Merge branch 'master' of github.com:RfidResearchGroup/proxmark3

* 'master' of github.com:RfidResearchGroup/proxmark3:
  textual
  Changelog for PR #245, #246
  chg: 'script run read_pwd_mem' - now can correctly deal with more than 4096 bytes when printing mifare classic keys
  Fix. More flexible anti-collision frame check
  hf_mf_sim. Really tags not respond NACK on invalid authentication

CHANGELOG.md

@@ -3,6 +3,9 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Fix 'hf mf sim' - Mifare Classic simulation more flexible anti-collision check (@McEloff)
+ - Change: 'hf mf sim ' - Mifare Classic simulation not respond NACK on invalid authentication request (@McEloff)
+ - Change: 'read_pwd_mem.lua' now handles Mifare Classic dictionaries large than 4096 bytes (@iceman)
  - Change: Don't clear trace log during 'hf mf chk', to save whole process history (@McEloff)
  - Add support for WSL in proxmark.sh (@doegox)
  - Add documentation for usage of Proxmark3 under WSL (@doegox)

armsrc/mifaresim.c

@@ -625,7 +625,8 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
                 }
 
                 // Incoming anti-collision frame
-                if (receivedCmd_len >= 2 && receivedCmd_len <= 6 && receivedCmd[1] == 0x50) {
+                // receivedCmd[1] indicates number of byte and bit collision, supports only for bit collision is zero
+                if (receivedCmd_len >= 3 && receivedCmd_len <= 6 && (receivedCmd[1] & 0x0f) == 0) {
                     // we can process only full-byte frame anti-collision procedure
                     if (memcmp(&receivedCmd[2], responses[uid_index].response, receivedCmd_len - 2) == 0) {
                         // response missing part of UID via relative array index
@@ -1036,8 +1037,9 @@ void Mifare1ksim(uint16_t flags, uint8_t exitAfterNReads, uint8_t *datain) {
                                 );
                     }
                     cardAUTHKEY = AUTHKEYNONE;	// not authenticated
-                    EmSend4bit(mf_crypto1_encrypt4bit(pcs, CARD_NACK_NA));
                     cardSTATE_TO_IDLE();
+                    // Really tags not respond NACK on invalid authentication
+                    LogTrace(uart->output, uart->len, uart->startTime * 16 - DELAY_AIR2ARM_AS_TAG, uart->endTime * 16 - DELAY_AIR2ARM_AS_TAG, uart->parity, true);
                     break;
                 }
 

client/scripts/read_pwd_mem.lua

@@ -81,18 +81,19 @@ local function main(args)
         if o == 'o' then offset = tonumber(a) end
 
         -- num of bytes to read
-        if o == 'l' then length = tonumber(a) end
+        if o == 'l' then 
+			length = tonumber(a) 
+			if length < 0 or length > 256 then
+				return oops('Error: Length is not valid. Must be less than 256')
+			end
+		end
 
         -- keylength
         if o == 'k' then keylength = tonumber(a); usedkey = true end
 
-        if o == 'm' then keylength =6; usedkey = true; offset = 0x3F000-0x6000; end
-        if o == 't' then keylength =4; usedkey = true; offset = 0x3F000-0x3000; end
-        if o == 'i' then keylength =8; usedkey = true; offset = 0x3F000-0x4000; end
-    end
-
-    if length < 0 or length > 256 then
-        return oops('Error: Length is not valid. Must be less than 256')
+        if o == 'm' then keylength = 6; usedkey = true; length = 8192; offset = 0x3F000-0x6000; end
+        if o == 't' then keylength = 4; usedkey = true; length = 4096; offset = 0x3F000-0x3000; end
+        if o == 'i' then keylength = 8; usedkey = true; length = 4096; offset = 0x3F000-0x4000; end
     end
 
     if (offset < 0) or (offset % 4 ~= 0) then
@@ -102,9 +103,7 @@ local function main(args)
     print('Memory offset', offset)
     print('Length       ', length)
     print('Key length   ', keylength)
-    print( string.rep('--',20) )
-
-    if usedkey then length = 4096 end
+    print( string.rep('--', 20) )
 
     data, err = core.GetFromFlashMem(offset, length)
     if err then return oops(err) end
@@ -116,7 +115,6 @@ local function main(args)
 
         local kl = keylength * 2
         for i = 1, keys do
-
             key  = string.sub(s, (i - 1) * kl + 1, i * kl )
             print(string.format('[%02d] %s',i, key))
         end