bosb/hitag.lua

## hitag.lua
-- put in proxmark/client/scripts or ~/.proxmark3/luascripts
local utils = require('utils')
local getopt = require('getopt')

copyright = ''
author = 'Thorsten'
version = 'v0.0.1'
desc =
[[
Trigger all HITAG tags
]]
example = [[
    script run hitag
]]
usage = [[
script run hitag -h

Arguments
    -h       - Help text
]]

---
-- This is only meant to be used when errors occur
local function oops(err)
    print('ERROR:', err)
    core.clearCommandBuffer()
    return nil, err
end
---
-- Usage help
local function help()
    print(copyright)
    print(author)
    print(version)
    print(desc)
    print('Example usage')
    print(example)
    print(usage)
end
--
function main()

    -- parse arguments for the script
    for o, a in getopt.getopt(args, 'h') do
        if o == 'h' then return help() end
    end

        core.clearCommandBuffer()
        print("---------------------------------------------------------------")
        print("-- 2:START_AUTH SOF:11111+4byte UID // {s:UID REQUEST Adv (x1100x) SOF:111} - x11000")
        core.console('lf cmdread d 50 z 116 o 166 c 011000')
        core.console('data plot')
        core.console('data ltrim 200')
        core.console('data norm')
        print ("++hitag2++")
        core.console('data rawdemod am')
        print ("+-+-")
        core.console('data printdemodbuffer o 5 x') -- else "[!] Demodbuffer is empty"
        --core.console('')
        print("---------------------------------------------------------------")
        print("-- 1:SET_CC SOF:1+4byte UID (bits double) // s:UID REQUEST Std - x00110")
        core.console('lf cmdread d 50 z 116 o 166 c 000110')
        core.console('data plot')
        core.console('data ltrim 200')
        core.console('data norm')
        print ("++hitag1++")
        core.console('data rawdemod ab') -- every bit is double
        print ("+-+-")
        --core.console('')
        print("---------------------------------------------------------------")
        print("-- 1:SET_CCNEW SOF:111+4byte UID // s:UID REQUEST Adv (x1100x) - x11001")
        core.console('lf cmdread d 50 z 116 o 166 c 011001')
        core.console('data plot')
        core.console('data ltrim 200')
        core.console('data norm')
        print ("++hitag1adv++")
        core.console('data rawdemod ab')
        print ("+-+-")
        --core.console('')
        print("---------------------------------------------------------------")
        print("-- s:UID REQUEST FAdv SOF:111+4byte UID - x11010")
        core.console('lf cmdread d 50 z 116 o 166 c 011010')
        core.console('data plot')
        core.console('data ltrim 200')
        core.console('data norm')
        print ("++hitagsfadv++")
        core.console('data rawdemod ab')
        print ("+-+-")
        --core.console('')
        print("---------------------------------------------------------------")
        --print("-- s fast adv 111   s 000101")
        core.console('lf cmdread d 50 z 116 o 166 c 000101')
        core.console('data plot')
        core.console('data ltrim 200')
        core.console('data norm')
        core.console('data rawdemod ab')
        --core.console('')

end

main()

## hitag.py
if 1:
    import subprocess
    proxmark = './client/proxmark3'
    #hitag = 'lf cmdread d 50 z 166 o 116 c 000111;data ltrim 200;data norm;data rawdemod ab;data printdemodbuffer o 5 x'
    #out = subprocess.run([proxmark, "/dev/tty.usbmodemiceman1","-c",hitag], capture_output=True)
    hitag = 'hitag'
    out = subprocess.run([proxmark, "/dev/tty.usbmodem52","-l",hitag], capture_output=True)
    print (out.stdout)
    hitags = {b'++hitag2++': '', b'++hitag1++': '', b'++hitag1adv++': '', b'++hitagsfadv++': ''}
    sofs = {b'++hitag2++': 5, b'++hitag1++': 1, b'++hitag1adv++': 3, b'++hitagsfadv++': 3}
    key = "++hitag2++ ++hitag1++ ++hitag1adv++ ++hitagsfadv++"
    keys = [b"++hitag2++", b"++hitag1++", b"++hitag1adv++", b"++hitagsfadv++"]
    found = 0
    bits = b''
    name = ''
    for x in [line.strip() for line in out.stdout.splitlines()]:
        if b'+-+-' in x:
            found = 0
            print(bits)
            hitags[name] = bits
            bits = b''
        if b'++' in x:
            found = 1
            name = x
            print (name)
        if found == 1 and b'++' not in x:
            #print (x)
            bits += x
    for x in keys:
        print ("--------------------------------------------------------")
        print (x)
        print (hitags[x])
        print (len(hitags[x]))
        string = ''
        byte = 0
        i = 3
        a = 0
        b = 0
        if x != b'++hitag2++':
            for i in hitags[x]:
                if a==1:
                    a=0
                    if b==i:
                        string += chr(i)
                    else:
                        string += '.'
                else:
                    a=1
                    b=i
            print (string)
        else:
            for i in hitags[x]:
                string += chr(i)
        string = string[sofs[x]:]
        print (string)
        length = len(string)
        print (len(string))
        # to hex -----------------------
        bits = string
        string = ''
        byte = 0
        i = 3
        a = 0
        dots = 0
        for x in bits:
            a = -1
            if x!='.':
                #if int(x) >=48 or int(x) <= 49:
                #a = int(x) - 48
                a = int(x)
            else:
                dots +=1
            if a>=0:
                byte += a*(2**i)
            if i>0:
                i-=1
            else:
                i=3
                #print (hex(byte))
                string += '{:01x}'.format(byte)
                byte = 0
        print (string)
        if dots>1 or length==0 or length>40:
            print ("--------------INVALID----------")
	-- put in proxmark/client/scripts or ~/.proxmark3/luascripts
	local utils = require('utils')
	local getopt = require('getopt')

	copyright = ''
	author = 'Thorsten'
	version = 'v0.0.1'
	desc =
	[[
	Trigger all HITAG tags
	]]
	example = [[
	script run hitag
	]]
	usage = [[
	script run hitag -h

	Arguments
	-h - Help text
	]]

	---
	-- This is only meant to be used when errors occur
	local function oops(err)
	print('ERROR:', err)
	core.clearCommandBuffer()
	return nil, err
	end
	---
	-- Usage help
	local function help()
	print(copyright)
	print(author)
	print(version)
	print(desc)
	print('Example usage')
	print(example)
	print(usage)
	end
	--
	function main()

	-- parse arguments for the script
	for o, a in getopt.getopt(args, 'h') do
	if o == 'h' then return help() end
	end

	core.clearCommandBuffer()
	print("---------------------------------------------------------------")
	print("-- 2:START_AUTH SOF:11111+4byte UID // {s:UID REQUEST Adv (x1100x) SOF:111} - x11000")
	core.console('lf cmdread d 50 z 116 o 166 c 011000')
	core.console('data plot')
	core.console('data ltrim 200')
	core.console('data norm')
	print ("++hitag2++")
	core.console('data rawdemod am')
	print ("+-+-")
	core.console('data printdemodbuffer o 5 x') -- else "[!] Demodbuffer is empty"
	--core.console('')
	print("---------------------------------------------------------------")
	print("-- 1:SET_CC SOF:1+4byte UID (bits double) // s:UID REQUEST Std - x00110")
	core.console('lf cmdread d 50 z 116 o 166 c 000110')
	core.console('data plot')
	core.console('data ltrim 200')
	core.console('data norm')
	print ("++hitag1++")
	core.console('data rawdemod ab') -- every bit is double
	print ("+-+-")
	--core.console('')
	print("---------------------------------------------------------------")
	print("-- 1:SET_CCNEW SOF:111+4byte UID // s:UID REQUEST Adv (x1100x) - x11001")
	core.console('lf cmdread d 50 z 116 o 166 c 011001')
	core.console('data plot')
	core.console('data ltrim 200')
	core.console('data norm')
	print ("++hitag1adv++")
	core.console('data rawdemod ab')
	print ("+-+-")
	--core.console('')
	print("---------------------------------------------------------------")
	print("-- s:UID REQUEST FAdv SOF:111+4byte UID - x11010")
	core.console('lf cmdread d 50 z 116 o 166 c 011010')
	core.console('data plot')
	core.console('data ltrim 200')
	core.console('data norm')
	print ("++hitagsfadv++")
	core.console('data rawdemod ab')
	print ("+-+-")
	--core.console('')
	print("---------------------------------------------------------------")
	--print("-- s fast adv 111 s 000101")
	core.console('lf cmdread d 50 z 116 o 166 c 000101')
	core.console('data plot')
	core.console('data ltrim 200')
	core.console('data norm')
	core.console('data rawdemod ab')
	--core.console('')

	end

	main()
	if 1:
	import subprocess
	proxmark = './client/proxmark3'
	#hitag = 'lf cmdread d 50 z 166 o 116 c 000111;data ltrim 200;data norm;data rawdemod ab;data printdemodbuffer o 5 x'
	#out = subprocess.run([proxmark, "/dev/tty.usbmodemiceman1","-c",hitag], capture_output=True)
	hitag = 'hitag'
	out = subprocess.run([proxmark, "/dev/tty.usbmodem52","-l",hitag], capture_output=True)
	print (out.stdout)
	hitags = {b'++hitag2++': '', b'++hitag1++': '', b'++hitag1adv++': '', b'++hitagsfadv++': ''}
	sofs = {b'++hitag2++': 5, b'++hitag1++': 1, b'++hitag1adv++': 3, b'++hitagsfadv++': 3}
	key = "++hitag2++ ++hitag1++ ++hitag1adv++ ++hitagsfadv++"
	keys = [b"++hitag2++", b"++hitag1++", b"++hitag1adv++", b"++hitagsfadv++"]
	found = 0
	bits = b''
	name = ''
	for x in [line.strip() for line in out.stdout.splitlines()]:
	if b'+-+-' in x:
	found = 0
	print(bits)
	hitags[name] = bits
	bits = b''
	if b'++' in x:
	found = 1
	name = x
	print (name)
	if found == 1 and b'++' not in x:
	#print (x)
	bits += x
	for x in keys:
	print ("--------------------------------------------------------")
	print (x)
	print (hitags[x])
	print (len(hitags[x]))
	string = ''
	byte = 0
	i = 3
	a = 0
	b = 0
	if x != b'++hitag2++':
	for i in hitags[x]:
	if a==1:
	a=0
	if b==i:
	string += chr(i)
	else:
	string += '.'
	else:
	a=1
	b=i
	print (string)
	else:
	for i in hitags[x]:
	string += chr(i)
	string = string[sofs[x]:]
	print (string)
	length = len(string)
	print (len(string))
	# to hex -----------------------
	bits = string
	string = ''
	byte = 0
	i = 3
	a = 0
	dots = 0
	for x in bits:
	a = -1
	if x!='.':
	#if int(x) >=48 or int(x) <= 49:
	#a = int(x) - 48
	a = int(x)
	else:
	dots +=1
	if a>=0:
	byte += a(2*i)
	if i>0:
	i-=1
	else:
	i=3
	#print (hex(byte))
	string += '{:01x}'.format(byte)
	byte = 0
	print (string)
	if dots>1 or length==0 or length>40:
	print ("--------------INVALID----------")