-
Notifications
You must be signed in to change notification settings - Fork 2
/
hf_i2c_plus_2k_utils.lua
310 lines (248 loc) · 7.33 KB
/
hf_i2c_plus_2k_utils.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
local getopt = require('getopt')
local lib14a = require('read14a')
local cmds = require('commands')
local utils = require('utils')
local ansicolors = require('ansicolors')
--- Commands
NTAG_I2C_PLUS_2K = '0004040502021503C859'
GET_VERSION = '60'
SELECT_SECTOR_PKT1 = 'C2FF'
SELECT_SECTOR0_PKT2 = '00000000'
SELECT_SECTOR1_PKT2 = '01000000'
READ_BLOCK = '30'
WRITE_BLOCK = 'A2'
ACK = '0A'
NAK = '00'
---
--- Arguments
copyright = ''
author = 'Shain Lakin'
version = 'v1.0.0'
desc =[[
This script can be used to read blocks, write blocks, dump sectors,
or write a files hex bytes to sector 0 or 1 on the NTAG I2C PLUS 2K tag.
]]
example =[[
Read block 04 from sector 1:
script run hf_i2c_plus_2k_utils -m r -s 1 -b 04
Write FFFFFFFF to block A0 sector 1:
script run hf_i2c_plus_2k_utils -m w -s 1 -b A0 -d FFFFFFFF
Dump sector 1 user memory to console and file:
script run hf_i2c_plus_2k_utils -m d -s 1
Write a files hex bytes to sector 1 starting at block 04:
script run hf_i2c_plus_2k_utils -m f -s 1 -f data.txt
]]
usage = [[
Read mode:
script run hf_i2c_plus_2k_utils -m r -s <sector> -b <block (hex)>
Write mode:
script run hf_i2c_plus_2k_utils -m w -s <sector> -b <block (hex)> -d <data (hex)>
Dump mode:
script run hf_i2c_plus_2k_utils -m d -s <sector>
File mode:
script run hf_i2c_plus_2k_utils -m f -s <sector> -f <file>
]]
arguments = [[
-h this help
-m mode (r/w/f)
-b block (hex)
-f file
-s sector (0/1)
-d data (hex)
]]
---
--- Help function
local function help()
print(copyright)
print(author)
print(version)
print(desc)
print(ansicolors.cyan..'Usage'..ansicolors.reset)
print(usage)
print(ansicolors.cyan..'Arguments'..ansicolors.reset)
print(arguments)
print(ansicolors.cyan..'Example usage'..ansicolors.reset)
print(example)
end
---
--- Message function
local function msg(string)
print(ansicolors.magenta..string.rep('-',29)..ansicolors.reset)
print(ansicolors.cyan..string..ansicolors.reset)
print(ansicolors.magenta..string.rep('-',29)..ansicolors.reset)
end
---
--- Error handling
local function warn(err)
print(ansicolors.magenta.."ERROR:"..ansicolors.reset,err)
core.clearCommandBuffer()
return nil, err
end
---
--- Setup tx/rx
local function sendRaw(rawdata, options)
local flags = lib14a.ISO14A_COMMAND.ISO14A_NO_DISCONNECT
+ lib14a.ISO14A_COMMAND.ISO14A_RAW
+ lib14a.ISO14A_COMMAND.ISO14A_APPEND_CRC
local c = Command:newMIX{cmd = cmds.CMD_HF_ISO14443A_READER,
arg1 = flags,
arg2 = string.len(rawdata)/2,
data = rawdata}
return c:sendMIX(options.ignore_response)
end
---
--- Function to connect
local function connect()
core.clearCommandBuffer()
info, err = lib14a.read(true, true)
if err then
lib14a.disconnect()
return error(err)
else
return info.uid
end
core.clearCommandBuffer()
end
---
--- Function to disconnect
local function disconnect()
core.clearCommandBuffer()
lib14a.disconnect()
end
---
--- Function to get response data
local function getResponseData(usbpacket)
local resp = Command.parse(usbpacket)
local len = tonumber(resp.arg1) * 2
return string.sub(tostring(resp.data), 0, len);
end
---
--- Function to send raw bytes
local function send(payload)
local usb, err = sendRaw(payload,{ignore_response = false})
if err then return warn(err) end
return getResponseData(usb)
end
---
--- Function to select sector
local function select_sector(sector)
send(SELECT_SECTOR_PKT1)
if sector == '0' then
send(SELECT_SECTOR0_PKT2)
elseif sector == '1' then
send(SELECT_SECTOR1_PKT2)
end
end
---
--- Function to write file to sector
local function filewriter(file,sector)
file_bytes = utils.ReadDumpFile(file)
len = string.len(file_bytes) / 8
start_char = 1
end_char = 8
block_counter = 4
-- NTAG_I2C_PLUS_2K:SECTOR_0:225,SECTOR_1:255
end_block = 225
connect()
select_sector(sector)
for count = 1, len do
block = file_bytes:sub(start_char, end_char)
data = send(WRITE_BLOCK..string.format("%02x",block_counter)..block)
print('[*] Writing bytes '..block..' to page '..string.format("%02x", block_counter))
if data == ACK then
print(ansicolors.cyan..'[*] Received ACK, write successful'..ansicolors.reset)
else
print(ansicolors.magenta..'[!] Write failed'..ansicolors.reset)
end
start_char = start_char + 8
end_char = end_char + 8
block_counter = block_counter + 1
if block_counter == end_block then
print(ansicolors.magenta..'[!] Not enough memory space!'..ansicolors.reset)
break
end
end
disconnect()
end
---
--- Function to dump user memory to console and disk
local function dump(sector,uid)
connect()
select_sector(sector)
counter = 0
dest = uid..'.hex'
file = io.open(dest, 'a')
io.output(file)
print("\n[+] Dumping sector "..sector.."\n")
print(ansicolors.magenta..string.rep('--',16)..ansicolors.reset)
for count = 1, 64 do
result = send(READ_BLOCK..string.format("%02x", counter))
print(ansicolors.cyan..result:sub(1,32)..ansicolors.reset)
io.write(result:sub(1,32))
counter = counter + 4
end
io.close(file)
print(ansicolors.magenta..string.rep('--',16)..ansicolors.reset)
print("\n[+] Memory dump saved to "..uid..".hex")
disconnect()
end
---
--- Function to read and write blocks
local function exec(cmd, sector, block, bytes)
connect()
select_sector(sector)
if cmd == READ_BLOCK then
data = send(cmd..block)
msg(data:sub(1,8))
elseif cmd == WRITE_BLOCK then
if bytes == 'NOP' then
err = '[!] You need to pass some data'
warn(err)
print(usage)
do return end
else
data = send(cmd..block..bytes)
if data == ACK then
print(ansicolors.cyan..'[+] Received ACK, write succesful'..ansicolors.reset)
elseif data ~= ACK then
print(ansicolors.magenta..'[!] Write failed'..ansicolors.reset)
end
end
end
disconnect()
return(data)
end
---
--- Main
local function main(args)
for o, a in getopt.getopt(args, 'm:b:s:d:f:h') do
if o == 'm' then mode = a end
if o == 'b' then block = a end
if o == 's' then sector = a end
if o == 'd' then bytes = a end
if o == 'f' then file = a end
if o == 'h' then return help() end
end
uid = connect()
connect()
version = send(GET_VERSION)
disconnect()
if version == NTAG_I2C_PLUS_2K then
if mode == 'r' then
print('\n[+] Reading sector '..sector..' block '..block)
exec(READ_BLOCK,sector,block,bytes)
elseif mode == 'w' then
print('\n[+] Writing '..bytes..' to sector '..sector..' block '..block)
exec(WRITE_BLOCK,sector,block,bytes)
elseif mode == 'f' then
filewriter(file,sector)
elseif mode == 'd' then
dump(sector,uid)
end
else
return print(usage)
end
if command == '' then return print(usage) end
end
---
main(args)