diff --git a/CHANGELOG.md b/CHANGELOG.md index d1ad27063..2d6cadbfe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Added `HF_TMUDFORD` standalone mode that reads and emulates ISO15693 UID (@tmudford) - Changed `hf mf wipe` - now supports enforcing sector 0 / block 0 writes (@iceman1001) - Added `data asn1` - a command to decode ASN1 byte arrays (@iceman1001) - Added `hf 15 disableprivacy` - from @g3gg0 fork *WIP* (@iceman1001) diff --git a/armsrc/Standalone/Makefile.hal b/armsrc/Standalone/Makefile.hal index b0e343b0b..b413b1ac6 100644 --- a/armsrc/Standalone/Makefile.hal +++ b/armsrc/Standalone/Makefile.hal @@ -68,13 +68,16 @@ define KNOWN_STANDALONE_DEFINITIONS | HF_TCPRST | IKEA Rothult read/sim/dump/emul | | | - Nick Draffen | +----------------------------------------------------------+ +| HF_TMUDFORD | Read and emulate 15 tags | +| | - Tim Mudford | ++----------------------------------------------------------+ | HF_YOUNG | Mifare sniff/simulation | | | - Craig Young | +----------------------------------------------------------+ endef STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE -STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MSDSAL HF_TCPRST HF_YOUNG +STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG STANDALONE_MODES_REQ_SMARTCARD := STANDALONE_MODES_REQ_FLASH := LF_ICEHID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),) diff --git a/armsrc/Standalone/Makefile.inc b/armsrc/Standalone/Makefile.inc index 2d77c7c03..c4590866f 100644 --- a/armsrc/Standalone/Makefile.inc +++ b/armsrc/Standalone/Makefile.inc @@ -81,3 +81,7 @@ endif ifneq (,$(findstring WITH_STANDALONE_HF_CRAFTBYTE,$(APP_CFLAGS))) SRC_STANDALONE = hf_craftbyte.c endif +# WITH_STANDALONE_HF_TMUDFORD +ifneq (,$(findstring WITH_STANDALONE_HF_TMUDFORD,$(APP_CFLAGS))) + SRC_STANDALONE = hf_tmudford.c +endif diff --git a/armsrc/Standalone/hf_tmudford.c b/armsrc/Standalone/hf_tmudford.c new file mode 100644 index 000000000..dca6b6957 --- /dev/null +++ b/armsrc/Standalone/hf_tmudford.c @@ -0,0 +1,83 @@ +//----------------------------------------------------------------------------- +// Copyright 2021 Tim Mudford +// +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// main code for hf_tmudford +//----------------------------------------------------------------------------- +// +// +// `hf_tmudford` Continuously scans for ISO15693 card UID and then emulates it. +// + +#include "standalone.h" +#include "proxmark3_arm.h" +#include "appmain.h" +#include "fpgaloader.h" +#include "util.h" +#include "dbprint.h" +#include "ticks.h" + +#include "iso15693.h" +#include "iso15.h" + +#define STATE_READ 0 +#define STATE_EMUL 1 + +void ModInfo(void) { + DbpString("HF TMUDFORD mode - Scans and emulates ISO15693 UID (Tim Mudford)"); +} + +void RunMod(void) { + StandAloneMode(); + Dbprintf(_YELLOW_("HF TMUDFORD mode started")); + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + + for (;;) { + WDT_HIT(); + if (data_available()) break; + + SpinDelay(500); + + // 0 = search, 1 = read, 2 = emul + int state = STATE_READ; + iso15_card_select_t card; + + DbpString("Scanning..."); + int button_pressed = BUTTON_NO_CLICK; + for (;;) { + // Was our button held down or pressed? + button_pressed = BUTTON_HELD(1000); + + if (button_pressed != BUTTON_NO_CLICK || data_available()) + break; + else if (state == STATE_READ) { + Iso15693InitReader(); + ReaderIso15693(0, &card); + + if (card.uidlen == 0) { + LED_D_OFF(); + SpinDelay(500); + continue; + } else { + Dbprintf("Found card with UID: "); + Dbhexdump(card.uidlen, card.uid, 0); + state = STATE_EMUL; + } + } else if (state == STATE_EMUL) { + Iso15693InitTag(); + Dbprintf("Starting simulation, press pm3-button to stop and go back to search state."); + SimTagIso15693(card.uid); + + state = STATE_READ; + } + } + if (button_pressed == BUTTON_HOLD) + break; + } + + Dbprintf("-=[ exit ]=-"); + LEDsoff(); +} diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 177735cc1..e53f4fd64 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1233,7 +1233,7 @@ static void PacketReceived(PacketCommandNG *packet) { break; } case CMD_HF_ISO15693_READER: { - ReaderIso15693(packet->oldarg[0]); + ReaderIso15693(packet->oldarg[0], NULL); break; } case CMD_HF_ISO15693_SIMULATE: { diff --git a/armsrc/iso15693.c b/armsrc/iso15693.c index e358b0b73..4d292d70c 100644 --- a/armsrc/iso15693.c +++ b/armsrc/iso15693.c @@ -1581,7 +1581,7 @@ static void DbdecodeIso15693Answer(int len, uint8_t *d) { //----------------------------------------------------------------------------- // ok // parameter is unused !?! -void ReaderIso15693(uint32_t parameter) { +void ReaderIso15693(uint32_t parameter, iso15_card_select_t *p_card) { LED_A_ON(); set_tracing(true); @@ -1617,6 +1617,11 @@ void ReaderIso15693(uint32_t parameter) { uid[6] = answer[3]; uid[7] = answer[2]; + if (p_card != NULL) { + memcpy(p_card->uid, uid, 8); + p_card->uidlen = 8; + } + if (DBGLEVEL >= DBG_EXTENDED) { Dbprintf("[+] UID = %02X%02X%02X%02X%02X%02X%02X%02X", uid[0], uid[1], uid[2], uid[3], @@ -1636,6 +1641,7 @@ void ReaderIso15693(uint32_t parameter) { Dbhexdump(recvlen, answer, true); } } else { + p_card->uidlen = 0; DbpString("Failed to select card"); reply_mix(CMD_ACK, 0, 0, 0, NULL, 0); } diff --git a/armsrc/iso15693.h b/armsrc/iso15693.h index 2050ba2f2..db25e2c60 100644 --- a/armsrc/iso15693.h +++ b/armsrc/iso15693.h @@ -13,6 +13,7 @@ #include "common.h" #include "pm3_cmd.h" // struct +#include "iso15.h" // Delays in SSP_CLK ticks. @@ -35,7 +36,7 @@ int GetIso15693AnswerFromTag(uint8_t *response, uint16_t max_len, uint16_t timeo //void RecordRawAdcSamplesIso15693(void); void AcquireRawAdcSamplesIso15693(void); -void ReaderIso15693(uint32_t parameter); // Simulate an ISO15693 reader - greg +void ReaderIso15693(uint32_t parameter, iso15_card_select_t *p_card); // Simulate an ISO15693 reader - greg void SimTagIso15693(uint8_t *uid); // simulate an ISO15693 tag - greg void BruteforceIso15693Afi(uint32_t speed); // find an AFI of a tag - atrox void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint8_t *data); // send arbitrary commands from CLI - atrox diff --git a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md index 211761b18..4ed8a22a4 100644 --- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md +++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md @@ -97,6 +97,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo | HF_MATTYRUN | Mifare sniff/clone - Matías A. Ré Medina | HF_MSDSAL (def)| EMV Read and emulation - Salvador Mendoza | HF_TCPRST | IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation - Nick Draffen +| HF_TMUDFORD | Read and emulate ISO15693 card UID - Tim Mudford | HF_YOUNG | Mifare sniff/simulation - Craig Young By default `STANDALONE=HF_MSDSAL`. diff --git a/include/iso15.h b/include/iso15.h index 674f28f9c..a84dc91cd 100644 --- a/include/iso15.h +++ b/include/iso15.h @@ -13,12 +13,12 @@ #include "common.h" typedef struct { - uint8_t uid[10]; + uint8_t uid[8]; uint8_t uidlen; uint8_t atqb[7]; uint8_t chipid; uint8_t cid; -} PACKED iso14b_card_select_t; +} PACKED iso15_card_select_t; typedef enum ISO15_COMMAND { ISO15_CONNECT = (1 << 0),