mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-09-20 15:26:13 +08:00
Merge branch 'RfidResearchGroup:master' into pm3generic-flash
This commit is contained in:
commit
63e54e94a8
|
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
|
|||
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
|
||||
|
||||
## [unreleased][unreleased]
|
||||
- Added new magic gen4 cards command in docs (@McEloff)
|
||||
- Added `hf tesla info` - intital information command to read TESLA cards (@iceman1001)
|
||||
- Changed `hf emrtd info` - looking for lower case .bin extensions (@iceman1001)
|
||||
- Changed `hf emrtd dump` - looking for lower case .bin extensions (@iceman1001)
|
||||
|
|
|
@ -57,19 +57,19 @@ void RunMod(void) {
|
|||
WDT_HIT();
|
||||
// exit from SamyRun, send a usbcommand.
|
||||
if (data_available()) { // early exit
|
||||
DbpString("[=] You can take the shell back :) ...");
|
||||
DbpString("[=] You can take the shell back :) ...");
|
||||
LEDsoff();
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
LED_C_ON();
|
||||
WAIT_BUTTON_RELEASED(); // We are now ready to start brutforcing card numbers
|
||||
LEDsoff();
|
||||
|
||||
Dbprintf("[=] Starting HID ProxII Bruteforce from card %08x to %08x",
|
||||
CARDNUM_START, MIN(CARDNUM_END, 0xFFFF));
|
||||
|
||||
|
||||
for (cardnum = CARDNUM_START ; cardnum <= MIN(CARDNUM_END, 0xFFFF) ; cardnum++) {
|
||||
WDT_HIT();
|
||||
|
||||
|
@ -92,14 +92,14 @@ void RunMod(void) {
|
|||
|
||||
// switch leds to be able to know (aproximatly) which card number worked (64 tries loop)
|
||||
LED_A_INV(); // switch led A every try
|
||||
if ((cardnum-CARDNUM_START) % 8 == 7) // switch led B every 8 tries
|
||||
if ((cardnum - CARDNUM_START) % 8 == 7) // switch led B every 8 tries
|
||||
LED_B_INV();
|
||||
if ((cardnum-CARDNUM_START) % 16 == 15) // switch led C every 16 tries
|
||||
if ((cardnum - CARDNUM_START) % 16 == 15) // switch led C every 16 tries
|
||||
LED_C_INV();
|
||||
if ((cardnum-CARDNUM_START) % 32 == 31) // switch led D every 32 tries
|
||||
if ((cardnum - CARDNUM_START) % 32 == 31) // switch led D every 32 tries
|
||||
LED_D_INV();
|
||||
}
|
||||
|
||||
|
||||
SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5); // Xmax tree
|
||||
Dbprintf("[=] Ending HID ProxII Bruteforce from card %08x to %08x",
|
||||
CARDNUM_START, cardnum - 1);
|
||||
|
|
|
@ -1229,6 +1229,17 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r
|
|||
|
||||
AddCrc14A(rPPS, sizeof(rPPS) - 2);
|
||||
|
||||
if (tagType == 7) {
|
||||
uint8_t pwd[4];
|
||||
uint8_t gen_pwd[4];
|
||||
uint16_t start = (*pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH;
|
||||
emlGetMemBt(pwd, start, sizeof(pwd));
|
||||
Uint4byteToMemBe(gen_pwd, ul_ev1_pwdgenB(data));
|
||||
if (memcmp(pwd, gen_pwd, sizeof(pwd)) == 0) {
|
||||
rPACK[0] = 0x80;
|
||||
rPACK[1] = 0x80;
|
||||
}
|
||||
}
|
||||
AddCrc14A(rPACK, sizeof(rPACK) - 2);
|
||||
|
||||
static tag_response_info_t responses_init[] = {
|
||||
|
|
|
@ -139,14 +139,10 @@ local function main(args)
|
|||
-- force lock bytes, otherwise the Amiibo won't be recognized
|
||||
blocks[16] = blocks[16]:sub(1, 4)..'0FE0'
|
||||
|
||||
-- add PWD and PACK if necessary
|
||||
-- add PWD and PACK
|
||||
local uid = blocks[14]:sub(1, 6)..blocks[15]:sub(1, 8)
|
||||
if blocks[147] == nil or blocks[147] == '00000000' then
|
||||
blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55))
|
||||
end
|
||||
if blocks[148] == nil or blocks[148] == '00000000' then
|
||||
blocks[148] = "80800000"
|
||||
end
|
||||
blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55))
|
||||
blocks[148] = "80800000"
|
||||
|
||||
err = LoadEmulator(uid, blocks)
|
||||
if err then return oops(err) end
|
||||
|
|
|
@ -1230,7 +1230,7 @@ int FSKrawDemod(uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow, bo
|
|||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(SUCCESS, _YELLOW_("%s") " decoded bitstream", GetFSKType(fchigh, fclow, invert));
|
||||
PrintAndLogEx(INFO, "-----------------------");
|
||||
printDemodBuff(0, false, invert, false);
|
||||
printDemodBuff(0, false, false, false);
|
||||
}
|
||||
goto out;
|
||||
} else {
|
||||
|
|
|
@ -652,14 +652,13 @@ static int CmdHF15Samples(const char *Cmd) {
|
|||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
static int NxpTestEAS(uint8_t *uid)
|
||||
{
|
||||
uint8_t fast = 1;
|
||||
static int NxpTestEAS(uint8_t *uid) {
|
||||
uint8_t fast = 1;
|
||||
uint8_t reply = 1;
|
||||
PacketResponseNG resp;
|
||||
uint16_t reqlen = 0;
|
||||
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
|
||||
|
||||
|
||||
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
|
||||
req[reqlen++] = ISO15693_EAS_ALARM;
|
||||
req[reqlen++] = 0x04; // IC manufacturer code
|
||||
|
@ -681,7 +680,7 @@ static int NxpTestEAS(uint8_t *uid)
|
|||
if (resp.length < 2) {
|
||||
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active");
|
||||
} else {
|
||||
uint8_t * recv = resp.data.asBytes;
|
||||
uint8_t *recv = resp.data.asBytes;
|
||||
|
||||
if (!(recv[0] & ISO15_RES_ERROR)) {
|
||||
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active.");
|
||||
|
@ -689,56 +688,56 @@ static int NxpTestEAS(uint8_t *uid)
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
static int NxpCheckSig(uint8_t *uid) {
|
||||
uint8_t fast = 1;
|
||||
uint8_t fast = 1;
|
||||
uint8_t reply = 1;
|
||||
PacketResponseNG resp;
|
||||
uint16_t reqlen = 0;
|
||||
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
|
||||
|
||||
// Check if we can also read the signature
|
||||
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
|
||||
req[reqlen++] = ISO15693_READ_SIGNATURE;
|
||||
req[reqlen++] = 0x04; // IC manufacturer code
|
||||
memcpy(req + 3, uid, 8); // add UID
|
||||
reqlen += 8;
|
||||
|
||||
AddCrc15(req, reqlen);
|
||||
reqlen += 2;
|
||||
// Check if we can also read the signature
|
||||
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
|
||||
req[reqlen++] = ISO15693_READ_SIGNATURE;
|
||||
req[reqlen++] = 0x04; // IC manufacturer code
|
||||
memcpy(req + 3, uid, 8); // add UID
|
||||
reqlen += 8;
|
||||
|
||||
clearCommandBuffer();
|
||||
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
|
||||
AddCrc15(req, reqlen);
|
||||
reqlen += 2;
|
||||
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "iso15693 timeout");
|
||||
DropField();
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
clearCommandBuffer();
|
||||
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
|
||||
|
||||
DropField();
|
||||
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
|
||||
PrintAndLogEx(WARNING, "iso15693 timeout");
|
||||
DropField();
|
||||
return PM3_ETIMEOUT;
|
||||
}
|
||||
|
||||
if (resp.length < 2) {
|
||||
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
DropField();
|
||||
|
||||
uint8_t *recv = resp.data.asBytes;
|
||||
if (resp.length < 2) {
|
||||
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
|
||||
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
uint8_t *recv = resp.data.asBytes;
|
||||
|
||||
uint8_t signature[32] = {0x00};
|
||||
memcpy(signature, recv + 1, 32);
|
||||
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
|
||||
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
|
||||
return PM3_EWRONGANSWER;
|
||||
}
|
||||
|
||||
nxp_15693_print_signature(uid, signature);
|
||||
|
||||
return PM3_SUCCESS;
|
||||
uint8_t signature[32] = {0x00};
|
||||
memcpy(signature, recv + 1, 32);
|
||||
|
||||
nxp_15693_print_signature(uid, signature);
|
||||
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
// Get NXP system information from SLIX2 tag/VICC
|
||||
|
@ -822,11 +821,11 @@ static int NxpSysInfo(uint8_t *uid) {
|
|||
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not"));
|
||||
|
||||
if (support_easmode) {
|
||||
NxpTestEAS(uid);
|
||||
NxpTestEAS(uid);
|
||||
}
|
||||
|
||||
if (support_signature) {
|
||||
NxpCheckSig(uid);
|
||||
NxpCheckSig(uid);
|
||||
}
|
||||
|
||||
return PM3_SUCCESS;
|
||||
|
@ -968,16 +967,12 @@ static int CmdHF15Info(const char *Cmd) {
|
|||
if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) {
|
||||
PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info");
|
||||
return NxpSysInfo(uid);
|
||||
}
|
||||
else if(data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) //If it is an NTAG 5
|
||||
{
|
||||
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
|
||||
} else if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) { //If it is an NTAG 5
|
||||
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
|
||||
return NxpSysInfo(uid);
|
||||
}
|
||||
else if(data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
|
||||
{
|
||||
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
|
||||
return NxpTestEAS(uid);
|
||||
} else if (data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) { //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
|
||||
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
|
||||
return NxpTestEAS(uid);
|
||||
}
|
||||
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
|
|
|
@ -318,7 +318,7 @@ int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool i
|
|||
snprintf(exp, size, "AUTH-B(%d)", cmd[1]);
|
||||
break;
|
||||
}
|
||||
case MIFARE_MAGIC_GDM_AUTH_KEYA:{
|
||||
case MIFARE_MAGIC_GDM_AUTH_KEYA: {
|
||||
if (cmdsize > 3) {
|
||||
snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]);
|
||||
MifareAuthState = masNt;
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
#include "commonutil.h" // get_sw
|
||||
#include "protocols.h" // ISO7816 APDU return co-des
|
||||
#include "ui.h"
|
||||
#include "cmdhf14a.h" // apdu chaining
|
||||
#include "cmdhf14a.h" // apdu chaining
|
||||
|
||||
#define TIMEOUT 2000
|
||||
|
||||
|
@ -160,10 +160,10 @@ static int info_hf_tesla(void) {
|
|||
sw = get_sw(response, resplen);
|
||||
|
||||
if (sw == ISO7816_OK) {
|
||||
// save CETT for later
|
||||
// save CETT for later
|
||||
uint8_t cert[515] = {0};
|
||||
memcpy(cert, response, resplen - 2);
|
||||
|
||||
|
||||
PrintAndLogEx(INFO, "CERT # %i", i);
|
||||
PrintAndLogEx(INFO, "%s", sprint_hex_inrow(cert, resplen - 2));
|
||||
}
|
||||
|
@ -198,12 +198,12 @@ static int info_hf_tesla(void) {
|
|||
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
|
||||
PrintAndLogEx(NORMAL, "");
|
||||
PrintAndLogEx(INFO, "PUBLIC KEY");
|
||||
for (int i=0; i < 3; i++) {
|
||||
for (int i = 0; i < 3; i++) {
|
||||
PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65));
|
||||
}
|
||||
if (form_factor[1] == 1) {
|
||||
PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
|
||||
} else if (form_factor[1] == 2){
|
||||
} else if (form_factor[1] == 2) {
|
||||
PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
|
||||
}
|
||||
|
||||
|
@ -217,7 +217,7 @@ static int info_hf_tesla(void) {
|
|||
if ((memcmp(pk[0], pk[1], 65) == 0)) {
|
||||
PrintAndLogEx(INFO, " GaussKey detected");
|
||||
}
|
||||
//
|
||||
//
|
||||
return PM3_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -433,7 +433,7 @@ static int CmdScriptRun(const char *Cmd) {
|
|||
#else
|
||||
// The following line will implicitly pre-initialize Python
|
||||
PyConfig_SetBytesArgv(&py_conf, argc + 1, argv);
|
||||
|
||||
|
||||
// We disallowed in py_conf environment variables interfering with python interpreter's behavior.
|
||||
// Let's manually enable the ones we truly need.
|
||||
// This is required by Proxspace to work with an isolated Python configuration
|
||||
|
|
|
@ -438,6 +438,12 @@ const static vocabulory_t vocabulory[] = {
|
|||
{ 0, "hf st25ta protect" },
|
||||
{ 0, "hf st25ta pwd" },
|
||||
{ 0, "hf st25ta sim" },
|
||||
{ 1, "hf tesla help" },
|
||||
{ 0, "hf tesla info" },
|
||||
{ 1, "hf tesla list" },
|
||||
{ 1, "hf texkom help" },
|
||||
{ 0, "hf texkom reader" },
|
||||
{ 0, "hf texkom sim" },
|
||||
{ 1, "hf thinfilm help" },
|
||||
{ 0, "hf thinfilm info" },
|
||||
{ 1, "hf thinfilm list" },
|
||||
|
@ -453,9 +459,6 @@ const static vocabulory_t vocabulory[] = {
|
|||
{ 0, "hf topaz rdbl" },
|
||||
{ 1, "hf topaz view" },
|
||||
{ 0, "hf topaz wrbl" },
|
||||
{ 1, "hf texkom help" },
|
||||
{ 0, "hf texkom reader" },
|
||||
{ 0, "hf texkom sim" },
|
||||
{ 1, "hf xerox help" },
|
||||
{ 0, "hf xerox info" },
|
||||
{ 0, "hf xerox reader" },
|
||||
|
|
|
@ -266,7 +266,7 @@ void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) {
|
|||
uint8_t mod = len % breaks;
|
||||
|
||||
if (mod) {
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3];
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
|
||||
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true);
|
||||
|
||||
// add the spaces...
|
||||
|
@ -291,7 +291,7 @@ void print_hex_noascii_break(const uint8_t *data, const size_t len, uint8_t brea
|
|||
uint8_t mod = len % breaks;
|
||||
|
||||
if (mod) {
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3];
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
|
||||
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 0, true);
|
||||
|
||||
// add the spaces...
|
||||
|
@ -307,7 +307,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui
|
|||
if ((data == NULL) || (len < 1))
|
||||
return;
|
||||
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3];
|
||||
char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
|
||||
int i;
|
||||
for (i = 0; i < len; i += breaks) {
|
||||
|
||||
|
@ -614,7 +614,7 @@ void bytes_to_bytebits(const void *src, const size_t srclen, void *dest) {
|
|||
// hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii
|
||||
// up to 64 bytes or 512 bits
|
||||
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize) {
|
||||
static uint8_t buf[64];
|
||||
static uint8_t buf[64] = {0};
|
||||
memset(buf, 0x00, 64);
|
||||
uint8_t *tmp = buf;
|
||||
for (uint8_t block = 0; block < (uint8_t)(len / blockSize); block++) {
|
||||
|
|
|
@ -1101,14 +1101,16 @@
|
|||
"command": "hf 14a chaining",
|
||||
"description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.",
|
||||
"notes": [
|
||||
"hf 14a chaining disable -> disable chaining",
|
||||
"hf 14a chaining --off -> disable chaining",
|
||||
"hf 14a chaining -> show chaining enable/disable state"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help This help"
|
||||
"-h, --help This help",
|
||||
"-1, --on enabled chaining",
|
||||
"-0, --off disable chaining"
|
||||
],
|
||||
"usage": "hf 14a chaining [-h] [<enable/disable or 0/1>]"
|
||||
"usage": "hf 14a chaining [-h10]"
|
||||
},
|
||||
"hf 14a config": {
|
||||
"command": "hf 14a config",
|
||||
|
@ -2881,7 +2883,7 @@
|
|||
},
|
||||
"hf help": {
|
||||
"command": "hf help",
|
||||
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } texkom { Texkom RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
|
||||
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } tesla { TESLA Cards... } texkom { Texkom RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
|
||||
"notes": [],
|
||||
"offline": true,
|
||||
"options": [],
|
||||
|
@ -6684,6 +6686,47 @@
|
|||
],
|
||||
"usage": "hf st25ta sim [-h] -u <hex>"
|
||||
},
|
||||
"hf tesla help": {
|
||||
"command": "hf tesla help",
|
||||
"description": "help This help list List ISO 14443A/7816 history",
|
||||
"notes": [],
|
||||
"offline": true,
|
||||
"options": [],
|
||||
"usage": ""
|
||||
},
|
||||
"hf tesla info": {
|
||||
"command": "hf tesla info",
|
||||
"description": "Get info about TESLA Key tag",
|
||||
"notes": [
|
||||
"hf tesla info"
|
||||
],
|
||||
"offline": false,
|
||||
"options": [
|
||||
"-h, --help This help"
|
||||
],
|
||||
"usage": "hf telsa info [-h]"
|
||||
},
|
||||
"hf tesla list": {
|
||||
"command": "hf tesla list",
|
||||
"description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol",
|
||||
"notes": [
|
||||
"hf tesla list --frame -> show frame delay times",
|
||||
"hf tesla list -1 -> use trace buffer"
|
||||
],
|
||||
"offline": true,
|
||||
"options": [
|
||||
"-h, --help This help",
|
||||
"-1, --buffer use data from trace buffer",
|
||||
"--frame show frame delay times",
|
||||
"-c mark CRC bytes",
|
||||
"-r show relative times (gap and duration)",
|
||||
"-u display times in microseconds instead of clock cycles",
|
||||
"-x show hexdump to convert to pcap(ng)",
|
||||
"or to import into Wireshark using encapsulation type \"ISO 14443\"",
|
||||
"-f, --file <fn> filename of dictionary"
|
||||
],
|
||||
"usage": "hf tesla list [-h1crux] [--frame] [-f <fn>]"
|
||||
},
|
||||
"hf texkom help": {
|
||||
"command": "hf texkom help",
|
||||
"description": "help This help",
|
||||
|
@ -11760,8 +11803,8 @@
|
|||
}
|
||||
},
|
||||
"metadata": {
|
||||
"commands_extracted": 739,
|
||||
"commands_extracted": 742,
|
||||
"extracted_by": "PM3Help2JSON v1.00",
|
||||
"extracted_on": "2023-01-15T01:24:39"
|
||||
"extracted_on": "2023-01-27T01:57:37"
|
||||
}
|
||||
}
|
|
@ -651,6 +651,28 @@ Check column "offline" for their availability.
|
|||
|`hf st25ta sim `|N |`Fake ISO 14443A/ST tag`
|
||||
|
||||
|
||||
### hf tesla
|
||||
|
||||
{ TESLA Cards... }
|
||||
|
||||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf tesla help `|Y |`This help`
|
||||
|`hf tesla info `|N |`Tag information`
|
||||
|`hf tesla list `|Y |`List ISO 14443A/7816 history`
|
||||
|
||||
|
||||
### hf texkom
|
||||
|
||||
{ Texkom RFIDs... }
|
||||
|
||||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf texkom help `|Y |`This help`
|
||||
|`hf texkom reader `|N |`Act like a Texkom reader`
|
||||
|`hf texkom sim `|N |`Simulate a Texkom tag`
|
||||
|
||||
|
||||
### hf thinfilm
|
||||
|
||||
{ Thinfilm RFIDs... }
|
||||
|
@ -682,17 +704,6 @@ Check column "offline" for their availability.
|
|||
|`hf topaz wrbl `|N |`Write block`
|
||||
|
||||
|
||||
### hf texkom
|
||||
|
||||
{ Texkom RFIDs... }
|
||||
|
||||
|command |offline |description
|
||||
|------- |------- |-----------
|
||||
|`hf texkom help `|Y |`This help`
|
||||
|`hf texkom reader `|N |`Act like a Texkom reader`
|
||||
|`hf texkom sim `|N |`Simulate a Texkom tag`
|
||||
|
||||
|
||||
### hf xerox
|
||||
|
||||
{ Fuji/Xerox cartridge RFIDs... }
|
||||
|
|
|
@ -1086,10 +1086,12 @@ CF <passwd> 35 <2b ATQA><1b SAK> // Configure ATQA/SAK (swap ATQ
|
|||
CF <passwd> 68 <00-02> // Configure UID length
|
||||
CF <passwd> 69 <00-01> // (De)Activate Ultralight mode
|
||||
CF <passwd> 6A <00-03> // Select Ultralight mode
|
||||
CF <passwd> 6B <1b> // Set Ultralight and M1 maximum read/write sectors
|
||||
CF <passwd> C6 // Dump configuration
|
||||
CF <passwd> CC // Factory test, returns 6666
|
||||
CF <passwd> CD <1b block number><16b block data> // Backdoor write 16b block
|
||||
CF <passwd> CE <1b block number> // Backdoor read 16b block
|
||||
CF <passwd> CF <1b param> // Unknown
|
||||
CF <passwd> F0 <30b configuration data> // Configure all params in one cmd
|
||||
CF <passwd> F1 <30b configuration data> // Configure all params in one cmd and fuse the configuration permanently
|
||||
CF <passwd> FE <4b new_password> // change password
|
||||
|
@ -1304,6 +1306,19 @@ script run hf_mf_ultimatecard -m 02
|
|||
```
|
||||
|
||||
Now the card supports the 3DES UL-C authentication.
|
||||
### Set Ultralight and M1 maximum read/write sectors
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
```
|
||||
hf 14a raw -s -c -t 1000 CF<passwd>6B<1b blocks>
|
||||
```
|
||||
Hexadecimal, maximum sector data, default 0xFF, range 0x00-0xFF
|
||||
|
||||
Example: set maximum 63 blocks read/write for Mifare Classic 1K
|
||||
|
||||
```
|
||||
hf 14a raw -s -c -t 1000 CF000000006B3F
|
||||
```
|
||||
### Set shadow mode (GTU)
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
|
@ -1365,6 +1380,20 @@ Example: write block0 with factory data, default pwd
|
|||
hf 14a raw -s -c -t 1000 CF00000000CD00112233441C000011778185BA18000000
|
||||
```
|
||||
|
||||
### Unknown command
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
This command modifies one byte in configuration dump, but purpose one is unknown.
|
||||
|
||||
```
|
||||
hf 14a raw -s -c -t 1000 CF<passwd>CF<1b param>
|
||||
```
|
||||
* `<param>`
|
||||
* `??`: ???
|
||||
|
||||
Example:
|
||||
hf 14a raw -s -c -t 1000 CF00000000CF02
|
||||
|
||||
### Change backdoor password
|
||||
^[Top](#top) ^^[Gen4](#g4top)
|
||||
|
||||
|
@ -1391,8 +1420,10 @@ hf 14a raw -s -c -t 1000 CF<passwd>C6
|
|||
```
|
||||
Default configuration:
|
||||
```
|
||||
00000000000002000978009102DABC191010111213141516040008004F6B
|
||||
^^^^ ??
|
||||
00000000000002000978009102DABC191010111213141516040008006B024F6B
|
||||
^^^^ ??
|
||||
^^ cf cmd cf: ?? this byte set by cmd cf<pwd>cf<param>, factory value 0x02
|
||||
^^ cf cmd 6b: maximum read/write sectors, factory value 0x6b
|
||||
^^ cf cmd 6a: UL mode
|
||||
^^^^^^ cf cmd 35: ATQA/SAK
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cf cmd 34: ATS length & content
|
||||
|
|
|
@ -21,18 +21,45 @@
|
|||
|
||||
#define AEND "\x1b[0m"
|
||||
|
||||
#define _BLUE_(s) "\x1b[34m" s AEND
|
||||
#define _RED_(s) "\x1b[31m" s AEND
|
||||
#define _GREEN_(s) "\x1b[32m" s AEND
|
||||
#define _YELLOW_(s) "\x1b[33m" s AEND
|
||||
#define _MAGENTA_(s) "\x1b[35m" s AEND
|
||||
#define _CYAN_(s) "\x1b[36m" s AEND
|
||||
#define _WHITE_(s) "\x1b[37m" s AEND
|
||||
#define _BLACK_(s) "\x1b[30m" s AEND
|
||||
#define _RED_(s) "\x1b[31m" s AEND
|
||||
#define _GREEN_(s) "\x1b[32m" s AEND
|
||||
#define _YELLOW_(s) "\x1b[33m" s AEND
|
||||
#define _BLUE_(s) "\x1b[34m" s AEND
|
||||
#define _MAGENTA_(s) "\x1b[35m" s AEND
|
||||
#define _CYAN_(s) "\x1b[36m" s AEND
|
||||
#define _WHITE_(s) "\x1b[37m" s AEND
|
||||
|
||||
#define _BRIGHT_BLACK_(s) "\x1b[30;1m" s AEND
|
||||
#define _BRIGHT_RED_(s) "\x1b[31;1m" s AEND
|
||||
#define _BRIGHT_GREEN_(s) "\x1b[32;1m" s AEND
|
||||
#define _BRIGHT_YELLOW_(s) "\x1b[33;1m" s AEND
|
||||
#define _BRIGHT_BLUE_(s) "\x1b[34;1m" s AEND
|
||||
#define _BRIGHT_MAGENTA_(s) "\x1b[35;1m" s AEND
|
||||
#define _BRIGHT_CYAN_(s) "\x1b[36;1m" s AEND
|
||||
#define _BRIGHT_WHITE_(s) "\x1b[37;1m" s AEND
|
||||
|
||||
#define _BACK_BLACK_(s) "\x1b[40m" s AEND
|
||||
#define _BACK_RED_(s) "\x1b[41m" s AEND
|
||||
#define _BACK_GREEN_(s) "\x1b[42m" s AEND
|
||||
#define _BACK_YELLOW_(s) "\x1b[43m" s AEND
|
||||
#define _BACK_BLUE_(s) "\x1b[44m" s AEND
|
||||
#define _BACK_MAGENTA_(s) "\x1b[45m" s AEND
|
||||
#define _BACK_CYAN_(s) "\x1b[46m" s AEND
|
||||
#define _BACK_WHITE_(s) "\x1b[47m" s AEND
|
||||
|
||||
#define _BACK_BRIGHT_BLACK_(s) "\x1b[40;1m" s AEND
|
||||
#define _BACK_BRIGHT_RED_(s) "\x1b[41;1m" s AEND
|
||||
#define _BACK_BRIGHT_GREEN_(s) "\x1b[42;1m" s AEND
|
||||
#define _BACK_BRIGHT_YELLOW_(s) "\x1b[43;1m" s AEND
|
||||
#define _BACK_BRIGHT_BLUE_(s) "\x1b[44;1m" s AEND
|
||||
#define _BACK_BRIGHT_MAGENTA_(s) "\x1b[45;1m" s AEND
|
||||
#define _BACK_BRIGHT_CYAN_(s) "\x1b[46;1m" s AEND
|
||||
#define _BACK_BRIGHT_WHITE_(s) "\x1b[47;1m" s AEND
|
||||
|
||||
#define _CLEAR_ "\x1b[2J"
|
||||
#define _TOP_ "\x1b[1;1f"
|
||||
|
||||
|
||||
#if defined(HAVE_READLINE)
|
||||
// https://wiki.hackzine.org/development/misc/readline-color-prompt.html
|
||||
// Applications may indicate that the prompt contains
|
||||
|
|
Loading…
Reference in a new issue