X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/04a6113fb50c7436995b5bfc0cddbbed8ec5699d..7142c87e1fcff2fbf442fc8eab3d52adda7098b7:/client/scripts/tnp3sim.lua diff --git a/client/scripts/tnp3sim.lua b/client/scripts/tnp3sim.lua index c7c66371..4e10eb75 100644 --- a/client/scripts/tnp3sim.lua +++ b/client/scripts/tnp3sim.lua @@ -4,7 +4,7 @@ local bin = require('bin') local lib14a = require('read14a') local utils = require('utils') local md5 = require('md5') -local toyNames = require('default_toys') +local toys = require('default_toys') example =[[ 1. script run tnp3sim @@ -23,10 +23,22 @@ Arguments: -h : this help -m : Maxed out items (experimental) -i : filename for the datadump to read (bin) -]] + + ]] local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds local DEBUG = false -- the debug flag +local RANDOM = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20' + +local band = bit32.band +local bor = bit32.bor +local lshift = bit32.lshift +local rshift = bit32.rshift +local byte = string.byte +local char = string.char +local sub = string.sub +local format = string.format + local band = bit32.band @@ -197,8 +209,6 @@ local function ValidateCheckSums(blocks) io.write( ('TYPE 3 area 2: %04x = %04x -- %s\n'):format(crc,calc,isOk)) end -local function LoadEmulator(blocks) - local HASHCONSTANT = '20436F707972696768742028432920323031302041637469766973696F6E2E20416C6C205269676874732052657365727665642E20' local cmd local blockdata for _,b in pairs(blocks) do @@ -207,10 +217,10 @@ local function LoadEmulator(blocks) if _%4 ~= 3 then if (_ >= 8 and _<=21) or (_ >= 36 and _<=49) then - local base = ('%s%s%02x%s'):format(blocks[0], blocks[1], _ , HASHCONSTANT) + local base = ('%s%s%02x%s'):format(blocks[0], blocks[1], _ , RANDOM) local baseStr = utils.ConvertHexToAscii(base) local key = md5.sumhexa(baseStr) - local enc = core.aes(key, blockdata) + local enc = core.aes128_encrypt(key, blockdata) local hex = utils.ConvertAsciiToBytes(enc) hex = utils.ConvertBytesToHex(hex) @@ -302,25 +312,25 @@ function DivideByK(msw, lsw) remainder = num % RADIX return remainder, highLSW, lowLSW - uint num = 0 | (msw >> 16) & 0xffff; + -- uint num = 0 | (msw >> 16) & 0xffff; - highLSW = 0 | (num / RADIX) << 16; - remainder = num % RADIX; + -- highLSW = 0 | (num / RADIX) << 16; + -- remainder = num % RADIX; - num = (remainder << 16) | (msw & 0xffff); + -- num = (remainder << 16) | (msw & 0xffff); - highLSW |= num / RADIX; - remainder = num % RADIX; + -- highLSW |= num / RADIX; + -- remainder = num % RADIX; - num = (remainder << 16) | ((lsw >> 16) & 0xffff); + -- num = (remainder << 16) | ((lsw >> 16) & 0xffff); - lowLSW = 0 | (num / RADIX) << 16; - remainder = num % RADIX; + -- lowLSW = 0 | (num / RADIX) << 16; + -- remainder = num % RADIX; - num = (remainder << 16) | (lsw & 0xffff); + -- num = (remainder << 16) | (lsw & 0xffff); - lowLSW |= num / RADIX; - remainder = num % RADIX; + -- lowLSW |= num / RADIX; + -- remainder = num % RADIX; end @@ -346,21 +356,6 @@ local function main(args) local cmdSetDbgOff = "hf mf dbg 0" core.console( cmdSetDbgOff) - -- if not loadFromDump then - -- -- Look for tag present on reader, - -- result, err = lib14a.read1443a(false) - -- if not result then return oops(err) end - - -- core.clearCommandBuffer() - - -- if 0x01 ~= result.sak then -- NXP MIFARE TNP3xxx - -- return oops('This is not a TNP3xxx tag. aborting.') - -- end - - -- -- Show tag info - -- print((' Found tag : %s'):format(result.name)) - -- end - -- Load dump.bin file print( (' Load data from %s'):format(inputTemplate)) hex, err = utils.ReadDumpFile(inputTemplate) @@ -374,7 +369,7 @@ local function main(args) end if DEBUG then - print('Validating checksums in the loaded datadump') + print(' Validating checksums') ValidateCheckSums(blocks) end @@ -382,32 +377,44 @@ local function main(args) print( string.rep('--',20) ) print(' Gathering info') local uid = blocks[0]:sub(1,8) - local itemtype = blocks[1]:sub(1,4) + local toytype = blocks[1]:sub(1,4) local cardidLsw = blocks[1]:sub(9,16) local cardidMsw = blocks[1]:sub(17,24) + local subtype = blocks[1]:sub(25,28) - local itemtypename = toyNames[itemtype] - if itemtypename == nil then - itemtypename = toyNames[utils.SwapEndiannessStr(itemtype,16)] - end - -- Show info print( string.rep('--',20) ) - print( (' ITEM TYPE : 0x%s - %s'):format(itemtype, itemtypename) ) + + local item = toys.Find( toytype, subtype) + if item then + local itemStr = ('%s - %s (%s)'):format(item[6],item[5], item[4]) + print(' ITEM TYPE : '..itemStr ) + else + print( (' ITEM TYPE : 0x%s 0x%s'):format(toytype, subtype) ) + end + print( (' UID : 0x%s'):format(uid) ) print( (' CARDID : 0x%s %s [%s]'):format( cardidMsw,cardidLsw, - Num2Card(cardidMsw, cardidLsw)) + --Num2Card(cardidMsw, cardidLsw)) + '') ) print( string.rep('--',20) ) - -- lets do something. - -- + -- Experience should be: local experience = blocks[8]:sub(1,6) - print(('Experience : %d'):format(utils.SwapEndianness(experience,24))) + print(('Experience : %d'):format(utils.SwapEndianness(experience,16))) + local money = blocks[8]:sub(7,10) print(('Money : %d'):format(utils.SwapEndianness(money,16))) + + -- + + -- Sequence number + local seqnum = blocks[8]:sub(18,19) + print(('Sequence number : %d'):format( tonumber(seqnum,16))) + local fairy = blocks[9]:sub(1,8) --FD0F = Left, FF0F = Right local path = 'not choosen' @@ -420,6 +427,12 @@ local function main(args) local hat = blocks[9]:sub(8,11) print(('Hat : %d'):format(utils.SwapEndianness(hat,16))) + + local level = blocks[13]:sub(27,28) + print(('LEVEL : %d'):format( tonumber(level,16))) + --hälsa: 667 029b + --local health = blocks[]:sub(); + --print(('Health : %d'):format( tonumber(health,16)) --0x0D 0x29 0x0A 0x02 16-bit hero points value. Maximum 100. local heropoints = blocks[13]:sub(20,23) @@ -429,6 +442,11 @@ local function main(args) local challenges = blocks[16]:sub(25,32) print(('Finished hero challenges : %d'):format(utils.SwapEndianness(challenges,32))) + -- Character Name + local name1 = blocks[10]:sub(1,32) + local name2 = blocks[12]:sub(1,32) + print('Custom name : '..utils.ConvertHexToAscii(name1..name2)) + if maxed then print('Lets try to max out some values') -- max out money, experience @@ -466,7 +484,7 @@ local function main(args) err = LoadEmulator(blocks) if err then return oops(err) end core.clearCommandBuffer() - print('The simulation is now prepared.\n --> run \"hf mf sim u '..uid..' x\" <--') + print('The simulation is now prepared.\n --> run \"hf mf sim u '..uid..'\" <--') end end main(args) \ No newline at end of file