helps get the data dumped even if positioning isn't 100% perfect.
also switched em4x05 commands to WaitUS instead of SpinDelayUs, per
@pwpiwi 's suggestion.
- correctly using stdtypes.h printf and scanf format string macros (PRIx64 et al)
- coverity fixes to client/cmdhfmf.c
- fix linker warning re missing entry point when linking fullimage.elf
plus some minor adjustments
and added a quick em4x05 test:
bool EM4x05Block0Test(uint32_t *wordData)
if successful very likely the tag is an em4x05 or compatible...
@iceman1001 s updates + some of my own.
still more to do:
-auto demod responses
-figure out config block
-figure out block 0 info / serial # in block 1
-figure out block 3 protection data
-add dump all blocks cmd
- Don't increment the nonce when random mode is disabled (this breaks the
standard attack).
- Don't attempt the standard attack when random mode is enabled (there's no
point as it won't work, per comments from @pwpiwi).
- Attempt the moebius attack if the standard attack fails.
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card. A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).
The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.
This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
also cleaned up some comments
note previous update added the creation of a stats.txt file to generate
statistics of the differences between std mfkey32 and the moebius
version.
...as it is currently understood - need to add base 12 printed ID to
demod output...
add Q5 option to pyramid
fix missing include I mistakenly removed in cmdlf
lf viking from other users - just put my spin on it
lf awid refactored code - possible to make it not 26bit specific now
with minor chanages
lfdemod.c now supports extra debug printing if `data setdebug` = 2 when
not on device (on client not arm)
slight adjustment to lf t55xx sampling code to start at the same spot
more consistently
reduce indala detection false positives
lf t55xx commands heavily tested and seem to be stable and reliable on
most modulations/bitrates (excluding Sequence Terminator configured
cards).
