mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-20 15:26:13 +08:00
Merge branch 'master' into fix_lf_bps
Signed-off-by: Iceman <iceman@iuse.se>
This commit is contained in:
commit
1c9fc565cb
|
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
|
|||
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
|
||||
|
||||
## [unreleased][unreleased]
|
||||
- Added new magic gen4 cards command in docs (@McEloff)
|
||||
- Added `hf tesla info` - intital information command to read TESLA cards (@iceman1001)
|
||||
- Changed `hf emrtd info` - looking for lower case .bin extensions (@iceman1001)
|
||||
- Changed `hf emrtd dump` - looking for lower case .bin extensions (@iceman1001)
|
||||
|
@ -42,6 +43,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
|
|||
- Fixed `trace list -t mf` - now also finds UID if anticollision is partial captured, to be used for mfkey (@iceman1001)
|
||||
- Fixed `make accessrights` on Fedora (@mooey5775)
|
||||
- Fixed the lf sampling when bits_per_sample is less than 8 (@wh201906)
|
||||
- Fixed `hf mfu info` - can now identify the 50 pF version of NTAG 210u(micro) (@mjacksn)
|
||||
- Added `hf 15` sub-commands for controlling EAS, AFI, privacy mode, and the setting of passwords on SLIX tags (@mjacksn)
|
||||
|
||||
## [Radium.4.15864][2022-10-29]
|
||||
- Changed `lf indala sim` - now accepts fc / cn (@iceman1001)
|
||||
|
@ -1364,6 +1367,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
|
|||
- Mifare simulation, `hf mf sim` (was broken a long time) (@pwpiwi)
|
||||
- Major improvements in LF area and data operations. (@marshmellow42, @iceman1001)
|
||||
- Issues regarding LF simulation (@pwpiwi)
|
||||
- Issue interpreting NXP "get sys info" command return value for icode tags. (@mjacksn)
|
||||
|
||||
### Added
|
||||
- iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers do not seem to enforce update. (@holiman).
|
||||
|
|
|
@ -13,4 +13,4 @@ PLATFORM=PM3RDV4
|
|||
#export PATH := /usr/lib64/ccache:/usr/lib/ccache:${PATH}
|
||||
|
||||
# To install with sudo:
|
||||
INSTALLSUDO=sudo
|
||||
INSTALLSUDO=sudo
|
|
@ -50,12 +50,12 @@ define KNOWN_STANDALONE_DEFINITIONS
|
|||
| LF_ICEHID | LF HID collector to flashmem |
|
||||
| (RDV4 only) | |
|
||||
+----------------------------------------------------------+
|
||||
| LF_NEXID | LF Nexwatch collector to flashmem |
|
||||
| (RDV4 only) | |
|
||||
+----------------------------------------------------------+
|
||||
| LF_NEDAP_SIM | LF Nedap ID simple simulator |
|
||||
| | |
|
||||
+----------------------------------------------------------+
|
||||
| LF_NEXID | LF Nexwatch collector to flashmem |
|
||||
| (RDV4 only) | |
|
||||
+----------------------------------------------------------+
|
||||
| LF_PROXBRUTE | HID ProxII bruteforce |
|
||||
| | - Brad Antoniewicz |
|
||||
+----------------------------------------------------------+
|
||||
|
@ -125,8 +125,10 @@ define KNOWN_STANDALONE_DEFINITIONS
|
|||
endef
|
||||
|
||||
|
||||
STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID LF_NEDAP_SIM
|
||||
STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI
|
||||
STANDALONE_MODES := LF_SKELETON
|
||||
STANDALONE_MODES += LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_NEDAP_SIM LF_NEXID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE
|
||||
STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_TCPRST HF_TMUDFORD HF_YOUNG
|
||||
STANDALONE_MODES += DANKARMULTI
|
||||
STANDALONE_MODES_REQ_BT := HF_REBLAY
|
||||
STANDALONE_MODES_REQ_SMARTCARD :=
|
||||
STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM
|
||||
|
|
|
@ -21,6 +21,42 @@ SRC_STANDALONE = placeholder.c
|
|||
ifneq (,$(findstring WITH_STANDALONE_LF_SKELETON,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_skeleton.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100EMUL
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMUL,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100emul.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100RSWB
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWB,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100rswb.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100RSWW
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWW,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100rsww.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100RWC
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RWC,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100rwc.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_HIDBRUTE
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_HIDBRUTE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_hidbrute.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_HIDFCBRUTE
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_HIDFCBRUTE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_hidfcbrute.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_ICEHID
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_ICEHID,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_icehid.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_NEDAP_SIM
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_NEDAP_SIM,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_nedap_sim.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_NEXID
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_NEXID,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_nexid.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_SAMYRUN
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_SAMYRUN,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_samyrun.c
|
||||
|
@ -33,29 +69,9 @@ endif
|
|||
ifneq (,$(findstring WITH_STANDALONE_LF_PROX2BRUTE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_prox2brute.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_HIDBRUTE
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_HIDBRUTE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_hidbrute.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_HIDFCBRUTE
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_HIDFCBRUTE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_hidfcbrute.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_YOUNG
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_YOUNG,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_young.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_MATTYRUN
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_MATTYRUN,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_mattyrun.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_COLIN
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_COLIN,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = vtsend.c hf_colin.c frozen.c nprintf.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_BOG
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_BOG,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_bog.c
|
||||
# WITH_STANDALONE_LF_THAREXDE
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_THAREXDE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_tharexde.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_14ASNIFF
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_14ASNIFF,$(APP_CFLAGS)))
|
||||
|
@ -73,33 +89,21 @@ endif
|
|||
ifneq (,$(findstring WITH_STANDALONE_HF_AVEFUL,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_aveful.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_TCPRST
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_TCPRST,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_tcprst.c
|
||||
# WITH_STANDALONE_HF_BOG
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_BOG,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_bog.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_ICEHID
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_ICEHID,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_icehid.c
|
||||
# WITH_STANDALONE_HF_COLIN
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_COLIN,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = vtsend.c hf_colin.c frozen.c nprintf.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_NEXID
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_NEXID,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_nexid.c
|
||||
# WITH_STANDALONE_HF_CRAFTBYTE
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_CRAFTBYTE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_craftbyte.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100EMUL
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMUL,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100emul.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100RSWB
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWB,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100rswb.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100RSWW
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWW,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100rsww.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_EM4100RWC
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RWC,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_em4100rwc.c
|
||||
# WITH_STANDALONE_HF_ICECLASS
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_ICECLASS,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_iceclass.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_LEGIC
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_LEGIC,$(APP_CFLAGS)))
|
||||
|
@ -109,37 +113,33 @@ endif
|
|||
ifneq (,$(findstring WITH_STANDALONE_HF_LEGICSIM,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_legicsim.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_MATTYRUN
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_MATTYRUN,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_mattyrun.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_MFCSIM
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_MFCSIM,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_mfcsim.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_MSDSAL
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_MSDSAL,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_msdsal.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_ICECLASS
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_ICECLASS,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_iceclass.c
|
||||
# WITH_STANDALONE_HF_REBLAY
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_REBLAY,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_reblay.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_THAREXDE
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_THAREXDE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_tharexde.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_CRAFTBYTE
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_CRAFTBYTE,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_craftbyte.c
|
||||
# WITH_STANDALONE_HF_TCPRST
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_TCPRST,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_tcprst.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_TMUDFORD
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_TMUDFORD,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_tmudford.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_REBLAY
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_REBLAY,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_reblay.c
|
||||
endif
|
||||
# WITH_STANDALONE_HF_MFCSIM
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_MFCSIM,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_mfcsim.c
|
||||
endif
|
||||
# WITH_STANDALONE_LF_NEDAP_SIM
|
||||
ifneq (,$(findstring WITH_STANDALONE_LF_NEDAP_SIM,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = lf_nedap_sim.c
|
||||
# WITH_STANDALONE_HF_YOUNG
|
||||
ifneq (,$(findstring WITH_STANDALONE_HF_YOUNG,$(APP_CFLAGS)))
|
||||
SRC_STANDALONE = hf_young.c
|
||||
endif
|
||||
|
||||
ifneq (,$(findstring WITH_STANDALONE_DANKARMULTI,$(APP_CFLAGS)))
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
//-----------------------------------------------------------------------------
|
||||
// Copyright (C) Brad Antoniewicz 2011
|
||||
// Copyright (C) Yann Gascuel 2023
|
||||
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
|
@ -57,19 +57,19 @@ void RunMod(void) {
|
|||
WDT_HIT();
|
||||
// exit from SamyRun, send a usbcommand.
|
||||
if (data_available()) { // early exit
|
||||
DbpString("[=] You can take the shell back :) ...");
|
||||
DbpString("[=] You can take the shell back :) ...");
|
||||
LEDsoff();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
LED_C_ON();
|
||||
WAIT_BUTTON_RELEASED(); // We are now ready to start brutforcing card numbers
|
||||
LEDsoff();
|
||||
|
||||
Dbprintf("[=] Starting HID ProxII Bruteforce from card %08x to %08x",
|
||||
CARDNUM_START, MIN(CARDNUM_END, 0xFFFF));
|
||||
|
||||
|
||||
for (cardnum = CARDNUM_START ; cardnum <= MIN(CARDNUM_END, 0xFFFF) ; cardnum++) {
|
||||
WDT_HIT();
|
||||
|
||||
|
@ -92,14 +92,14 @@ void RunMod(void) {
|
|||
|
||||
// switch leds to be able to know (aproximatly) which card number worked (64 tries loop)
|
||||
LED_A_INV(); // switch led A every try
|
||||
if ((cardnum-CARDNUM_START) % 8 == 7) // switch led B every 8 tries
|
||||
if ((cardnum - CARDNUM_START) % 8 == 7) // switch led B every 8 tries
|
||||
LED_B_INV();
|
||||
if ((cardnum-CARDNUM_START) % 16 == 15) // switch led C every 16 tries
|
||||
if ((cardnum - CARDNUM_START) % 16 == 15) // switch led C every 16 tries
|
||||
LED_C_INV();
|
||||
if ((cardnum-CARDNUM_START) % 32 == 31) // switch led D every 32 tries
|
||||
if ((cardnum - CARDNUM_START) % 32 == 31) // switch led D every 32 tries
|
||||
LED_D_INV();
|
||||
}
|
||||
|
||||
|
||||
SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5); // Xmax tree
|
||||
Dbprintf("[=] Ending HID ProxII Bruteforce from card %08x to %08x",
|
||||
CARDNUM_START, cardnum - 1);
|
||||
|
|
|
@ -100,6 +100,8 @@ STANDALONE_MODES_REQ_FLASH :=
|
|||
STANDALONE_MODES_REQ_BT :=
|
||||
```
|
||||
|
||||
Please respect alphabetic order!
|
||||
|
||||
## Update MAKEFILE.INC
|
||||
^[Top](#top)
|
||||
|
||||
|
@ -117,6 +119,8 @@ ifneq (,$(findstring WITH_STANDALONE_LF_FOO,$(APP_CFLAGS)))
|
|||
endif
|
||||
```
|
||||
|
||||
Please respect alphabetic order!
|
||||
|
||||
## Adding identification string of your mode
|
||||
^[Top](#top)
|
||||
|
||||
|
@ -174,9 +178,11 @@ Once you're ready to share your mode, please
|
|||
|
||||
* add a line in CHANGELOG.md
|
||||
* add your mode in the modes table in `doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md`
|
||||
* add your mode in `tools/build_all_firmwares.sh`
|
||||
* add your mode in `tools/build_all_firmwares.sh` such that it reflects `armsrc/Standalone/Makefile.hal` list of firmwares to build.
|
||||
|
||||
and submit your PR.
|
||||
Please respect alphabetic order of standalone modes everywhere!
|
||||
|
||||
Then submit your PR.
|
||||
|
||||
Once approved, add also your mode in https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode
|
||||
|
||||
|
|
|
@ -453,6 +453,12 @@ static void SendCapabilities(void) {
|
|||
capabilities.baudrate = g_usart_baudrate;
|
||||
#endif
|
||||
|
||||
#ifdef RDV4
|
||||
capabilities.is_rdv4 = true;
|
||||
#else
|
||||
capabilities.is_rdv4 = false;
|
||||
#endif
|
||||
|
||||
#ifdef WITH_FLASH
|
||||
capabilities.compiled_with_flash = true;
|
||||
capabilities.hw_available_flash = FlashInit();
|
||||
|
@ -1287,23 +1293,79 @@ static void PacketReceived(PacketCommandNG *packet) {
|
|||
SetTag15693Uid(payload->uid);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY: {
|
||||
case CMD_HF_ISO15693_SLIX_DISABLE_EAS: {
|
||||
struct p {
|
||||
uint8_t pwd[4];
|
||||
bool usepwd;
|
||||
} PACKED;
|
||||
struct p *payload = (struct p *) packet->data.asBytes;
|
||||
DisableEAS_AFISlixIso15693(payload->pwd, payload->usepwd);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_ISO15693_SLIX_ENABLE_EAS: {
|
||||
struct p {
|
||||
uint8_t pwd[4];
|
||||
bool usepwd;
|
||||
} PACKED;
|
||||
struct p *payload = (struct p *) packet->data.asBytes;
|
||||
EnableEAS_AFISlixIso15693(payload->pwd, payload->usepwd);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_ISO15693_SLIX_WRITE_PWD: {
|
||||
struct p {
|
||||
uint8_t old_pwd[4];
|
||||
uint8_t new_pwd[4];
|
||||
uint8_t pwd_id;
|
||||
} PACKED;
|
||||
struct p *payload = (struct p *) packet->data.asBytes;
|
||||
WritePasswordSlixIso15693(payload->old_pwd, payload->new_pwd, payload->pwd_id);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY: {
|
||||
struct p {
|
||||
uint8_t pwd[4];
|
||||
} PACKED;
|
||||
struct p *payload = (struct p *) packet->data.asBytes;
|
||||
DisablePrivacySlixLIso15693(payload->pwd);
|
||||
DisablePrivacySlixIso15693(payload->pwd);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_ISO15693_SLIX_L_DISABLE_AESAFI: {
|
||||
case CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY: {
|
||||
struct p {
|
||||
uint8_t pwd[4];
|
||||
} PACKED;
|
||||
struct p *payload = (struct p *) packet->data.asBytes;
|
||||
DisableEAS_AFISlixLIso15693(payload->pwd);
|
||||
struct p* payload = (struct p*)packet->data.asBytes;
|
||||
EnablePrivacySlixIso15693(payload->pwd);
|
||||
break;
|
||||
}
|
||||
|
||||
case CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI: {
|
||||
struct p {
|
||||
uint8_t pwd[4];
|
||||
} PACKED;
|
||||
struct p* payload = (struct p*)packet->data.asBytes;
|
||||
PassProtectAFISlixIso15693(payload->pwd);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_ISO15693_WRITE_AFI: {
|
||||
struct p {
|
||||
uint8_t pwd[4];
|
||||
bool use_pwd;
|
||||
uint8_t uid[8];
|
||||
bool use_uid;
|
||||
uint8_t afi;
|
||||
} PACKED;
|
||||
struct p* payload = (struct p*)packet->data.asBytes;
|
||||
WriteAFIIso15693(payload->pwd, payload->use_pwd, payload->uid, payload->use_uid, payload->afi);
|
||||
break;
|
||||
}
|
||||
case CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS: {
|
||||
struct p {
|
||||
uint8_t pwd[4];
|
||||
} PACKED;
|
||||
struct p* payload = (struct p*)packet->data.asBytes;
|
||||
PassProtextEASSlixIso15693(payload->pwd);
|
||||
break;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef WITH_LEGICRF
|
||||
|
|
|
@ -1229,6 +1229,17 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r
|
|||
|
||||
AddCrc14A(rPPS, sizeof(rPPS) - 2);
|
||||
|
||||
if (tagType == 7) {
|
||||
uint8_t pwd[4];
|
||||
uint8_t gen_pwd[4];
|
||||
uint16_t start = (*pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH;
|
||||
emlGetMemBt(pwd, start, sizeof(pwd));
|
||||
Uint4byteToMemBe(gen_pwd, ul_ev1_pwdgenB(data));
|
||||
if (memcmp(pwd, gen_pwd, sizeof(pwd)) == 0) {
|
||||
rPACK[0] = 0x80;
|
||||
rPACK[1] = 0x80;
|
||||
}
|
||||
}
|
||||
AddCrc14A(rPACK, sizeof(rPACK) - 2);
|
||||
|
||||
static tag_response_info_t responses_init[] = {
|
||||
|
|
|
@ -177,6 +177,37 @@ static void CodeIso15693AsReaderEOF(void) {
|
|||
}
|
||||
|
||||
|
||||
static int get_uid_slix(uint32_t start_time, uint32_t* eof_time, uint8_t* uid) {
|
||||
|
||||
uint8_t *answer = BigBuf_malloc(ISO15693_MAX_RESPONSE_LENGTH);
|
||||
memset(answer, 0x00, ISO15693_MAX_RESPONSE_LENGTH);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
|
||||
uint8_t cmd[5] = {0};
|
||||
BuildIdentifyRequest(cmd);
|
||||
uint16_t recvlen = 0;
|
||||
SendDataTag(cmd, sizeof(cmd), false, true, answer, ISO15693_MAX_RESPONSE_LENGTH, start_time, ISO15693_READER_TIMEOUT, eof_time, &recvlen);
|
||||
|
||||
if(recvlen != 12)
|
||||
{
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
uid[0] = answer[2];
|
||||
uid[1] = answer[3];
|
||||
uid[2] = answer[4];
|
||||
uid[3] = answer[5];
|
||||
uid[4] = answer[6];
|
||||
uid[5] = answer[7];
|
||||
uid[6] = answer[8];
|
||||
uid[7] = answer[9];
|
||||
|
||||
BigBuf_free();
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
// encode data using "1 out of 256" scheme
|
||||
// data rate is 1,66 kbit/s (fc/8192)
|
||||
// is designed for more robust communication over longer distances
|
||||
|
@ -2431,6 +2462,8 @@ void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint
|
|||
case ISO15693_WRITE_AFI:
|
||||
case ISO15693_LOCK_AFI:
|
||||
case ISO15693_WRITE_DSFID:
|
||||
case ISO15693_WRITE_PASSWORD:
|
||||
case ISO15693_PASSWORD_PROTECT_EAS:
|
||||
case ISO15693_LOCK_DSFID:
|
||||
timeout = ISO15693_READER_TIMEOUT_WRITE;
|
||||
request_answer = data[0] & ISO15_REQ_OPTION;
|
||||
|
@ -2640,7 +2673,7 @@ void SetTag15693Uid(const uint8_t *uid) {
|
|||
switch_off();
|
||||
}
|
||||
|
||||
static void init_password_15693_slixl(uint8_t *buffer, uint8_t *pwd, const uint8_t *rnd) {
|
||||
static void init_password_15693_Slix(uint8_t *buffer, uint8_t *pwd, const uint8_t *rnd) {
|
||||
memcpy(buffer, pwd, 4);
|
||||
if (rnd) {
|
||||
buffer[0] ^= rnd[0];
|
||||
|
@ -2650,14 +2683,14 @@ static void init_password_15693_slixl(uint8_t *buffer, uint8_t *pwd, const uint8
|
|||
}
|
||||
}
|
||||
|
||||
static bool get_rnd_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *rnd) {
|
||||
static bool get_rnd_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *rnd) {
|
||||
// 0x04, == NXP from manufacture id list.
|
||||
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_GET_RANDOM_NUMBER, 0x04, 0x00, 0x00 };
|
||||
AddCrc15(c, 3);
|
||||
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
int res = SendDataTag(c, sizeof(c), true, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res != PM3_SUCCESS && recvlen != 5) {
|
||||
return false;
|
||||
}
|
||||
|
@ -2668,15 +2701,16 @@ static bool get_rnd_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t
|
|||
return true;
|
||||
}
|
||||
|
||||
static uint32_t set_pass_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t pass_id, uint8_t *password) {
|
||||
static uint32_t disable_privacy_15693_Slix(uint32_t start_time, uint32_t* eof_time, uint8_t pass_id, uint8_t* password) {
|
||||
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
// 0x04, == NXP from manufacture id list.
|
||||
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_SET_PASSWORD, 0x04, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
init_password_15693_slixl(&c[4], password, rnd);
|
||||
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, ISO15693_SET_PASSWORD, 0x04, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
init_password_15693_Slix(&c[4], password, rnd);
|
||||
AddCrc15(c, 8);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
|
@ -2689,16 +2723,236 @@ static uint32_t set_pass_15693_slixl(uint32_t start_time, uint32_t *eof_time, ui
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
static uint32_t enable_privacy_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
|
||||
static uint32_t set_pass_15693_Slix(uint32_t start_time, uint32_t* eof_time, uint8_t pass_id, uint8_t* password, uint8_t* uid) {
|
||||
|
||||
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
// 0x04, == NXP from manufacture id list.
|
||||
uint8_t c[] = { (ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS), ISO15693_SET_PASSWORD, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
|
||||
init_password_15693_Slix(&c[12], password, rnd);
|
||||
|
||||
memcpy(&c[3], uid, 8);
|
||||
AddCrc15(c, 16);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
|
||||
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res != PM3_SUCCESS && recvlen != 3) {
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static uint32_t set_privacy_15693_Slix(uint32_t start_time, uint32_t* eof_time, uint8_t* password) {
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
// 0x04, == NXP from manufacture id list.
|
||||
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
|
||||
init_password_15693_Slix(&c[3], password, rnd);
|
||||
AddCrc15(c, 7);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res != PM3_SUCCESS && recvlen != 3) {
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static uint32_t disable_eas_15693_Slix(uint32_t start_time, uint32_t* eof_time, uint8_t* password, bool usepwd) {
|
||||
|
||||
uint8_t uid[8];
|
||||
get_uid_slix(start_time, eof_time, uid);
|
||||
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
if(usepwd)
|
||||
{
|
||||
|
||||
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
|
||||
|
||||
if(res_setpass != PM3_SUCCESS)
|
||||
{
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
}
|
||||
|
||||
// 0x04, == NXP from manufacture id list.
|
||||
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, 0xA3, 0x04, 0x00, 0x00};
|
||||
AddCrc15(c, 3);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res != PM3_SUCCESS && recvlen != 3) {
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
static uint32_t enable_eas_15693_Slix(uint32_t start_time, uint32_t* eof_time, uint8_t* password, bool usepwd) {
|
||||
|
||||
uint8_t uid[8];
|
||||
get_uid_slix(start_time, eof_time, uid);
|
||||
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
if(usepwd)
|
||||
{
|
||||
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
|
||||
|
||||
if(res_setpass != PM3_SUCCESS)
|
||||
{
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
}
|
||||
// 0x04, == NXP from manufacture id list.
|
||||
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, 0xA2, 0x04, 0x00, 0x00};
|
||||
//init_password_15693_Slix(&c[3], password, rnd);
|
||||
AddCrc15(c, 3);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res != PM3_SUCCESS && recvlen != 3) {
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static uint32_t write_password_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t pwd_id, uint8_t *password, uint8_t* uid) {
|
||||
|
||||
uint8_t new_pwd_cmd[] = { (ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS), ISO15693_WRITE_PASSWORD, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, pwd_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
|
||||
|
||||
memcpy(&new_pwd_cmd[3], uid, 8);
|
||||
memcpy(&new_pwd_cmd[12], password, 4);
|
||||
|
||||
AddCrc15(new_pwd_cmd, 16);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
|
||||
int res_wrp = SendDataTag(new_pwd_cmd, sizeof(new_pwd_cmd), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res_wrp != PM3_SUCCESS && recvlen != 3) {
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static uint32_t pass_protect_EASAFI_15693_Slix(uint32_t start_time, uint32_t *eof_time, bool set_option_flag, uint8_t* password) {
|
||||
|
||||
uint8_t flags;
|
||||
|
||||
if(set_option_flag)
|
||||
flags = ISO15_REQ_DATARATE_HIGH | ISO15_REQ_OPTION;
|
||||
else
|
||||
flags = ISO15_REQ_DATARATE_HIGH;
|
||||
|
||||
|
||||
uint8_t uid[8];
|
||||
get_uid_slix(start_time, eof_time, uid);
|
||||
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
|
||||
|
||||
if(res_setpass != PM3_SUCCESS)
|
||||
{
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
uint8_t new_pass_protect_cmd[] = { flags, ISO15693_PASSWORD_PROTECT_EAS, 0x04, 0x00, 0x00};
|
||||
AddCrc15(new_pass_protect_cmd, 3);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
|
||||
int res = SendDataTag(new_pass_protect_cmd, sizeof(new_pass_protect_cmd), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res != PM3_SUCCESS && recvlen != 3) {
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static uint32_t write_afi_15693(uint32_t start_time, uint32_t *eof_time, uint8_t *password, bool usepwd, uint8_t *uid, bool use_uid, uint8_t afi)
|
||||
{
|
||||
|
||||
if(!use_uid)
|
||||
{
|
||||
int res_getuid = get_uid_slix(start_time, eof_time, uid);
|
||||
|
||||
if(res_getuid != PM3_SUCCESS)
|
||||
{
|
||||
return res_getuid;
|
||||
}
|
||||
}
|
||||
|
||||
if(usepwd)
|
||||
{
|
||||
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
|
||||
|
||||
if(res_setpass != PM3_SUCCESS)
|
||||
{
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
}
|
||||
|
||||
uint8_t cmd[] = { ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_WRITE_AFI, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
|
||||
|
||||
memcpy(&cmd[2], uid, 8);
|
||||
cmd[10] = afi;
|
||||
AddCrc15(cmd, 11);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
|
||||
uint16_t recvlen = 0;
|
||||
|
||||
int res = SendDataTag(cmd, sizeof(cmd), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
|
||||
if (res != PM3_SUCCESS || recvlen != 3) {
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
static uint32_t enable_privacy_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_ENABLE_PRIVACY, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
memcpy(&c[3], uid, 8);
|
||||
init_password_15693_slixl(&c[11], password, rnd);
|
||||
init_password_15693_Slix(&c[11], password, rnd);
|
||||
AddCrc15(c, 15);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
|
@ -2711,16 +2965,16 @@ static uint32_t enable_privacy_15693_slixl(uint32_t start_time, uint32_t *eof_ti
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static uint32_t write_password_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
|
||||
static uint32_t write_password_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_WRITE_PASSWORD, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
memcpy(&c[3], uid, 8);
|
||||
c[11] = pass_id;
|
||||
init_password_15693_slixl(&c[12], password, NULL);
|
||||
init_password_15693_Slix(&c[12], password, NULL);
|
||||
AddCrc15(c, 16);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
|
@ -2734,16 +2988,16 @@ static uint32_t write_password_15693_slixl(uint32_t start_time, uint32_t *eof_ti
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static uint32_t destroy_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t *password) {
|
||||
static uint32_t destroy_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t *password) {
|
||||
|
||||
uint8_t rnd[2];
|
||||
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
|
||||
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_DESTROY, ISO15693_ENABLE_PRIVACY, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
memcpy(&c[3], uid, 8);
|
||||
init_password_15693_slixl(&c[11], password, rnd);
|
||||
init_password_15693_Slix(&c[11], password, rnd);
|
||||
AddCrc15(c, 15);
|
||||
|
||||
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
|
||||
|
@ -2758,8 +3012,33 @@ static uint32_t destroy_15693_slixl(uint32_t start_time, uint32_t *eof_time, uin
|
|||
|
||||
*/
|
||||
|
||||
// Sets a PRIVACY password to all ZEROS
|
||||
void DisablePrivacySlixLIso15693(uint8_t *password) {
|
||||
void WritePasswordSlixIso15693(uint8_t *old_password, uint8_t *new_password, uint8_t pwd_id) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
uint32_t start_time = 0, eof_time = 0;
|
||||
int res = PM3_EFAILED;
|
||||
|
||||
uint8_t uid[8];
|
||||
get_uid_slix(start_time, &eof_time, uid);
|
||||
|
||||
res = set_pass_15693_Slix(start_time, &eof_time, pwd_id, old_password, uid);
|
||||
if(res != PM3_SUCCESS)
|
||||
{
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_WRITE_PWD, res, NULL, 0);
|
||||
switch_off();
|
||||
return;
|
||||
}
|
||||
|
||||
res = write_password_15693_Slix(start_time, &eof_time, pwd_id, new_password, uid);
|
||||
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_WRITE_PWD, res, NULL, 0);
|
||||
|
||||
switch_off();
|
||||
|
||||
}
|
||||
|
||||
void DisablePrivacySlixIso15693(uint8_t *password) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
|
@ -2769,13 +3048,12 @@ void DisablePrivacySlixLIso15693(uint8_t *password) {
|
|||
// 0x04 Privacy
|
||||
// 0x08 Destroy SLIX-L
|
||||
// 0x10 EAS/AFI
|
||||
int res = set_pass_15693_slixl(start_time, &eof_time, 0x04, password);
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY, res, NULL, 0);
|
||||
int res = disable_privacy_15693_Slix(start_time, &eof_time, 0x04, password);
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY, res, NULL, 0);
|
||||
switch_off();
|
||||
}
|
||||
|
||||
// Sets a EAS/AFI password to all ZEROS
|
||||
void DisableEAS_AFISlixLIso15693(uint8_t *password) {
|
||||
void EnablePrivacySlixIso15693(uint8_t* password) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
|
@ -2785,8 +3063,71 @@ void DisableEAS_AFISlixLIso15693(uint8_t *password) {
|
|||
// 0x04 Privacy
|
||||
// 0x08 Destroy SLIX-L
|
||||
// 0x10 EAS/AFI
|
||||
int res = set_pass_15693_slixl(start_time, &eof_time, 0x10, password);
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_L_DISABLE_AESAFI, res, NULL, 0);
|
||||
int res = set_privacy_15693_Slix(start_time, &eof_time, password);
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY, res, NULL, 0);
|
||||
switch_off();
|
||||
}
|
||||
|
||||
|
||||
void DisableEAS_AFISlixIso15693(uint8_t *password, bool usepwd) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
uint32_t start_time = 0, eof_time = 0;
|
||||
|
||||
// Password identifier Password byte
|
||||
// 0x04 Privacy
|
||||
// 0x08 Destroy SLIX-L
|
||||
// 0x10 EAS/AFI
|
||||
int res = disable_eas_15693_Slix(start_time, &eof_time, password, usepwd);
|
||||
|
||||
|
||||
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_DISABLE_EAS, res, NULL, 0);
|
||||
switch_off();
|
||||
}
|
||||
|
||||
void EnableEAS_AFISlixIso15693(uint8_t *password, bool usepwd) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
uint32_t start_time = 0, eof_time = 0;
|
||||
|
||||
// Password identifier Password byte
|
||||
// 0x04 Privacy
|
||||
// 0x08 Destroy SLIX-L
|
||||
// 0x10 EAS/AFI
|
||||
int res = enable_eas_15693_Slix(start_time, &eof_time, password, usepwd);
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_ENABLE_EAS, res, NULL, 0);
|
||||
switch_off();
|
||||
}
|
||||
|
||||
void PassProtextEASSlixIso15693(uint8_t *password) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
uint32_t start_time = 0, eof_time = 0;
|
||||
int res = pass_protect_EASAFI_15693_Slix(start_time, &eof_time, false, password);
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS, res, NULL, 0);
|
||||
switch_off();
|
||||
}
|
||||
void PassProtectAFISlixIso15693(uint8_t *password) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
uint32_t start_time = 0, eof_time = 0;
|
||||
int res = pass_protect_EASAFI_15693_Slix(start_time, &eof_time, true, password);
|
||||
reply_ng(CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI, res, NULL, 0);
|
||||
switch_off();
|
||||
}
|
||||
|
||||
void WriteAFIIso15693(uint8_t *password, bool use_pwd, uint8_t *uid, bool use_uid, uint8_t afi) {
|
||||
LED_D_ON();
|
||||
Iso15693InitReader();
|
||||
StartCountSspClk();
|
||||
uint32_t start_time = 0, eof_time = 0;
|
||||
int res = write_afi_15693(start_time, &eof_time, password, use_pwd, uid, use_uid, afi);
|
||||
//int res = PM3_SUCCESS;
|
||||
reply_ng(CMD_HF_ISO15693_WRITE_AFI, res, NULL, 0);
|
||||
switch_off();
|
||||
}
|
|
@ -62,6 +62,12 @@ int SendDataTagEOF(uint8_t *recv, uint16_t max_recv_len, uint32_t start_time, ui
|
|||
|
||||
void SetTag15693Uid(const uint8_t *uid);
|
||||
|
||||
void DisablePrivacySlixLIso15693(uint8_t *password);
|
||||
void DisableEAS_AFISlixLIso15693(uint8_t *password);
|
||||
void WritePasswordSlixIso15693(uint8_t *old_password, uint8_t *new_password, uint8_t pwd_id);
|
||||
void DisablePrivacySlixIso15693(uint8_t *password);
|
||||
void EnablePrivacySlixIso15693(uint8_t* password);
|
||||
void DisableEAS_AFISlixIso15693(uint8_t *password, bool usepwd);
|
||||
void EnableEAS_AFISlixIso15693(uint8_t *password, bool usepwd);
|
||||
void PassProtextEASSlixIso15693(uint8_t *password);
|
||||
void PassProtectAFISlixIso15693(uint8_t *password);
|
||||
void WriteAFIIso15693(uint8_t *password, bool usepwd, uint8_t *uid, bool use_uid, uint8_t afi);
|
||||
#endif
|
||||
|
|
|
@ -294,6 +294,7 @@ set (TARGET_SOURCES
|
|||
${PM3_ROOT}/client/src/cmdhfseos.c
|
||||
${PM3_ROOT}/client/src/cmdhfst.c
|
||||
${PM3_ROOT}/client/src/cmdhfst25ta.c
|
||||
${PM3_ROOT}/client/src/cmdhftesla.c
|
||||
${PM3_ROOT}/client/src/cmdhftexkom.c
|
||||
${PM3_ROOT}/client/src/cmdhfthinfilm.c
|
||||
${PM3_ROOT}/client/src/cmdhftopaz.c
|
||||
|
|
|
@ -139,14 +139,10 @@ local function main(args)
|
|||
-- force lock bytes, otherwise the Amiibo won't be recognized
|
||||
blocks[16] = blocks[16]:sub(1, 4)..'0FE0'
|
||||
|
||||
-- add PWD and PACK if necessary
|
||||
-- add PWD and PACK
|
||||
local uid = blocks[14]:sub(1, 6)..blocks[15]:sub(1, 8)
|
||||
if blocks[147] == nil or blocks[147] == '00000000' then
|
||||
blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55))
|
||||
end
|
||||
if blocks[148] == nil or blocks[148] == '00000000' then
|
||||
blocks[148] = "80800000"
|
||||
end
|
||||
blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55))
|
||||
blocks[148] = "80800000"
|
||||
|
||||
err = LoadEmulator(uid, blocks)
|
||||
if err then return oops(err) end
|
||||
|
|
|
@ -1230,7 +1230,7 @@ int FSKrawDemod(uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow, bo
|
|||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(SUCCESS, _YELLOW_("%s") " decoded bitstream", GetFSKType(fchigh, fclow, invert));
|
||||
PrintAndLogEx(INFO, "-----------------------");
|
||||
printDemodBuff(0, false, invert, false);
|
||||
printDemodBuff(0, false, false, false);
|
||||
}
|
||||
goto out;
|
||||
} else {
|
||||
|
|
|
@ -652,14 +652,13 @@ static int CmdHF15Samples(const char *Cmd) {
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int NxpTestEAS(uint8_t *uid)
|
||||
{
|
||||
uint8_t fast = 1;
|
||||
static int NxpTestEAS(uint8_t *uid) {
|
||||
uint8_t fast = 1;
|
||||
uint8_t reply = 1;
|
||||
PacketResponseNG resp;
|
||||
uint16_t reqlen = 0;
|
||||
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
|
||||
|
||||
|
||||
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
|
||||
req[reqlen++] = ISO15693_EAS_ALARM;
|
||||
req[reqlen++] = 0x04; // IC manufacturer code
|
||||
|
@ -681,7 +680,7 @@ static int NxpTestEAS(uint8_t *uid)
|
|||
if (resp.length < 2) {
|
||||
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active");
|
||||
} else {
|
||||
uint8_t * recv = resp.data.asBytes;
|
||||
uint8_t *recv = resp.data.asBytes;
|
||||
|
||||
if (!(recv[0] & ISO15_RES_ERROR)) {
|
||||
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active.");
|
||||
|
@ -689,56 +688,56 @@ static int NxpTestEAS(uint8_t *uid)
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
static int NxpCheckSig(uint8_t *uid) {
|
||||
uint8_t fast = 1;
|
||||
uint8_t fast = 1;
|
||||
uint8_t reply = 1;
|
||||
PacketResponseNG resp;
|
||||
uint16_t reqlen = 0;
|
||||
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
|
||||
|
||||
// Check if we can also read the signature
|
||||
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
|
||||
req[reqlen++] = ISO15693_READ_SIGNATURE;
|
||||
req[reqlen++] = 0x04; // IC manufacturer code
|
||||
memcpy(req + 3, uid, 8); // add UID
|
||||
reqlen += 8;
|
||||
// Check if we can also read the signature
|
||||
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
|
||||
req[reqlen++] = ISO15693_READ_SIGNATURE;
|
||||
req[reqlen++] = 0x04; // IC manufacturer code
|
||||
memcpy(req + 3, uid, 8); // add UID
|
||||
reqlen += 8;
|
||||
|
||||
AddCrc15(req, reqlen);
|
||||
reqlen += 2;
|
||||
AddCrc15(req, reqlen);
|
||||
reqlen += 2;
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
|
||||
clearCommandBuffer();
|
||||
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
|
||||
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "iso15693 timeout");
|
||||
DropField();
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "iso15693 timeout");
|
||||
DropField();
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
DropField();
|
||||
DropField();
|
||||
|
||||
if (resp.length < 2) {
|
||||
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
if (resp.length < 2) {
|
||||
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
uint8_t *recv = resp.data.asBytes;
|
||||
uint8_t *recv = resp.data.asBytes;
|
||||
|
||||
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
|
||||
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
|
||||
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
uint8_t signature[32] = {0x00};
|
||||
memcpy(signature, recv + 1, 32);
|
||||
uint8_t signature[32] = {0x00};
|
||||
memcpy(signature, recv + 1, 32);
|
||||
|
||||
nxp_15693_print_signature(uid, signature);
|
||||
|
||||
return PM3_SUCCESS;
|
||||
nxp_15693_print_signature(uid, signature);
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
// Get NXP system information from SLIX2 tag/VICC
|
||||
|
@ -790,14 +789,14 @@ static int NxpSysInfo(uint8_t *uid) {
|
|||
}
|
||||
|
||||
bool support_signature = (recv[5] & 0x01);
|
||||
bool support_easmode = (recv[4] & 0x03);
|
||||
bool support_easmode = (recv[4] & 0x04);
|
||||
|
||||
PrintAndLogEx(INFO, "--------- " _CYAN_("NXP Sysinfo") " ---------");
|
||||
PrintAndLogEx(INFO, " raw : %s", sprint_hex(recv, 8));
|
||||
PrintAndLogEx(INFO, " Password protection configuration:");
|
||||
PrintAndLogEx(INFO, " * Page L read%s password protected", ((recv[2] & 0x01) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Page L write%s password protected", ((recv[2] & 0x02) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Page H read%s password protected", ((recv[2] & 0x08) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Page H read%s password protected", ((recv[2] & 0x10) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Page H write%s password protected", ((recv[2] & 0x20) ? "" : " not"));
|
||||
|
||||
PrintAndLogEx(INFO, " Lock bits:");
|
||||
|
@ -810,23 +809,23 @@ static int NxpSysInfo(uint8_t *uid) {
|
|||
PrintAndLogEx(INFO, " * User memory password protection%s supported", ((recv[4] & 0x01) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Counter feature%s supported", ((recv[4] & 0x02) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * EAS ID%s supported by EAS ALARM command", support_easmode ? "" : " not");
|
||||
PrintAndLogEx(INFO, " * EAS password protection%s supported", ((recv[4] & 0x04) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * EAS password protection%s supported", ((recv[4] & 0x08) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * AFI password protection%s supported", ((recv[4] & 0x10) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Extended mode%s supported by INVENTORY READ command", ((recv[4] & 0x20) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * EAS selection%s supported by extended mode in INVENTORY READ command", ((recv[4] & 0x40) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * READ SIGNATURE command%s supported", support_signature ? "" : " not");
|
||||
PrintAndLogEx(INFO, " * Password protection for READ SIGNATURE command%s supported", ((recv[5] & 0x02) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * STAY QUIET PERSISTENT command%s supported", ((recv[5] & 0x03) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * STAY QUIET PERSISTENT command%s supported", ((recv[5] & 0x04) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * ENABLE PRIVACY command%s supported", ((recv[5] & 0x10) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * DESTROY command%s supported", ((recv[5] & 0x20) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not"));
|
||||
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[7] & 0x80) ? "" : " not"));
|
||||
|
||||
if (support_easmode) {
|
||||
NxpTestEAS(uid);
|
||||
NxpTestEAS(uid);
|
||||
}
|
||||
|
||||
if (support_signature) {
|
||||
NxpCheckSig(uid);
|
||||
NxpCheckSig(uid);
|
||||
}
|
||||
|
||||
return PM3_SUCCESS;
|
||||
|
@ -968,16 +967,12 @@ static int CmdHF15Info(const char *Cmd) {
|
|||
if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) {
|
||||
PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info");
|
||||
return NxpSysInfo(uid);
|
||||
}
|
||||
else if(data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) //If it is an NTAG 5
|
||||
{
|
||||
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
|
||||
} else if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) { //If it is an NTAG 5
|
||||
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
|
||||
return NxpSysInfo(uid);
|
||||
}
|
||||
else if(data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
|
||||
{
|
||||
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
|
||||
return NxpTestEAS(uid);
|
||||
} else if (data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) { //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
|
||||
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
|
||||
return NxpTestEAS(uid);
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
|
@ -1357,94 +1352,83 @@ static int CmdHF15WriteAfi(const char *Cmd) {
|
|||
CLIParserInit(&ctx, "hf 15 writeafi",
|
||||
"Write AFI on card",
|
||||
"hf 15 writeafi -* --afi 12\n"
|
||||
"hf 15 writeafi -u E011223344556677 --afi 12"
|
||||
"hf 15 writeafi -u E011223344556677 --afi 12 -p 0F0F0F0F"
|
||||
);
|
||||
|
||||
void *argtable[6 + 2] = {};
|
||||
uint8_t arglen = arg_add_default(argtable);
|
||||
argtable[arglen++] = arg_int1(NULL, "afi", "<dec>", "AFI number (0-255)");
|
||||
argtable[arglen++] = arg_param_end;
|
||||
void *argtable[5] = {};
|
||||
argtable[0] = arg_param_begin;
|
||||
argtable[1] = arg_str0("u", "uid", "<hex>", "full UID, 8 bytes");
|
||||
argtable[2] = arg_int1(NULL, "afi", "<dec>", "AFI number (0-255)");
|
||||
argtable[3] = arg_str0("p", "pwd", "<hex>", "optional AFI/EAS password");
|
||||
argtable[4] = arg_param_end;
|
||||
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||
|
||||
struct {
|
||||
uint8_t pwd[4];
|
||||
bool use_pwd;
|
||||
uint8_t uid[8];
|
||||
bool use_uid;
|
||||
uint8_t afi;
|
||||
} PACKED payload;
|
||||
|
||||
uint8_t uid[8];
|
||||
int uidlen = 0;
|
||||
CLIGetHexWithReturn(ctx, 1, uid, &uidlen);
|
||||
bool unaddressed = arg_get_lit(ctx, 2);
|
||||
bool scan = arg_get_lit(ctx, 3);
|
||||
int fast = (arg_get_lit(ctx, 4) == false);
|
||||
bool add_option = arg_get_lit(ctx, 5);
|
||||
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
|
||||
|
||||
int afi = arg_get_int_def(ctx, 6, 0);
|
||||
payload.afi = arg_get_int_def(ctx, 2, 0);
|
||||
|
||||
int pwdlen;
|
||||
|
||||
CLIGetHexWithReturn(ctx, 3, payload.pwd, &pwdlen);
|
||||
|
||||
CLIParserFree(ctx);
|
||||
|
||||
if(pwdlen == 4)
|
||||
{
|
||||
payload.use_pwd = true;
|
||||
}
|
||||
|
||||
if(uidlen == 8)
|
||||
{
|
||||
payload.use_uid = true;
|
||||
}
|
||||
|
||||
// sanity checks
|
||||
if ((scan + unaddressed + uidlen) > 1) {
|
||||
PrintAndLogEx(WARNING, "Select only one option /scan/unaddress/uid");
|
||||
if (uidlen != 0 && uidlen != 8) {
|
||||
PrintAndLogEx(WARNING, "uid must be 8 hex bytes if provided");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
|
||||
// request to be sent to device/card
|
||||
uint16_t flags = arg_get_raw_flag(uidlen, unaddressed, scan, add_option);
|
||||
uint8_t req[16] = {flags, ISO15693_WRITE_AFI};
|
||||
uint16_t reqlen = 2;
|
||||
|
||||
if (unaddressed == false) {
|
||||
if (scan) {
|
||||
if (getUID(false, uid) != PM3_SUCCESS) {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
uidlen = 8;
|
||||
}
|
||||
|
||||
if (uidlen == 8) {
|
||||
// add UID (scan, uid)
|
||||
memcpy(req + reqlen, uid, sizeof(uid));
|
||||
reqlen += sizeof(uid);
|
||||
}
|
||||
PrintAndLogEx(SUCCESS, "Using UID... " _GREEN_("%s"), iso15693_sprintUID(NULL, uid));
|
||||
|
||||
if(pwdlen > 0 && pwdlen != 4)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "password must be 4 hex bytes if provided");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
// enforce, since we are writing
|
||||
req[0] |= ISO15_REQ_OPTION;
|
||||
|
||||
req[reqlen++] = (uint8_t)afi;
|
||||
|
||||
AddCrc15(req, reqlen);
|
||||
reqlen += 2;
|
||||
|
||||
// arg: len, speed, recv?
|
||||
// arg0 (datalen, cmd len? .arg0 == crc?)
|
||||
// arg1 (speed == 0 == 1 of 256, == 1 == 1 of 4 )
|
||||
// arg2 (recv == 1 == expect a response)
|
||||
uint8_t read_response = 1;
|
||||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, read_response, req, reqlen);
|
||||
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
|
||||
PrintAndLogEx(ERR, "iso15693 timeout");
|
||||
SendCommandNG(CMD_HF_ISO15693_WRITE_AFI, (uint8_t *)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_WRITE_AFI, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
DropField();
|
||||
|
||||
if (resp.status == PM3_ETEAROFF) {
|
||||
return resp.status;
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
uint8_t *data = resp.data.asBytes;
|
||||
|
||||
if ((data[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
|
||||
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", data[0], TagErrorStr(data[0]));
|
||||
return PM3_EWRONGANSWER;
|
||||
switch (resp.status) {
|
||||
case PM3_ETIMEOUT: {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
break;
|
||||
}
|
||||
case PM3_EWRONGANSWER: {
|
||||
PrintAndLogEx(WARNING, "error writing AFI");
|
||||
break;
|
||||
}
|
||||
case PM3_SUCCESS: {
|
||||
PrintAndLogEx(SUCCESS, "Wrote AFI 0x%02X", payload.afi);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(SUCCESS, "Wrote AFI 0x%02X", afi);
|
||||
return PM3_SUCCESS;
|
||||
return resp.status;
|
||||
}
|
||||
|
||||
// Writes the DSFID (Data Storage Format Identifier) of a card
|
||||
|
@ -2383,10 +2367,164 @@ static int CmdHF15CSetUID(const char *Cmd) {
|
|||
}
|
||||
}
|
||||
|
||||
static int CmdHF15SlixEASEnable(const char *Cmd) {
|
||||
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 15 slixeasenable",
|
||||
"Enable EAS mode on SLIX ISO-15693 tag",
|
||||
"hf 15 slixeasenable -p 0F0F0F0F");
|
||||
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_str0("p", "pwd", "<hex>", "optional password, 8 hex bytes"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||
struct {
|
||||
uint8_t pwd[4];
|
||||
bool usepwd;
|
||||
} PACKED payload;
|
||||
int pwdlen = 0;
|
||||
|
||||
int ret_pwdparse = CLIParamHexToBuf(arg_get_str(ctx, 1), payload.pwd, 4, &pwdlen);
|
||||
if((pwdlen > 0 && pwdlen != 4) || ret_pwdparse != 0)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "password must be 4 hex bytes if provided");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
//CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
|
||||
CLIParserFree(ctx);
|
||||
|
||||
|
||||
if(pwdlen > 0 )
|
||||
{
|
||||
PrintAndLogEx(INFO, "Trying to enable EAS mode using password " _GREEN_("%s")
|
||||
, sprint_hex_inrow(payload.pwd, sizeof(payload.pwd))
|
||||
);
|
||||
payload.usepwd = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
PrintAndLogEx(INFO, "Trying to enable EAS mode without using a password");
|
||||
payload.usepwd = false;
|
||||
}
|
||||
|
||||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_ENABLE_EAS, (uint8_t *)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_ENABLE_EAS, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
switch (resp.status) {
|
||||
case PM3_ETIMEOUT: {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
break;
|
||||
}
|
||||
case PM3_EWRONGANSWER: {
|
||||
if(pwdlen > 0 )
|
||||
{
|
||||
PrintAndLogEx(WARNING, "the password provided was not accepted");
|
||||
}
|
||||
else
|
||||
{
|
||||
PrintAndLogEx(WARNING, "either a password is required or EAS mode is locked");
|
||||
}
|
||||
break;
|
||||
}
|
||||
case PM3_SUCCESS: {
|
||||
PrintAndLogEx(SUCCESS, "EAS mode is now enabled ( " _GREEN_("ok") " ) ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return resp.status;
|
||||
}
|
||||
|
||||
static int CmdHF15SlixEASDisable(const char *Cmd) {
|
||||
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 15 slixeasdisable",
|
||||
"Disable EAS mode on SLIX ISO-15693 tag",
|
||||
"hf 15 slixeasdisable -p 0F0F0F0F");
|
||||
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_str0("p", "pwd", "<hex>", "optional password, 8 hex bytes"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||
struct {
|
||||
uint8_t pwd[4];
|
||||
bool usepwd;
|
||||
|
||||
} PACKED payload;
|
||||
int pwdlen = 0;
|
||||
|
||||
int ret_pwdparse = CLIParamHexToBuf(arg_get_str(ctx, 1), payload.pwd, 4, &pwdlen);
|
||||
if((pwdlen > 0 && pwdlen != 4) || ret_pwdparse != 0)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "password must be 4 hex bytes if provided");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
//CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
|
||||
CLIParserFree(ctx);
|
||||
|
||||
|
||||
if(pwdlen > 0 )
|
||||
{
|
||||
PrintAndLogEx(INFO, "Trying to disable EAS mode using password " _GREEN_("%s")
|
||||
, sprint_hex_inrow(payload.pwd, sizeof(payload.pwd))
|
||||
);
|
||||
payload.usepwd = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
PrintAndLogEx(INFO, "Trying to enable EAS mode without using a password");
|
||||
payload.usepwd = false;
|
||||
}
|
||||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_DISABLE_EAS, (uint8_t *)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_DISABLE_EAS, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
switch (resp.status) {
|
||||
case PM3_ETIMEOUT: {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
break;
|
||||
}
|
||||
case PM3_EWRONGANSWER: {
|
||||
if(pwdlen > 0 )
|
||||
{
|
||||
PrintAndLogEx(WARNING, "the password provided was not accepted");
|
||||
}
|
||||
else
|
||||
{
|
||||
PrintAndLogEx(WARNING, "either a password is required or EAS mode is locked");
|
||||
}
|
||||
break;
|
||||
}
|
||||
case PM3_SUCCESS: {
|
||||
PrintAndLogEx(SUCCESS, "EAS mode is now disabled ( " _GREEN_("ok") " ) ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return resp.status;
|
||||
}
|
||||
|
||||
static int CmdHF15SlixDisable(const char *Cmd) {
|
||||
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 15 slixdisable",
|
||||
CLIParserInit(&ctx, "hf 15 slixprivacydisable",
|
||||
"Disable privacy mode on SLIX ISO-15693 tag",
|
||||
"hf 15 slixdisable -p 0F0F0F0F");
|
||||
|
||||
|
@ -2409,8 +2547,8 @@ static int CmdHF15SlixDisable(const char *Cmd) {
|
|||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY, (uint8_t *)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY, &resp, 2000) == false) {
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY, (uint8_t *)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ESOFT;
|
||||
|
@ -2433,32 +2571,330 @@ static int CmdHF15SlixDisable(const char *Cmd) {
|
|||
return resp.status;
|
||||
}
|
||||
|
||||
static int CmdHF15SlixEnable(const char* Cmd) {
|
||||
|
||||
CLIParserContext* ctx;
|
||||
CLIParserInit(&ctx, "hf 15 slixprivacyenable",
|
||||
"Enable privacy mode on SLIX ISO-15693 tag",
|
||||
"hf 15 slixenable -p 0F0F0F0F");
|
||||
|
||||
void* argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_str1("p", "pwd", "<hex>", "password, 8 hex bytes"),
|
||||
arg_param_end
|
||||
};
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||
struct {
|
||||
uint8_t pwd[4];
|
||||
} PACKED payload;
|
||||
int pwdlen = 0;
|
||||
CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
|
||||
CLIParserFree(ctx);
|
||||
|
||||
PrintAndLogEx(INFO, "Trying to enable privacy mode using password " _GREEN_("%s")
|
||||
, sprint_hex_inrow(payload.pwd, sizeof(payload.pwd))
|
||||
);
|
||||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY, (uint8_t*)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
switch (resp.status) {
|
||||
case PM3_ETIMEOUT: {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
break;
|
||||
}
|
||||
case PM3_EWRONGANSWER: {
|
||||
PrintAndLogEx(WARNING, "password was not accepted");
|
||||
break;
|
||||
}
|
||||
case PM3_SUCCESS: {
|
||||
PrintAndLogEx(SUCCESS, "privacy mode is now enabled ( " _GREEN_("ok") " ) ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return resp.status;
|
||||
}
|
||||
|
||||
static int CmdHF15SlixWritePassword(const char *Cmd) {
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 15 slixwritepwd",
|
||||
"Write a password on a SLIX family ISO-15693 tag",
|
||||
"hf 15 slixwritepwd -t READ -o 00000000 -n 12131415");
|
||||
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_str1("t", "type", "<read|write|privacy|destroy|easafi>", "which password field to write to (some tags do not support all password types)"),
|
||||
arg_str0("o", "old", "<hex>", "old password (if present), 8 hex bytes"),
|
||||
arg_str1("n", "new", "<hex>", "new password, 8 hex bytes"),
|
||||
arg_param_end
|
||||
};
|
||||
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, false);
|
||||
|
||||
struct {
|
||||
uint8_t old_pwd[4];
|
||||
uint8_t new_pwd[4];
|
||||
uint8_t pwd_id;
|
||||
} PACKED payload;
|
||||
int pwdlen = 0;
|
||||
|
||||
|
||||
|
||||
CLIGetHexWithReturn(ctx, 2, payload.old_pwd, &pwdlen);
|
||||
|
||||
if(pwdlen > 0 && pwdlen != 4)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "old password must be 4 hex bytes if provided");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
CLIGetHexWithReturn(ctx, 3, payload.new_pwd, &pwdlen);
|
||||
|
||||
if(pwdlen != 4)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "new password must be 4 hex bytes");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
int vlen = 0;
|
||||
char value[10];
|
||||
CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)value, sizeof(value), &vlen);
|
||||
|
||||
if (vlen > 0) {
|
||||
if (strcmp(value, "read") == 0)
|
||||
{
|
||||
PrintAndLogEx(SUCCESS, "Selected read pass");
|
||||
payload.pwd_id = 0x01;
|
||||
}
|
||||
else if (strcmp(value, "write") == 0)
|
||||
{
|
||||
PrintAndLogEx(SUCCESS, "Selected write pass");
|
||||
payload.pwd_id = 0x02;
|
||||
}
|
||||
else if (strcmp(value, "privacy") == 0)
|
||||
{
|
||||
PrintAndLogEx(SUCCESS, "Selected privacy pass");
|
||||
payload.pwd_id = 0x04;
|
||||
}
|
||||
else if (strcmp(value, "destroy") == 0)
|
||||
{
|
||||
PrintAndLogEx(SUCCESS, "Selected destroy pass");
|
||||
payload.pwd_id = 0x08;
|
||||
}
|
||||
else if (strcmp(value, "easafi") == 0)
|
||||
{
|
||||
PrintAndLogEx(SUCCESS, "Selected easafi pass");
|
||||
payload.pwd_id = 0x10;
|
||||
}
|
||||
else
|
||||
{
|
||||
PrintAndLogEx(ERR, "t argument must be 'read', 'write', 'privacy', 'destroy', or 'easafi'");
|
||||
return PM3_EINVARG;
|
||||
}
|
||||
}
|
||||
|
||||
CLIParserFree(ctx);
|
||||
|
||||
|
||||
PrintAndLogEx(INFO, "Trying to write " _YELLOW_("%s") " as " _YELLOW_("%s") " password"
|
||||
, sprint_hex_inrow(payload.new_pwd, sizeof(payload.new_pwd)), value);
|
||||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_WRITE_PWD, (uint8_t *)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_WRITE_PWD, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
switch (resp.status) {
|
||||
case PM3_ETIMEOUT: {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
break;
|
||||
}
|
||||
case PM3_EWRONGANSWER: {
|
||||
PrintAndLogEx(WARNING, "password was not accepted");
|
||||
break;
|
||||
}
|
||||
case PM3_SUCCESS: {
|
||||
PrintAndLogEx(SUCCESS, "password written ( " _GREEN_("ok") " ) ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return resp.status;
|
||||
}
|
||||
|
||||
static int CmdHF15AFIPassProtect(const char *Cmd) {
|
||||
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 15 passprotectafi",
|
||||
"Password protect AFI. Cannot be undone.",
|
||||
"hf 15 passprotectafi -p 00000000 -c");
|
||||
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_str1("p", "password", "<hex>", "EAS/AFI password, 8 hex bytes"),
|
||||
arg_lit0("c", "confirm", "confirm the execution of this irreversible command"),
|
||||
arg_param_end
|
||||
};
|
||||
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||
|
||||
struct {
|
||||
uint8_t pwd[4];
|
||||
} PACKED payload;
|
||||
int pwdlen = 0;
|
||||
|
||||
CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
|
||||
|
||||
bool confirmation = arg_get_lit(ctx, 2);
|
||||
|
||||
if(pwdlen != 4)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "password must be 4 hex bytes");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
if(confirmation == 0)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "This irreversible command must be confirmed with the -c flag");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
|
||||
PrintAndLogEx(INFO, "Trying to enable AFI password protection");
|
||||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI, (uint8_t*)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
switch (resp.status) {
|
||||
case PM3_ETIMEOUT: {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
break;
|
||||
}
|
||||
case PM3_EWRONGANSWER: {
|
||||
PrintAndLogEx(WARNING, "error enabling AFI password protection");
|
||||
break;
|
||||
}
|
||||
case PM3_SUCCESS: {
|
||||
PrintAndLogEx(SUCCESS, "AFI password protected ( " _GREEN_("ok") " ) ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return resp.status;
|
||||
|
||||
}
|
||||
|
||||
static int CmdHF15EASPassProtect(const char *Cmd) {
|
||||
|
||||
CLIParserContext *ctx;
|
||||
CLIParserInit(&ctx, "hf 15 passprotecteas",
|
||||
"Password protect EAS. Cannot be undone.",
|
||||
"hf 15 passprotecteas -p 00000000 -c");
|
||||
|
||||
void *argtable[] = {
|
||||
arg_param_begin,
|
||||
arg_str1("p", "password", "<hex>", "EAS/AFI password, 8 hex bytes"),
|
||||
arg_lit0("c", "confirm", "confirm the execution of this irreversible command"),
|
||||
arg_param_end
|
||||
};
|
||||
|
||||
CLIExecWithReturn(ctx, Cmd, argtable, true);
|
||||
|
||||
struct {
|
||||
uint8_t pwd[4];
|
||||
} PACKED payload;
|
||||
int pwdlen = 0;
|
||||
|
||||
CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
|
||||
|
||||
bool confirmation = arg_get_lit(ctx, 2);
|
||||
|
||||
if(pwdlen != 4)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "password must be 4 hex bytes");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
if(confirmation == 0)
|
||||
{
|
||||
PrintAndLogEx(WARNING, "This irreversible command must be confirmed with the -c flag");
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
PrintAndLogEx(INFO, "Trying to enable EAS password protection");
|
||||
|
||||
PacketResponseNG resp;
|
||||
clearCommandBuffer();
|
||||
SendCommandNG(CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS, (uint8_t*)&payload, sizeof(payload));
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "timeout while waiting for reply");
|
||||
DropField();
|
||||
return PM3_ESOFT;
|
||||
}
|
||||
|
||||
switch (resp.status) {
|
||||
case PM3_ETIMEOUT: {
|
||||
PrintAndLogEx(WARNING, "no tag found");
|
||||
break;
|
||||
}
|
||||
case PM3_EWRONGANSWER: {
|
||||
PrintAndLogEx(WARNING, "error enabling EAS password protection");
|
||||
break;
|
||||
}
|
||||
case PM3_SUCCESS: {
|
||||
PrintAndLogEx(SUCCESS, "EAS password protected ( " _GREEN_("ok") " ) ");
|
||||
break;
|
||||
}
|
||||
}
|
||||
return resp.status;
|
||||
}
|
||||
|
||||
static command_t CommandTable[] = {
|
||||
{"-----------", CmdHF15Help, AlwaysAvailable, "--------------------- " _CYAN_("General") " ---------------------"},
|
||||
{"help", CmdHF15Help, AlwaysAvailable, "This help"},
|
||||
{"list", CmdHF15List, AlwaysAvailable, "List ISO-15693 history"},
|
||||
{"demod", CmdHF15Demod, AlwaysAvailable, "Demodulate ISO-15693 from tag"},
|
||||
{"dump", CmdHF15Dump, IfPm3Iso15693, "Read all memory pages of an ISO-15693 tag, save to file"},
|
||||
{"info", CmdHF15Info, IfPm3Iso15693, "Tag information"},
|
||||
{"sniff", CmdHF15Sniff, IfPm3Iso15693, "Sniff ISO-15693 traffic"},
|
||||
{"raw", CmdHF15Raw, IfPm3Iso15693, "Send raw hex data to tag"},
|
||||
{"rdbl", CmdHF15Readblock, IfPm3Iso15693, "Read a block"},
|
||||
{"rdmulti", CmdHF15Readmulti, IfPm3Iso15693, "Reads multiple blocks"},
|
||||
{"reader", CmdHF15Reader, IfPm3Iso15693, "Act like an ISO-15693 reader"},
|
||||
{"restore", CmdHF15Restore, IfPm3Iso15693, "Restore from file to all memory pages of an ISO-15693 tag"},
|
||||
{"samples", CmdHF15Samples, IfPm3Iso15693, "Acquire samples as reader (enables carrier, sends inquiry)"},
|
||||
{"eload", CmdHF15ELoad, IfPm3Iso15693, "Load image file into emulator to be used by 'sim' command"},
|
||||
{"esave", CmdHF15ESave, IfPm3Iso15693, "Save emulator memory into image file"},
|
||||
{"eview", CmdHF15EView, IfPm3Iso15693, "View emulator memory"},
|
||||
{"sim", CmdHF15Sim, IfPm3Iso15693, "Fake an ISO-15693 tag"},
|
||||
{"slixdisable", CmdHF15SlixDisable, IfPm3Iso15693, "Disable privacy mode on SLIX ISO-15693 tag"},
|
||||
{"wrbl", CmdHF15Write, IfPm3Iso15693, "Write a block"},
|
||||
{"-----------", CmdHF15Help, IfPm3Iso15693, "----------------------- " _CYAN_("afi") " -----------------------"},
|
||||
{"findafi", CmdHF15FindAfi, IfPm3Iso15693, "Brute force AFI of an ISO-15693 tag"},
|
||||
{"writeafi", CmdHF15WriteAfi, IfPm3Iso15693, "Writes the AFI on an ISO-15693 tag"},
|
||||
{"writedsfid", CmdHF15WriteDsfid, IfPm3Iso15693, "Writes the DSFID on an ISO-15693 tag"},
|
||||
{"-----------", CmdHF15Help, IfPm3Iso15693, "----------------------- " _CYAN_("magic") " -----------------------"},
|
||||
{"csetuid", CmdHF15CSetUID, IfPm3Iso15693, "Set UID for magic card"},
|
||||
{"-----------", CmdHF15Help, AlwaysAvailable, "--------------------- " _CYAN_("General") " ---------------------"},
|
||||
{"help", CmdHF15Help, AlwaysAvailable, "This help"},
|
||||
{"list", CmdHF15List, AlwaysAvailable, "List ISO-15693 history"},
|
||||
{"demod", CmdHF15Demod, AlwaysAvailable, "Demodulate ISO-15693 from tag"},
|
||||
{"dump", CmdHF15Dump, IfPm3Iso15693, "Read all memory pages of an ISO-15693 tag, save to file"},
|
||||
{"info", CmdHF15Info, IfPm3Iso15693, "Tag information"},
|
||||
{"sniff", CmdHF15Sniff, IfPm3Iso15693, "Sniff ISO-15693 traffic"},
|
||||
{"raw", CmdHF15Raw, IfPm3Iso15693, "Send raw hex data to tag"},
|
||||
{"rdbl", CmdHF15Readblock, IfPm3Iso15693, "Read a block"},
|
||||
{"rdmulti", CmdHF15Readmulti, IfPm3Iso15693, "Reads multiple blocks"},
|
||||
{"reader", CmdHF15Reader, IfPm3Iso15693, "Act like an ISO-15693 reader"},
|
||||
{"restore", CmdHF15Restore, IfPm3Iso15693, "Restore from file to all memory pages of an ISO-15693 tag"},
|
||||
{"samples", CmdHF15Samples, IfPm3Iso15693, "Acquire samples as reader (enables carrier, sends inquiry)"},
|
||||
{"eload", CmdHF15ELoad, IfPm3Iso15693, "Load image file into emulator to be used by 'sim' command"},
|
||||
{"esave", CmdHF15ESave, IfPm3Iso15693, "Save emulator memory into image file"},
|
||||
{"eview", CmdHF15EView, IfPm3Iso15693, "View emulator memory"},
|
||||
{"sim", CmdHF15Sim, IfPm3Iso15693, "Fake an ISO-15693 tag"},
|
||||
{"slixwritepwd", CmdHF15SlixWritePassword, IfPm3Iso15693, "Writes a password on a SLIX ISO-15693 tag"},
|
||||
{"slixeasdisable", CmdHF15SlixEASDisable, IfPm3Iso15693, "Disable EAS mode on SLIX ISO-15693 tag"},
|
||||
{"slixeasenable", CmdHF15SlixEASEnable, IfPm3Iso15693, "Enable EAS mode on SLIX ISO-15693 tag"},
|
||||
{"slixprivacydisable", CmdHF15SlixDisable, IfPm3Iso15693, "Disable privacy mode on SLIX ISO-15693 tag"},
|
||||
{"slixprivacyenable", CmdHF15SlixEnable, IfPm3Iso15693, "Enable privacy mode on SLIX ISO-15693 tag"},
|
||||
{"passprotectafi", CmdHF15AFIPassProtect, IfPm3Iso15693, "Password protect AFI - Cannot be undone"},
|
||||
{"passprotecteas", CmdHF15EASPassProtect, IfPm3Iso15693, "Password protect EAS - Cannot be undone"},
|
||||
{"wrbl", CmdHF15Write, IfPm3Iso15693, "Write a block"},
|
||||
{"-----------", CmdHF15Help, IfPm3Iso15693, "----------------------- " _CYAN_("afi") " -----------------------"},
|
||||
{"findafi", CmdHF15FindAfi, IfPm3Iso15693, "Brute force AFI of an ISO-15693 tag"},
|
||||
{"writeafi", CmdHF15WriteAfi, IfPm3Iso15693, "Writes the AFI on an ISO-15693 tag"},
|
||||
{"writedsfid", CmdHF15WriteDsfid, IfPm3Iso15693, "Writes the DSFID on an ISO-15693 tag"},
|
||||
{"-----------", CmdHF15Help, IfPm3Iso15693, "----------------------- " _CYAN_("magic") " -----------------------"},
|
||||
{"csetuid", CmdHF15CSetUID, IfPm3Iso15693, "Set UID for magic card"},
|
||||
{NULL, NULL, NULL, NULL}
|
||||
};
|
||||
|
||||
|
|
|
@ -318,7 +318,7 @@ int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool i
|
|||
snprintf(exp, size, "AUTH-B(%d)", cmd[1]);
|
||||
break;
|
||||
}
|
||||
case MIFARE_MAGIC_GDM_AUTH_KEYA:{
|
||||
case MIFARE_MAGIC_GDM_AUTH_KEYA: {
|
||||
if (cmdsize > 3) {
|
||||
snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]);
|
||||
MifareAuthState = masNt;
|
||||
|
|
|
@ -1472,6 +1472,7 @@ uint32_t GetHF14AMfU_Type(void) {
|
|||
else if (memcmp(version, "\x00\x34\x21\x01\x01\x00\x0E", 7) == 0) { tagtype = UL_EV1_128; break; } // Mikron JSC Russia EV1 41 pages tag
|
||||
else if (memcmp(version, "\x00\x04\x04\x01\x01\x00\x0B", 7) == 0) { tagtype = NTAG_210; break; }
|
||||
else if (memcmp(version, "\x00\x04\x04\x01\x02\x00\x0B", 7) == 0) { tagtype = NTAG_210u; break; }
|
||||
else if (memcmp(version, "\x00\x04\x04\x02\x02\x00\x0B", 7) == 0) { tagtype = NTAG_210u; break; }
|
||||
else if (memcmp(version, "\x00\x04\x04\x01\x01\x00\x0E", 7) == 0) { tagtype = NTAG_212; break; }
|
||||
else if (memcmp(version, "\x00\x04\x04\x02\x01\x00\x0F", 7) == 0) { tagtype = NTAG_213; break; }
|
||||
else if (memcmp(version, "\x00\x53\x04\x02\x01\x00\x0F", 7) == 0) { tagtype = NTAG_213; break; } //Shanghai Feiju Microelectronics Co. Ltd. China (Xiaomi Air Purifier filter)
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
#include "commonutil.h" // get_sw
|
||||
#include "protocols.h" // ISO7816 APDU return co-des
|
||||
#include "ui.h"
|
||||
#include "cmdhf14a.h" // apdu chaining
|
||||
#include "cmdhf14a.h" // apdu chaining
|
||||
|
||||
#define TIMEOUT 2000
|
||||
|
||||
|
@ -160,10 +160,10 @@ static int info_hf_tesla(void) {
|
|||
sw = get_sw(response, resplen);
|
||||
|
||||
if (sw == ISO7816_OK) {
|
||||
// save CETT for later
|
||||
// save CETT for later
|
||||
uint8_t cert[515] = {0};
|
||||
memcpy(cert, response, resplen - 2);
|
||||
|
||||
|
||||
PrintAndLogEx(INFO, "CERT # %i", i);
|
||||
PrintAndLogEx(INFO, "%s", sprint_hex_inrow(cert, resplen - 2));
|
||||
}
|
||||
|
@ -198,12 +198,12 @@ static int info_hf_tesla(void) {
|
|||
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(INFO, "PUBLIC KEY");
|
||||
for (int i=0; i < 3; i++) {
|
||||
for (int i = 0; i < 3; i++) {
|
||||
PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65));
|
||||
}
|
||||
if (form_factor[1] == 1) {
|
||||
PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
|
||||
} else if (form_factor[1] == 2){
|
||||
} else if (form_factor[1] == 2) {
|
||||
PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
|
||||
}
|
||||
|
||||
|
@ -217,7 +217,7 @@ static int info_hf_tesla(void) {
|
|||
if ((memcmp(pk[0], pk[1], 65) == 0)) {
|
||||
PrintAndLogEx(INFO, " GaussKey detected");
|
||||
}
|
||||
//
|
||||
//
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -1298,6 +1298,10 @@ void pm3_version(bool verbose, bool oneliner) {
|
|||
PrintAndLogEx(NORMAL, " FPC USART for BT add-on... %s", IfPm3FpcUsartHost() ? _GREEN_("present") : _YELLOW_("absent"));
|
||||
} else {
|
||||
PrintAndLogEx(NORMAL, " firmware.................. %s", _YELLOW_("PM3 GENERIC"));
|
||||
if (IfPm3Flash()) {
|
||||
PrintAndLogEx(NORMAL, " external flash............ %s", _GREEN_("present"));
|
||||
}
|
||||
|
||||
if (IfPm3FpcUsartHost()) {
|
||||
PrintAndLogEx(NORMAL, " FPC USART for BT add-on... %s", _GREEN_("present"));
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ bool IfPm3Present(void) {
|
|||
bool IfPm3Rdv4Fw(void) {
|
||||
if (!IfPm3Present())
|
||||
return false;
|
||||
return (g_pm3_capabilities.compiled_with_flash) || (g_pm3_capabilities.compiled_with_smartcard);
|
||||
return (g_pm3_capabilities.is_rdv4);
|
||||
}
|
||||
|
||||
bool IfPm3Flash(void) {
|
||||
|
|
|
@ -433,7 +433,7 @@ static int CmdScriptRun(const char *Cmd) {
|
|||
#else
|
||||
// The following line will implicitly pre-initialize Python
|
||||
PyConfig_SetBytesArgv(&py_conf, argc + 1, argv);
|
||||
|
||||
|
||||
// We disallowed in py_conf environment variables interfering with python interpreter's behavior.
|
||||
// Let's manually enable the ones we truly need.
|
||||
// This is required by Proxspace to work with an isolated Python configuration
|
||||
|
|
|
@ -177,7 +177,13 @@ const static vocabulory_t vocabulory[] = {
|
|||
{ 0, "hf 15 esave" },
|
||||
{ 0, "hf 15 eview" },
|
||||
{ 0, "hf 15 sim" },
|
||||
{ 0, "hf 15 slixdisable" },
|
||||
{ 0, "hf 15 slixwritepwd" },
|
||||
{ 0, "hf 15 slixeasdisable" },
|
||||
{ 0, "hf 15 slixeasenable" },
|
||||
{ 0, "hf 15 slixprivacydisable" },
|
||||
{ 0, "hf 15 slixprivacyenable" },
|
||||
{ 0, "hf 15 passprotectafi" },
|
||||
{ 0, "hf 15 passprotecteas" },
|
||||
{ 0, "hf 15 wrbl" },
|
||||
{ 0, "hf 15 findafi" },
|
||||
{ 0, "hf 15 writeafi" },
|
||||
|
@ -438,6 +444,12 @@ const static vocabulory_t vocabulory[] = {
|
|||
{ 0, "hf st25ta protect" },
|
||||
{ 0, "hf st25ta pwd" },
|
||||
{ 0, "hf st25ta sim" },
|
||||
{ 1, "hf tesla help" },
|
||||
{ 0, "hf tesla info" },
|
||||
{ 1, "hf tesla list" },
|
||||
{ 1, "hf texkom help" },
|
||||
{ 0, "hf texkom reader" },
|
||||
{ 0, "hf texkom sim" },
|
||||
{ 1, "hf thinfilm help" },
|
||||
{ 0, "hf thinfilm info" },
|
||||
{ 1, "hf thinfilm list" },
|
||||
|
@ -453,9 +465,6 @@ const static vocabulory_t vocabulory[] = {
|
|||
{ 0, "hf topaz rdbl" },
|
||||
{ 1, "hf topaz view" },
|
||||
{ 0, "hf topaz wrbl" },
|
||||
{ 1, "hf texkom help" },
|
||||
{ 0, "hf texkom reader" },
|
||||
{ 0, "hf texkom sim" },
|
||||
{ 1, "hf xerox help" },
|
||||
{ 0, "hf xerox info" },
|
||||
{ 0, "hf xerox reader" },
|
||||
|
|
|
@ -266,7 +266,7 @@ void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) {
|
|||
uint8_t mod = len % breaks;
|
||||
|
||||
if (mod) {
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3];
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
|
||||
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true);
|
||||
|
||||
// add the spaces...
|
||||
|
@ -291,7 +291,7 @@ void print_hex_noascii_break(const uint8_t *data, const size_t len, uint8_t brea
|
|||
uint8_t mod = len % breaks;
|
||||
|
||||
if (mod) {
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3];
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
|
||||
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 0, true);
|
||||
|
||||
// add the spaces...
|
||||
|
@ -307,7 +307,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui
|
|||
if ((data == NULL) || (len < 1))
|
||||
return;
|
||||
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3];
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
|
||||
int i;
|
||||
for (i = 0; i < len; i += breaks) {
|
||||
|
||||
|
@ -614,7 +614,7 @@ void bytes_to_bytebits(const void *src, const size_t srclen, void *dest) {
|
|||
// hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii
|
||||
// up to 64 bytes or 512 bits
|
||||
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize) {
|
||||
static uint8_t buf[64];
|
||||
static uint8_t buf[64] = {0};
|
||||
memset(buf, 0x00, 64);
|
||||
uint8_t *tmp = buf;
|
||||
for (uint8_t block = 0; block < (uint8_t)(len / blockSize); block++) {
|
||||
|
|
|
@ -95,6 +95,7 @@ ifeq ($(PLATFORM),PM3RDV4)
|
|||
PLATFORM_DEFS = -DWITH_SMARTCARD -DWITH_FLASH -DRDV4
|
||||
PLTNAME = Proxmark3 RDV4
|
||||
PLATFORM_FPGA = xc2s30
|
||||
RDV4 = yes
|
||||
else ifeq ($(PLATFORM),PM3OTHER)
|
||||
$(warning PLATFORM=PM3OTHER is deprecated, please use PLATFORM=PM3GENERIC)
|
||||
PLTNAME = Proxmark3 generic target
|
||||
|
|
|
@ -393,8 +393,8 @@ required, please do not proceed.
|
|||
|
||||
| Hex Data | Binary Data |
|
||||
|:--------:|:---------------------------------------|
|
||||
| 00088040 | 000000000000100010000000111***0***0000 |
|
||||
| 00088050 | 000000000000100010000000111***1***0000 |
|
||||
| 000880E0 | 000000000000100010000000111***0***0000 |
|
||||
| 000880F0 | 000000000000100010000000111***1***0000 |
|
||||
|
||||
See how in the above we changed the bit in location 28 from a 0 to 1
|
||||
0 = No Password, 1 = Use Password
|
||||
|
@ -533,7 +533,7 @@ required, please do not proceed.
|
|||
[=] Downlink mode..... default/fixed bit length
|
||||
[=] Password set...... No
|
||||
```
|
||||
Yes we can! We can see Block 0 is the correct config 00088040
|
||||
Yes we can! We can see Block 0 is the correct config 000880E0
|
||||
|
||||
# Part 2 – Configuration Blocks
|
||||
^[Top](#top)
|
||||
|
|
|
@ -1101,14 +1101,16 @@
|
|||
"command": "hf 14a chaining",
|
||||
"description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.",
|
||||
"notes": [
|
||||
"hf 14a chaining disable -> disable chaining",
|
||||
"hf 14a chaining --off -> disable chaining",
|
||||
"hf 14a chaining -> show chaining enable/disable state"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help This help"
|
||||
"-h, --help This help",
|
||||
"-1, --on enabled chaining",
|
||||
"-0, --off disable chaining"
|
||||
],
|
||||
"usage": "hf 14a chaining [-h] [<enable/disable or 0/1>]"
|
||||
"usage": "hf 14a chaining [-h10]"
|
||||
},
|
||||
"hf 14a config": {
|
||||
"command": "hf 14a config",
|
||||
|
@ -2881,7 +2883,7 @@
|
|||
},
|
||||
"hf help": {
|
||||
"command": "hf help",
|
||||
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } texkom { Texkom RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
|
||||
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } tesla { TESLA Cards... } texkom { Texkom RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
|
||||
"notes": [],
|
||||
"offline": true,
|
||||
"options": [],
|
||||
|
@ -6684,6 +6686,47 @@
|
|||
],
|
||||
"usage": "hf st25ta sim [-h] -u <hex>"
|
||||
},
|
||||
"hf tesla help": {
|
||||
"command": "hf tesla help",
|
||||
"description": "help This help list List ISO 14443A/7816 history",
|
||||
"notes": [],
|
||||
"offline": true,
|
||||
"options": [],
|
||||
"usage": ""
|
||||
},
|
||||
"hf tesla info": {
|
||||
"command": "hf tesla info",
|
||||
"description": "Get info about TESLA Key tag",
|
||||
"notes": [
|
||||
"hf tesla info"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help This help"
|
||||
],
|
||||
"usage": "hf telsa info [-h]"
|
||||
},
|
||||
"hf tesla list": {
|
||||
"command": "hf tesla list",
|
||||
"description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol",
|
||||
"notes": [
|
||||
"hf tesla list --frame -> show frame delay times",
|
||||
"hf tesla list -1 -> use trace buffer"
|
||||
],
|
||||
"offline": true,
|
||||
"options": [
|
||||
"-h, --help This help",
|
||||
"-1, --buffer use data from trace buffer",
|
||||
"--frame show frame delay times",
|
||||
"-c mark CRC bytes",
|
||||
"-r show relative times (gap and duration)",
|
||||
"-u display times in microseconds instead of clock cycles",
|
||||
"-x show hexdump to convert to pcap(ng)",
|
||||
"or to import into Wireshark using encapsulation type \"ISO 14443\"",
|
||||
"-f, --file <fn> filename of dictionary"
|
||||
],
|
||||
"usage": "hf tesla list [-h1crux] [--frame] [-f <fn>]"
|
||||
},
|
||||
"hf texkom help": {
|
||||
"command": "hf texkom help",
|
||||
"description": "help This help",
|
||||
|
@ -11760,8 +11803,8 @@
|
|||
}
|
||||
},
|
||||
"metadata": {
|
||||
"commands_extracted": 739,
|
||||
"commands_extracted": 742,
|
||||
"extracted_by": "PM3Help2JSON v1.00",
|
||||
"extracted_on": "2023-01-15T01:24:39"
|
||||
"extracted_on": "2023-01-27T01:57:37"
|
||||
}
|
||||
}
|
|
@ -651,6 +651,28 @@ Check column "offline" for their availability.
|
|||
|`hf st25ta sim `|N |`Fake ISO 14443A/ST tag`
|
||||
|
||||
|
||||
### hf tesla
|
||||
|
||||
{ TESLA Cards... }
|
||||
|
||||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf tesla help `|Y |`This help`
|
||||
|`hf tesla info `|N |`Tag information`
|
||||
|`hf tesla list `|Y |`List ISO 14443A/7816 history`
|
||||
|
||||
|
||||
### hf texkom
|
||||
|
||||
{ Texkom RFIDs... }
|
||||
|
||||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf texkom help `|Y |`This help`
|
||||
|`hf texkom reader `|N |`Act like a Texkom reader`
|
||||
|`hf texkom sim `|N |`Simulate a Texkom tag`
|
||||
|
||||
|
||||
### hf thinfilm
|
||||
|
||||
{ Thinfilm RFIDs... }
|
||||
|
@ -682,17 +704,6 @@ Check column "offline" for their availability.
|
|||
|`hf topaz wrbl `|N |`Write block`
|
||||
|
||||
|
||||
### hf texkom
|
||||
|
||||
{ Texkom RFIDs... }
|
||||
|
||||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf texkom help `|Y |`This help`
|
||||
|`hf texkom reader `|N |`Act like a Texkom reader`
|
||||
|`hf texkom sim `|N |`Simulate a Texkom tag`
|
||||
|
||||
|
||||
### hf xerox
|
||||
|
||||
{ Fuji/Xerox cartridge RFIDs... }
|
||||
|
|
|
@ -1086,10 +1086,12 @@ CF <passwd> 35 <2b ATQA><1b SAK> // Configure ATQA/SAK (swap ATQ
|
|||
CF <passwd> 68 <00-02> // Configure UID length
|
||||
CF <passwd> 69 <00-01> // (De)Activate Ultralight mode
|
||||
CF <passwd> 6A <00-03> // Select Ultralight mode
|
||||
CF <passwd> 6B <1b> // Set Ultralight and M1 maximum read/write sectors
|
||||
CF <passwd> C6 // Dump configuration
|
||||
CF <passwd> CC // Factory test, returns 6666
|
||||
CF <passwd> CD <1b block number><16b block data> // Backdoor write 16b block
|
||||
CF <passwd> CE <1b block number> // Backdoor read 16b block
|
||||
CF <passwd> CF <1b param> // Unknown
|
||||
CF <passwd> F0 <30b configuration data> // Configure all params in one cmd
|
||||
CF <passwd> F1 <30b configuration data> // Configure all params in one cmd and fuse the configuration permanently
|
||||
CF <passwd> FE <4b new_password> // change password
|
||||
|
@ -1304,6 +1306,19 @@ script run hf_mf_ultimatecard -m 02
|
|||
```
|
||||
|
||||
Now the card supports the 3DES UL-C authentication.
|
||||
### Set Ultralight and M1 maximum read/write sectors
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
```
|
||||
hf 14a raw -s -c -t 1000 CF<passwd>6B<1b blocks>
|
||||
```
|
||||
Hexadecimal, maximum sector data, default 0xFF, range 0x00-0xFF
|
||||
|
||||
Example: set maximum 63 blocks read/write for Mifare Classic 1K
|
||||
|
||||
```
|
||||
hf 14a raw -s -c -t 1000 CF000000006B3F
|
||||
```
|
||||
### Set shadow mode (GTU)
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
|
@ -1365,6 +1380,20 @@ Example: write block0 with factory data, default pwd
|
|||
hf 14a raw -s -c -t 1000 CF00000000CD00112233441C000011778185BA18000000
|
||||
```
|
||||
|
||||
### Unknown command
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
This command modifies one byte in configuration dump, but purpose one is unknown.
|
||||
|
||||
```
|
||||
hf 14a raw -s -c -t 1000 CF<passwd>CF<1b param>
|
||||
```
|
||||
* `<param>`
|
||||
* `??`: ???
|
||||
|
||||
Example:
|
||||
hf 14a raw -s -c -t 1000 CF00000000CF02
|
||||
|
||||
### Change backdoor password
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
|
@ -1391,8 +1420,10 @@ hf 14a raw -s -c -t 1000 CF<passwd>C6
|
|||
```
|
||||
Default configuration:
|
||||
```
|
||||
00000000000002000978009102DABC191010111213141516040008004F6B
|
||||
^^^^ ??
|
||||
00000000000002000978009102DABC191010111213141516040008006B024F6B
|
||||
^^^^ ??
|
||||
^^ cf cmd cf: ?? this byte set by cmd cf<pwd>cf<param>, factory value 0x02
|
||||
^^ cf cmd 6b: maximum read/write sectors, factory value 0x6b
|
||||
^^ cf cmd 6a: UL mode
|
||||
^^^^^^ cf cmd 35: ATQA/SAK
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cf cmd 34: ATS length & content
|
||||
|
|
|
@ -111,6 +111,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
|
|||
| LF_NEDAP_SIM | LF Nedap ID simulator
|
||||
| LF_NEXID | Nexwatch credentials detection mode - jrjgjk & Zolorah
|
||||
| LF_PROXBRUTE | HID ProxII bruteforce - Brad Antoniewicz
|
||||
| LF_PROX2BRUTE | HID ProxII bruteforce v2 - Yann Gascuel
|
||||
| LF_SAMYRUN (def)| HID26 read/clone/sim - Samy Kamkar
|
||||
| LF_SKELETON | standalone mode skeleton - Iceman1001
|
||||
| LF_THAREXDE | LF EM4x50 simulator/read standalone mode - tharexde
|
||||
|
@ -119,8 +120,8 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
|
|||
| HF_15SNIFF | 15693 sniff storing to flashmem - Glaser
|
||||
| HF_AVEFUL | MIFARE Ultralight read/simulation - Ave Ozkal
|
||||
| HF_BOG | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito
|
||||
| HF_CRAFTBYTE | UID stealer - Emulates scanned 14a UID - Anze Jensterle
|
||||
| HF_COLIN | Mifare ultra fast sniff/sim/clone - Colin Brigato
|
||||
| HF_CRAFTBYTE | UID stealer - Emulates scanned 14a UID - Anze Jensterle
|
||||
| HF_ICECLASS | iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem - Iceman1001
|
||||
| HF_LEGIC | HF Legic Prime Read/Store/Sim standalone - uhei
|
||||
| HF_LEGICSIM | HF Legic Prime Simulate standalone - uhei
|
||||
|
|
|
@ -21,18 +21,45 @@
|
|||
|
||||
#define AEND "\x1b[0m"
|
||||
|
||||
#define _BLUE_(s) "\x1b[34m" s AEND
|
||||
#define _RED_(s) "\x1b[31m" s AEND
|
||||
#define _GREEN_(s) "\x1b[32m" s AEND
|
||||
#define _YELLOW_(s) "\x1b[33m" s AEND
|
||||
#define _MAGENTA_(s) "\x1b[35m" s AEND
|
||||
#define _CYAN_(s) "\x1b[36m" s AEND
|
||||
#define _WHITE_(s) "\x1b[37m" s AEND
|
||||
#define _BLACK_(s) "\x1b[30m" s AEND
|
||||
#define _RED_(s) "\x1b[31m" s AEND
|
||||
#define _GREEN_(s) "\x1b[32m" s AEND
|
||||
#define _YELLOW_(s) "\x1b[33m" s AEND
|
||||
#define _BLUE_(s) "\x1b[34m" s AEND
|
||||
#define _MAGENTA_(s) "\x1b[35m" s AEND
|
||||
#define _CYAN_(s) "\x1b[36m" s AEND
|
||||
#define _WHITE_(s) "\x1b[37m" s AEND
|
||||
|
||||
#define _BRIGHT_BLACK_(s) "\x1b[30;1m" s AEND
|
||||
#define _BRIGHT_RED_(s) "\x1b[31;1m" s AEND
|
||||
#define _BRIGHT_GREEN_(s) "\x1b[32;1m" s AEND
|
||||
#define _BRIGHT_YELLOW_(s) "\x1b[33;1m" s AEND
|
||||
#define _BRIGHT_BLUE_(s) "\x1b[34;1m" s AEND
|
||||
#define _BRIGHT_MAGENTA_(s) "\x1b[35;1m" s AEND
|
||||
#define _BRIGHT_CYAN_(s) "\x1b[36;1m" s AEND
|
||||
#define _BRIGHT_WHITE_(s) "\x1b[37;1m" s AEND
|
||||
|
||||
#define _BACK_BLACK_(s) "\x1b[40m" s AEND
|
||||
#define _BACK_RED_(s) "\x1b[41m" s AEND
|
||||
#define _BACK_GREEN_(s) "\x1b[42m" s AEND
|
||||
#define _BACK_YELLOW_(s) "\x1b[43m" s AEND
|
||||
#define _BACK_BLUE_(s) "\x1b[44m" s AEND
|
||||
#define _BACK_MAGENTA_(s) "\x1b[45m" s AEND
|
||||
#define _BACK_CYAN_(s) "\x1b[46m" s AEND
|
||||
#define _BACK_WHITE_(s) "\x1b[47m" s AEND
|
||||
|
||||
#define _BACK_BRIGHT_BLACK_(s) "\x1b[40;1m" s AEND
|
||||
#define _BACK_BRIGHT_RED_(s) "\x1b[41;1m" s AEND
|
||||
#define _BACK_BRIGHT_GREEN_(s) "\x1b[42;1m" s AEND
|
||||
#define _BACK_BRIGHT_YELLOW_(s) "\x1b[43;1m" s AEND
|
||||
#define _BACK_BRIGHT_BLUE_(s) "\x1b[44;1m" s AEND
|
||||
#define _BACK_BRIGHT_MAGENTA_(s) "\x1b[45;1m" s AEND
|
||||
#define _BACK_BRIGHT_CYAN_(s) "\x1b[46;1m" s AEND
|
||||
#define _BACK_BRIGHT_WHITE_(s) "\x1b[47;1m" s AEND
|
||||
|
||||
#define _CLEAR_ "\x1b[2J"
|
||||
#define _TOP_ "\x1b[1;1f"
|
||||
|
||||
|
||||
#if defined(HAVE_READLINE)
|
||||
// https://wiki.hackzine.org/development/misc/readline-color-prompt.html
|
||||
// Applications may indicate that the prompt contains
|
||||
|
|
|
@ -205,6 +205,7 @@ typedef struct {
|
|||
// rdv4
|
||||
bool hw_available_flash : 1;
|
||||
bool hw_available_smartcard : 1;
|
||||
bool is_rdv4 : 1;
|
||||
} PACKED capabilities_t;
|
||||
#define CAPABILITIES_VERSION 6
|
||||
extern capabilities_t g_pm3_capabilities;
|
||||
|
@ -519,8 +520,14 @@ typedef struct {
|
|||
#define CMD_HF_ISO15693_COMMAND 0x0313
|
||||
#define CMD_HF_ISO15693_FINDAFI 0x0315
|
||||
#define CMD_HF_ISO15693_CSETUID 0x0316
|
||||
#define CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY 0x0317
|
||||
#define CMD_HF_ISO15693_SLIX_L_DISABLE_AESAFI 0x0318
|
||||
#define CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY 0x0867
|
||||
#define CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY 0x0317
|
||||
#define CMD_HF_ISO15693_SLIX_DISABLE_EAS 0x0318
|
||||
#define CMD_HF_ISO15693_SLIX_ENABLE_EAS 0x0862
|
||||
#define CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI 0x0863
|
||||
#define CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS 0x0864
|
||||
#define CMD_HF_ISO15693_SLIX_WRITE_PWD 0x0865
|
||||
#define CMD_HF_ISO15693_WRITE_AFI 0x0866
|
||||
#define CMD_HF_TEXKOM_SIMULATE 0x0320
|
||||
#define CMD_HF_ISO15693_EML_CLEAR 0x0330
|
||||
#define CMD_HF_ISO15693_EML_SETMEM 0x0331
|
||||
|
|
|
@ -30,8 +30,10 @@ mkdir -p "$DEST"
|
|||
mv bootrom/obj/bootrom.elf "$DEST/PM3BOOTROM.elf"
|
||||
|
||||
# cf armsrc/Standalone/Makefile.hal
|
||||
STANDALONE_MODES=(LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID LF_NEDAP_SIM)
|
||||
STANDALONE_MODES+=(HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI)
|
||||
STANDALONE_MODES=(LF_SKELETON)
|
||||
STANDALONE_MODES+=(LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_NEDAP_SIM LF_NEXID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE)
|
||||
STANDALONE_MODES+=(HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_TCPRST HF_TMUDFORD HF_YOUNG)
|
||||
STANDALONE_MODES+=(DANKARMULTI)
|
||||
STANDALONE_MODES_REQ_BT=(HF_REBLAY)
|
||||
STANDALONE_MODES_REQ_SMARTCARD=()
|
||||
STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM)
|
||||
|
|
Loading…
Reference in a new issue