]>
Commit | Line | Data |
---|---|---|
1 | //----------------------------------------------------------------------------- | |
2 | // Copyright (C) 2013 m h swende <martin at swende.se> | |
3 | // | |
4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, | |
5 | // at your option, any later version. See the LICENSE.txt file for the text of | |
6 | // the license. | |
7 | //----------------------------------------------------------------------------- | |
8 | // Some lua scripting glue to proxmark core. | |
9 | //----------------------------------------------------------------------------- | |
10 | ||
11 | #include <lua.h> | |
12 | #include <lualib.h> | |
13 | #include <lauxlib.h> | |
14 | #include "proxmark3.h" | |
15 | #include "usb_cmd.h" | |
16 | #include "cmdmain.h" | |
17 | #include "scripting.h" | |
18 | #include "util.h" | |
19 | #include "nonce2key/nonce2key.h" | |
20 | #include "../common/iso15693tools.h" | |
21 | #include "../common/crc16.h" | |
22 | #include "../common/crc64.h" | |
23 | #include "../common/sha1.h" | |
24 | #include "aes.h" | |
25 | /** | |
26 | * The following params expected: | |
27 | * UsbCommand c | |
28 | *@brief l_SendCommand | |
29 | * @param L | |
30 | * @return | |
31 | */ | |
32 | static int l_SendCommand(lua_State *L){ | |
33 | ||
34 | /* | |
35 | * | |
36 | The SendCommand (native) expects the following structure: | |
37 | ||
38 | typedef struct { | |
39 | uint64_t cmd; //8 bytes | |
40 | uint64_t arg[3]; // 8*3 bytes = 24 bytes | |
41 | union { | |
42 | uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR) | |
43 | uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes | |
44 | } d; | |
45 | } PACKED UsbCommand; | |
46 | ||
47 | ==> A 544 byte buffer will do. | |
48 | **/ | |
49 | //Pop cmd | |
50 | size_t size; | |
51 | const char *data = luaL_checklstring(L, 1, &size); | |
52 | if(size != sizeof(UsbCommand)) | |
53 | { | |
54 | printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand)); | |
55 | lua_pushstring(L,"Wrong data size"); | |
56 | return 1; | |
57 | } | |
58 | ||
59 | // UsbCommand c = (*data); | |
60 | SendCommand((UsbCommand* )data); | |
61 | return 0; // no return values | |
62 | } | |
63 | /** | |
64 | * @brief The following params expected: | |
65 | * uint32_t cmd | |
66 | * size_t ms_timeout | |
67 | * @param L | |
68 | * @return | |
69 | */ | |
70 | static int l_WaitForResponseTimeout(lua_State *L){ | |
71 | ||
72 | uint32_t cmd = 0; | |
73 | size_t ms_timeout = -1; | |
74 | ||
75 | //Check number of arguments | |
76 | int n = lua_gettop(L); | |
77 | if(n == 0) | |
78 | { | |
79 | //signal error by returning Nil, errorstring | |
80 | lua_pushnil(L); | |
81 | lua_pushstring(L,"You need to supply at least command to wait for"); | |
82 | return 2; // two return values | |
83 | } | |
84 | if(n >= 1) | |
85 | { | |
86 | //pop cmd | |
87 | cmd = luaL_checkunsigned(L,1); | |
88 | } | |
89 | if(n >= 2) | |
90 | { | |
91 | //Did the user send a timeout ? | |
92 | //Check if the current top of stack is an integer | |
93 | ms_timeout = luaL_checkunsigned(L,2); | |
94 | //printf("Timeout set to %dms\n" , (int) ms_timeout); | |
95 | } | |
96 | ||
97 | UsbCommand response; | |
98 | ||
99 | if(WaitForResponseTimeout(cmd, &response, ms_timeout)) | |
100 | { | |
101 | //Push it as a string | |
102 | lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand)); | |
103 | ||
104 | return 1;// return 1 to signal one return value | |
105 | }else{ | |
106 | //Push a Nil instead | |
107 | lua_pushnil(L); | |
108 | return 1;// one return value | |
109 | } | |
110 | } | |
111 | ||
112 | static int returnToLuaWithError(lua_State *L, const char* fmt, ...) | |
113 | { | |
114 | char buffer[200]; | |
115 | va_list args; | |
116 | va_start(args,fmt); | |
117 | vsnprintf(buffer, sizeof(buffer), fmt,args); | |
118 | va_end(args); | |
119 | ||
120 | lua_pushnil(L); | |
121 | lua_pushstring(L,buffer); | |
122 | return 2; | |
123 | } | |
124 | ||
125 | static int l_nonce2key(lua_State *L){ | |
126 | ||
127 | size_t size; | |
128 | const char *p_uid = luaL_checklstring(L, 1, &size); | |
129 | if(size != 4) return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size); | |
130 | ||
131 | const char *p_nt = luaL_checklstring(L, 2, &size); | |
132 | if(size != 4) return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size); | |
133 | ||
134 | const char *p_nr = luaL_checklstring(L, 3, &size); | |
135 | if(size != 4) return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size); | |
136 | ||
137 | const char *p_par_info = luaL_checklstring(L, 4, &size); | |
138 | if(size != 8) return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size); | |
139 | ||
140 | const char *p_pks_info = luaL_checklstring(L, 5, &size); | |
141 | if(size != 8) return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size); | |
142 | ||
143 | ||
144 | uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4); | |
145 | uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4); | |
146 | ||
147 | uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4); | |
148 | uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8); | |
149 | uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8); | |
150 | ||
151 | uint64_t key = 0; | |
152 | ||
153 | int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key); | |
154 | ||
155 | //Push the retval on the stack | |
156 | lua_pushinteger(L,retval); | |
157 | ||
158 | //Push the key onto the stack | |
159 | uint8_t dest_key[8]; | |
160 | num_to_bytes(key,sizeof(dest_key),dest_key); | |
161 | ||
162 | //printf("Pushing to lua stack: %012"llx"\n",key); | |
163 | lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key)); | |
164 | ||
165 | return 2; //Two return values | |
166 | } | |
167 | //static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));} | |
168 | static int l_clearCommandBuffer(lua_State *L){ | |
169 | clearCommandBuffer(); | |
170 | return 0; | |
171 | } | |
172 | /** | |
173 | * @brief l_foobar is a dummy function to test lua-integration with | |
174 | * @param L | |
175 | * @return | |
176 | */ | |
177 | static int l_foobar(lua_State *L) | |
178 | { | |
179 | //Check number of arguments | |
180 | int n = lua_gettop(L); | |
181 | printf("foobar called with %d arguments" , n); | |
182 | lua_settop(L, 0); | |
183 | printf("Arguments discarded, stack now contains %d elements", lua_gettop(L)); | |
184 | ||
185 | // todo: this is not used, where was it intended for? | |
186 | // UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}}; | |
187 | ||
188 | printf("Now returning a uint64_t as a string"); | |
189 | uint64_t x = 0xDEADBEEF; | |
190 | uint8_t destination[8]; | |
191 | num_to_bytes(x,sizeof(x),destination); | |
192 | lua_pushlstring(L,(const char *)&x,sizeof(x)); | |
193 | lua_pushlstring(L,(const char *)destination,sizeof(destination)); | |
194 | ||
195 | return 2; | |
196 | } | |
197 | ||
198 | ||
199 | /** | |
200 | * @brief Utility to check if a key has been pressed by the user. This method does not block. | |
201 | * @param L | |
202 | * @return boolean, true if kbhit, false otherwise. | |
203 | */ | |
204 | static int l_ukbhit(lua_State *L) | |
205 | { | |
206 | lua_pushboolean(L,ukbhit() ? true : false); | |
207 | return 1; | |
208 | } | |
209 | /** | |
210 | * @brief Calls the command line parser to deal with the command. This enables | |
211 | * lua-scripts to do stuff like "core.console('hf mf mifare')" | |
212 | * @param L | |
213 | * @return | |
214 | */ | |
215 | static int l_CmdConsole(lua_State *L) | |
216 | { | |
217 | CommandReceived((char *)luaL_checkstring(L, 1)); | |
218 | return 0; | |
219 | } | |
220 | ||
221 | static int l_iso15693_crc(lua_State *L) | |
222 | { | |
223 | // uint16_t Iso15693Crc(uint8_t *v, int n); | |
224 | size_t size; | |
225 | const char *v = luaL_checklstring(L, 1, &size); | |
226 | uint16_t retval = Iso15693Crc((uint8_t *) v, size); | |
227 | lua_pushinteger(L, (int) retval); | |
228 | return 1; | |
229 | } | |
230 | ||
231 | /* | |
232 | Simple AES 128 cbc hook up to OpenSSL. | |
233 | params: key, input | |
234 | */ | |
235 | static int l_aes128decrypt_cbc(lua_State *L) | |
236 | { | |
237 | //Check number of arguments | |
238 | int i; | |
239 | size_t size; | |
240 | const char *p_key = luaL_checklstring(L, 1, &size); | |
241 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
242 | ||
243 | const char *p_encTxt = luaL_checklstring(L, 2, &size); | |
244 | ||
245 | unsigned char indata[16] = {0x00}; | |
246 | unsigned char outdata[16] = {0x00}; | |
247 | unsigned char aes_key[16] = {0x00}; | |
248 | unsigned char iv[16] = {0x00}; | |
249 | ||
250 | // convert key to bytearray and convert input to bytearray | |
251 | for (i = 0; i < 32; i += 2) { | |
252 | sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]); | |
253 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); | |
254 | } | |
255 | ||
256 | aes_context ctx; | |
257 | aes_init(&ctx); | |
258 | aes_setkey_dec(&ctx, aes_key, 128); | |
259 | aes_crypt_cbc(&ctx,AES_DECRYPT,sizeof(indata), iv, indata,outdata ); | |
260 | //Push decrypted array as a string | |
261 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
262 | return 1;// return 1 to signal one return value | |
263 | } | |
264 | static int l_aes128decrypt_ecb(lua_State *L) | |
265 | { | |
266 | //Check number of arguments | |
267 | int i; | |
268 | size_t size; | |
269 | const char *p_key = luaL_checklstring(L, 1, &size); | |
270 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
271 | ||
272 | const char *p_encTxt = luaL_checklstring(L, 2, &size); | |
273 | ||
274 | unsigned char indata[16] = {0x00}; | |
275 | unsigned char outdata[16] = {0x00}; | |
276 | unsigned char aes_key[16] = {0x00}; | |
277 | ||
278 | // convert key to bytearray and convert input to bytearray | |
279 | for (i = 0; i < 32; i += 2) { | |
280 | sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]); | |
281 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); | |
282 | } | |
283 | aes_context ctx; | |
284 | aes_init(&ctx); | |
285 | aes_setkey_dec(&ctx, aes_key, 128); | |
286 | aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata ); | |
287 | ||
288 | //Push decrypted array as a string | |
289 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
290 | return 1;// return 1 to signal one return value | |
291 | } | |
292 | ||
293 | static int l_aes128encrypt_cbc(lua_State *L) | |
294 | { | |
295 | //Check number of arguments | |
296 | int i; | |
297 | size_t size; | |
298 | const char *p_key = luaL_checklstring(L, 1, &size); | |
299 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
300 | ||
301 | const char *p_txt = luaL_checklstring(L, 2, &size); | |
302 | ||
303 | unsigned char indata[16] = {0x00}; | |
304 | unsigned char outdata[16] = {0x00}; | |
305 | unsigned char aes_key[16] = {0x00}; | |
306 | unsigned char iv[16] = {0x00}; | |
307 | ||
308 | for (i = 0; i < 32; i += 2) { | |
309 | sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]); | |
310 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); | |
311 | } | |
312 | ||
313 | aes_context ctx; | |
314 | aes_init(&ctx); | |
315 | aes_setkey_enc(&ctx, aes_key, 128); | |
316 | aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata ); | |
317 | //Push encrypted array as a string | |
318 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
319 | return 1;// return 1 to signal one return value | |
320 | } | |
321 | ||
322 | static int l_aes128encrypt_ecb(lua_State *L) | |
323 | { | |
324 | //Check number of arguments | |
325 | int i; | |
326 | size_t size; | |
327 | const char *p_key = luaL_checklstring(L, 1, &size); | |
328 | if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size); | |
329 | ||
330 | const char *p_txt = luaL_checklstring(L, 2, &size); | |
331 | ||
332 | unsigned char indata[16] = {0x00}; | |
333 | unsigned char outdata[16] = {0x00}; | |
334 | unsigned char aes_key[16] = {0x00}; | |
335 | ||
336 | for (i = 0; i < 32; i += 2) { | |
337 | sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]); | |
338 | sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]); | |
339 | } | |
340 | aes_context ctx; | |
341 | aes_init(&ctx); | |
342 | aes_setkey_enc(&ctx, aes_key, 128); | |
343 | aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata ); | |
344 | //Push encrypted array as a string | |
345 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
346 | return 1;// return 1 to signal one return value | |
347 | } | |
348 | ||
349 | static int l_crc16(lua_State *L) | |
350 | { | |
351 | size_t size; | |
352 | const char *p_str = luaL_checklstring(L, 1, &size); | |
353 | ||
354 | uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size); | |
355 | lua_pushinteger(L, (int) retval); | |
356 | return 1; | |
357 | } | |
358 | ||
359 | static int l_crc64(lua_State *L) | |
360 | { | |
361 | size_t size; | |
362 | uint64_t crc = 0; | |
363 | unsigned char outdata[8] = {0x00}; | |
364 | ||
365 | const char *p_str = luaL_checklstring(L, 1, &size); | |
366 | ||
367 | crc64( (uint8_t*) p_str, size, &crc); | |
368 | ||
369 | outdata[0] = (uint8_t)(crc >> 56) & 0xff; | |
370 | outdata[1] = (uint8_t)(crc >> 48) & 0xff; | |
371 | outdata[2] = (uint8_t)(crc >> 40) & 0xff; | |
372 | outdata[3] = (uint8_t)(crc >> 32) & 0xff; | |
373 | outdata[4] = (uint8_t)(crc >> 24) & 0xff; | |
374 | outdata[5] = (uint8_t)(crc >> 16) & 0xff; | |
375 | outdata[6] = (uint8_t)(crc >> 8) & 0xff; | |
376 | outdata[7] = crc & 0xff; | |
377 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
378 | return 1; | |
379 | } | |
380 | ||
381 | static int l_sha1(lua_State *L) | |
382 | { | |
383 | size_t size; | |
384 | const char *p_str = luaL_checklstring(L, 1, &size); | |
385 | unsigned char outdata[20] = {0x00}; | |
386 | sha1( (uint8_t*) p_str, size, outdata); | |
387 | lua_pushlstring(L,(const char *)&outdata, sizeof(outdata)); | |
388 | return 1; | |
389 | } | |
390 | ||
391 | /** | |
392 | * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be | |
393 | * able to do "require('foobar')" if foobar.lua is within lualibs folder. | |
394 | * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c | |
395 | * @param L | |
396 | * @param path | |
397 | * @return | |
398 | */ | |
399 | int setLuaPath( lua_State* L, const char* path ) | |
400 | { | |
401 | lua_getglobal( L, "package" ); | |
402 | lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1) | |
403 | const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack | |
404 | int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it | |
405 | char * buf = malloc(requiredLength); | |
406 | snprintf(buf, requiredLength, "%s;%s", cur_path, path); | |
407 | lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5 | |
408 | lua_pushstring( L, buf ); // push the new one | |
409 | lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack | |
410 | lua_pop( L, 1 ); // get rid of package table from top of stack | |
411 | free(buf); | |
412 | return 0; // all done! | |
413 | } | |
414 | ||
415 | ||
416 | int set_pm3_libraries(lua_State *L) | |
417 | { | |
418 | ||
419 | static const luaL_Reg libs[] = { | |
420 | {"SendCommand", l_SendCommand}, | |
421 | {"WaitForResponseTimeout", l_WaitForResponseTimeout}, | |
422 | {"nonce2key", l_nonce2key}, | |
423 | //{"PrintAndLog", l_PrintAndLog}, | |
424 | {"foobar", l_foobar}, | |
425 | {"ukbhit", l_ukbhit}, | |
426 | {"clearCommandBuffer", l_clearCommandBuffer}, | |
427 | {"console", l_CmdConsole}, | |
428 | {"iso15693_crc", l_iso15693_crc}, | |
429 | {"aes128_decrypt", l_aes128decrypt_cbc}, | |
430 | {"aes128_decrypt_ecb", l_aes128decrypt_ecb}, | |
431 | {"aes128_encrypt", l_aes128encrypt_cbc}, | |
432 | {"aes128_encrypt_ecb", l_aes128encrypt_ecb}, | |
433 | {"crc16", l_crc16}, | |
434 | {"crc64", l_crc64}, | |
435 | {"sha1", l_sha1}, | |
436 | {NULL, NULL} | |
437 | }; | |
438 | ||
439 | lua_pushglobaltable(L); | |
440 | // Core library is in this table. Contains ' | |
441 | //this is 'pm3' table | |
442 | lua_newtable(L); | |
443 | ||
444 | //Put the function into the hash table. | |
445 | for (int i = 0; libs[i].name; i++) { | |
446 | lua_pushcfunction(L, libs[i].func); | |
447 | lua_setfield(L, -2, libs[i].name);//set the name, pop stack | |
448 | } | |
449 | //Name of 'core' | |
450 | lua_setfield(L, -2, "core"); | |
451 | ||
452 | //-- remove the global environment table from the stack | |
453 | lua_pop(L, 1); | |
454 | ||
455 | //-- Last but not least, add to the LUA_PATH (package.path in lua) | |
456 | // so we can load libraries from the ./lualib/ - directory | |
457 | setLuaPath(L,"./lualibs/?.lua"); | |
458 | ||
459 | return 1; | |
460 | } |