RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-20 03:48:33 +08:00
Code Issues Projects Releases Packages Wiki Activity

chg: 'standlone mode colinrun aka KIGIV' - made it smaller to fit a normal compilation of fullimage

Browse source
This commit is contained in:
Chris 2018-11-06 19:13:06 +01:00
parent 98e24013cf
commit 4d124c46f2
2 changed files with 28 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

156
armsrc/Standalone/hf_colin.c
View file

@ -25,6 +25,7 @@ int curlline;
// Colin's VIGIKPWN sniff/simulate/clone repeat routine for HF Mifare
/*
void cjPrintBigArray(const char *bigar, int len, uint8_t newlines, uint8_t debug)
{
uint32_t chunksize = (USB_CMD_DATA_SIZE / 4);
@ -56,6 +57,7 @@ void cjPrintBigArray(const char *bigar, int len, uint8_t newlines, uint8_t debug
DbprintfEx(FLAG_NOLOG, " ");
}
}
*/
void cjSetCursFRight()
{
@ -153,83 +155,8 @@ void SpinUp(uint32_t speed)
LED_D_OFF();
}
void TestFlashmemSpeed(size_t buffersize, uint32_t spibaudrate) {
FLASHMEM_SPIBAUDRATE = spibaudrate*1000000;
DbprintfEx(FLAG_NOLOG, "%s---+----[ %s %s[%dKB] %s] (%d)", _GREEN_, _WHITE_, _YELLOW_, buffersize / 1024, _WHITE_, FLASHMEM_SPIBAUDRATE);
uint16_t t = 0;
LED_B_ON();
uint8_t *mem = BigBuf_malloc(buffersize);
bool isok = false;
size_t len = 0;
uint32_t startidx = 0;
uint32_t numofbytes = 0x3FFFF;
if (!FlashInit()) {
return;
}
//Flash_CheckBusy(BUSY_TIMEOUT);
//Flash_ReadStat1();
uint32_t end_time;
uint32_t start_time = end_time = GetTickCount();
for (size_t i = 0; i < numofbytes; i += buffersize)
void ReadLastTagFromFlash()
{
len = MIN((numofbytes - i), buffersize);
//isok = Flash_ReadData(startidx + i, mem, len);
//uint32_t iend_time;
//uint32_t istart_time = iend_time = GetTickCount();
isok = Flash_ReadDataCont(startidx + i, mem, len);
//iend_time = GetTickCount();
//DbprintfEx(FLAG_RAWPRINT, "%s%dms%s>", _YELLOW_, iend_time - istart_time, _WHITE_);
//cjSetCursLeft();
if (!isok)
{
Dbprintf("[FAIL] reading flash memory failed :: | bytes between %d - %d", i, len);
return;
}
//isok = cmd_send(CMD_FLASHMEM_DOWNLOADED, i, len, 0, mem, len);
//if (!isok)
// Dbprintf("transfer to client failed :: | bytes between %d - %d", i, len);
t++;
}
end_time = GetTickCount();
DbprintfEx(FLAG_NOLOG, "%s |--< %s %s%dms%s for FULL_FLASH_READ", _GREEN_, _WHITE_, _YELLOW_, end_time - start_time, _WHITE_);
DbprintfEx(FLAG_NOLOG, "%s `--= %s %d runs of %s~%dms%s each", _GREEN_, _WHITE_, t, _YELLOW_, (end_time - start_time) / t, _WHITE_);
DbprintfEx(FLAG_NOLOG, "");
//cjSetCursLeft();
LED_B_OFF();
FlashStop();
}
void TestFlashmemRoutine()
{
DbprintfEx(FLAG_NOLOG, "%s>>%s Will Now Test dumping Full flash [256Kb] (2Mbits)through Bigbuf buffers\n", _GREEN_, _WHITE_);
MF_DBGLEVEL = MF_DBG_NONE;
//DbprintfEx(FLAG_NOLOG, "---------\n%s[A]%s Using NORMAL Reads @Max (24Mhz=MCK/2)\n--------", _GREEN_, _WHITE_);
TestFlashmemSpeed(32768,24);
TestFlashmemSpeed(16384 + 4096 + 4096,24);
TestFlashmemSpeed(16384,24);
TestFlashmemSpeed(4096,24);
TestFlashmemSpeed(1024,24);
//SpinDelay(1000);
//WDT_HIT();
//DbprintfEx(FLAG_NOLOG, "--------\n%s[B]%s Using FAST Reads @Max (48Mhz=MCK=CPUClock/2=MAXSPI)\n--------", _GREEN_, _WHITE_);
TestFlashmemSpeed(32768,48);
TestFlashmemSpeed(16384 + 4096 + 4096,48);
TestFlashmemSpeed(16384,48);
TestFlashmemSpeed(4096,48);
TestFlashmemSpeed(1024,48);
//SpinDelay(1000);
//WDT_HIT();
return;
}
void ReadLastTagFromFlash() {
SpinOff(0);
LED_A_ON();
LED_B_ON();
@ -250,20 +177,15 @@ void ReadLastTagFromFlash() {
}
Flash_CheckBusy(BUSY_TIMEOUT);
//Flash_ReadStat1();
uint32_t end_time;
uint32_t start_time = end_time = GetTickCount();
for (size_t i = 0; i < len; i += size)
{
len = MIN((len - i), size);
// isok = Flash_FastReadDataCont(startidx + i, mem, len);
isok = Flash_ReadDataCont(startidx + i, mem, len);
if (isok == len)
{
//print_result("Chunk: ", mem, len);
emlSetMem(mem, 0, 64);
}
else
@ -287,7 +209,6 @@ void ReadLastTagFromFlash() {
void WriteTagToFlash(uint8_t index, size_t size)
{
SpinOff(0);
LED_A_ON();
LED_B_ON();
@ -302,7 +223,7 @@ void WriteTagToFlash(uint8_t index, size_t size)
uint8_t data[(size * (16 * 64))/1024];
uint8_t buff[PAGESIZE];
// cnt = 0;
emlGetMem(data, 0, (size * 64)/1024);
if (!FlashInit()){
@ -318,7 +239,6 @@ void WriteTagToFlash(uint8_t index, size_t size)
while (bytes_remaining > 0)
{
Flash_CheckBusy(BUSY_TIMEOUT);
Flash_WriteEnable();
@ -337,7 +257,6 @@ void WriteTagToFlash(uint8_t index, size_t size)
DbprintfEx(FLAG_NOLOG, "FlashMem write FAILEd [offset %u]", bytes_sent);
cjSetCursLeft();
SpinOff(100);
return;
}
@ -352,11 +271,8 @@ void WriteTagToFlash(uint8_t index, size_t size)
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "%s[IN]%s %s%dms%s for TAG_FLASH_WRITE", _GREEN_, _WHITE_, _YELLOW_, end_time - start_time, _WHITE_);
cjSetCursLeft();
FlashStop();
SpinOff(0);
return;
}
@ -473,11 +389,12 @@ ACCBITS : 796788[00]+VALUE
{
for (uint16_t sectorNo = 0; sectorNo < sectorsCnt; sectorNo++)
{
// validKey[t][sectorNo] = false;
for (uint16_t i = 0; i < 6; i++)
{
foundKey[t][sectorNo][i] = 0xff;
}
foundKey[t][sectorNo][0] = 0xFF;
foundKey[t][sectorNo][1] = 0xFF;
foundKey[t][sectorNo][2] = 0xFF;
foundKey[t][sectorNo][3] = 0xFF;
foundKey[t][sectorNo][4] = 0xFF;
foundKey[t][sectorNo][5] = 0xFF;
}
}
@ -491,7 +408,6 @@ ACCBITS : 796788[00]+VALUE
// banner:
vtsend_reset(NULL);
DbprintfEx(FLAG_NOLOG, "\r\n%s", clearTerm);
cjPrintBigArray(LOGO, sizeof(LOGO), 0, 0);
DbprintfEx(FLAG_NOLOG, "%s%s%s", _CYAN_, sub_banner, _WHITE_);
DbprintfEx(FLAG_NOLOG, "%s>>%s C.J.B's MifareFastPwn Started\r\n", _RED_, _WHITE_);
@ -506,11 +422,6 @@ ACCBITS : 796788[00]+VALUE
SpinOff(50);
SpinDown(50);
#if 0
TestFlashmemRoutine();
return;
#endif
failtag:
vtsend_cursor_position_save(NULL);
@ -607,7 +518,7 @@ failtag:
for (int sec = 0; sec < sectorsCnt && !err && !trapped; ++sec)
{
key = cjat91_saMifareChkKeys(sec * 4, type, NULL, size, &keyBlock[0], &key64);
// key = saMifareChkKeys(sec * 4, type, NULL, size, &keyBlock[0], &key64);
if (key == -1)
{
err = 1;
@ -966,16 +877,6 @@ readysim:
DbprintfEx(FLAG_NOLOG, "<- We're out of Emulation");
// END SIM
/*for (;;) {
WDT_HIT();
int button_action = BUTTON_HELD(500);
if (button_action == 0) { // No button action, proceed with sim
SpinDelay(100);
WDT_HIT();
} else if (button_action == BUTTON_SINGLE_CLICK) {
*/
cjSetCursLeft();
DbprintfEx(FLAG_NOLOG, "-> Trying a clone !");
@ -987,15 +888,7 @@ readysim:
DbprintfEx(FLAG_NOLOG, "-> End Cloning.");
WDT_HIT();
// break;
/*} else if (button_action == BUTTON_HOLD) {
DbprintfEx(FLAG_RAWPRINT,"Playtime over. Begin cloning...");
iGotoClone = 1;
break;
}*/
// Debunk...
// SpinDelay(300);
cjSetCursLeft();
cjTabulize();
vtsend_set_attribute(NULL, 0);
@ -1020,14 +913,13 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
uint8_t numSectors = arg0;
uint8_t keyType = arg1;
uint64_t ui64Key = 0;
// uint32_t cuid;
struct Crypto1State mpcs = {0, 0};
struct Crypto1State *pcs;
pcs = &mpcs;
byte_t dataoutbuf[16];
byte_t dataoutbuf2[16];
// uint8_t uid[10];
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
@ -1035,7 +927,6 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
set_tracing(false);
bool isOK = true;
// iso14443a_fast_select_card(cjuid, 0);
if (!iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true))
{
@ -1113,22 +1004,17 @@ void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *dat
DbpString("EMUL FILL SECTORS FINISHED\n");
}
/* . . . */
/* the chk function is a piwied(tm) check that will try all keys for
a particular sector. also no tracing no dbg */
int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, uint8_t keyCount, uint8_t *datain, uint64_t *key)
{
MF_DBGLEVEL = MF_DBG_NONE;
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
set_tracing(false);
// uint8_t uid[10];
// uint32_t cuid;
struct Crypto1State mpcs = {0, 0};
struct Crypto1State *pcs;
pcs = &mpcs;
// byte_t isOK = 0;
for (int i = 0; i < keyCount; ++i)
{
@ -1241,7 +1127,6 @@ void saMifareMakeTag(void)
//-----------------------------------------------------------------------------
int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
{
// params
uint8_t needWipe = arg0;
// bit 0 - need get UID
@ -1259,9 +1144,7 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
// variables
byte_t isOK = 0;
// uint8_t uid[10] = {0x00};
uint8_t d_block[18] = {0x00};
// uint32_t cuid;
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
@ -1270,7 +1153,6 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
if (workFlags & 0x08)
{
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
// clear_trace();
set_tracing(FALSE);
}
@ -1282,18 +1164,14 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
// get UID from chip
if (workFlags & 0x01)
{
// if (!iso14443a_fast_select_card(cjuid, 0)) {
if (!iso14443a_select_card(cjuid, NULL, &cjcuid, true, 0, true))
{
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "Can't select card");
break;
};
if (mifare_classic_halt(NULL, cjcuid))
{
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "Halt error");
break;
};
@ -1305,7 +1183,6 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
ReaderTransmitBitsPar(wupC1, 7, 0, NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a))
{
// if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "wupC1 error");
break;
};
@ -1313,14 +1190,12 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
ReaderTransmit(wipeC, sizeof(wipeC), NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a))
{
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "wipeC error");
break;
};
if (mifare_classic_halt(NULL, cjcuid))
{
if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "Halt error");
break;
};
@ -1333,7 +1208,6 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
ReaderTransmitBitsPar(wupC1, 7, 0, NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a))
{
// if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "wupC1 error");
break;
};
@ -1341,7 +1215,6 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
if (!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a))
{
// if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "wupC2 errorv");
break;
};
@ -1349,7 +1222,6 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a))
{
// if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "write block send command error");
break;
};
@ -1359,7 +1231,6 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
ReaderTransmit(d_block, sizeof(d_block), NULL);
if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a))
{
// if (MF_DBGLEVEL >= 1)
DbprintfEx(FLAG_NOLOG, "write block send data error");
break;
};
@ -1368,7 +1239,6 @@ int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *data
{
if (mifare_classic_halt(NULL, cjcuid))
{
// if (MF_DBGLEVEL >= 1)
cjSetCursFRight();
DbprintfEx(FLAG_NOLOG, "Halt error");

12
armsrc/Standalone/hf_colin.h
View file

@ -16,18 +16,15 @@
#ifndef __HF_COLIN_H
#define __HF_COLIN_H
#include "proxmark3.h"
#include "mifareutil.h"
#include "iso14443a.h"
//#include "printf.h"
#include "protocols.h"
#include "util.h"
#include "standalone.h" // standalone definitions
#include <stdbool.h> // for bool
#include <stdio.h>
#include <string.h>
//#include <stdio.h>
#include "vtsend.h"
#include "apps.h"
#include "printf.h"
@ -47,17 +44,17 @@ int cjat91_saMifareChkKeys(uint8_t blockNo, uint8_t keyType, bool clearTrace, ui
void e_MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void saMifareMakeTag(void);
int saMifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void cjPrintBigArray(const char *bigar, int len, uint8_t newlines, uint8_t debug);
void WriteTagToFlash(uint8_t index, size_t size);
const char clearTerm[8] = {0x1b, 0x5b, 0x48, 0x1b, 0x5b, 0x32, 0x4a, '\0'};
void TestFlashmemSpeed(size_t buffersize, uint32_t spibaudrate);
//void cjPrintBigArray(const char *bigar, int len, uint8_t newlines, uint8_t debug);
//void TestFlashmemSpeed(size_t buffersize, uint32_t spibaudrate);
#define LOGO logo_kigiv
//#define LOGO logo_kigiv
const char sub_banner[] = " From Vigik : \"20 years of (un)security without a single update\"";
/*
const char logo_kigiv[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x1b, 0x5b, 0x33, 0x38, 0x3b, 0x35,
0x3b, 0x39, 0x35, 0x6d, 0x30, 0x1b, 0x5b, 0x33, 0x38, 0x3b, 0x35, 0x3b, 0x31, 0x33, 0x37, 0x6d, 0x30, 0x1b, 0x5b, 0x33, 0x38, 0x3b, 0x35, 0x3b, 0x39, 0x35,
@ -418,6 +415,7 @@ const char logo_kigiv[] = {
0x31, 0x1b, 0x5b, 0x33, 0x38, 0x3b, 0x35, 0x3b, 0x35, 0x39, 0x6d, 0x31, 0x1b, 0x5b, 0x33, 0x38, 0x3b, 0x35, 0x3b, 0x35, 0x39, 0x6d, 0x30, 0x1b, 0x5b, 0x33,
0x38, 0x3b, 0x35, 0x3b, 0x35, 0x39, 0x6d, 0x31, 0x1b, 0x5b, 0x33, 0x38, 0x3b, 0x35, 0x3b, 0x35, 0x39, 0x6d, 0x31, 0x0d, 0x0a};
unsigned int logo_kigiv_len = 9303;
*/
/*const char logo_kigiv_nocolor[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x20,