pwn 0.4.479 → 0.4.482
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +2 -2
- data/bin/pwn_serial_msr206 +0 -15
- data/lib/pwn/plugins/msr206.rb +156 -87
- data/lib/pwn/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 54dd1a8b28d45a1616960225db556b4378c80f0a786985b63a1a2cf967245968
|
|
4
|
+
data.tar.gz: ff5ab778b15f78de803c1a65d7a30be89e139dbc010f78e764de03fdb93dce8a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 99b9dc25e7728a72bbd545e319c91ba0893b5317a088ac22a26bd7223818b5b0adb2bea31712fd6f480ca6b5b26ec10005866896d652d17042390c86f731177d
|
|
7
|
+
data.tar.gz: b1cb96c6f46add465d909ac0bfc6c58cfc31504932f134450326b740e5a7ad7eb1f99eaf43f410822f8c7d1eaa9d71710d352c1e8e6961769ed8369f39c4a53e
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.482]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.482]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
data/bin/pwn_serial_msr206
CHANGED
|
@@ -101,7 +101,6 @@ begin
|
|
|
101
101
|
puts '[(B)ackup Card]'
|
|
102
102
|
puts '[(C)opy Card]'
|
|
103
103
|
puts '[(L)oad Card from File]'
|
|
104
|
-
puts '[(E)dit Card]'
|
|
105
104
|
puts '[(W)arm Reset]'
|
|
106
105
|
puts '[(Q)uit]'
|
|
107
106
|
puts menu_msg
|
|
@@ -112,38 +111,24 @@ begin
|
|
|
112
111
|
case option
|
|
113
112
|
when :R
|
|
114
113
|
menu_msg = 'READ CARD'
|
|
115
|
-
# Read Card
|
|
116
114
|
track_data = PWN::Plugins::MSR206.read_card(
|
|
117
115
|
msr206_obj: msr206_obj
|
|
118
116
|
)
|
|
119
117
|
when :B
|
|
120
118
|
menu_msg = 'BACKUP CARD TO FILE'
|
|
121
|
-
# Read Card to Backup
|
|
122
119
|
track_data = PWN::Plugins::MSR206.backup_card(
|
|
123
120
|
msr206_obj: msr206_obj
|
|
124
121
|
)
|
|
125
122
|
when :C
|
|
126
123
|
menu_msg = 'COPY CARD'
|
|
127
|
-
# Copy Card
|
|
128
124
|
track_data = PWN::Plugins::MSR206.copy_card(
|
|
129
125
|
msr206_obj: msr206_obj
|
|
130
126
|
)
|
|
131
127
|
when :L
|
|
132
128
|
menu_msg = 'LOAD FROM FILE'
|
|
133
|
-
# Read Card to Backup
|
|
134
129
|
track_data = PWN::Plugins::MSR206.load_card_from_file(
|
|
135
130
|
msr206_obj: msr206_obj
|
|
136
131
|
)
|
|
137
|
-
when :E
|
|
138
|
-
menu_msg = 'EDIT'
|
|
139
|
-
# Read Target Card
|
|
140
|
-
track_data = PWN::Plugins::MSR206.edit_card(
|
|
141
|
-
msr206_obj: msr206_obj
|
|
142
|
-
)
|
|
143
|
-
|
|
144
|
-
# TODO: Save Original Card Contents
|
|
145
|
-
# arm_to_write card to edit
|
|
146
|
-
# read edited card to verify successful write
|
|
147
132
|
when :W
|
|
148
133
|
menu_msg = 'WARM RESET'
|
|
149
134
|
exec_resp = PWN::Plugins::MSR206.exec(
|
data/lib/pwn/plugins/msr206.rb
CHANGED
|
@@ -613,6 +613,7 @@ module PWN
|
|
|
613
613
|
msr206_obj: msr206_obj,
|
|
614
614
|
cmd: type
|
|
615
615
|
)
|
|
616
|
+
puts exec_resp.inspect
|
|
616
617
|
|
|
617
618
|
print 'Ready to Read. Please Swipe Card Now:'
|
|
618
619
|
loop do
|
|
@@ -621,6 +622,7 @@ module PWN
|
|
|
621
622
|
cmd: type
|
|
622
623
|
)
|
|
623
624
|
|
|
625
|
+
puts exec_resp[:msg]
|
|
624
626
|
break if exec_resp[:msg] == :ack_command_completed
|
|
625
627
|
end
|
|
626
628
|
|
|
@@ -660,6 +662,7 @@ module PWN
|
|
|
660
662
|
params: [param]
|
|
661
663
|
)
|
|
662
664
|
exec_resp[:encoding] = encoding
|
|
665
|
+
exec_resp[:track_format] = [param]
|
|
663
666
|
puts exec_resp[:decoded]
|
|
664
667
|
puts exec_resp.inspect
|
|
665
668
|
track_data_arr.push(exec_resp)
|
|
@@ -685,17 +688,20 @@ module PWN
|
|
|
685
688
|
params: [param]
|
|
686
689
|
)
|
|
687
690
|
exec_resp[:encoding] = encoding
|
|
691
|
+
exec_resp[:track_format] = [param]
|
|
688
692
|
puts exec_resp[:decoded]
|
|
689
693
|
puts exec_resp.inspect
|
|
690
694
|
track_data_arr.push(exec_resp)
|
|
691
695
|
|
|
692
696
|
# 3 byte command
|
|
697
|
+
param = [0x5f] + [param]
|
|
693
698
|
exec_resp = exec(
|
|
694
699
|
msr206_obj: msr206_obj,
|
|
695
700
|
cmd: cmd,
|
|
696
|
-
params:
|
|
701
|
+
params: param
|
|
697
702
|
)
|
|
698
703
|
exec_resp[:encoding] = encoding
|
|
704
|
+
exec_resp[:track_format] = param
|
|
699
705
|
puts exec_resp[:decoded]
|
|
700
706
|
puts exec_resp.inspect
|
|
701
707
|
track_data_arr.push(exec_resp)
|
|
@@ -706,6 +712,9 @@ module PWN
|
|
|
706
712
|
:arm_to_write_with_raw,
|
|
707
713
|
:arm_to_write_with_raw_speed_prompts
|
|
708
714
|
|
|
715
|
+
# TODO: Set Write Density for Tracks Here
|
|
716
|
+
# >>>
|
|
717
|
+
|
|
709
718
|
if encoding == :iso
|
|
710
719
|
cmds_arr = %i[
|
|
711
720
|
load_iso_std_data_for_writing_track1
|
|
@@ -713,69 +722,96 @@ module PWN
|
|
|
713
722
|
load_iso_std_data_for_writing_track3
|
|
714
723
|
]
|
|
715
724
|
|
|
725
|
+
# TODO: Get Data by cmd (e.g. load_iso_std_data_for_writing_track1)
|
|
716
726
|
cmds_arr.each_with_index do |cmd, track|
|
|
717
727
|
puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
|
|
728
|
+
puts track_data[track][:decoded]
|
|
729
|
+
next if track_data[track][:decoded] == '+'
|
|
730
|
+
|
|
718
731
|
this_track = track_data[track][:decoded].chars.map do |c|
|
|
719
732
|
c.unpack1('H*').to_i(16)
|
|
720
733
|
end
|
|
721
|
-
|
|
722
|
-
|
|
734
|
+
track_eot = [0x04]
|
|
735
|
+
track_payload = this_track + track_eot
|
|
736
|
+
puts track_payload.inspect
|
|
723
737
|
exec_resp = exec(
|
|
724
738
|
msr206_obj: msr206_obj,
|
|
725
739
|
cmd: cmd,
|
|
726
|
-
params:
|
|
740
|
+
params: track_payload
|
|
741
|
+
)
|
|
742
|
+
exec_resp[:encoding] = encoding
|
|
743
|
+
puts exec_resp.inspect
|
|
744
|
+
track_data_arr.push(exec_resp)
|
|
745
|
+
end
|
|
746
|
+
end
|
|
747
|
+
|
|
748
|
+
if encoding == :iso_alt
|
|
749
|
+
cmds_arr = %i[
|
|
750
|
+
alt_load_iso_std_data_for_writing_track1
|
|
751
|
+
alt_load_iso_std_data_for_writing_track2
|
|
752
|
+
alt_load_iso_std_data_for_writing_track3
|
|
753
|
+
]
|
|
754
|
+
|
|
755
|
+
# TODO: Get Data by cmd (e.g. alt_load_iso_std_data_for_writing_track1)
|
|
756
|
+
cmds_arr.each_with_index do |cmd, track|
|
|
757
|
+
puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
|
|
758
|
+
puts track_data[track][:decoded]
|
|
759
|
+
next if track_data[track][:decoded] == '+'
|
|
760
|
+
|
|
761
|
+
this_track = track_data[track][:decoded].chars.map do |c|
|
|
762
|
+
c.unpack1('H*').to_i(16)
|
|
763
|
+
end
|
|
764
|
+
track_format = track_data[track][:track_format]
|
|
765
|
+
track_eot = [0x04]
|
|
766
|
+
track_payload = track_format + this_track + track_eot
|
|
767
|
+
puts track_payload.inspect
|
|
768
|
+
exec_resp = exec(
|
|
769
|
+
msr206_obj: msr206_obj,
|
|
770
|
+
cmd: cmd,
|
|
771
|
+
params: track_payload
|
|
727
772
|
)
|
|
728
773
|
exec_resp[:encoding] = encoding
|
|
729
|
-
puts exec_resp[:decoded]
|
|
730
774
|
puts exec_resp.inspect
|
|
731
775
|
track_data_arr.push(exec_resp)
|
|
732
776
|
end
|
|
733
777
|
end
|
|
734
778
|
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
# msr206_obj: msr206_obj,
|
|
766
|
-
# cmd: cmd
|
|
767
|
-
# )
|
|
768
|
-
# exec_resp[:encoding] = encoding
|
|
769
|
-
# puts exec_resp[:decoded]
|
|
770
|
-
# puts exec_resp.inspect
|
|
771
|
-
# track_data_arr.push(exec_resp)
|
|
772
|
-
# end
|
|
773
|
-
# end
|
|
779
|
+
if encoding == :raw
|
|
780
|
+
cmds_arr = %i[
|
|
781
|
+
load_custom_data_for_writing_track1
|
|
782
|
+
load_custom_data_for_writing_track2
|
|
783
|
+
load_custom_data_for_writing_track3
|
|
784
|
+
]
|
|
785
|
+
|
|
786
|
+
# TODO: Get Data by cmd (e.g. load_custom_data_for_writing_track1)
|
|
787
|
+
cmds_arr.each_with_index do |cmd, track|
|
|
788
|
+
puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
|
|
789
|
+
puts track_data[track][:decoded]
|
|
790
|
+
next if track_data[track][:decoded] == '+'
|
|
791
|
+
|
|
792
|
+
this_track = track_data[track][:decoded].chars.map do |c|
|
|
793
|
+
c.unpack1('H*').to_i(16)
|
|
794
|
+
end
|
|
795
|
+
track_format = track_data[track][:track_format]
|
|
796
|
+
track_eot = [0x04]
|
|
797
|
+
track_payload = track_format + this_track + track_eot
|
|
798
|
+
puts track_payload.inspect
|
|
799
|
+
exec_resp = exec(
|
|
800
|
+
msr206_obj: msr206_obj,
|
|
801
|
+
cmd: cmd,
|
|
802
|
+
params: track_payload
|
|
803
|
+
)
|
|
804
|
+
exec_resp[:encoding] = encoding
|
|
805
|
+
puts exec_resp.inspect
|
|
806
|
+
track_data_arr.push(exec_resp)
|
|
807
|
+
end
|
|
808
|
+
end
|
|
774
809
|
|
|
775
810
|
exec_resp = PWN::Plugins::MSR206.exec(
|
|
776
811
|
msr206_obj: msr206_obj,
|
|
777
812
|
cmd: type
|
|
778
813
|
)
|
|
814
|
+
puts exec_resp.inspect
|
|
779
815
|
|
|
780
816
|
print 'Ready to Write. Please Swipe Card Now:'
|
|
781
817
|
loop do
|
|
@@ -887,7 +923,80 @@ module PWN
|
|
|
887
923
|
cmd: :yellow_off
|
|
888
924
|
)
|
|
889
925
|
|
|
890
|
-
|
|
926
|
+
track_data
|
|
927
|
+
rescue StandardError => e
|
|
928
|
+
raise e
|
|
929
|
+
end
|
|
930
|
+
|
|
931
|
+
# Supported Method Parameters::
|
|
932
|
+
# PWN::Plugins::MSR206.write_card(
|
|
933
|
+
# msr206_obj: 'required - msr206_obj returned from #connect method',
|
|
934
|
+
# encoding: 'required - :iso || :alt_iso || :raw',
|
|
935
|
+
# track_data: 'requred - track data to write (see #backup_card for structure)'
|
|
936
|
+
# )
|
|
937
|
+
|
|
938
|
+
public_class_method def self.write_card(opts = {})
|
|
939
|
+
msr206_obj = opts[:msr206_obj]
|
|
940
|
+
encoding = opts[:encoding].to_s.scrub.strip.chomp.to_sym
|
|
941
|
+
track_data = opts[:track_data]
|
|
942
|
+
|
|
943
|
+
puts 'IN ORDER TO GET BLANK TRACKS, A STRONG MAGNETIC FIELD MUST BE PRESENT TO FIRST WIPE THE CARD TARGETED FOR WRITING.'
|
|
944
|
+
# puts 'Default Write Current:'
|
|
945
|
+
# exec_resp = exec(
|
|
946
|
+
# msr206_obj: msr206_obj,
|
|
947
|
+
# cmd: :view_default_write_current
|
|
948
|
+
# )
|
|
949
|
+
# puts exec_resp.inspect
|
|
950
|
+
|
|
951
|
+
# puts 'Temporary Write Current:'
|
|
952
|
+
# exec_resp = exec(
|
|
953
|
+
# msr206_obj: msr206_obj,
|
|
954
|
+
# cmd: :view_temp_write_current
|
|
955
|
+
# )
|
|
956
|
+
# puts exec_resp.inspect
|
|
957
|
+
|
|
958
|
+
coercivity = :waiting_for_selection
|
|
959
|
+
loop do
|
|
960
|
+
puts "\nCOERCIVITY OPTIONS:"
|
|
961
|
+
puts '[(H)igh (Most Often Black Stripe)]'
|
|
962
|
+
puts '[(L)ow (Most Often Brown Stripe)]'
|
|
963
|
+
print 'COERCIVITY LEVEL >>> '
|
|
964
|
+
coercivity_choice = gets.scrub.chomp.strip.upcase.to_sym
|
|
965
|
+
|
|
966
|
+
# Write Current Settings vs. Media Coercivties
|
|
967
|
+
# Media Coercivity (Oersteds)|Write Current Setting*|Typical Usage
|
|
968
|
+
# 300 |36 |Low coercivity
|
|
969
|
+
# 600 | |
|
|
970
|
+
# 1800 | |
|
|
971
|
+
# 3600+ |255 |Typical high corcivity
|
|
972
|
+
|
|
973
|
+
case coercivity_choice
|
|
974
|
+
when :H
|
|
975
|
+
coercivity = [0x32, 0x35, 0x35]
|
|
976
|
+
break
|
|
977
|
+
when :L
|
|
978
|
+
coercivity = [0x30, 0x33, 0x36]
|
|
979
|
+
break
|
|
980
|
+
end
|
|
981
|
+
end
|
|
982
|
+
|
|
983
|
+
exec_resp = exec(
|
|
984
|
+
msr206_obj: msr206_obj,
|
|
985
|
+
cmd: :set_temp_write_current,
|
|
986
|
+
params: coercivity
|
|
987
|
+
)
|
|
988
|
+
|
|
989
|
+
track_data = wait_for_swipe(
|
|
990
|
+
msr206_obj: msr206_obj,
|
|
991
|
+
type: :arm_to_write_no_raw,
|
|
992
|
+
encoding: encoding,
|
|
993
|
+
track_data: track_data
|
|
994
|
+
)
|
|
995
|
+
|
|
996
|
+
exec_resp = PWN::Plugins::MSR206.exec(
|
|
997
|
+
msr206_obj: msr206_obj,
|
|
998
|
+
cmd: :simulate_power_cycle_warm_reset
|
|
999
|
+
)
|
|
891
1000
|
|
|
892
1001
|
track_data
|
|
893
1002
|
rescue StandardError => e
|
|
@@ -909,16 +1018,11 @@ module PWN
|
|
|
909
1018
|
|
|
910
1019
|
encoding = track_data.first[:encoding] if track_data.length == 3
|
|
911
1020
|
# TODO: Save Original Card Contents
|
|
912
|
-
|
|
1021
|
+
write_card(
|
|
913
1022
|
msr206_obj: msr206_obj,
|
|
914
|
-
type: :arm_to_write_no_raw,
|
|
915
1023
|
encoding: encoding,
|
|
916
1024
|
track_data: track_data
|
|
917
1025
|
)
|
|
918
|
-
|
|
919
|
-
puts 'complete.'
|
|
920
|
-
|
|
921
|
-
track_data
|
|
922
1026
|
rescue StandardError => e
|
|
923
1027
|
raise e
|
|
924
1028
|
end
|
|
@@ -971,46 +1075,11 @@ module PWN
|
|
|
971
1075
|
encoding = track_data.first[:encoding] if track_data.length == 3
|
|
972
1076
|
|
|
973
1077
|
# TODO: Save Original Card Contents
|
|
974
|
-
|
|
1078
|
+
write_card(
|
|
975
1079
|
msr206_obj: msr206_obj,
|
|
976
|
-
type: :arm_to_write_no_raw,
|
|
977
1080
|
encoding: encoding,
|
|
978
1081
|
track_data: track_data
|
|
979
1082
|
)
|
|
980
|
-
|
|
981
|
-
puts 'complete.'
|
|
982
|
-
|
|
983
|
-
track_data
|
|
984
|
-
rescue StandardError => e
|
|
985
|
-
raise e
|
|
986
|
-
end
|
|
987
|
-
|
|
988
|
-
# Supported Method Parameters::
|
|
989
|
-
# PWN::Plugins::MSR206.edit_card(
|
|
990
|
-
# msr206_obj: 'required - msr206_obj returned from #connect method'
|
|
991
|
-
# )
|
|
992
|
-
|
|
993
|
-
public_class_method def self.edit_card(opts = {})
|
|
994
|
-
msr206_obj = opts[:msr206_obj]
|
|
995
|
-
|
|
996
|
-
# Read Card to Backup
|
|
997
|
-
track_data = backup_card(
|
|
998
|
-
msr206_obj: msr206_obj
|
|
999
|
-
)
|
|
1000
|
-
|
|
1001
|
-
# TODO: Inline Editing
|
|
1002
|
-
|
|
1003
|
-
encoding = track_data.first[:encoding] if track_data.length == 3
|
|
1004
|
-
# TODO: Save Original Card Contents
|
|
1005
|
-
track_data = wait_for_swipe(
|
|
1006
|
-
msr206_obj: msr206_obj,
|
|
1007
|
-
type: :arm_to_write_no_raw,
|
|
1008
|
-
encoding: encoding
|
|
1009
|
-
)
|
|
1010
|
-
|
|
1011
|
-
puts 'complete.'
|
|
1012
|
-
|
|
1013
|
-
track_data
|
|
1014
1083
|
rescue StandardError => e
|
|
1015
1084
|
raise e
|
|
1016
1085
|
end
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.482
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -310,14 +310,14 @@ dependencies:
|
|
|
310
310
|
requirements:
|
|
311
311
|
- - '='
|
|
312
312
|
- !ruby/object:Gem::Version
|
|
313
|
-
version: 2.4.
|
|
313
|
+
version: 2.4.1
|
|
314
314
|
type: :runtime
|
|
315
315
|
prerelease: false
|
|
316
316
|
version_requirements: !ruby/object:Gem::Requirement
|
|
317
317
|
requirements:
|
|
318
318
|
- - '='
|
|
319
319
|
- !ruby/object:Gem::Version
|
|
320
|
-
version: 2.4.
|
|
320
|
+
version: 2.4.1
|
|
321
321
|
- !ruby/object:Gem::Dependency
|
|
322
322
|
name: luhn
|
|
323
323
|
requirement: !ruby/object:Gem::Requirement
|