Created
July 25, 2021 16:00
-
-
Save bosb/fd9be6ded72d471d1f143ad65c7746b1 to your computer and use it in GitHub Desktop.
Proxmark: Trigger all hitag responses and compute type of hitag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- put in proxmark/client/scripts or ~/.proxmark3/luascripts | |
local utils = require('utils') | |
local getopt = require('getopt') | |
copyright = '' | |
author = 'Thorsten' | |
version = 'v0.0.1' | |
desc = | |
[[ | |
Trigger all HITAG tags | |
]] | |
example = [[ | |
script run hitag | |
]] | |
usage = [[ | |
script run hitag -h | |
Arguments | |
-h - Help text | |
]] | |
--- | |
-- This is only meant to be used when errors occur | |
local function oops(err) | |
print('ERROR:', err) | |
core.clearCommandBuffer() | |
return nil, err | |
end | |
--- | |
-- Usage help | |
local function help() | |
print(copyright) | |
print(author) | |
print(version) | |
print(desc) | |
print('Example usage') | |
print(example) | |
print(usage) | |
end | |
-- | |
function main() | |
-- parse arguments for the script | |
for o, a in getopt.getopt(args, 'h') do | |
if o == 'h' then return help() end | |
end | |
core.clearCommandBuffer() | |
print("---------------------------------------------------------------") | |
print("-- 2:START_AUTH SOF:11111+4byte UID // {s:UID REQUEST Adv (x1100x) SOF:111} - x11000") | |
core.console('lf cmdread d 50 z 116 o 166 c 011000') | |
core.console('data plot') | |
core.console('data ltrim 200') | |
core.console('data norm') | |
print ("++hitag2++") | |
core.console('data rawdemod am') | |
print ("+-+-") | |
core.console('data printdemodbuffer o 5 x') -- else "[!] Demodbuffer is empty" | |
--core.console('') | |
print("---------------------------------------------------------------") | |
print("-- 1:SET_CC SOF:1+4byte UID (bits double) // s:UID REQUEST Std - x00110") | |
core.console('lf cmdread d 50 z 116 o 166 c 000110') | |
core.console('data plot') | |
core.console('data ltrim 200') | |
core.console('data norm') | |
print ("++hitag1++") | |
core.console('data rawdemod ab') -- every bit is double | |
print ("+-+-") | |
--core.console('') | |
print("---------------------------------------------------------------") | |
print("-- 1:SET_CCNEW SOF:111+4byte UID // s:UID REQUEST Adv (x1100x) - x11001") | |
core.console('lf cmdread d 50 z 116 o 166 c 011001') | |
core.console('data plot') | |
core.console('data ltrim 200') | |
core.console('data norm') | |
print ("++hitag1adv++") | |
core.console('data rawdemod ab') | |
print ("+-+-") | |
--core.console('') | |
print("---------------------------------------------------------------") | |
print("-- s:UID REQUEST FAdv SOF:111+4byte UID - x11010") | |
core.console('lf cmdread d 50 z 116 o 166 c 011010') | |
core.console('data plot') | |
core.console('data ltrim 200') | |
core.console('data norm') | |
print ("++hitagsfadv++") | |
core.console('data rawdemod ab') | |
print ("+-+-") | |
--core.console('') | |
print("---------------------------------------------------------------") | |
--print("-- s fast adv 111 s 000101") | |
core.console('lf cmdread d 50 z 116 o 166 c 000101') | |
core.console('data plot') | |
core.console('data ltrim 200') | |
core.console('data norm') | |
core.console('data rawdemod ab') | |
--core.console('') | |
end | |
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if 1: | |
import subprocess | |
proxmark = './client/proxmark3' | |
#hitag = 'lf cmdread d 50 z 166 o 116 c 000111;data ltrim 200;data norm;data rawdemod ab;data printdemodbuffer o 5 x' | |
#out = subprocess.run([proxmark, "/dev/tty.usbmodemiceman1","-c",hitag], capture_output=True) | |
hitag = 'hitag' | |
out = subprocess.run([proxmark, "/dev/tty.usbmodem52","-l",hitag], capture_output=True) | |
print (out.stdout) | |
hitags = {b'++hitag2++': '', b'++hitag1++': '', b'++hitag1adv++': '', b'++hitagsfadv++': ''} | |
sofs = {b'++hitag2++': 5, b'++hitag1++': 1, b'++hitag1adv++': 3, b'++hitagsfadv++': 3} | |
key = "++hitag2++ ++hitag1++ ++hitag1adv++ ++hitagsfadv++" | |
keys = [b"++hitag2++", b"++hitag1++", b"++hitag1adv++", b"++hitagsfadv++"] | |
found = 0 | |
bits = b'' | |
name = '' | |
for x in [line.strip() for line in out.stdout.splitlines()]: | |
if b'+-+-' in x: | |
found = 0 | |
print(bits) | |
hitags[name] = bits | |
bits = b'' | |
if b'++' in x: | |
found = 1 | |
name = x | |
print (name) | |
if found == 1 and b'++' not in x: | |
#print (x) | |
bits += x | |
for x in keys: | |
print ("--------------------------------------------------------") | |
print (x) | |
print (hitags[x]) | |
print (len(hitags[x])) | |
string = '' | |
byte = 0 | |
i = 3 | |
a = 0 | |
b = 0 | |
if x != b'++hitag2++': | |
for i in hitags[x]: | |
if a==1: | |
a=0 | |
if b==i: | |
string += chr(i) | |
else: | |
string += '.' | |
else: | |
a=1 | |
b=i | |
print (string) | |
else: | |
for i in hitags[x]: | |
string += chr(i) | |
string = string[sofs[x]:] | |
print (string) | |
length = len(string) | |
print (len(string)) | |
# to hex ----------------------- | |
bits = string | |
string = '' | |
byte = 0 | |
i = 3 | |
a = 0 | |
dots = 0 | |
for x in bits: | |
a = -1 | |
if x!='.': | |
#if int(x) >=48 or int(x) <= 49: | |
#a = int(x) - 48 | |
a = int(x) | |
else: | |
dots +=1 | |
if a>=0: | |
byte += a*(2**i) | |
if i>0: | |
i-=1 | |
else: | |
i=3 | |
#print (hex(byte)) | |
string += '{:01x}'.format(byte) | |
byte = 0 | |
print (string) | |
if dots>1 or length==0 or length>40: | |
print ("--------------INVALID----------") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment