//-----------------------------------------------------------------------------
// Copyright (C) 2013 m h swende <martin at swende.se>
+// Modified 2015,2016, iceman
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
//-----------------------------------------------------------------------------
// Some lua scripting glue to proxmark core.
//-----------------------------------------------------------------------------
-
-#include <lua.h>
-#include <lualib.h>
-#include <lauxlib.h>
-#include "proxmark3.h"
-#include "usb_cmd.h"
-#include "cmdmain.h"
#include "scripting.h"
-#include "util.h"
-#include "nonce2key/nonce2key.h"
-#include "../common/iso15693tools.h"
-#include <openssl/aes.h>
-#include "../common/crc16.h"
+
/**
* The following params expected:
* UsbCommand c
const char *data = luaL_checklstring(L, 1, &size);
if(size != sizeof(UsbCommand))
{
- printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
+ printf("Got data size %d, expected %d" , (int) size,(int) sizeof(UsbCommand));
lua_pushstring(L,"Wrong data size");
return 1;
}
-// UsbCommand c = (*data);
SendCommand((UsbCommand* )data);
return 0; // no return values
}
}
UsbCommand response;
-
if(WaitForResponseTimeout(cmd, &response, ms_timeout))
{
//Push it as a string
- lua_pushlstring(L,(const char *)&response,sizeof(UsbCommand));
+ lua_pushlstring(L,(const char *)&response, sizeof(UsbCommand));
return 1;// return 1 to signal one return value
}else{
//Push the retval on the stack
lua_pushinteger(L,retval);
-
+
//Push the key onto the stack
uint8_t dest_key[8];
num_to_bytes(key,sizeof(dest_key),dest_key);
printf("foobar called with %d arguments" , n);
lua_settop(L, 0);
printf("Arguments discarded, stack now contains %d elements", lua_gettop(L));
-
+
// todo: this is not used, where was it intended for?
// UsbCommand response = {CMD_MIFARE_READBL, {1337, 1338, 1339}};
-
+
printf("Now returning a uint64_t as a string");
uint64_t x = 0xDEADBEEF;
uint8_t destination[8];
return 1;
}
+static int l_iso14443b_crc(lua_State *L)
+{
+ /* void ComputeCrc14443(int CrcType,
+ const unsigned char *Data, int Length,
+ unsigned char *TransmitFirst,
+ unsigned char *TransmitSecond)
+ */
+ size_t size = 0;
+ const char *data = luaL_checklstring(L, 1, &size);
+
+ unsigned char buf[USB_CMD_DATA_SIZE] = {0x00};
+
+ for (int i = 0; i < size; i += 2)
+ sscanf(&data[i], "%02x", (unsigned int *)&buf[i / 2]);
+
+ size /= 2;
+ ComputeCrc14443(CRC_14443_B, buf, size, &buf[size], &buf[size+1]);
+ lua_pushlstring(L, (const char *)&buf, size+2);
+ return 1;
+}
+
/*
Simple AES 128 cbc hook up to OpenSSL.
params: key, input
*/
-static int l_aes(lua_State *L)
+static int l_aes128decrypt_cbc(lua_State *L)
{
//Check number of arguments
int i;
if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
const char *p_encTxt = luaL_checklstring(L, 2, &size);
-
- unsigned char indata[AES_BLOCK_SIZE] = {0x00};
- unsigned char outdata[AES_BLOCK_SIZE] = {0x00};
- unsigned char aes_key[AES_BLOCK_SIZE] = {0x00};
- unsigned char iv[AES_BLOCK_SIZE] = {0x00};
-
- // convert key to bytearray
+
+ unsigned char indata[16] = {0x00};
+ unsigned char outdata[16] = {0x00};
+ unsigned char aes_key[16] = {0x00};
+ unsigned char iv[16] = {0x00};
+
+ // convert key to bytearray and convert input to bytearray
for (i = 0; i < 32; i += 2) {
sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
+ sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
}
-
- // convert input to bytearray
+
+ aes_context ctx;
+ aes_init(&ctx);
+ aes_setkey_dec(&ctx, aes_key, 128);
+ aes_crypt_cbc(&ctx, AES_DECRYPT, sizeof(indata), iv, indata, outdata );
+ //Push decrypted array as a string
+ lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
+ return 1;// return 1 to signal one return value
+}
+static int l_aes128decrypt_ecb(lua_State *L)
+{
+ //Check number of arguments
+ int i;
+ size_t size;
+ const char *p_key = luaL_checklstring(L, 1, &size);
+ if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
+
+ const char *p_encTxt = luaL_checklstring(L, 2, &size);
+
+ unsigned char indata[16] = {0x00};
+ unsigned char outdata[16] = {0x00};
+ unsigned char aes_key[16] = {0x00};
+
+ // convert key to bytearray and convert input to bytearray
for (i = 0; i < 32; i += 2) {
+ sscanf(&p_encTxt[i], "%02x", (unsigned int *)&indata[i / 2]);
sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
}
-
- AES_KEY key;
- AES_set_decrypt_key(aes_key, 128, &key);
- AES_cbc_encrypt(indata, outdata, sizeof(indata), &key, iv, AES_DECRYPT);
+ aes_context ctx;
+ aes_init(&ctx);
+ aes_setkey_dec(&ctx, aes_key, 128);
+ aes_crypt_ecb(&ctx, AES_DECRYPT, indata, outdata );
//Push decrypted array as a string
lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
return 1;// return 1 to signal one return value
}
+static int l_aes128encrypt_cbc(lua_State *L)
+{
+ //Check number of arguments
+ int i;
+ size_t size;
+ const char *p_key = luaL_checklstring(L, 1, &size);
+ if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
+
+ const char *p_txt = luaL_checklstring(L, 2, &size);
+
+ unsigned char indata[16] = {0x00};
+ unsigned char outdata[16] = {0x00};
+ unsigned char aes_key[16] = {0x00};
+ unsigned char iv[16] = {0x00};
+
+ for (i = 0; i < 32; i += 2) {
+ sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
+ sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
+ }
+
+ aes_context ctx;
+ aes_init(&ctx);
+ aes_setkey_enc(&ctx, aes_key, 128);
+ aes_crypt_cbc(&ctx, AES_ENCRYPT, sizeof(indata), iv, indata, outdata );
+ //Push encrypted array as a string
+ lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
+ return 1;// return 1 to signal one return value
+}
+
+static int l_aes128encrypt_ecb(lua_State *L)
+{
+ //Check number of arguments
+ int i;
+ size_t size;
+ const char *p_key = luaL_checklstring(L, 1, &size);
+ if(size != 32) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 32", (int) size);
+
+ const char *p_txt = luaL_checklstring(L, 2, &size);
+
+ unsigned char indata[16] = {0x00};
+ unsigned char outdata[16] = {0x00};
+ unsigned char aes_key[16] = {0x00};
+
+ for (i = 0; i < 32; i += 2) {
+ sscanf(&p_txt[i], "%02x", (unsigned int *)&indata[i / 2]);
+ sscanf(&p_key[i], "%02x", (unsigned int *)&aes_key[i / 2]);
+ }
+ aes_context ctx;
+ aes_init(&ctx);
+ aes_setkey_enc(&ctx, aes_key, 128);
+ aes_crypt_ecb(&ctx, AES_ENCRYPT, indata, outdata );
+ //Push encrypted array as a string
+ lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
+ return 1;// return 1 to signal one return value
+}
+
+static int l_crc8legic(lua_State *L)
+{
+ size_t size;
+ const char *p_str = luaL_checklstring(L, 1, &size);
+
+ uint16_t retval = CRC8Legic( (uint8_t*) p_str, size);
+ lua_pushinteger(L, (int) retval);
+ return 1;
+}
+
static int l_crc16(lua_State *L)
{
size_t size;
const char *p_str = luaL_checklstring(L, 1, &size);
-
- unsigned short retval = crc16_ccitt( p_str, size);
+
+ uint16_t retval = crc16_ccitt( (uint8_t*) p_str, size);
lua_pushinteger(L, (int) retval);
return 1;
}
+static int l_crc64(lua_State *L)
+{
+ size_t size;
+ uint64_t crc = 0;
+ unsigned char outdata[8] = {0x00};
+
+ const char *p_str = luaL_checklstring(L, 1, &size);
+
+ crc64( (uint8_t*) p_str, size, &crc);
+
+ outdata[0] = (uint8_t)(crc >> 56) & 0xff;
+ outdata[1] = (uint8_t)(crc >> 48) & 0xff;
+ outdata[2] = (uint8_t)(crc >> 40) & 0xff;
+ outdata[3] = (uint8_t)(crc >> 32) & 0xff;
+ outdata[4] = (uint8_t)(crc >> 24) & 0xff;
+ outdata[5] = (uint8_t)(crc >> 16) & 0xff;
+ outdata[6] = (uint8_t)(crc >> 8) & 0xff;
+ outdata[7] = crc & 0xff;
+ lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
+ return 1;
+}
+
+static int l_sha1(lua_State *L)
+{
+ size_t size;
+ const char *p_str = luaL_checklstring(L, 1, &size);
+ unsigned char outdata[20] = {0x00};
+ sha1( (uint8_t*) p_str, size, outdata);
+ lua_pushlstring(L,(const char *)&outdata, sizeof(outdata));
+ return 1;
+}
+
+static int l_reveng_models(lua_State *L){
+
+ // This array needs to be adjusted if RevEng adds more crc-models.
+ char *models[100];
+ int count = 0;
+ int in_width = luaL_checkinteger(L, 1);
+
+ if( in_width > 89 ) return returnToLuaWithError(L,"Width cannot exceed 89, got %d", in_width);
+
+ // This array needs to be adjusted if RevEng adds more crc-models.
+ uint8_t width[100];
+ width[0] = (uint8_t)in_width;
+ int ans = GetModels(models, &count, width);
+ if (!ans) return 0;
+
+ lua_newtable(L);
+
+ for (int i = 0; i < count; i++){
+ lua_pushstring(L, (const char*)models[i]);
+ lua_rawseti(L,-2,i+1);
+ free(models[i]);
+ }
+
+ return 1;
+}
+
+//Called with 4 parameters.
+// inModel ,string containing the crc model name: 'CRC-8'
+// inHexStr ,string containing the hex representation of the data that will be used for CRC calculations.
+// reverse ,int 0/1 (bool) if 1, calculate the reverse CRC
+// endian ,char, 'B','b','L','l','t','r' describing if Big-Endian or Little-Endian should be used in different combinations.
+//
+// outputs: string with hex representation of the CRC result
+static int l_reveng_RunModel(lua_State *L){
+ //-c || -v
+ //inModel = valid model name string - CRC-8
+ //inHexStr = input hex string to calculate crc on
+ //reverse = reverse calc option if true
+ //endian = {0 = calc default endian input and output, b = big endian input and output, B = big endian output, r = right justified
+ // l = little endian input and output, L = little endian output only, t = left justified}
+ //result = calculated crc hex string
+ char result[50];
+
+ const char *inModel = luaL_checkstring(L, 1);
+ const char *inHexStr = luaL_checkstring(L, 2);
+ bool reverse = lua_toboolean(L, 3);
+ const char endian = luaL_checkstring(L, 4)[0];
+
+ //PrintAndLog("mod: %s, hex: %s, rev %d", inModel, inHexStr, reverse);
+ // int RunModel(char *inModel, char *inHexStr, bool reverse, char endian, char *result)
+ int ans = RunModel( (char *)inModel, (char *)inHexStr, reverse, endian, result);
+ if (!ans)
+ return returnToLuaWithError(L,"Reveng failed");
+
+ lua_pushstring(L, (const char*)result);
+ return 1;
+}
+
+static int l_hardnested(lua_State *L){
+
+ bool haveTarget = TRUE;
+ size_t size;
+ const char *p_blockno = luaL_checklstring(L, 1, &size);
+ if(size != 2) return returnToLuaWithError(L,"Wrong size of blockNo, got %d bytes, expected 2", (int) size);
+
+ const char *p_keytype = luaL_checklstring(L, 2, &size);
+ if(size != 1) return returnToLuaWithError(L,"Wrong size of keyType, got %d bytes, expected 1", (int) size);
+
+ const char *p_key = luaL_checklstring(L, 3, &size);
+ if(size != 12) return returnToLuaWithError(L,"Wrong size of key, got %d bytes, expected 12", (int) size);
+
+ const char *p_trg_blockno = luaL_checklstring(L, 4, &size);
+ if(size != 2) return returnToLuaWithError(L,"Wrong size of trgBlockNo, got %d bytes, expected 2", (int) size);
+
+ const char *p_trg_keytype = luaL_checklstring(L, 5, &size);
+ if(size != 1) return returnToLuaWithError(L,"Wrong size of trgKeyType, got %d bytes, expected 1", (int) size);
+
+ const char *p_trgkey = luaL_checklstring(L, 6, &size);
+ if(size != 12)
+ haveTarget = FALSE;
+
+ const char *p_nonce_file_read = luaL_checklstring(L, 7, &size);
+ if(size != 1) return returnToLuaWithError(L,"Wrong size of nonce_file_read, got %d bytes, expected 1", (int) size);
+
+ const char *p_nonce_file_write = luaL_checklstring(L, 8, &size);
+ if(size != 1) return returnToLuaWithError(L,"Wrong size of nonce_file_write, got %d bytes, expected 1", (int) size);
+
+ const char *p_slow = luaL_checklstring(L, 9, &size);
+ if(size != 1) return returnToLuaWithError(L,"Wrong size of slow, got %d bytes, expected 1", (int) size);
+
+ const char *p_tests = luaL_checklstring(L, 10, &size);
+ if(size != 1) return returnToLuaWithError(L,"Wrong size of tests, got %d bytes, expected 1", (int) size);
+
+ uint32_t blockNo = 0, keyType = 0;
+ uint32_t trgBlockNo = 0, trgKeyType = 0;
+ uint32_t slow = 0, tests = 0;
+ uint32_t nonce_file_read = 0, nonce_file_write = 0;
+
+ sscanf(p_blockno, "%02x", &blockNo);
+ sscanf(p_keytype, "%x", &keyType);
+ sscanf(p_trg_blockno, "%02x", &trgBlockNo);
+ sscanf(p_trg_keytype, "%x", &trgKeyType);
+ sscanf(p_nonce_file_read, "%x", &nonce_file_read);
+ sscanf(p_nonce_file_write, "%x", &nonce_file_write);
+
+ sscanf(p_slow, "%x", &slow);
+ sscanf(p_tests, "%x", &tests);
+
+ uint8_t key[6] = {0,0,0,0,0,0};
+ uint8_t trgkey[6] = {0,0,0,0,0,0};
+ for (int i = 0; i < 32; i += 2) {
+ sscanf(&p_key[i], "%02x", (unsigned int *)&key[i / 2]);
+ if (haveTarget)
+ sscanf(&p_trgkey[i], "%02x", (unsigned int *)&trgkey[i / 2]);
+ }
+
+ uint64_t foundkey = 0;
+ int retval = mfnestedhard(blockNo, keyType, key, trgBlockNo, trgKeyType, haveTarget ? trgkey : NULL, nonce_file_read, nonce_file_write, slow, tests, &foundkey);
+
+ //Push the retval on the stack
+ lua_pushinteger(L,retval);
+
+ //Push the key onto the stack
+ uint8_t dest_key[6];
+ num_to_bytes(foundkey, sizeof(dest_key), dest_key);
+
+ //printf("Pushing to lua stack: %012"llx"\n",key);
+ lua_pushlstring(L, (const char *) dest_key, sizeof(dest_key));
+ return 2; //Two return values
+}
+
/**
* @brief Sets the lua path to include "./lualibs/?.lua", in order for a script to be
* able to do "require('foobar')" if foobar.lua is within lualibs folder.
lua_pushstring( L, buf ); // push the new one
lua_setfield( L, -2, "path" ); // set the field "path" in table at -2 with value at top of stack
lua_pop( L, 1 ); // get rid of package table from top of stack
- return 0; // all done!
+ free(buf);
+ return 0; // all done!
}
-
int set_pm3_libraries(lua_State *L)
{
-
static const luaL_Reg libs[] = {
{"SendCommand", l_SendCommand},
{"WaitForResponseTimeout", l_WaitForResponseTimeout},
{"foobar", l_foobar},
{"ukbhit", l_ukbhit},
{"clearCommandBuffer", l_clearCommandBuffer},
- {"console", l_CmdConsole},
- {"iso15693_crc", l_iso15693_crc},
- {"aes", l_aes},
+ {"console", l_CmdConsole},
+ {"iso15693_crc", l_iso15693_crc},
+ {"iso14443b_crc", l_iso14443b_crc},
+ {"aes128_decrypt", l_aes128decrypt_cbc},
+ {"aes128_decrypt_ecb", l_aes128decrypt_ecb},
+ {"aes128_encrypt", l_aes128encrypt_cbc},
+ {"aes128_encrypt_ecb", l_aes128encrypt_ecb},
+ {"crc8legic", l_crc8legic},
{"crc16", l_crc16},
+ {"crc64", l_crc64},
+ {"sha1", l_sha1},
+ {"reveng_models", l_reveng_models},
+ {"reveng_runmodel", l_reveng_RunModel},
+ {"hardnested", l_hardnested},
{NULL, NULL}
};