Home Explore Help
Register Sign In
mmn
/
mfterm
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
mfterm
/
term_cmd.c

term_cmd.c 18 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767 
  1. /**
    2. 

  2.  * Copyright (C) 2011 Anders Sundman <anders@4zm.org>
    3. 

  3.  *
    4. 

  4.  * This file is part of mfterm.
    5. 

  5.  *
    6. 

  6.  * mfterm is free software: you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License as published by
    8. 

  8.  * the Free Software Foundation, either version 3 of the License, or
    9. 

  9.  * (at your option) any later version.
    10. 

  10. 

  11.  * mfterm is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.  * GNU General Public License for more details.
    15. 

  15. 

  16.  * You should have received a copy of the GNU General Public License
    17. 

  17.  * along with mfterm.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18.  *
    19. 

  19.  * Parts of code used in this file are from the GNU readline library file
    20. 

  20.  * fileman.c (GPLv3). Copyright (C) 1987-2009 Free Software Foundation, Inc
    21. 

  21.  */
    22. 

  22. 

  23. #include <stdio.h>
    24. 

  24. #include <string.h>
    25. 

  25. #include <strings.h>
    26. 

  26. #include <stdlib.h>
    27. 

  27. #include "mfterm.h"
    28. 

  28. #include "tag.h"
    29. 

  29. #include "term_cmd.h"
    30. 

  30. #include "mifare_ctrl.h"
    31. 

  31. #include "dictionary.h"
    32. 

  32. #include "spec_syntax.h"
    33. 

  33. #include "util.h"
    34. 

  34. #include "mac.h"
    35. 

  35. 

  36. command_t commands[] = {
    37. 

  37.   { "help",  com_help, 0, 0, "Display this text" },
    38. 

  38.   { "?",     com_help, 0, 0, "Synonym for 'help'" },
    39. 

  39. 

  40.   { "quit",  com_quit, 0, 1, "Exit the program" },
    41. 

  41.   { "exit",  com_quit, 0, 0, "Synonym for 'quit'" },
    42. 

  42. 

  43.   { "load",  com_load_tag, 1, 1, "Load tag data from a file" },
    44. 

  44.   { "save",  com_save_tag, 1, 1, "Save tag data to a file" },
    45. 

  45.   { "clear", com_clear_tag, 0, 1, "Clear the current tag data" },
    46. 

  46. 

  47.   { "read",  com_read_tag,  0, 1, "A|B : Read tag data from a physical tag" },
    48. 

  48.   { "read unlocked", com_read_tag_unlocked, 0, 1, "On pirate cards, read card without keys" },
    49. 

  49.   { "write", com_write_tag, 0, 1, "A|B : Write tag data to a physical tag" },
    50. 

  50.   { "write unlocked", com_write_tag_unlocked, 0, 1, "On pirate cards, write 1k tag with block 0" },
    51. 

  51. 

  52.   { "print",      com_print,      0, 1, "1k|4k : Print tag data" },
    53. 

  53.   { "print keys", com_print_keys, 0, 1, "1k|4k : Print tag's keys" },
    54. 

  54.   { "print ac",   com_print_ac,   0, 1, "Print access conditions" },
    55. 

  55. 

  56.   { "set", com_set, 0, 1, "#block #offset = xx xx xx : Set tag data" },
    57. 

  57. 

  58.   { "keys load",   com_keys_load,   1, 1, "Load keys from a file" },
    59. 

  59.   { "keys save",   com_keys_save,   1, 1, "Save keys to a file" },
    60. 

  60.   { "keys clear",  com_keys_clear,  0, 1, "Clear the keys" },
    61. 

  61.   { "keys set",    com_keys_set,    0, 1, "A|B #S key : Set a key value" },
    62. 

  62.   { "keys import", com_keys_import, 0, 1, "Import keys from the current tag" },
    63. 

  63.   { "keys test",   com_keys_test,   0, 1, "Try to authenticate with the keys" },
    64. 

  64.   { "keys",        com_keys_print,  0, 1, "1k|4k : Print the keys" },
    65. 

  65. 

  66.   { "dict load",   com_dict_load,   1, 1, "Load a dictionary key file" },
    67. 

  67.   { "dict clear",  com_dict_clear,  0, 1, "Clear the key dictionary" },
    68. 

  68.   { "dict attack", com_dict_attack, 0, 1, "Find keys of a physical tag"},
    69. 

  69.   { "dict",        com_dict_print,  0, 1, "Print the key dictionary" },
    70. 

  70. 

  71.   { "spec load",   com_spec_load,   1, 1, "Load a specification file" },
    72. 

  72.   { "spec clear",  com_spec_clear,  0, 1, "Unload the specification" },
    73. 

  73.   { "spec",        com_spec_print,  0, 1, "Print the specification" },
    74. 

  74. 

  75.   { "mac key", com_mac_key_get_set, 0, 1, "<k0..k7> : Get or set MAC key" },
    76. 

  76.   { "mac compute", com_mac_block_compute, 0, 1, "#block : Compute block MAC" },
    77. 

  77.   { "mac update", com_mac_block_update, 0, 1, "#block : Compute block MAC" },
    78. 

  78.   { "mac validate", com_mac_validate, 0, 1, "1k|4k : Validates block MAC of the whole tag" },
    79. 

  79. 

  80.   { (char *)NULL, (cmd_func_t)NULL, 0, 0, (char *)NULL }
    81. 

  81. };
    82. 

  82. 

  83. // Parse a Mifare size type argument (1k|4k)
    84. 

  84. mf_size_t parse_size(const char* str);
    85. 

  85. 

  86. // Parse a Mifare size type argument (1k|4k). Return the default
    87. 

  87. // argument value if the string is NULL.
    88. 

  88. mf_size_t parse_size_default(const char* str, mf_size_t default_size);
    89. 

  89. 

  90. // Parse a Mifare key type argument (A|B)
    91. 

  91. mf_key_type_t parse_key_type(const char* str);
    92. 

  92. 

  93. // Parse a Mifare key type argument (A|B). Return the default
    94. 

  94. // argument value if the string is NULL.
    95. 

  95. mf_key_type_t parse_key_type_default(const char* str,
    96. 

  96.                                      mf_key_type_t default_type);
    97. 

  97. 

  98. // Compute the MAC using the current_mac_key. If update is nonzero,
    99. 

  99. // the mac of the current tag is updated. If not, the MAC is simply
    100. 

  100. // printed.
    101. 

  101. int com_mac_block_compute_impl(char* arg, int update);
    102. 

  102. 

  103. /* Look up NAME as the name of a command, and return a pointer to that
    104. 

  104.    command.  Return a NULL pointer if NAME isn't a command name. */
    105. 

  105. command_t* find_command(const char *name) {
    106. 

  106.   command_t* cmd = NULL;
    107. 

  107.   size_t cmd_len = 0;
    108. 

  108. 

  109.   for (size_t i = 0; commands[i].name; ++i) {
    110. 

  110.     size_t l = strlen(commands[i].name);
    111. 

  111.     if (l > cmd_len && strncmp(name, commands[i].name, l) == 0) {
    112. 

  112.       cmd = &commands[i];
    113. 

  113.       cmd_len = l;
    114. 

  114.     }
    115. 

  115.   }
    116. 

  116. 

  117.   return cmd;
    118. 

  118. }
    119. 

  119. 

  120. /**
    121. 

  121.  * Helper function to print the specified command alligned with the longest
    122. 

  122.  * command name.
    123. 

  123.  */
    124. 

  124. void print_help_(size_t cmd) {
    125. 

  125. 

  126.   // Find longest command (and cache the result)
    127. 

  127.   static size_t cmd_len_max = 0;
    128. 

  128.   if (cmd_len_max == 0) {
    129. 

  129.     for (int i = 0; commands[i].name; ++i) {
    130. 

  130.       size_t cmd_len = strlen(commands[i].name);
    131. 

  131.       cmd_len_max = cmd_len > cmd_len_max ? cmd_len : cmd_len_max;
    132. 

  132.     }
    133. 

  133.   }
    134. 

  134. 

  135.   // Format: 4x' ' | cmd | ' '-pad-to-longest-cmd | 4x' ' | doc
    136. 

  136.   printf ("    %s", commands[cmd].name);
    137. 

  137.   for (int j = (int)(cmd_len_max - strlen(commands[cmd].name)); j >= 0; --j)
    138. 

  138.     printf(" ");
    139. 

  139.   printf ("    %s.\n", commands[cmd].doc);
    140. 

  140. }
    141. 

  141. 

  142. int com_help(char* arg) {
    143. 

  143. 

  144.   // Help request for specific command?
    145. 

  145.   if (arg && *arg != '\0') {
    146. 

  146.     for (size_t i = 0; commands[i].name; ++i) {
    147. 

  147.       if (strcmp(arg, commands[i].name) == 0) {
    148. 

  148.         print_help_(i);
    149. 

  149.         return 0;
    150. 

  150.       }
    151. 

  151.     }
    152. 

  152.     printf ("No commands match '%s'\n", arg);
    153. 

  153.   }
    154. 

  154. 

  155.   // Help for all commands (with doc flag)
    156. 

  156.   for (size_t i = 0; commands[i].name; i++) {
    157. 

  157.     if (commands[i].document)
    158. 

  158.       print_help_(i);
    159. 

  159.   }
    160. 

  160. 

  161.   return 0;
    162. 

  162. }
    163. 

  163. 

  164. int com_quit(char *arg) {
    165. 

  165.   stop_input_loop();
    166. 

  166.   return 0;
    167. 

  167. }
    168. 

  168. 

  169. int com_load_tag(char *arg) {
    170. 

  170.   int res = load_tag(arg);
    171. 

  171.   if (res == 0)
    172. 

  172.     printf("Successfully loaded tag from: %s\n", arg);
    173. 

  173.   return 0;
    174. 

  174. }
    175. 

  175. 

  176. int com_save_tag(char* arg) {
    177. 

  177.   int res = save_tag(arg);
    178. 

  178.   if (res == 0)
    179. 

  179.     printf("Successfully wrote tag to: %s\n", arg);
    180. 

  180.   return 0;
    181. 

  181. }
    182. 

  182. 

  183. int com_clear_tag(char* arg) {
    184. 

  184.   clear_tag(&current_tag);
    185. 

  185.   return 0;
    186. 

  186. }
    187. 

  187. 

  188. int com_read_tag(char* arg) {
    189. 

  189.   // Add option to choose key
    190. 

  190.   char* ab = strtok(arg, " ");
    191. 

  191. 

  192.   if (ab && strtok(NULL, " ") != (char*)NULL) {
    193. 

  193.     printf("Too many arguments\n");
    194. 

  194.     return -1;
    195. 

  195.   }
    196. 

  196.   if (!ab)
    197. 

  197.     printf("No key argument (A|B) given. Defaulting to A\n");
    198. 

  198. 

  199.   // Parse key selection
    200. 

  200.   mf_key_type_t key_type = parse_key_type_default(ab, MF_KEY_A);
    201. 

  201.   if (key_type == MF_INVALID_KEY_TYPE) {
    202. 

  202.     printf("Invalid argument (A|B): %s\n", ab);
    203. 

  203.     return -1;
    204. 

  204.   }
    205. 

  205. 

  206.   // Issue the read request
    207. 

  207.   mf_read_tag(&current_tag, key_type);
    208. 

  208.   return 0;
    209. 

  209. }
    210. 

  210. 

  211. int com_read_tag_unlocked(char* arg) {
    212. 

  212.   char* ab = strtok(arg, " ");
    213. 

  213.   if (ab) {
    214. 

  214.     printf("This command doesn't take any arguments\n");
    215. 

  215.     return -1;
    216. 

  216.   }
    217. 

  217. 

  218.   // Issue the read request
    219. 

  219.   mf_read_tag(&current_tag, MF_KEY_UNLOCKED);
    220. 

  220.   return 0;
    221. 

  221. }
    222. 

  222. 

  223. int com_write_tag(char* arg) {
    224. 

  224.   // Add option to choose key
    225. 

  225.   char* ab = strtok(arg, " ");
    226. 

  226. 

  227.   if (!ab) {
    228. 

  228.     printf("Too few arguments: (A|B)\n");
    229. 

  229.     return -1;
    230. 

  230.   }
    231. 

  231. 

  232.   if (strtok(NULL, " ") != (char*)NULL) {
    233. 

  233.     printf("Too many arguments\n");
    234. 

  234.     return -1;
    235. 

  235.   }
    236. 

  236. 

  237.   // Parse key selection
    238. 

  238.   mf_key_type_t key_type = parse_key_type(ab);
    239. 

  239.   if (key_type == MF_INVALID_KEY_TYPE) {
    240. 

  240.     printf("Invalid argument (A|B): %s\n", ab);
    241. 

  241.     return -1;
    242. 

  242.   }
    243. 

  243. 

  244.   // Issue the read request
    245. 

  245.   mf_write_tag(&current_tag, key_type);
    246. 

  246.   return 0;
    247. 

  247. }
    248. 

  248. 

  249. int com_write_tag_unlocked(char* arg) {
    250. 

  250.   char* ab = strtok(arg, " ");
    251. 

  251.   if (ab) {
    252. 

  252.     printf("This command doesn't take any arguments\n");
    253. 

  253.     return -1;
    254. 

  254.   }
    255. 

  255. 

  256.   // Issue the write request
    257. 

  257.   mf_write_tag(&current_tag, MF_KEY_UNLOCKED);
    258. 

  258.   return 0;
    259. 

  259. }
    260. 

  260. 

  261. int com_print(char* arg) {
    262. 

  262. 

  263.   char* a = strtok(arg, " ");
    264. 

  264. 

  265.   if (a && strtok(NULL, " ") != (char*)NULL) {
    266. 

  266.     printf("Too many arguments\n");
    267. 

  267.     return -1;
    268. 

  268.   }
    269. 

  269. 

  270.   mf_size_t size = parse_size_default(a, MF_1K);
    271. 

  271. 

  272.   if (size == MF_INVALID_SIZE) {
    273. 

  273.     printf("Unknown argument: %s\n", a);
    274. 

  274.     return -1;
    275. 

  275.   }
    276. 

  276. 

  277.   print_tag(size);
    278. 

  278. 

  279.   return 0;
    280. 

  280. }
    281. 

  281. 

  282. int com_set(char* arg) {
    283. 

  283.   char* block_str = strtok(arg, " ");
    284. 

  284.   char* offset_str = strtok(NULL, " ");
    285. 

  285.   char* byte_str = strtok(NULL, " ");
    286. 

  286. 

  287.   if (!block_str || !offset_str || !byte_str) {
    288. 

  288.     printf("Too few arguments: #block #offset xx xx xx .. xx\n");
    289. 

  289.     return -1;
    290. 

  290.   }
    291. 

  291. 

  292.   unsigned int block = (unsigned int) strtoul(block_str, &block_str, 16);
    293. 

  293.   if (*block_str != '\0') {
    294. 

  294.     printf("Invalid block character (non hex): %s\n", block_str);
    295. 

  295.     return -1;
    296. 

  296.   }
    297. 

  297.   if (block < 0 || block > 0xff) {
    298. 

  298.     printf("Invalid block [0,ff]: %x\n", block);
    299. 

  299.     return -1;
    300. 

  300.   }
    301. 

  301. 

  302.   unsigned int offset = (unsigned int) strtoul(offset_str, &offset_str, 16);
    303. 

  303.   if (*offset_str != '\0') {
    304. 

  304.     printf("Invalid offset character (non hex): %s\n", offset_str);
    305. 

  305.     return -1;
    306. 

  306.   }
    307. 

  307.   if (offset < 0 || offset > 0x0f) {
    308. 

  308.     printf("Invalid offset [0,f]: %x\n", offset);
    309. 

  309.     return -1;
    310. 

  310.   }
    311. 

  311. 

  312.   // Consume the byte tokens
    313. 

  313.   do {
    314. 

  314.     long int byte = strtol(byte_str, &byte_str, 16);
    315. 

  315.     if (*byte_str != '\0') {
    316. 

  316.       printf("Invalid byte character (non hex): %s\n", byte_str);
    317. 

  317.       return -1;
    318. 

  318.     }
    319. 

  319.     if (byte < 0 || byte > 0xff) {
    320. 

  320.       printf("Invalid byte value [0,ff]: %lx\n", byte);
    321. 

  321.       return -1;
    322. 

  322.     }
    323. 

  323. 

  324.     if (offset > 0x0f) {
    325. 

  325.       printf("Too many bytes specified.\n");
    326. 

  326.       return -1;
    327. 

  327.     }
    328. 

  328. 

  329.     // Write the data
    330. 

  330.     current_tag.amb[block].mbd.abtData[offset++] = (uint8_t)byte;
    331. 

  331. 

  332.   } while((byte_str = strtok(NULL, " ")) != (char*)NULL);
    333. 

  333. 

  334.   return 0;
    335. 

  335. }
    336. 

  336. 

  337. int com_print_keys(char* arg) {
    338. 

  338.   char* a = strtok(arg, " ");
    339. 

  339. 

  340.   if (a && strtok(NULL, " ") != (char*)NULL) {
    341. 

  341.     printf("Too many arguments\n");
    342. 

  342.     return -1;
    343. 

  343.   }
    344. 

  344. 

  345.   mf_size_t size = parse_size_default(a, MF_1K);
    346. 

  346. 

  347.   if (size == MF_INVALID_SIZE) {
    348. 

  348.     printf("Unknown argument: %s\n", a);
    349. 

  349.     return -1;
    350. 

  350.   }
    351. 

  351. 

  352.   print_keys(&current_tag, size);
    353. 

  353. 

  354.   return 0;
    355. 

  355. }
    356. 

  356. 

  357. int com_print_ac(char* arg) {
    358. 

  358.   if (strtok(arg, " ") != (char*)NULL) {
    359. 

  359.     printf("Too many arguments\n");
    360. 

  360.     return -1;
    361. 

  361.   }
    362. 

  362. 

  363.   print_ac(&current_tag);
    364. 

  364. 

  365.   return 0;
    366. 

  366. }
    367. 

  367. 

  368. int com_keys_load(char* arg) {
    369. 

  369.   int res = load_auth(arg);
    370. 

  370.   if (res == 0)
    371. 

  371.     printf("Successfully loaded keys from: %s\n", arg);
    372. 

  372.   return 0;
    373. 

  373. }
    374. 

  374. 

  375. int com_keys_save(char* arg) {
    376. 

  376.   int res = save_auth(arg);
    377. 

  377.   if (res == 0)
    378. 

  378.     printf("Successfully wrote keys to: %s\n", arg);
    379. 

  379.   return 0;
    380. 

  380. }
    381. 

  381. 

  382. int com_keys_clear(char* arg) {
    383. 

  383.   clear_tag(&current_auth);
    384. 

  384.   return 0;
    385. 

  385. }
    386. 

  386. 

  387. int com_keys_set(char* arg) {
    388. 

  388.   // Arg format: A|B #S key
    389. 

  389. 

  390.   char* ab = strtok(arg, " ");
    391. 

  391.   char* sector_str = strtok(NULL, " ");
    392. 

  392.   char* key_str = strtok(NULL, " ");
    393. 

  393. 

  394.   if (strtok(NULL, " ") != (char*)NULL) {
    395. 

  395.     printf("Too many arguments\n");
    396. 

  396.     return -1;
    397. 

  397.   }
    398. 

  398. 

  399.   if (!ab || !sector_str || !key_str) {
    400. 

  400.     printf("Too few arguments: (A|B) #sector key\n");
    401. 

  401.     return -1;
    402. 

  402.   }
    403. 

  403. 

  404.   // Read sector
    405. 

  405.   long int sector = strtol(sector_str, &sector_str, 16);
    406. 

  406. 

  407.   // Sanity check sector range
    408. 

  408.   if (*sector_str != '\0') {
    409. 

  409.     printf("Invalid sector character (non hex): %s\n", sector_str);
    410. 

  410.     return -1;
    411. 

  411.   }
    412. 

  412.   if (sector < 0 || sector > 0x1b) {
    413. 

  413.     printf("Invalid sector [0,1b]: %lx\n", sector);
    414. 

  414.     return -1;
    415. 

  415.   }
    416. 

  416. 

  417.   // Sanity check key length
    418. 

  418.   if (strncmp(key_str, "0x", 2) == 0)
    419. 

  419.     key_str += 2;
    420. 

  420.   if (strlen(key_str) != 12) {
    421. 

  421.     printf("Invalid key (6 byte hex): %s\n", key_str);
    422. 

  422.     return -1;
    423. 

  423.   }
    424. 

  424. 

  425.   // Compute the block that houses the key for the desired sector
    426. 

  426.   size_t block = sector_to_trailer((size_t)sector);
    427. 

  427. 

  428.   // Parse key selection and point to appropriate key
    429. 

  429.   uint8_t* key;
    430. 

  430.   mf_key_type_t key_type = parse_key_type(ab);
    431. 

  431.   if (key_type == MF_KEY_A)
    432. 

  432.     key = current_auth.amb[block].mbt.abtKeyA;
    433. 

  433.   else if (key_type == MF_KEY_B)
    434. 

  434.     key = current_auth.amb[block].mbt.abtKeyB;
    435. 

  435.   else {
    436. 

  436.     printf("Invalid argument (A|B): %s\n", ab);
    437. 

  437.     return -1;
    438. 

  438.   }
    439. 

  439. 

  440.   // Parse the key
    441. 

  441.   if (read_key(key, key_str) == NULL) {
    442. 

  442.     printf("Invalid key character (non hex)\n");
    443. 

  443.     return -1;
    444. 

  444.   }
    445. 

  445. 

  446.   return 0;
    447. 

  447. }
    448. 

  448. 

  449. int com_keys_import(char* arg) {
    450. 

  450.   import_auth();
    451. 

  451.   return 0;
    452. 

  452. }
    453. 

  453. 

  454. int com_keys_test(char* arg) {
    455. 

  455.   // Arg format: 1k|4k A|B
    456. 

  456. 

  457.   char* s = strtok(arg, " ");
    458. 

  458.   char* ab = strtok(NULL, " ");
    459. 

  459. 

  460.   if (s && ab && strtok(NULL, " ") != NULL) {
    461. 

  461.     printf("Too many arguments\n");
    462. 

  462.     return -1;
    463. 

  463.   }
    464. 

  464. 

  465.   if (!s || !ab) {
    466. 

  466.     printf("Too few arguments: (1k|4k) (A|B)\n");
    467. 

  467.     return -1;
    468. 

  468.   }
    469. 

  469. 

  470.   // Parse arguments
    471. 

  471.   mf_size_t size = parse_size(s);
    472. 

  472.   if (size == MF_INVALID_SIZE) {
    473. 

  473.     printf("Unknown size argument (1k|4k): %s\n", s);
    474. 

  474.     return -1;
    475. 

  475.   }
    476. 

  476. 

  477.   mf_key_type_t key_type = parse_key_type(ab);
    478. 

  478.   if (key_type == MF_INVALID_KEY_TYPE) {
    479. 

  479.     printf("Unknown key type argument (A|B): %s\n", ab);
    480. 

  480.     return -1;
    481. 

  481.   }
    482. 

  482. 

  483.   // Run the auth test
    484. 

  484.   mf_test_auth(&current_auth, size, key_type);
    485. 

  485.   return 0;
    486. 

  486. }
    487. 

  487. 

  488. int com_keys_print(char* arg) {
    489. 

  489.   char* a = strtok(arg, " ");
    490. 

  490. 

  491.   if (a && strtok(NULL, " ") != (char*)NULL) {
    492. 

  492.     printf("Too many arguments\n");
    493. 

  493.     return -1;
    494. 

  494.   }
    495. 

  495. 

  496.   mf_size_t size = parse_size_default(a, MF_1K);
    497. 

  497. 

  498.   if (size == MF_INVALID_SIZE) {
    499. 

  499.     printf("Unknown argument: %s\n", a);
    500. 

  500.     return -1;
    501. 

  501.   }
    502. 

  502. 

  503.   print_keys(&current_auth, size);
    504. 

  504. 

  505.   return 0;
    506. 

  506. }
    507. 

  507. 

  508. int com_dict_load(char* arg) {
    509. 

  509.   FILE* dict_file = fopen(arg, "r");
    510. 

  510. 

  511.   if (dict_file == NULL) {
    512. 

  512.     printf("Could not open file: %s\n", arg);
    513. 

  513.     return 1;
    514. 

  514.   }
    515. 

  515. 

  516.   dictionary_import(dict_file);
    517. 

  517. 

  518.   fclose(dict_file);
    519. 

  519.   return 0;
    520. 

  520. }
    521. 

  521. 

  522. int com_dict_clear(char* arg) {
    523. 

  523.   dictionary_clear();
    524. 

  524.   return 0;
    525. 

  525. }
    526. 

  526. 

  527. int com_dict_attack(char* arg) {
    528. 

  528. 

  529.   // Not much point if we don't have any keys
    530. 

  530.   if (!dictionary_get()) {
    531. 

  531.     printf("Dictionary is empty!\n");
    532. 

  532.     return -1;
    533. 

  533.   }
    534. 

  534. 

  535.   mf_dictionary_attack(&current_auth);
    536. 

  536.   return 0;
    537. 

  537. }
    538. 

  538. 

  539. int com_dict_print(char* arg) {
    540. 

  540.   key_list_t* kl = dictionary_get();
    541. 

  541. 

  542.   int count = 0;
    543. 

  543.   while(kl) {
    544. 

  544.     printf("%s\n", sprint_key(kl->key));
    545. 

  545.     kl = kl->next;
    546. 

  546.     ++count;
    547. 

  547.   }
    548. 

  548. 

  549.   printf("Dictionary contains: %d keys\n", count);
    550. 

  550. 

  551.   return 0;
    552. 

  552. }
    553. 

  553. 

  554. 

  555. int com_spec_print(char* arg) {
    556. 

  556.   print_instance_tree();
    557. 

  557. 

  558.   return 0;
    559. 

  559. }
    560. 

  560. 

  561. int com_spec_load(char* arg) {
    562. 

  562.   // Start by clearing the current hierarcy
    563. 

  563.   clear_instance_tree();
    564. 

  564.   tt_clear();
    565. 

  565. 

  566.   // Open the file
    567. 

  567.   FILE* spec_file = fopen(arg, "r");
    568. 

  568.   if (spec_file == NULL) {
    569. 

  569.     printf("Could not open file: %s\n", arg);
    570. 

  570.     return 1;
    571. 

  571.   }
    572. 

  572. 

  573.   // Parse the specification
    574. 

  574.   spec_import(spec_file);
    575. 

  575. 

  576.   fclose(spec_file);
    577. 

  577. 

  578.   return 0;
    579. 

  579. }
    580. 

  580. 

  581. int com_spec_clear(char* arg) {
    582. 

  582. 

  583.   clear_instance_tree();
    584. 

  584.   tt_clear();
    585. 

  585. 

  586.   return 0;
    587. 

  587. }
    588. 

  588. 

  589. int com_mac_key_get_set(char* arg) {
    590. 

  590.   char* key_str = strtok(arg, " ");
    591. 

  591. 

  592.   if (key_str == 0) {
    593. 

  593.     printf("Current MAC key: \n");
    594. 

  594.     print_hex_array_sep(current_mac_key, 8, " ");
    595. 

  595.     printf("\n");
    596. 

  596.     return 0;
    597. 

  597.   }
    598. 

  598. 

  599.   uint8_t key[8];
    600. 

  600.   int key_ptr = 0;
    601. 

  601. 

  602.   // Consume the key tokens
    603. 

  603.   do {
    604. 

  604.     long int byte = strtol(key_str, &key_str, 16);
    605. 

  605.     if (*key_str != '\0') {
    606. 

  606.       printf("Invalid key character (non hex): %s\n", key_str);
    607. 

  607.       return -1;
    608. 

  608.     }
    609. 

  609.     if (byte < 0 || byte > 0xff) {
    610. 

  610.       printf("Invalid byte value [0,ff]: %lx\n", byte);
    611. 

  611.       return -1;
    612. 

  612.     }
    613. 

  613. 

  614.     if (key_ptr > sizeof(key)) {
    615. 

  615.       printf("Too many bytes specified in key (should be 8).\n");
    616. 

  616.       return -1;
    617. 

  617.     }
    618. 

  618. 

  619.     // Accept the byte and add it to the key
    620. 

  620.     key[key_ptr++] = (uint8_t)byte;
    621. 

  621. 

  622.   } while((key_str = strtok(NULL, " ")) != (char*)NULL);
    623. 

  623. 

  624.   if (key_ptr != sizeof(key)) {
    625. 

  625.     printf("Too few bytes specified in key (should be 8).\n");
    626. 

  626.     return -1;
    627. 

  627.   }
    628. 

  628. 

  629.   // Everything ok, so update the global
    630. 

  630.   memcpy(current_mac_key, key, 8);
    631. 

  631.   return 0;
    632. 

  632. }
    633. 

  633. 

  634. int com_mac_block_compute(char* arg) {
    635. 

  635.   return com_mac_block_compute_impl(arg, 0);
    636. 

  636. }
    637. 

  637. 

  638. int com_mac_block_update(char* arg) {
    639. 

  639.   return com_mac_block_compute_impl(arg, 1);
    640. 

  640. }
    641. 

  641. 

  642. int com_mac_block_compute_impl(char* arg, int update) {
    643. 

  643.   char* block_str = strtok(arg, " ");
    644. 

  644. 

  645.   if (!block_str) {
    646. 

  646.     printf("Too few arguments: #block\n");
    647. 

  647.     return -1;
    648. 

  648.   }
    649. 

  649. 

  650.   unsigned int block = (unsigned int) strtoul(block_str, &block_str, 16);
    651. 

  651.   if (*block_str != '\0') {
    652. 

  652.     printf("Invalid block character (non hex): %s\n", block_str);
    653. 

  653.     return -1;
    654. 

  654.   }
    655. 

  655.   if (block < 0 || block > 0xff) {
    656. 

  656.     printf("Invalid block [0,ff]: %x\n", block);
    657. 

  657.     return -1;
    658. 

  658.   }
    659. 

  659. 

  660.   // Use the key
    661. 

  661.   unsigned char* mac = compute_block_mac(block, current_mac_key, update);
    662. 

  662. 

  663.   // MAC is null on error, else 8 bytes
    664. 

  664.   if (mac == 0)
    665. 

  665.     return -1;
    666. 

  666. 

  667.   // Only need 16 MSBs.
    668. 

  668.   printf("Block %2.2x, MAC : ", block);
    669. 

  669.   print_hex_array_sep(mac, 2, " ");
    670. 

  670.   printf("\n");
    671. 

  671. 

  672.   return 0;
    673. 

  673. }
    674. 

  674. 

  675. int com_mac_validate(char* arg) {
    676. 

  676.   char* a = strtok(arg, " ");
    677. 

  677. 

  678.   if (a && strtok(NULL, " ") != (char*)NULL) {
    679. 

  679.     printf("Too many arguments\n");
    680. 

  680.     return -1;
    681. 

  681.   }
    682. 

  682. 

  683.   mf_size_t size = parse_size_default(a, MF_1K);
    684. 

  684. 

  685.   if (size == MF_INVALID_SIZE) {
    686. 

  686.     printf("Unknown argument: %s\n", a);
    687. 

  687.     return -1;
    688. 

  688.   }
    689. 

  689. 

  690.   for (unsigned int i = 1; i < block_count(size); ++i) {
    691. 

  691.     if (is_trailer_block(i))
    692. 

  692.       continue;
    693. 

  693. 

  694.     unsigned char* mac = compute_block_mac(i, current_mac_key, 0);
    695. 

  695.     printf("Block: %2x ", i);
    696. 

  696.     printf("Tag: ");
    697. 

  697.     print_hex_array_sep(&current_tag.amb[i].mbd.abtData[14], 2, " ");
    698. 

  698.     printf(" Computed: ");
    699. 

  699.     print_hex_array_sep(mac, 2, " ");
    700. 

  700.     printf(" Result: ");
    701. 

  701. 

  702.     if (memcmp(mac, &current_tag.amb[i].mbd.abtData[14], 2) == 0)
    703. 

  703.       printf("VALID");
    704. 

  704.     else
    705. 

  705.       printf("IN-VALID");
    706. 

  706. 

  707.     printf("\n");
    708. 

  708.   }
    709. 

  709.   return 0;
    710. 

  710. }
    711. 

  711. 

  712. mf_size_t parse_size(const char* str) {
    713. 

  713. 

  714.   if (str == NULL)
    715. 

  715.     return MF_INVALID_SIZE;
    716. 

  716. 

  717.   if (strcasecmp(str, "1k") == 0)
    718. 

  718.     return MF_1K;
    719. 

  719. 

  720.   if (strcasecmp(str, "4k") == 0)
    721. 

  721.     return MF_4K;
    722. 

  722. 

  723.   return MF_INVALID_SIZE;
    724. 

  724. }
    725. 

  725. 

  726. mf_size_t parse_size_default(const char* str, mf_size_t default_size) {
    727. 

  727.   if (str == NULL)
    728. 

  728.     return default_size;
    729. 

  729.   return parse_size(str);
    730. 

  730. }
    731. 

  731. 

  732. mf_key_type_t parse_key_type(const char* str) {
    733. 

  733. 

  734.   if (str == NULL)
    735. 

  735.     return MF_INVALID_KEY_TYPE;
    736. 

  736. 

  737.   if (strcasecmp(str, "a") == 0)
    738. 

  738.     return MF_KEY_A;
    739. 

  739. 

  740.   if (strcasecmp(str, "b") == 0)
    741. 

  741.     return MF_KEY_B;
    742. 

  742. 

  743.   return MF_INVALID_KEY_TYPE;
    744. 

  744. }
    745. 

  745. 

  746. mf_key_type_t parse_key_type_default(const char* str,
    747. 

  747.                                      mf_key_type_t default_type) {
    748. 

  748.   if (str == NULL)
    749. 

  749.     return default_type;
    750. 

  750.   return parse_key_type(str);
    751. 

  751. }
    752. 

  752. 

  753. // Any command starting with '.' - path spec
    754. 

  754. int exec_path_command(const char *line) {
    755. 

  755. 

  756.   instance_t* inst = parse_spec_path(line);
    757. 

  757. 

  758.   if (inst)
    759. 

  759.     print_tag_data_range(inst->offset_bytes, inst->offset_bits,
    760. 

  760.                          inst->size_bytes, inst->size_bits);
    761. 

  761.   else
    762. 

  762.     printf("Invalid Path\n");
    763. 

  763. 

  764. 

  765.   return 0;
    766. 

  766. }
    767. 

  767.