pwn 0.4.458 → 0.4.459
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/pwn/plugins/msr206.rb +166 -66
- data/lib/pwn/plugins/son_micro_rfid.rb +1 -1
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 34af764fdd574b15da3c45adb4097933e47a3aaca2de6dcb4c8f8005b6608f1d
|
4
|
+
data.tar.gz: 5bf7e7551c6c62d12a2c2811493034ba31a0545f59aa3a72483aa3701b04b626
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 95f9def16df7e14a69731c08b4b7f4d3cf5e9e2e4b2c618b7c5b75dfba4bbbeed142f2aa03328ef3412c8bc95bc5ee87292ded504adc2d50d197113ce80c648d
|
7
|
+
data.tar.gz: 98d0f7cc871533e29b2c1321ae65ef48f56be4debc0bad1cb0617504567e0b12adf1d363c295746c5c1241c3666b42e95a46eaded7028467228cb799d0a33416
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.459]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.459]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/lib/pwn/plugins/msr206.rb
CHANGED
@@ -88,6 +88,98 @@ module PWN
|
|
88
88
|
raise e
|
89
89
|
end
|
90
90
|
|
91
|
+
# Supported Method Parameters::
|
92
|
+
# cmd_response_arr = get_cmd_responses(
|
93
|
+
# msr206_obj: 'required - msr206_obj returned from #connect method'
|
94
|
+
# )
|
95
|
+
|
96
|
+
public_class_method def self.get_cmd_responses(opts = {})
|
97
|
+
msr206_obj = opts[:msr206_obj]
|
98
|
+
|
99
|
+
raw_byte_arr = PWN::Plugins::Serial.dump_session_data(
|
100
|
+
serial_obj: msr206_obj
|
101
|
+
)
|
102
|
+
|
103
|
+
hex_esc_raw_resp = ''
|
104
|
+
raw_byte_arr.each do |byte|
|
105
|
+
this_byte = byte.unpack1('H*')
|
106
|
+
# Needed when #unpack1 returns 2 bytes instead of one
|
107
|
+
# e.g."ް" translates to deb0 (that's not a double quote ")
|
108
|
+
# instead of de b0
|
109
|
+
# this condition is ghetto-hacker-ish.
|
110
|
+
if this_byte.length == 4
|
111
|
+
byte_one = this_byte[1..2]
|
112
|
+
byte_two = this_byte[-2..-1]
|
113
|
+
hex_esc_raw_resp = "#{hex_esc_raw_resp}\s#{byte_one}"
|
114
|
+
hex_esc_raw_resp = "#{hex_esc_raw_resp}\s#{byte_two}"
|
115
|
+
else
|
116
|
+
hex_esc_raw_resp = "#{hex_esc_raw_resp}\s#{this_byte}"
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
# Return command response array in space-delimited hex
|
121
|
+
cmd_response_arr = hex_esc_raw_resp.upcase.strip.split(/(?=FF)/)
|
122
|
+
cmd_response_arr.map(&:strip)
|
123
|
+
rescue StandardError => e
|
124
|
+
# Flush Responses for Next Request
|
125
|
+
PWN::Plugins::Serial.flush_session_data(
|
126
|
+
serial_obj: msr206_obj
|
127
|
+
)
|
128
|
+
|
129
|
+
raise e
|
130
|
+
end
|
131
|
+
|
132
|
+
# Supported Method Parameters::
|
133
|
+
# parsed_cmd_resp_arr = parse_responses(
|
134
|
+
# cmd_resp: 'required - command response string'
|
135
|
+
# )
|
136
|
+
|
137
|
+
private_class_method def self.parse_responses(opts = {})
|
138
|
+
msr206_obj = opts[:msr206_obj]
|
139
|
+
cmd = opts[:cmd].to_s.scrub.strip.chomp
|
140
|
+
|
141
|
+
keep_parsing_responses = true
|
142
|
+
next_response_detected = false
|
143
|
+
all_cmd_responses = []
|
144
|
+
a_cmd_r_len = 0
|
145
|
+
last_a_cmd_r_len = 0
|
146
|
+
|
147
|
+
parsed_cmd_resp_arr = []
|
148
|
+
bytes_in_cmd_resp = 0
|
149
|
+
cmd_resp = ''
|
150
|
+
|
151
|
+
while keep_parsing_responses
|
152
|
+
until next_response_detected
|
153
|
+
all_cmd_responses = get_cmd_responses(
|
154
|
+
msr206_obj: msr206_obj
|
155
|
+
)
|
156
|
+
# bytes_in_cmd_resp = cmd_resp.split.length if cmd_resp
|
157
|
+
a_cmd_r_len = all_cmd_responses.length
|
158
|
+
|
159
|
+
next_response_detected = true if a_cmd_r_len > last_a_cmd_r_len
|
160
|
+
end
|
161
|
+
|
162
|
+
# cmd_resp = all_cmd_responses.last
|
163
|
+
# case cmd_resp
|
164
|
+
# when '21', '28', '29', '2A', '2B', '2D', '2F', '3A', '31', '32', '33', '3E', '3F', '5E', '7E', '98 FE'
|
165
|
+
# next_response_detected = true
|
166
|
+
# end
|
167
|
+
next_response_detected = false
|
168
|
+
last_a_cmd_r_len = a_cmd_r_len
|
169
|
+
print "\n"
|
170
|
+
keep_parsing_responses = false
|
171
|
+
end
|
172
|
+
|
173
|
+
all_cmd_responses
|
174
|
+
rescue StandardError => e
|
175
|
+
raise e
|
176
|
+
ensure
|
177
|
+
# Flush Responses for Next Request
|
178
|
+
PWN::Plugins::Serial.flush_session_data(
|
179
|
+
serial_obj: msr206_obj
|
180
|
+
)
|
181
|
+
end
|
182
|
+
|
91
183
|
# Supported Method Parameters::
|
92
184
|
# PWN::Plugins::MSR206.exec(
|
93
185
|
# msr206_obj: 'required - msr206_obj returned from #connect method'
|
@@ -101,70 +193,76 @@ module PWN
|
|
101
193
|
|
102
194
|
params_bytes = []
|
103
195
|
case cmd.to_sym
|
104
|
-
when :version_report
|
105
|
-
cmd_bytes = [0x39]
|
106
|
-
when :simulate_power_cycle_warm_reset
|
107
|
-
cmd_bytes = [0x7F]
|
108
|
-
when :configuration_request
|
109
|
-
cmd_bytes = [0x23]
|
110
|
-
when :reproduce_last_command
|
111
|
-
cmd_bytes = [0x25]
|
112
196
|
when :resume_transmission_to_host
|
113
197
|
cmd_bytes = [0x11]
|
114
198
|
when :pause_transmission_to_host
|
115
199
|
cmd_bytes = [0x13]
|
116
200
|
when :abort_command
|
117
201
|
cmd_bytes = [0x1B]
|
118
|
-
when :
|
119
|
-
cmd_bytes = [
|
120
|
-
when :
|
121
|
-
cmd_bytes = [
|
122
|
-
when :
|
123
|
-
cmd_bytes = [
|
124
|
-
when :green_on
|
125
|
-
cmd_bytes = [0x4C]
|
126
|
-
when :green_off
|
127
|
-
cmd_bytes = [0x6C]
|
202
|
+
when :configuration_request
|
203
|
+
cmd_bytes = [0x23]
|
204
|
+
when :reproduce_last_command
|
205
|
+
cmd_bytes = [0x25]
|
206
|
+
when :card_edge_detect
|
207
|
+
cmd_bytes = [0x26]
|
128
208
|
when :green_flash
|
129
209
|
cmd_bytes = [0x28]
|
210
|
+
when :red_flash
|
211
|
+
cmd_bytes = [0x29]
|
212
|
+
when :version_report
|
213
|
+
cmd_bytes = [0x39]
|
214
|
+
when :power_on_report
|
215
|
+
cmd_bytes = [0x3A]
|
216
|
+
when :set_write_density
|
217
|
+
cmd_bytes = [0x3B]
|
218
|
+
when :set_temp_write_current
|
219
|
+
cmd_bytes = [0x3C]
|
220
|
+
when :view_temp_write_current
|
221
|
+
cmd_bytes = [0x3E]
|
222
|
+
when :write_verify
|
223
|
+
cmd_bytes = [0x3F]
|
224
|
+
when :arm_to_write_with_raw
|
225
|
+
cmd_bytes = [0x40]
|
226
|
+
when :load_iso_std_data_for_writing_track1
|
227
|
+
cmd_bytes = [0x41]
|
228
|
+
when :load_iso_std_data_for_writing_track2
|
229
|
+
cmd_bytes = [0x42]
|
230
|
+
when :load_iso_std_data_for_writing_track3
|
231
|
+
cmd_bytes = [0x43]
|
232
|
+
when :tx_custom_data_forward_track1, :load_custom_data_for_writing_track1
|
233
|
+
cmd_bytes = [0x45]
|
234
|
+
when :tx_custom_data_forward_track2, :load_custom_data_for_writing_track2
|
235
|
+
cmd_bytes = [0x46]
|
236
|
+
when :tx_custom_data_forward_track3, :load_custom_data_for_writing_track3
|
237
|
+
cmd_bytes = [0x47]
|
238
|
+
when :tx_error_data
|
239
|
+
cmd_bytes = [0x49]
|
130
240
|
when :yellow_on
|
131
241
|
cmd_bytes = [0x4B]
|
132
|
-
when :
|
133
|
-
cmd_bytes = [
|
134
|
-
when :
|
135
|
-
cmd_bytes = [
|
242
|
+
when :green_on
|
243
|
+
cmd_bytes = [0x4C]
|
244
|
+
when :red_on
|
245
|
+
cmd_bytes = [0x4D]
|
246
|
+
when :set_write_density_210_bpi_tracks2
|
247
|
+
cmd_bytes = [0x4E]
|
248
|
+
when :set_write_density_210_bpi_tracks13
|
249
|
+
cmd_bytes = [0x4F]
|
136
250
|
when :arm_to_read
|
137
251
|
cmd_bytes = [0x50]
|
138
|
-
when :arm_to_read_w_speed_prompts
|
139
|
-
cmd_bytes = [0x70]
|
140
252
|
when :tx_iso_std_data_track1
|
141
253
|
cmd_bytes = [0x51]
|
142
254
|
when :tx_iso_std_data_track2
|
143
255
|
cmd_bytes = [0x52]
|
144
256
|
when :tx_iso_std_data_track3
|
145
257
|
cmd_bytes = [0x53]
|
146
|
-
when :tx_error_data
|
147
|
-
cmd_bytes = [0x49]
|
148
|
-
when :tx_custom_data_forward_track1, :load_custom_data_for_writing_track1
|
149
|
-
cmd_bytes = [0x45]
|
150
|
-
when :tx_custom_data_forward_track2, :load_custom_data_for_writing_track2
|
151
|
-
cmd_bytes = [0x46]
|
152
|
-
when :tx_custom_data_forward_track3, :load_custom_data_for_writing_track3
|
153
|
-
cmd_bytes = [0x47]
|
154
258
|
when :tx_passbook_data
|
155
259
|
cmd_bytes = [0x58]
|
156
|
-
when :
|
157
|
-
cmd_bytes = [
|
158
|
-
when :
|
159
|
-
cmd_bytes = [
|
160
|
-
when :
|
161
|
-
cmd_bytes = [
|
162
|
-
when :load_iso_std_data_for_writing_track1
|
163
|
-
cmd_bytes = [0x41]
|
164
|
-
when :load_iso_std_data_for_writing_track2
|
165
|
-
cmd_bytes = [0x42]
|
166
|
-
when :load_iso_std_data_for_writing_track3
|
167
|
-
cmd_bytes = [0x43]
|
260
|
+
when :arm_to_write_no_raw
|
261
|
+
cmd_bytes = [0x5A]
|
262
|
+
when :set_default_write_current
|
263
|
+
cmd_bytes = [0x5B]
|
264
|
+
when :view_default_write_current
|
265
|
+
cmd_bytes = [0x5D]
|
168
266
|
when :alt_load_iso_std_data_for_writing_track1
|
169
267
|
cmd_bytes = [0x61]
|
170
268
|
when :alt_load_iso_std_data_for_writing_track2
|
@@ -173,30 +271,32 @@ module PWN
|
|
173
271
|
cmd_bytes = [0x63]
|
174
272
|
when :load_passbook_data_for_writing
|
175
273
|
cmd_bytes = [0x6A]
|
176
|
-
when :
|
177
|
-
cmd_bytes = [
|
178
|
-
when :
|
179
|
-
cmd_bytes = [
|
180
|
-
when :
|
181
|
-
cmd_bytes = [
|
182
|
-
when :set_write_density_210_bpi_tracks2
|
183
|
-
cmd_bytes = [0x4E]
|
274
|
+
when :yellow_off
|
275
|
+
cmd_bytes = [0x6B]
|
276
|
+
when :green_off
|
277
|
+
cmd_bytes = [0x6C]
|
278
|
+
when :red_off
|
279
|
+
cmd_bytes = [0x6D]
|
184
280
|
when :set_write_density_75_bpi_tracks2
|
185
281
|
cmd_bytes = [0x6E]
|
186
|
-
when :
|
187
|
-
cmd_bytes = [
|
188
|
-
when :
|
189
|
-
cmd_bytes = [
|
190
|
-
when :
|
191
|
-
cmd_bytes = [
|
192
|
-
when :
|
193
|
-
cmd_bytes = [
|
194
|
-
when :
|
195
|
-
cmd_bytes = [
|
196
|
-
when :
|
197
|
-
cmd_bytes = [
|
282
|
+
when :set_write_density_75_bpi_tracks13
|
283
|
+
cmd_bytes = [0x6F]
|
284
|
+
when :arm_to_read_w_speed_prompts
|
285
|
+
cmd_bytes = [0x70]
|
286
|
+
when :alt_tx_iso_std_data_track1
|
287
|
+
cmd_bytes = [0x71]
|
288
|
+
when :alt_tx_iso_std_data_track2
|
289
|
+
cmd_bytes = [0x72]
|
290
|
+
when :alt_tx_iso_std_data_track3
|
291
|
+
cmd_bytes = [0x73]
|
292
|
+
when :alt_tx_passbook_data
|
293
|
+
cmd_bytes = [0x78]
|
198
294
|
when :arm_to_write_with_raw_speed_prompts
|
199
295
|
cmd_bytes = [0x7A]
|
296
|
+
when :yellow_flash
|
297
|
+
cmd_bytes = [0x7C]
|
298
|
+
when :simulate_power_cycle_warm_reset
|
299
|
+
cmd_bytes = [0x7F]
|
200
300
|
else
|
201
301
|
raise "Unsupported Command: #{cmd}. Supported commands are:\n#{list_cmds}\n\n\n"
|
202
302
|
end
|
@@ -205,13 +305,13 @@ module PWN
|
|
205
305
|
cmd_bytes += params_bytes unless params_bytes.empty?
|
206
306
|
# Execute the command.
|
207
307
|
cmd_bytes.each do |byte|
|
208
|
-
|
308
|
+
msr206_obj[:serial_conn].putc(byte)
|
209
309
|
end
|
210
310
|
|
211
311
|
# Parse commands response(s).
|
212
312
|
# Return an array of hashes.
|
213
313
|
parse_responses(
|
214
|
-
|
314
|
+
msr206_obj: msr206_obj,
|
215
315
|
cmd: cmd.to_sym
|
216
316
|
)
|
217
317
|
rescue StandardError => e
|
data/lib/pwn/version.rb
CHANGED