* coverity fixes
cmdhflegic- indications are the i in calls to data_buf[i] could = 1052
and overflow the array.
cmdhfmfhard - +1 to add space for string null terminator - should we add
the 0 terminator value too?
reveng.c - memory leak
util.c - fix potential overflow of array buf[]
util_posix.c - possible integer overflow
* fix help errors
* fix sprint_hex_ascii
again
and this function is not even used anywhere... yet...
* Fix compile errors with MacOS
- _POSIX_C_SOURCE must not be defined for num_CPU()
* separate util_posix.c require changes in tools directory as well
* remove unnecessary self-include
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
add parameter for # bits to read
auto get samples after lf read/snoop (don't need to do a `data samples`
anymore)
add safe function to get DemodBuffer
add some lf demod comments and apply new lf_read function instead of
read then get samples.
fixed output bug in lf t55xx config print
fixed small bug in lf t55xx detect during ST check
fix noralsy demod bug (st should be true)
fix sprint_bin_break bug (didn't print last bit)
add a function to save/restore demodbuffer
remove redundant countFC call in PSKDemod
clean up pskclockdetect functions
fix indala26decode bug (end of data sometimes not correct)
improve PSK detection / demodulation
improve NRZ detection
improve t55xx commands & fix a few bugs
add t55xx page1 detection - added it to lf search
added experimental t55xx testmode write
* Fixed compile error in MinGW
Some versions of MinGW miss some definitions. In order to be able to
compile I redefined a function and added an explicit include. It is only
a quick workaround, as other people also seemed to have the same
problem. It should be checked whether a better solution is possible.
* Removed _ftime_s redefine, calling _ftime directly
lf viking from other users - just put my spin on it
lf awid refactored code - possible to make it not 26bit specific now
with minor chanages
lfdemod.c now supports extra debug printing if `data setdebug` = 2 when
not on device (on client not arm)
+ add xor calc to util (prep for desfire)
commented out MifareUWriteBlockCompat as it isn't used in client
currently (it is a command we could support.. but why?)
relabeled a few device side mfu functions to be clearer.
FIX: a solution for the issue "hf eload, esave, cload, save - filepath variable too short"
CHG: minor code clean up.
ADD: AES / CRC16 for lua. (and tnp3xx scripts.)
ADD: tnp3dump.lua script to dump tnp3xx tags.
ADD: tnp3sim.lua script to let PM3 imitate an tnp3xx tag. Needs to be tested live
1. commands changed from "hf 14a" to "hf mf"
2. some code cleaning and small bugfixes
3. alpha version hf mf sim
4. added internal function GetTickCount() for time measuring