Merge branch 'master' of https://github.com/RfidResearchGroup/proxmark3

armsrc/LCD_disabled.c

@@ -5,7 +5,7 @@
 //-----------------------------------------------------------------------------
 // LCD code
 //-----------------------------------------------------------------------------
-#include "LCD.h"
+#include "LCD_disabled.h"
 
 void LCDSend(unsigned int data) {
     // 9th bit set for data, clear for command

armsrc/buzzer_disabled.c

@@ -1,4 +1,4 @@
-#include "buzzer.h"
+#include "buzzer_disabled.h"
 
 void Ring_BEE_ONCE(uint16_t music_note) {
     BEE_ON();

armsrc/desfire_crypto_disabled.c

@@ -26,9 +26,7 @@
  * May 2005
  */
 #include <string.h>
-
-#include "desfire_crypto.h"
-
+#include "desfire_crypto_disabled.h"
 #include "crc32.h"
 #include "printf.h"
 #include "desfire.h"

armsrc/fonts_disabled.c

@@ -6,7 +6,7 @@
 // Fonts for the LCD
 //-----------------------------------------------------------------------------
 
-#include "fonts.h"
+#include "fonts_disabled.h"
 
 const char FONT6x8[97][8] = {
     {0x06, 0x08, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00}, // columns, rows, bytes per char

armsrc/hitag2crack.c

@@ -11,7 +11,7 @@
 // hitag2 attack functions
 //-----------------------------------------------------------------------------
 
-#include "hitagcrypto.h"
+#include "hitag2_crypto.h"
 #include "hitag2crack.h"
 
 #define READP0CMD "1100000111"

armsrc/lfadc.c

@@ -58,7 +58,7 @@ void lf_sample_mean(void) {
             periods++;
         }
     }
-    // division by 32    
+    // division by 32
     adc_avg = adc_sum >> 5;
 
     if (DBGLEVEL >= DBG_EXTENDED)
@@ -74,16 +74,16 @@ size_t lf_count_edge_periods_ex(size_t max, bool wait, bool detect_gap) {
     while (!BUTTON_PRESS()) {
 
         // only every 100th times, in order to save time when collecting samples.
-/*
-        if (checked == 1000) {
-            if (data_available()) {
-                break;
-            } else {
-                checked = 0;
-            }
-        }
-        ++checked;
-*/
+        /*
+                if (checked == 1000) {
+                    if (data_available()) {
+                        break;
+                    } else {
+                        checked = 0;
+                    }
+                }
+                ++checked;
+        */
         WDT_HIT();
 
         if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
@@ -136,12 +136,12 @@ void lf_reset_counter() {
 
     // TODO: find out the correct reset settings for tag and reader mode
 //    if (reader_mode) {
-        // Reset values for reader mode
-        rising_edge = false;
-        previous_adc_val = 0xFF;
+    // Reset values for reader mode
+    rising_edge = false;
+    previous_adc_val = 0xFF;
 
 //    } else {
-        // Reset values for tag/transponder mode
+    // Reset values for tag/transponder mode
 //        rising_edge = false;
 //        previous_adc_val = 0xFF;
 //    }
@@ -179,7 +179,8 @@ void lf_init(bool reader, bool simulate) {
 //            FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
             FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC);
         else
-            FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC);
+            // Sniff
+            FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT  | FPGA_LF_EDGE_DETECT_TOGGLE_MODE);
 
     }
 
@@ -249,18 +250,18 @@ size_t lf_detect_field_drop(size_t max) {
 
     while (!BUTTON_PRESS()) {
 
-/*
-        // only every 1000th times, in order to save time when collecting samples.
-        if (checked == 1000) {
-            if (data_available()) {
-                checked = -1;
-                break;
-            } else {
-                checked = 0;
-            }
-        }
-        ++checked;
-*/
+        /*
+                // only every 1000th times, in order to save time when collecting samples.
+                if (checked == 1000) {
+                    if (data_available()) {
+                        checked = -1;
+                        break;
+                    } else {
+                        checked = 0;
+                    }
+                }
+                ++checked;
+        */
 
         WDT_HIT();
 

armsrc/mifaredesfire.c

@@ -134,7 +134,7 @@ void MifareDesfireGetInformation() {
         return;
     }
     // add uid.
-    memcpy(payload.uid, card.uid, sizeof(card.uid));
+    memcpy(payload.uid, card.uid, sizeof(payload.uid));
 
     LED_A_ON();
     uint8_t cmd[] = {GET_VERSION, 0x00, 0x00, 0x00};

armsrc/mifaresniff_disabled.c

@@ -8,7 +8,7 @@
 // Routines to support mifare classic sniffer.
 //-----------------------------------------------------------------------------
 
-#include "mifaresniff.h"
+#include "mifaresniff_disabled.h"
 
 #ifndef CheckCrc14A
 # define CheckCrc14A(data, len) check_crc(CRC_14443_A, (data), (len))

client/cmdhfmfdes.c

@@ -26,8 +26,32 @@ uint8_t key_ones_data[16] = { 0x01 };
 uint8_t key_defa_data[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
 uint8_t key_picc_data[16] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f };
 
+
+typedef enum {
+    UNKNOWN = 0,
+    MF3ICD40,
+    EV1,
+    EV2,
+    LIGHT,
+} desfire_cardtype_t;
+
+
 static int CmdHelp(const char *Cmd);
 
+static desfire_cardtype_t getCardType(uint8_t major, uint8_t minor) {
+
+    if (major == 0x00)
+        return MF3ICD40;
+    else if (major == 0x01 && minor == 0x00)
+        return EV1;
+    else if (major == 0x12 && minor == 0x00)
+        return EV2;
+    else if (major == 0x30 && minor == 0x00)
+        return LIGHT;
+    else
+        return UNKNOWN;
+}
+
 //ICEMAN: Turn on field method?
 //none
 static int test_desfire_authenticate() {
@@ -95,11 +119,20 @@ static int get_desfire_freemem(uint32_t *free_mem) {
 
 
 // --- GET SIGNATURE
-static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t signature_len) {
+static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t signature_len, desfire_cardtype_t card_type) {
+
+    uint8_t public_key;
+    if (card_type == LIGHT)
+        public_key = 0;
+    else if (card_type == EV2)
+        public_key = 1;
+    else 
+        return PM3_EINVARG;
+    
     #define PUBLIC_DESFIRE_ECDA_KEYLEN 57
 
     // ref:  MIFARE Desfire Originality Signature Validation
-    uint8_t nxp_desfire_keys[1][PUBLIC_DESFIRE_ECDA_KEYLEN] = {
+    uint8_t nxp_desfire_keys[2][PUBLIC_DESFIRE_ECDA_KEYLEN] = {
         // DESFire Light
         {
             0x04, 0x0E, 0x98, 0xE1, 0x17, 0xAA, 0xA3, 0x64,
@@ -109,17 +142,26 @@ static int desfire_print_signature(uint8_t *uid, uint8_t *signature, size_t sign
             0x7B, 0x94, 0x2A, 0x97, 0x74, 0xA1, 0xD9, 0x4A,
             0xD0, 0x25, 0x72, 0x42, 0x7E, 0x5A, 0xE0, 0xA2,
             0xDD, 0x36, 0x59, 0x1B, 0x1F, 0xB3, 0x4F, 0xCF, 0x3D
-        }
+        },
         // DESFire Ev2
+        {
+            0x04, 0x8A, 0x9B, 0x38, 0x0A, 0xF2, 0xEE, 0x1B,
+            0x98, 0xDC, 0x41, 0x7F, 0xEC, 0xC2, 0x63, 0xF8,
+            0x44, 0x9C, 0x76, 0x25, 0xCE, 0xCE, 0x82, 0xD9,
+            0xB9, 0x16, 0xC9, 0x92, 0xDA, 0x20, 0x9D, 0x68,
+            0x42, 0x2B, 0x81, 0xEC, 0x20, 0xB6, 0x5A, 0x66,
+            0xB5, 0x10, 0x2A, 0x61, 0x59, 0x6A, 0xF3, 0x37,
+            0x92, 0x00, 0x59, 0x93, 0x16, 0xA0, 0x0A, 0x14, 0x10
+        }
         
     };
 
-    uint8_t public_key = 0;
+
     int res = ecdsa_signature_r_s_verify(MBEDTLS_ECP_DP_SECP224R1, nxp_desfire_keys[public_key], uid, 7, signature, signature_len, false);
     bool is_valid = (res == 0);
 
     PrintAndLogEx(INFO, "  Tag Signature");
-    PrintAndLogEx(INFO, "  IC signature public key name  : NXP DESFire Light");
+    PrintAndLogEx(INFO, "  IC signature public key name  : %s", (card_type == LIGHT) ? "NXP DESFire Light" :  "NXP DESFire Ev2");
     PrintAndLogEx(INFO, "  IC signature public key value : %s", sprint_hex(nxp_desfire_keys[public_key], 16));
     PrintAndLogEx(INFO, "                                : %s", sprint_hex(nxp_desfire_keys[public_key] + 16, 16));
     PrintAndLogEx(INFO, "                                : %s", sprint_hex(nxp_desfire_keys[public_key] + 32, 16));
@@ -423,9 +465,10 @@ static int CmdHF14ADesInfo(const char *Cmd) {
     // Signature originality check
     uint8_t signature[56] = {0};
     size_t signature_len = 0;
+    desfire_cardtype_t cardtype = getCardType(package->versionHW[3], package->versionHW[4]);
     
     if (get_desfire_signature(signature, &signature_len) == PM3_SUCCESS) 
-        desfire_print_signature(package->uid, signature, signature_len);
+        desfire_print_signature(package->uid, signature, signature_len, cardtype);
 
     // Master Key settings
     uint8_t master_aid[3] = {0x00, 0x00, 0x00};
@@ -514,9 +557,6 @@ char *getVersionStr(uint8_t major, uint8_t minor) {
 
 void getKeySettings(uint8_t *aid) {
 
-    char messStr[512] = {0x00};
-    const char *str = messStr;
-
     if (memcmp(aid, "\x00\x00\x00", 3) == 0) {
         
         // CARD MASTER KEY 
@@ -544,9 +584,7 @@ void getKeySettings(uint8_t *aid) {
             PrintAndLogEx(WARNING, _RED_("   Can't read Application Master key settings"));
         }
 
-
-        memset(messStr, 0x00, sizeof(messStr));
-        str = "   Operation of PICC master key          : " _YELLOW_("%s");
+        const char *str = "   Operation of PICC master key          : " _YELLOW_("%s");
         
         // 2 MSB denotes 
         switch (num_keys >> 6) {
@@ -666,8 +704,8 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) {
         // Get File IDs
         if (get_desfire_fileids(file_ids, &file_ids_len) == PM3_SUCCESS) {
             PrintAndLogEx(SUCCESS, " Tag report " _GREEN_("%d") "file%c", file_ids_len, (file_ids_len == 1) ? ' ' : 's');             
-            for (int i = 0; i < file_ids_len; ++i) {
-                PrintAndLogEx(SUCCESS, "   Fileid %d (0x%02x)", file_ids[i], file_ids[i]);
+            for (int j = 0; j < file_ids_len; ++j) {
+                PrintAndLogEx(SUCCESS, "   Fileid %d (0x%02x)", file_ids[j], file_ids[j]);
             }
         }
 

client/cmdhfmfdesfire_disabled.c

@@ -8,7 +8,7 @@
 // High frequency MIFARE commands
 //-----------------------------------------------------------------------------
 
-#include "cmdhfmfdesfire.h"
+#include "cmdhfmfdesfire_disabled.h"
 
 #include "cmdparser.h"    // command_t
 

client/cmdlfkeri.c

@@ -128,7 +128,7 @@ static int CmdKeriMSScramble (KeriMSScramble_t Action, uint32_t *FC, uint32_t *I
         *CardID = *CardID | Parity;
 
         // Bit 31 was fixed but not in check/parity bits
-        *CardID |= (uint32_t)(1 << 31);
+        *CardID |= 1UL << 31;
 
         PrintAndLogEx(SUCCESS, "Scrambled MS : FC %d - CN %d to RAW : E0000000%08X",*FC,*ID,*CardID);
     }

client/cmdlft55xx.c

@@ -482,12 +482,16 @@ static bool t55xxProtect(bool lock, bool usepwd, uint8_t override, uint32_t pass
 
     int res = T55xxReadBlockEx(T55x7_CONFIGURATION_BLOCK, T55x7_PAGE0, usepwd, override, password, downlink_mode, false);
     if (res != PM3_SUCCESS) {
-        PrintAndLogEx(WARNING, "Failed to read block0, use `p` password parameter?");
+        PrintAndLogEx(WARNING, "Failed to read block0, use " _YELLOW_("`p`") "password parameter?");
         return false;
     }
 
-    if (GetT55xxBlockData(&block0) == false)
+    if (GetT55xxBlockData(&block0) == false) {
+        PrintAndLogEx(DEBUG, "ERROR decoded block0 == %08x", block0);
         return false;
+    }
+    PrintAndLogEx(DEBUG, "OK read block0 == %08x", block0);
+
 
     bool isPwdBitAlreadySet = (block0 >> (32 - 28) & 1);
     if (isPwdBitAlreadySet) {
@@ -3679,7 +3683,7 @@ static int CmdT55xxProtect(const char *Cmd) {
 
     // lock
     if (t55xxProtect(true, usepwd, override, password, downlink_mode, new_password) == false) {
-        PrintAndLogEx(WARNING, "Command failed. Did you run `lf t55xx detect` before?");
+        PrintAndLogEx(WARNING, "Command failed. Did you run " _YELLOW_("`lf t55xx detect`") "before?");
         return PM3_ESOFT;
     }
     return PM3_SUCCESS;

client/resources/aidlist.json

@@ -2128,27 +2128,35 @@
         "Type": "EMV"
     },
     {
-        "AID": "7465736C6153746F7265303032",
+        "AID": "7465736C6153746F7265",
         "Vendor": "Tesla",
         "Country": "",
-        "Name": "teslaStore002",
-        "Description": "Tesla car key",
+        "Name": "teslaStore",
+        "Description": "Undocumented AID associated with official Tesla Key Cards",
         "Type": "Tesla"
     },
     {
-        "AID": "7465736C614C6F67696330303201",
+        "AID": "7465736C614C6F6769633",
         "Vendor": "Tesla",
         "Country": "",
-        "Name": "teslaLogic002",
-        "Description": "Tesla car key",
+        "Name": "teslaLogic (Original AID)",
+        "Description": "Key for Tesla vehicles",
         "Type": "Tesla"
     },
     {
-        "AID": "7465736C61",
+        "AID": "F465736C614C6F6769633",
         "Vendor": "Tesla",
         "Country": "",
-        "Name": "tesla",
-        "Description": "Tesla car key generic AID",
+        "Name": "teslaLogic (Alternate AID)",
+        "Description": "Key for Tesla vehicles",
+        "Type": "Tesla"
+    },
+    {
+        "AID": "5465736c61444150",
+        "Vendor": "Tesla",
+        "Country": "",
+        "Name": "TeslaDAP",
+        "Description": "Undocumented AID associated with official Tesla BTLE Key Fobs",
         "Type": "Tesla"
     }
-]
+]

client/tinycbor/cborpretty.c

@@ -488,14 +488,14 @@ static CborError value_to_pretty(CborStreamFunction stream, void *out, CborValue
                 case CborFloatType:
                     cbor_value_get_float(it, &f);
                     val = f;
-                    suffix = flags & CborPrettyNumericEncodingIndicators ? "_2" : "f";
+                    suffix = (flags & CborPrettyNumericEncodingIndicators) ? "_2" : "f";
                 } else if (false) {
                     uint16_t f16;
                 case CborHalfFloatType:
 #ifndef CBOR_NO_HALF_FLOAT_TYPE
                     cbor_value_get_half_float(it, &f16);
                     val = decode_half(f16);
-                    suffix = flags & CborPrettyNumericEncodingIndicators ? "_1" : "f16";
+                    suffix = (flags & CborPrettyNumericEncodingIndicators) ? "_1" : "f16";
 #else
                     (void)f16;
                     err = CborErrorUnsupportedType;

client/tinycbor/cbortojson.c

@@ -146,7 +146,7 @@
  * the keys for the metadata clash with existing keys in the JSON map.
  */
 
-extern FILE *open_memstream(char **bufptr, size_t *sizeptr);
+extern FILE *open_memstream(char **bufptr, size_t *lenptr);
 
 enum ConversionStatusFlags {
     TypeWasNotNative            = 0x100,    /* anything but strings, boolean, null, arrays and maps */

client/ui.c

@@ -159,6 +159,7 @@ void PrintAndLogEx(logLevel_t level, const char *fmt, ...) {
             break;
         case DEBUG:
             strncpy(prefix, _BLUE_("[#]"), sizeof(prefix) - 1);
+            break;
         case HINT:
         case SUCCESS:
             strncpy(prefix, _GREEN_("[+]"), sizeof(prefix) - 1);

client/wiegand_formatutils.c

@@ -36,21 +36,21 @@ bool set_bit_by_position(wiegand_message_t *data, bool value, uint8_t pos) {
         return false;
     } else if (pos > 63) {
         if (value)
-            data->Top |= (1 << (pos - 64));
+            data->Top |= (1UL << (pos - 64));
         else
-            data->Top &= ~(1 << (pos - 64));
+            data->Top &= ~(1UL << (pos - 64));
         return true;
     } else if (pos > 31) {
         if (value)
-            data->Mid |= (1 << (pos - 32));
+            data->Mid |= (1UL << (pos - 32));
         else
-            data->Mid &= ~(1 << (pos - 32));
+            data->Mid &= ~(1UL << (pos - 32));
         return true;
     } else {
         if (value)
-            data->Bot |= (1 << pos);
+            data->Bot |= (1UL << pos);
         else
-            data->Bot &= ~(1 << pos);
+            data->Bot &= ~(1UL << pos);
         return true;
     }
 }

tools/hitag2crack/crack3/ht2crack3.c

@@ -214,15 +214,15 @@ void *crack(void *d) {
     uint64_t y;
     uint64_t ytmp;
     uint64_t klowery;
-    unsigned int count = 0;
+    unsigned int count;
     uint64_t bit;
     uint64_t b;
     uint64_t z;
     uint64_t foundkey;
     uint64_t revkey;
     int ret;
-    unsigned int found = 0;
-    unsigned int badguess = 0;
+    unsigned int found;
+    unsigned int badguess;
 
     struct Tklower *Tk = NULL;
 
@@ -312,7 +312,7 @@ void *crack(void *d) {
                     // normalise foundkey
                     revkey = rev64(foundkey);
                     foundkey = ((revkey >> 40) & 0xff) | ((revkey >> 24) & 0xff00) | ((revkey >> 8) & 0xff0000) | ((revkey << 8) & 0xff000000) | ((revkey << 24) & 0xff00000000) | ((revkey << 40) & 0xff0000000000);
-                    printf("\n\nSuccess - key = %012lX\n", foundkey);
+                    printf("\n\nSuccess - key = %012"PRIx64"\n", foundkey);
                     exit(0);
 
                     return (void *)foundkey;
@@ -446,7 +446,7 @@ int main(int argc, char *argv[]) {
         }
         printf("thread %i finished\n", i);
         if (status) {
-            printf("Key = %012lX\n", (uint64_t)status);
+            printf("Key = %012"PRIx64"\n", (uint64_t)status);
             exit(0);
         }
     }