
d730878d | 77 | uint32_t cmd = 0; |
78 | size_t ms_timeout = -1; | |
79 | ||
80 | //Check number of arguments | |
81 | int n = lua_gettop(L); | |
82 | if(n == 0) | |
83 | { | |
84 | //signal error by returning Nil, errorstring | |
85 | lua_pushnil(L); | |
86 | lua_pushstring(L,"You need to supply at least command to wait for"); | |
87 | return 2; // two return values | |
88 | } | |
89 | if(n >= 1) | |
90 | { | |
91 | //pop cmd | |
92 | cmd = luaL_checkunsigned(L,1); | |
93 | } | |
94 | if(n >= 2) | |
95 | { | |
96 | //Did the user send a timeout ? | |
97 | //Check if the current top of stack is an integer | |
98 | ms_timeout = luaL_checkunsigned(L,2); | |
99 | //printf("Timeout set to %dms\n" , (int) ms_timeout); | |
100 | } | |
101 | ||
102 | UsbCommand response; | |
103 | ||
104 | if(WaitForResponseTimeout(cmd, &response, ms_timeout)) | |
105 | { | |
106 | //Push it as a string | |
107 | lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand)); | |
108 | ||
109 | return 1;// return 1 to signal one return value | |
110 | }else{ | |
111 | //Push a Nil instead | |
112 | lua_pushnil(L); | |
113 | return 1;// one return value | |
114 | } | |
5b760b6c | 115 | } |
2dcdf1a6 | 116 | |
117 | static int returnToLuaWithError(lua_State *L, const char* fmt, ...) | |
118 | { | |
d730878d | 119 | char buffer[200]; |
120 | va_list args; | |
121 | va_start(args,fmt); | |
122 | vsnprintf(buffer, sizeof(buffer), fmt,args); | |
123 | va_end(args); | |
124 | ||
125 | lua_pushnil(L); | |
126 | lua_pushstring(L,buffer); | |
127 | return 2; | |
2dcdf1a6 | 128 | } |
129 | ||
7779d73c | 130 | static int l_mfDarkside(lua_State *L){ |
2dcdf1a6 | 131 | |
7779d73c | 132 | uint64_t key; |
133 | ||
134 | int retval = mfDarkside(&key); | |
135 | ||
d730878d | 136 | //Push the retval on the stack |
7779d73c | 137 | lua_pushinteger(L, retval); |
2dcdf1a6 | 138 | |
d730878d | 139 | //Push the key onto the stack |
140 | uint8_t dest_key[8]; | |
7779d73c | 141 | num_to_bytes(key, sizeof(dest_key), dest_key); |
b9697139 | 142 | |
43534cba | 143 | //printf("Pushing to lua stack: %012" PRIx64 "\n",key); |
7779d73c | 144 | lua_pushlstring(L,(const char *)dest_key, sizeof(dest_key)); |
2dcdf1a6 | 145 | |
d730878d | 146 | return 2; //Two return values |
2dcdf1a6 | 147 | } |
7779d73c | 148 | |
42daa759 | 149 | //static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));} |
7779d73c | 150 | |
44fffc54 | 151 | static int l_clearCommandBuffer(lua_State *L){ |
d730878d | 152 | clearCommandBuffer(); |
153 | return 0; | |
44fffc54 | 154 | } |
155 | /** | |
156 | * @brief l_foobar is a dummy function to test lua-integration with | |
157 | * @param L | |
158 | * @return | |
159 | */ | |
160 | static int l_foobar(lua_State *L) | |
161 | { | |
d730878d | 162 | //Check number of arguments |
163 | int n = lua_gettop(L); | |
164 | printf("foobar called with %d arguments" , n); | |
165 | lua_settop(L, 0); | |
166 | printf("Arguments discarded, stack now contains %d elements", lua_gettop(L)); | |
167 | ||
168 | // todo: this is not used, where was it intended for? | |
169 | // UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}}; | |
170 | ||
171 | printf("Now returning a uint64_t as a string"); | |
172 | uint64_t x = 0xDEADBEEF; | |
173 | uint8_t destination[8]; | |
174 | num_to_bytes(x,sizeof(x),destination); | |
175 | lua_pushlstring(L,(const char *)&x,sizeof(x)); | |
176 | lua_pushlstring(L,(const char *)destination,sizeof(destination)); | |
177 | ||
178 | return 2; | |
44fffc54 | 179 | } |
180 | ||
2dcdf1a6 | 181 | |
44fffc54 | 182 | /** |
183 | * @brief Utility to check if a key has been pressed by the user. This method does not block. | |
184 | * @param L | |
185 | * @return boolean, true if kbhit, false otherwise. | |
186 | */ | |
187 | static int l_ukbhit(lua_State *L) | |
188 | { | |
d730878d | 189 | lua_pushboolean(L,ukbhit() ? true : false); |
190 | return 1; | |
44fffc54 | 191 | } |
0a85b725 | 192 | /** |
193 | * @brief Calls the command line parser to deal with the command. This enables | |
194 | * lua-scripts to do stuff like "core.console('hf mf mifare')" | |
195 | * @param L | |
196 | * @return | |
197 | */ | |
198 | static int l_CmdConsole(lua_State *L) | |
199 | { | |
d730878d | 200 | CommandReceived((char *)luaL_checkstring(L, 1)); |
201 | return 0; | |
0a85b725 | 202 | } |
203 | ||
77cd612f | 204 | static int l_iso15693_crc(lua_State *L) |
205 | { | |
d730878d | 206 | // uint16_t Iso15693Crc(uint8_t *v, int n); |
207 | size_t size; | |
208 | const char *v = luaL_checklstring(L, 1, &size); | |
209 | uint16_t retval = Iso15693Crc((uint8_t *) v, size); | |
210 | lua_pushinteger(L, (int) retval); | |
211 | return 1; | |
77cd612f | 212 | } |
5b760b6c | 213 | |
be2d41b7 | 214 | static int l_iso14443b_crc(lua_State *L) |
215 | { | |
216 | /* void ComputeCrc14443(int CrcType, | |
217 | const unsigned char *Data, int Length, | |
218 | unsigned char *TransmitFirst, | |
219 | unsigned char *TransmitSecond) | |
220 | */ | |
221 | unsigned char buf[USB_CMD_DATA_SIZE]; | |
222 | size_t len = 0; | |
223 | const char *data = luaL_checklstring(L, 1, &len); | |
224 | if (USB_CMD_DATA_SIZE < len) | |
225 | len = USB_CMD_DATA_SIZE-2; | |
226 | ||
227 | for (int i = 0; i < len; i += 2) { | |
228 | sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]); | |
229 | } | |
230 | ComputeCrc14443(CRC_14443_B, buf, len, &buf[len], &buf[len+1]); | |
231 | ||
232 | lua_pushlstring(L, (const char *)&buf, len+2); | |
233 | return 1; | |
234 | } | |
b915fda3 | 235 | /* |
236 | Simple AES 128 cbc hook up to OpenSSL. | |
237 | params: key, input | |
238 | */ | |
1c4c0b06 | 239 | static int l_aes128decrypt_cbc(lua_State *L) |
b915fda3 | 240 | { |
241 | //Check number of arguments | |
242 | int i; | |
d730878d | 243 | size_t size; |
244 | const char *p_key = luaL_checklstring(L, 1, &size); | |
245 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
246 | ||
247 | const char *p_encTxt = luaL_checklstring(L, 2, &size); | |
b915fda3 | 248 | |
1f6417a9 MHS |
249 | unsigned char indata[16] = {0x00}; |
250 | unsigned char outdata[16] = {0x00}; | |
d730878d | 251 | unsigned char aes_key[16] = {0x00}; |
1f6417a9 | 252 | unsigned char iv[16] = {0x00}; |
d730878d | 253 | |
254 | // convert key to bytearray and convert input to bytearray | |
b915fda3 | 255 | for (i = 0; i < 32; i += 2) { |
256 | sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]); | |
d730878d | 257 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); |
b915fda3 | 258 | } |
d730878d | 259 | |
260 | aes_context ctx; | |
261 | aes_init(&ctx); | |
262 | aes_setkey_dec(&ctx, aes_key, 128); | |
263 | aes_crypt_cbc(&ctx,AES_DECRYPT,sizeof(indata), iv, indata,outdata ); | |
264 | //Push decrypted array as a string | |
265 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
266 | return 1;// return 1 to signal one return value | |
267 | } | |
1c4c0b06 | 268 | static int l_aes128decrypt_ecb(lua_State *L) |
269 | { | |
270 | //Check number of arguments | |
271 | int i; | |
272 | size_t size; | |
273 | const char *p_key = luaL_checklstring(L, 1, &size); | |
274 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
275 | ||
276 | const char *p_encTxt = luaL_checklstring(L, 2, &size); | |
277 | ||
278 | unsigned char indata[16] = {0x00}; | |
279 | unsigned char outdata[16] = {0x00}; | |
280 | unsigned char aes_key[16] = {0x00}; | |
281 | ||
282 | // convert key to bytearray and convert input to bytearray | |
283 | for (i = 0; i < 32; i += 2) { | |
284 | sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]); | |
285 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); | |
286 | } | |
287 | aes_context ctx; | |
288 | aes_init(&ctx); | |
289 | aes_setkey_dec(&ctx, aes_key, 128); | |
290 | aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata ); | |
291 | ||
292 | //Push decrypted array as a string | |
293 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
294 | return 1;// return 1 to signal one return value | |
295 | } | |
296 | ||
297 | static int l_aes128encrypt_cbc(lua_State *L) | |
d730878d | 298 | { |
299 | //Check number of arguments | |
300 | int i; | |
301 | size_t size; | |
302 | const char *p_key = luaL_checklstring(L, 1, &size); | |
303 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
304 | ||
305 | const char *p_txt = luaL_checklstring(L, 2, &size); | |
306 | ||
307 | unsigned char indata[16] = {0x00}; | |
308 | unsigned char outdata[16] = {0x00}; | |
309 | unsigned char aes_key[16] = {0x00}; | |
310 | unsigned char iv[16] = {0x00}; | |
b915fda3 | 311 | |
b915fda3 | 312 | for (i = 0; i < 32; i += 2) { |
d730878d | 313 | sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]); |
b915fda3 | 314 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); |
315 | } | |
1f6417a9 | 316 | |
d730878d | 317 | aes_context ctx; |
318 | aes_init(&ctx); | |
319 | aes_setkey_enc(&ctx, aes_key, 128); | |
320 | aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata ); | |
321 | //Push encrypted array as a string | |
b915fda3 | 322 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); |
323 | return 1;// return 1 to signal one return value | |
324 | } | |
325 | ||
1c4c0b06 | 326 | static int l_aes128encrypt_ecb(lua_State *L) |
327 | { | |
328 | //Check number of arguments | |
329 | int i; | |
330 | size_t size; | |
331 | const char *p_key = luaL_checklstring(L, 1, &size); | |
332 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
333 | ||
334 | const char *p_txt = luaL_checklstring(L, 2, &size); | |
335 | ||
336 | unsigned char indata[16] = {0x00}; | |
337 | unsigned char outdata[16] = {0x00}; | |
338 | unsigned char aes_key[16] = {0x00}; | |
339 | ||
340 | for (i = 0; i < 32; i += 2) { | |
341 | sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]); | |
342 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); | |
343 | } | |
344 | aes_context ctx; | |
345 | aes_init(&ctx); | |
346 | aes_setkey_enc(&ctx, aes_key, 128); | |
347 | aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata ); | |
348 | //Push encrypted array as a string | |
349 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
350 | return 1;// return 1 to signal one return value | |
351 | } | |
352 | ||
b915fda3 | 353 | static int l_crc16(lua_State *L) |
354 | { | |
355 | size_t size; | |
356 | const char *p_str = luaL_checklstring(L, 1, &size); | |
d730878d | 357 | |
b915fda3 | 358 | uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size); |
d730878d | 359 | lua_pushinteger(L, (int) retval); |
360 | return 1; | |
361 | } | |
362 | ||
363 | static int l_crc64(lua_State *L) | |
364 | { | |
365 | size_t size; | |
366 | uint64_t crc = 0; | |
367 | unsigned char outdata[8] = {0x00}; | |
368 | ||
369 | const char *p_str = luaL_checklstring(L, 1, &size); | |
370 | ||
371 | crc64( (uint8_t*) p_str, size, &crc); | |
372 | ||
373 | outdata[0] = (uint8_t)(crc >> 56) & 0xff; | |
374 | outdata[1] = (uint8_t)(crc >> 48) & 0xff; | |
375 | outdata[2] = (uint8_t)(crc >> 40) & 0xff; | |
376 | outdata[3] = (uint8_t)(crc >> 32) & 0xff; | |
377 | outdata[4] = (uint8_t)(crc >> 24) & 0xff; | |
378 | outdata[5] = (uint8_t)(crc >> 16) & 0xff; | |
379 | outdata[6] = (uint8_t)(crc >> 8) & 0xff; | |
380 | outdata[7] = crc & 0xff; | |
381 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
382 | return 1; | |
b915fda3 | 383 | } |
384 | ||
1c4c0b06 | 385 | static int l_sha1(lua_State *L) |
386 | { | |
387 | size_t size; | |
388 | const char *p_str = luaL_checklstring(L, 1, &size); | |
389 | unsigned char outdata[20] = {0x00}; | |
390 | sha1( (uint8_t*) p_str, size, outdata); | |
391 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
392 | return 1; | |
393 | } | |
394 | ||
686f0a17 | 395 | /** |
396 | * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be | |
397 | * able to do "require('foobar')" if foobar.lua is within lualibs folder. | |
398 | * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c | |
399 | * @param L | |
400 | * @param path | |
401 | * @return | |
402 | */ | |
403 | int setLuaPath( lua_State* L, const char* path ) | |
404 | { | |
d730878d | 405 | lua_getglobal( L, "package" ); |
406 | lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1) | |
407 | const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack | |
408 | int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it | |
409 | char * buf = malloc(requiredLength); | |
410 | snprintf(buf, requiredLength, "%s;%s", cur_path, path); | |
411 | lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5 | |
412 | lua_pushstring( L, buf ); // push the new one | |
413 | lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack | |
414 | lua_pop( L, 1 ); // get rid of package table from top of stack | |
415 | free(buf); | |
416 | return 0; // all done! | |
686f0a17 | 417 | } |
418 | ||
419 | ||
f057bddb | 420 | int set_pm3_libraries(lua_State *L) |
5b760b6c | 421 | { |
686f0a17 | 422 | |
d730878d | 423 | static const luaL_Reg libs[] = { |
424 | {"SendCommand", l_SendCommand}, | |
425 | {"WaitForResponseTimeout", l_WaitForResponseTimeout}, | |
7779d73c | 426 | {"mfDarkside", l_mfDarkside}, |
d730878d | 427 | //{"PrintAndLog", l_PrintAndLog}, |
428 | {"foobar", l_foobar}, | |
429 | {"ukbhit", l_ukbhit}, | |
430 | {"clearCommandBuffer", l_clearCommandBuffer}, | |
431 | {"console", l_CmdConsole}, | |
432 | {"iso15693_crc", l_iso15693_crc}, | |
be2d41b7 | 433 | {"iso14443b_crc", l_iso14443b_crc}, |
1c4c0b06 | 434 | {"aes128_decrypt", l_aes128decrypt_cbc}, |
435 | {"aes128_decrypt_ecb", l_aes128decrypt_ecb}, | |
436 | {"aes128_encrypt", l_aes128encrypt_cbc}, | |
437 | {"aes128_encrypt_ecb", l_aes128encrypt_ecb}, | |
b915fda3 | 438 | {"crc16", l_crc16}, |
d730878d | 439 | {"crc64", l_crc64}, |
1c4c0b06 | 440 | {"sha1", l_sha1}, |
d730878d | 441 | {NULL, NULL} |
442 | }; | |
443 | ||
444 | lua_pushglobaltable(L); | |
445 | // Core library is in this table. Contains ' | |
446 | //this is 'pm3' table | |
447 | lua_newtable(L); | |
448 | ||
449 | //Put the function into the hash table. | |
450 | for (int i = 0; libs[i].name; i++) { | |
451 | lua_pushcfunction(L, libs[i].func); | |
452 | lua_setfield(L, -2, libs[i].name);//set the name, pop stack | |
453 | } | |
454 | //Name of 'core' | |
455 | lua_setfield(L, -2, "core"); | |
456 | ||
457 | //-- remove the global environment table from the stack | |
458 | lua_pop(L, 1); | |
459 | ||
460 | //-- Last but not least, add to the LUA_PATH (package.path in lua) | |
461 | // so we can load libraries from the ./lualib/ - directory | |
4197a3f6 | 462 | char libraries_path[strlen(get_my_executable_directory()) + strlen(LUA_LIBRARIES_DIRECTORY) + strlen(LUA_LIBRARIES_WILDCARD) + 1]; |
463 | strcpy(libraries_path, get_my_executable_directory()); | |
464 | strcat(libraries_path, LUA_LIBRARIES_DIRECTORY); | |
465 | strcat(libraries_path, LUA_LIBRARIES_WILDCARD); | |
466 | setLuaPath(L, libraries_path); | |
d730878d | 467 | |
468 | return 1; | |
5b760b6c | 469 | } |