diff --git a/.travis.yml b/.travis.yml index f42dd8f1c..3c12e6d3c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,12 @@ language: c #default linux build env is: xenial compiler: gcc +# move some env variables to homebrew env +env: + global: + - HOMEBREW_TRAVIS_BRANCH=$TRAVIS_BRANCH + - HOMEBREW_TRAVIS_COMMIT=$TRAVIS_COMMIT + # Test on Linux and MacOS matrix: include: @@ -19,8 +25,16 @@ addons: - gcc-arm-none-eabi - libnewlib-dev homebrew: + packages: + - readline + - p7zip + - libusb-compat + - perl + - qt5 + - wget + - RfidResearchGroup/proxmark3/arm-none-eabi-gcc taps: RfidResearchGroup/proxmark3 - + install: if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew info proxmark3; diff --git a/CHANGELOG.md b/CHANGELOG.md index 90f193bd7..b5f7d8d76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,12 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fix reveng integration for all platforms else than WIN32 (@doegox) + - Add cheat sheet for easy operations of the Proxmark3 (scund00r) + - Chg commands are now in green in the helptext list (@iceman1001) + - Fix 'script run ndefdump' - better exit messages when failing (@iceman1001) + - Fix 'hf iclass dump' - now also saves in EML format (@iceman1001) + - Fix 'hf iclass sim 3' - now works on legacy readers and legacy SE readers (@iceman1001) - Rework hitag2 read/write help (@ViRb3) - Add 'lf nedap' - encoding / decoding (anon) - Add client option `-i` to stay in interactive mode after a script or command (@DidierStevens/@doegox) diff --git a/Makefile b/Makefile index 58c61281f..9be67311b 100644 --- a/Makefile +++ b/Makefile @@ -164,11 +164,16 @@ style: # Detecting weird codepages and tabs. checks: - find . \( -name "*.[ch]" -or -name "*.cpp" -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "Makefile" -or -name "*.v" \) \ + @echo "Files with suspicious chars:" + @find . \( -name "*.[ch]" -or -name "*.cpp" -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "Makefile" -or -name "*.v" \) \ -exec sh -c "cat {} |recode utf8.. >/dev/null || echo {}" \; - find . \( -name "*.[ch]" -or \( -name "*.cpp" -and -not -name "*.moc.cpp" \) -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "*.md" -or -name "*.txt" -or -name "*.awk" -or -name "*.v" \) \ - -exec grep -lP '\t' {} \; + @echo "Files with tabs:" # to remove tabs within lines, one can try with: vi $file -c ':set tabstop=4' -c ':set et|retab' -c ':wq' + @find . \( -name "*.[ch]" -or \( -name "*.cpp" -and -not -name "*.moc.cpp" \) -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "*.md" -or -name "*.txt" -or -name "*.awk" -or -name "*.v" \) \ + -exec grep -lP '\t' {} \; +# @echo "Files with printf \\\\t:" +# @find . \( -name "*.[ch]" -or \( -name "*.cpp" -and -not -name "*.moc.cpp" \) -or -name "*.lua" -or -name "*.py" -or -name "*.pl" -or -name "*.md" -or -name "*.txt" -or -name "*.awk" -or -name "*.v" \) \ +# -exec grep -lP '\\t' {} \; # Dummy target to test for GNU make availability _test: diff --git a/README.md b/README.md index 50813868e..81c676b8d 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,9 @@ -# Proxmark3 RDV4.0 Dedicated Github +# RRG / Iceman repo, dedicated to Proxmark3 RDV4.0 This repo is based on iceman fork for Proxmark3. It is dedicated to bringing the most out of the new features for Proxmark3 RDV4.0 new hardware and design. -Note that it also supports other Proxmark3 platforms as well! + +_Note that it also supports other Proxmark3 platforms as well!_ + | Releases | Linux & OSX CI | Windows CI | | ------------------- |:-------------------:| -------------------:| @@ -18,7 +20,7 @@ Note that it also supports other Proxmark3 platforms as well! |[Why didn't you base it on official PM3 Master?](#why-didnt-you-base-it-on-official-pm3-master)| [Homebrew (Mac OS X) & Upgrading HomeBrew Tap Formula](/doc/md/Installation_Instructions/Mac-OS-X-Homebrew-Installation-Instructions.md) | [First Use and Verification](/doc/md/Use_of_Proxmark/2_Configuration-and-Verification.md)| |[PM3 GUI](#pm3-gui)|[Setup and build for Windows](/doc/md/Installation_Instructions/Windows-Installation-Instructions.md)|[Commands & Features](/doc/md/Use_of_Proxmark/3_Commands-and-Features.md)| |[Issues](#issues)|[Blue shark manual](/doc/bt_manual_v10.md) |[Advanced compilation parameters](/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md)| -|[Notes on UART](/doc/uart_notes.md)||| +|[Notes on UART](/doc/uart_notes.md)||[Command Cheat sheet](/doc/cheatsheet.md)| |[Notes on Frame format](/doc/new_frame_format.md)||| |[Notes on external flash](/doc/ext_flash_notes.md)||| |[Notes on Termux / Android](/doc/termux_notes.md)||| @@ -40,18 +42,21 @@ This fork now compiles just fine on - Windows/mingw environment with Qt5.6.1 & GCC 4.8 - Ubuntu 1404, 1510, 1604, 1804, 1904 - Mac OS X / Homebrew - - ParrotOS - - WSL (Windows subsystem linux) on Windows 10 + - ParrotOS, Gentoo, Pentoo + - WSL, WSL2 (Windows subsystem linux) on Windows 10 - Docker container If you intend to contribute to the code, please read the [coding style notes](HACKING.md) first. - Internal notes on [Coverity Scan Config & Run](/doc/md/Development/Coverity-Scan-Config-%26-Run.md). -- Internal notes on UART -- Internal notes on Frame format -- Internal notes on standalone mode - +- Internal notes on [UART](/doc/uart_notes.md) +- Internal notes on [Frame format](/doc/new_frame_format.md) +- Internal notes on [external flash](/doc/ext_flash_notes.md) +- Internal notes on [standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode) +- Internal notes on [Termux / Android](/doc/termux_notes.md) +## Cheat sheet +Thanks to Alex Dibs, you can enjoy a [command cheat sheet](/doc/cheatsheet.md) ## Why didn't you base it on official Proxmark3 Master? diff --git a/armsrc/Standalone/hf_colin.c b/armsrc/Standalone/hf_colin.c index a45dd71c3..265b7e3c9 100644 --- a/armsrc/Standalone/hf_colin.c +++ b/armsrc/Standalone/hf_colin.c @@ -8,27 +8,24 @@ //----------------------------------------------------------------------------- // main code for HF Mifare aka ColinRun by Colin Brigato //----------------------------------------------------------------------------- + #include "standalone.h" // standalone definitions -#include // for bool -#include -#include + #include "hf_colin.h" +#include "proxmark3_arm.h" #include "appmain.h" #include "fpgaloader.h" #include "dbprint.h" #include "ticks.h" -#include "commonutil.h" -#include "crc16.h" -#include "BigBuf.h" -#include "frozen.h" -#include "proxmark3_arm.h" -#include "mifaresim.h" // mifare1ksim -#include "mifareutil.h" -#include "iso14443a.h" #include "util.h" +#include "commonutil.h" +#include "BigBuf.h" +#include "iso14443a.h" +#include "mifareutil.h" +#include "mifaresim.h" #include "vtsend.h" #include "spiffs.h" -#include "string.h" +#include "frozen.h" #define MF1KSZ 1024 #define MF1KSZSIZE 64 @@ -720,8 +717,10 @@ readysim: SpinOff(100); LED_C_ON(); - uint16_t flags; - switch (p_card.uidlen) { + DBGLEVEL = DBG_NONE; + + //uint16_t flags=0; + /*switch (p_card.uidlen) { case 10: flags = FLAG_10B_UID_IN_DATA; break; @@ -734,13 +733,23 @@ readysim: default: flags = FLAG_UID_IN_EMUL; break; - } + }*/ // Use UID, SAK, ATQA from EMUL, if uid not defined // if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) == 0) { - flags |= FLAG_UID_IN_EMUL; + //flags |= FLAG_UID_IN_EMUL; //} - Mifare1ksim(flags | FLAG_MF_1K, 0, cjuid, 0, 0); + //flags |= FLAG_MF_1K; + //if ((flags & (FLAG_4B_UID_IN_DATA | FLAG_7B_UID_IN_DATA | FLAG_10B_UID_IN_DATA)) == 0) { + // flags |= FLAG_UID_IN_EMUL; + //} + //flags = 0x10; + uint16_t flags = 0; + flags = 16; + DbprintfEx(FLAG_NEWLINE, "\n\n\n\n\n\n\n\nn\n\nn\n\n\nflags: %d (0x%02x)", flags, flags); + cjSetCursLeft(); + SpinOff(1000); + Mifare1ksim(flags, 0, cjuid, 0, 0); LED_C_OFF(); SpinOff(50); vtsend_cursor_position_restore(NULL); diff --git a/armsrc/Standalone/hf_colin.h b/armsrc/Standalone/hf_colin.h index ca65a6df4..a4b870abc 100644 --- a/armsrc/Standalone/hf_colin.h +++ b/armsrc/Standalone/hf_colin.h @@ -9,6 +9,10 @@ // StandAlone Mod //----------------------------------------------------------------------------- +#include +#include +#include + #ifndef FALSE #define FALSE 0 #endif diff --git a/armsrc/appmain.c b/armsrc/appmain.c index f163e579b..b593c826b 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1518,6 +1518,10 @@ static void PacketReceived(PacketCommandNG *packet) { test_spiffs(); break; } + case CMD_SPIFFS_CHECK: { + rdv40_spiffs_check(); + break; + } case CMD_SPIFFS_MOUNT: { rdv40_spiffs_lazy_mount(); break; @@ -1901,6 +1905,11 @@ void __attribute__((noreturn)) AppMain(void) { #ifdef WITH_FLASH // If flash is not present, BUSY_TIMEOUT kicks in, let's do it after USB loadT55xxConfig(); + + // + // Enforce a spiffs check/garbage collection at boot so we are likely to never + // fall under the 2 contigous free blocks availables + rdv40_spiffs_check(); #endif for (;;) { diff --git a/armsrc/appmain.h b/armsrc/appmain.h index fa35714e3..141c943f9 100644 --- a/armsrc/appmain.h +++ b/armsrc/appmain.h @@ -34,7 +34,6 @@ void __attribute__((noreturn)) AppMain(void); uint16_t AvgAdc(int ch); -void print_result(char *name, uint8_t *buf, size_t len); //void PrintToSendBuffer(void); void ToSendStuffBit(int b); void ToSendReset(void); diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index e4ea7f0df..1bea3a1b9 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -16,6 +16,7 @@ #include "common.h" #include "mifare.h" // struct #include "pm3_cmd.h" +#include "crc16.h" // compute_crc // When the PM acts as tag and is receiving it takes // 2 ticks delay in the RF part (for the first falling edge), diff --git a/armsrc/spiffs.c b/armsrc/spiffs.c index de6e9e226..cb4412264 100644 --- a/armsrc/spiffs.c +++ b/armsrc/spiffs.c @@ -22,9 +22,11 @@ // case, will ensure a flush by rollbacking to previous Unmounted state #define RDV40_SPIFFS_CACHE_SZ ((LOG_PAGE_SIZE + 32) * 4) #define SPIFFS_FD_SIZE (32) -#define RDV40_SPIFFS_MAX_FD (2) +#define RDV40_SPIFFS_MAX_FD (3) #define RDV40_SPIFFS_FDBUF_SZ (SPIFFS_FD_SIZE * RDV40_SPIFFS_MAX_FD) +#define RDV40_LLERASE_BLOCKSIZE (64*1024) + #define RDV40_SPIFFS_LAZY_HEADER \ int changed = 0; \ if ((level == RDV40_SPIFFS_SAFETY_LAZY) || (level == RDV40_SPIFFS_SAFETY_SAFE)) { \ @@ -43,12 +45,8 @@ RDV40_SPIFFS_SAFE_FOOTER #include "spiffs.h" -#include "flashmem.h" -#include "dbprint.h" -#include "printf.h" -#include "common.h" -#include "string.h" #include "BigBuf.h" +#include "dbprint.h" ///// FLASH LEVEL R/W/E operations for feeding SPIFFS Driver///////////////// static s32_t rdv40_spiffs_llread(u32_t addr, u32_t size, u8_t *dst) { @@ -70,28 +68,29 @@ static s32_t rdv40_spiffs_llwrite(u32_t addr, u32_t size, u8_t *src) { static s32_t rdv40_spiffs_llerase(u32_t addr, u32_t size) { + + uint8_t erased = 0; + if (!FlashInit()) { return 130; } - - uint32_t bytes_erased = 0, bytes_remaining = size; - while (bytes_remaining > 0) { - - addr += bytes_erased; - Flash_CheckBusy(BUSY_TIMEOUT); - Flash_WriteEnable(); - FlashSendByte(SECTORERASE); - Flash_TransferAdresse(addr); - FlashSendLastByte(0); - - bytes_remaining -= 4096; - bytes_erased += 4096; + if (DBGLEVEL > 2) Dbprintf("LLERASEDBG : Orig addr : %d\n", addr); + uint8_t block, sector = 0; + block = addr / RDV40_LLERASE_BLOCKSIZE; + if (block) { + addr = addr - (block * RDV40_LLERASE_BLOCKSIZE); } + if (DBGLEVEL > 2) Dbprintf("LLERASEDBG : Result addr : %d\n", addr); + sector = addr / SPIFFS_CFG_LOG_BLOCK_SZ; + Flash_CheckBusy(BUSY_TIMEOUT); + Flash_WriteEnable(); + if (DBGLEVEL > 2) Dbprintf("LLERASEDBG : block : %d, sector : %d \n", block, sector); + erased = Flash_Erase4k(block, sector); Flash_CheckBusy(BUSY_TIMEOUT); FlashStop(); - return SPIFFS_OK; + return SPIFFS_OK == erased ; } //////////////////////////////////////////////////////////////////////////////// @@ -162,6 +161,15 @@ int rdv40_spiffs_unmount() { } return ret; } + +int rdv40_spiffs_check() { + rdv40_spiffs_lazy_mount(); + SPIFFS_check(&fs); + SPIFFS_gc_quick(&fs, 0); + rdv40_spiffs_lazy_unmount(); + rdv40_spiffs_lazy_mount(); + return SPIFFS_gc(&fs, 8192) == SPIFFS_OK; +} //////////////////////////////////////////////////////////////////////////////// ///// Base RDV40_SPIFFS_SAFETY_NORMAL operations//////////////////////////////// diff --git a/armsrc/spiffs.h b/armsrc/spiffs.h index 29e8215b0..d75335e40 100644 --- a/armsrc/spiffs.h +++ b/armsrc/spiffs.h @@ -7,8 +7,9 @@ #ifndef SPIFFS_H_ #define SPIFFS_H_ - -#include "common.h" +#if defined(__cplusplus) +extern "C" { +#endif #include "spiffs_config.h" @@ -32,7 +33,7 @@ typedef struct rdv40_spiffs_fsinfo { int rdv40_spiffs_read_as_filetype(char *filename, uint8_t *dst, uint32_t size, RDV40SpiFFSSafetyLevel level); - +int rdv40_spiffs_check(); int rdv40_spiffs_lazy_unmount(); int rdv40_spiffs_lazy_mount(); int rdv40_spiffs_lazy_mount_rollback(int changed); @@ -853,5 +854,8 @@ u32_t SPIFFS_buffer_bytes_for_cache(spiffs *fs, u32_t num_pages); #if SPIFFS_CACHE #endif +#if defined(__cplusplus) +} +#endif #endif /* SPIFFS_H_ */ diff --git a/armsrc/spiffs_cache.c b/armsrc/spiffs_cache.c index f86133be4..98acc4c2f 100644 --- a/armsrc/spiffs_cache.c +++ b/armsrc/spiffs_cache.c @@ -39,17 +39,17 @@ static s32_t spiffs_cache_page_free(spiffs *fs, int ix, u8_t write_back) { (cp->flags & SPIFFS_CACHE_FLAG_TYPE_WR) == 0 && (cp->flags & SPIFFS_CACHE_FLAG_DIRTY)) { u8_t *mem = spiffs_get_cache_page(fs, cache, ix); - SPIFFS_CACHE_DBG("CACHE_FREE: write cache page "_SPIPRIi" pix "_SPIPRIpg"\n", ix, cp->pix); + SPIFFS_CACHE_DBG("CACHE_FREE: write cache page "_SPIPRIi" pix "_SPIPRIpg"\n", ix, cp->ucache.spix.pix); res = SPIFFS_HAL_WRITE(fs, SPIFFS_PAGE_TO_PADDR(fs, cp->ucache.spix.pix), SPIFFS_CFG_LOG_PAGE_SZ(fs), mem); } #if SPIFFS_CACHE_WR if (cp->flags & SPIFFS_CACHE_FLAG_TYPE_WR) { - SPIFFS_CACHE_DBG("CACHE_FREE: free cache page "_SPIPRIi" objid "_SPIPRIid"\n", ix, cp->obj_id); + SPIFFS_CACHE_DBG("CACHE_FREE: free cache page "_SPIPRIi" objid "_SPIPRIid"\n", ix, cp->ucache.swrc.obj_id); } else #endif { - SPIFFS_CACHE_DBG("CACHE_FREE: free cache page "_SPIPRIi" pix "_SPIPRIpg"\n", ix, cp->pix); + SPIFFS_CACHE_DBG("CACHE_FREE: free cache page "_SPIPRIi" pix "_SPIPRIpg"\n", ix, cp->ucache.spix.pix); } cache->cpage_use_map &= ~(1 << ix); cp->flags = 0; @@ -156,7 +156,7 @@ s32_t spiffs_phys_rd( if (cp) { cp->flags = SPIFFS_CACHE_FLAG_WRTHRU; cp->ucache.spix.pix = SPIFFS_PADDR_TO_PAGE(fs, addr); - SPIFFS_CACHE_DBG("CACHE_ALLO: allocated cache page "_SPIPRIi" for pix "_SPIPRIpg "\n", cp->ix, cp->pix); + SPIFFS_CACHE_DBG("CACHE_ALLO: allocated cache page "_SPIPRIi" for pix "_SPIPRIpg "\n", cp->ix, cp->ucache.spix.pix); s32_t res2 = SPIFFS_HAL_READ(fs, addr - SPIFFS_PADDR_TO_PAGE_OFFSET(fs, addr), diff --git a/armsrc/spiffs_config.h b/armsrc/spiffs_config.h index 6fe1f48c6..7710a65a8 100644 --- a/armsrc/spiffs_config.h +++ b/armsrc/spiffs_config.h @@ -8,7 +8,22 @@ #ifndef SPIFFS_CONFIG_H_ #define SPIFFS_CONFIG_H_ -#include "common.h" +// ----------- 8< ------------ +// Following includes are for the linux test build of spiffs +// These may/should/must be removed/altered/replaced in your target +//#include +//#include +// +#include "printf.h" +#include "string.h" +#include "flashmem.h" + +void Dbprintf(const char *fmt, ...); + +//#include +//#include +// ----------- >8 ------------ + typedef int s32_t; typedef uint32_t u32_t; @@ -26,7 +41,7 @@ typedef uint8_t u8_t; #endif // Set spiffs debug output call for garbage collecting. #ifndef SPIFFS_GC_DBG -#define SPIFFS_GC_DBG(_f, ...) +#define SPIFFS_GC_DBG(_f, ...) //Dbprintf(_f, ## __VA_ARGS__) #define SPIFFS_GC_DBGF(str) SPIFFS_GC_DBG(str,NULL) #endif // Set spiffs debug output call for caching. @@ -36,7 +51,7 @@ typedef uint8_t u8_t; #endif // Set spiffs debug output call for system consistency checks. #ifndef SPIFFS_CHECK_DBG -#define SPIFFS_CHECK_DBG(_f, ...) //SPIFFS_CHECK_DBG(_f, ## __VA_ARGS__) +#define SPIFFS_CHECK_DBG(_f, ...) //Dbprintf(_f, ## __VA_ARGS__) #define SPIFFS_CHECK_DBGF(str) SPIFFS_CHECK_DBG(str,NULL) #endif // Set spiffs debug output call for all api invocations. diff --git a/client/Makefile b/client/Makefile index adf83cb18..89f8cfb44 100644 --- a/client/Makefile +++ b/client/Makefile @@ -22,6 +22,8 @@ TAR = tar TARFLAGS = -C .. --ignore-failed-read -rvf RM = rm -f MV = mv +TOUCH = touch +FALSE = false ENV_LDFLAGS := $(LDFLAGS) ENV_CFLAGS := $(CFLAGS) @@ -52,11 +54,11 @@ MBEDTLSLIBPATH = ../common/mbedtls MBEDTLSLIB = $(MBEDTLSLIBPATH)/libmbedtls.a CBORLIBPATH = ./tinycbor CBORLIB = $(CBORLIBPATH)/tinycbor.a +REVENGFLAGS = -DPRESETS LIBS = -I../common/zlib -Iuart -I$(LUALIBPATH) -I$(MBEDTLSLIBPATH) -I$(JANSSONLIBPATH) -I$(CBORLIBPATH) INCLUDES_CLIENT = -I. -I../include -I../common -I/opt/local/include $(LIBS) LDFLAGS = $(ENV_LDFLAGS) - -CFLAGS = $(ENV_CFLAGS) -std=c99 -D_ISOC99_SOURCE -DPRESETS $(INCLUDES_CLIENT) -Wall -Werror -g -O3 +CFLAGS = $(ENV_CFLAGS) -std=c99 -D_ISOC99_SOURCE $(REVENGFLAGS) $(INCLUDES_CLIENT) -Wall -Werror -g -O3 ifneq (,$(findstring MINGW,$(platform))) CFLAGS += -mno-ms-bitfields endif @@ -239,12 +241,6 @@ CMDSRCS = crapto1/crapto1.c \ cmdscript.c \ pm3_bitlib.c \ cmdcrc.c \ - reveng/preset.c \ - reveng/reveng.c \ - reveng/cli.c \ - reveng/bmpbit.c \ - reveng/model.c \ - reveng/poly.c \ bucketsort.c cpu_arch = $(shell uname -m) @@ -262,12 +258,20 @@ ZLIBSRCS = deflate.c adler32.c trees.c zutil.c inflate.c inffast.c inftrees.c ZLIBFLAGS = -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED #-DDEBUG -Dverbose=1 +REVENGSRCS = reveng/preset.c \ + reveng/reveng.c \ + reveng/cli.c \ + reveng/bmpbit.c \ + reveng/model.c \ + reveng/poly.c + QTGUISRCS = proxgui.cpp proxguiqt.cpp proxguiqt.moc.cpp guidummy.cpp COREOBJS = $(CORESRCS:%.c=$(OBJDIR)/%.o) CMDOBJS = $(CMDSRCS:%.c=$(OBJDIR)/%.o) OBJCOBJS = $(OBJCSRCS:%.m=$(OBJDIR)/%.o) ZLIBOBJS = $(ZLIBSRCS:%.c=$(OBJDIR)/%.o) +REVENGOBJS = $(REVENGSRCS:%.c=$(OBJDIR)/%.o) MULTIARCHOBJS = $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_NOSIMD.o) \ $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_MMX.o) \ $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_SSE2.o) \ @@ -292,7 +296,7 @@ ifeq "$(SUPPORTS_AVX512)" "True" endif BINS = proxmark3 flasher -CLEAN = $(BINS) $(DEPENDENCY_FILES) $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(ZLIBOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h lualibs/pm3_cmd.lua lualibs/mf_default_keys.lua +CLEAN = $(BINS) $(DEPENDENCY_FILES) $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(ZLIBOBJS) $(REVENGOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(OBJDIR)/*.o *.moc.cpp ui/ui_overlays.h lualibs/pm3_cmd.lua lualibs/mf_default_keys.lua reveng/bmptst # need to assign dependancies to build these first... all: lua_build jansson_build mbedtls_build cbor_build $(BINS) @@ -301,9 +305,9 @@ all-static: LDLIBS:=-static $(LDLIBS) all-static: $(BINS) proxmark3: LDLIBS+=$(LUALIB) $(JANSSONLIB) $(MBEDTLSLIB) $(CBORLIB) $(QTLDLIBS) -proxmark3: $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) lualibs/pm3_cmd.lua lualibs/mf_default_keys.lua +proxmark3: reveng/bmptst $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) $(REVENGOBJS) lualibs/pm3_cmd.lua lualibs/mf_default_keys.lua $(info [=] LD $@) - $(Q)$(LD) $(LDFLAGS) $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) $(LDLIBS) -o $@ + $(Q)$(LD) $(LDFLAGS) $(OBJDIR)/proxmark3.o $(COREOBJS) $(CMDOBJS) $(OBJCOBJS) $(QTGUIOBJS) $(MULTIARCHOBJS) $(ZLIBOBJS) $(REVENGOBJS) $(LDLIBS) -o $@ flasher: $(OBJDIR)/flash.o $(OBJDIR)/flasher.o $(COREOBJS) $(OBJCOBJS) $(info [=] LD $@) @@ -354,6 +358,11 @@ cbor_build: $(info [*] MAKE tinycbor) $(Q)$(MAKE) --no-print-directory -C $(CBORLIBPATH) all + +reveng/bmptst: reveng/bmpbit.c reveng/config.h reveng/reveng.h + $(CC) $(CFLAGS) $(REVENGFLAGS) -DBMPTST -o $@ $< + ( ./$@ && $(TOUCH) $@ ) || ( $(RM) $@ && $(FALSE) ) + .PHONY: all clean # easy printing of MAKE VARIABLES @@ -419,7 +428,7 @@ $(OBJDIR)/%.o : %.m $(OBJDIR)/%.d # $(CXX) $(DEPFLAGS) $(CXXFLAGS) -c -o $@ $< # $(POSTCOMPILE) -DEPENDENCY_FILES = $(patsubst %.c, $(OBJDIR)/%.d, $(CORESRCS) $(CMDSRCS) $(ZLIBSRCS)) \ +DEPENDENCY_FILES = $(patsubst %.c, $(OBJDIR)/%.d, $(CORESRCS) $(CMDSRCS) $(ZLIBSRCS) $(REVENGSRCS)) \ $(patsubst %.o, %.d, $(MULTIARCHOBJS)) \ $(patsubst %.cpp, $(OBJDIR)/%.d, $(QTGUISRCS)) \ $(patsubst %.m, $(OBJDIR)/%.d, $(OBJCSRCS)) \ diff --git a/client/cmdflashmemspiffs.c b/client/cmdflashmemspiffs.c index a3f9b950a..f53e17915 100644 --- a/client/cmdflashmemspiffs.c +++ b/client/cmdflashmemspiffs.c @@ -39,6 +39,13 @@ static int CmdFlashMemSpiFFSTest(const char *Cmd) { return PM3_SUCCESS; } +static int CmdFlashMemSpiFFSCheck(const char *Cmd) { + (void)Cmd; // Cmd is not used so far + clearCommandBuffer(); + SendCommandNG(CMD_SPIFFS_CHECK, NULL, 0); + return PM3_SUCCESS; +} + static int CmdFlashMemSpiFFSTree(const char *Cmd) { (void)Cmd; // Cmd is not used so far clearCommandBuffer(); @@ -439,6 +446,7 @@ static command_t CommandTable[] = { "copy", CmdFlashMemSpiFFSCopy, IfPm3Flash, "Copy a file to another (destructively) in SPIFFS FileSystem in FlashMEM (spiffs)" }, + {"check", CmdFlashMemSpiFFSCheck, IfPm3Flash, "Check/try to defrag faulty/fragmented Filesystem"}, {"dump", CmdFlashMemSpiFFSDump, IfPm3Flash, "Dump a file from SPIFFS FileSystem in FlashMEM (spiffs)"}, {"info", CmdFlashMemSpiFFSInfo, IfPm3Flash, "Print filesystem info and usage statistics (spiffs)"}, {"load", CmdFlashMemSpiFFSLoad, IfPm3Flash, "Upload file into SPIFFS Filesystem (spiffs)"}, diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c index f58d5377c..7badc7c86 100644 --- a/client/cmdhficlass.c +++ b/client/cmdhficlass.c @@ -322,31 +322,31 @@ static void fuse_config(const picopass_hdr *hdr) { uint8_t fuses = hdr->conf.fuses; if (isset(fuses, FUSE_FPERS)) - PrintAndLogEx(SUCCESS, "\tMode: Personalization [Programmable]"); + PrintAndLogEx(SUCCESS, " Mode: Personalization [Programmable]"); else - PrintAndLogEx(NORMAL, "\tMode: Application [Locked]"); + PrintAndLogEx(NORMAL, " Mode: Application [Locked]"); if (isset(fuses, FUSE_CODING1)) { - PrintAndLogEx(NORMAL, "\tCoding: RFU"); + PrintAndLogEx(NORMAL, " Coding: RFU"); } else { if (isset(fuses, FUSE_CODING0)) - PrintAndLogEx(NORMAL, "\tCoding: ISO 14443-2 B/ISO 15693"); + PrintAndLogEx(NORMAL, " Coding: ISO 14443-2 B/ISO 15693"); else - PrintAndLogEx(NORMAL, "\tCoding: ISO 14443B only"); + PrintAndLogEx(NORMAL, " Coding: ISO 14443B only"); } // 1 1 - if (isset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, "\tCrypt: Secured page, keys not locked"); + if (isset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, " Crypt: Secured page, keys not locked"); // 1 0 - if (isset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, "\tCrypt: Secured page, keys locked"); + if (isset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, " Crypt: Secured page, keys locked"); // 0 1 - if (notset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, "\tCrypt: Non secured page"); + if (notset(fuses, FUSE_CRYPT1) && isset(fuses, FUSE_CRYPT0)) PrintAndLogEx(SUCCESS, " Crypt: Non secured page"); // 0 0 - if (notset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, "\tCrypt: No auth possible. Read only if RA is enabled"); + if (notset(fuses, FUSE_CRYPT1) && notset(fuses, FUSE_CRYPT0)) PrintAndLogEx(NORMAL, " Crypt: No auth possible. Read only if RA is enabled"); if (isset(fuses, FUSE_RA)) - PrintAndLogEx(NORMAL, "\tRA: Read access enabled"); + PrintAndLogEx(NORMAL, " RA: Read access enabled"); else - PrintAndLogEx(WARNING, "\tRA: Read access not enabled"); + PrintAndLogEx(WARNING, " RA: Read access not enabled"); } static void getMemConfig(uint8_t mem_cfg, uint8_t chip_cfg, uint8_t *max_blk, uint8_t *app_areas, uint8_t *kb) { @@ -396,26 +396,26 @@ static void mem_app_config(const picopass_hdr *hdr) { if (kb == 2 && (applimit > 0x1f)) applimit = 26; PrintAndLogEx(NORMAL, " Mem: %u KBits/%u App Areas (%u * 8 bytes) [%02X]", kb, app_areas, max_blk, mem); - PrintAndLogEx(NORMAL, "\tAA1: blocks 06-%02X", applimit); - PrintAndLogEx(NORMAL, "\tAA2: blocks %02X-%02X", applimit + 1, max_blk); - PrintAndLogEx(NORMAL, "\tOTP: 0x%02X%02X", hdr->conf.otp[1], hdr->conf.otp[0]); - PrintAndLogEx(NORMAL, "\nKeyAccess:"); + PrintAndLogEx(NORMAL, " AA1: blocks 06-%02X", applimit); + PrintAndLogEx(NORMAL, " AA2: blocks %02X-%02X", applimit + 1, max_blk); + PrintAndLogEx(NORMAL, " OTP: 0x%02X%02X", hdr->conf.otp[1], hdr->conf.otp[0]); + PrintAndLogEx(NORMAL, " KeyAccess:"); uint8_t book = isset(mem, 0x20); if (book) { - PrintAndLogEx(NORMAL, "\tRead A - Kd"); - PrintAndLogEx(NORMAL, "\tRead B - Kc"); - PrintAndLogEx(NORMAL, "\tWrite A - Kd"); - PrintAndLogEx(NORMAL, "\tWrite B - Kc"); - PrintAndLogEx(NORMAL, "\tDebit - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tCredit - Kc"); + PrintAndLogEx(NORMAL, " Read A - Kd"); + PrintAndLogEx(NORMAL, " Read B - Kc"); + PrintAndLogEx(NORMAL, " Write A - Kd"); + PrintAndLogEx(NORMAL, " Write B - Kc"); + PrintAndLogEx(NORMAL, " Debit - Kd or Kc"); + PrintAndLogEx(NORMAL, " Credit - Kc"); } else { - PrintAndLogEx(NORMAL, "\tRead A - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tRead B - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tWrite A - Kc"); - PrintAndLogEx(NORMAL, "\tWrite B - Kc"); - PrintAndLogEx(NORMAL, "\tDebit - Kd or Kc"); - PrintAndLogEx(NORMAL, "\tCredit - Kc"); + PrintAndLogEx(NORMAL, " Read A - Kd or Kc"); + PrintAndLogEx(NORMAL, " Read B - Kd or Kc"); + PrintAndLogEx(NORMAL, " Write A - Kc"); + PrintAndLogEx(NORMAL, " Write B - Kc"); + PrintAndLogEx(NORMAL, " Debit - Kd or Kc"); + PrintAndLogEx(NORMAL, " Credit - Kc"); } } static void print_picopass_info(const picopass_hdr *hdr) { @@ -453,14 +453,14 @@ static int CmdHFiClassSim(const char *Cmd) { if (simType == 0) { if (param_gethex(Cmd, 1, CSN, 16)) { - PrintAndLogEx(WARNING, "A CSN should consist of 16 HEX symbols"); + PrintAndLogEx(ERR, "A CSN should consist of 16 HEX symbols"); return usage_hf_iclass_sim(); } - PrintAndLogEx(NORMAL, "--simtype:%02x csn:%s", simType, sprint_hex(CSN, 8)); + PrintAndLogEx(NORMAL, " simtype: %02x csn: %s", simType, sprint_hex(CSN, 8)); } if (simType > 4) { - PrintAndLogEx(WARNING, "Undefined simptype %d", simType); + PrintAndLogEx(ERR, "Undefined simptype %d", simType); return usage_hf_iclass_sim(); } @@ -1903,7 +1903,7 @@ static int CmdHFiClassManageKeys(const char *Cmd) { case 'f': fileNameLen = param_getstr(Cmd, cmdp + 1, filename, sizeof(filename)); if (fileNameLen < 1) { - PrintAndLogEx(WARNING, "No filename found after f"); + PrintAndLogEx(ERR, "No filename found"); errors = true; } cmdp += 2; @@ -1911,7 +1911,7 @@ static int CmdHFiClassManageKeys(const char *Cmd) { case 'n': keyNbr = param_get8(Cmd, cmdp + 1); if (keyNbr >= ICLASS_KEYS_MAX) { - PrintAndLogEx(WARNING, "Invalid block number"); + PrintAndLogEx(ERR, "Invalid block number, MAX is "_YELLOW_("%d"), ICLASS_KEYS_MAX); errors = true; } cmdp += 2; diff --git a/client/cmdlf.c b/client/cmdlf.c index cf8e60f82..366f2ed0e 100644 --- a/client/cmdlf.c +++ b/client/cmdlf.c @@ -453,7 +453,7 @@ int CmdLFRead(const char *Cmd) { cmdp++; break; case 'd': - samples = param_get32ex(Cmd, cmdp, 0, 10); + samples = param_get32ex(Cmd, cmdp + 1, 0, 10); cmdp += 2; break; default: diff --git a/client/cmdlfem4x.c b/client/cmdlfem4x.c index a87fd46eb..c04e64c00 100644 --- a/client/cmdlfem4x.c +++ b/client/cmdlfem4x.c @@ -442,7 +442,7 @@ static int CmdEM410xDemod(const char *Cmd) { // this read is the "normal" read, which download lf signal and tries to demod here. static int CmdEM410xRead(const char *Cmd) { - lf_read(true, 8192); + lf_read(true, 12288); return CmdEM410xDemod(Cmd); } @@ -599,7 +599,7 @@ static int CmdEM410xWatch(const char *Cmd) { PrintAndLogEx(WARNING, "\naborted via keyboard!\n"); break; } - lf_read(true, 8201); + lf_read(true, 12288); } while (CmdEM410xRead("") != PM3_SUCCESS); return PM3_SUCCESS; diff --git a/client/cmdlfnedap.c b/client/cmdlfnedap.c index b7f9891a5..3a4ebd131 100644 --- a/client/cmdlfnedap.c +++ b/client/cmdlfnedap.c @@ -411,11 +411,11 @@ static int CmdLfNedapGen(const char *Cmd) { } PrintAndLogEx(SUCCESS, - "Tag (%s) ; subtype : %1u , customer : %03x , ID : %05u" - , isLong ? "long (128b)" : "short (64b)" + "Tag - subtype: %1u , customer code: %03x , ID: %05u | %s" , subType , customerCode , id + , isLong ? "(128b)" : "(64b)" ); NedapGen(subType, customerCode, id, isLong, data); @@ -467,7 +467,7 @@ int CmdLFNedapClone(const char *Cmd) { } PrintAndLogEx(SUCCESS, "Preparing to clone NEDAP to T55x7"); - print_blocks(blocks, 5); + print_blocks(blocks, max); PacketResponseNG resp; @@ -491,9 +491,9 @@ int CmdLFNedapClone(const char *Cmd) { return PM3_ETIMEOUT; } } - // TODO info correct? - PrintAndLogEx(INFO, "The block 0 was changed (eXtended) which can be hard to detect. Configure it manually with"); - PrintAndLogEx(INFO, _YELLOW_("`lf t55xx config b 64 d BI i 1 o 32`")); + PrintAndLogEx(NORMAL, "\n"); + PrintAndLogEx(INFO, "The block 0 was changed (eXtended) which can be hard to detect."); + PrintAndLogEx(INFO, " Configure it manually " _YELLOW_("`lf t55xx config b 64 d BI i 1 o 32`")); return PM3_SUCCESS; } diff --git a/client/cmdmain.c b/client/cmdmain.c index 618f04c73..eba34b2ca 100644 --- a/client/cmdmain.c +++ b/client/cmdmain.c @@ -102,7 +102,7 @@ static command_t CommandTable[] = { {"sc", CmdSmartcard, IfPm3Smartcard, "{ Smart card ISO7816 commands... }"}, {"script", CmdScript, AlwaysAvailable, "{ Scripting commands }"}, {"trace", CmdTrace, AlwaysAvailable, "{ Trace manipulation... }"}, - {"usart", CmdUsart, IfPm3FpcUsartDevFromUsb, "{ USART commands... }"}, + {"usart", CmdUsart, IfPm3FpcUsartFromUsb, "{ USART commands... }"}, {"quit", CmdQuit, AlwaysAvailable, ""}, {"exit", CmdQuit, AlwaysAvailable, "Exit program"}, {NULL, NULL, NULL, NULL} diff --git a/client/cmdparser.c b/client/cmdparser.c index d9ece2310..768941e10 100644 --- a/client/cmdparser.c +++ b/client/cmdparser.c @@ -72,6 +72,11 @@ bool IfPm3FpcUsartDevFromUsb(void) { return !conn.send_via_fpc_usart; } +bool IfPm3FpcUsartFromUsb(void) { + // true if FPC USART Host or developer support and if talking from USB-CDC interface + return IfPm3FpcUsartHostFromUsb() || IfPm3FpcUsartDevFromUsb(); +} + bool IfPm3Lf(void) { if (!IfPm3Present()) return false; diff --git a/client/cmdparser.h b/client/cmdparser.h index 284142780..b98aef9d4 100644 --- a/client/cmdparser.h +++ b/client/cmdparser.h @@ -30,6 +30,7 @@ bool IfPm3FpcUsart(void); bool IfPm3FpcUsartHost(void); bool IfPm3FpcUsartHostFromUsb(void); bool IfPm3FpcUsartDevFromUsb(void); +bool IfPm3FpcUsartFromUsb(void); bool IfPm3Lf(void); bool IfPm3Hitag(void); bool IfPm3Hfsniff(void); diff --git a/client/comms.c b/client/comms.c index d42bd09fb..8d2c8f733 100644 --- a/client/comms.c +++ b/client/comms.c @@ -19,6 +19,7 @@ #include "ui.h" #include "crc16.h" #include "util_posix.h" // msclock +#include "util_darwin.h" // en/dis-ableNapp(); //#define COMMS_DEBUG //#define COMMS_DEBUG_RAW diff --git a/client/flash.c b/client/flash.c index ca2f012bb..84e1d687b 100644 --- a/client/flash.c +++ b/client/flash.c @@ -448,7 +448,7 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t int mem_avail = chipid_to_mem_avail(chipinfo); if (mem_avail != 0) { - PrintAndLogEx(NORMAL, "Available memory on this board: "_YELLOW_("%uK") "bytes\n", mem_avail); + PrintAndLogEx(INFO, "Available memory on this board: "_YELLOW_("%uK") "bytes\n", mem_avail); if (mem_avail > 256) { if (BL_VERSION_MAJOR(version) < BL_VERSION_MAJOR(BL_VERSION_1_0_0)) { PrintAndLogEx(ERR, _RED_("====================== OBS ! ======================")); @@ -460,7 +460,7 @@ int flash_start_flashing(int enable_bl_writes, char *serial_port_name, uint32_t } } } else { - PrintAndLogEx(NORMAL, "Available memory on this board: "_RED_("UNKNOWN")"\n"); + PrintAndLogEx(INFO, "Available memory on this board: "_RED_("UNKNOWN")"\n"); PrintAndLogEx(ERR, _RED_("====================== OBS ! ======================================")); PrintAndLogEx(ERR, _RED_("Note: Your bootloader does not understand the new " _YELLOW_("CHIP_INFO") _RED_("command"))); flash_suggest_update_bootloader(); diff --git a/client/reveng/bmpbit.c b/client/reveng/bmpbit.c index d529b0e96..e44ddb250 100644 --- a/client/reveng/bmpbit.c +++ b/client/reveng/bmpbit.c @@ -67,7 +67,7 @@ main(int argc, char *argv[]) { setbmp(); if (BMP_BIT != bmpbit || BMP_SUB != bmpsub) { fprintf(stderr, "reveng: configuration fault. Update " - "config.h with these definitions and " + "reveng/config.h with these definitions and " "recompile:\n" "\t#define BMP_BIT %d\n" "\t#define BMP_SUB %d\n", diff --git a/client/reveng/config.h b/client/reveng/config.h index a4d46e9f2..94d3c4da5 100644 --- a/client/reveng/config.h +++ b/client/reveng/config.h @@ -57,33 +57,44 @@ /* #define ALWPCK 1 */ -/* Define PRESETS to compile CRC RevEng with the preset models from the +/* #define PRESETS 1 + * Define PRESETS to compile CRC RevEng with the preset models from the * CRC Catalogue. This implies BMPMACRO and so makes the code platform- * specific. */ -#ifdef _WIN32 -#define PRESETS 1 // -#endif - - -/* Macros defining the size of a bmp_t. +/* #define BMP_BIT 32 + * Macros defining the size of a bmp_t. * Their values only matter if PRESETS and/or BMPMACRO are defined, in * which case edit the macros below to suit your architecture. * Otherwise, BMP_BIT and BMP_SUB will be redefined as aliases of bmpbit * and bmpsub, global objects initialised at run time. */ -/* Size in bits of a bmp_t. Not necessarily a power of two. */ - -#define BMP_BIT 32 - -/* The highest power of two that is strictly less than BMP_BIT. +/* #define BMP_SUB 16 + * The highest power of two that is strictly less than BMP_BIT. * Initialises the index of a binary search for set bits in a bmp_t. */ + +#include +#include +#if ULONG_MAX == UINT64_MAX +// most 64-bit platforms +#define PRESETS 1 +#define BMP_BIT 64 +#define BMP_SUB 32 + +#elif ULONG_MAX == UINT32_MAX +// 32-bit platforms and Mingw64 +#define PRESETS 1 +#define BMP_BIT 32 #define BMP_SUB 16 +#else +#error Cannot determine automatically REVENG PRESETS Macros for your platform, you need to set them manually +#endif + /***************************************** * * * End of user configuration options * diff --git a/doc/bt_manual_v10.md b/doc/bt_manual_v10.md index 1cc8d3690..5f140976f 100644 --- a/doc/bt_manual_v10.md +++ b/doc/bt_manual_v10.md @@ -193,7 +193,17 @@ After reboot you can go ahead to pairing your Proxmark3 RDV4 Blue Shark: ```sh ./proxmark /dev/tty.PM3_RDV40-DevB ``` +#### Android +#### (2) Fast connection using dedicated Bluetooth (HC-06 Master + CP2102) adapter under Android with Termux + + 1. Make sure you already followed this tutorial https://github.com/RfidResearchGroup/proxmark3/blob/master/doc/termux_notes.md#setup and have Termux with an running Proxmark3 client ready. You need additional the `cp210x` serial usb driver enabled and working, like the `USB_ACM` driver to communicate wireless. + 2. Insert the Bluetooth adapter with an fitting USB-C/Micro-USB converter into your Android USB port and a serial port `/dev/ttyUSB0` will be created. To see if it's working, run `tsudo ls /dev/ttyU*` and it should list `/dev/ttyUSB0`. + 3. The adapter will search automatically and establish the connection to BlueShark. The adapter will remember the device that was first connected and after that the same device will be connected. After the connection is established, the blue state LED on add-on will turn on solid. + 4. If you see this, congratulations, you can run your Proxmark3 client in Termux with `tsudo proxmark3/client/proxmark3 /dev/ttyUSB0` + +##### Notes +If you bought your Bluetooth adapter somewhere else, make sure to set the baud rate to 115200 `AT+BAUD8` and PIN `AT+PIN1234` correctly ### 6. OTHER NOTES diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md new file mode 100644 index 000000000..63c74d1a3 --- /dev/null +++ b/doc/cheatsheet.md @@ -0,0 +1,561 @@ +# Command Cheat Sheet +|Generic|Low Frequence 125 kHz|High Frequence 13.56 MHz| +|---|---|---| +|[Generic](#Generic)|[T55XX](#T55XX)|[Mifare](#Mifare)| +|[Data](#Data)|[HID Prox](#HID-Prox)|[iClass](#iClass)| +|[Memory](#Memory)|[Indala](#Indala)|| +|[Sim Module](#Sim-Module)|[Hitag](#Hitag)|| +|[Lua Scripts](#Lua-Scripts)||| +|[Smart Card](#Smart-Card)||| + + +## Generic + +Identify High Frequency cards +``` +pm3 --> hf search +``` + +Identify Low Frequency cards +``` +pm3 --> lf search +``` + +Measure antenna characteristics, LF/HF voltage should be around 20-45+ V +``` +pm3 --> hw tune +``` + +Check versioning +``` +pm3 --> hw version +``` + +Check overall status +``` +pm3 --> hw status +``` + +## iClass + +Reverse permute iClass master key +``` +Options +--- +r reverse permuted key + +pm3 --> hf iclass permute r 3F90EBF0910F7B6F +``` + +iClass Reader +``` +pm3 --> hf iclass reader +``` + +Dump iClass card contents +``` +Options +--- +k : *Access Key as 16 hex symbols or 1 hex to select key from memory + +pm3 --> hf iclass dump k AFA785A7DAB33378 +``` + +Read iClass Block +``` +Options +--- +b : The block number as 2 hex symbols +k : Access Key as 16 hex symbols or 1 hex to select key from memory + +pm3 --> hf iclass readblk b 7 k AFA785A7DAB33378 +``` + +Write to iClass Block +``` +Options +--- +b : The block number as 2 hex symbols +d : Set the Data to write as 16 hex symbols +k : Access Key as 16 hex symbols or 1 hex to select key from memory + +pm3 --> hf iclass writeblk b 07 d 6ce099fe7e614fd0 k AFA785A7DAB33378 +``` + +Print keystore +``` +Options +--- +p : print keys loaded into memory + +pm3 --> hf iclass managekeys p +``` + +Add key to keystore [0-7] +``` +Options +--- +n : specify the keyNbr to set in memory +k : set a key in memory + +pm3 --> hf iclass managekeys n 0 k AFA785A7DAB33378 +``` + +Encrypt iClass Block +``` +pm3 --> hf iclass encryptblk 0000000f2aa3dba8 +``` + +Load iClass dump into memory for simulation +``` +Options +--- +f : load iclass tag-dump filename + +pm3 --> hf iclass eload f iclass_tagdump-db883702f8ff12e0.bin +``` + +Simulate iClass +``` +Options +--- +0 simulate the given CSN +1 simulate default CSN +3 Full simulation using emulator memory (see 'hf iclass eload') + +pm3 --> hf iclass sim 3 +``` + +Clone iClass Legacy Sequence +``` +pm3 --> hf iclass readblk b 7 k AFA785A7DAB33378 +pm3 --> hf iclass writeblk b 07 d 6ce099fe7e614fd0 k AFA785A7DAB33378 +``` + +Simulate iClass Sequence +``` +pm3 --> hf iclass dump k AFA785A7DAB33378 +pm3 --> hf iclass eload f iclass_tagdump-db883702f8ff12e0.bin +pm3 --> hf iclass sim 3 +``` + +Extract custom iClass key (loclass attack) +``` +Options +--- +f : specify a filename to clone from +k : Access Key as 16 hex symbols or 1 hex to select key from memory +e : If 'e' is specified, elite computations applied to key + +pm3 --> hf iclass sim 2 +pm3 --> hf iclass loclass f iclass_mac_attack.bin +pm3 --> hf iclass dump k e +``` + +Verify custom iClass key +``` +Options +--- +f : Dictionary file with default iclass keys +u : CSN +p : EPURSE +m : macs +e : elite + +pm3 --> hf iclass lookup u 010a0ffff7ff12e0 p feffffffffffffff m 66348979153c41b9 f default_iclass_keys.dic e +``` + +## Mifare + +Check for default keys +``` +Options +--- +<*card memory> [t|d|s|ss] +* : all sectors +card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K +d : write keys to binary file + +pm3 --> hf mf chk *1 ? d default_keys.dic +``` + +Check for default keys from local memory +``` +Options +--- +card memory : 0 - MINI(320 bytes), 1 - 1K, 2 - 2K, 4 - 4K +m : use dictionary from flashmemory + +pm3 --> hf mf fchk 1 m +``` + +Dump Mifare card contents +``` +Options +--- + : 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K +k : key filename, if no given, UID will be used as filename" +f : data filename, if no given, UID will be used as filename + +pm3 --> hf mf dump 1 +pm3 --> hf mf dump 1 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-data.bin +``` + +Convert .bin to .eml +``` +Options +--- +i : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used + +pm3 --> script run dumptoemul -i dumpdata.bin +``` + +Write to Mifare block +``` +Options +--- + + +pm3 --> hf mf wrbl 0 A FFFFFFFFFFFF d3a2859f6b880400c801002000000016 +``` + +Run Hardnested attack +``` +Options +--- + [known target key (12 hex symbols)] [w] [s] +w : Acquire nonces and write them to binary file nonces.bin + +pm3 --> hf mf hardnested 0 A 8829da9daf76 0 A w +``` + +Load Mifare emul dump file into memory for simulation +``` +Options +--- + +[card memory]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K, u = UL + +pm3 --> hf mf eload 353C2AA6 +pm3 --> hf mf eload 1 353C2AA6 +``` + +Simulate Mifare +``` +u : (Optional) UID 4,7 or 10 bytes. If not specified, the UID 4B from emulator memory will be used + +pm3 --> hf mf sim u 353c2aa6 +``` + +Simulate Mifare Sequence +``` +pm3 --> hf mf chk *1 ? d default_keys.dic +pm3 --> hf mf dump 1 +pm3 --> script run dumptoemul -i dumpdata.bin +pm3 --> hf mf eload 353C2AA6 +pm3 --> hf mf sim u 353c2aa6 +``` + +Clone Mifare 1K Sequence +``` +pm3 --> hf mf chk *1 ? d default_keys.dic +pm3 --> hf mf dump +pm3 --> hf mf restore 1 u 4A6CE843 k hf-mf-A29558E4-key.bin f hf-mf-A29558E4-data.bin +``` + +## HID Prox + +Read HID Prox card +``` +pm3 --> lf hid read +``` + +Demodulate HID Prox card +``` +pm3 --> lf hid demod +``` + +Convert Site & Facility code to Wiegand +``` +Options +--- + +OEM : OEM number / site code +FC : facility code +CN : card number + +pm3 --> lf hid wiegand 0 56 150 +``` + +Simulate Prox card +``` + +pm3 --> lf hid sim 200670012d +``` + +Clone Prox to T5577 card +``` +pm3 --> lf hid clone 200670012d +``` + +Brute force HID reader +``` +Options +--- +a : 26|33|34|35|37|40|44|84 +f : 8-bit value HID facility code +c : (optional) cardnumber to start with, max 65535 +d : delay betweens attempts in ms. Default 1000ms +v : verbose logging, show all tries + +pm3 --> lf hid brute a 26 f 224 +pm3 --> lf hid brute v a 26 f 21 c 200 d 2000 +``` + +## Indala + +Read Indala card +``` +pm3 --> lf indala read +``` + +Demodulate Indala card +``` +pm3 --> lf indala demod +``` + +Simulate Indala card +``` +Options +--- + : 64/224 UID + +pm3 --> lf indala sim a0000000c2c436c1 +``` + +Clone to T55x7 card +``` +Options +--- + : 64/224 UID + +pm3 --> lf indala clone a0000000c2c436c1 +``` + +## Hitag + +Read Hitag information +``` +pm3 --> lf hitag info +``` + +Act as Hitag reader +``` +Options +--- +HitagS: +01 : Read all pages, challenge mode +02 : Read all pages, crypto mode. Set key=0 for no auth + +Hitag2: +21 : Read all pages, password mode. Default: 4D494B52 ("MIKR") +22 : Read all pages, challenge mode +23 : Read all pages, crypto mode. Key format: ISK high + ISK low. Default: 4F4E4D494B52 ("ONMIKR") +25 : Test recorded authentications +26 : Just read UID + +pm3 --> lf hitag 26 +pm3 --> lf hitag 21 4D494B52 +``` + +Sniff Hitag traffic +``` +pm3 --> lf hitag sniff +pm3 --> lf hitag list +``` + +Simulate Hitag +``` +pm3 --> lf hitag sim c378181c_a8f7.ht2 +``` + +Write to Hitag block +``` +Options +--- +HitagS: +03 : Write page, challenge mode +04 : Write page, crypto mode. Set key=0 for no auth + +Hitag2: +24 : Write page, crypto mode. Key format: ISK high + ISK low. +27 : Write page, password mode. Default: 4D494B52 ("MIKR") + +pm3 --> lf hitag writer 24 499602D2 1 00000000 +``` + +Simulate Hitag2 sequence +``` +pm3 --> lf hitag reader 21 56713368 +pm3 --> lf hitag sim c378181c_a8f7.ht2 +``` + +## T55XX + +Detect T55XX card +``` +pm3 --> lf t55xx detect +``` + +Configure modulation +``` +Options +--- + : Set modulation +EM is ASK +HID Prox is FSK +Indala is PSK + +pm3 --> lf t55xx config FSK +``` + +Set timings to default +``` +Options +--- +p : persist to flashmemory +z : Set default t55x7 timings (use p to save if required) + +pm3 --> lf t55xx deviceconfig z p +``` + +Write to T55xx block +``` +b : block number to write. Between 0-7 +d : 4 bytes of data to write (8 hex characters) + +pm3 --> lf t55xx wr b 0 d 00081040 +``` + +Wipe a T55xx tag and set defaults +``` +pm3 --> lf t55xx wipe +``` + +## Data + +Get raw samples [512-40000] +``` +pm3 --> data samples +``` + +Save samples to file +``` +pm3 --> data save +``` + +Load samples from file +``` +pm3 --> data load +``` + +## Lua Scripts + +List Lua Scripts + +``` +pm3 --> script list +``` + +Convert .bin to .eml +``` +Options +--- +i : Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used + +pm3 --> script run dumptoemul -i xxxxxxxxxxxxxx.bin +``` + +Format Mifare card +``` +Options +--- +k : the current six byte key with write access +n : the new key that will be written to the card +a : the new access bytes that will be written to the card +x : execute the commands aswell. + +pm3 --> script run formatMifare -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x +``` + +## Memory + +Load default keys into memory +``` +Options +--- +o : offset in memory +f : file name +m : upload 6 bytes keys (mifare key dictionary) +i : upload 8 bytes keys (iClass key dictionary) +t : upload 4 bytes keys (pwd dictionary) + +pm3 --> mem load f default_keys m +pm3 --> mem load f default_pwd t +pm3 --> mem load f default_iclass_keys i +``` + +## Sim Module + +Upgrade Sim Module firmware +``` +pm3 --> sc upgrade f ../tools/simmodule/SIM011.BIN +``` + +## Smart Card + +Get Smart Card Information +``` +pm3 --> sc info +``` + +Act like an IS07816 reader +``` +pm3 --> sc reader +``` + +Set clock speed +``` +Options +--- +c : clockspeed (0 = 16MHz, 1=8MHz, 2=4MHz) + +pm3 --> sc setclock c 2 +``` + +Send raw hex data +``` +Options +--- +r : do not read response +a : active smartcard without select (reset sc module) +s : active smartcard with select (get ATR) +t : executes TLV decoder if it possible +0 : use protocol T=0 +d : bytes to send + +pm3 --> sc raw s 0 d 00a404000e315041592e5359532e4444463031 : 1PAY.SYS.DDF01 PPSE directory with get ATR +pm3 --> sc raw 0 d 00a404000e325041592e5359532e4444463031 : 2PAY.SYS.DDF01 PPSE directory +pm3 --> sc raw 0 t d 00a4040007a0000000041010 : Mastercard +pm3 --> sc raw 0 t d 00a4040007a0000000031010 : Visa +```` + +Bruteforce SPI +``` +Options +--- +t : executes TLV decoder if it possible + +pm3 --> sc brute +pm3 --> sc brute t +``` diff --git a/fpga/fpga_lf.v b/fpga/fpga_lf.v index 20d2ca440..88b22b7ca 100644 --- a/fpga/fpga_lf.v +++ b/fpga/fpga_lf.v @@ -102,13 +102,13 @@ lo_edge_detect le( ); lo_adc la( - pck0, - la_pwr_lo, la_pwr_hi, la_pwr_oe1, la_pwr_oe2, la_pwr_oe3, la_pwr_oe4, - adc_d, la_adc_clk, - la_ssp_frame, la_ssp_din, ssp_dout, la_ssp_clk, - cross_hi, cross_lo, - la_dbg, divisor, - lo_is_125khz, lf_field + pck0, + la_pwr_lo, la_pwr_hi, la_pwr_oe1, la_pwr_oe2, la_pwr_oe3, la_pwr_oe4, + adc_d, la_adc_clk, + la_ssp_frame, la_ssp_din, ssp_dout, la_ssp_clk, + cross_hi, cross_lo, + la_dbg, divisor, + lo_is_125khz, lf_field ); // Major modes: diff --git a/fpga/lo_adc.v b/fpga/lo_adc.v index dff9fda3f..57e9eebc8 100644 --- a/fpga/lo_adc.v +++ b/fpga/lo_adc.v @@ -55,28 +55,28 @@ assign ssp_frame = (pck_divider[7:3] == 5'd1) && !clk_state; always @(posedge pck0) begin - if(pck_divider == divisor[7:0]) + if(pck_divider == divisor[7:0]) begin - pck_divider <= 8'd0; - clk_state = !clk_state; + pck_divider <= 8'd0; + clk_state = !clk_state; end - else - begin - pck_divider <= pck_divider + 1; - end + else + begin + pck_divider <= pck_divider + 1; + end end always @(posedge pck0) begin - if((pck_divider == 8'd7) && !clk_state) + if((pck_divider == 8'd7) && !clk_state) begin to_arm_shiftreg <= adc_d; end else - begin + begin to_arm_shiftreg[7:1] <= to_arm_shiftreg[6:0]; to_arm_shiftreg[0] <= 1'b0; - end + end end endmodule diff --git a/include/pm3_cmd.h b/include/pm3_cmd.h index 3d7b156bd..035e85405 100644 --- a/include/pm3_cmd.h +++ b/include/pm3_cmd.h @@ -299,6 +299,7 @@ typedef struct { #define CMD_SPIFFS_PRINT_FSINFO 0x2133 #define CMD_SPIFFS_DOWNLOAD 0x2134 #define CMD_SPIFFS_DOWNLOADED 0x2135 +#define CMD_SPIFFS_CHECK 0x3000 // more ? diff --git a/proxmark3.sh b/proxmark3.sh index 4cd6d76bc..07d2a27d5 100755 --- a/proxmark3.sh +++ b/proxmark3.sh @@ -7,7 +7,7 @@ PM3PATH=$(dirname "$0") cd "$PM3PATH" || exit 1 function wait4proxmark_Linux { - echo >&2 "Waiting for Proxmark to appear..." + echo >&2 "[=] Waiting for Proxmark to appear..." while true; do PM3=$(find /dev/pm3-* /dev/ttyACM* 2>/dev/null | head -1) if [[ $PM3 != "" ]]; then @@ -19,7 +19,7 @@ function wait4proxmark_Linux { } function wait4proxmark_macOS { - echo >&2 "Waiting for Proxmark to appear..." + echo >&2 "[=] Waiting for Proxmark to appear..." while true; do PM3=$(find /dev/pm3-* /dev/cu.usbmodem* 2>/dev/null | head -1) if [[ $PM3 != "" ]]; then @@ -31,7 +31,7 @@ function wait4proxmark_macOS { } function wait4proxmark_Windows { - echo >&2 "Waiting for Proxmark to appear..." + echo >&2 "[=] Waiting for Proxmark to appear..." while true; do device=$(wmic path Win32_SerialPort where "PNPDeviceID like '%VID_9AC4&PID_4B8F%'" get DeviceID,PNPDeviceID 2>/dev/null | awk 'NR==2') if [[ $device != "" ]]; then @@ -44,7 +44,7 @@ function wait4proxmark_Windows { } function wait4proxmark_WSL { - echo >&2 "Waiting for Proxmark to appear..." + echo >&2 "[=] Waiting for Proxmark to appear..." while true; do device=$(wmic.exe path Win32_SerialPort where "PNPDeviceID like '%VID_9AC4&PID_4B8F%'" get DeviceID,PNPDeviceID 2>/dev/null | awk 'NR==2') if [[ $device != "" ]]; then @@ -55,7 +55,7 @@ function wait4proxmark_WSL { sleep .1 done if [ -e "$PM3" ] && [ ! -w "$PM3" ]; then - echo "We need to give current user read/write access to $PM3" + echo "[!!] We need to give current user read/write access to $PM3" sudo chmod 666 "$PM3" fi echo "$PM3" @@ -72,7 +72,7 @@ elif [ "$SCRIPT" = "flash-fullimage.sh" ]; then elif [ "$SCRIPT" = "flash-bootrom.sh" ]; then CMD() { client/flasher "$1" -b "$BOOTIMAGE"; } else - echo "Script ran under unknown name, abort: $SCRIPT" + echo "[!!] Script ran under unknown name, abort: $SCRIPT" exit 1 fi HOSTOS=$(uname | awk '{print toupper($0)}') @@ -87,11 +87,11 @@ elif [ "$HOSTOS" = "DARWIN" ]; then elif [[ "$HOSTOS" =~ MINGW(32|64)_NT* ]]; then PORT=$(wait4proxmark_Windows) else - echo "Host OS not recognized, abort: $HOSTOS" + echo "[!!] Host OS not recognized, abort: $HOSTOS" exit 1 fi if [ "$PORT" = "" ]; then - echo "No port, abort" + echo "[!!] No port, abort" exit 1 fi