RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-20 15:26:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into hf_mf_sim

Browse source
This commit is contained in:
vratiskol 2019-04-06 00:33:10 +02:00
parent e24a0cfe17 682f23440d
commit 2278d3372e
27 changed files with 281 additions and 175 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Makefile
View file

@ -56,7 +56,7 @@ recovery/%: FORCE
$(MAKE) -C recovery $(patsubst recovery/%,%,$@)
FORCE: # Dummy target to force remake in the subdirectories, even if files exist (this Makefile doesn't know about the prerequisites)
.PHONY: all clean help _test bootrom flash-bootrom os flash-os flash-all recovery client mfkey nounce2key style FORCE
.PHONY: all clean help _test bootrom flash-bootrom os flash-os flash-all recovery client mfkey nounce2key style checks FORCE
help:
@echo "Multi-OS Makefile"
@ -76,6 +76,9 @@ help:
@echo "+ mfkey - Make tools/mfkey"
@echo "+ nounce2key - Make tools/nounce2key"
@echo
@echo "+ style - Apply some automated source code formatting rules"
@echo "+ checks - Detect various encoding issues in source code"
@echo
@echo "Possible platforms: try \"make PLATFORM=\" for more info, default is PM3RDV4"
client: client/all
@ -138,5 +141,10 @@ style:
--style=google --pad-oper --unpad-paren --pad-header \
--align-pointer=name {} \;
# Detecting weird codepages.
checks:
find . \( -name "*.[ch]" -or -name "*.cpp" -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "Makefile" \) \
-exec sh -c "cat {} |recode utf8.. >/dev/null || echo {}" \;
# Dummy target to test for GNU make availability
_test:

2
armsrc/Standalone/hf_young.c
View file

@ -158,7 +158,7 @@ void RunMod() {
Bytes 5-7 are reserved SAK and ATQA for mifare classic
-Use mfCSetBlock(0, block0, oldUID, wantWipe, MAGIC_SINGLE) to write it
*/
uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
uint8_t oldBlock0[16] = {0}, newBlock0[16], testBlock0[16] = {0};
// arg0 = Flags, arg1=blockNo
MifareCGetBlock(params, 0, oldBlock0);
if (oldBlock0[0] == 0 && oldBlock0[0] == oldBlock0[1] && oldBlock0[1] == oldBlock0[2] && oldBlock0[2] == oldBlock0[3]) {

2
client/cmdhfmfu.c
View file

@ -1134,8 +1134,6 @@ int CmdHF14AMfUInfo(const char *Cmd) {
// hasAuthKey, if we was called with key, skip test.
if (!authlim && !hasAuthKey) {
PrintAndLogEx(NORMAL, "\n--- Known EV1/NTAG passwords.");
len = 0;
// test pwd gen A
num_to_bytes(ul_ev1_pwdgenA(card.uid), 4, key);
len = ulev1_requestAuthentication(key, pack, sizeof(pack));

5
client/cmdlfem4x.c
View file

@ -1225,9 +1225,8 @@ int CmdEM4x05Write(const char *Cmd) {
if (strlen(Cmd) == 0 || ctmp == 'h') return usage_lf_em4x05_write();
bool usePwd = false;
uint8_t addr = 50; // default to invalid address
uint32_t data = 0; // default to blank data
uint32_t pwd = 1; // default to blank password
uint8_t addr;
uint32_t data, pwd;
addr = param_get8ex(Cmd, 0, 50, 10);
data = param_get32ex(Cmd, 1, 0, 16);

4
client/cmdlfhid.c
View file

@ -459,8 +459,8 @@ int CmdHIDWiegand(const char *Cmd) {
uint8_t *bs = bits;
memset(bs, 0, sizeof(bits));
uint8_t ctmp = param_getchar(Cmd, 0);
if (strlen(Cmd) == 0 || strlen(Cmd) < 3 || ctmp == 'H' || ctmp == 'h') return usage_lf_hid_wiegand();
uint8_t ctmp = tolower(param_getchar(Cmd, 0));
if (strlen(Cmd) < 3 || ctmp == 'h') return usage_lf_hid_wiegand();
oem = param_get8(Cmd, 0);
fc = param_get32ex(Cmd, 1, 0, 10);

2
client/cmdsmartcard.c
View file

@ -1107,7 +1107,7 @@ int CmdSmartBruteforceSFI(const char *Cmd) {
//Validations
if (errors) return usage_sm_brute();
const char *SELECT = "00a40400%02x%s";
const char *SELECT = "00a40400%02zu%s";
// uint8_t GENERATE_AC[] = {0x80, 0xAE};
// uint8_t GET_CHALLENGE[] = {0x00, 0x84, 0x00};

2
client/crypto/asn1dump.c
View file

@ -323,7 +323,7 @@ bool asn1_tag_dump(const struct tlv *tlv, FILE *f, int level, bool *candump) {
const struct asn1_tag *tag = asn1_get_tag(tlv);
PRINT_INDENT(level);
fprintf(f, "--%2hx[%02zx] '%s':", tlv->tag, tlv->len, tag->name);
fprintf(f, "--%2x[%02zx] '%s':", tlv->tag, tlv->len, tag->name);
switch (tag->type) {
case ASN1_TAG_GENERIC:

4
client/emv/crypto_polarssl.c
View file

@ -208,7 +208,7 @@ static unsigned char *crypto_pk_polarssl_encrypt(const struct crypto_pk *_cp, co
res = mbedtls_rsa_public(&cp->ctx, buf, result);
if (res) {
printf("RSA encrypt failed. Error: %x data len: %zd key len: %zd\n", res * -1, len, keylen);
printf("RSA encrypt failed. Error: %x data len: %zu key len: %zu\n", res * -1, len, keylen);
free(result);
return NULL;
}
@ -234,7 +234,7 @@ static unsigned char *crypto_pk_polarssl_decrypt(const struct crypto_pk *_cp, co
res = mbedtls_rsa_private(&cp->ctx, NULL, NULL, buf, result); // CHECK???
if (res) {
printf("RSA decrypt failed. Error: %x data len: %zd key len: %zd\n", res * -1, len, keylen);
printf("RSA decrypt failed. Error: %x data len: %zu key len: %zu\n", res * -1, len, keylen);
free(result);
return NULL;
}

2
client/emv/emv_pk.c
View file

@ -483,7 +483,7 @@ struct emv_pk *emv_pk_get_ca_pk(const unsigned char *rid, unsigned char idx) {
if (!pk)
return NULL;
printf("Verifying CA PK for %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx %zd bits...",
printf("Verifying CA PK for %02hhx:%02hhx:%02hhx:%02hhx:%02hhx IDX %02hhx %zu bits...",
pk->rid[0],
pk->rid[1],
pk->rid[2],

2
client/emv/emv_roca.c
View file

@ -84,7 +84,7 @@ void print_mpi(const char *msg, int radix, const mbedtls_mpi *X) {
size_t len = 0;
mbedtls_mpi_write_string(X, radix, Xchar, sizeof(Xchar), &len);
printf("%s[%ld] %s\n", msg, len, Xchar);
printf("%s[%zu] %s\n", msg, len, Xchar);
}
bool emv_rocacheck(const unsigned char *buf, size_t buflen, bool verbose) {

10
client/emv/emv_tags.c
View file

@ -490,7 +490,7 @@ static void emv_tag_dump_dol(const struct tlv *tlv, const struct emv_tag *tag, F
doltag = emv_get_tag(&doltlv);
PRINT_INDENT(level);
fprintf(f, "\tTag %4hx len %02zx ('%s')\n", doltlv.tag, doltlv.len, doltag->name);
fprintf(f, "\tTag %4x len %02zx ('%s')\n", doltlv.tag, doltlv.len, doltag->name);
}
}
@ -537,7 +537,7 @@ static void emv_tag_dump_numeric(const struct tlv *tlv, const struct emv_tag *ta
static void emv_tag_dump_yymmdd(const struct tlv *tlv, const struct emv_tag *tag, FILE *f, int level) {
PRINT_INDENT(level);
fprintf(f, "\tDate: 20%02ld.%ld.%ld\n",
fprintf(f, "\tDate: 20%02lu.%lu.%lu\n",
emv_value_numeric(tlv, 0, 2),
emv_value_numeric(tlv, 2, 4),
emv_value_numeric(tlv, 4, 6));
@ -667,9 +667,9 @@ static void emv_tag_dump_cvm_list(const struct tlv *tlv, const struct emv_tag *t
Y = emv_get_binary(tlv->value + 4);
PRINT_INDENT(level);
fprintf(f, "\tX: %d\n", X);
fprintf(f, "\tX: %u\n", X);
PRINT_INDENT(level);
fprintf(f, "\tY: %d\n", Y);
fprintf(f, "\tY: %u\n", Y);
for (i = 8; i < tlv->len; i += 2) {
const char *method;
@ -773,7 +773,7 @@ bool emv_tag_dump(const struct tlv *tlv, FILE *f, int level) {
const struct emv_tag *tag = emv_get_tag(tlv);
PRINT_INDENT(level);
fprintf(f, "--%2hx[%02zx] '%s':", tlv->tag, tlv->len, tag->name);
fprintf(f, "--%2x[%02zx] '%s':", tlv->tag, tlv->len, tag->name);
switch (tag->type) {
case EMV_TAG_GENERIC:

12
client/flasher.c
View file

@ -22,12 +22,12 @@
void cmd_debug(UsbCommand *c) {
// Debug
printf("UsbCommand length[len=%zd]\n", sizeof(UsbCommand));
printf(" cmd[len=%zd]: %016" PRIx64"\n", sizeof(c->cmd), c->cmd);
printf(" arg0[len=%zd]: %016" PRIx64"\n", sizeof(c->arg[0]), c->arg[0]);
printf(" arg1[len=%zd]: %016" PRIx64"\n", sizeof(c->arg[1]), c->arg[1]);
printf(" arg2[len=%zd]: %016" PRIx64"\n", sizeof(c->arg[2]), c->arg[2]);
printf(" data[len=%zd]: ", sizeof(c->d.asBytes));
printf("UsbCommand length[len=%zu]\n", sizeof(UsbCommand));
printf(" cmd[len=%zu]: %016" PRIx64"\n", sizeof(c->cmd), c->cmd);
printf(" arg0[len=%zu]: %016" PRIx64"\n", sizeof(c->arg[0]), c->arg[0]);
printf(" arg1[len=%zu]: %016" PRIx64"\n", sizeof(c->arg[1]), c->arg[1]);
printf(" arg2[len=%zu]: %016" PRIx64"\n", sizeof(c->arg[2]), c->arg[2]);
printf(" data[len=%zu]: ", sizeof(c->d.asBytes));
for (size_t i = 0; i < 16; i++)
printf("%02x", c->d.asBytes[i]);

4
client/fpga_compress.c
View file

@ -98,12 +98,12 @@ int zlib_compress(FILE *infile[], uint8_t num_infiles, FILE *outfile, bool hardn
#if __WORDSIZE == 64
"Input file too big (> %" PRIu64 " bytes). This is probably not a hardnested bitflip state table.\n"
#else
"Input file too big (> %lu bytes). This is probably not a hardnested bitflip state table.\n"
"Input file too big (> %li bytes). This is probably not a hardnested bitflip state table.\n"
#endif
, HARDNESTED_TABLE_SIZE);
} else {
fprintf(stderr, "Input files too big (total > %lu bytes). These are probably not PM3 FPGA config files.\n", num_infiles * FPGA_CONFIG_SIZE);
fprintf(stderr, "Input files too big (total > %li bytes). These are probably not PM3 FPGA config files.\n", num_infiles * FPGA_CONFIG_SIZE);
}
for (uint16_t j = 0; j < num_infiles; j++) {
fclose(infile[j]);

6
client/hid-flasher/flash.c
View file

@ -180,7 +180,7 @@ static int check_segs(flash_file_t *ctx, int can_write_bl) {
// Load an ELF file and prepare it for flashing
int flash_load(flash_file_t *ctx, const char *name, int can_write_bl) {
FILE *fd = NULL;
FILE *fd;
Elf32_Ehdr ehdr;
Elf32_Phdr *phdrs = NULL;
int num_phdrs;
@ -413,7 +413,7 @@ int flash_write(flash_file_t *ctx) {
uint32_t blocks = (length + BLOCK_SIZE - 1) / BLOCK_SIZE;
uint32_t end = seg->start + length;
fprintf(stderr, " 0x%08x..0x%08x [0x%x / %d blocks]",
fprintf(stderr, " 0x%08x..0x%08x [0x%x / %u blocks]",
seg->start, end - 1, length, blocks);
int block = 0;
@ -427,7 +427,7 @@ int flash_write(flash_file_t *ctx) {
if (write_block(baddr, data, block_size) < 0) {
fprintf(stderr, " ERROR\n");
fprintf(stderr, "Error writing block %d of %d\n", block, blocks);
fprintf(stderr, "Error writing block %d of %u\n", block, blocks);
return -1;
}

2
client/hid-flasher/proxusb.c
View file

@ -166,7 +166,7 @@ usb_dev_handle *findProxmark(int verbose, unsigned int *iface) {
usb_dev_handle *OpenProxmark(int verbose) {
int ret;
usb_dev_handle *handle = NULL;
usb_dev_handle *handle;
unsigned int iface;
handle = findProxmark(verbose, &iface);

53
client/mifare/mifarehost.c
View file

@ -15,8 +15,6 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
uint32_t nt = 0, nr = 0, ar = 0;
uint64_t par_list = 0, ks_list = 0;
uint64_t *keylist = NULL, *last_keylist = NULL;
uint32_t keycount = 0;
int16_t isOK = 0;
UsbCommand c = {CMD_READER_MIFARE, {true, blockno, key_type}};
@ -49,7 +47,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
isOK = resp.arg[0];
int16_t isOK = resp.arg[0];
if (isOK < 0)
return isOK;
@ -69,7 +67,7 @@ int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key) {
}
c.arg[0] = false;
keycount = nonce2key(uid, nt, nr, ar, par_list, ks_list, &keylist);
uint32_t keycount = nonce2key(uid, nt, nr, ar, par_list, ks_list, &keylist);
if (keycount == 0) {
PrintAndLogEx(FAILED, "key not found (lfsr_common_prefix list is null). Nt=%08x", nt);
@ -502,14 +500,13 @@ int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, uint8_
int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, uint8_t params) {
uint8_t isOK = 0;
UsbCommand c = {CMD_MIFARE_CSETBLOCK, {params, blockNo, 0}};
memcpy(c.d.asBytes, data, 16);
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
isOK = resp.arg[0] & 0xff;
uint8_t isOK = resp.arg[0] & 0xff;
if (uid != NULL)
memcpy(uid, resp.d.asBytes, 4);
if (!isOK)
@ -522,13 +519,12 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, uint8_t params) {
}
int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {
uint8_t isOK = 0;
UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, blockNo, 0}};
clearCommandBuffer();
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
isOK = resp.arg[0] & 0xff;
uint8_t isOK = resp.arg[0] & 0xff;
if (!isOK)
return 2;
memcpy(data, resp.d.asBytes, 16);
@ -555,15 +551,8 @@ static uint8_t traceCurKey = 0;
struct Crypto1State *traceCrypto1 = NULL;
struct Crypto1State *revstate = NULL;
uint64_t key = 0;
uint32_t ks2 = 0;
uint32_t ks3 = 0;
uint32_t cuid = 0; // uid part used for crypto1.
uint32_t nt = 0; // tag challenge
uint32_t nr_enc = 0; // encrypted reader challenge
uint32_t ar_enc = 0; // encrypted reader response
uint32_t at_enc = 0; // encrypted tag response
int isTraceCardEmpty(void) {
return ((traceCard[0] == 0) && (traceCard[1] == 0) && (traceCard[2] == 0) && (traceCard[3] == 0));
@ -605,18 +594,14 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
memset(buf, 0, sizeof(buf));
if (fgets(buf, sizeof(buf), f) == NULL) {
PrintAndLogEx(FAILED, "No trace file found or reading error.");
if (f) {
fclose(f);
}
fclose(f);
return 2;
}
if (strlen(buf) < 32) {
if (feof(f)) break;
PrintAndLogEx(FAILED, "File content error. Block data must include 32 HEX symbols");
if (f) {
fclose(f);
}
fclose(f);
return 2;
}
for (i = 0; i < 32; i += 2) {
@ -628,9 +613,7 @@ int loadTraceCard(uint8_t *tuid, uint8_t uidlen) {
blockNum++;
}
if (f) {
fclose(f);
}
fclose(f);
return 0;
}
@ -677,14 +660,11 @@ int mfTraceInit(uint8_t *tuid, uint8_t uidlen, uint8_t *atqa, uint8_t sak, bool
}
void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool isEncrypted) {
uint8_t bt = 0;
int i;
if (len != 1) {
for (i = 0; i < len; i++)
for (int i = 0; i < len; i++)
data[i] = crypto1_byte(pcs, 0x00, isEncrypted) ^ data[i];
} else {
bt = 0;
uint8_t bt = 0;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 0)) << 0;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 1)) << 1;
bt |= (crypto1_bit(pcs, 0, isEncrypted) ^ BIT(data[0], 2)) << 2;
@ -694,7 +674,10 @@ void mf_crypto1_decrypt(struct Crypto1State *pcs, uint8_t *data, int len, bool i
}
int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
uint32_t nt = 0; // tag challenge
uint32_t nr_enc = 0; // encrypted reader challenge
uint32_t ar_enc = 0; // encrypted reader response
uint32_t at_enc = 0; // encrypted tag response
if (traceState == TRACE_ERROR)
return 1;
@ -813,11 +796,13 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
case TRACE_AUTH_OK:
if (len == 4) {
traceState = TRACE_IDLE;
// encrypted tag response
at_enc = bytes_to_num(data, 4);
// mfkey64 recover key.
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
uint64_t key = 0;
uint32_t ks2 = ar_enc ^ prng_successor(nt, 64);
uint32_t ks3 = at_enc ^ prng_successor(nt, 96);
revstate = lfsr_recovery64(ks2, ks3);
lfsr_rollback_word(revstate, 0, 0);
lfsr_rollback_word(revstate, 0, 0);
@ -865,8 +850,8 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len) {
PrintAndLogEx(SUCCESS, "\nencrypted data: [%s]", sprint_hex(data, len));
struct Crypto1State *s;
ks2 = ar_enc ^ prng_successor(nt, 64);
ks3 = at_enc ^ prng_successor(nt, 96);
uint32_t ks2 = ar_enc ^ prng_successor(nt, 64);
uint32_t ks3 = at_enc ^ prng_successor(nt, 96);
s = lfsr_recovery64(ks2, ks3);
mf_crypto1_decrypt(s, data, len, false);
PrintAndLogEx(SUCCESS, "decrypted data: [%s]", sprint_hex(data, len));

2
client/mifare/mifarehost.h
View file

@ -70,7 +70,7 @@ typedef struct {
extern char logHexFileName[FILE_PATH_SIZE];
extern int mfDarkside(uint8_t blockno, uint8_t key_type, uint64_t *key);
extern int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *ResultKeys, bool calibrate);
extern int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo, uint8_t trgKeyType, uint8_t *resultKeys, bool calibrate);
extern int mfCheckKeys(uint8_t blockNo, uint8_t keyType, bool clear_trace, uint8_t keycnt, uint8_t *keyBlock, uint64_t *key);
extern int mfCheckKeys_fast(uint8_t sectorsCnt, uint8_t firstChunk, uint8_t lastChunk,
uint8_t strategy, uint32_t size, uint8_t *keyBlock, sector_t *e_sector, bool use_flashmemory);

5
client/scripting.c
View file

@ -785,8 +785,7 @@ static int l_T55xx_readblock(lua_State *L) {
// arg 2 = use GB
static int l_T55xx_detect(lua_State *L) {
bool useGB = false, usepwd = false, isok;
uint32_t password;
uint32_t gb;
uint32_t gb, password = 0;
size_t size;
//Check number of arguments
@ -798,7 +797,7 @@ static int l_T55xx_detect(lua_State *L) {
if (size != 1) return returnToLuaWithError(L, "Wrong size of useGB, got %d , expected 1", (int) size);
sscanf(p_gb, "%u", &gb);
useGB = ( gb ) ? true : false;
printf("p_gb size %u | %c \n", size, useGB ? 'Y':'N');
printf("p_gb size %zu | %c \n", size, useGB ? 'Y':'N');
}
case 1: {
const char *p_pwd = luaL_checklstring(L, 1, &size);

213
client/scripts/test_t55x7.lua
View file

@ -40,7 +40,9 @@ Arguments:
]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds
local DEBUG = true -- the debug flag
local DEBUG = false -- the debug flag
local total_tests = 0
local total_pass = 0
local data_blocks_cmds = {
[1] = '00000000',
@ -89,23 +91,135 @@ local function exitMsg(msg)
print(msg)
print()
end
---
-- ask/fsk/psk configuration blocks to test
local function GetConfigs( modulation )
local t = {}
t['PSK1'] = {
[1] = '00001040',
[2] = '00041040',
[3] = '00081040',
[4] = '000c1040',
[5] = '00101040',
[6] = '00141040',
[7] = '00181040',
[8] = '001c1040',
}
t['PSK2'] = {
[1] = '00002040',
[2] = '00042040',
[3] = '00082040',
[4] = '000c2040',
[5] = '00102040',
[6] = '00142040',
[7] = '00182040',
[8] = '001c2040',
}
t['PSK3'] = {
[1] = '00003040',
[2] = '00043040',
[3] = '00083040',
[4] = '000c3040',
[5] = '00103040',
[6] = '00143040',
[7] = '00183040',
[8] = '001c3040',
}
t['FSK1'] = {
[1] = '00004040',
[2] = '00004040',
[3] = '00044040',
[4] = '00084040',
[5] = '000c4040',
[6] = '00104040',
[7] = '00144040',
[8] = '00184040',
[9] = '001c4040',
}
t['FSK2'] = {
[1] = '00005040',
[2] = '00045040',
[3] = '00085040',
[4] = '000c5040',
[5] = '00105040',
[6] = '00145040',
[7] = '00185040',
[8] = '001c5040',
}
t['FSK1A'] = {
[1] = '00006040',
[2] = '00046040',
[3] = '00086040',
[4] = '000c6040',
[5] = '00106040',
[6] = '00146040',
[7] = '00186040',
[8] = '001c6040',
}
t['FSK2A'] = {
[1] = '00007040',
[2] = '00047040',
[3] = '00087040',
[4] = '000c7040',
[5] = '00107040',
[6] = '00147040',
[7] = '00187040',
[8] = '001c7040',
}
t['ASK'] = {
[1] = '00008040',
[2] = '00048040',
[3] = '00088040',
[4] = '000c8040',
[5] = '00108040',
[6] = '00148040',
[7] = '00188040',
[8] = '001c8040',
}
t['BI'] = {
[1] = '00010040',
[2] = '00050040',
[3] = '00090040',
[4] = '000d0040',
[5] = '00110040',
[6] = '00150040',
[7] = '00190040',
[8] = '001d0040',
}
return t[modulation:upper()]
end
---
-- lf t55xx wipe
local function WipeCard()
local wipe_cmds = {
[1] = 'lf t55xx wipe',
[2] = 'lf t55xx detect',
}
for _ = 1, #wipe_cmds do
local c = wipe_cmds[_]
dbg(c); core.console(c)
end
print('Wiping card')
core.console('lf t55xx wipe')
local wipe_data_cmd = "lf t55xx write b %s d %s"
for _ = 1, #data_blocks_cmds do
local val = data_blocks_cmds[_]
local c = string.format(wipe_data_cmd, _, val);
core.console(c)
print('Detecting card')
local res, msg = core.t55xx_detect()
if not res then
oops("Can't detect modulation. Test failed.")
core.console("rem [ERR:DETECT:WIPED] Failed to detect after wipe")
return false
else
local wipe_data_cmd = "lf t55xx write b %s d %s"
for _ = 1, #data_blocks_cmds do
local val = data_blocks_cmds[_]
local c = string.format(wipe_data_cmd, _, val)
core.console(c)
end
return true
end
end
---
@ -120,26 +234,23 @@ local function CheckReadBlock(block)
return ('%08X'):format(data)
end
local function test()
local function test(modulation)
-- PSK1 Modulations to test. (2blocks)
local process_block0_cmds = {
[1] = '00001040',
[2] = '00041040',
[3] = '00081040',
[4] = '000c1040',
[5] = '00101040',
[6] = '00141040',
[7] = '00181040',
[8] = '001c1040',
}
local process_block0_cmds = {}
local y
local block = "00"
local s = ('Start test of %s'):format(modulation)
print(s)
process_block0_cmds = GetConfigs(modulation)
if process_block0_cmds == nil then return oops('Cant find modulation '..modulation) end
for _ = 1, #process_block0_cmds do
local p_config_cmd = process_block0_cmds[_]
local errors = 0
core.clearCommandBuffer()
-- Write Config block
@ -154,19 +265,30 @@ local function test()
local res, msg = core.t55xx_detect()
if not res then
print("can't detect modulation, skip to next config")
core.console(format("rem [ERR:DETECT:%s] Failed to detect modulation", p_config_cmd))
core.console(format('rem [SUMMARY:%s] FAIL detection', p_config_cmd))
total_tests = total_tests + #data_blocks_cmds
else
-- Loop block1-2
for _ = 1, #data_blocks_cmds do
total_tests = total_tests + 1
local val = data_blocks_cmds[_]
local blockdata, msg = CheckReadBlock(_)
if blockdata ~= val then
if blockdata:lower() ~= val:lower() then
print( ('Test %s == %s Failed'):format(val, blockdata))
core.console( format('rem -- block %d value %s failed', _, val))
core.console( format('rem [ERR:READ:%s:%d] block %d: read %s instead of %s', p_config_cmd, _, _, blockdata, val))
errors = errors+1
else
print( ('Test %s == %s OK'):format(val, blockdata))
total_pass = total_pass + 1
end
end
end
if errors >0 then
core.console( format('rem [SUMMARY:%s] FAIL %d test%s', p_config_cmd, errors, errors > 1 and "s" or ""))
else
core.console( format('rem [SUMMARY:%s] PASS all tests', p_config_cmd))
end
end
end
end
@ -181,20 +303,25 @@ local function main(args)
end
core.clearCommandBuffer()
print('Starting test, wiping card')
WipeCard()
print('Detecting card')
local res, msg = core.t55xx_detect()
if res then
print('Starting test')
test()
else
print("can't detect modulation. Test failed. Ending.")
end
local res
-- test()
-- Adjust this table to set which configurations should be tested
-- local test_modes = { 'PSK1', 'PSK2', 'PSK3', 'FSK1', 'FSK2', 'FSK1A', 'FSK2A', 'ASK', 'BI' }
local test_modes = { 'ASK', 'PSK1' }
for _ = 1, #test_modes do
res = WipeCard()
if res then
print (test_modes[_])
test(test_modes[_])
else
exitMsg('Abort!')
return
end
end
exitMsg('Tests finished')
core.console( format('rem [SUMMARY] Success rate: %d/%d tests passed%s', total_pass, total_tests, total_pass < total_tests and ", help me improving that number!" or " \\o/"))
end
main(args)

21
client/ui.c
View file

@ -21,6 +21,8 @@ bool showDemod = true;
pthread_mutex_t print_lock = PTHREAD_MUTEX_INITIALIZER;
static char *logfilename = "proxmark3.log";
float complex cexpf(float complex Z);
void PrintAndLogOptions(char *str[][2], size_t size, size_t space) {
char buff[2000] = "Options:\n";
char format[2000] = "";
@ -53,7 +55,6 @@ void PrintAndLogEx(logLevel_t level, char *fmt, ...) {
char buffer[MAX_PRINT_BUFFER] = {0};
char buffer2[MAX_PRINT_BUFFER + 20] = {0};
char *token = NULL;
int size = 0;
// {NORMAL, SUCCESS, INFO, FAILED, WARNING, ERR, DEBUG}
static char *prefixes[7] = { "", "[+] ", "[=] ", "[-] ", "[!] ", "[!!] ", "[#] "};
@ -101,7 +102,7 @@ void PrintAndLogEx(logLevel_t level, char *fmt, ...) {
while (token != NULL) {
size = strlen(buffer2);
size_t size = strlen(buffer2);
if (strlen(token))
snprintf(buffer2 + size, sizeof(buffer2) - size, "%s%s\n", prefix, token);
@ -210,13 +211,11 @@ void iceIIR_Butterworth(int *data, const size_t len) {
float b[3] = {0.003621681514929, 0.007243363029857, 0.003621681514929};
float a[3] = {1.000000000000000, -1.822694925196308, 0.837181651256023};
float sample = 0; // input sample read from array
float complex x_prime = 1.0f; // save sample for estimating frequency
float complex x;
for (i = 0; i < adjustedLen; ++i) {
sample = data[i];
float sample = data[i]; // input sample read from array
float complex x_prime = 1.0f; // save sample for estimating frequency
float complex x;
// remove DC offset and mix to complex baseband
x = (sample - 127.5f) * cexpf(_Complex_I * 2 * M_PI * fc * i);
@ -251,18 +250,14 @@ void iceSimple_Filter(int *data, const size_t len, uint8_t k) {
#define FILTER_SHIFT 4
int32_t filter_reg = 0;
int16_t input, output;
int8_t shift = (k <= 8) ? k : FILTER_SHIFT;
for (int i = 0; i < len; ++i) {
input = data[i];
// Update filter with current sample
filter_reg = filter_reg - (filter_reg >> shift) + input;
filter_reg = filter_reg - (filter_reg >> shift) + data[i];
// Scale output for unity gain
output = filter_reg >> shift;
data[i] = output;
data[i] = filter_reg >> shift;
}
}

5
common/i2c.c
View file

@ -26,7 +26,7 @@
volatile unsigned long c;
// 直接使用循环来延时,一个循环 6 条指令48M Delay=1 大概为 200kbps
// 直接使用循环来延时,一个循环 6 条指令48M Delay=1 大概为 200kbps
// timer.
// I2CSpinDelayClk(4) = 12.31us
// I2CSpinDelayClk(1) = 3.07us
@ -467,8 +467,7 @@ int16_t I2C_BufferRead(uint8_t *data, uint8_t len, uint8_t device_cmd, uint8_t d
*data = (uint8_t)tmp & 0xFF;
len--;
// 读取的第一个字节为后续长度
// 读取的第一个字节为后续长度
// The first byte in response is the message length
if (!readcount && (len > *data)) {
len = *data;

33
common/lfdemod.c
View file

@ -445,11 +445,11 @@ int ManchesterEncode(uint8_t *bits, size_t size) {
// by marshmellow
// to detect a wave that has heavily clipped (clean) samples
// loop 512 samples, if 250 of them is deemed maxed out, we assume the wave is clipped.
// loop 1024 samples, if 250 of them is deemed maxed out, we assume the wave is clipped.
bool DetectCleanAskWave(uint8_t *dest, size_t size, uint8_t high, uint8_t low) {
bool allArePeaks = true;
uint16_t cntPeaks = 0;
size_t loopEnd = 512 + 160;
size_t loopEnd = 1024 + 160;
// sanity check
if (loopEnd > size) loopEnd = size;
@ -463,7 +463,8 @@ bool DetectCleanAskWave(uint8_t *dest, size_t size, uint8_t high, uint8_t low) {
}
if (!allArePeaks) {
if (cntPeaks > 250) return true;
if (g_debugMode == 2) prnt("DEBUG DetectCleanAskWave: peaks (200) %u", cntPeaks);
if (cntPeaks > 200) return true;
}
return allArePeaks;
}
@ -520,12 +521,12 @@ int DetectStrongAskClock(uint8_t *dest, size_t size, int high, int low, int *clo
int foo = getClosestClock(minClk);
if (foo > 0) {
for (uint8_t i = 0; i < 10; i++) {
if (tmpclk[i][0] == foo) {
tmpclk[i][1]++;
for (uint8_t j = 0; j < 10; j++) {
if (tmpclk[j][0] == foo) {
tmpclk[j][1]++;
if (tmpclk[i][2] == 0) {
tmpclk[i][2] = shortestWaveIdx;
if (tmpclk[j][2] == 0) {
tmpclk[j][2] = shortestWaveIdx;
}
break;
}
@ -535,18 +536,18 @@ int DetectStrongAskClock(uint8_t *dest, size_t size, int high, int low, int *clo
// find the clock with most hits and it the first index it was encountered.
int max = 0;
for (uint8_t i = 0; i < 10; i++) {
for (uint8_t j = 0; j < 10; j++) {
if (g_debugMode == 2) {
prnt("DEBUG, ASK, clocks %u | hits %u | idx %u"
, tmpclk[i][0]
, tmpclk[i][1]
, tmpclk[i][2]
, tmpclk[j][0]
, tmpclk[j][1]
, tmpclk[j][2]
);
}
if (max < tmpclk[i][1]) {
*clock = tmpclk[i][0];
shortestWaveIdx = tmpclk[i][2];
max = tmpclk[i][1];
if (max < tmpclk[j][1]) {
*clock = tmpclk[j][0];
shortestWaveIdx = tmpclk[j][2];
max = tmpclk[j][1];
}
}

2
common/lfdemod.h
View file

@ -79,7 +79,7 @@ extern size_t removeParity(uint8_t *bits, size_t startIdx, uint8_t pLen, uint8
//tag specific
extern int detectAWID(uint8_t *dest, size_t *size, int *waveStartIdx);
extern int Em410xDecode(uint8_t *dest, size_t *size, size_t *startIdx, uint32_t *hi, uint64_t *lo);
extern int Em410xDecode(uint8_t *bits, size_t *size, size_t *start_idx, uint32_t *hi, uint64_t *lo);
extern int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
extern int detectIdteck(uint8_t *dest, size_t *size);
extern int detectIOProx(uint8_t *dest, size_t *size, int *waveStartIdx);

8
common/wiegand.c
View file

@ -72,20 +72,20 @@ size_t removeParity(uint8_t *bits, size_t startIdx, uint8_t pLen, uint8_t pType,
// Make sure *dest is long enough to store original sourceLen + #_of_parities_to_be_added
/*
* @brief addParity
* @param bits pointer to the source bitstream of binary values
* @param src pointer to the source bitstream of binary values
* @param dest pointer to the destination where parities together with bits are added.
* @param sourceLen number of
* @param pLen length bits to be checked
* @param pType EVEN|ODD|2 (always 1's)|3 (always 0's)
* @return
*/
size_t addParity(uint8_t *bits, uint8_t *dest, uint8_t sourceLen, uint8_t pLen, uint8_t pType) {
size_t addParity(uint8_t *src, uint8_t *dest, uint8_t sourceLen, uint8_t pLen, uint8_t pType) {
uint32_t parityWd = 0;
size_t j = 0, bitCnt = 0;
for (int word = 0; word < sourceLen; word += pLen - 1) {
for (int bit = 0; bit < pLen - 1; ++bit) {
parityWd = (parityWd << 1) | bits[word + bit];
dest[j++] = (bits[word + bit]);
parityWd = (parityWd << 1) | src[word + bit];
dest[j++] = (src[word + bit]);
}
// if parity fails then return 0

35
tools/nonce2key/crapto1.c
View file

@ -77,10 +77,9 @@ static void bucket_sort_intersect(uint32_t *const estart, uint32_t *const estop,
// write back intersecting buckets as sorted list.
// fill in bucket_info with head and tail of the bucket contents in the list and number of non-empty buckets.
uint32_t nonempty_bucket;
for (uint32_t i = 0; i < 2; i++) {
p1 = start[i];
nonempty_bucket = 0;
uint32_t nonempty_bucket = 0;
for (uint32_t j = 0x00; j <= 0xff; j++) {
if (bucket[0][j].bp != bucket[0][j].head && bucket[1][j].bp != bucket[1][j].head) { // non-empty intersecting buckets only
bucket_info->bucket_info[i][nonempty_bucket].head = p1;
@ -146,13 +145,12 @@ static struct Crypto1State *
recover(uint32_t *o_head, uint32_t *o_tail, uint32_t oks,
uint32_t *e_head, uint32_t *e_tail, uint32_t eks, int rem,
struct Crypto1State *sl, uint32_t in, bucket_array_t bucket) {
uint32_t *o, *e;
bucket_info_t bucket_info;
if (rem == -1) {
for (e = e_head; e <= e_tail; ++e) {
*e = *e << 1 ^ parity(*e & LF_POLY_EVEN) ^ !!(in & 4);
for (o = o_head; o <= o_tail; ++o, ++sl) {
for (uint32_t *e = e_head; e <= e_tail; ++e) {
*e = *e << 1 ^ parity(*e & LF_POLY_EVEN) ^ (!!(in & 4));
for (uint32_t *o = o_head; o <= o_tail; ++o, ++sl) {
sl->even = *o;
sl->odd = *e ^ parity(*o & LF_POLY_ODD);
sl[1].odd = sl[1].even = 0;
@ -193,12 +191,11 @@ struct Crypto1State *lfsr_recovery32(uint32_t ks2, uint32_t in) {
struct Crypto1State *statelist;
uint32_t *odd_head = 0, *odd_tail = 0, oks = 0;
uint32_t *even_head = 0, *even_tail = 0, eks = 0;
int i;
// split the keystream into an odd and even part
for (i = 31; i >= 0; i -= 2)
for (int i = 31; i >= 0; i -= 2)
oks = oks << 1 | BEBIT(ks2, i);
for (i = 30; i >= 0; i -= 2)
for (int i = 30; i >= 0; i -= 2)
eks = eks << 1 | BEBIT(ks2, i);
odd_head = odd_tail = malloc(sizeof(uint32_t) << 21);
@ -225,7 +222,7 @@ struct Crypto1State *lfsr_recovery32(uint32_t ks2, uint32_t in) {
}
// initialize statelists: add all possible states which would result into the rightmost 2 bits of the keystream
for (i = 1 << 20; i >= 0; --i) {
for (int i = 1 << 20; i >= 0; --i) {
if (filter(i) == (oks & 1))
*++odd_tail = i;
if (filter(i) == (eks & 1))
@ -233,7 +230,7 @@ struct Crypto1State *lfsr_recovery32(uint32_t ks2, uint32_t in) {
}
// extend the statelists. Look at the next 8 Bits of the keystream (4 Bit each odd and even):
for (i = 0; i < 4; i++) {
for (uint8_t i = 0; i < 4; i++) {
extend_table_simple(odd_head, &odd_tail, (oks >>= 1) & 1);
extend_table_simple(even_head, &even_tail, (eks >>= 1) & 1);
}
@ -362,7 +359,7 @@ uint8_t lfsr_rollback_bit(struct Crypto1State *s, uint32_t in, int fb) {
out ^= LF_POLY_EVEN & (s->even >>= 1);
out ^= LF_POLY_ODD & s->odd;
out ^= !!in;
out ^= (ret = filter(s->odd)) & !!fb;
out ^= (ret = filter(s->odd)) & (!!fb);
s->even |= parity(out) << 23;
return ret;
@ -498,21 +495,21 @@ uint32_t *lfsr_prefix_ks(uint8_t ks[8], int isodd) {
* helper function which eliminates possible secret states using parity bits
*/
static struct Crypto1State *check_pfx_parity(uint32_t prefix, uint32_t rresp, uint8_t parities[8][8], uint32_t odd, uint32_t even, struct Crypto1State *sl) {
uint32_t ks1, nr, ks2, rr, ks3, c, good = 1;
uint32_t good = 1;
for (c = 0; good && c < 8; ++c) {
for (uint32_t c = 0; good && c < 8; ++c) {
sl->odd = odd ^ fastfwd[1][c];
sl->even = even ^ fastfwd[0][c];
lfsr_rollback_bit(sl, 0, 0);
lfsr_rollback_bit(sl, 0, 0);
ks3 = lfsr_rollback_bit(sl, 0, 0);
ks2 = lfsr_rollback_word(sl, 0, 0);
ks1 = lfsr_rollback_word(sl, prefix | c << 5, 1);
uint32_t ks3 = lfsr_rollback_bit(sl, 0, 0);
uint32_t ks2 = lfsr_rollback_word(sl, 0, 0);
uint32_t ks1 = lfsr_rollback_word(sl, prefix | c << 5, 1);
nr = ks1 ^ (prefix | c << 5);
rr = ks2 ^ rresp;
uint32_t nr = ks1 ^ (prefix | c << 5);
uint32_t rr = ks2 ^ rresp;
good &= parity(nr & 0x000000ff) ^ parities[c][3] ^ BIT(ks2, 24);
good &= parity(rr & 0xff000000) ^ parities[c][4] ^ BIT(ks2, 16);

2
tools/nonce2key/crypto1.c
View file

@ -49,7 +49,7 @@ uint8_t crypto1_bit(struct Crypto1State *s, uint8_t in, int is_encrypted) {
uint32_t tmp;
uint8_t ret = filter(s->odd);
feedin = ret & !!is_encrypted;
feedin = ret & (!!is_encrypted);
feedin ^= !!in;
feedin ^= LF_POLY_ODD & s->odd;
feedin ^= LF_POLY_EVEN & s->even;

8
uart/uart_posix.c
View file

@ -206,7 +206,7 @@ serial_port uart_open(const char *pcPortName, uint32_t speed) {
}
}
}
printf("[=] UART Setting serial baudrate %i\n", speed);
printf("[=] UART Setting serial baudrate %u\n", speed);
return sp;
}
@ -231,7 +231,6 @@ void uart_close(const serial_port sp) {
}
bool uart_receive(const serial_port sp, uint8_t *pbtRx, size_t pszMaxRxLen, size_t *pszRxLen) {
int res;
int byteCount;
fd_set rfds;
struct timeval tv;
@ -244,7 +243,7 @@ bool uart_receive(const serial_port sp, uint8_t *pbtRx, size_t pszMaxRxLen, size
FD_ZERO(&rfds);
FD_SET(((serial_port_unix *)sp)->fd, &rfds);
tv = timeout;
res = select(((serial_port_unix *)sp)->fd + 1, &rfds, NULL, NULL, &tv);
int res = select(((serial_port_unix *)sp)->fd + 1, &rfds, NULL, NULL, &tv);
// Read error
if (res < 0) {
@ -290,7 +289,6 @@ bool uart_receive(const serial_port sp, uint8_t *pbtRx, size_t pszMaxRxLen, size
}
bool uart_send(const serial_port sp, const uint8_t *pbtTx, const size_t len) {
int32_t res;
size_t pos = 0;
fd_set rfds;
struct timeval tv;
@ -300,7 +298,7 @@ bool uart_send(const serial_port sp, const uint8_t *pbtTx, const size_t len) {
FD_ZERO(&rfds);
FD_SET(((serial_port_unix *)sp)->fd, &rfds);
tv = timeout;
res = select(((serial_port_unix *)sp)->fd + 1, NULL, &rfds, NULL, &tv);
int res = select(((serial_port_unix *)sp)->fd + 1, NULL, &rfds, NULL, &tv);
// Write error
if (res < 0) {