From 2790afc193714dd0cf9675286f9006c2866716b2 Mon Sep 17 00:00:00 2001 From: wh201906 Date: Sat, 9 May 2020 23:43:10 +0800 Subject: [PATCH] Support Mifare Simulate and Sniff function --- lang/en_US.ts | 267 +++++++++++++++++++++++++++------------ lang/zh_CN.ts | 275 +++++++++++++++++++++++++++++------------ ui/mainwindow.cpp | 96 +++++++------- ui/mainwindow.ui | 7 ++ ui/mf_sim_simdialog.ui | 4 +- 5 files changed, 440 insertions(+), 209 deletions(-) diff --git a/lang/en_US.ts b/lang/en_US.ts index 729872e..1cb5ab4 100644 --- a/lang/en_US.ts +++ b/lang/en_US.ts @@ -37,6 +37,84 @@ + + MF_Sim_simDialog + + + Simulate + + + + + u + + + + + UID 4 or 7 bytes. If not specified, the UID 4B from emulator memory will be used + + + + + n + + + + + Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite + + + + + i + + + + + Interactive, means that console will not be returned until simulation finishes or is aborted + + + + + x + + + + + Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s) + + + + + e + + + + + set keys found from 'reader attack' to emulator memory (implies x and i) + + + + + f + + + + + get UIDs to use for 'reader attack' from file 'f <filename.txt>' (implies x and i) + + + + + r + + + + + Generate random nonces instead of sequential nonces. Standard reader attack won't work with this option, only moebius attack works + + + MF_UID_parameterDialog @@ -88,250 +166,255 @@ - + Mifare - + >> - + << - + F - + Card Type - + MINI - + 1K - + 2K - + 4K - + File - - + + Load - - + + Save - - + + Data - + Key - + Attack - + Card Info - + Check Default - + Nested - + Hardnested - + Read/Write - + Block: - + Key: - + Key Type: - + A - + B - + + Data: + + + + Normal(Require Password) - - + + Read Block - - + + Write Block - - - + + + Read All - - + + Write All - + Dump - + Restore - + Chinese Magic Card(Without Password) - + Lock UFUID Card - + About UID Card - + Set Parameter - + Wipe - - + + Simulate - + Load from data above - - + + Clear - - + + Sniff - + List Sniff Data - + RawCommand - + History: - + ClearHistory - + Send - + ClearOutput @@ -345,6 +428,8 @@ + + Info @@ -361,7 +446,7 @@ - + Not Connected @@ -373,6 +458,7 @@ + Failed to open @@ -430,6 +516,7 @@ + Failed to save to @@ -529,49 +616,69 @@ - - + + Plz select the trace file: + + + + + Trace Files(*.trc);;All Files(*.*) + + + + + Plz select the location to save trace file: + + + + + Trace Files(*.trc) + + + + + Idle - - + + Sec - + Blk - + KeyA - + KeyB - + HW Version: - + PM3: - + State: - + Running @@ -579,28 +686,28 @@ Mifare - - + + Success! - - - - - + + + + + Info - - + + Failed! - + Failed to read card. diff --git a/lang/zh_CN.ts b/lang/zh_CN.ts index 921ff20..3ae33f8 100644 --- a/lang/zh_CN.ts +++ b/lang/zh_CN.ts @@ -45,6 +45,92 @@ 目标块: + + MF_Sim_simDialog + + Dialog + 对话框 + + + + Simulate + 模拟 + + + + u + + + + + UID 4 or 7 bytes. If not specified, the UID 4B from emulator memory will be used + 4或7字节的UID,如果不指定,则使用模拟器内存中的4字节UID + + + + n + + + + + Automatically exit simulation after <numreads> blocks have been read by reader. 0 = infinite + 在读卡器读取<n>个块后自动退出模拟,n为0或不指定时永远不退出 + + + + i + + + + + Interactive, means that console will not be returned until simulation finishes or is aborted + 交互模式,勾选后PM3客户端将在模拟完成或者模拟中断后才可继续使用 + + + + x + + + + + Crack, performs the 'reader attack', nr/ar attack against a legitimate reader, fishes out the key(s) + 破解,对读卡器进行攻击,通过nr/ar攻击来钓出密码(无卡嗅探) + + + + e + + + + + set keys found from 'reader attack' to emulator memory (implies x and i) + 在获得密码后自动将密码写入模拟器内存(自动勾选x和i) + + + + f + + + + + get UIDs to use for 'reader attack' from file 'f <filename.txt>' (implies x and i) + 从<filename.txt>当中获取用于破解读卡器的UID(批量模拟)(自动勾选x和i) + + + + r + + + + + Generate random nonces instead of sequential nonces. Standard reader attack won't work with this option, only moebius attack works + 生成随机nonce而不是顺序的nonce,这种情况下PM3将不对读卡器进行标准攻击,只进行moebius攻击 + + + Generate random nonces instead of sequential nonces. Standard reader attack won't work with this option, only moebius attack works. + 生成随机nonce而不是顺序的nonce,这种情况下PM3将不对读卡器进行标准攻击,只进行moebius攻击 + + MF_UID_parameterDialog @@ -104,250 +190,255 @@ 断开 - + Mifare Mifare(IC)卡 - + >> - + << - + F - + Card Type 卡类型 - + MINI - + 1K - + 2K - + 4K - + File 文件 - - + + Load 加载 - - + + Save 保存 - - + + Data - + Key - + Attack 破解 - + Card Info 读卡片信息 - + Check Default 验证默认密码 - + Nested Nested攻击 - + Hardnested Hardested攻击 - + Read/Write 读/写 - + Block: - + Key: - + Key Type: Key类型: - + A - + B - + + Data: + + + + Normal(Require Password) 普通卡(需要密码) - - + + Read Block 读单个块 - - + + Write Block 写单个块 - - - + + + Read All 读所有块 - - + + Write All 写所有块 - + Dump Dump命令 - + Restore Restore命令 - + Chinese Magic Card(Without Password) UID卡(不需要密码) - + Lock UFUID Card 锁定UFUID卡 - + About UID Card 关于UID卡 - + Set Parameter 设置卡参数 - + Wipe 擦除 - - + + Simulate 模拟 - + Load from data above 从上方数据导入 - - + + Clear 清空 - - + + Sniff 嗅探 - + List Sniff Data 列出嗅探数据 - + RawCommand 原始命令 - + History: 命令历史: - + ClearHistory 清空历史 - + Send 发送 - + ClearOutput 清空输出 @@ -361,6 +452,8 @@ + + Info 信息 @@ -377,7 +470,7 @@ - + Not Connected 未连接 @@ -398,6 +491,7 @@ Continue? + Failed to open 无法打开 @@ -467,6 +561,7 @@ Continue? + Failed to save to 无法保存至 @@ -566,49 +661,69 @@ Continue? 所有UID卡都似乎更容易被Nested攻击破解 - - + + Plz select the trace file: + 请选择trace文件: + + + + Trace Files(*.trc);;All Files(*.*) + Trace文件(*.trc);;所有文件(*.*) + + + + Plz select the location to save trace file: + 请选择trace文件保存的位置: + + + + Trace Files(*.trc) + Trace文件(*.trc) + + + + Idle 空闲 - - + + Sec - + Blk - + KeyA - + KeyB - + HW Version: 固件版本: - + PM3: 连接状态: - + State: 运行状态: - + Running 运行中 @@ -620,28 +735,28 @@ Continue? 信息: - - + + Success! 成功! - - - - - + + + + + Info 信息 - - + + Failed! 失败! - + Failed to read card. 读卡失败。 diff --git a/ui/mainwindow.cpp b/ui/mainwindow.cpp index a396480..7259805 100644 --- a/ui/mainwindow.cpp +++ b/ui/mainwindow.cpp @@ -50,7 +50,6 @@ void MainWindow::initUI() // will be called by main.app void MainWindow::on_PM3_refreshPortButton_clicked() { ui->PM3_portBox->clear(); - ui->PM3_portBox->addItem(""); QSerialPort serial; QStringList serialList; foreach(const QSerialPortInfo &info, QSerialPortInfo::availablePorts()) @@ -493,6 +492,55 @@ void MainWindow::on_MF_Sim_clearButton_clicked() mifare->wipeE(); } +void MainWindow::on_MF_Sim_simButton_clicked() +{ + mifare->simulate(); +} + +void MainWindow::on_MF_Sniff_loadButton_clicked() // use a tmp file to support complicated path +{ + QString title = ""; + QString filename = ""; + + title = tr("Plz select the trace file:"); + filename = QFileDialog::getOpenFileName(this, title, "./", tr("Trace Files(*.trc);;All Files(*.*)")); + qDebug() << filename; + if(filename != "") + { + QString tmpFile = "tmp" + QString::number(QDateTime::currentDateTime().toTime_t()) + ".trc"; + if(QFile::copy(filename, "./" + tmpFile)) + { + mifare->loadSniff(tmpFile); + QFile::remove("./" + tmpFile); + } + else + { + QMessageBox::information(this, tr("Info"), tr("Failed to open") + "\n" + filename); + } + } +} + +void MainWindow::on_MF_Sniff_saveButton_clicked() +{ + QString title = ""; + QString filename = ""; + + title = tr("Plz select the location to save trace file:"); + filename = QFileDialog::getSaveFileName(this, title, "./", tr("Trace Files(*.trc)")); + qDebug() << filename; + if(filename != "") + { + QString tmpFile = "tmp" + QString::number(QDateTime::currentDateTime().toTime_t()) + ".trc"; + mifare->saveSniff(tmpFile); + if(!QFile::copy("./" + tmpFile, filename)) + { + QMessageBox::information(this, tr("Info"), tr("Failed to save to") + "\n" + filename); + } + QFile::remove("./" + tmpFile); + } + +} + void MainWindow::on_MF_Sniff_sniffButton_clicked() { setState(false); @@ -674,50 +722,4 @@ void MainWindow::setState(bool st) -void MainWindow::on_MF_Sim_simButton_clicked() -{ - mifare->simulate(); -} - -void MainWindow::on_MF_Sniff_loadButton_clicked() // use a tmp file to support complicated path -{ - QString title = ""; - QString filename = ""; - title = tr("Plz select the trace file:"); - filename = QFileDialog::getOpenFileName(this, title, "./", tr("Trace Files(*.trc);;All Files(*.*)")); - qDebug() << filename; - if(filename != "") - { - QString tmpFile = "tmp" + QString::number(QDateTime::currentDateTime().toTime_t()) + ".trc"; - if(QFile::copy(filename, "./" + tmpFile)) - { - mifare->loadSniff(tmpFile); - QFile::remove("./" + tmpFile); - } - else - { - QMessageBox::information(this, tr("Info"), tr("Failed to open") + "\n" + filename); - } - } -} - -void MainWindow::on_MF_Sniff_saveButton_clicked() -{ - QString title = ""; - QString filename = ""; - - title = tr("Plz select the location to save trace file:"); - filename = QFileDialog::getSaveFileName(this, title, "./", tr("Trace Files(*.trc)")); - qDebug() << filename; - if(filename != "") - { - QString tmpFile = "tmp" + QString::number(QDateTime::currentDateTime().toTime_t()) + ".trc"; - mifare->saveSniff(tmpFile); - if(!QFile::copy("./" + tmpFile, filename)) - { - QMessageBox::information(this, tr("Info"), tr("Failed to save to") + "\n" + filename); - } - } - -} diff --git a/ui/mainwindow.ui b/ui/mainwindow.ui index 94e2915..8e90e42 100644 --- a/ui/mainwindow.ui +++ b/ui/mainwindow.ui @@ -608,6 +608,13 @@ + + + + Data: + + + diff --git a/ui/mf_sim_simdialog.ui b/ui/mf_sim_simdialog.ui index 97b4edf..1a9c15a 100644 --- a/ui/mf_sim_simdialog.ui +++ b/ui/mf_sim_simdialog.ui @@ -11,7 +11,7 @@ - Dialog + Simulate @@ -299,7 +299,7 @@ - Generate random nonces instead of sequential nonces. Standard reader attack won't work with this option, only moebius attack works. + Generate random nonces instead of sequential nonces. Standard reader attack won't work with this option, only moebius attack works true