A newer version of this info is available at https://badcfe.org/how-to-paxton-with-rfidler/
Paxton fobs and readers are popular in the UK especially the Net2 system where the fobs look like this with a blue ring:
Paxton readers often look like this:
| import random | |
| class Montgomery: | |
| # B*v^2 = u^3 + A*u^2 + u | |
| def __init__(self, A, B, p): | |
| self.A = A | |
| self.B = B | |
| self.p = p |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta name="viewport" content="width=device-width"> | |
| <title>Paxton Fob converter</title> | |
| <style> | |
| table, th, td, div { | |
| border: 1px solid black; | |
| } |
clone the flipper repo
git clone git@github.com:flipperdevices/flipperzero-firmware.git
download the build tools requirements
pip3 install -r scripts/requirements.txt
cd applications/plugins
| <?php | |
| //Pre-processing: adding a single 1 bit | |
| // append "1" bit to message | |
| // Notice: the input bytes are considered as bits strings, | |
| // where the first bit is the most significant bit of the byte.[46] | |
| //Pre-processing: padding with zeros | |
| // append "0" bit until message length in bits ≡ 448 (mod 512) | |
| function preProcess($message) { | |
| // $message .= chr(128); |
| $time = time(0); | |
| $pid = getmypid(); | |
| echo 'time is: ',$time,' (just the unix timestamp so very guessable)',PHP_EOL; | |
| echo 'pid is: ',$pid, ' (process id of current PHP process usually in 1000s )',PHP_EOL; | |
| $rand = mt_rand(); | |
| echo 'Output of 1st call to uninitialized to mt_rand is: '.$rand,PHP_EOL; | |
| echo 'Output of 2nd call to uninitialized to mt_rand is: '.mt_rand(),PHP_EOL; | |
| echo 'Output of 3rd call to uninitialized to mt_rand is: '.mt_rand(),PHP_EOL; | |
| echo 'Guessing the seed now: ',PHP_EOL; |
| <?php | |
| $p = '3490529510847650949147849619903898133417764638493387843990820577'; | |
| $q = '32769132993266709549961988190834461413177642967992942539798288533'; | |
| $N = bi_mul($p, $q); | |
| $c ='96869613754622061477140922254355882905759991124574319874695120930816298225145708356931476622883989628013391990551829945157815154'; | |
| $phin = bi_mul(bi_sub($p, 1), bi_sub($q, 1)); | |
| $e = 9007; |
| import random | |
| from Ecc import Ecc | |
| from Ecc import Point | |
| A = -95051 | |
| B = 11279326 | |
| p = 233970423115425145524320034830162017933 | |
| q = 233970423115425145498902418297807005944 | |
| ecc = Ecc(A, B, p) |
| <?php | |
| /* | |
| Note 1: All variables are unsigned 32 bits and wrap modulo 232 when calculating, except | |
| ml the message length which is 64 bits, and | |
| hh the message digest which is 160 bits. | |
| Note 2: All constants in this pseudo code are in big endian. | |
| Within each word, the most significant byte is stored in the leftmost byte position | |
| */ |
| <?php | |
| function preProcess($message) { | |
| $message .= chr(128); | |
| while (((strlen($message) + 8) % 64) !== 0) { | |
| $message .= chr(0); | |
| } | |
| return $message; | |
| } |