-
Notifications
You must be signed in to change notification settings - Fork 0
/
autohacker.cpp
75 lines (65 loc) · 2.32 KB
/
autohacker.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#include "autohacker.h"
AutoHacker::AutoHacker()
{
}
void AutoHacker::hack(DlmsApdu *a,
int maxresults,
int systitle_min,
int systitle_max,
int spce_systitle_framectr_max,
int spce_framectr_enc_max,
int threshold_entries,
unsigned char * key,
bool decode)
{
apdu = a;
num_results = 0;
iteration = 0;
int stop = 0;
for(int i = 0; i<(systitle_max - systitle_min) && !stop; i++)
for(int j = 0; j<spce_systitle_framectr_max && !stop; j++)
for(int k = 0; k<spce_framectr_enc_max && !stop; k++)
{
// -8 : min 8 bytes to decrypt
if((apdu->buf_raw.len()-2-8 -(i + systitle_min)) >
(i + systitle_min + 8 + j + 4 + k)) {
apdu->decrypt(
i + systitle_min,
i + systitle_min + 8 + j,
i + systitle_min + 8 + j + 4 + k,
apdu->buf_raw.len() - 2,
key
);
// printf("iteration: %d: %02x\n",
// iteration,
// apdu->buf_decrypted.byte_at(0));
if(
( decode &&
(apdu->scan_octetstrings(apdu->buf_decrypted.buf(),
apdu->buf_decrypted.len())
>= threshold_entries)
)
||
(
!decode &&
(apdu->buf_decrypted.byte_at(0) == 0x0f)
)
) {
// -- save result
results[num_results].offs_SYSTEM_TITLE =
i + systitle_min;
results[num_results].offs_FRAME_COUNTER =
i + systitle_min + 8 + j ;
results[num_results].offs_ENC_DATA =
i + systitle_min + 8 + j + 4 + k;
results[num_results].len_ENC_DATA =
apdu->buf_raw.len() -
(i + systitle_min + 8 + j + 4 + k + 2);
num_results++;
if(num_results == AUTO_HACKER_MAX_RESULTS) stop = 1;
}
}
iteration++;
};
return;
}