RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-01 02:27:21 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' of https://github.com/RfidResearchGroup/proxmark3

Browse source
This commit is contained in:
root 2019-08-18 17:06:58 +02:00
commit 63b47a003e
5 changed files with 208 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.travis.yml
View file

@ -4,6 +4,12 @@ language: c
#default linux build env is: xenial
compiler: gcc
# move some env variables to homebrew env
env:
global:
- HOMEBREW_TRAVIS_BRANCH=$TRAVIS_BRANCH
- HOMEBREW_TRAVIS_COMMIT=$TRAVIS_COMMIT
# Test on Linux and MacOS
matrix:
include:
@ -19,14 +25,23 @@ addons:
- gcc-arm-none-eabi
- libnewlib-dev
homebrew:
packages:
- readline
- p7zip
- libusb-compat
- perl
- qt5
- wget
- RfidResearchGroup/proxmark3/arm-none-eabi-gcc
taps: RfidResearchGroup/proxmark3
install:
if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
brew info proxmark3;
brew options proxmark3;
brew install --HEAD proxmark3;
elif [[ "$TRAVIS_OS_NAME" == "linux" ]]; then
make clean;
make all;
fi

21
README.md
View file

@ -1,7 +1,9 @@
# Proxmark3 RDV4.0 Dedicated Github
# RRG / Iceman repo, dedicated to Proxmark3 RDV4.0
This repo is based on iceman fork for Proxmark3. It is dedicated to bringing the most out of the new features for Proxmark3 RDV4.0 new hardware and design.
Note that it also supports other Proxmark3 platforms as well!
_Note that it also supports other Proxmark3 platforms as well!_
| Releases | Linux & OSX CI | Windows CI |
| ------------------- |:-------------------:| -------------------:|
@ -40,18 +42,21 @@ This fork now compiles just fine on
- Windows/mingw environment with Qt5.6.1 & GCC 4.8
- Ubuntu 1404, 1510, 1604, 1804, 1904
- Mac OS X / Homebrew
- ParrotOS
- WSL (Windows subsystem linux) on Windows 10
- ParrotOS, Gentoo, Pentoo
- WSL, WSL2 (Windows subsystem linux) on Windows 10
- Docker container
If you intend to contribute to the code, please read the [coding style notes](HACKING.md) first.
- Internal notes on [Coverity Scan Config & Run](/doc/md/Development/Coverity-Scan-Config-%26-Run.md).
- Internal notes on UART
- Internal notes on Frame format
- Internal notes on standalone mode
- Internal notes on [UART](/doc/uart_notes.md)
- Internal notes on [Frame format](/doc/new_frame_format.md)
- Internal notes on [external flash](/doc/ext_flash_notes.md)
- Internal notes on [standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode)
- Internal notes on [Termux / Android](/doc/termux_notes.md)
## Cheat sheet
Thanks to Alex Dibs, you can enjoy a [command cheat sheet](/doc/cheatsheet.md)
## Why didn't you base it on official Proxmark3 Master?

64
client/cmdhficlass.c
View file

@ -322,31 +322,31 @@ static void fuse_config(const picopass_hdr *hdr) {
uint8_t fuses = hdr->conf.fuses;
if (isset(fuses, FUSE_FPERS))
PrintAndLogEx(SUCCESS, "\tMode: Personalization [Programmable]");
PrintAndLogEx(SUCCESS, " Mode: Personalization [Programmable]");
else
PrintAndLogEx(NORMAL, "\tMode: Application [Locked]");
PrintAndLogEx(NORMAL, " Mode: Application [Locked]");
if (isset(fuses, FUSE_CODING1)) {
PrintAndLogEx(NORMAL, "\tCoding: RFU");
PrintAndLogEx(NORMAL, " Coding: RFU");
} else {
if (isset(fuses, FUSE_CODING0))
PrintAndLogEx(NORMAL, "\tCoding: ISO 14443-2 B/ISO 15693");
PrintAndLogEx(NORMAL, " Coding: ISO 14443-2 B/ISO 15693");
else
PrintAndLogEx(NORMAL, "\tCoding: ISO 14443B only");
PrintAndLogEx(NORMAL, " Coding: ISO 14443B only");
}
// 1 1
if (isset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, "\tCrypt: Secured page, keys not locked");
if (isset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, " Crypt: Secured page, keys not locked");
// 1 0
if (isset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, "\tCrypt: Secured page, keys locked");
if (isset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, " Crypt: Secured page, keys locked");
// 0 1
if (notset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, "\tCrypt: Non secured page");
if (notset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, " Crypt: Non secured page");
// 0 0
if (notset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, "\tCrypt: No auth possible. Read only if RA is enabled");
if (notset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, " Crypt: No auth possible. Read only if RA is enabled");
if (isset(fuses, FUSE_RA))
PrintAndLogEx(NORMAL, "\tRA: Read access enabled");
PrintAndLogEx(NORMAL, " RA: Read access enabled");
else
PrintAndLogEx(WARNING, "\tRA: Read access not enabled");
PrintAndLogEx(WARNING, " RA: Read access not enabled");
}
static void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb) {
@ -396,26 +396,26 @@ static void mem_app_config(const picopass_hdr *hdr) {
if (kb == 2 && (applimit > 0x1f)) applimit = 26;
PrintAndLogEx(NORMAL, " Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem);
PrintAndLogEx(NORMAL, "\tAA1: blocks 06-%02X", applimit);
PrintAndLogEx(NORMAL, "\tAA2: blocks %02X-%02X", applimit + 1, max_blk);
PrintAndLogEx(NORMAL, "\tOTP: 0x%02X%02X", hdr->conf.otp[1], hdr->conf.otp[0]);
PrintAndLogEx(NORMAL, "\nKeyAccess:");
PrintAndLogEx(NORMAL, " AA1: blocks 06-%02X", applimit);
PrintAndLogEx(NORMAL, " AA2: blocks %02X-%02X", applimit + 1, max_blk);
PrintAndLogEx(NORMAL, " OTP: 0x%02X%02X", hdr->conf.otp[1], hdr->conf.otp[0]);
PrintAndLogEx(NORMAL, " KeyAccess:");
uint8_t book = isset(mem, 0x20);
if (book) {
PrintAndLogEx(NORMAL, "\tRead A - Kd");
PrintAndLogEx(NORMAL, "\tRead B - Kc");
PrintAndLogEx(NORMAL, "\tWrite A - Kd");
PrintAndLogEx(NORMAL, "\tWrite B - Kc");
PrintAndLogEx(NORMAL, "\tDebit - Kd or Kc");
PrintAndLogEx(NORMAL, "\tCredit - Kc");
PrintAndLogEx(NORMAL, " Read A - Kd");
PrintAndLogEx(NORMAL, " Read B - Kc");
PrintAndLogEx(NORMAL, " Write A - Kd");
PrintAndLogEx(NORMAL, " Write B - Kc");
PrintAndLogEx(NORMAL, " Debit - Kd or Kc");
PrintAndLogEx(NORMAL, " Credit - Kc");
} else {
PrintAndLogEx(NORMAL, "\tRead A - Kd or Kc");
PrintAndLogEx(NORMAL, "\tRead B - Kd or Kc");
PrintAndLogEx(NORMAL, "\tWrite A - Kc");
PrintAndLogEx(NORMAL, "\tWrite B - Kc");
PrintAndLogEx(NORMAL, "\tDebit - Kd or Kc");
PrintAndLogEx(NORMAL, "\tCredit - Kc");
PrintAndLogEx(NORMAL, " Read A - Kd or Kc");
PrintAndLogEx(NORMAL, " Read B - Kd or Kc");
PrintAndLogEx(NORMAL, " Write A - Kc");
PrintAndLogEx(NORMAL, " Write B - Kc");
PrintAndLogEx(NORMAL, " Debit - Kd or Kc");
PrintAndLogEx(NORMAL, " Credit - Kc");
}
}
static void print_picopass_info(const picopass_hdr *hdr) {
@ -453,14 +453,14 @@ static int CmdHFiClassSim(const char *Cmd) {
if (simType == 0) {
if (param_gethex(Cmd, 1, CSN, 16)) {
PrintAndLogEx(WARNING, "A CSN should consist of 16 HEX symbols");
PrintAndLogEx(ERR, "A CSN should consist of 16 HEX symbols");
return usage_hf_iclass_sim();
}
PrintAndLogEx(NORMAL, "--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8));
PrintAndLogEx(NORMAL, " simtype: %02x csn: %s", simType, sprint_hex(CSN, 8));
}
if (simType > 4) {
PrintAndLogEx(WARNING, "Undefined simptype %d", simType);
PrintAndLogEx(ERR, "Undefined simptype %d", simType);
return usage_hf_iclass_sim();
}
@ -1903,7 +1903,7 @@ static int CmdHFiClassManageKeys(const char *Cmd) {
case 'f':
fileNameLen = param_getstr(Cmd, cmdp + 1, filename, sizeof(filename));
if (fileNameLen < 1) {
PrintAndLogEx(WARNING, "No filename found after f");
PrintAndLogEx(ERR, "No filename found");
errors = true;
}
cmdp += 2;
@ -1911,7 +1911,7 @@ static int CmdHFiClassManageKeys(const char *Cmd) {
case 'n':
keyNbr = param_get8(Cmd, cmdp + 1);
if (keyNbr >= ICLASS_KEYS_MAX) {
PrintAndLogEx(WARNING, "Invalid block number");
PrintAndLogEx(ERR, "Invalid block number, MAX is "_YELLOW_("%d"), ICLASS_KEYS_MAX);
errors = true;
}
cmdp += 2;

10
client/reveng/config.h
View file

@ -77,14 +77,16 @@
*/
#if UINTPTR_MAX == UINT64_MAX
// 64-bit
#include <stdint.h>
#include <limits.h>
#if ULONG_MAX == UINT64_MAX
// most 64-bit platforms
#define PRESETS 1
#define BMP_BIT 64
#define BMP_SUB 32
#elif UINTPTR_MAX == UINT32_MAX
// 32-bit
#elif ULONG_MAX == UINT32_MAX
// 32-bit platforms and Mingw64
#define PRESETS 1
#define BMP_BIT 32
#define BMP_SUB 16

173
doc/cheatsheet.md
View file

@ -1,17 +1,18 @@
# Cheatsheet
# Command Cheat Sheet
<a id="Top"></a>
- [Generic](#Generic)
- [iClass](#iClass)
- [Mifare](#Mifare)
- [HID Prox](#HID-Prox)
- [Indala](#Indala)
- [Hitag](#Hitag)
- [T55XX](#T55XX)
- [Data](#Data)
- [Lua Scripts](#Lua-Scripts)
|Generic|Low Frequence 125 kHz|High Frequence 13.56 MHz|
|---|---|---|
|[Generic](#Generic)|[T55XX](#T55XX)|[Mifare](#Mifare)|
|[Data](#Data)|[HID Prox](#HID-Prox)|[iClass](#iClass)|
|[Memory](#Memory)|[Indala](#Indala)||
|[Sim Module](#Sim-Module)|[Hitag](#Hitag)||
|[Lua Scripts](#Lua-Scripts)|||
|[Smart Card](#Smart-Card)|||
## Generic
^[Top](#top)
Identify High Frequency cards
```
@ -33,7 +34,13 @@ Check versioning
pm3 --> hw version
```
Check overall status
```
pm3 --> hw status
```
## iClass
^[Top](#top)
Reverse permute iClass master key
```
@ -163,26 +170,37 @@ pm3 --> hf iclass lookup u 010a0ffff7ff12e0 p feffffffffffffff m 66348979153c41b
```
## Mifare
^[Top](#top)
Check for default keys
```
Options
---
<*card memory> <key type (A/B/?)> [t|d|s|ss] <dic (*.dic)>
* - all sectors
card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K
d - write keys to binary file
* : all sectors
card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K
d : write keys to binary file
pm3 --> hf mf chk *1 ? d default_keys.dic
```
Check for default keys from local memory
```
Options
---
card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K
m : use dictionary from flashmemory
pm3 --> hf mf fchk 1 m
```
Dump Mifare card contents
```
Options
---
<card memory>: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K
k <name> : key filename, if no <name> given, UID will be used as filename"
f <name> : data filename, if no <name> given, UID will be used as filename
<card memory> : 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K
k <name> : key filename, if no <name> given, UID will be used as filename"
f <name> : data filename, if no <name> given, UID will be used as filename
pm3 --> hf mf dump 1
pm3 --> hf mf dump 1 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-data.bin
@ -192,7 +210,7 @@ Convert .bin to .eml
```
Options
---
i ?????????????
i <file> : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
pm3 --> script run dumptoemul -i dumpdata.bin
```
@ -251,6 +269,7 @@ pm3 --> hf mf restore 1 u 4A6CE843 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-dat
```
## HID Prox
^[Top](#top)
Read HID Prox card
```
@ -289,17 +308,18 @@ Brute force HID reader
```
Options
---
a <format> : 26|33|34|35|37|40|44|84");
f <facility-code> : 8-bit value HID facility code");
c <cardnumber> : (optional) cardnumber to start with, max 65535");
d <delay> : delay betweens attempts in ms. Default 1000ms");
v : verbose logging, show all tries");
a <format> : 26|33|34|35|37|40|44|84
f <facility-code> : 8-bit value HID facility code
c <cardnumber> : (optional) cardnumber to start with, max 65535
d <delay> : delay betweens attempts in ms. Default 1000ms
v : verbose logging, show all tries
pm3 --> lf hid brute a 26 f 224
pm3 --> lf hid brute v a 26 f 21 c 200 d 2000
```
## Indala
^[Top](#top)
Read Indala card
```
@ -330,6 +350,7 @@ pm3 --> lf indala clone a0000000c2c436c1
```
## Hitag
^[Top](#top)
Read Hitag information
```
@ -345,7 +366,7 @@ HitagS:
02 <key> : Read all pages, crypto mode. Set key=0 for no auth
Hitag2:
21 <password> : Read all pages, password mode. Default: 4D494B52 (\"MIKR\")
21 <password> : Read all pages, password mode. Default: 4D494B52 ("MIKR")
22 <nr> <ar> : Read all pages, challenge mode
23 <key> : Read all pages, crypto mode. Key format: ISK high + ISK low. Default: 4F4E4D494B52 ("ONMIKR")
25 : Test recorded authentications
@ -388,17 +409,18 @@ pm3 --> lf hitag sim c378181c_a8f7.ht2
```
## T55XX
^[Top](#top)
Detect T55XX card
```
pm3 --> lf t55xx detect
```
Configure demodulation
Configure modulation
```
Options
---
<FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa> : Set demodulation
<FSK|FSK1|FSK1a|FSK2|FSK2a|ASK|PSK1|PSK2|NRZ|BI|BIa> : Set modulation
EM is ASK
HID Prox is FSK
Indala is PSK
@ -406,6 +428,16 @@ Indala is PSK
pm3 --> lf t55xx config FSK
```
Set timings to default
```
Options
---
p : persist to flashmemory
z : Set default t55x7 timings (use p to save if required)
pm3 --> lf t55xx deviceconfig z p
```
Write to T55xx block
```
b <block> : block number to write. Between 0-7
@ -416,32 +448,34 @@ pm3 --> lf t55xx wr b 0 d 00081040
Wipe a T55xx tag and set defaults
```
lf t55xx wipe
pm3 --> lf t55xx wipe
```
## Data
^[Top](#top)
Get raw samples [512-40000]
```
data samples <size>
pm3 --> data samples <size>
```
Save samples to file
```
data save <filename>
pm3 --> data save <filename>
```
Load samples from file
```
data load <filename>
pm3 --> data load <filename>
```
## Lua Scripts
^[Top](#top)
List Lua Scripts
```
script list
pm3 --> script list
```
Convert .bin to .eml
@ -450,7 +484,7 @@ Options
---
i <file> : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used
script run dumptoemul -i xxxxxxxxxxxxxx.bin
pm3 --> script run dumptoemul -i xxxxxxxxxxxxxx.bin
```
Format Mifare card
@ -462,5 +496,80 @@ n <key> : the new key that will be written to the card
a <access> : the new access bytes that will be written to the card
x : execute the commands aswell.
script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x
pm3 --> script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x
```
## Memory
^[Top](#top)
Load default keys into memory
```
Options
---
o <offset> : offset in memory
f <filename> : file name
m : upload 6 bytes keys (mifare key dictionary)
i : upload 8 bytes keys (iClass key dictionary)
t : upload 4 bytes keys (pwd dictionary)
pm3 --> mem load f default_keys m
pm3 --> mem load f default_pwd t
pm3 --> mem load f default_iclass_keys i
```
## Sim Module
^[Top](#top)
Upgrade Sim Module firmware
```
pm3 --> sc upgrade f ../tools/simmodule/SIM011.BIN
```
## Smart Card
^[Top](#top)
Get Smart Card Information
```
pm3 --> sc info
```
Act like an IS07816 reader
```
pm3 --> sc reader
```
Set clock speed
```
Options
---
c <speed> : clockspeed (0 = 16MHz, 1=8MHz, 2=4MHz)
pm3 --> sc setclock c 2
```
Send raw hex data
```
Options
---
r : do not read response
a : active smartcard without select (reset sc module)
s : active smartcard with select (get ATR)
t : executes TLV decoder if it possible
0 : use protocol T=0
d <bytes> : bytes to send
pm3 --> sc raw s 0 d 00a404000e315041592e5359532e4444463031 : 1PAY.SYS.DDF01 PPSE directory with get ATR
pm3 --> sc raw 0 d 00a404000e325041592e5359532e4444463031 : 2PAY.SYS.DDF01 PPSE directory
pm3 --> sc raw 0 t d 00a4040007a0000000041010 : Mastercard
pm3 --> sc raw 0 t d 00a4040007a0000000031010 : Visa
````
Bruteforce SPI
```
Options
---
t : executes TLV decoder if it possible
pm3 --> sc brute
pm3 --> sc brute t
```