combine preamble searches (thanks @iceman1001)
simplify Em410xDecode
fix bug in removeParity (I made recently)
move Unique TAG ID printout to avoid confusion
- add @gpakosz whereami library (https://github.com/gpakosz/whereami) in order to ...
- determine and set absolute paths for LUA scripts and LUA libraries
- correctly using stdtypes.h printf and scanf format string macros (PRIx64 et al)
- coverity fixes to client/cmdhfmf.c
- fix linker warning re missing entry point when linking fullimage.elf
plus some minor adjustments
and added a quick em4x05 test:
bool EM4x05Block0Test(uint32_t *wordData)
if successful very likely the tag is an em4x05 or compatible...
@iceman1001 s updates + some of my own.
still more to do:
-auto demod responses
-figure out config block
-figure out block 0 info / serial # in block 1
-figure out block 3 protection data
-add dump all blocks cmd
- Don't increment the nonce when random mode is disabled (this breaks the
standard attack).
- Don't attempt the standard attack when random mode is enabled (there's no
point as it won't work, per comments from @pwpiwi).
- Attempt the moebius attack if the standard attack fails.
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card. A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).
The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.
This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
rawdemod parameter length test too short for help text
amp option should amp prior to ST check
ST check adjusted to make room for rf/32 clock instead of rf/64 (so will
have extra room if clock is higher than 32)
ST check improved to better account for low drift
