proxmark-doors/app.py

from __future__ import annotations
from flask import Flask, render_template
import subprocess
from time import sleep

app = Flask(__name__)

def extractAsciiFromDump(dump: [str]) -> [str]:
    res = ""
    for line in dump:
        res += line.split("|")[-1].strip()
    return res

usingPm3 = False

@app.route('/api/uid')
def uid():
    '''
    Read the UID of a visible ISO-14443A card.
    '''
    uid = None
    global usingPm3
    while usingPm3:
        sleep(0.1)
    usingPm3 = True
    try:
        output = subprocess.check_output(["proxmark3", "/dev/ttyACM0", "-c", "hf 14a read"], text=True, stderr=subprocess.DEVNULL).split("\n")
        for line in output:
            if "UID: " in line:
                uid = line[line.index("UID: ")+4:].strip()
                break
    except Exception as e:
        print(repr(e))
    finally:
        print(uid)
        usingPm3 = False
        return {
            "uid": uid
        }

@app.route('/api/sector/<sector>')
def sector(sector):
    '''
    Read a sector from a visible Mifare Classic card.
    '''
    dump = None
    global usingPm3
    while usingPm3:
        sleep(0.1)
    usingPm3 = True
    try:
        output = subprocess.check_output(["proxmark3", "/dev/ttyACM0", "-c", f"hf mf cgetsc -s {sector}"], text=True, stderr=subprocess.DEVNULL).split("\n")
        for i, line in enumerate(output):
            if "--> hf mf cgetsc -s " in line:
                dump = extractAsciiFromDump(output[i+4:])
                break
    finally:
        usingPm3 = False
        return {
            "dump": dump
        }

@app.route('/')
def index():
    return render_template("door.html",
                            title="Office Front Door",
                            allowed_ids={
                                # "44 61 76 65": ["Welcome CEO", [(3, "I am a very important CEO so open this door now!.........i......")]],
                                "44 61 76 65": ["Welcome CEO<br/></br>flag{yep_big_boss}", []], # CEO
                                "3C 36 6A 22": ["The site manager would like to see you in their office. Please speak to APO Grove, and tell him the cleaner sent you.<br/></br>flag{ooh_a_manager}", []], # Developer
                                "2F 92 5D B2": ["Thanks for doing our cleaning! I found a card on a desk earlier. It has a label saying \"UID: 3C 36 6A 22\". Not sure what to do with it.<br/></br>flag{another_lost_card}", []], # Cleaner
                            })

app.run(host='127.0.0.1', port=8080)