Oleg Moiseenko
3a05a1e739
reworking magic cheneese card wipe ( #365 )
...
Implement hf mf cwipe. Remove wipe parameter from hf mf csetuid.
2017-09-22 19:40:42 +02:00
pwpiwi
c48c4d7856
New: implementing hf mf hardnested
...
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs ).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
2017-05-31 07:30:56 +02:00
marshmellow42
e04475c421
Add @Iceman1001 s cotag read
...
also needed to include some of icemans timer additions.
2017-02-03 00:14:34 -05:00
Michael Farrell
f9c1dcd9f6
Adds random nonce (r) option to hf mf sim
.
...
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card. A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).
The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.
This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
2017-01-26 18:32:25 +11:00
Iceman
7669409547
Merge pull request #185 from marshmellow42/master
...
some lf fixes and hf mf sim attack mode add-ons
2016-08-12 13:55:09 +02:00
marshmellow42
c872d8c177
update hf mf sim x attack mode - start 10byte uid..
...
..support (some from @iceman1001)
(sim reader attack currently testing std mfkey32 vs mfkey32_moebius
version...) possibly will remove one later.
2016-06-24 01:31:27 -04:00
Richard Antony Burton
fdcfbdcc21
add l/h option to hw tune and optimize order of tuning
2016-06-01 08:13:20 +01:00
Ralf Spenneberg
4e12287d19
Experimental HitagS support
2016-03-04 17:28:05 +01:00
marshmellow42
709665b5d1
lf viking build / lf awid refactor / lfdemod.c debugMode==2
...
lf viking from other users - just put my spin on it
lf awid refactored code - possible to make it not 26bit specific now
with minor chanages
lfdemod.c now supports extra debug printing if `data setdebug` = 2 when
not on device (on client not arm)
2015-11-22 00:00:32 -05:00
marshmellow42
8949e04584
Merge remote-tracking branch 'upstream/master'
2015-11-03 20:19:46 -05:00
marshmellow42
66837a0302
Add lf t55xx resetread cmd + fix clone cmds
...
resetread cmd to determine start of streaming bits of ata5577 or
compatible chips...
fixed lf clone bugs introduced while refactoring recently...
2015-10-30 23:23:27 -04:00
etmatrix
0472d76de4
The great work of Enio hf snoop is now ported into latest version in git
...
you can find original work here https://github.com/EnioArda/proxmark3
2015-10-23 15:40:35 +02:00
marshmellow42
be2d41b73a
updates to lf t55xx commands
...
fix wakeup cmd per @iceman1001
fix dump and read cmds
clean up write command
allow page 1 read/write (block 3 is writable)(ata5577 only)
remove duplicate code
2015-10-22 16:19:23 -04:00
marshmellow42
c54dff4f4a
Merge remote-tracking branch 'Proxmark/master' into iclass
...
Conflicts:
CHANGELOG.md
2015-10-07 09:34:47 -04:00
Dake
dc4300bafb
add : writing on PCF7931 tags
2015-08-26 15:53:49 +02:00
marshmellow42
3ac22ee1cf
use read instead of readcheck except to auth
2015-07-23 01:12:02 -04:00
Martin Holst Swende
e2012d1bd3
Implemented 'hw status' and 'hw ping', put back client-side cacheing of 'hw version'
2015-07-21 23:18:51 +02:00
marshmellow42
6b659d2406
Merge remote-tracking branch 'upstream/master' into iclass
2015-07-20 21:26:35 -04:00
marshmellow42
aa53efc340
iclass additions
...
multiple contributors - thanks!
2015-07-20 13:41:40 -04:00
Craig Young
dbf6e824f9
Adding support for AWID26 realtime demodulation as well as cloning and simulation from facility code and card number
2015-07-13 15:45:28 -04:00
Martin Holst Swende
1e1de234ac
Merge pull request #121 from frederikmoellers/master
...
Add PACE replay functionality
2015-06-23 22:23:08 +02:00
Frederik Möllers
3bb07d96c8
Add PACE replay functionality
...
This function allows the user to specify APDUs which are sent to a card
supporting the PACE protocol. The response times are measured and
printed.
The code was pulled from the old Google Code repository (branch "epa")
and modified to fit into the new code base.
2015-06-22 14:20:13 +02:00
pwpiwi
132a02179c
fixing iso 14443b (issue #103 ):
...
- fix: treat empty commands as error
- deleting dead code
- rename USB-Commands (ISO14443 -> iso14443B)
2015-06-18 09:49:22 +02:00
marshmellow42
9d87eb6650
MF ultralight code cleanup
2015-05-18 13:11:00 -04:00
marshmellow42
6ce0e5386a
HF Search - refactoring cmds to work with it
2015-05-12 16:45:48 -04:00
marshmellow42
f168b2633b
MF Ultralight - Iceman's updates + mine
...
Beginning of Ultralight additions.
detection of Ultralight Types added
dump command now auto detects type
can authenticate Ultralight C
2015-04-29 18:27:31 -04:00
Martin Holst Swende
caaf9618ae
Minor mod to 'hf iclass read', it now also reads and prints the configuration of the tag found
2015-03-29 21:49:58 +02:00
marshmellow42
872e3d4d6f
NEW lf simpsk
2015-02-21 21:36:02 -05:00
marshmellow42
abd6112fc4
Revert "Revert "lf simask, lf simfsk and bug fixes""
...
This reverts commit e396001c47
.
2015-02-19 21:35:34 -05:00
marshmellow42
e396001c47
Revert "lf simask, lf simfsk and bug fixes"
...
This reverts commit fb0c84c3df
.
2015-02-19 21:22:05 -05:00
marshmellow42
fb0c84c3df
lf simask, lf simfsk and bug fixes
2015-02-19 21:21:11 -05:00
Martin Holst Swende
7781a65656
Started work on 'hf iclass eload' - only client side so far, not yet supported in the device
2015-02-14 21:15:53 +01:00
Martin Holst Swende
31abe49fd3
Some more fixes to longer lf recordings. Now also supports longer snoops, and an additional command 'lf config' has been defined, instead of having to specify all params for every call
2015-01-30 23:03:44 +01:00
iceman1001
3fe4ff4f03
CHG: generic code clean up. Removal of commented code.
...
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD: tnp3xx support
ADD: nxp tag idents.
ADD: identifiction of chinese backdoor commands to hf 14a reader.
2015-01-05 15:51:27 +01:00
Martin Holst Swende
c8dd9b092e
Some work on iclass dump and iclass list, now the dumping is a lot more stable. I think the comms should be measured and tuned a bit more, right now it kind of works thanks to retry-functionality, but the retries are probably not needed if we are a bit more careful about timing, so we don't send commands too fast for the tag to handle
2015-01-04 14:53:26 +01:00
marshmellow42
66707a3b3c
LF Demod bug fixes and add lf em em410xdemod
...
fixed a few bugs in lf demod that the streamlining added. added new lf
em em410xdemod command that loops until button pressed. (similar to lf
hid fskdemod
2014-12-29 15:32:53 -05:00
Martin Holst Swende
aa41c6058a
Merged two iclass-reader functions into one to remove duplicated code, update loclass library with hash2 algo
2014-06-29 23:34:24 +02:00
Martin Holst Swende
3ad48540d4
Merge branch 'iclass-research' of https://github.com/PenturaLabs/proxmark3 into PenturaLabs-iclass-research
...
Conflicts:
README.txt
armsrc/apps.h
client/Makefile
client/cmdhficlass.c
client/cmdhficlass.h
2014-06-28 20:52:37 +02:00
iZsh
b014c96d68
new command "lf snoop" to snoop raw ADC values
...
fpga/lo_read.v (lf_field): new argument.
fpga/fpga_lf.v: modify accordingly.
armsrc/apps.h (FPGA_MAJOR_MODE_LF_READER): Rename as FPGA_MAJOR_MODE_LF_ADC.
armsrc/apps.h (FPGA_LF_ADC_READER_FIELD): New LF option.
armsrc/lfops.c: Modify accordingly.
client/cmdlf.c (CmdLFSnoop): New command.
armsrc/appmain.c, armsrc/lfops.c, client/cmdlf.h, include/usb_cmd.h: Modify accordingly.
2014-06-21 21:33:54 +02:00
penturalabs
fecd8202a5
implemented 'hf iclass dump xxxx',
...
all you need is the magic key to dump contents of an iclass card
2014-06-17 10:55:37 +01:00
penturalabs
c3963755b7
Implement replay command.
2014-04-15 11:47:01 +01:00
penturalabs
a1f3bb120f
Added Kantech ioProx Support
2014-03-18 20:52:48 +00:00
martin.holst@gmail.com
d2f487af9c
Various improvements on the Mifare1kSimulation. Fixed issue with tracebuffer not being cleared, fixed issue with 'static' errors, added modes for doing reader-only attack, added interactive mode, added possibility to set UID from cmdline, either 7-byte or 4-byte. See http://www.proxmark.org/forum/viewtopic.php?id=1529 and http://www.proxmark.org/forum/viewtopic.php?id=1649&p=3 for some more background and discussion
2014-01-31 21:17:34 +00:00
roel@libnfc.org
981bd4292e
integrated MIFARE ultralight features, contributed by 'midnitesnake'
2013-10-11 08:43:23 +00:00
martin.holst@gmail.com
7cf3ef203c
Patch by jonor for raw ISO 1444B commands. See http://www.proxmark.org/forum/viewtopic.php?id=1729 for more info
2013-09-01 18:41:05 +00:00
roel@libnfc.org
54a942b05d
merged all patches into CDC repository
2013-02-28 17:04:23 +00:00
roel@libnfc.org
28fdb04fd8
Finally, rewrote bootrom and flasher program, much faster now
2013-02-28 15:11:52 +00:00
roel@libnfc.org
9440213d6b
fixed 64-bit cmd/arg for windows
2012-12-09 13:00:19 +00:00
roel@libnfc.org
80501bad5b
tryout.... changed to 64-bit command arguments in stead of 32-bit
2012-12-07 22:41:41 +00:00
roel@libnfc.org
902cb3c00b
major USB update
2012-12-04 23:39:18 +00:00