]> cvs.zerfleddert.de Git - proxmark3-svn/blame - client/scripting.c
FIX: removed width in cmdcrc.c , to get rid of the compiler warning.
[proxmark3-svn] / client / scripting.c
CommitLineData
5b760b6c 1//-----------------------------------------------------------------------------
2// Copyright (C) 2013 m h swende <martin at swende.se>
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
8// Some lua scripting glue to proxmark core.
9//-----------------------------------------------------------------------------
10
11#include <lua.h>
12#include <lualib.h>
13#include <lauxlib.h>
14#include "proxmark3.h"
15#include "usb_cmd.h"
16#include "cmdmain.h"
17#include "scripting.h"
44fffc54 18#include "util.h"
2dcdf1a6 19#include "nonce2key/nonce2key.h"
77cd612f 20#include "../common/iso15693tools.h"
47cbb2d4 21#include "../common/crc16.h"
3ee8c808 22#include "../common/crc64.h"
ea75b30c 23#include "../common/sha1.h"
1f6417a9 24#include "aes.h"
60e86577 25#include "cmdcrc.h"
5b760b6c 26/**
27 * The following params expected:
28 * UsbCommand c
29 *@brief l_SendCommand
30 * @param L
31 * @return
32 */
33static int l_SendCommand(lua_State *L){
34
35 /*
36 *
37 The SendCommand (native) expects the following structure:
38
39 typedef struct {
40 uint64_t cmd; //8 bytes
41 uint64_t arg[3]; // 8*3 bytes = 24 bytes
42 union {
43 uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR)
44 uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes
45 } d;
46 } PACKED UsbCommand;
47
48 ==> A 544 byte buffer will do.
49 **/
50 //Pop cmd
96e7a3a5 51 size_t size;
52 const char *data = luaL_checklstring(L, 1, &size);
53 if(size != sizeof(UsbCommand))
54 {
f057bddb 55 printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
96e7a3a5 56 lua_pushstring(L,"Wrong data size");
57 return 1;
58 }
59
60// UsbCommand c = (*data);
42daa759 61 SendCommand((UsbCommand* )data);
44fffc54 62 return 0; // no return values
5b760b6c 63}
64/**
65 * @brief The following params expected:
66 * uint32_t cmd
67 * size_t ms_timeout
68 * @param L
69 * @return
70 */
71static int l_WaitForResponseTimeout(lua_State *L){
72
44fffc54 73 uint32_t cmd = 0;
74 size_t ms_timeout = -1;
5b760b6c 75
44fffc54 76 //Check number of arguments
77 int n = lua_gettop(L);
78 if(n == 0)
5b760b6c 79 {
44fffc54 80 //signal error by returning Nil, errorstring
81 lua_pushnil(L);
82 lua_pushstring(L,"You need to supply at least command to wait for");
83 return 2; // two return values
84 }
85 if(n >= 1)
86 {
87 //pop cmd
88 cmd = luaL_checkunsigned(L,1);
89 }
90 if(n >= 2)
91 {
92 //Did the user send a timeout ?
93 //Check if the current top of stack is an integer
5b760b6c 94 ms_timeout = luaL_checkunsigned(L,2);
44fffc54 95 //printf("Timeout set to %dms\n" , (int) ms_timeout);
5b760b6c 96 }
5b760b6c 97
44fffc54 98 UsbCommand response;
99
100 if(WaitForResponseTimeout(cmd, &response, ms_timeout))
5b760b6c 101 {
44fffc54 102 //Push it as a string
42daa759 103 lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand));
44fffc54 104
105 return 1;// return 1 to signal one return value
106 }else{
5b760b6c 107 //Push a Nil instead
108 lua_pushnil(L);
44fffc54 109 return 1;// one return value
5b760b6c 110 }
111}
2dcdf1a6 112
113static int returnToLuaWithError(lua_State *L, const char* fmt, ...)
114{
115 char buffer[200];
116 va_list args;
117 va_start(args,fmt);
118 vsnprintf(buffer, sizeof(buffer), fmt,args);
119 va_end(args);
120
121 lua_pushnil(L);
122 lua_pushstring(L,buffer);
123 return 2;
124}
125
126static int l_nonce2key(lua_State *L){
127
128 size_t size;
129 const char *p_uid = luaL_checklstring(L, 1, &size);
130 if(size != 4) return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size);
131
132 const char *p_nt = luaL_checklstring(L, 2, &size);
133 if(size != 4) return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size);
134
135 const char *p_nr = luaL_checklstring(L, 3, &size);
136 if(size != 4) return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size);
137
138 const char *p_par_info = luaL_checklstring(L, 4, &size);
139 if(size != 8) return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size);
140
141 const char *p_pks_info = luaL_checklstring(L, 5, &size);
142 if(size != 8) return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size);
143
144
145 uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4);
146 uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4);
147
148 uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4);
149 uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8);
150 uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8);
151
152 uint64_t key = 0;
153
154 int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key);
155
156 //Push the retval on the stack
157 lua_pushinteger(L,retval);
2dcdf1a6 158
2dcdf1a6 159 //Push the key onto the stack
05f23c59 160 uint8_t dest_key[8];
161 num_to_bytes(key,sizeof(dest_key),dest_key);
b9697139 162
05f23c59 163 //printf("Pushing to lua stack: %012"llx"\n",key);
164 lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key));
2dcdf1a6 165
166 return 2; //Two return values
167}
42daa759 168//static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));}
44fffc54 169static int l_clearCommandBuffer(lua_State *L){
170 clearCommandBuffer();
42daa759 171 return 0;
44fffc54 172}
173/**
174 * @brief l_foobar is a dummy function to test lua-integration with
175 * @param L
176 * @return
177 */
178static int l_foobar(lua_State *L)
179{
180 //Check number of arguments
181 int n = lua_gettop(L);
182 printf("foobar called with %d arguments" , n);
183 lua_settop(L, 0);
184 printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));
bcf61bd3 185
05f23c59 186 // todo: this is not used, where was it intended for?
187 // UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}};
bcf61bd3 188
05f23c59 189 printf("Now returning a uint64_t as a string");
190 uint64_t x = 0xDEADBEEF;
191 uint8_t destination[8];
192 num_to_bytes(x,sizeof(x),destination);
193 lua_pushlstring(L,(const char *)&x,sizeof(x));
194 lua_pushlstring(L,(const char *)destination,sizeof(destination));
195
196 return 2;
44fffc54 197}
198
2dcdf1a6 199
44fffc54 200/**
201 * @brief Utility to check if a key has been pressed by the user. This method does not block.
202 * @param L
203 * @return boolean, true if kbhit, false otherwise.
204 */
205static int l_ukbhit(lua_State *L)
206{
207 lua_pushboolean(L,ukbhit() ? true : false);
208 return 1;
209}
0a85b725 210/**
211 * @brief Calls the command line parser to deal with the command. This enables
212 * lua-scripts to do stuff like "core.console('hf mf mifare')"
213 * @param L
214 * @return
215 */
216static int l_CmdConsole(lua_State *L)
217{
218 CommandReceived((char *)luaL_checkstring(L, 1));
219 return 0;
220}
221
77cd612f 222static int l_iso15693_crc(lua_State *L)
223{
224 // uint16_t Iso15693Crc(uint8_t *v, int n);
225 size_t size;
226 const char *v = luaL_checklstring(L, 1, &size);
227 uint16_t retval = Iso15693Crc((uint8_t *) v, size);
228 lua_pushinteger(L, (int) retval);
229 return 1;
230}
5b760b6c 231
c15d2bdc 232/*
233 Simple AES 128 cbc hook up to OpenSSL.
234 params: key, input
235*/
b18948fd 236static int l_aes128decrypt_cbc(lua_State *L)
c15d2bdc 237{
238 //Check number of arguments
239 int i;
240 size_t size;
241 const char *p_key = luaL_checklstring(L, 1, &size);
242 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
243
244 const char *p_encTxt = luaL_checklstring(L, 2, &size);
b915fda3 245
1f6417a9
MHS
246 unsigned char indata[16] = {0x00};
247 unsigned char outdata[16] = {0x00};
248 unsigned char aes_key[16] = {0x00};
249 unsigned char iv[16] = {0x00};
d87779d6 250
d730878d 251 // convert key to bytearray and convert input to bytearray
c15d2bdc 252 for (i = 0; i < 32; i += 2) {
253 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
d87779d6 254 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
c15d2bdc 255 }
d87779d6 256
257 aes_context ctx;
258 aes_init(&ctx);
d87779d6 259 aes_setkey_dec(&ctx, aes_key, 128);
260 aes_crypt_cbc(&ctx, AES_DECRYPT, sizeof(indata), iv, indata, outdata );
261 //Push decrypted array as a string
262 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
263 return 1;// return 1 to signal one return value
264}
b18948fd 265static int l_aes128decrypt_ecb(lua_State *L)
266{
267 //Check number of arguments
268 int i;
269 size_t size;
270 const char *p_key = luaL_checklstring(L, 1, &size);
271 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
272
273 const char *p_encTxt = luaL_checklstring(L, 2, &size);
274
275 unsigned char indata[16] = {0x00};
276 unsigned char outdata[16] = {0x00};
277 unsigned char aes_key[16] = {0x00};
278
279 // convert key to bytearray and convert input to bytearray
280 for (i = 0; i < 32; i += 2) {
281 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
282 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
283 }
284 aes_context ctx;
285 aes_init(&ctx);
286 aes_setkey_dec(&ctx, aes_key, 128);
287 aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );
288
289 //Push decrypted array as a string
290 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
291 return 1;// return 1 to signal one return value
292}
293
294static int l_aes128encrypt_cbc(lua_State *L)
d87779d6 295{
296 //Check number of arguments
297 int i;
298 size_t size;
299 const char *p_key = luaL_checklstring(L, 1, &size);
300 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
301
302 const char *p_txt = luaL_checklstring(L, 2, &size);
303
304 unsigned char indata[16] = {0x00};
305 unsigned char outdata[16] = {0x00};
306 unsigned char aes_key[16] = {0x00};
307 unsigned char iv[16] = {0x00};
c15d2bdc 308
c15d2bdc 309 for (i = 0; i < 32; i += 2) {
d87779d6 310 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
c15d2bdc 311 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
312 }
1f6417a9
MHS
313
314 aes_context ctx;
315 aes_init(&ctx);
d730878d 316 aes_setkey_enc(&ctx, aes_key, 128);
d87779d6 317 aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
d730878d 318 //Push encrypted array as a string
c15d2bdc 319 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
320 return 1;// return 1 to signal one return value
321}
322
b18948fd 323static int l_aes128encrypt_ecb(lua_State *L)
324{
325 //Check number of arguments
326 int i;
327 size_t size;
328 const char *p_key = luaL_checklstring(L, 1, &size);
329 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
330
331 const char *p_txt = luaL_checklstring(L, 2, &size);
332
333 unsigned char indata[16] = {0x00};
334 unsigned char outdata[16] = {0x00};
335 unsigned char aes_key[16] = {0x00};
336
337 for (i = 0; i < 32; i += 2) {
338 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
339 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
340 }
341 aes_context ctx;
342 aes_init(&ctx);
343 aes_setkey_enc(&ctx, aes_key, 128);
344 aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
345 //Push encrypted array as a string
346 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
347 return 1;// return 1 to signal one return value
348}
349
47cbb2d4 350static int l_crc16(lua_State *L)
351{
352 size_t size;
353 const char *p_str = luaL_checklstring(L, 1, &size);
d730878d 354
06b58a94 355 uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
47cbb2d4 356 lua_pushinteger(L, (int) retval);
357 return 1;
358}
359
3ee8c808 360static int l_crc64(lua_State *L)
361{
362 size_t size;
363 uint64_t crc = 0;
364 unsigned char outdata[8] = {0x00};
365
366 const char *p_str = luaL_checklstring(L, 1, &size);
d730878d 367
3ee8c808 368 crc64( (uint8_t*) p_str, size, &crc);
369
370 outdata[0] = (uint8_t)(crc >> 56) & 0xff;
371 outdata[1] = (uint8_t)(crc >> 48) & 0xff;
372 outdata[2] = (uint8_t)(crc >> 40) & 0xff;
373 outdata[3] = (uint8_t)(crc >> 32) & 0xff;
374 outdata[4] = (uint8_t)(crc >> 24) & 0xff;
375 outdata[5] = (uint8_t)(crc >> 16) & 0xff;
376 outdata[6] = (uint8_t)(crc >> 8) & 0xff;
377 outdata[7] = crc & 0xff;
378 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
d730878d 379 return 1;
3ee8c808 380}
381
2d2f7d19 382static int l_sha1(lua_State *L)
383{
ea75b30c 384 size_t size;
385 const char *p_str = luaL_checklstring(L, 1, &size);
386 unsigned char outdata[20] = {0x00};
387 sha1( (uint8_t*) p_str, size, outdata);
388 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
389 return 1;
390}
391
60e86577 392static int l_reveng_models(lua_State *L){
393
394 char *models[80];
395 int count = 0;
dd1df490 396 int in_width = luaL_checkinteger(L, 1);
60e86577 397
398 if( in_width > 89 ) return returnToLuaWithError(L,"Width cannot exceed 89, got %d", in_width);
399
99789601 400 uint8_t width[80];
401 width[0] = (uint8_t)in_width;
402 int ans = GetModels(models, &count, width);
403 if (!ans) return 0;
60e86577 404
405 lua_newtable(L);
406
407 for (int i = 0; i < count; i++){
408 lua_pushstring(L, (const char*)models[i]);
409 lua_rawseti(L,-2,i+1);
410 free(models[i]);
411 }
412
413 return 1;
414}
415
dd1df490 416//Called with 4 parameters.
417// inModel ,string containing the crc model name: 'CRC-8'
418// inHexStr ,string containing the hex representation of the data that will be used for CRC calculations.
419// reverse ,int 0/1 (bool) if 1, calculate the reverse CRC
420// endian ,char, 'B','b','L','l','t','r' describing if Big-Endian or Little-Endian should be used in different combinations.
421//
422// outputs: string with hex representation of the CRC result
60e86577 423static int l_reveng_RunModel(lua_State *L){
424 //-c || -v
425 //inModel = valid model name string - CRC-8
426 //inHexStr = input hex string to calculate crc on
427 //reverse = reverse calc option if true
428 //endian = {0 = calc default endian input and output, b = big endian input and output, B = big endian output, r = right justified
429 // l = little endian input and output, L = little endian output only, t = left justified}
430 //result = calculated crc hex string
431 char result[50];
432
dd1df490 433 const char *inModel = luaL_checkstring(L, 1);
434 const char *inHexStr = luaL_checkstring(L, 2);
435 bool reverse = lua_toboolean(L, 3);
436 const char endian = luaL_checkstring(L, 4)[0];
60e86577 437
438 //PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse);
dd1df490 439 // int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result)
440 int ans = RunModel( (char *)inModel, (char *)inHexStr, reverse, endian, result);
60e86577 441 if (!ans)
442 return returnToLuaWithError(L,"Reveng failed");
443
444 lua_pushstring(L, (const char*)result);
445 return 1;
446}
447
686f0a17 448/**
449 * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
450 * able to do "require('foobar')" if foobar.lua is within lualibs folder.
451 * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c
452 * @param L
453 * @param path
454 * @return
455 */
456int setLuaPath( lua_State* L, const char* path )
457{
458 lua_getglobal( L, "package" );
459 lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1)
460 const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack
461 int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it
462 char * buf = malloc(requiredLength);
463 snprintf(buf, requiredLength, "%s;%s", cur_path, path);
464 lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5
465 lua_pushstring( L, buf ); // push the new one
466 lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
467 lua_pop( L, 1 ); // get rid of package table from top of stack
d730878d 468 free(buf);
664bb5ae 469 return 0; // all done!
686f0a17 470}
471
472
f057bddb 473int set_pm3_libraries(lua_State *L)
5b760b6c 474{
686f0a17 475
5b760b6c 476 static const luaL_Reg libs[] = {
477 {"SendCommand", l_SendCommand},
478 {"WaitForResponseTimeout", l_WaitForResponseTimeout},
2dcdf1a6 479 {"nonce2key", l_nonce2key},
42daa759 480 //{"PrintAndLog", l_PrintAndLog},
44fffc54 481 {"foobar", l_foobar},
482 {"ukbhit", l_ukbhit},
483 {"clearCommandBuffer", l_clearCommandBuffer},
d730878d 484 {"console", l_CmdConsole},
485 {"iso15693_crc", l_iso15693_crc},
b18948fd 486 {"aes128_decrypt", l_aes128decrypt_cbc},
487 {"aes128_decrypt_ecb", l_aes128decrypt_ecb},
488 {"aes128_encrypt", l_aes128encrypt_cbc},
489 {"aes128_encrypt_ecb", l_aes128encrypt_ecb},
47cbb2d4 490 {"crc16", l_crc16},
d730878d 491 {"crc64", l_crc64},
ea75b30c 492 {"sha1", l_sha1},
60e86577 493 {"reveng_models", l_reveng_models},
494 {"reveng_runmodel", l_reveng_RunModel},
5b760b6c 495 {NULL, NULL}
496 };
497
498 lua_pushglobaltable(L);
499 // Core library is in this table. Contains '
500 //this is 'pm3' table
501 lua_newtable(L);
502
503 //Put the function into the hash table.
504 for (int i = 0; libs[i].name; i++) {
505 lua_pushcfunction(L, libs[i].func);
506 lua_setfield(L, -2, libs[i].name);//set the name, pop stack
507 }
508 //Name of 'core'
509 lua_setfield(L, -2, "core");
510
511 //-- remove the global environment table from the stack
512 lua_pop(L, 1);
686f0a17 513
514 //-- Last but not least, add to the LUA_PATH (package.path in lua)
515 // so we can load libraries from the ./lualib/ - directory
516 setLuaPath(L,"./lualibs/?.lua");
517
5b760b6c 518 return 1;
519}
Impressum, Datenschutz