]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/scripting.c
CHG: making sure no buffer overflows will occure in ul_send_cmd_raw by adding respon...
[proxmark3-svn] / client / scripting.c
CommitLineData
5b760b6c 1//-----------------------------------------------------------------------------
2// Copyright (C) 2013 m h swende <martin at swende.se>
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Some lua scripting glue to proxmark core.
9//-----------------------------------------------------------------------------
10
11#include <lua.h>
12#include <lualib.h>
13#include <lauxlib.h>
14#include "proxmark3.h"
15#include "usb_cmd.h"
16#include "cmdmain.h"
17#include "scripting.h"
44fffc54 18#include "util.h"
2dcdf1a6 19#include "nonce2key/nonce2key.h"
77cd612f 20#include "../common/iso15693tools.h"
47cbb2d4 21#include "../common/crc16.h"
3ee8c808 22#include "../common/crc64.h"
1f6417a9 23#include "aes.h"
5b760b6c 24/**
25 * The following params expected:
26 * UsbCommand c
27 *@brief l_SendCommand
28 * @param L
29 * @return
30 */
31static int l_SendCommand(lua_State *L){
32
33 /*
34 *
35 The SendCommand (native) expects the following structure:
36
37 typedef struct {
38 uint64_t cmd; //8 bytes
39 uint64_t arg[3]; // 8*3 bytes = 24 bytes
40 union {
41 uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR)
42 uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes
43 } d;
44 } PACKED UsbCommand;
45
46 ==> A 544 byte buffer will do.
47 **/
48 //Pop cmd
96e7a3a5 49 size_t size;
50 const char *data = luaL_checklstring(L, 1, &size);
51 if(size != sizeof(UsbCommand))
52 {
f057bddb 53 printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
96e7a3a5 54 lua_pushstring(L,"Wrong data size");
55 return 1;
56 }
57
58// UsbCommand c = (*data);
42daa759 59 SendCommand((UsbCommand* )data);
44fffc54 60 return 0; // no return values
5b760b6c 61}
62/**
63 * @brief The following params expected:
64 * uint32_t cmd
65 * size_t ms_timeout
66 * @param L
67 * @return
68 */
69static int l_WaitForResponseTimeout(lua_State *L){
70
44fffc54 71 uint32_t cmd = 0;
72 size_t ms_timeout = -1;
5b760b6c 73
44fffc54 74 //Check number of arguments
75 int n = lua_gettop(L);
76 if(n == 0)
5b760b6c 77 {
44fffc54 78 //signal error by returning Nil, errorstring
79 lua_pushnil(L);
80 lua_pushstring(L,"You need to supply at least command to wait for");
81 return 2; // two return values
82 }
83 if(n >= 1)
84 {
85 //pop cmd
86 cmd = luaL_checkunsigned(L,1);
87 }
88 if(n >= 2)
89 {
90 //Did the user send a timeout ?
91 //Check if the current top of stack is an integer
5b760b6c 92 ms_timeout = luaL_checkunsigned(L,2);
44fffc54 93 //printf("Timeout set to %dms\n" , (int) ms_timeout);
5b760b6c 94 }
5b760b6c 95
44fffc54 96 UsbCommand response;
97
98 if(WaitForResponseTimeout(cmd, &response, ms_timeout))
5b760b6c 99 {
44fffc54 100 //Push it as a string
42daa759 101 lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand));
44fffc54 102
103 return 1;// return 1 to signal one return value
104 }else{
5b760b6c 105 //Push a Nil instead
106 lua_pushnil(L);
44fffc54 107 return 1;// one return value
5b760b6c 108 }
109}
2dcdf1a6 110
111static int returnToLuaWithError(lua_State *L, const char* fmt, ...)
112{
113 char buffer[200];
114 va_list args;
115 va_start(args,fmt);
116 vsnprintf(buffer, sizeof(buffer), fmt,args);
117 va_end(args);
118
119 lua_pushnil(L);
120 lua_pushstring(L,buffer);
121 return 2;
122}
123
124static int l_nonce2key(lua_State *L){
125
126 size_t size;
127 const char *p_uid = luaL_checklstring(L, 1, &size);
128 if(size != 4) return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size);
129
130 const char *p_nt = luaL_checklstring(L, 2, &size);
131 if(size != 4) return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size);
132
133 const char *p_nr = luaL_checklstring(L, 3, &size);
134 if(size != 4) return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size);
135
136 const char *p_par_info = luaL_checklstring(L, 4, &size);
137 if(size != 8) return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size);
138
139 const char *p_pks_info = luaL_checklstring(L, 5, &size);
140 if(size != 8) return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size);
141
142
143 uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4);
144 uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4);
145
146 uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4);
147 uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8);
148 uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8);
149
150 uint64_t key = 0;
151
152 int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key);
153
154 //Push the retval on the stack
155 lua_pushinteger(L,retval);
05f23c59 156
2dcdf1a6 157 //Push the key onto the stack
05f23c59 158 uint8_t dest_key[8];
159 num_to_bytes(key,sizeof(dest_key),dest_key);
b9697139 160
05f23c59 161 //printf("Pushing to lua stack: %012"llx"\n",key);
162 lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key));
2dcdf1a6 163
164 return 2; //Two return values
165}
42daa759 166//static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));}
44fffc54 167static int l_clearCommandBuffer(lua_State *L){
168 clearCommandBuffer();
42daa759 169 return 0;
44fffc54 170}
171/**
172 * @brief l_foobar is a dummy function to test lua-integration with
173 * @param L
174 * @return
175 */
176static int l_foobar(lua_State *L)
177{
178 //Check number of arguments
179 int n = lua_gettop(L);
180 printf("foobar called with %d arguments" , n);
181 lua_settop(L, 0);
182 printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));
05f23c59 183
184 // todo: this is not used, where was it intended for?
185 // UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}};
186
187 printf("Now returning a uint64_t as a string");
188 uint64_t x = 0xDEADBEEF;
189 uint8_t destination[8];
190 num_to_bytes(x,sizeof(x),destination);
191 lua_pushlstring(L,(const char *)&x,sizeof(x));
192 lua_pushlstring(L,(const char *)destination,sizeof(destination));
193
194 return 2;
44fffc54 195}
196
2dcdf1a6 197
44fffc54 198/**
199 * @brief Utility to check if a key has been pressed by the user. This method does not block.
200 * @param L
201 * @return boolean, true if kbhit, false otherwise.
202 */
203static int l_ukbhit(lua_State *L)
204{
205 lua_pushboolean(L,ukbhit() ? true : false);
206 return 1;
207}
0a85b725 208/**
209 * @brief Calls the command line parser to deal with the command. This enables
210 * lua-scripts to do stuff like "core.console('hf mf mifare')"
211 * @param L
212 * @return
213 */
214static int l_CmdConsole(lua_State *L)
215{
216 CommandReceived((char *)luaL_checkstring(L, 1));
217 return 0;
218}
219
77cd612f 220static int l_iso15693_crc(lua_State *L)
221{
222 // uint16_t Iso15693Crc(uint8_t *v, int n);
223 size_t size;
224 const char *v = luaL_checklstring(L, 1, &size);
225 uint16_t retval = Iso15693Crc((uint8_t *) v, size);
226 lua_pushinteger(L, (int) retval);
227 return 1;
228}
5b760b6c 229
c15d2bdc 230/*
231 Simple AES 128 cbc hook up to OpenSSL.
232 params: key, input
233*/
d87779d6 234static int l_aes128decrypt(lua_State *L)
c15d2bdc 235{
236 //Check number of arguments
237 int i;
238 size_t size;
239 const char *p_key = luaL_checklstring(L, 1, &size);
240 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
241
242 const char *p_encTxt = luaL_checklstring(L, 2, &size);
243
1f6417a9
MHS
244 unsigned char indata[16] = {0x00};
245 unsigned char outdata[16] = {0x00};
246 unsigned char aes_key[16] = {0x00};
247 unsigned char iv[16] = {0x00};
d87779d6 248
c15d2bdc 249 for (i = 0; i < 32; i += 2) {
250 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
d87779d6 251 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
c15d2bdc 252 }
d87779d6 253
254 aes_context ctx;
255 aes_init(&ctx);
256 //aes_setkey_enc(&ctx, (const unsigned char *)aes_key, 128);
257 aes_setkey_dec(&ctx, aes_key, 128);
258 aes_crypt_cbc(&ctx, AES_DECRYPT, sizeof(indata), iv, indata, outdata );
259 //Push decrypted array as a string
260 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
261 return 1;// return 1 to signal one return value
262}
263static int l_aes128encrypt(lua_State *L)
264{
265 //Check number of arguments
266 int i;
267 size_t size;
268 const char *p_key = luaL_checklstring(L, 1, &size);
269 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
270
271 const char *p_txt = luaL_checklstring(L, 2, &size);
272
273 unsigned char indata[16] = {0x00};
274 unsigned char outdata[16] = {0x00};
275 unsigned char aes_key[16] = {0x00};
276 unsigned char iv[16] = {0x00};
c15d2bdc 277
c15d2bdc 278 for (i = 0; i < 32; i += 2) {
d87779d6 279 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
c15d2bdc 280 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
281 }
1f6417a9
MHS
282
283 aes_context ctx;
284 aes_init(&ctx);
d87779d6 285 aes_setkey_enc(&ctx, aes_key, 128);
286 aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
287 //Push encrypted array as a string
c15d2bdc 288 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
289 return 1;// return 1 to signal one return value
290}
291
47cbb2d4 292static int l_crc16(lua_State *L)
293{
294 size_t size;
295 const char *p_str = luaL_checklstring(L, 1, &size);
06b58a94 296
297 uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
47cbb2d4 298 lua_pushinteger(L, (int) retval);
299 return 1;
300}
301
3ee8c808 302static int l_crc64(lua_State *L)
303{
304 size_t size;
305 uint64_t crc = 0;
306 unsigned char outdata[8] = {0x00};
307
308 const char *p_str = luaL_checklstring(L, 1, &size);
309
310 crc64( (uint8_t*) p_str, size, &crc);
311
312 outdata[0] = (uint8_t)(crc >> 56) & 0xff;
313 outdata[1] = (uint8_t)(crc >> 48) & 0xff;
314 outdata[2] = (uint8_t)(crc >> 40) & 0xff;
315 outdata[3] = (uint8_t)(crc >> 32) & 0xff;
316 outdata[4] = (uint8_t)(crc >> 24) & 0xff;
317 outdata[5] = (uint8_t)(crc >> 16) & 0xff;
318 outdata[6] = (uint8_t)(crc >> 8) & 0xff;
319 outdata[7] = crc & 0xff;
320 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
321 return 1;
322}
323
686f0a17 324/**
325 * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
326 * able to do "require('foobar')" if foobar.lua is within lualibs folder.
327 * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c
328 * @param L
329 * @param path
330 * @return
331 */
332int setLuaPath( lua_State* L, const char* path )
333{
334 lua_getglobal( L, "package" );
335 lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1)
336 const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack
337 int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it
338 char * buf = malloc(requiredLength);
339 snprintf(buf, requiredLength, "%s;%s", cur_path, path);
340 lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5
341 lua_pushstring( L, buf ); // push the new one
342 lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
343 lua_pop( L, 1 ); // get rid of package table from top of stack
344 return 0; // all done!
345}
346
347
f057bddb 348int set_pm3_libraries(lua_State *L)
5b760b6c 349{
686f0a17 350
5b760b6c 351 static const luaL_Reg libs[] = {
352 {"SendCommand", l_SendCommand},
353 {"WaitForResponseTimeout", l_WaitForResponseTimeout},
2dcdf1a6 354 {"nonce2key", l_nonce2key},
42daa759 355 //{"PrintAndLog", l_PrintAndLog},
44fffc54 356 {"foobar", l_foobar},
357 {"ukbhit", l_ukbhit},
358 {"clearCommandBuffer", l_clearCommandBuffer},
c15d2bdc 359 {"console", l_CmdConsole},
360 {"iso15693_crc", l_iso15693_crc},
d87779d6 361 {"aes128_decrypt", l_aes128decrypt},
362 {"aes128_encrypt", l_aes128encrypt},
47cbb2d4 363 {"crc16", l_crc16},
3ee8c808 364 {"crc64", l_crc64},
5b760b6c 365 {NULL, NULL}
366 };
367
368 lua_pushglobaltable(L);
369 // Core library is in this table. Contains '
370 //this is 'pm3' table
371 lua_newtable(L);
372
373 //Put the function into the hash table.
374 for (int i = 0; libs[i].name; i++) {
375 lua_pushcfunction(L, libs[i].func);
376 lua_setfield(L, -2, libs[i].name);//set the name, pop stack
377 }
378 //Name of 'core'
379 lua_setfield(L, -2, "core");
380
381 //-- remove the global environment table from the stack
382 lua_pop(L, 1);
686f0a17 383
384 //-- Last but not least, add to the LUA_PATH (package.path in lua)
385 // so we can load libraries from the ./lualib/ - directory
386 setLuaPath(L,"./lualibs/?.lua");
387
5b760b6c 388 return 1;
389}
Impressum, Datenschutz