* add a specific check function for static nonces in 'hf mf nested'
* uses a fixed nr_enc and does all the crypto operations on client
* for all possible keys calculate par_enc and ar_enc and send them to device
* CHANGELOG update
* ensure that CMD_ACK is used exclusively for the very last response of each PM3 operation. All Dbprintf() must be before.
* always switch off field before exiting
* append null packet for USB transfers % 64 bytes
* reformatting and whitespace fixes
* add separate timeout for tag response to nr_ar
* measure response time and use it for response timeout
* don't drop field between keyblocks
* some reformatting
* some whitespace fixes
* fishing for microseconds in TransmitFor14443a()
* allow arbitrary number of keys in MifareChkKeys()
* and move progress printing to MifareChkKeys()
Co-authored-by: uzlonewolf <github_com@hacker-nin.com>
FIX: command "hf mf ekeyprn d" doesn't use the correct offset to locate the A key in data[] array and record the 2 last bytes followed by 4 0x00 instead of the 6 good bytes (All the A keys are corrupted in file dumpkeys.bin). B keys are not affected.
* add detection of static tag nonces
* add tag nonce to error message
* modify mfCheckKeys() to pass button press events upstream
* don't abort nested when a static nonce is encountered
* modify nested to try multiple keys in a single operation
* Print keys remaining only every 10 seconds, and add estimated worst-case time
* don't repeatedly clear trace while running (PR 243 by @mceloff from https://github.com/RfidResearchGroup/proxmark3)
* standard LED handling
* better check for key file syntax
* get rid of "res" column when printing the result. Show unknown keys more prominent as " ? "
* chg: write new dump file format by @mceloff
* chg: rename 'hf mfu dump' option 'n' to 'f' to align with other commands and RRG repo
* chg: replace ISO14443A_CMD_READBLOCK by MIFARE_CMD_READBLOCK, same for WRITEBLOCK
* fix: mifare_ultra_readblock() returned 14 bytes instead of 16
* chg: param_gethex_ex() now checks maximum output buffer length
* chg: ul_comp_write() was incomplete and for magic testing only
* fix: 16bit ULC counter had been displayed as 32bit
* chg: add check for 7 Byte UID, drop check for ATQA in type identification GetHF14AMfU_Type()
* fix: send HALT instead of dropping field in order to maintain a defined state
* chg: DropField() when command ends
* chg: check for invalid page ranges in 'hf mfu dump'
* fix: print correct lock bits when page range is used
* fix: do not write (incomplete) dumpfile when page range is used
* add: use UID for filename when no filename is given (RRG repo)
* chg: don't clear trace on each ULC authentication, clear trace at beginning of each command
* fix: don't send (DESFire?) deselect command after authentication
* fix parity encryption (thanks to Eloff, http://www.proxmark.org/forum/viewtopic.php?id=6347)
* add support to simulate Mifare Mini, Mifare 2K and Mifare 4K
* change to standard LED handling (A: PM is working, B: reader is sending, C: tag is responding, D: HF field is on)
* NAK on unknown commands
* allow unencrypted HALT
* don't display messages during simulation (or we will miss next reader command)
* use DMA to receive reader command
* switch earlier from send to listen mode
* move ADC initializer to iso14443_setup
* remove remainders of incomplete Mifare 10Byte UID simulation
* show 'short' bytes (7Bits or 8Bits without parity) in 'hf list mf' and 'hf list 14a'
* whitespace
* make uart_communication(), storeCommand() and getCommand() static in comms.c
* move receiver thread creation and respective mutexes to comms.c
* add mutex and signal for tx buffer
* use comms.c for flasher as well
* remove comm functions from client/proxmark3.h
* this completes isolating all USB communication related functions in comms.c
* don't assume a port to be defined by a name. Change parameter in OpenProxmark() to void*
* comms.c: set sp and serial_port_name to NULL when offline
Improve hf mf chk and hf mf nested
* hf mf chk. added interrupt of procedure by usb
* extract mifare default keys into separate module
* arm side multisector `hf mf chk`
* hf mf nested. change key search procedure
* hf mf nested. added key check after we have found a key.
* small fix hf list f
* hf mf chk. add timeout (arm side) and some tweaks.
* Fix typo in hf mf csave help
* Fix gcc 7 warning: '~' on an expression of type bool [-Wbool-operation], use logical ! not instead of ~
* Fix gcc 7 warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
* Fix gcc 7 warning: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier]
* Improve 'Magic' Mifare tags detection
* Magic Mifare tags detection and version printing
* Magic s50/1k tag halt error correction for cload and csave
* hf mf c* commands for gen1b
* Use |= for bitwise operation
* gen1b: don't issue wipe command and don't expect response from WUPC1 magic command after a SELECT_UID: old UID display works in hf mf csetuid
* hf mf cgetsc compatibility for 4k
* hf mf csave compatibility for 4k
* hf mf cload compatibility for 4k, suppress halt errors messages for debug level 2
* Revert to MF_DBG_ERROR level in mifare_classic_halt() and don't issue the halt command for gen1b
* Improve 'Magic' Mifare tags generation detection & hf mf c* commands magic 4k compatibility
* Fix compile errors with MacOS
- _POSIX_C_SOURCE must not be defined for num_CPU()
* separate util_posix.c require changes in tools directory as well
* remove unnecessary self-include
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
