Add app

2025-05-15 02:34:51 +01:00
commit 2ef6b6fcd0
5 changed files with 443 additions and 0 deletions
--- a/app.py
+++ b/app.py
@@ -0,0 +1,73 @@
+from __future__ import annotations
+from flask import Flask, render_template
+import subprocess
+from time import sleep
+
+app = Flask(__name__)
+
+def extractAsciiFromDump(dump: [str]) -> [str]:
+    res = ""
+    for line in dump:
+        res += line.split("|")[-1].strip()
+    return res
+
+usingPm3 = False
+
+@app.route('/api/uid')
+def uid():
+    '''
+    Read the UID of a visible ISO-14443A card.
+    '''
+    uid = None
+    global usingPm3
+    while usingPm3:
+        sleep(0.1)
+    usingPm3 = True
+    try:
+        output = subprocess.check_output(["proxmark3", "/dev/ttyACM0", "-c", "hf 14a read"], text=True, stderr=subprocess.DEVNULL).split("\n")
+        for line in output:
+            if "UID: " in line:
+                uid = line[line.index("UID: ")+4:].strip()
+                break
+    except Exception as e:
+        print(repr(e))
+    finally:
+        print(uid)
+        usingPm3 = False
+        return {
+            "uid": uid
+        }
+
+@app.route('/api/sector/<sector>')
+def sector(sector):
+    '''
+    Read a sector from a visible Mifare Classic card.
+    '''
+    dump = None
+    global usingPm3
+    while usingPm3:
+        sleep(0.1)
+    usingPm3 = True
+    try:
+        output = subprocess.check_output(["proxmark3", "/dev/ttyACM0", "-c", f"hf mf cgetsc -s {sector}"], text=True, stderr=subprocess.DEVNULL).split("\n")
+        for i, line in enumerate(output):
+            if "--> hf mf cgetsc -s " in line:
+                dump = extractAsciiFromDump(output[i+4:])
+                break
+    finally:
+        usingPm3 = False
+        return {
+            "dump": dump
+        }
+
+@app.route('/')
+def index():
+    return render_template("door.html",
+                            allowed_ids={
+                                # "44 61 76 65": ["Welcome CEO", [(3, "I am a very important CEO so open this door now!.........i......")]],
+                                "44 61 76 65": ["Welcome CEO<br/></br>flag{yep_big_boss}", []], # CEO
+                                "3C 36 6A 22": ["The site manager would like to see you in their office. Please speak to APO Grove, and tell him the cleaner sent you.<br/></br>flag{ooh_a_manager}", []], # Developer
+                                "2F 92 5D B2": ["Thanks for doing our cleaning! I found a card on a desk earlier. It has a label saying \"UID: 3C 36 6A 22\". Not sure what to do with it.<br/></br>flag{another_lost_card}", []], # Cleaner
+                            })
+
+app.run(host='127.0.0.1', port=8080)