]> cvs.zerfleddert.de Git - proxmark3-svn/blob - client/scripting.c
CHG: Now it prints the correct UID bytes etc.
[proxmark3-svn] / client / scripting.c
1 //-----------------------------------------------------------------------------
2 // Copyright (C) 2013 m h swende <martin at swende.se>
3 // Modified 2015,2016, iceman
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // Some lua scripting glue to proxmark core.
10 //-----------------------------------------------------------------------------
11 #include "scripting.h"
12
13 /**
14 * The following params expected:
15 * UsbCommand c
16 *@brief l_SendCommand
17 * @param L
18 * @return
19 */
20 static int l_SendCommand(lua_State *L){
21
22 /*
23 *
24 The SendCommand (native) expects the following structure:
25
26 typedef struct {
27 uint64_t cmd; //8 bytes
28 uint64_t arg[3]; // 8*3 bytes = 24 bytes
29 union {
30 uint8_t asBytes[USB_CMD_DATA_SIZE]; // 1 byte * 512 = 512 bytes (OR)
31 uint32_t asDwords[USB_CMD_DATA_SIZE/4]; // 4 byte * 128 = 512 bytes
32 } d;
33 } PACKED UsbCommand;
34
35 ==> A 544 byte buffer will do.
36 **/
37 //Pop cmd
38 size_t size;
39 const char *data = luaL_checklstring(L, 1, &size);
40 if(size != sizeof(UsbCommand))
41 {
42 printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
43 lua_pushstring(L,"Wrong data size");
44 return 1;
45 }
46
47 SendCommand((UsbCommand* )data);
48 return 0; // no return values
49 }
50 /**
51 * @brief The following params expected:
52 * uint32_t cmd
53 * size_t ms_timeout
54 * @param L
55 * @return
56 */
57 static int l_WaitForResponseTimeout(lua_State *L){
58
59 uint32_t cmd = 0;
60 size_t ms_timeout = -1;
61
62 //Check number of arguments
63 int n = lua_gettop(L);
64 if(n == 0)
65 {
66 //signal error by returning Nil, errorstring
67 lua_pushnil(L);
68 lua_pushstring(L,"You need to supply at least command to wait for");
69 return 2; // two return values
70 }
71 if(n >= 1)
72 {
73 //pop cmd
74 cmd = luaL_checkunsigned(L,1);
75 }
76 if(n >= 2)
77 {
78 //Did the user send a timeout ?
79 //Check if the current top of stack is an integer
80 ms_timeout = luaL_checkunsigned(L,2);
81 //printf("Timeout set to %dms\n" , (int) ms_timeout);
82 }
83
84 UsbCommand response;
85 if(WaitForResponseTimeout(cmd, &response, ms_timeout))
86 {
87 //Push it as a string
88 lua_pushlstring(L,(const char *)&response, sizeof(UsbCommand));
89
90 return 1;// return 1 to signal one return value
91 }else{
92 //Push a Nil instead
93 lua_pushnil(L);
94 return 1;// one return value
95 }
96 }
97
98 static int returnToLuaWithError(lua_State *L, const char* fmt, ...)
99 {
100 char buffer[200];
101 va_list args;
102 va_start(args,fmt);
103 vsnprintf(buffer, sizeof(buffer), fmt,args);
104 va_end(args);
105
106 lua_pushnil(L);
107 lua_pushstring(L,buffer);
108 return 2;
109 }
110
111 static int l_nonce2key(lua_State *L){
112
113 size_t size;
114 const char *p_uid = luaL_checklstring(L, 1, &size);
115 if(size != 4) return returnToLuaWithError(L,"Wrong size of uid, got %d bytes, expected 4", (int) size);
116
117 const char *p_nt = luaL_checklstring(L, 2, &size);
118 if(size != 4) return returnToLuaWithError(L,"Wrong size of nt, got %d bytes, expected 4", (int) size);
119
120 const char *p_nr = luaL_checklstring(L, 3, &size);
121 if(size != 4) return returnToLuaWithError(L,"Wrong size of nr, got %d bytes, expected 4", (int) size);
122
123 const char *p_par_info = luaL_checklstring(L, 4, &size);
124 if(size != 8) return returnToLuaWithError(L,"Wrong size of par_info, got %d bytes, expected 8", (int) size);
125
126 const char *p_pks_info = luaL_checklstring(L, 5, &size);
127 if(size != 8) return returnToLuaWithError(L,"Wrong size of ks_info, got %d bytes, expected 8", (int) size);
128
129
130 uint32_t uid = bytes_to_num(( uint8_t *)p_uid,4);
131 uint32_t nt = bytes_to_num(( uint8_t *)p_nt,4);
132
133 uint32_t nr = bytes_to_num(( uint8_t*)p_nr,4);
134 uint64_t par_info = bytes_to_num(( uint8_t *)p_par_info,8);
135 uint64_t ks_info = bytes_to_num(( uint8_t *)p_pks_info,8);
136
137 uint64_t key = 0;
138
139 int retval = nonce2key(uid,nt, nr, par_info,ks_info, &key);
140
141 //Push the retval on the stack
142 lua_pushinteger(L,retval);
143
144 //Push the key onto the stack
145 uint8_t dest_key[8];
146 num_to_bytes(key,sizeof(dest_key),dest_key);
147
148 //printf("Pushing to lua stack: %012"llx"\n",key);
149 lua_pushlstring(L,(const char *) dest_key,sizeof(dest_key));
150
151 return 2; //Two return values
152 }
153 //static int l_PrintAndLog(lua_State *L){ return CmdHF14AMfDump(luaL_checkstring(L, 1));}
154 static int l_clearCommandBuffer(lua_State *L){
155 clearCommandBuffer();
156 return 0;
157 }
158 /**
159 * @brief l_foobar is a dummy function to test lua-integration with
160 * @param L
161 * @return
162 */
163 static int l_foobar(lua_State *L)
164 {
165 //Check number of arguments
166 int n = lua_gettop(L);
167 printf("foobar called with %d arguments" , n);
168 lua_settop(L, 0);
169 printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));
170
171 // todo: this is not used, where was it intended for?
172 // UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}};
173
174 printf("Now returning a uint64_t as a string");
175 uint64_t x = 0xDEADBEEF;
176 uint8_t destination[8];
177 num_to_bytes(x,sizeof(x),destination);
178 lua_pushlstring(L,(const char *)&x,sizeof(x));
179 lua_pushlstring(L,(const char *)destination,sizeof(destination));
180
181 return 2;
182 }
183
184
185 /**
186 * @brief Utility to check if a key has been pressed by the user. This method does not block.
187 * @param L
188 * @return boolean, true if kbhit, false otherwise.
189 */
190 static int l_ukbhit(lua_State *L)
191 {
192 lua_pushboolean(L,ukbhit() ? true : false);
193 return 1;
194 }
195 /**
196 * @brief Calls the command line parser to deal with the command. This enables
197 * lua-scripts to do stuff like "core.console('hf mf mifare')"
198 * @param L
199 * @return
200 */
201 static int l_CmdConsole(lua_State *L)
202 {
203 CommandReceived((char *)luaL_checkstring(L, 1));
204 return 0;
205 }
206
207 static int l_iso15693_crc(lua_State *L)
208 {
209 // uint16_t Iso15693Crc(uint8_t *v, int n);
210 size_t size;
211 const char *v = luaL_checklstring(L, 1, &size);
212 uint16_t retval = Iso15693Crc((uint8_t *) v, size);
213 lua_pushinteger(L, (int) retval);
214 return 1;
215 }
216
217 static int l_iso14443b_crc(lua_State *L)
218 {
219 /* void ComputeCrc14443(int CrcType,
220 const unsigned char *Data, int Length,
221 unsigned char *TransmitFirst,
222 unsigned char *TransmitSecond)
223 */
224 size_t size = 0;
225 const char *data = luaL_checklstring(L, 1, &size);
226
227 unsigned char buf[USB_CMD_DATA_SIZE] = {0x00};
228
229 for (int i = 0; i < size; i += 2)
230 sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
231
232 size /= 2;
233 ComputeCrc14443(CRC_14443_B, buf, size, &buf[size], &buf[size+1]);
234 lua_pushlstring(L, (const char *)&buf, size+2);
235 return 1;
236 }
237
238 /*
239 Simple AES 128 cbc hook up to OpenSSL.
240 params: key, input
241 */
242 static int l_aes128decrypt_cbc(lua_State *L)
243 {
244 //Check number of arguments
245 int i;
246 size_t size;
247 const char *p_key = luaL_checklstring(L, 1, &size);
248 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
249
250 const char *p_encTxt = luaL_checklstring(L, 2, &size);
251
252 unsigned char indata[16] = {0x00};
253 unsigned char outdata[16] = {0x00};
254 unsigned char aes_key[16] = {0x00};
255 unsigned char iv[16] = {0x00};
256
257 // convert key to bytearray and convert input to bytearray
258 for (i = 0; i < 32; i += 2) {
259 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
260 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
261 }
262
263 aes_context ctx;
264 aes_init(&ctx);
265 aes_setkey_dec(&ctx, aes_key, 128);
266 aes_crypt_cbc(&ctx, AES_DECRYPT, sizeof(indata), iv, indata, outdata );
267 //Push decrypted array as a string
268 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
269 return 1;// return 1 to signal one return value
270 }
271 static int l_aes128decrypt_ecb(lua_State *L)
272 {
273 //Check number of arguments
274 int i;
275 size_t size;
276 const char *p_key = luaL_checklstring(L, 1, &size);
277 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
278
279 const char *p_encTxt = luaL_checklstring(L, 2, &size);
280
281 unsigned char indata[16] = {0x00};
282 unsigned char outdata[16] = {0x00};
283 unsigned char aes_key[16] = {0x00};
284
285 // convert key to bytearray and convert input to bytearray
286 for (i = 0; i < 32; i += 2) {
287 sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
288 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
289 }
290 aes_context ctx;
291 aes_init(&ctx);
292 aes_setkey_dec(&ctx, aes_key, 128);
293 aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );
294
295 //Push decrypted array as a string
296 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
297 return 1;// return 1 to signal one return value
298 }
299
300 static int l_aes128encrypt_cbc(lua_State *L)
301 {
302 //Check number of arguments
303 int i;
304 size_t size;
305 const char *p_key = luaL_checklstring(L, 1, &size);
306 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
307
308 const char *p_txt = luaL_checklstring(L, 2, &size);
309
310 unsigned char indata[16] = {0x00};
311 unsigned char outdata[16] = {0x00};
312 unsigned char aes_key[16] = {0x00};
313 unsigned char iv[16] = {0x00};
314
315 for (i = 0; i < 32; i += 2) {
316 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
317 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
318 }
319
320 aes_context ctx;
321 aes_init(&ctx);
322 aes_setkey_enc(&ctx, aes_key, 128);
323 aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
324 //Push encrypted array as a string
325 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
326 return 1;// return 1 to signal one return value
327 }
328
329 static int l_aes128encrypt_ecb(lua_State *L)
330 {
331 //Check number of arguments
332 int i;
333 size_t size;
334 const char *p_key = luaL_checklstring(L, 1, &size);
335 if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
336
337 const char *p_txt = luaL_checklstring(L, 2, &size);
338
339 unsigned char indata[16] = {0x00};
340 unsigned char outdata[16] = {0x00};
341 unsigned char aes_key[16] = {0x00};
342
343 for (i = 0; i < 32; i += 2) {
344 sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
345 sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
346 }
347 aes_context ctx;
348 aes_init(&ctx);
349 aes_setkey_enc(&ctx, aes_key, 128);
350 aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
351 //Push encrypted array as a string
352 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
353 return 1;// return 1 to signal one return value
354 }
355
356 static int l_crc8legic(lua_State *L)
357 {
358 size_t size;
359 const char *p_str = luaL_checklstring(L, 1, &size);
360
361 uint16_t retval = CRC8Legic( (uint8_t*) p_str, size);
362 lua_pushinteger(L, (int) retval);
363 return 1;
364 }
365
366 static int l_crc16(lua_State *L)
367 {
368 size_t size;
369 const char *p_str = luaL_checklstring(L, 1, &size);
370
371 uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
372 lua_pushinteger(L, (int) retval);
373 return 1;
374 }
375
376 static int l_crc64(lua_State *L)
377 {
378 size_t size;
379 uint64_t crc = 0;
380 unsigned char outdata[8] = {0x00};
381
382 const char *p_str = luaL_checklstring(L, 1, &size);
383
384 crc64( (uint8_t*) p_str, size, &crc);
385
386 outdata[0] = (uint8_t)(crc >> 56) & 0xff;
387 outdata[1] = (uint8_t)(crc >> 48) & 0xff;
388 outdata[2] = (uint8_t)(crc >> 40) & 0xff;
389 outdata[3] = (uint8_t)(crc >> 32) & 0xff;
390 outdata[4] = (uint8_t)(crc >> 24) & 0xff;
391 outdata[5] = (uint8_t)(crc >> 16) & 0xff;
392 outdata[6] = (uint8_t)(crc >> 8) & 0xff;
393 outdata[7] = crc & 0xff;
394 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
395 return 1;
396 }
397
398 static int l_sha1(lua_State *L)
399 {
400 size_t size;
401 const char *p_str = luaL_checklstring(L, 1, &size);
402 unsigned char outdata[20] = {0x00};
403 sha1( (uint8_t*) p_str, size, outdata);
404 lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
405 return 1;
406 }
407
408 static int l_reveng_models(lua_State *L){
409
410 // This array needs to be adjusted if RevEng adds more crc-models.
411 char *models[100];
412 int count = 0;
413 int in_width = luaL_checkinteger(L, 1);
414
415 if( in_width > 89 ) return returnToLuaWithError(L,"Width cannot exceed 89, got %d", in_width);
416
417 // This array needs to be adjusted if RevEng adds more crc-models.
418 uint8_t width[100];
419 width[0] = (uint8_t)in_width;
420 int ans = GetModels(models, &count, width);
421 if (!ans) return 0;
422
423 lua_newtable(L);
424
425 for (int i = 0; i < count; i++){
426 lua_pushstring(L, (const char*)models[i]);
427 lua_rawseti(L,-2,i+1);
428 free(models[i]);
429 }
430
431 return 1;
432 }
433
434 //Called with 4 parameters.
435 // inModel ,string containing the crc model name: 'CRC-8'
436 // inHexStr ,string containing the hex representation of the data that will be used for CRC calculations.
437 // reverse ,int 0/1 (bool) if 1, calculate the reverse CRC
438 // endian ,char, 'B','b','L','l','t','r' describing if Big-Endian or Little-Endian should be used in different combinations.
439 //
440 // outputs: string with hex representation of the CRC result
441 static int l_reveng_RunModel(lua_State *L){
442 //-c || -v
443 //inModel = valid model name string - CRC-8
444 //inHexStr = input hex string to calculate crc on
445 //reverse = reverse calc option if true
446 //endian = {0 = calc default endian input and output, b = big endian input and output, B = big endian output, r = right justified
447 // l = little endian input and output, L = little endian output only, t = left justified}
448 //result = calculated crc hex string
449 char result[50];
450
451 const char *inModel = luaL_checkstring(L, 1);
452 const char *inHexStr = luaL_checkstring(L, 2);
453 bool reverse = lua_toboolean(L, 3);
454 const char endian = luaL_checkstring(L, 4)[0];
455
456 //PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse);
457 // int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result)
458 int ans = RunModel( (char *)inModel, (char *)inHexStr, reverse, endian, result);
459 if (!ans)
460 return returnToLuaWithError(L,"Reveng failed");
461
462 lua_pushstring(L, (const char*)result);
463 return 1;
464 }
465
466 /**
467 * @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
468 * able to do "require('foobar')" if foobar.lua is within lualibs folder.
469 * Taken from http://stackoverflow.com/questions/4125971/setting-the-global-lua-path-variable-from-c-c
470 * @param L
471 * @param path
472 * @return
473 */
474 int setLuaPath( lua_State* L, const char* path )
475 {
476 lua_getglobal( L, "package" );
477 lua_getfield( L, -1, "path" ); // get field "path" from table at top of stack (-1)
478 const char* cur_path = lua_tostring( L, -1 ); // grab path string from top of stack
479 int requiredLength = strlen(cur_path)+ strlen(path)+10; //A few bytes too many, whatever we can afford it
480 char * buf = malloc(requiredLength);
481 snprintf(buf, requiredLength, "%s;%s", cur_path, path);
482 lua_pop( L, 1 ); // get rid of the string on the stack we just pushed on line 5
483 lua_pushstring( L, buf ); // push the new one
484 lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
485 lua_pop( L, 1 ); // get rid of package table from top of stack
486 free(buf);
487 return 0; // all done!
488 }
489
490 int set_pm3_libraries(lua_State *L)
491 {
492
493 static const luaL_Reg libs[] = {
494 {"SendCommand", l_SendCommand},
495 {"WaitForResponseTimeout", l_WaitForResponseTimeout},
496 {"nonce2key", l_nonce2key},
497 //{"PrintAndLog", l_PrintAndLog},
498 {"foobar", l_foobar},
499 {"ukbhit", l_ukbhit},
500 {"clearCommandBuffer", l_clearCommandBuffer},
501 {"console", l_CmdConsole},
502 {"iso15693_crc", l_iso15693_crc},
503 {"iso14443b_crc", l_iso14443b_crc},
504 {"aes128_decrypt", l_aes128decrypt_cbc},
505 {"aes128_decrypt_ecb", l_aes128decrypt_ecb},
506 {"aes128_encrypt", l_aes128encrypt_cbc},
507 {"aes128_encrypt_ecb", l_aes128encrypt_ecb},
508 {"crc8legic", l_crc8legic},
509 {"crc16", l_crc16},
510 {"crc64", l_crc64},
511 {"sha1", l_sha1},
512 {"reveng_models", l_reveng_models},
513 {"reveng_runmodel", l_reveng_RunModel},
514 {NULL, NULL}
515 };
516
517 lua_pushglobaltable(L);
518 // Core library is in this table. Contains '
519 //this is 'pm3' table
520 lua_newtable(L);
521
522 //Put the function into the hash table.
523 for (int i = 0; libs[i].name; i++) {
524 lua_pushcfunction(L, libs[i].func);
525 lua_setfield(L, -2, libs[i].name);//set the name, pop stack
526 }
527 //Name of 'core'
528 lua_setfield(L, -2, "core");
529
530 //-- remove the global environment table from the stack
531 lua_pop(L, 1);
532
533 //-- Last but not least, add to the LUA_PATH (package.path in lua)
534 // so we can load libraries from the ./lualib/ - directory
535 setLuaPath(L,"./lualibs/?.lua");
536
537 return 1;
538 }
Impressum, Datenschutz