pwn 0.4.477 → 0.4.478

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12b3517ec1a98f073c21f689d8f0812da237bd0d2715956afe5de02e69a1c9f9
-  data.tar.gz: e7a84eaaee6639f4241bd08a0ceee50745f55f89cd348744fb2daa7e5881017a
+  metadata.gz: '09d06003d8060cade6a56174ce2237cb1d60044e596117e66b8dd882778bc971'
+  data.tar.gz: 00d295054465bae88230fd25606a00c10fe635478300b40409af241e99f20322
 SHA512:
-  metadata.gz: 25c56b798321a8fdf4c840b99ccf3c09819eb9493fea94305d5dd7a3425284b423155e741e7c5329a9af1f0c0b14831779a8e1238fcde5503514b7dcbd130d91
-  data.tar.gz: 830e16467f649042771d4ebe0fb8318af2abdc4ed8ab7cf7771c110c020569ebe2ff6c4be28d719e3ab00a0ffe834b004836b723e11ad0acaf17df7c87aef32c
+  metadata.gz: 5ddbe9550e2d6ecf8f480fc76ffaa2c44b04db21e53e3d617a7cc562ffa26a34e44db6aaee0ad1972c96533a3f91ecec97a1f8159a797db3e994405a7163904b
+  data.tar.gz: 309fb8124dbf9c76fa24b89b984b32f1e8f11869395e8e95d3bd6ba79f4438ed814475b5329dd0e5f6e660092e5d7f681cb002d4734a3c5f0af0b7a0fe7cd8d2

data/Gemfile

@@ -33,7 +33,7 @@ gem 'ipaddress', '0.8.3'
 gem 'js-beautify', '0.1.8'
 gem 'json', '2.6.2'
 gem 'jsonpath', '1.1.2'
-gem 'jwt', '2.3.0'
+gem 'jwt', '2.4.0'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.7.1'
 gem 'mongo', '2.17.1'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.477]:001 >>> PWN.help
+pwn[v0.4.478]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.477]:001 >>> PWN.help
+pwn[v0.4.478]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_serial_msr206

@@ -75,26 +75,10 @@ begin
   # )
   # puts exec_resp.inspect
 
-  # TODO: Parse Binary Bits to Derive Readable Configuration
-  # e.g. 'Read & Write All Three Tracks' if binary_resp == '11101111'
-  # Probably better to split each bit and then evaluate
-  # binary_resp_arr = binary_resp.chars
-  # --------------------------------------------------
-  # Bit|Bit = 0                  |Bit = 1
-  # --------------------------------------------------
-  # 0  |Track 1 Read not present |Track 1 Read present
-  # 1  |Track 2 Read not present |Track 2 Read present
-  # 2  |Track 3 Read not present |Track 3 Read present
-  # 3  |not used – should be 0   |not used
-  # 4  |Track 3 Write not present|Track 3 Write present
-  # 5  |Track 2 Write not present|Track 2 Write present
-  # 6  |Track 1 Write not present|Track 1 Write present
-  # 7  |parity bit**             |parity bit**
-  exec_resp = PWN::Plugins::MSR206.exec(
-    msr206_obj: msr206_obj,
-    cmd: :configuration_request
+  config_hash = PWN::Plugins::MSR206.get_config(
+    msr206_obj: msr206_obj
   )
-  puts "Configuration Bits: #{exec_resp[:binary].first.reverse}"
+  puts "Configuration: #{config_hash.inspect}"
 
   exec_resp = PWN::Plugins::MSR206.exec(
     msr206_obj: msr206_obj,
@@ -114,9 +98,10 @@ begin
 
     puts "\n>> MAIN MENU OPTIONS:"
     puts '[(R)ead Card]'
+    puts '[(B)ackup Card]'
     puts '[(C)opy Card]'
+    puts '[(L)oad Card from File]'
     puts '[(E)dit Card]'
-    puts '[(B)ackup Card]'
     puts '[(W)arm Reset]'
     puts '[(Q)uit]'
     puts menu_msg
@@ -126,77 +111,41 @@ begin
 
     case option
     when :R
-      menu_msg = 'READY TO READ - PLEASE SWIPE CARD'
+      menu_msg = 'READ CARD'
       # Read Card
       track_data = PWN::Plugins::MSR206.read_card(
-        msr206_obj: msr206_obj,
-        type: :arm_to_read
+        msr206_obj: msr206_obj
+      )
+    when :B
+      menu_msg = 'BACKUP CARD TO FILE'
+      # Read Card to Backup
+      track_data = PWN::Plugins::MSR206.backup_card(
+        msr206_obj: msr206_obj
       )
     when :C
-      menu_msg = 'READY TO COPY - PLEASE SWIPE ORIGINAL CARD'
-      # Read Original Card
-      track_data = PWN::Plugins::MSR206.read_card(
-        msr206_obj: msr206_obj,
-        type: :arm_to_read
+      menu_msg = 'COPY CARD'
+      # Copy Card
+      track_data = PWN::Plugins::MSR206.copy_card(
+        msr206_obj: msr206_obj
+      )
+    when :L
+      menu_msg = 'LOAD FROM FILE'
+      # Read Card to Backup
+      track_data = PWN::Plugins::MSR206.load_card_from_file(
+        msr206_obj: msr206_obj
       )
-
-      # TODO: Save Original Card Contents
-      # arm_to_write card to clone
-      # read cloned card to verify successful write
     when :E
-      menu_msg = 'READY TO EDIT - PLEASE SWIPE TARGET CARD'
+      menu_msg = 'EDIT'
       # Read Target Card
-      track_data = PWN::Plugins::MSR206.read_card(
-        msr206_obj: msr206_obj,
-        type: :arm_to_read
+      track_data = PWN::Plugins::MSR206.edit_card(
+        msr206_obj: msr206_obj
       )
 
       # TODO: Save Original Card Contents
       # arm_to_write card to edit
       # read edited card to verify successful write
-    when :B
-      menu_msg = 'READY TO BACKUP - PLEASE SWIPE CARD'
-      # Read Card to Backup
-      track_data = PWN::Plugins::MSR206.read_card(
-        msr206_obj: msr206_obj,
-        type: :arm_to_read
-      )
-
-      file = ''
-      backup_msg = ''
-      loop do
-        if backup_msg.empty?
-          exec_resp = PWN::Plugins::MSR206.exec(
-            msr206_obj: msr206_obj,
-            cmd: :green_flash
-          )
-        end
-
-        print 'Enter File Name to Save Backup: '
-        file = gets.scrub.chomp.strip
-        file_dir = File.dirname(file)
-        break if Dir.exist?(file_dir)
-
-        backup_msg = "\n****** ERROR: Directory #{file_dir} for #{file} does not exist ******"
-        puts backup_msg
-        exec_resp = PWN::Plugins::MSR206.exec(
-          msr206_obj: msr206_obj,
-          cmd: :green_off
-        )
-        exec_resp = PWN::Plugins::MSR206.exec(
-          msr206_obj: msr206_obj,
-          cmd: :yellow_flash
-        )
-      end
-
-      File.write(file, "#{track_data.to_json}\n")
-      exec_resp = PWN::Plugins::MSR206.exec(
-        msr206_obj: msr206_obj,
-        cmd: :yellow_off
-      )
-
-      puts 'complete.'
     when :W
+      menu_msg = 'WARM RESET'
       exec_resp = PWN::Plugins::MSR206.exec(
         msr206_obj: msr206_obj,
         cmd: :simulate_power_cycle_warm_reset

data/lib/pwn/plugins/msr206.rb

@@ -402,7 +402,7 @@ module PWN
           when '7E'
             response[:msg] = :command_not_supported_by_hardware
           else
-            response[:msg] = :data
+            response[:msg] = :response
           end
 
           next_response_detected = false
@@ -410,7 +410,7 @@ module PWN
           keep_parsing_responses = false
         end
 
-        response[:raw] = raw_byte_arr
+        response[:hex] = raw_byte_arr
         response[:binary] = binary(raw_byte_arr: raw_byte_arr)
         response[:decoded] = decode(raw_byte_arr: raw_byte_arr)
         response
@@ -574,16 +574,18 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # wait_for_swipe(
+      # MSR206.wait_for_swipe(
       #   msr206_obj: 'required - msr206_obj returned from #connect method'
       #   type: 'required - swipe type :arm_to_read || :arm_to_read_w_speed_prompts || :arm_to_write_no_raw || :arm_to_write_with_raw || :arm_to_write_with_raw_speed_prompts',
-      #   encoding: required - :iso || :iso_alt || :raw'
+      #   encoding: 'required - :iso || :iso_alt || :raw',
+      #   track_data: 'optional - track_data to write'
       # )
 
       private_class_method def self.wait_for_swipe(opts = {})
         msr206_obj = opts[:msr206_obj]
         type = opts[:type].to_s.scrub.strip.chomp.to_sym
         encoding = opts[:encoding].to_s.scrub.strip.chomp.to_sym
+        track_data = opts[:track_data]
 
         exec_resp = exec(
           msr206_obj: msr206_obj,
@@ -600,26 +602,26 @@ module PWN
           cmd: :green_on
         )
 
-        exec_resp = PWN::Plugins::MSR206.exec(
-          msr206_obj: msr206_obj,
-          cmd: type
-        )
+        track_data_arr = []
 
-        print 'Ready.  Please Swipe Card Now:'
-        loop do
-          exec_resp = parse_responses(
+        case type
+        when :arm_to_read,
+             :arm_to_read_w_speed_prompts
+
+          exec_resp = PWN::Plugins::MSR206.exec(
             msr206_obj: msr206_obj,
             cmd: type
           )
 
-          break if exec_resp[:msg] == :ack_command_completed
-        end
-
-        track_data_arr = []
+          print 'Ready to Read.  Please Swipe Card Now:'
+          loop do
+            exec_resp = parse_responses(
+              msr206_obj: msr206_obj,
+              cmd: type
+            )
 
-        case type
-        when :arm_to_read,
-             :arm_to_read_w_speed_prompts
+            break if exec_resp[:msg] == :ack_command_completed
+          end
 
           if encoding == :iso
             cmds_arr = %i[
@@ -633,6 +635,7 @@ module PWN
                 msr206_obj: msr206_obj,
                 cmd: cmd
               )
+              exec_resp[:encoding] = encoding
               puts exec_resp[:decoded]
               puts exec_resp.inspect
               track_data_arr.push(exec_resp)
@@ -655,6 +658,7 @@ module PWN
                   cmd: cmd,
                   params: [param]
                 )
+                exec_resp[:encoding] = encoding
                 puts exec_resp[:decoded]
                 puts exec_resp.inspect
                 track_data_arr.push(exec_resp)
@@ -679,6 +683,7 @@ module PWN
                   cmd: cmd,
                   params: [param]
                 )
+                exec_resp[:encoding] = encoding
                 puts exec_resp[:decoded]
                 puts exec_resp.inspect
                 track_data_arr.push(exec_resp)
@@ -689,6 +694,7 @@ module PWN
                   cmd: cmd,
                   params: [0x5f] + [param]
                 )
+                exec_resp[:encoding] = encoding
                 puts exec_resp[:decoded]
                 puts exec_resp.inspect
                 track_data_arr.push(exec_resp)
@@ -699,8 +705,86 @@ module PWN
              :arm_to_write_with_raw,
              :arm_to_write_with_raw_speed_prompts
 
-          cmds_arr = %i[
-          ]
+          if encoding == :iso
+            cmds_arr = %i[
+              load_iso_std_data_for_writing_track1
+              load_iso_std_data_for_writing_track2
+              load_iso_std_data_for_writing_track3
+            ]
+
+            cmds_arr.each_with_index do |cmd, track|
+              puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
+              this_track = track_data[track][:decoded].chars.map do |c|
+                c.unpack1('H*').to_i(16)
+              end
+              this_track_w_eot = this_track + [0x04]
+              puts this_track_w_eot.inspect
+              exec_resp = exec(
+                msr206_obj: msr206_obj,
+                cmd: cmd,
+                params: this_track_w_eot
+              )
+              exec_resp[:encoding] = encoding
+              puts exec_resp[:decoded]
+              puts exec_resp.inspect
+              track_data_arr.push(exec_resp)
+            end
+          end
+
+          # if encoding == :iso_alt
+          #   cmds_arr = %i[
+          #     alt_load_iso_std_data_for_writing_track1
+          #     alt_load_iso_std_data_for_writing_track2
+          #     alt_load_iso_std_data_for_writing_track3
+          #   ]
+
+          #   cmds_arr.each do |cmd|
+          #     puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
+          #     exec_resp = exec(
+          #       msr206_obj: msr206_obj,
+          #       cmd: cmd
+          #     )
+          #     exec_resp[:encoding] = encoding
+          #     puts exec_resp[:decoded]
+          #     puts exec_resp.inspect
+          #     track_data_arr.push(exec_resp)
+          #   end
+          # end
+
+          # if encoding == :raw
+          #   cmds_arr = %i[
+          #     load_custom_data_for_writing_track1
+          #     load_custom_data_for_writing_track2
+          #     load_custom_data_for_writing_track3
+          #   ]
+
+          #   cmds_arr.each do |cmd|
+          #     puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
+          #     exec_resp = exec(
+          #       msr206_obj: msr206_obj,
+          #       cmd: cmd
+          #     )
+          #     exec_resp[:encoding] = encoding
+          #     puts exec_resp[:decoded]
+          #     puts exec_resp.inspect
+          #     track_data_arr.push(exec_resp)
+          #   end
+          # end
+
+          exec_resp = PWN::Plugins::MSR206.exec(
+            msr206_obj: msr206_obj,
+            cmd: type
+          )
+
+          print 'Ready to Write.  Please Swipe Card Now:'
+          loop do
+            exec_resp = parse_responses(
+              msr206_obj: msr206_obj,
+              cmd: type
+            )
+
+            break if exec_resp[:msg] == :ack_command_completed
+          end
         else
           raise "ERROR Unsupported type in #wait_for_swipe - #{type}"
         end
@@ -718,7 +802,6 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::MSR206.read_card(
       #   msr206_obj: 'required - msr206_obj returned from #connect method'
-      #   type: 'required - swipe type :arm_to_read || :arm_to_read_w_speed_prompts || :arm_to_write_no_raw || :arm_to_write_with_raw || :arm_to_write_with_raw_speed_prompts',
       # )
 
       public_class_method def self.read_card(opts = {})
@@ -749,9 +832,240 @@ module PWN
 
         wait_for_swipe(
           msr206_obj: msr206_obj,
-          type: type,
+          type: :arm_to_read,
+          encoding: encoding
+        )
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::MSR206.backup_card(
+      #   msr206_obj: 'required - msr206_obj returned from #connect method'
+      # )
+
+      public_class_method def self.backup_card(opts = {})
+        msr206_obj = opts[:msr206_obj]
+        type = opts[:type].to_s.scrub.strip.chomp.to_sym
+
+        # Read Card to Backup
+        track_data = read_card(
+          msr206_obj: msr206_obj
+        )
+
+        file = ''
+        backup_msg = ''
+        loop do
+          if backup_msg.empty?
+            exec_resp = exec(
+              msr206_obj: msr206_obj,
+              cmd: :green_flash
+            )
+          end
+
+          print 'Enter File Name to Save Backup: '
+          file = gets.scrub.chomp.strip
+          file_dir = File.dirname(file)
+          break if Dir.exist?(file_dir)
+
+          backup_msg = "\n****** ERROR: Directory #{file_dir} for #{file} does not exist ******"
+          puts backup_msg
+          exec_resp = exec(
+            msr206_obj: msr206_obj,
+            cmd: :green_off
+          )
+          exec_resp = exec(
+            msr206_obj: msr206_obj,
+            cmd: :yellow_flash
+          )
+        end
+
+        File.write(file, "#{track_data.to_json}\n")
+        exec_resp = exec(
+          msr206_obj: msr206_obj,
+          cmd: :yellow_off
+        )
+
+        puts 'complete.'
+
+        track_data
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::MSR206.copy_card(
+      #   msr206_obj: 'required - msr206_obj returned from #connect method'
+      # )
+
+      public_class_method def self.copy_card(opts = {})
+        msr206_obj = opts[:msr206_obj]
+
+        # Read Card to Backup
+        track_data = backup_card(
+          msr206_obj: msr206_obj
+        )
+
+        encoding = track_data.first[:encoding] if track_data.length == 3
+        # TODO: Save Original Card Contents
+        track_data = wait_for_swipe(
+          msr206_obj: msr206_obj,
+          type: :arm_to_write_no_raw,
+          encoding: encoding,
+          track_data: track_data
+        )
+
+        puts 'complete.'
+
+        track_data
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::MSR206.load_card_from_file(
+      #   msr206_obj: 'required - msr206_obj returned from #connect method'
+      # )
+
+      public_class_method def self.load_card_from_file(opts = {})
+        msr206_obj = opts[:msr206_obj]
+
+        file = ''
+        restore_msg = ''
+        loop do
+          if restore_msg.empty?
+            exec_resp = exec(
+              msr206_obj: msr206_obj,
+              cmd: :green_flash
+            )
+          end
+
+          print 'Enter File Name to Restore to Card: '
+          file = gets.scrub.chomp.strip
+          break if File.exist?(file)
+
+          restore_msg = "\n****** ERROR: #{file} does not exist ******"
+          puts restore_msg
+          exec_resp = exec(
+            msr206_obj: msr206_obj,
+            cmd: :green_off
+          )
+          exec_resp = exec(
+            msr206_obj: msr206_obj,
+            cmd: :yellow_flash
+          )
+        end
+
+        track_data = JSON.parse(
+          File.read(file),
+          symbolize_names: true
+        )
+
+        exec_resp = exec(
+          msr206_obj: msr206_obj,
+          cmd: :yellow_off
+        )
+
+        # Read Card from Backup
+        encoding = track_data.first[:encoding] if track_data.length == 3
+
+        # TODO: Save Original Card Contents
+        track_data = wait_for_swipe(
+          msr206_obj: msr206_obj,
+          type: :arm_to_write_no_raw,
+          encoding: encoding,
+          track_data: track_data
+        )
+
+        puts 'complete.'
+
+        track_data
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::MSR206.edit_card(
+      #   msr206_obj: 'required - msr206_obj returned from #connect method'
+      # )
+
+      public_class_method def self.edit_card(opts = {})
+        msr206_obj = opts[:msr206_obj]
+
+        # Read Card to Backup
+        track_data = backup_card(
+          msr206_obj: msr206_obj
+        )
+
+        # TODO: Inline Editing
+
+        encoding = track_data.first[:encoding] if track_data.length == 3
+        # TODO: Save Original Card Contents
+        track_data = wait_for_swipe(
+          msr206_obj: msr206_obj,
+          type: :arm_to_write_no_raw,
           encoding: encoding
         )
+
+        puts 'complete.'
+
+        track_data
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::MSR206.get_config(
+      #   msr206_obj: 'required - msr206_obj returned from #connect method'
+      # )
+
+      public_class_method def self.get_config(opts = {})
+        msr206_obj = opts[:msr206_obj]
+
+        # --------------------------------------------------
+        # Bit|Bit = 0                  |Bit = 1
+        # --------------------------------------------------
+        # 0  |Track 1 Read not present |Track 1 Read present
+        # 1  |Track 2 Read not present |Track 2 Read present
+        # 2  |Track 3 Read not present |Track 3 Read present
+        # 3  |not used – should be 0   |not used
+        # 4  |Track 3 Write not present|Track 3 Write present
+        # 5  |Track 2 Write not present|Track 2 Write present
+        # 6  |Track 1 Write not present|Track 1 Write present
+        # 7  |parity bit**             |parity bit**
+        exec_resp = PWN::Plugins::MSR206.exec(
+          msr206_obj: msr206_obj,
+          cmd: :configuration_request
+        )
+
+        config_arr = exec_resp[:binary].first.reverse.chars
+        config_hash = {}
+        config_arr.each_with_index do |bit_str, i|
+          bit = bit_str.to_i
+          config_hash[:track1_read] = false if bit.zero? && i.zero?
+          config_hash[:track1_read] = true if bit == 1 && i.zero?
+
+          config_hash[:track2_read] = false if bit.zero? && i == 1
+          config_hash[:track2_read] = true if bit == 1 && i == 1
+
+          config_hash[:track3_read] = false if bit.zero? && i == 2
+          config_hash[:track3_read] = true if bit == 1 && i == 2
+
+          config_hash[:not_used] if i == 3
+
+          config_hash[:track1_write] = false if bit.zero? && i == 4
+          config_hash[:track1_write] = true if bit == 1 && i == 4
+
+          config_hash[:track2_write] = false if bit.zero? && i == 5
+          config_hash[:track2_write] = true if bit == 1 && i == 5
+
+          config_hash[:track3_write] = false if bit.zero? && i == 6
+          config_hash[:track3_write] = true if bit == 1 && i == 6
+
+          config_hash[:parity] = true if bit == 1 && i == 7
+        end
+
+        config_hash
       rescue StandardError => e
         raise e
       end

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.477'
+  VERSION = '0.4.478'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.477
+  version: 0.4.478
 platform: ruby
 authors:
 - 0day Inc.
@@ -310,14 +310,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: 2.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: 2.4.0
 - !ruby/object:Gem::Dependency
   name: luhn
   requirement: !ruby/object:Gem::Requirement