* add "samples to skip" for lf config (mainly for lf snoop)
* add lf em 4x05protect command to write protection on em4x05 chips
* fix spacing
* and remove old comment git added back in..
* update changelog
* fix flags - only need 1 bit
* fix parity encryption (thanks to Eloff, http://www.proxmark.org/forum/viewtopic.php?id=6347)
* add support to simulate Mifare Mini, Mifare 2K and Mifare 4K
* change to standard LED handling (A: PM is working, B: reader is sending, C: tag is responding, D: HF field is on)
* NAK on unknown commands
* allow unencrypted HALT
* don't display messages during simulation (or we will miss next reader command)
* use DMA to receive reader command
* switch earlier from send to listen mode
* move ADC initializer to iso14443_setup
* remove remainders of incomplete Mifare 10Byte UID simulation
* show 'short' bytes (7Bits or 8Bits without parity) in 'hf list mf' and 'hf list 14a'
* whitespace
* Add raw HF signal plotting
* new fpga module hi_get_trace.v - store A/D converter output to circular buffer on FPGA
* new command 'hf plot' - pull data from FPGA and display it in Graph Window
* add PCSC interface (pcsc.c and pcsc.h)
* new command 'sc select' to choose an USB Smartcard Reader
* updated CI/.travis.yml accordingly
* remove TCK CRC check in i2c.c It is done in PrintATR() anyway
* Fix TCK CRC check in PrintATR()
* Add PCSC reader support to 'sc info'
* fixing hf 15: implement hf 15 snoop
* rename hf 15 record to hf 15 snoop
* speedup sampling / decoding:
* new FPGA mode FPGA_HF_READER_RX_XCORR_AMPLITUDE implements amplitude(ci, cq) on FPGA
* inlining the decoders in iso15693.c
* inlining memcpy/memset in LogTrace()
* giving up the moving correlator for SOF in Handle15693SamplesFromTag
* decode more of EOF in Handle15693SamplesFromTag()
* some refactoring
This involves a refactor to the arm HID code to allow for arbitrary
preambles (such as HID Proximity and Paradox).
The client also borrows from the HID code, but is not shared, so could
use a significant refactor in the future.
* support of HITAG S standard communication mode
* fixed wrong AC (Anti Collision) decoding
* support of block read mode
* fixed wrong uid send when using simulation
* support of communication mode parameter (client is backward compatible)
* support of start-page parameter (important for some weird tags) (client is backward compatible)
* also expect pages if tag memory size in con0 is 11 (we got some tags)
* corrected hitagS reader cmd help
* allow common makefile options-defines
* remove non-existing file references
* Uncomment lcd option (still) not enabled by default
use Makefile_Enabled_Options.common
to enable lcd if desired.
* Add Smartcard Functions
* add smartcard to menu + make get atr work
sc is now functioning as far as my limited knowledge takes me
* sc cleanup - add init to all sc commands...
because cmds won't work until the first init happens. (multiple inits
don't appear to affect it negatively)
* default options to exclude Smartcard
for main repo
* update changelog
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card. A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).
The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.
This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
lf viking from other users - just put my spin on it
lf awid refactored code - possible to make it not 26bit specific now
with minor chanages
lfdemod.c now supports extra debug printing if `data setdebug` = 2 when
not on device (on client not arm)
This function allows the user to specify APDUs which are sent to a card
supporting the PACE protocol. The response times are measured and
printed.
The code was pulled from the old Google Code repository (branch "epa")
and modified to fit into the new code base.
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD: tnp3xx support
ADD: nxp tag idents.
ADD: identifiction of chinese backdoor commands to hf 14a reader.