-
Notifications
You must be signed in to change notification settings - Fork 0
/
bruteforce.py
72 lines (58 loc) · 2.87 KB
/
bruteforce.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# -*- coding: utf-8 -*-
# -- bruteforce.py
# Bruteforces through the file structure
from smartcard.System import readers
from smartcard.Exceptions import NoCardException, CardConnectionException
from smartcard.util import toHexString
import sys
import display
from card_interface import *
recursiveMode = False
def explore(connection, startAddress = [], space = "", firstByteMin = 0,
firstByteMax = 0xff, secondByteMin = 0, secondByteMax = 0xff):
selectFileMode = 0x08
response, sw1, sw2 = selectFile(connection, [0,0], selectFileMode)
if statusWrongParameters(sw1, sw2):
selectFileMode = 0x02
for firstByte in range(firstByteMin, firstByteMax+1):
# print space + ("0x%02x" % firstByte) + " 0xxx"
for secondByte in range(secondByteMin, secondByteMax+1):
address = startAddress + [firstByte, secondByte]
response, sw1, sw2 = selectFile(connection, address, selectFileMode)
if not statusIsOK(sw1, sw2):
continue
# Le select est bon, on regarde les enregistrements.
display.printAddress(address, space)
for recordNumber in range(255):
response, sw1, sw2 = readRecord(connection, recordNumber+1)
print "\t",
if statusIsOK(sw1, sw2):
display.printRecord(response, recordNumber+1)
else:
if statusSecurityNotOK(sw1, sw2):
print "Security status not satisfied\n"
elif statusCommandNotAllowed(sw1, sw2): # ie. c'est un DF
print "This is a DF\n"
if recursiveMode:
explore(connection, startAddress+address, space+" ")
elif statusRecordNotFound(sw1, sw2):
# Record not found, it was the last one
print "Total: %u record(s)\n" % (recordNumber)
elif statusBadLength(sw1, sw2):
# mauvaise longueur, on peut recuperer le coup.
len = sw2
response, sw1, sw2 = readRecord(connection, recordNumber+1, sw2)
if statusIsOK(sw1, sw2):
display.printRecord(response, recordNumber+1)
print "\t(longueur %d)\n" % len
else:
print "Unknown error: %02x %02x\n" % (sw1, sw2)
break
def startBruteforce():
card = getCard()
if card:
explore(card, [], "", 0x00, 0x3f, 0x00, 0x80)
# dumpStruct(connection, [0x00, 0x00], "", 0x00, 0x00, 0x00, 0x70)
# dumpStruct(connection, [0x10, 0x00], "", 0x10, 0x11, 0x00, 0x70)
# dumpStruct(connection, [0x20, 0x00], "", 0x20, 0x21, 0x00, 0x70)
# dumpStruct(connection, [0x30, 0x00], "", 0x30, 0x31, 0x00, 0x70)