diff --git a/.travis.yml b/.travis.yml index f42dd8f1c..079ae5a33 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,12 @@ language: c #default linux build env is: xenial compiler: gcc +# move some env variables to homebrew env +env: + global: + - HOMEBREW_TRAVIS_BRANCH=$TRAVIS_BRANCH + - HOMEBREW_TRAVIS_COMMIT=$TRAVIS_COMMIT + # Test on Linux and MacOS matrix: include: @@ -19,14 +25,23 @@ addons: - gcc-arm-none-eabi - libnewlib-dev homebrew: + packages: + - readline + - p7zip + - libusb-compat + - perl + - qt5 + - wget + - RfidResearchGroup/proxmark3/arm-none-eabi-gcc taps: RfidResearchGroup/proxmark3 - + install: if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew info proxmark3; brew options proxmark3; brew install --HEAD proxmark3; elif [[ "$TRAVIS_OS_NAME" == "linux" ]]; then + make clean; make all; fi diff --git a/README.md b/README.md index 1af5d2157..81c676b8d 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ -# Proxmark3 RDV4.0 Dedicated Github +# RRG / Iceman repo, dedicated to Proxmark3 RDV4.0 This repo is based on iceman fork for Proxmark3. It is dedicated to bringing the most out of the new features for Proxmark3 RDV4.0 new hardware and design. -Note that it also supports other Proxmark3 platforms as well! + +_Note that it also supports other Proxmark3 platforms as well!_ + | Releases | Linux & OSX CI | Windows CI | | ------------------- |:-------------------:| -------------------:| @@ -40,18 +42,21 @@ This fork now compiles just fine on - Windows/mingw environment with Qt5.6.1 & GCC 4.8 - Ubuntu 1404, 1510, 1604, 1804, 1904 - Mac OS X / Homebrew - - ParrotOS - - WSL (Windows subsystem linux) on Windows 10 + - ParrotOS, Gentoo, Pentoo + - WSL, WSL2 (Windows subsystem linux) on Windows 10 - Docker container If you intend to contribute to the code, please read the [coding style notes](HACKING.md) first. - Internal notes on [Coverity Scan Config & Run](/doc/md/Development/Coverity-Scan-Config-%26-Run.md). -- Internal notes on UART -- Internal notes on Frame format -- Internal notes on standalone mode - +- Internal notes on [UART](/doc/uart_notes.md) +- Internal notes on [Frame format](/doc/new_frame_format.md) +- Internal notes on [external flash](/doc/ext_flash_notes.md) +- Internal notes on [standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode) +- Internal notes on [Termux / Android](/doc/termux_notes.md) +## Cheat sheet +Thanks to Alex Dibs, you can enjoy a [command cheat sheet](/doc/cheatsheet.md) ## Why didn't you base it on official Proxmark3 Master? diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index f58d5377c..7badc7c86 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -322,31 +322,31 @@ static void fuse_config(const picopass_hdr *hdr) { uint8_t fuses = hdr->conf.fuses; if (isset(fuses, FUSE_FPERS)) - PrintAndLogEx(SUCCESS, "\tMode: Personalization [Programmable]"); + PrintAndLogEx(SUCCESS, " Mode: Personalization [Programmable]"); else - PrintAndLogEx(NORMAL, "\tMode: Application [Locked]"); + PrintAndLogEx(NORMAL, " Mode: Application [Locked]"); if (isset(fuses, FUSE_CODING1)) { - PrintAndLogEx(NORMAL, "\tCoding: RFU"); + PrintAndLogEx(NORMAL, " Coding: RFU"); } else { if (isset(fuses, FUSE_CODING0)) - PrintAndLogEx(NORMAL, "\tCoding: ISO 14443-2 B/ISO 15693"); + PrintAndLogEx(NORMAL, " Coding: ISO 14443-2 B/ISO 15693"); else - PrintAndLogEx(NORMAL, "\tCoding: ISO 14443B only"); + PrintAndLogEx(NORMAL, " Coding: ISO 14443B only"); } // 1 1 - if (isset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, "\tCrypt: Secured page, keys not locked"); + if (isset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, " Crypt: Secured page, keys not locked"); // 1 0 - if (isset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, "\tCrypt: Secured page, keys locked"); + if (isset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, " Crypt: Secured page, keys locked"); // 0 1 - if (notset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, "\tCrypt: Non secured page"); + if (notset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, " Crypt: Non secured page"); // 0 0 - if (notset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, "\tCrypt: No auth possible. Read only if RA is enabled"); + if (notset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, " Crypt: No auth possible. Read only if RA is enabled"); if (isset(fuses, FUSE_RA)) - PrintAndLogEx(NORMAL, "\tRA: Read access enabled"); + PrintAndLogEx(NORMAL, " RA: Read access enabled"); else - PrintAndLogEx(WARNING, "\tRA: Read access not enabled"); + PrintAndLogEx(WARNING, " RA: Read access not enabled"); } static void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb) { @@ -396,26 +396,26 @@ static void mem_app_config(const picopass_hdr *hdr) { if (kb == 2 && (applimit > 0x1f)) applimit = 26; PrintAndLogEx(NORMAL, " Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem); - PrintAndLogEx(NORMAL, "\tAA1: blocks 06-%02X", applimit); - PrintAndLogEx(NORMAL, "\tAA2: blocks %02X-%02X", applimit + 1, max_blk); - PrintAndLogEx(NORMAL, "\tOTP: 0x%02X%02X", hdr->conf.otp[1], hdr->conf.otp[0]); - PrintAndLogEx(NORMAL, "\nKeyAccess:"); + PrintAndLogEx(NORMAL, " AA1: blocks 06-%02X", applimit); + PrintAndLogEx(NORMAL, " AA2: blocks %02X-%02X", applimit + 1, max_blk); + PrintAndLogEx(NORMAL, " OTP: 0x%02X%02X", hdr->conf.otp[1], hdr->conf.otp[0]); + PrintAndLogEx(NORMAL, " KeyAccess:"); uint8_t book = isset(mem, 0x20); if (book) { - PrintAndLogEx(NORMAL, "\tRead A - Kd"); - PrintAndLogEx(NORMAL, "\tRead B - Kc"); - PrintAndLogEx(NORMAL, "\tWrite A - Kd"); - PrintAndLogEx(NORMAL, "\tWrite B - Kc"); - PrintAndLogEx(NORMAL, "\tDebit - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tCredit - Kc"); + PrintAndLogEx(NORMAL, " Read A - Kd"); + PrintAndLogEx(NORMAL, " Read B - Kc"); + PrintAndLogEx(NORMAL, " Write A - Kd"); + PrintAndLogEx(NORMAL, " Write B - Kc"); + PrintAndLogEx(NORMAL, " Debit - Kd or Kc"); + PrintAndLogEx(NORMAL, " Credit - Kc"); } else { - PrintAndLogEx(NORMAL, "\tRead A - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tRead B - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tWrite A - Kc"); - PrintAndLogEx(NORMAL, "\tWrite B - Kc"); - PrintAndLogEx(NORMAL, "\tDebit - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tCredit - Kc"); + PrintAndLogEx(NORMAL, " Read A - Kd or Kc"); + PrintAndLogEx(NORMAL, " Read B - Kd or Kc"); + PrintAndLogEx(NORMAL, " Write A - Kc"); + PrintAndLogEx(NORMAL, " Write B - Kc"); + PrintAndLogEx(NORMAL, " Debit - Kd or Kc"); + PrintAndLogEx(NORMAL, " Credit - Kc"); } } static void print_picopass_info(const picopass_hdr *hdr) { @@ -453,14 +453,14 @@ static int CmdHFiClassSim(const char *Cmd) { if (simType == 0) { if (param_gethex(Cmd, 1, CSN, 16)) { - PrintAndLogEx(WARNING, "A CSN should consist of 16 HEX symbols"); + PrintAndLogEx(ERR, "A CSN should consist of 16 HEX symbols"); return usage_hf_iclass_sim(); } - PrintAndLogEx(NORMAL, "--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8)); + PrintAndLogEx(NORMAL, " simtype: %02x csn: %s", simType, sprint_hex(CSN, 8)); } if (simType > 4) { - PrintAndLogEx(WARNING, "Undefined simptype %d", simType); + PrintAndLogEx(ERR, "Undefined simptype %d", simType); return usage_hf_iclass_sim(); } @@ -1903,7 +1903,7 @@ static int CmdHFiClassManageKeys(const char *Cmd) { case 'f': fileNameLen = param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)); if (fileNameLen < 1) { - PrintAndLogEx(WARNING, "No filename found after f"); + PrintAndLogEx(ERR, "No filename found"); errors = true; } cmdp += 2; @@ -1911,7 +1911,7 @@ static int CmdHFiClassManageKeys(const char *Cmd) { case 'n': keyNbr = param_get8(Cmd, cmdp + 1); if (keyNbr >= ICLASS_KEYS_MAX) { - PrintAndLogEx(WARNING, "Invalid block number"); + PrintAndLogEx(ERR, "Invalid block number, MAX is "_YELLOW_("%d"), ICLASS_KEYS_MAX); errors = true; } cmdp += 2; diff --git a/client/reveng/config.h b/client/reveng/config.h index ab7eb9aaa..94d3c4da5 100644 --- a/client/reveng/config.h +++ b/client/reveng/config.h @@ -77,14 +77,16 @@ */ -#if UINTPTR_MAX == UINT64_MAX -// 64-bit +#include +#include +#if ULONG_MAX == UINT64_MAX +// most 64-bit platforms #define PRESETS 1 #define BMP_BIT 64 #define BMP_SUB 32 -#elif UINTPTR_MAX == UINT32_MAX -// 32-bit +#elif ULONG_MAX == UINT32_MAX +// 32-bit platforms and Mingw64 #define PRESETS 1 #define BMP_BIT 32 #define BMP_SUB 16 diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index ecef56d9d..f143438c4 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -1,17 +1,18 @@ -# Cheatsheet +# Command Cheat Sheet + -- [Generic](#Generic) -- [iClass](#iClass) -- [Mifare](#Mifare) -- [HID Prox](#HID-Prox) -- [Indala](#Indala) -- [Hitag](#Hitag) -- [T55XX](#T55XX) -- [Data](#Data) -- [Lua Scripts](#Lua-Scripts) +|Generic|Low Frequence 125 kHz|High Frequence 13.56 MHz| +|---|---|---| +|[Generic](#Generic)|[T55XX](#T55XX)|[Mifare](#Mifare)| +|[Data](#Data)|[HID Prox](#HID-Prox)|[iClass](#iClass)| +|[Memory](#Memory)|[Indala](#Indala)|| +|[Sim Module](#Sim-Module)|[Hitag](#Hitag)|| +|[Lua Scripts](#Lua-Scripts)||| +|[Smart Card](#Smart-Card)||| ## Generic +^[Top](#top) Identify High Frequency cards ``` @@ -33,7 +34,13 @@ Check versioning pm3 --> hw version ``` +Check overall status +``` +pm3 --> hw status +``` + ## iClass +^[Top](#top) Reverse permute iClass master key ``` @@ -163,26 +170,37 @@ pm3 --> hf iclass lookup u 010a0ffff7ff12e0 p feffffffffffffff m 66348979153c41b ``` ## Mifare +^[Top](#top) Check for default keys ``` Options --- <*card memory> [t|d|s|ss] -* - all sectors -card memory - 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K -d - write keys to binary file +* : all sectors +card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K +d : write keys to binary file pm3 --> hf mf chk *1 ? d default_keys.dic ``` +Check for default keys from local memory +``` +Options +--- +card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K +m : use dictionary from flashmemory + +pm3 --> hf mf fchk 1 m +``` + Dump Mifare card contents ``` Options --- -: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K -k : key filename, if no given, UID will be used as filename" -f : data filename, if no given, UID will be used as filename + : 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K +k : key filename, if no given, UID will be used as filename" +f : data filename, if no given, UID will be used as filename pm3 --> hf mf dump 1 pm3 --> hf mf dump 1 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-data.bin @@ -192,7 +210,7 @@ Convert .bin to .eml ``` Options --- -i ????????????? +i : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used pm3 --> script run dumptoemul -i dumpdata.bin ``` @@ -251,6 +269,7 @@ pm3 --> hf mf restore 1 u 4A6CE843 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-dat ``` ## HID Prox +^[Top](#top) Read HID Prox card ``` @@ -289,17 +308,18 @@ Brute force HID reader ``` Options --- -a : 26|33|34|35|37|40|44|84"); -f : 8-bit value HID facility code"); -c : (optional) cardnumber to start with, max 65535"); -d : delay betweens attempts in ms. Default 1000ms"); -v : verbose logging, show all tries"); +a : 26|33|34|35|37|40|44|84 +f : 8-bit value HID facility code +c : (optional) cardnumber to start with, max 65535 +d : delay betweens attempts in ms. Default 1000ms +v : verbose logging, show all tries pm3 --> lf hid brute a 26 f 224 pm3 --> lf hid brute v a 26 f 21 c 200 d 2000 ``` ## Indala +^[Top](#top) Read Indala card ``` @@ -330,6 +350,7 @@ pm3 --> lf indala clone a0000000c2c436c1 ``` ## Hitag +^[Top](#top) Read Hitag information ``` @@ -345,7 +366,7 @@ HitagS: 02 : Read all pages, crypto mode. Set key=0 for no auth Hitag2: -21 : Read all pages, password mode. Default: 4D494B52 (\"MIKR\") +21 : Read all pages, password mode. Default: 4D494B52 ("MIKR") 22 : Read all pages, challenge mode 23 : Read all pages, crypto mode. Key format: ISK high + ISK low. Default: 4F4E4D494B52 ("ONMIKR") 25 : Test recorded authentications @@ -388,17 +409,18 @@ pm3 --> lf hitag sim c378181c_a8f7.ht2 ``` ## T55XX +^[Top](#top) Detect T55XX card ``` pm3 --> lf t55xx detect ``` -Configure demodulation +Configure modulation ``` Options --- - : Set demodulation + : Set modulation EM is ASK HID Prox is FSK Indala is PSK @@ -406,6 +428,16 @@ Indala is PSK pm3 --> lf t55xx config FSK ``` +Set timings to default +``` +Options +--- +p : persist to flashmemory +z : Set default t55x7 timings (use p to save if required) + +pm3 --> lf t55xx deviceconfig z p +``` + Write to T55xx block ``` b : block number to write. Between 0-7 @@ -416,32 +448,34 @@ pm3 --> lf t55xx wr b 0 d 00081040 Wipe a T55xx tag and set defaults ``` -lf t55xx wipe +pm3 --> lf t55xx wipe ``` ## Data +^[Top](#top) Get raw samples [512-40000] ``` -data samples +pm3 --> data samples ``` Save samples to file ``` -data save +pm3 --> data save ``` Load samples from file ``` -data load +pm3 --> data load ``` ## Lua Scripts +^[Top](#top) List Lua Scripts ``` -script list +pm3 --> script list ``` Convert .bin to .eml @@ -450,7 +484,7 @@ Options --- i : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used -script run dumptoemul -i xxxxxxxxxxxxxx.bin +pm3 --> script run dumptoemul -i xxxxxxxxxxxxxx.bin ``` Format Mifare card @@ -462,5 +496,80 @@ n : the new key that will be written to the card a : the new access bytes that will be written to the card x : execute the commands aswell. -script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x +pm3 --> script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x +``` + +## Memory +^[Top](#top) + +Load default keys into memory +``` +Options +--- +o : offset in memory +f : file name +m : upload 6 bytes keys (mifare key dictionary) +i : upload 8 bytes keys (iClass key dictionary) +t : upload 4 bytes keys (pwd dictionary) + +pm3 --> mem load f default_keys m +pm3 --> mem load f default_pwd t +pm3 --> mem load f default_iclass_keys i +``` + +## Sim Module +^[Top](#top) + +Upgrade Sim Module firmware +``` +pm3 --> sc upgrade f ../tools/simmodule/SIM011.BIN +``` + +## Smart Card +^[Top](#top) + +Get Smart Card Information +``` +pm3 --> sc info +``` + +Act like an IS07816 reader +``` +pm3 --> sc reader +``` + +Set clock speed +``` +Options +--- +c : clockspeed (0 = 16MHz, 1=8MHz, 2=4MHz) + +pm3 --> sc setclock c 2 +``` + +Send raw hex data +``` +Options +--- +r : do not read response +a : active smartcard without select (reset sc module) +s : active smartcard with select (get ATR) +t : executes TLV decoder if it possible +0 : use protocol T=0 +d : bytes to send + +pm3 --> sc raw s 0 d 00a404000e315041592e5359532e4444463031 : 1PAY.SYS.DDF01 PPSE directory with get ATR +pm3 --> sc raw 0 d 00a404000e325041592e5359532e4444463031 : 2PAY.SYS.DDF01 PPSE directory +pm3 --> sc raw 0 t d 00a4040007a0000000041010 : Mastercard +pm3 --> sc raw 0 t d 00a4040007a0000000031010 : Visa +```` + +Bruteforce SPI +``` +Options +--- +t : executes TLV decoder if it possible + +pm3 --> sc brute +pm3 --> sc brute t ```