-reset my fork due to corruption - now add back in the lf visa
commands...
also adjusts lfdemod all detect clock functions to always return a
starting point of the clock detected ( for graphing purposes)
- cleanup some header files and respective #includes
- rearrange functions (definition before first use)
- use SCNxxx instead of PRIxxx macros in scanf()
- use stdbool true/false instead of self defined TRUE/FALSE
helps get the data dumped even if positioning isn't 100% perfect.
also switched em4x05 commands to WaitUS instead of SpinDelayUs, per
@pwpiwi 's suggestion.
combine preamble searches (thanks @iceman1001)
simplify Em410xDecode
fix bug in removeParity (I made recently)
move Unique TAG ID printout to avoid confusion
- add @gpakosz whereami library (https://github.com/gpakosz/whereami) in order to ...
- determine and set absolute paths for LUA scripts and LUA libraries
- correctly using stdtypes.h printf and scanf format string macros (PRIx64 et al)
- coverity fixes to client/cmdhfmf.c
- fix linker warning re missing entry point when linking fullimage.elf
plus some minor adjustments
and added a quick em4x05 test:
bool EM4x05Block0Test(uint32_t *wordData)
if successful very likely the tag is an em4x05 or compatible...
@iceman1001 s updates + some of my own.
still more to do:
-auto demod responses
-figure out config block
-figure out block 0 info / serial # in block 1
-figure out block 3 protection data
-add dump all blocks cmd
- Don't increment the nonce when random mode is disabled (this breaks the
standard attack).
- Don't attempt the standard attack when random mode is enabled (there's no
point as it won't work, per comments from @pwpiwi).
- Attempt the moebius attack if the standard attack fails.
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card. A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).
The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.
This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
