From 9640aa75a685462aa24a467b6635873b24c0fa1b Mon Sep 17 00:00:00 2001
From: Robert Jones <rob.jones@dolby.com>
Date: Wed, 29 Mar 2017 14:09:00 +1100
Subject: [PATCH 01/24] Remove unnecessary x86 SSE 4.2 popcnt GCC flag
-mpopcnt is only a valid flag for x86 platforms with SSE 4.2. Breaks on anything else, e.g. ARM
Builds/runs fine without this flag. I don't see any reference to popcnt instruction so I'm not sure what this is there for.
---
client/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/client/Makefile b/client/Makefile
index 3c7a33fdd..96920229e 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -7,7 +7,7 @@ include ../common/Makefile.common
CC = gcc
CXX = g++
-COMMON_FLAGS += -std=c99 -O3 -mpopcnt -march=native -g
+COMMON_FLAGS += -std=c99 -O3 -march=native -g
#VPATH = ../common ../zlib
OBJDIR = obj
From 396772c93aa39600b9a14c58781583abbfcb05d2 Mon Sep 17 00:00:00 2001
From: angelsl <hidingfromhidden@gmail.com>
Date: Thu, 30 Mar 2017 01:41:07 +0800
Subject: [PATCH 02/24] Fixes for compiling on Android
---
client/cmdhfmfhard.c | 8 ++++----
client/util.c | 2 ++
client/util.h | 6 ++++++
liblua/llex.c | 2 +-
4 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/client/cmdhfmfhard.c b/client/cmdhfmfhard.c
index 2e5046754..38d35895f 100644
--- a/client/cmdhfmfhard.c
+++ b/client/cmdhfmfhard.c
@@ -1431,7 +1431,7 @@ static const uint64_t crack_states_bitsliced(statelist_t *p){
#endif
if ( !lstate_p ) {
- __sync_fetch_and_add(&total_states_tested, bucket_states_tested);
+ __atomic_fetch_add(&total_states_tested, bucket_states_tested, __ATOMIC_SEQ_CST);
return key;
}
@@ -1618,7 +1618,7 @@ out:
#endif
}
- __sync_fetch_and_add(&total_states_tested, bucket_states_tested);
+ __atomic_fetch_add(&total_states_tested, bucket_states_tested, __ATOMIC_SEQ_CST);
return key;
}
@@ -1636,8 +1636,8 @@ static void* crack_states_thread(void* x){
if (keys_found) break;
else if(key != -1) {
if (TestIfKeyExists(key)) {
- __sync_fetch_and_add(&keys_found, 1);
- __sync_fetch_and_add(&foundkey, key);
+ __atomic_fetch_add(&keys_found, 1, __ATOMIC_SEQ_CST);
+ __atomic_fetch_add(&foundkey, key, __ATOMIC_SEQ_CST);
printf("*");
fflush(stdout);
break;
diff --git a/client/util.c b/client/util.c
index 4adc4e701..5485488c9 100644
--- a/client/util.c
+++ b/client/util.c
@@ -534,9 +534,11 @@ void xor(unsigned char * dst, unsigned char * src, size_t len) {
int32_t le24toh (uint8_t data[3]) {
return (data[2] << 16) | (data[1] << 8) | data[0];
}
+#ifndef ANDROID
uint32_t le32toh (uint8_t *data) {
return (uint32_t)( (data[3]<<24) | (data[2]<<16) | (data[1]<<8) | data[0]);
}
+#endif
// Pack a bitarray into a uint32_t.
uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits) {
diff --git a/client/util.h b/client/util.h
index ede50e8c1..84d1a3163 100644
--- a/client/util.h
+++ b/client/util.h
@@ -31,6 +31,10 @@
#include <windows.h>
#endif
+#ifdef ANDROID
+ #include <endian.h>
+#endif
+
#ifndef BITMASK
# define BITMASK(X) (1 << (X))
@@ -146,7 +150,9 @@ extern void wiegand_add_parity(uint8_t *target, uint8_t *source, uint8_t length)
extern void xor(unsigned char * dst, unsigned char * src, size_t len);
extern int32_t le24toh (uint8_t data[3]);
+#ifndef ANDROID
extern uint32_t le32toh (uint8_t *data);
+#endif
extern uint32_t PackBits(uint8_t start, uint8_t len, uint8_t* bits);
extern void rol(uint8_t *data, const size_t len);
extern uint32_t SwapBits(uint32_t value, int nrbits);
diff --git a/liblua/llex.c b/liblua/llex.c
index 81b8de9e3..d91f00f7d 100644
--- a/liblua/llex.c
+++ b/liblua/llex.c
@@ -199,7 +199,7 @@ static void buffreplace (LexState *ls, char from, char to) {
#if ANDROID
-#define getlocaldecpoint() '.'
+#define getlocaledecpoint() '.'
#elif !defined(getlocaledecpoint)
#define getlocaledecpoint() (localeconv()->decimal_point[0])
#endif
From 94ea581d8349b7f99f5916acdfe9ab735bc01117 Mon Sep 17 00:00:00 2001
From: n4k <nak@efrei-linux.fr>
Date: Sun, 2 Apr 2017 20:16:45 +0200
Subject: [PATCH 03/24] Fix missing null byte : my_executable_directory
---
client/proxmark3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/client/proxmark3.c b/client/proxmark3.c
index 670b9720e..b7bdb0b13 100644
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@@ -242,6 +242,7 @@ static void set_my_executable_path(void)
my_executable_path[path_length] = '\0';
my_executable_directory = (char *)malloc(dirname_length + 2);
strncpy(my_executable_directory, my_executable_path, dirname_length+1);
+ my_executable_directory[dirname_length+1] = '\0';
}
}
}
From 4d78c76faf58613c4a1dc57727ac6ea32cf6af9c Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Tue, 4 Apr 2017 17:22:49 +0200
Subject: [PATCH 04/24] Update default_pwd.dic
added a new cloner pwd
---
client/default_pwd.dic | 2 ++
1 file changed, 2 insertions(+)
diff --git a/client/default_pwd.dic b/client/default_pwd.dic
index 2c63e53ca..b0659a091 100644
--- a/client/default_pwd.dic
+++ b/client/default_pwd.dic
@@ -4,6 +4,8 @@
000D8787,
# ref. http://kazus.ru/forums/showpost.php?p=1045937&postcount=77
05D73B9F,
+# ref. http://www.proxmark.org/forum/viewtopic.php?=
+89A69E60,
# Default pwd, simple:
00000000,
11111111,
From 450714d641cad0701dd7e2297ccf07eae424424f Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 5 Apr 2017 17:27:09 +0200
Subject: [PATCH 05/24] Update default_keys.dic
---
client/default_keys.dic | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/client/default_keys.dic b/client/default_keys.dic
index 04a7c6698..66bbe5925 100644
--- a/client/default_keys.dic
+++ b/client/default_keys.dic
@@ -316,4 +316,12 @@ d9a37831dce5,
c5cfe06d9ea3,
c0dece673829,
#
-a56c2df9a26d,
\ No newline at end of file
+a56c2df9a26d,
+#
+# Data from: Aussie transports
+#
+2031d1e57a3b,
+68d3f7307c89,
+9189449ea24e,
+568c9083f71c,
+53c11f90822a,
From d840622789ab402a47e740a8ce38d7a6b2d64209 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 5 Apr 2017 17:28:46 +0200
Subject: [PATCH 06/24] Update default_keys.dic
---
client/default_keys.dic | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/client/default_keys.dic b/client/default_keys.dic
index 66bbe5925..739d075b3 100644
--- a/client/default_keys.dic
+++ b/client/default_keys.dic
@@ -318,7 +318,7 @@ c0dece673829,
#
a56c2df9a26d,
#
-# Data from: Aussie transports
+# Data from: https://pastebin.com/vbwast74
#
2031d1e57a3b,
68d3f7307c89,
From 926ea42b76b0c89c84e46f550109867df5546e7d Mon Sep 17 00:00:00 2001
From: ikarus <ikarus4ever@web.de>
Date: Fri, 14 Apr 2017 11:24:49 +0200
Subject: [PATCH 07/24] FIX: hf legic crc data parameter 'd' was inconsistently
declared.
---
client/cmdhflegic.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/client/cmdhflegic.c b/client/cmdhflegic.c
index 4414efa1d..f66effbed 100644
--- a/client/cmdhflegic.c
+++ b/client/cmdhflegic.c
@@ -24,8 +24,8 @@ int usage_legic_calccrc(void){
PrintAndLog(" c <8|16> : Crc type");
PrintAndLog("");
PrintAndLog("Samples:");
- PrintAndLog(" hf legic crc b deadbeef1122");
- PrintAndLog(" hf legic crc b deadbeef1122 u 9A c 16");
+ PrintAndLog(" hf legic crc d deadbeef1122");
+ PrintAndLog(" hf legic crc d deadbeef1122 u 9A c 16");
return 0;
}
int usage_legic_rdmem(void){
@@ -678,8 +678,8 @@ int CmdLegicCalcCrc(const char *Cmd){
while(param_getchar(Cmd, cmdp) != 0x00) {
switch(param_getchar(Cmd, cmdp)) {
- case 'b':
- case 'B':
+ case 'd':
+ case 'D':
// peek at length of the input string so we can
// figure out how many elements to malloc in "data"
bg=en=0;
@@ -1274,4 +1274,4 @@ int CmdHFLegic(const char *Cmd) {
int CmdHelp(const char *Cmd) {
CmdsHelp(CommandTable);
return 0;
-}
\ No newline at end of file
+}
From aff903d99f4a6175faef67cc8bff1e893d4a0889 Mon Sep 17 00:00:00 2001
From: Gator96100 <jupuerzi@gmx.at>
Date: Sat, 22 Apr 2017 23:36:43 +0200
Subject: [PATCH 08/24] Fix crashes when compiled with a different cpu
---
client/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/client/Makefile b/client/Makefile
index 96920229e..764da38a3 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -7,7 +7,7 @@ include ../common/Makefile.common
CC = gcc
CXX = g++
-COMMON_FLAGS += -std=c99 -O3 -march=native -g
+COMMON_FLAGS += -std=c99 -O3 -march=x86-64 -g
#VPATH = ../common ../zlib
OBJDIR = obj
From dccc3e2c6653d5fc2d4e0fe675ebf835d3b551b7 Mon Sep 17 00:00:00 2001
From: Gator96100 <jupuerzi@gmx.at>
Date: Sun, 23 Apr 2017 15:27:00 +0200
Subject: [PATCH 09/24] When compiled with MinGW use march=x86-64 instead of
march=native
---
client/Makefile | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/client/Makefile b/client/Makefile
index 764da38a3..5f5df1486 100644
--- a/client/Makefile
+++ b/client/Makefile
@@ -7,7 +7,7 @@ include ../common/Makefile.common
CC = gcc
CXX = g++
-COMMON_FLAGS += -std=c99 -O3 -march=x86-64 -g
+COMMON_FLAGS += -std=c99 -O3 -g
#VPATH = ../common ../zlib
OBJDIR = obj
@@ -20,7 +20,7 @@ LUAPLATFORM = generic
ifneq (,$(findstring MINGW,$(platform)))
LDLIBS += -L/mingw/lib -lgdi32
- CFLAGS += -I/mingw/include -D__USE_MINGW_ANSI_STDIO=1
+ CFLAGS += -I/mingw/include -D__USE_MINGW_ANSI_STDIO=1 -march=x86-64
CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
MOC = $(QTDIR)/bin/moc
LUAPLATFORM = mingw
@@ -46,7 +46,8 @@ else ifeq ($(platform),Darwin)
# OS X, QT5 detection needs this.
export PKG_CONFIG_PATH=/usr/local/Cellar/qt5/5.6.1-1/lib/pkgconfig/
- CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O3
+ CFLAGS += -march=native
+ CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O3
QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
MOC = $(shell pkg-config --variable=moc_location QtCore)
@@ -64,6 +65,7 @@ else ifeq ($(platform),Darwin)
LUAPLATFORM = macosx
else
+ CFLAGS += -march=native
CXXFLAGS = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null) -Wall -O3
QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
LUALIB += -ldl
From bc61d6af20de7089d73c58a08bc0d57a125d3a31 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:40:13 +0200
Subject: [PATCH 10/24] Update README.md
---
README.md | 56 +++++++++++++++++++------------------------------------
1 file changed, 19 insertions(+), 37 deletions(-)
diff --git a/README.md b/README.md
index 94499d9b4..fe7cb351c 100644
--- a/README.md
+++ b/README.md
@@ -2,22 +2,22 @@ The iceman fork
===============
[](https://travis-ci.org/iceman1001/proxmark3) [](https://scan.coverity.com/projects/proxmark3_iceman_fork) [![Latest release] (https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
-##This fork is HIGHLY experimental (or bleeding edge)
+## This fork is HIGHLY experimental (or bleeding edge)
-##Donate
+## Donate
https://paypal.me/iceman1001/
Feel free to donate. All support is welcome.
-##Notice
+## Notice
There is so much in this fork, with all fixes and additions its basically the most enhanced fork to this day for the Proxmark3 device. Which makes it so awesum to play with. Do please play with it. Get excited and experiment. As a side note with all coverity scan fixes this client is much more stable than PM3 Master even if I tend to break it sometimes. I'll try to make a release when this fork becomes stable between my experiments.
-##Official
+## Official
The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3
-##Coverity Scan Config & Run
+## Coverity Scan Config & Run
Download the Coverity Scan Self-buld and install it.
You will need to configure ARM-NON-EABI- Compiler for it to use:
-
+```
- Configure
`cov-configure --comptype gcc --compiler /opt/devkitpro/devkitARM/bin/arm-none-eabi-gcc`
@@ -28,8 +28,9 @@ You will need to configure ARM-NON-EABI- Compiler for it to use:
`tar czvf proxmark3.tgz cov-int`
- upload it to coverity.com
+```
-##Whats changed?
+## Whats changed?
Whats so special with this fork? I have scraped the web for different enhancements to the PM3 source code and not all of them ever found their way to the master branch.
Among the stuff is
@@ -56,24 +57,24 @@ Among the stuff is
* Aczid's bitsliced bruteforce solver in 'hf mf hardnested'
---
-##Why don't you merged with offical PM3 Master?
+## Why don't you merged with offical PM3 Master?
I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master.
Me fiddling with the code so much, there is a nightmare in merging a PR. Luckily I have @marshmellow42 who takes some stuff and push PR's back.
-##Why don't you add nnnn or mmmm functionality?
+## Why don't you add nnnn or mmmm functionality?
Give me a hint, and I'll see if I can't merge in the stuff you have.
-##PM3 GUI
+## PM3 GUI
I do tend to rename and move stuff around, the official PM3-GUI from Gaucho will not work so well. *sorry*
-##Development
+## Development
This fork now compiles just fine on
- Windows/mingw environment with Qt5.6.1 & GCC 4.8
- Ubuntu 1404, 1510, 1604
- Mac OS X / Homebrew
- Docker container
-##Setup and build for UBUNTU
+## Setup and build for UBUNTU
GC made updates to allow this to build easily on Ubuntu 14.04.2 LTS, 15.10 or 16.04
See https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux
@@ -110,7 +111,7 @@ https://github.com/daveio/attacksurface/blob/master/proxmark3/pm3-setup.sh
- Run the client
`./proxmark3 /dev/ttyACM0`
-##Homebrew (Mac OS X)
+## Homebrew (Mac OS X)
These instructions comes from @Chrisfu, where I got the proxmark3.rb scriptfile from.
Further questions about Mac & Homebrew, contact @Chrisfu (https://github.com/chrisfu/)
@@ -120,7 +121,7 @@ Further questions about Mac & Homebrew, contact @Chrisfu (https://github.com/c
3. Install Proxmark3: `brew install proxmark3` for stable release or `brew install --HEAD proxmark3` for latest non-stable from GitHub.
-##Docker container
+## Docker container
I recently added a docker container on Docker HUB. You find it here: https://hub.docker.com/r/iceman1001/proxmark3/
Follow those instructions to get it up and running. No need for the old proxspace-environment anymore.
@@ -206,40 +207,21 @@ Assuming you have Proxmark3 Windows drivers installed you can run the Proxmark s
- Run the client
`proxmark3.exe comX`
-##Buying a proxmark3
+## Buying a proxmark3
The Proxmark 3 device is available for purchase (assembled and tested) from the following locations:
* http://proxmark3.tictail.com/ (For buyers in EU, most likely in Sweden)
* http://www.elechouse.com/ (new and revised hardware package 2015, located in China)
+Enjoy!
-##Enjoy
-
-January 2015, Sweden
iceman at host iuse.se
+January 2015, Sweden
-
-##Note from Jonathan Westhues
-Most of the ultra-low-volume contract assemblers could put
-something like this together with a reasonable yield. A run of around
-a dozen units is probably cost-effective. The BOM includes (possibly-
-outdated) component pricing, and everything is available from Digikey
-and the usual distributors.
-
-If you've never assembled a modern circuit board by hand, then this is
-not a good place to start. Some of the components (e.g. the crystals)
-must not be assembled with a soldering iron, and require hot air.
-
-The schematics are included; the component values given are not
-necessarily correct for all situations, but it should be possible to do
-nearly anything you would want with appropriate population options.
-
-The printed circuit board artwork is also available, as Gerbers and an
-Excellon drill file.
-
+## Note from Jonathan Westhues
LICENSING:
From 4d2e16b9c7c8351870c341c872f284018b186397 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:43:54 +0200
Subject: [PATCH 11/24] Update README.md
---
README.md | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index fe7cb351c..ab5fbf12f 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,11 @@
The iceman fork
===============
-[](https://travis-ci.org/iceman1001/proxmark3) [](https://scan.coverity.com/projects/proxmark3_iceman_fork) [![Latest release] (https://img.shields.io/github/release/iceman1001/proxmark3.svg)](https://github.com/iceman1001/proxmark3/releases/latest)
+[](https://travis-ci.org/iceman1001/proxmark3)
+[](https://scan.coverity.com/project/proxmark3_iceman_fork)
+[](https://github.com/iceman1001/proxmark3/releases/latest)
-## This fork is HIGHLY experimental (or bleeding edge)
+
+## This fork is HIGHLY experimental and bleeding edge
## Donate
https://paypal.me/iceman1001/
@@ -11,9 +14,6 @@ Feel free to donate. All support is welcome.
## Notice
There is so much in this fork, with all fixes and additions its basically the most enhanced fork to this day for the Proxmark3 device. Which makes it so awesum to play with. Do please play with it. Get excited and experiment. As a side note with all coverity scan fixes this client is much more stable than PM3 Master even if I tend to break it sometimes. I'll try to make a release when this fork becomes stable between my experiments.
-## Official
-The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3
-
## Coverity Scan Config & Run
Download the Coverity Scan Self-buld and install it.
You will need to configure ARM-NON-EABI- Compiler for it to use:
@@ -61,7 +61,7 @@ Among the stuff is
I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master.
Me fiddling with the code so much, there is a nightmare in merging a PR. Luckily I have @marshmellow42 who takes some stuff and push PR's back.
-## Why don't you add nnnn or mmmm functionality?
+## Why don't you add this or that functionality?
Give me a hint, and I'll see if I can't merge in the stuff you have.
## PM3 GUI
@@ -125,9 +125,9 @@ Further questions about Mac & Homebrew, contact @Chrisfu (https://github.com/c
I recently added a docker container on Docker HUB. You find it here: https://hub.docker.com/r/iceman1001/proxmark3/
Follow those instructions to get it up and running. No need for the old proxspace-environment anymore.
-[1.6.0] How to start: https://www.youtube.com/watch?v=b5Zta89Cf6Q
-[1.6.0] How to connect: https://youtu.be/0ZS2t5C-caI
-[1.6.1] How to flash: https://www.youtube.com/watch?v=WXouhuGYEiw
+-[1.6.0] How to start: https://www.youtube.com/watch?v=b5Zta89Cf6Q
+-[1.6.0] How to connect: https://youtu.be/0ZS2t5C-caI
+-[1.6.1] How to flash: https://www.youtube.com/watch?v=WXouhuGYEiw
Recommendations: Use only latest container.
From 178d75f1afb263a8b47bec072af95f6f80623c23 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:45:22 +0200
Subject: [PATCH 12/24] Update README.md
---
README.md | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/README.md b/README.md
index ab5fbf12f..36cdd81b6 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,6 @@
The iceman fork
===============
-[](https://travis-ci.org/iceman1001/proxmark3)
-[](https://scan.coverity.com/project/proxmark3_iceman_fork)
-[](https://github.com/iceman1001/proxmark3/releases/latest)
+[](https://travis-ci.org/iceman1001/proxmark3)](https://scan.coverity.com/project/proxmark3_iceman_fork)[](https://github.com/iceman1001/proxmark3/releases/latest)
## This fork is HIGHLY experimental and bleeding edge
From 3d9a84abe2340641509f3da3c43a06d19e09263a Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:45:57 +0200
Subject: [PATCH 13/24] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 36cdd81b6..a2b939750 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
The iceman fork
===============
-[](https://travis-ci.org/iceman1001/proxmark3)](https://scan.coverity.com/project/proxmark3_iceman_fork)[](https://github.com/iceman1001/proxmark3/releases/latest)
+[](https://travis-ci.org/iceman1001/proxmark3)](https://scan.coverity.com/project/proxmark3_iceman_fork)](https://github.com/iceman1001/proxmark3/releases/latest)
## This fork is HIGHLY experimental and bleeding edge
From 0781d38e7af5b8f15761ed4adcdef8318d883a22 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 15:46:26 +0200
Subject: [PATCH 14/24] Update
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index a2b939750..764a08703 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
The iceman fork
===============
-[](https://travis-ci.org/iceman1001/proxmark3)](https://scan.coverity.com/project/proxmark3_iceman_fork)](https://github.com/iceman1001/proxmark3/releases/latest)
+[](https://travis-ci.org/iceman1001/proxmark3)[](https://scan.coverity.com/project/proxmark3_iceman_fork)[](https://github.com/iceman1001/proxmark3/releases/latest)
## This fork is HIGHLY experimental and bleeding edge
From 08cc2c36d8113a577b7a0c1eb9ae3f7322e8a572 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 19:52:03 +0200
Subject: [PATCH 15/24] fix: 'hf mf chk'
Dictionary files will load wrong if they exceed 256lines.
---
client/cmdhfmf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c
index 13cbee685..820fb93bc 100644
--- a/client/cmdhfmf.c
+++ b/client/cmdhfmf.c
@@ -1081,7 +1081,7 @@ int CmdHF14AMfChk(const char *Cmd) {
char filename[FILE_PATH_SIZE]={0};
char buf[13];
uint8_t *keyBlock = NULL, *p;
- uint8_t stKeyBlock = 20;
+ uint16_t stKeyBlock = 20;
sector_t *e_sector = NULL;
From 489e735f8646a967433b9bdc76704349de85626b Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Wed, 26 Apr 2017 21:32:42 +0200
Subject: [PATCH 16/24] Update Makefile.common
chg: disabling 512kb flashing since it has issues with the flasher code. Might enable it later on.
---
common/Makefile.common | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/Makefile.common b/common/Makefile.common
index aa93433aa..95820e667 100644
--- a/common/Makefile.common
+++ b/common/Makefile.common
@@ -65,8 +65,8 @@ endif
# uncomment these two; to fix 256 vs 512kb PM3 devices
# flashing bootrom -b is needed
-APP_CFLAGS += -DHAS_512_FLASH
-COMMON_FLAGS += -DHAS_512_FLASH
+#APP_CFLAGS += -DHAS_512_FLASH
+#COMMON_FLAGS += -DHAS_512_FLASH
# Also search prerequisites in the common directory (for usb.c), the fpga directory (for fpga.bit), and the zlib directory
VPATH = . ../common ../fpga ../zlib
From 8c9facb7b51eb5ea99defbbee47a39e5f6573c17 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Thu, 27 Apr 2017 16:30:14 +0200
Subject: [PATCH 17/24] Update cmdhficlass.c
fix: 'hf iclass dump' now uses rawkey option even for credit key.
---
client/cmdhficlass.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/client/cmdhficlass.c b/client/cmdhficlass.c
index 3891d431c..5351adffa 100644
--- a/client/cmdhficlass.c
+++ b/client/cmdhficlass.c
@@ -834,9 +834,9 @@ int CmdHFiClassReader_Dump(const char *Cmd) {
ul_switch_off_field();
memset(MAC,0,4);
// AA2 authenticate credit key and git c_div_key - later store in dump block 4
- if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, elite, rawkey, false)){
//try twice - for some reason it sometimes fails the first time...
- if (!select_and_auth(CreditKEY, MAC, c_div_key, true, false, false, false)){
+ if (!select_and_auth(CreditKEY, MAC, c_div_key, true, elite, rawkey, false)){
ul_switch_off_field();
return 0;
}
From 2419ac3af971c8297908bdfc9c044130c5560e36 Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Sat, 29 Apr 2017 13:25:27 +0200
Subject: [PATCH 18/24] Start fixing AppVeyor
---
.gitignore | 1 +
appveyor.yml | 23 +++++++----------------
2 files changed, 8 insertions(+), 16 deletions(-)
diff --git a/.gitignore b/.gitignore
index bf86be009..24761385f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
# .gitignore
# don't push these files to the repository
+.idea
.history
*.log
*.eml
diff --git a/appveyor.yml b/appveyor.yml
index cac45bd42..4af9a43d4 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,17 +1,8 @@
-os: Windows Server 2012
-platform: mingw
-qt: mingw492_32
+version: 1.0.{build}
+init:
+- cmd: >-
+ set QTDIR=C:\Qt\5.5\mingw492_32
-branches:
- only:
- - master
-
-install:
- - set QTDIR=C:\Qt\5.5\mingw492_32
- - set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin
-
-before_build:
- - make clean
-
-build:
- - make all
+ set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
+build_script:
+- cmd: make
From c91e84203c5b2659ca78b2be292e3e42e93fad75 Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Sat, 29 Apr 2017 14:32:06 +0200
Subject: [PATCH 19/24] AppVeyor - Make all
---
appveyor.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/appveyor.yml b/appveyor.yml
index 4af9a43d4..4b2425649 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -5,4 +5,4 @@ init:
set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
build_script:
-- cmd: make
+- cmd: make all
From d063559fc4ac6145a7a04e0a740ec672cc121b73 Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Sat, 29 Apr 2017 16:50:57 +0200
Subject: [PATCH 20/24] Add more VIGIK Keys
---
client/default_keys.dic | 40 +++++++++++++++++++++++++++++++++-------
1 file changed, 33 insertions(+), 7 deletions(-)
diff --git a/client/default_keys.dic b/client/default_keys.dic
index 739d075b3..3ed597a4c 100644
--- a/client/default_keys.dic
+++ b/client/default_keys.dic
@@ -235,8 +235,8 @@ c2b7ec7d4eb1,
003003003003,
#
# Data from: http://phreakerclub.com/forum/showthread.php?p=41266
-26973ea74321,
-71f3a315ad26,
+26973ea74321,
+71f3a315ad26,
51044efb5aab,
ac70ca327a04,
eb0a8ff88ade,
@@ -279,7 +279,7 @@ a7abbc77cc9e,
f792c4c76a5c,
bfb6796a11db,
#
-# Data from
+# Data from
8829da9daf76,
#
# Data from Salto A/B
@@ -290,7 +290,7 @@ bfb6796a11db,
2338b4913111,
#
# Data from stoye
-cb779c50e1bd,
+cb779c50e1bd,
a27d3804c259,
003cc420001a,
f9861526130f,
@@ -321,7 +321,33 @@ a56c2df9a26d,
# Data from: https://pastebin.com/vbwast74
#
2031d1e57a3b,
-68d3f7307c89,
+68d3f7307c89,
9189449ea24e,
-568c9083f71c,
-53c11f90822a,
+568c9083f71c,
+53c11f90822a,
+# Vigik Keys
+# Various sources :
+# * https://github.com/DumpDos/Vigik
+# * http://newffr.com/viewtopic.php?&forum=235&topic=11559
+# * Own dumps
+021209197591,
+22729a9bd40f,
+2ef720f2af76,
+38fcf33072e0,
+424c41524f4e,
+484558414354,
+49fae4e3849f,
+4a6352684677,
+509359f131b1,
+62d0c424ed8e,
+66d2b7dc39ef,
+6bc1e1ae547d,
+6c78928e1317,
+89347350bd36,
+8ad5517b4b18,
+8fa1d601d0a2,
+a22ae129c013,
+a6cac2886412,
+aa0720018738,
+e64a986a5d94,
+bf1f4424af76,
From 7b8cbd38a80d1962ce4e2beb2a878b467053ff4d Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Mon, 1 May 2017 09:16:22 +0200
Subject: [PATCH 21/24] Appveyor - Add strawberryperl / readline / libusb
---
appveyor.yml | 27 +++++++++++++++++++++++----
armsrc/fpgaloader.c | 36 ++++++++++++++++++------------------
2 files changed, 41 insertions(+), 22 deletions(-)
diff --git a/appveyor.yml b/appveyor.yml
index 4b2425649..d76c4e957 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,8 +1,27 @@
version: 1.0.{build}
-init:
-- cmd: >-
- set QTDIR=C:\Qt\5.5\mingw492_32
+environment:
+ global:
+ CYG_ROOT: C:\cygwin
+ CYG_MIRROR: http://cygwin.mirror.constant.com
+ CYG_CACHE: C:\cygwin\var\cache\setup
+ CYG_BASH: C:\cygwin\bin\bash
- set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
+init:
+- cmd:
+ - set QTDIR=C:\Qt\5.5\mingw492_32
+ - set PATH=%PATH%;%QTDIR%\bin;C:\MinGW\bin;C:\MinGW\msys\1.0\bin
+ - c:\cygwin\setup-x86.exe --quiet-mode --no-shortcuts --only-site --root "%CYG_ROOT%" --site "%CYG_MIRROR%" --local-package-dir "%CYG_CACHE%" --packages autoconf,automake,bison,gcc-core,gcc-g++,mingw-runtime,mingw-binutils,mingw-gcc-core,mingw-gcc-g++,mingw-pthreads,mingw-w32api,libtool,make,gettext-devel,gettext,intltool,libiconv,pkg-config,git,curl,libxslt,libreadline-devel,libreadline7 > NUL 2>&1'
+ - '%CYG_BASH% -lc "cygcheck -dc cygwin"'
+ - if not exist "make.zip" curl -L -o make.zip http://gnuwin32.sourceforge.net/downlinks/make-bin-zip.php
+ - if not exist "make-dep.zip" curl -L -o make-dep.zip http://gnuwin32.sourceforge.net/downlinks/make-dep-zip.php
+ - if not exist "gcc-arm-none-eabi.zip" curl -L -o gcc-arm-none-eabi.zip https://launchpad.net/gcc-arm-embedded/4.8/4.8-2014-q1-update/+download/gcc-arm-none-eabi-4_8-2014q1-20140314-win32.zip
+ - if not exist "C:\strawberry" cinst strawberryperl #once I workout how to install Digest::SHA for perl, this won't be required
+ - set PATH=C:\strawberry\perl\bin;C:\strawberry\perl\site\bin;C:\strawberry\c\bin;%PATH%
+ - unzip -o -q gcc-arm-none-eabi.zip -d c:\gcc\
+ - unzip make.zip -d c:\gnuwin32\
+ - unzip make-dep.zip -d c:\gnuwin32\
+ - set PATH=C:\Program Files\git\bin;%PATH:C:\Program Files\git\bin;=% #move git to begining of PATH so find works correctly
+ - set PATH=%PATH%;c:\gnuwin32\bin;c:\gcc\bin
+ - set PATH=%PATH%;c:\gcc\bin
build_script:
- cmd: make all
diff --git a/armsrc/fpgaloader.c b/armsrc/fpgaloader.c
index a96cb5d9e..e8c3028f3 100644
--- a/armsrc/fpgaloader.c
+++ b/armsrc/fpgaloader.c
@@ -153,20 +153,20 @@ void FpgaSetupSsc(void) {
//-----------------------------------------------------------------------------
bool FpgaSetupSscDma(uint8_t *buf, int len) {
if (buf == NULL) return false;
-
+
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer
AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf; // transfer to this memory address
AT91C_BASE_PDC_SSC->PDC_RCR = len; // transfer this many bytes
AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf; // next transfer to same memory address
AT91C_BASE_PDC_SSC->PDC_RNCR = len; // ... with same number of bytes
- AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go!
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go!
return true;
}
//----------------------------------------------------------------------------
// Uncompress (inflate) the FPGA data. Returns one decompressed byte with
-// each call.
+// each call.
//----------------------------------------------------------------------------
static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8_t *output_buffer)
{
@@ -184,7 +184,7 @@ static int get_from_fpga_combined_stream(z_streamp compressed_fpga_stream, uint8
}
++uncompressed_bytes_cnt;
-
+
return *fpga_image_ptr++;
}
@@ -200,7 +200,7 @@ static int get_from_fpga_stream(int bitstream_version, z_streamp compressed_fpga
get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);
}
- return get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);
+ return get_from_fpga_combined_stream(compressed_fpga_stream, output_buffer);
}
@@ -218,14 +218,14 @@ static void fpga_inflate_free(voidpf opaque, voidpf address)
//----------------------------------------------------------------------------
-// Initialize decompression of the respective (HF or LF) FPGA stream
+// Initialize decompression of the respective (HF or LF) FPGA stream
//----------------------------------------------------------------------------
static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
{
uint8_t header[FPGA_BITSTREAM_FIXED_HEADER_SIZE];
-
+
uncompressed_bytes_cnt = 0;
-
+
// initialize z_stream structure for inflate:
compressed_fpga_stream->next_in = &_binary_obj_fpga_all_bit_z_start;
compressed_fpga_stream->avail_in = &_binary_obj_fpga_all_bit_z_start - &_binary_obj_fpga_all_bit_z_end;
@@ -240,7 +240,7 @@ static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_s
for (uint16_t i = 0; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++)
header[i] = get_from_fpga_stream(bitstream_version, compressed_fpga_stream, output_buffer);
-
+
// Check for a valid .bit file (starts with _bitparse_fixed_header)
if(memcmp(_bitparse_fixed_header, header, FPGA_BITSTREAM_FIXED_HEADER_SIZE) == 0)
return true;
@@ -324,7 +324,7 @@ static void DownloadFPGA(int bitstream_version, int FpgaImageLen, z_streamp comp
}
DownloadFPGA_byte(b);
}
-
+
// continue to clock FPGA until ready signal goes high
i=100000;
while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
@@ -396,21 +396,21 @@ static int bitparse_find_section(int bitstream_version, char section_name, unsig
//----------------------------------------------------------------------------
-// Check which FPGA image is currently loaded (if any). If necessary
+// Check which FPGA image is currently loaded (if any). If necessary
// decompress and load the correct (HF or LF) image to the FPGA
//----------------------------------------------------------------------------
void FpgaDownloadAndGo(int bitstream_version)
{
z_stream compressed_fpga_stream;
uint8_t output_buffer[OUTPUT_BUFFER_LEN] = {0x00};
-
+
// check whether or not the bitstream is already loaded
if (downloaded_bitstream == bitstream_version)
return;
// make sure that we have enough memory to decompress
BigBuf_free(); BigBuf_Clear_ext(false);
-
+
if (!reset_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer)) {
return;
}
@@ -422,14 +422,14 @@ void FpgaDownloadAndGo(int bitstream_version)
}
inflateEnd(&compressed_fpga_stream);
-
+
// free eventually allocated BigBuf memory
BigBuf_free(); BigBuf_Clear_ext(false);
-}
+}
//-----------------------------------------------------------------------------
-// Gather version information from FPGA image. Needs to decompress the begin
+// Gather version information from FPGA image. Needs to decompress the begin
// of the respective (HF or LF) image.
// Note: decompression makes use of (i.e. overwrites) BigBuf[]. It is therefore
// advisable to call this only once and store the results for later use.
@@ -440,7 +440,7 @@ void FpgaGatherVersion(int bitstream_version, char *dst, int len)
char tempstr[40] = {0x00};
z_stream compressed_fpga_stream;
uint8_t output_buffer[OUTPUT_BUFFER_LEN] = {0x00};
-
+
dst[0] = '\0';
// ensure that we can allocate enough memory for decompression:
@@ -492,7 +492,7 @@ void FpgaGatherVersion(int bitstream_version, char *dst, int len)
}
strncat(dst, tempstr, len-1);
}
-
+
strncat(dst, "\n", len-1);
inflateEnd(&compressed_fpga_stream);
From bf413f1b871d3adae107ed03a5fbfd03a5e3603a Mon Sep 17 00:00:00 2001
From: BOURDY Romain <achileos@gmail.com>
Date: Wed, 17 May 2017 18:52:30 +0200
Subject: [PATCH 22/24] Start fixing legic.lua ! Now loads dumps fine
---
client/scripts/legic.lua | 616 +++++++++++++++++++--------------------
1 file changed, 308 insertions(+), 308 deletions(-)
diff --git a/client/scripts/legic.lua b/client/scripts/legic.lua
index 73ef47917..69605781b 100644
--- a/client/scripts/legic.lua
+++ b/client/scripts/legic.lua
@@ -1,11 +1,11 @@
---[[
+--[[
if it don't works with you tag-layout - be so kind and let me know ;-)
Tested on Tags with those Layouts:
(example) Legic-Prime Layout with 'Kaba Group Header'
+----+----+----+----+----+----+----+----+
- 0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 9f |
+ 0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 9f |
+----+----+----+----+----+----+----+----+
0x08| ff | 00 | 00 | 00 | 11 |Bck0|Bck1|Bck2|
+----+----+----+----+----+----+----+----+
@@ -33,7 +33,7 @@ kghC = crc8 over MCD + MSN0..MSN2 + UID
(example) Legic-Cash on MIM256/1024 tag' (37 bytes)
+----+----+----+----+----+----+----+----+
- 0x00|Seg0|Seg1|Seg2|Seg3|SegC|STP0|STP1|STP2|
+ 0x00|Seg0|Seg1|Seg2|Seg3|SegC|STP0|STP1|STP2|
+----+----+----+----+----+----+----+----+
0x08|STP3|STP4|STP5|STP6| 01 |CURh|CURl|LIMh|
+----+----+----+----+----+----+----+----+
@@ -58,7 +58,7 @@ CHK = crc16 over SHD + LRS + CV
(example) Legic-Prime Layout 'gantner unsegmented user-credential'
+----+----+----+----+----+----+----+----+
- 0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 08 |
+ 0x00|MCD |MSN0|MSN1|MSN2|MCC | 60 | ea | 08 |
+----+----+----+----+----+----+----+----+
0x08|Stp0|Stp1|Stp2|Stp3|Stp4|Dat0|Dat1|uCRC| <- addr 0x08..0x0f is WRP
+----+----+----+----+----+----+----+----+
@@ -75,11 +75,11 @@ uCRC = crc8 over addr 0x00..0x03+0x07..0x0E
(example) Legic-Prime Layout 'gantner unsegmented Master-Token (IAM) with a stamp_len of 4'
+----+----+----+----+----+----+----+----+
- 0x00|MCD |MSN0|MSN1|MSN2|MCC | 20 | f8 | 08 |
+ 0x00|MCD |MSN0|MSN1|MSN2|MCC | 20 | f8 | 08 |
+----+----+----+----+----+----+----+----+
0x08|Stp0|Stp1|Stp2|Stp3| 00 | 00 | 00 |CRC1|
+----+----+----+----+----+----+----+----+
- 0x10| 00 | 00 | 00 | 00 | 00 |CRC2|
+ 0x10| 00 | 00 | 00 | 00 | 00 |CRC2|
+----+----+----+----+----+----+
MCD = Manufacturer ID
MSN = Manufacturer SerialNumber
@@ -106,36 +106,36 @@ it's kinda interactive with following commands in three categories:
rt => read Tag as => add Segment mt => make Token
wt => write Tag es => edit Segment Header et => edit Token data
ed => edit Segment Data tk => toggle KGH-Flag
- File I/O rs => remove Segment
- ----------------- cc => check Segment-CRC
- lf => load File ck => check KGH
- sf => save File ds => dump Segments
- xf => xor to File
-
-
+ File I/O rs => remove Segment
+ ----------------- cc => check Segment-CRC
+ lf => load File ck => check KGH
+ sf => save File ds => dump Segments
+ xf => xor to File
+
+
(partially) known Segments Virtual Tags Script Output
--------------------------- ------------------------------- ------------------------
dlc => dump Legic-Cash ct => copy mainTag to backupTag tac => toggle ansicolors
- elc => edit Legic-Cash tc => copy backupTag to mainTag
- d3p => dump 3rd-Party-Cash tt => switch mainTag & backupTag
- e3p => edit 3rd-Party-Cash di => dump mainTag
+ elc => edit Legic-Cash tc => copy backupTag to mainTag
+ d3p => dump 3rd-Party-Cash tt => switch mainTag & backupTag
+ e3p => edit 3rd-Party-Cash di => dump mainTag
do => dump backupTag
-
-
+
+
rt: 'read tag' - reads a tag placed near to the PM3
wt: 'write tag' - writes the content of the 'virtual inTag' to a tag placed near to th PM3
without the need of changing anything - MCD,MSN,MCC will be read from the tag
before and applied to the output.
-
+
lf: 'load file' - load a (xored) file from the local Filesystem into the 'virtual inTag'
sf: 'save file' - saves the 'virtual inTag' to the local Filesystem (xored with Tag-MCC)
xf: 'xor file' - saves the 'virtual inTag' to the local Filesystem (xored with choosen MCC - use '00' for plain values)
-
+
ct: 'copy tag' - copy the 'virtual Tag' to a second 'virtual TAG' - not usefull yet, but inernally needed
tc: 'copy tag' - copy the 'second virtual Tag' to 'virtual TAG' - not usefull yet, but inernally needed
tt: 'toggle tag' - copy mainTag to BackupTag and backupTag to mainTag
-
+
di: 'dump mainTag' - shows the current content of the 'virtual Tag'
do: 'dump backupTag' - shows the current content of the 'virtual outTag'
ds: 'dump Segments' - will show the content of a selected Segment
@@ -151,25 +151,25 @@ it's kinda interactive with following commands in three categories:
'Kaba Group Header CRC calculation'
tk: 'toggle KGH' - toglle the (script-internal) flag for kgh-calculation for a segment
xc: 'etra c' - show string that was used to calculate the kgh-crc of a segment
-
+
dlc: 'dump Legic-Cash' - show balance and checksums of a Legic-Cash Segment
elc: 'edit Legic-Cash' - edit values of a Legic-Cash Segment
d3p: 'dump 3rd Party' - show balance, history and checksums of a (yet) unknown 3rd-Party Cash Segment
e3p: 'edit 3rd Party' - edit Data in 3rd-Party Cash Segment
-
+
tac: 'toggle ansicolors'- switch on and off the colored text-output of this script
default can be changed by setting the variable 'colored_output' to false
]]
currentTag="inTAG"
----
+---
-- requirements
local utils = require('utils')
local getopt = require('getopt')
local ansicolors = require('ansicolors')
----
+---
-- global variables / defines
local bxor = bit32.bxor
local bbit = bit32.extract
@@ -201,7 +201,7 @@ function load_colors(onoff)
acmagenta= ansicolors.magenta
acoff = ansicolors.reset
else
- -- 'no color'
+ -- 'no color'
acgreen = ""
accyan = ""
acred = ""
@@ -215,20 +215,20 @@ end
---
-- curency-codes for Legic-Cash-Segments (ISO 4217)
local currency = {
- ["03d2"]="EUR",
- ["0348"]="USD",
+ ["03d2"]="EUR",
+ ["0348"]="USD",
["033A"]="GBP",
["02F4"]="CHF"
}
----
+---
-- This is only meant to be used when errors occur
function oops(err)
print(acred.."ERROR: "..acoff ,err)
return nil, err
end
----
+---
-- Usage help
function help()
print(desc)
@@ -236,10 +236,10 @@ function help()
print("Example usage: "..example)
end
----
+---
-- table check helper
-function istable(t)
- return type(t) == 'table'
+function istable(t)
+ return type(t) == 'table'
end
---
@@ -262,7 +262,7 @@ function deepCopy(object)
return _copy(object)
end
----
+---
-- xor single byte
function xorme(hex, xor, index)
if ( index >= 23 ) then
@@ -272,7 +272,7 @@ function xorme(hex, xor, index)
end
end
----
+---
-- (de)obfuscate bytes
function xorBytes(inBytes, crc)
local bytes = {}
@@ -289,13 +289,14 @@ function xorBytes(inBytes, crc)
end
end
----
+---
-- check availability of file
function file_check(file_name)
- local file_found=io.open(file_name, "r")
+ local file_found=io.open(file_name, "r")
if file_found==nil then
return false
else
+ file_found:close()
return true
end
end
@@ -334,20 +335,19 @@ function bytesToTable(bytes, bstart, bend)
return t
end
----
+---
-- read file into table
function getInputBytes(infile)
local line
local bytes = {}
- local fhi,err = io.open(infile)
+ local fhi,err = io.open(infile,"rb")
if err then oops("faild to read from file ".. infile); return false; end
- while true do
- line = fhi:read()
- if line == nil then break end
- for byte in line:gmatch("%w+") do
- table.insert(bytes, byte)
- end
- end
+
+ file_data = fhi:read("*a");
+ for i = 1, #file_data
+ do
+ bytes[i] = string.format("%x",file_data:byte(i))
+ end
fhi:close()
if (bytes[7]=='00') then return false end
print(#bytes .. " bytes from "..infile.." loaded")
@@ -357,7 +357,7 @@ end
---
-- create tag-table helper
function createTagTable()
- local t={
+ local t={
['MCD'] = '00',
['MSN0']= '11',
['MSN1']= '22',
@@ -381,7 +381,7 @@ function createTagTable()
return t
end
----
+---
-- put bytes into tag-table
function bytesToTag(bytes, tag)
if(istable(tag)) then
@@ -407,14 +407,14 @@ function bytesToTag(bytes, tag)
tag.data=bytesToTable(bytes, 10, 13)
tag.Bck=bytesToTable(bytes, 14, 20)
tag.MTC=bytesToTable(bytes, 21, 22)
-
+
print(acgreen.."Tag-Type: ".. tag.Type..acoff)
if (tag.Type=="SAM" and #bytes>23) then
tag=segmentsToTag(bytes, tag)
print(acgreen..(#tag.SEG+1).." Segment(s) found"..acoff)
-- unsegmented Master-Token
- -- only tag-data
- else
+ -- only tag-data
+ else
for i=0, #tag.Bck do
table.insert(tag.data, tag.Bck[i])
end
@@ -429,8 +429,8 @@ function bytesToTag(bytes, tag)
return oops("tag is no table in: bytesToTag ("..type(tag)..")")
end
----
--- put segments from byte-table to tag-table
+---
+-- put segments from byte-table to tag-table
function segmentsToTag(bytes, tag)
if(#bytes>23) then
local start=23
@@ -447,7 +447,7 @@ function segmentsToTag(bytes, tag)
return tag
else return oops("tag is no table in: segmentsToTag ("..type(tag)..")") end
else print("no Segments: must be a MIM22") end
-end
+end
---
-- read Tag-Table in bytes-table
@@ -501,14 +501,14 @@ function tagToBytes(tag)
end
--- PM3 I/O ---
----
+---
-- read from pm3 into virtual-tag
function readFromPM3()
- local tag, bytes, infile
+ local tag, bytes, infile
infile="legic.temp"
core.console("hf legic reader")
- core.console("hf legic save "..infile)
- tag=readFile(infile)
+ core.console("hf legic esave "..infile)
+ tag=readFile(infile..".bin")
return tag
end
@@ -522,7 +522,7 @@ function writeToTag(tag)
return
end
-- get used bytes / tag-len
- if(istable(tag.SEG)) then
+ if(istable(tag.SEG)) then
if (istable(tag.Bck)) then
for i=0, #tag.SEG do
taglen=taglen+tag.SEG[i].len+5
@@ -539,7 +539,7 @@ function writeToTag(tag)
tag.MSN2 = outbytes[4]
tag.MCC = outbytes[5]
-- recheck all segments-crc/kghcrc (only on a credential)
- if(istable(tag.Bck)) then
+ if(istable(tag.Bck)) then
checkAllSegCrc(tag)
checkAllKghCrc(tag)
local uid_new=tag.MCD..tag.MSN0..tag.MSN1..tag.MSN2
@@ -555,10 +555,10 @@ function writeToTag(tag)
bytes=tagToBytes(tag)
-- master-token-crc
if (tag.Type~="SAM") then bytes[22]=calcMtCrc(bytes) end
- if (bytes) then
+ if (bytes) then
print("write temp-file '"..filename.."'")
print(accyan)
- writeFile(bytes, filename)
+ writeFile(bytes, filename)
--writeToTag(bytes, taglen, 'MylegicClone.hex')
print(acoff)
end
@@ -577,14 +577,14 @@ function writeToTag(tag)
core.console(cmd)
--print(cmd)
elseif (i == 6) then
- -- write DCF in reverse order (requires 'mosci-patch')
+ -- write DCF in reverse order (requires 'mosci-patch')
cmd = 'hf legic write 0x05 0x02'
print(acgreen..cmd..acoff)
core.console(cmd)
--print(cmd)
else
print(acgreen.."skip byte 0x05 - will be written next step"..acoff)
- end
+ end
utils.Sleep(0.2)
end
end
@@ -601,7 +601,7 @@ function readFile(filename)
return oops("input file: "..filename.." not found")
else
bytes = getInputBytes(filename)
- if (bytes == false) then return oops('couldnt get input bytes')
+ if (bytes == false) then return oops('couldnt get input bytes')
else
-- make plain bytes
bytes = xorBytes(bytes,bytes[5])
@@ -616,7 +616,7 @@ function readFile(filename)
return tag
end
----
+---
-- write bytes to file
function writeFile(bytes, filename)
if (filename~='MylegicClone.hex') then
@@ -631,9 +631,9 @@ function writeFile(bytes, filename)
if err then oops("OOps ... faild to open output-file ".. filename) end
bytes=xorBytes(bytes, bytes[5])
for i = 1, #bytes do
- if (bcnt == 0) then
+ if (bcnt == 0) then
line=bytes[i]
- elseif (bcnt <= 7) then
+ elseif (bcnt <= 7) then
line=line.." "..bytes[i]
end
if (bcnt == 7) then
@@ -651,12 +651,12 @@ function writeFile(bytes, filename)
end
--- Map related ---
----
+---
-- make tagMap
function makeTagMap()
local tagMap={}
- if (#tagMap==0) then
- tagMap['name']=input(accyan.."enter Name for this Map: "..acoff , "newTagMap")
+ if (#tagMap==0) then
+ tagMap['name']=input(accyan.."enter Name for this Map: "..acoff , "newTagMap")
tagMap['mappings']={}
tagMap['crc8']={}
-- insert fixed Tag-CRC
@@ -664,8 +664,8 @@ function makeTagMap()
tagMap['crc16']={}
end
print(accyan.."new tagMap created"..acoff)
- return tagMap
-end
+ return tagMap
+end
---
-- save mapping to file
@@ -676,11 +676,11 @@ function saveTagMap(map, filename)
if (answer==false) then return print("user abort") end
end
end
-
+
local line
local fho,err = io.open(filename, "w")
if err then oops("OOps ... faild to open output-file ".. filename) end
-
+
-- write line to new file
for k, v in pairs(map) do
if (istable(v)) then
@@ -757,17 +757,17 @@ function loadTagMap(filename)
local fhi,err = io.open(filename)
while true do
line = fhi:read()
- if line == nil then
- break
+ if line == nil then
+ break
else
fields=split(line)
end
- if (#fields==2) then
+ if (#fields==2) then
if (fields[1]=='offset') then
offset=tonumber(fields[2],10)
end
-- map-name
- map[fields[1]]=fields[2]
+ map[fields[1]]=fields[2]
elseif (fields[1]=='mappings') then
m=m+1
temp={}
@@ -775,9 +775,9 @@ function loadTagMap(filename)
temp['name']=fields[3]
temp['start']=tonumber(fields[4], 10)
temp['end']=tonumber(fields[5], 10)
- if(temp['start']>22) then
- temp['start']=temp['start']+offset
- temp['end']=temp['end']+offset
+ if(temp['start']>22) then
+ temp['start']=temp['start']+offset
+ temp['end']=temp['end']+offset
end
if (tonumber(fields[6], 10)==1) then temp['highlight']= true
else temp['highlight']= false end
@@ -792,8 +792,8 @@ function loadTagMap(filename)
temp['seq']=seqstr2tbl(s)
for k, v in pairs(temp['seq']) do
if(tonumber(v, 10)>22) then v=tonumber(v, 10)+offset end
- temp['seq'][k]=tonumber(v, 10)
- end
+ temp['seq'][k]=tonumber(v, 10)
+ end
table.insert(map.crc8, temp)
end
end
@@ -854,18 +854,18 @@ function checkMapCrc8(tagMap, bytes, n)
local res=false
if (#tagMap.crc8>0) then
if(istable(tagMap.crc8[n])) then
- temp=""
+ temp=""
for k2, v2 in pairs(tagMap.crc8[n]) do
if (istable(v2)) then
temp=temp..tbl2seqstr(v2)
end
- end
+ end
local tempres=""
local tempres=getSequences(bytes, temp)
tempres=("%02x"):format(utils.Crc8Legic(tempres))
if (bytes[tagMap.crc8[n]['pos']]==tempres) then
res=true
- end
+ end
end
end
return res
@@ -875,19 +875,19 @@ end
-- edit existing Map
function editTagMap(tag, tagMap)
local t = [[
- Data: dm = show dr = dump raw
+ Data: dm = show dr = dump raw
Mappings: im = insert am = add rm = remove
- CRC8: ac8 = add sc8 = show rc8 = remove
+ CRC8: ac8 = add sc8 = show rc8 = remove
: q = exit h = Help
]]
--if(#tagMap.mappings==0) then oops("no mappings in tagMap"); return tagMap end
print("tagMap edit-mode submenu")
- repeat
+ repeat
x=input('tagMap submenu:', 'h')
if (x=='h') then print(t)
elseif (x=='dm') then tagMmap=dumpTagMap(tag, tagMap)
elseif (x=='dr') then tagMmap=dumpMap(tag, tagMap)
- elseif (x=='rc8') then
+ elseif (x=='rc8') then
if (istable(tagMap.crc8)) then
local x1 = selectTableEntry(tagMap.crc8, "select number of CRC8 to remove:")
if (istable(tagMap.crc8[x1])) then
@@ -913,14 +913,14 @@ Mappings: im = insert am = add rm = remove
table.insert(tagMap.crc8, temp)
end
end
- elseif (string.sub(x, 1, 3)=='sc8') then
+ elseif (string.sub(x, 1, 3)=='sc8') then
local bytes=tagToBytes(tag)
local res, pos
-- trigger manually by sc8 <'4digit' checkadd> <'seqeuence-string'>
-- e.g.: sc8 0027 1-4,23-36
- if (string.len(x)>=9) then
+ if (string.len(x)>=9) then
pos=tonumber(string.sub(x, 5, 8), 10)
- x=string.sub(x, 9, string.len(x))
+ x=string.sub(x, 9, string.len(x))
print("x: "..x.." - pos:"..pos)
else
x=selectTableEntry(tagMap.crc8, "select CRC:")
@@ -960,23 +960,23 @@ function dumpMap(tag, tagMap)
print(accyan.."Tag uses "..dend.." bytes:"..acoff)
for i=dstart, dend do
if (check4MappedByte(i, tagMap) and not check4MapCrc8(i, tagMap) and not check4Highlight(i, tagMap)) then io.write(""..acyellow)
- elseif (check4MapCrc8(i, tagMap)) then
+ elseif (check4MapCrc8(i, tagMap)) then
if ( checkMapCrc8(tagMap, bytes, isPosCrc8(tagMap, i) ) ) then
io.write(""..acgreen)
- else
+ else
io.write(""..acred)
end
- else
- io.write(""..acoff)
+ else
+ io.write(""..acoff)
end
-- highlighted mapping
if (check4Highlight(i, tagMap)) then io.write(""..acmagenta) end
-
+
io.write(bytes[i])
- if (i%8==0) then io.write("\n")
+ if (i%8==0) then io.write("\n")
else io.write(" ") end
end
-
+
io.write("\n"..acoff)
end
@@ -1053,14 +1053,14 @@ end
---
-- add interactive mapping
function addMapping(tag, tagMap, x)
- if (type(x)~="number") then x=#tagMap.mappings+1 end
+ if (type(x)~="number") then x=#tagMap.mappings+1 end
local bytes=tagToBytes(tag)
local myMapping={}
myMapping['name'] =input(accyan.."enter Maping-Name:"..acoff, string.format("mapping %d", #tagMap.mappings+1))
myMapping['start']=tonumber(input(accyan.."enter start-addr:"..acoff, '1'), 10)
myMapping['end'] =tonumber(input(accyan.."enter end-addr:"..acoff, #bytes), 10)
myMapping['highlight']=confirm("set highlighted")
- table.insert(tagMap.mappings, x, myMapping)
+ table.insert(tagMap.mappings, x, myMapping)
return tagMap
end
@@ -1074,7 +1074,7 @@ function deleteMapping(tag, tagMap)
else oops("deleteMapping: got type = "..type(d).." - expected type = 'number'")
end
end
- return tagMap
+ return tagMap
end
---
@@ -1107,7 +1107,7 @@ function mapAllSegments(tag, tagMap)
--tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." HDR", v['start'], v['start']+3)
tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." CRC", v['start']+4, v['start']+4, true)
table.insert(tagMap.crc8, {name = 'Segment '..("%02d"):format(v['index']).." CRC", pos=v['start']+4, seq={1,4,v['start'],v['start']+3}} )
- if(WRC>WRP) then
+ if(WRC>WRP) then
WRPC=WRC
tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." WRC", v['start']+5, v['start']+5+WRC-1, true)
elseif (WRP>WRC and WRC>0) then
@@ -1119,7 +1119,7 @@ function mapAllSegments(tag, tagMap)
tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." WRP", v['start']+5, v['start']+5+WRP-1, true)
end
tagMap=mapTokenData(tagMap, 'Segment '..("%02d"):format(v['index']).." data", v['start']+5+WRPC, v['end'], false)
-
+
end
print(#segs.." Segments mapped")
else
@@ -1128,7 +1128,7 @@ function mapAllSegments(tag, tagMap)
return tagMap
end
----
+---
-- map all token data
function mapTokenData(tagMap, mname, mstart, mend, mhigh)
--if ( not mhigh ) then mhigh=false end
@@ -1137,7 +1137,7 @@ function mapTokenData(tagMap, mname, mstart, mend, mhigh)
myMapping['start']=mstart
myMapping['end'] =mend
myMapping['highlight']=mhigh
- table.insert(tagMap.mappings, myMapping)
+ table.insert(tagMap.mappings, myMapping)
return tagMap
end
@@ -1189,7 +1189,7 @@ function dumpCDF(tag)
res = res..accyan.."MCD: "..acoff..tag.MCD..accyan.." MSN: "..acoff..tag.MSN0.." "..tag.MSN1.." "..tag.MSN2..accyan.." MCC: "..acoff..tag.MCC.."\n"
res = res.."DCF: "..tag.DCFl.." "..tag.DCFh..", Token_Type="..tag.Type.." (OLE="..tag.OLE.."), Stamp_len="..tag.Stamp_len.."\n"
res = res.."WRP="..tag.WRP..", WRC="..tag.WRC..", RD="..tag.RD..", raw="..tag.raw..((tag.raw=='9f') and (", SSC="..tag.SSC.."\n") or "\n")
-
+
-- credential (end-user tag)
if (tag.Type=="SAM" and tag.raw=='9f') then
res = res.."Remaining Header Area\n"
@@ -1204,8 +1204,8 @@ function dumpCDF(tag)
for i=0, (#tag.MTC) do
res = res..tag.MTC[i].." "
end
-
-
+
+
-- Master Token specific
elseif (tag.Type~="SAM") then
res = res .."Master-Token Area\nStamp: "
@@ -1221,13 +1221,13 @@ function dumpCDF(tag)
local mtcrc=calcMtCrc(bytes)
res=res.."\nMaster-Token CRC: "
res = res ..tag.MTC[1].." ("..((tag.MTC[1]==mtcrc) and "valid" or "error")..")"
-
-
+
+
-- 'Gantner User-Credential' specific
elseif (tag.Type=="SAM" and (tag.raw=='08' or tag.raw=='09')) then
print(acgreen.."Gantner Detected"..acoff)
end
-
+
return res
else print("no valid Tag in dumpCDF") end
end
@@ -1241,13 +1241,13 @@ function dumpSegment(tag, index)
local res="" --result
local raw="" --raw-header
-- segment
- if ( (istable(tag.SEG[i])) and tag.Type=="SAM" and tag.raw=="9f") then
+ if ( (istable(tag.SEG[i])) and tag.Type=="SAM" and tag.raw=="9f") then
if (istable(tag.SEG[i].raw)) then
for k,v in pairs(tag.SEG[i].raw) do
raw=raw..v.." "
end
end
-
+
-- segment header
res = res..accyan.."Segment "..("%02d"):format(tag.SEG[i].index)..acoff..": "
res = res .."raw header: "..string.sub(raw,0,-2)..", flag="..tag.SEG[i].flag..", (valid="..("%x"):format(tag.SEG[i].valid)..", last="..("%x"):format(tag.SEG[i].last).."), "
@@ -1255,7 +1255,7 @@ function dumpSegment(tag, index)
res = res .."RD="..("%02x"):format(tag.SEG[i].RD)..", CRC="..tag.SEG[i].crc.." "
res = res .."("..(checkSegmentCrc(tag, i) and acgreen.."valid" or acred.."error") ..acoff..")"
raw=""
-
+
-- WRC protected
if ((tag.SEG[i].WRC>0)) then
@@ -1265,7 +1265,7 @@ function dumpSegment(tag, index)
dp=dp+1
end
end
-
+
-- WRP mprotected
if (tag.SEG[i].WRP>tag.SEG[i].WRC) then
res = res .."\nRemaining write protected area:\n"
@@ -1274,7 +1274,7 @@ function dumpSegment(tag, index)
dp=dp+1
end
end
-
+
-- payload
if (#tag.SEG[i].data-dp>0) then
res = res .."\nRemaining segment payload:\n"
@@ -1282,14 +1282,14 @@ function dumpSegment(tag, index)
res = res..tag.SEG[i].data[dp].." "
dp=dp+1
end
- if (tag.SEG[i].kgh) then
+ if (tag.SEG[i].kgh) then
res = res..tag.SEG[i].data[dp].." (KGH: "..(checkKghCrc(tag, i) and acgreen.."valid" or acred.."error") ..acoff..")"
else res = res..tag.SEG[i].data[dp] end
end
dp=0
- return res
+ return res
else
- return print("Segment not found")
+ return print("Segment not found")
end
end
@@ -1317,30 +1317,30 @@ function dump3rdPartyCash1(tag , seg)
local lastbal0=tonumber(tag.SEG[seg].data[39]..tag.SEG[seg].data[40] ,16)
local lastbal1=tonumber(tag.SEG[seg].data[41]..tag.SEG[seg].data[42] ,16)
local lastbal2=tonumber(tag.SEG[seg].data[43]..tag.SEG[seg].data[44] ,16)
-
+
test=""
-- display decoded/known stuff
print("\n------------------------------")
print("Tag-ID:\t\t "..uid)
- print("Stamp:\t\t "..stamp)
+ print("Stamp:\t\t "..stamp)
print("UID-Mapping: \t\t"..("%06d"):format(tonumber(tag.SEG[seg].data[46]..tag.SEG[seg].data[47]..tag.SEG[seg].data[48], 16)))
- print("------------------------------")
- print("checksum 1:\t\t "..tag.SEG[seg].data[31].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 19, 30)), tag.SEG[seg].data[31])..")")
+ print("------------------------------")
+ print("checksum 1:\t\t "..tag.SEG[seg].data[31].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 19, 30)), tag.SEG[seg].data[31])..")")
print("checksum 2:\t\t "..tag.SEG[seg].data[34].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 32, 33)), tag.SEG[seg].data[34])..")")
- print("checksum 3:\t\t "..tag.SEG[seg].data[37].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 35, 36)), tag.SEG[seg].data[37])..")")
-
+ print("checksum 3:\t\t "..tag.SEG[seg].data[37].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 35, 36)), tag.SEG[seg].data[37])..")")
+
print("checksum 4:\t\t "..tag.SEG[seg].data[55].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 46, 54)), tag.SEG[seg].data[55])..")")
- print("checksum 5:\t\t "..tag.SEG[seg].data[62].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 56, 61)), tag.SEG[seg].data[62])..")")
+ print("checksum 5:\t\t "..tag.SEG[seg].data[62].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 56, 61)), tag.SEG[seg].data[62])..")")
print("checksum 6:\t\t "..tag.SEG[seg].data[73].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 63, 72)), tag.SEG[seg].data[73])..")")
- print("checksum 7:\t\t "..tag.SEG[seg].data[89].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 74, 88)), tag.SEG[seg].data[89])..")")
- print("------------------------------")
+ print("checksum 7:\t\t "..tag.SEG[seg].data[89].." ("..compareCrc(utils.Crc8Legic(uid..dumpTable(tag.SEG[seg].data, "", 74, 88)), tag.SEG[seg].data[89])..")")
+ print("------------------------------")
print(string.format("Balance:\t\t %3.2f", balance/100).." ".."("..compareCrc(balancecrc, tag.SEG[seg].data[34])..")")
- print(string.format("Shadow:\t\t\t %3.2f", mirror/100).." ".."("..compareCrc(balancecrc, tag.SEG[seg].data[37])..")")
- print("------------------------------")
- print(string.format("History 1:\t\t %3.2f", lastbal0/100))
- print(string.format("History 2:\t\t %3.2f", lastbal1/100))
- print(string.format("History 3:\t\t %3.2f", lastbal2/100))
- print("------------------------------\n")
+ print(string.format("Shadow:\t\t\t %3.2f", mirror/100).." ".."("..compareCrc(balancecrc, tag.SEG[seg].data[37])..")")
+ print("------------------------------")
+ print(string.format("History 1:\t\t %3.2f", lastbal0/100))
+ print(string.format("History 2:\t\t %3.2f", lastbal1/100))
+ print(string.format("History 3:\t\t %3.2f", lastbal2/100))
+ print("------------------------------\n")
end
---
@@ -1387,11 +1387,11 @@ function print3rdPartyCash1(tag, x)
print()
print("\t\tyet unknown: "..tag.SEG[x].data[38])
print()
- print("\t\tHisatory 1: "..dumpTable(tag.SEG[x].data, "", 39, 40))
- print("\t\tHisatory 2: "..dumpTable(tag.SEG[x].data, "", 41, 42))
- print("\t\tHisatory 3: "..dumpTable(tag.SEG[x].data, "", 43, 44))
+ print("\t\tHisatory 1: "..dumpTable(tag.SEG[x].data, "", 39, 40))
+ print("\t\tHisatory 2: "..dumpTable(tag.SEG[x].data, "", 41, 42))
+ print("\t\tHisatory 3: "..dumpTable(tag.SEG[x].data, "", 43, 44))
print()
- print("\t\tyet unknown: "..tag.SEG[x].data[45])
+ print("\t\tyet unknown: "..tag.SEG[x].data[45])
print()
print("\t\tKGH-UID HEX: "..dumpTable(tag.SEG[x].data, "", 46, 48))
print("\t\tBlock 4: "..dumpTable(tag.SEG[x].data, "", 49, 54))
@@ -1428,12 +1428,12 @@ function makeToken()
ttype=ttype..k..") "..v.." "
end
mtq=tonumber(input("select number for Token-Type\n"..ttype, '1'), 10)
- if (type(mtq)~="number") then return print("selection invalid!")
+ if (type(mtq)~="number") then return print("selection invalid!")
elseif (mtq>#mt.Type) then return print("selection invalid!")
else print("Token-Type '"..mt.Type[mtq].."' selected") end
local raw=calcHeaderRaw(mt.WRP[mtq], mt.WRC[mtq], mt.RD[mtq])
local mtCRC="00"
-
+
bytes={"01", "02", "03", "04", "cb", string.sub(mt.DCF[mtq], 0, 2), string.sub(mt.DCF[mtq], 3), raw,
"00", "00", "00", "00", "00", "00", "00", "00",
"00", "00", "00", "00", "00", "00"}
@@ -1453,7 +1453,7 @@ function makeToken()
return bytesToTag(bytes, tempTag)
end
----
+---
-- edit token-data
function editTag(tag)
-- for simulation it makes sense to edit everything
@@ -1463,14 +1463,14 @@ function editTag(tag)
if (confirm(acyellow.."do you want to edit non-writeable values (e.g. for simulation)?"..acoff)) then
edit_tag=edit_sim
else edit_tag=edit_real end
-
+
if(istable(tag)) then
for k,v in pairs(tag) do
if(type(v)~="table" and type(v)~="boolean" and string.find(edit_tag, k)) then
tag[k]=input("value for: "..accyan..k..acoff, v)
end
end
-
+
if (tag.Type=="SAM") then ttype="Header"; else ttype="Stamp"; end
if (confirm(acyellow.."do you want to edit "..ttype.." Data?"..acoff)) then
-- master-token specific
@@ -1481,9 +1481,9 @@ function editTag(tag)
-- rest of stamp-bytes are in tag.data 0..n
for i=0, (tonumber(0xfc ,10)-("%d"):format('0x'..tag.DCFh))-2 do
tag.data[i]=input(ttype.. i+1 ..": ", tag.data[i])
- end
+ end
else
- --- on credentials byte7 should always be 9f and byte8 ff
+ --- on credentials byte7 should always be 9f and byte8 ff
-- on Master-Token not (even on SAM63/64 not)
-- tag.SSC=input(ttype.."0: ", tag.SSC)
for i=0, #tag.data do
@@ -1491,18 +1491,18 @@ function editTag(tag)
end
end
end
-
+
bytes=tagToBytes(tag)
-
+
--- check data-consistency (calculate tag.raw)
bytes[8]=calcHeaderRaw(tag.WRP, tag.WRC, tag.RD)
-
+
--- Master-Token specific
-- should be triggered if a SAM was converted to a non-SAM (user-Token to Master-Token)
-- or a Master-Token has being edited (also SAM64 & SAM63 - which are in fact Master-Token)
- if(tag.Type~="SAM" or bytes[6]..bytes[7]~="60ea") then
+ if(tag.Type~="SAM" or bytes[6]..bytes[7]~="60ea") then
-- calc new Master-Token crc
- bytes[22]=calcMtCrc(bytes)
+ bytes[22]=calcMtCrc(bytes)
else
-- ensure tag.SSC set to 'ff' on credential-token (SAM)
bytes[9]='ff'
@@ -1511,7 +1511,7 @@ function editTag(tag)
bytes[21]='00'
bytes[22]='00'
end
-
+
tag=bytesToTag(bytes, tag)
end
end
@@ -1522,16 +1522,16 @@ function calcHeaderRaw(wrp, wrc, rd)
local res
wrp=("%02x"):format(tonumber(wrp, 10))
rd=tonumber(rd, 16)
- res=("%02x"):format(tonumber(wrp, 16)+tonumber(wrc.."0", 16)+((rd>0) and tonumber("8"..(rd-1), 16) or 0))
+ res=("%02x"):format(tonumber(wrp, 16)+tonumber(wrc.."0", 16)+((rd>0) and tonumber("8"..(rd-1), 16) or 0))
return res
end
----
+---
-- determine TagType (bits 0..6 of DCFlow)
function getTokenType(DCFl)
--[[
- 0x00–0x2f IAM
- 0x30–0x6f SAM
+ 0x00–0x2f IAM
+ 0x30–0x6f SAM
0x70–0x7f GAM
]]--
local tt = tonumber(bbit("0x"..DCFl,0,7),10)
@@ -1571,8 +1571,8 @@ function getSegmentData(bytes, start, index)
['data'] = {},
['kgh'] = false
}
- if (bytes[start]) then
- local i
+ if (bytes[start]) then
+ local i
-- #index
segment.index = index
-- flag = high nibble of byte 1
@@ -1598,12 +1598,12 @@ function getSegmentData(bytes, start, index)
segment.data[i]=bytes[start+5+i]
end
return segment
- else return false;
+ else return false;
end
end
---
--- get index, start-aadr, length and content
+-- get index, start-aadr, length and content
function getSegmentStats(bytes)
local sStats = {}
local sValid, sLast, sLen, sStart, x
@@ -1679,7 +1679,7 @@ function editSegment(tag, index)
else print("Segment with Index: "..("%02d"):format(index).." not found in Tag")
return false
end
- regenSegmentHeader(tag.SEG[index])
+ regenSegmentHeader(tag.SEG[index])
print("\n"..dumpSegment(tag, index).."\n")
return tag
end
@@ -1692,7 +1692,7 @@ function editSegmentData(data)
if (istable(data)) then
for i=0, #data-1 do
data[i]=input(accyan.."Data"..i..acoff..": ", data[i])
- end
+ end
if (lc) then data=fixLegicCash(data) end
return data
else
@@ -1704,7 +1704,7 @@ end
-- list available segmets in virtual tag
function segmentList(tag)
local i
- local res = ""
+ local res = ""
if (istable(tag.SEG[0])) then
for i=0, #tag.SEG do
res = res .. tag.SEG[i].index .. " "
@@ -1719,7 +1719,7 @@ end
-- helper to selecting a segment
function selectSegment(tag)
local sel
- if (istable(tag.SEG[0])) then
+ if (istable(tag.SEG[0])) then
print("availabe Segments:\n"..segmentList(tag))
sel=input("select Segment: ", '00')
sel=tonumber(sel,10)
@@ -1730,7 +1730,7 @@ function selectSegment(tag)
return false
end
end
-
+
---
-- add segment
function addSegment(tag)
@@ -1768,16 +1768,16 @@ function getSegmentStamp(seg, bytes)
local stamp=""
local stamp_len=7
--- the 'real' stamp on MIM is not really easy to tell for me since the 'data-block' covers stamp0..stampn+data0..datan
- -- there a no stamps longer than 7 bytes & they are write-protected by default , and I have not seen user-credntials
+ -- there a no stamps longer than 7 bytes & they are write-protected by default , and I have not seen user-credntials
-- with stamps smaller 3 bytes (except: Master-Token)
- -- WRP -> Read/Write Protection
+ -- WRP -> Read/Write Protection
-- WRC -> Read/Write Condition
-- RD depends on WRC - if WRC > 0 and RD=1: only reader with matching #WRC of Stamp-bytes in thier Database have Read-Access to the Tag
if (seg.WRP<7) then stamp_len=(seg.WRP) end
for i=1, (stamp_len) do
stamp=stamp..seg.data[i-1]
end
- if (bytes) then
+ if (bytes) then
stamp=str2bytes(stamp)
return stamp
else return stamp end
@@ -1807,15 +1807,15 @@ function autoSelectSegment(tag, s)
--- search for desired segment-type
-- 3rd Party Segment
if (s=="3rdparty") then
- repeat
+ repeat
io.write(". ")
x=x-1
res=check43rdPartyCash1(uid, tag.SEG[x].data)
until ( res or x==0 )
- end
+ end
-- Legic-Cash Segment
if (s=="legiccash") then
- repeat
+ repeat
io.write(". ")
x=x-1
res=check4LegicCash(tag.SEG[x].data)
@@ -1828,9 +1828,9 @@ function autoSelectSegment(tag, s)
return x
end
---
- -- nothing found
- io.write(acyellow.."no Segment found\n"..acoff)
- return -1
+ -- nothing found
+ io.write(acyellow.."no Segment found\n"..acoff)
+ return -1
end
---
@@ -1906,8 +1906,8 @@ function edit3rdPartyCash1(tag, x)
print(" done")
-- fix known checksums
tag.SEG[x].data=fix3rdPartyCash1(uid, tag.SEG[x].data)
- end
- return tag
+ end
+ return tag
end
---
@@ -1924,7 +1924,7 @@ function editLegicCash(data)
rid=tonumber(data[18]..data[19]..data[20], 16)
-- transaction counter value
tcv=tonumber(data[29], 16)
-
+
-- edit currency
if (confirm(accyan.."change Currency?"..acoff)) then
for k, v in pairs(currency) do io.write(k .. " = " .. v .. "\n") end
@@ -1932,7 +1932,7 @@ function editLegicCash(data)
data[8]=string.sub(curr, 1, 2)
data[9]=string.sub(curr, 3, 4)
end
-
+
-- edit limit
if (confirm(accyan.."change Limit?"..acoff)) then
limit=string.format("%06x", input(accyan.."enter the Decimal for the new Limit:"..acoff, limit))
@@ -1940,7 +1940,7 @@ function editLegicCash(data)
data[11]=string.sub(limit, 3, 4)
data[12]=string.sub(limit, 5, 6)
end
-
+
-- edit balance
if (confirm(accyan.."change Balance?"..acoff)) then
balance=string.format("%06x", input(accyan.."enter the Decimal for the new Balance:"..acoff, balance))
@@ -1948,14 +1948,14 @@ function editLegicCash(data)
data[15]=string.sub(balance, 1, 2)
data[16]=string.sub(balance, 3, 4)
data[17]=string.sub(balance, 5, 6)
- end
-
+ end
+
-- edit transaction-counter
if (confirm(accyan.."change Transaction-Counter?"..acoff)) then
tcv=string.format("%02x", input(accyan.."enter the 4-digit Hex for the new Currency:"..acoff, data[29]))
data[29]=tcv
end
-
+
-- edit reader.id
if (confirm(accyan.."change Last-Reader-ID?"..acoff)) then
rid=string.format("%06x", input(accyan.."enter the Decimal for the new Balance:"..acoff, rid))
@@ -1964,7 +1964,7 @@ function editLegicCash(data)
data[19]=string.sub(rid, 3, 4)
data[20]=string.sub(rid, 5, 6)
end
-
+
return fixLegicCash(data)
end
@@ -2007,7 +2007,7 @@ function check43rdPartyCash1(uid, data)
--end
--end
--end
- end
+ end
end
return false
end
@@ -2015,7 +2015,7 @@ end
--- CRC related ---
---
-- build segmentCrc credentials
-function segmentCrcCredentials(tag, segid)
+function segmentCrcCredentials(tag, segid)
if (istable(tag.SEG[0])) then
local cred = tag.MCD..tag.MSN0..tag.MSN1..tag.MSN2
cred = cred ..tag.SEG[segid].raw[1]..tag.SEG[segid].raw[2]..tag.SEG[segid].raw[3]..tag.SEG[segid].raw[4]
@@ -2025,7 +2025,7 @@ end
---
-- build kghCrc credentials
-function kghCrcCredentials(tag, segid)
+function kghCrcCredentials(tag, segid)
if (istable(tag) and istable(tag.SEG[0])) then
local x='00'
if (type(segid)=="string") then segid=tonumber(segid,10) end
@@ -2107,7 +2107,7 @@ end
---
-- calculate Master-Token crc
-function calcMtCrc(bytes)
+function calcMtCrc(bytes)
--print(#bytes)
local cmd=bytes[1]..bytes[2]..bytes[3]..bytes[4]..bytes[7]..bytes[6]..bytes[8]
local len=(tonumber(0xfc ,10)-("%d"):format('0x'..bytes[7]))
@@ -2129,7 +2129,7 @@ function calcSegmentCrc(tag, segid)
end
---
--- calcuate kghCRC for a given segment
+-- calcuate kghCRC for a given segment
function calcKghCrc(tag, segid)
if (istable(tag.SEG[0])) then
-- check if a 'Kaber Group Header' exists
@@ -2156,7 +2156,7 @@ function checkAllKghCrc(tag)
if (istable(tag.SEG[0])) then
for i=0, #tag.SEG do
crc=calcKghCrc(tag, i)
- if (tag.SEG[i].kgh) then
+ if (tag.SEG[i].kgh) then
tag.SEG[i].data[#tag.SEG[i].data-1]=crc
end
end
@@ -2167,7 +2167,7 @@ end
-- validate segmentCRC for a given segment
function checkSegmentCrc(tag, segid)
local data=segmentCrcCredentials(tag, segid)
- if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].crc) then
+ if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].crc) then
return true
end
return false
@@ -2179,7 +2179,7 @@ function checkKghCrc(tag, segid)
if (type(tag.SEG[segid])=='table') then
if (tag.data[3]=="11" and tag.raw=="9f" and tag.SSC=="ff") then
local data=kghCrcCredentials(tag, segid)
- if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].data[tag.SEG[segid].len-5-1]) then return true; end
+ if (("%02x"):format(utils.Crc8Legic(data))==tag.SEG[segid].data[tag.SEG[segid].len-5-1]) then return true; end
else return false; end
else oops(acred.."'Kaba Group header' detected but no Segment-Data found"..ansocolors.reset) end
end
@@ -2188,70 +2188,70 @@ end
-- helptext for modify-mode
function modifyHelp()
local t=[[
-
+
Data I/O Segment Manipulation Token-Data
----------------- -------------------- ---------------------
rt => read Tag as => add Segment mt => make Token
wt => write Tag es => edit Segment Header et => edit Token data
ed => edit Segment Data tk => toggle KGH-Flag
- File I/O rs => remove Segment
- ----------------- cc => check Segment-CRC
- lf => load File ck => check KGH
- sf => save File ds => dump Segments
- xf => xor to File
-
-
- Virtual Tags tagMap (partial) known Segments
+ File I/O rs => remove Segment
+ ----------------- cc => check Segment-CRC
+ lf => load File ck => check KGH
+ sf => save File ds => dump Segments
+ xf => xor to File
+
+
+ Virtual Tags tagMap (partial) known Segments
-------------------------------- --------------------- ---------------------------
- ct => copy mainTag to backupTag mm => make (new) Map dlc => dump Legic-Cash
- tc => copy backupTag to mainTag em => edit Map submenu elc => edit Legic-Cash
+ ct => copy mainTag to backupTag mm => make (new) Map dlc => dump Legic-Cash
+ tc => copy backupTag to mainTag em => edit Map submenu elc => edit Legic-Cash
tt => switch mainTag & backupTag lm => load map from file d3p => dump 3rd-Party-Cash
di => dump mainTag sm => save map to file e3p => edit 3rd-Party-Cash
- do => dump backupTag
-
+ do => dump backupTag
+
h => this help q => quit
- ]]
+ ]]
return t
end
----
+---
-- modify Tag (interactive)
function modifyMode()
local i, backupTAG, outTAG, inTAG, outfile, infile, sel, segment, bytes, outbytes, tagMap
-
+
actions = {
---
-- helptext
- ["h"] = function(x)
- print(" Version: "..version);
+ ["h"] = function(x)
+ print(" Version: "..version);
print(modifyHelp().."\n".."tags im Memory: "..(istable(inTAG) and ((currentTag=='inTAG') and acgreen.."*mainTAG"..acoff or "mainTAG") or "").." "..(istable(backupTAG) and ((currentTag=='backupTAG') and acgreen.."*backupTAG"..acoff or "backupTAG") or ""))
end,
---
-- read real Tag with PM3 into virtual 'mainTAG'
- ["rt"] = function(x)
- inTAG=readFromPM3();
- --actions.di()
+ ["rt"] = function(x)
+ inTAG=readFromPM3();
+ --actions.di()
end,
---
-- write content of virtual 'mainTAG' to real Tag with PM3
- ["wt"] = function(x)
+ ["wt"] = function(x)
writeToTag(inTAG)
end,
---
- -- copy mainTAG to backupTAG
- ["ct"] = function(x)
- print(accyan.."copy mainTAG to backupTAG"..acoff)
+ -- copy mainTAG to backupTAG
+ ["ct"] = function(x)
+ print(accyan.."copy mainTAG to backupTAG"..acoff)
backupTAG=deepCopy(inTAG)
end,
---
-- copy backupTAG to mainTAG
- ["tc"] = function(x)
+ ["tc"] = function(x)
print(accyan.."copy backupTAG to mainTAG"..acoff)
inTAG=deepCopy(backupTAG)
end,
---
-- toggle between mainTAG and backupTAG
- ["tt"] = function(x)
+ ["tt"] = function(x)
-- copy main to temp
outTAG=deepCopy(inTAG)
-- copy backup to main
@@ -2264,8 +2264,8 @@ function modifyMode()
end,
---
-- load file into mainTAG
- ["lf"] = function(x)
-
+ ["lf"] = function(x)
+
if (type(x)=='string' and file_check(x)) then filename=x
else filename=input("enter filename: ", "legic.temp") end
inTAG=readFile(filename)
@@ -2274,130 +2274,130 @@ function modifyMode()
if(confirm(accyan.."Mapping-File for "..acoff..filename..accyan.." found - load it also?"..acoff)) then
tagMap=loadTagMap(filename..".map")
end
- end
+ end
end,
---
-- save values of mainTAG to a file (xored with MCC of mainTAG)
- ["sf"] = function(x)
+ ["sf"] = function(x)
if(istable(inTAG)) then
outfile=input("enter filename:", "legic.temp")
bytes=tagToBytes(inTAG)
--bytes=xorBytes(bytes, inTAG.MCC)
- if (bytes) then
+ if (bytes) then
writeFile(bytes, outfile)
end
end
end,
---
- -- save values of mainTAG to a file (xored with 'specific' MCC)
- ["xf"] = function(x)
+ -- save values of mainTAG to a file (xored with 'specific' MCC)
+ ["xf"] = function(x)
if(istable(inTAG)) then
outfile=input("enter filename:", "legic.temp")
crc=input("enter new crc: ('00' for a plain dump)", inTAG.MCC)
print("obfuscate witth: "..crc)
bytes=tagToBytes(inTAG)
bytes[5]=crc
- if (bytes) then
+ if (bytes) then
writeFile(bytes, outfile)
end
end
end,
---
-- dump mainTAG (and all Segments)
- ["di"] = function(x)
- if (istable(inTAG)) then
+ ["di"] = function(x)
+ if (istable(inTAG)) then
local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
if(istable(inTAG.SEG[0])) then
for i=0, #inTAG.SEG do
if(check43rdPartyCash1(uid, inTAG.SEG[i].data)) then
- io.write(accyan.."in Segment index: "..inTAG.SEG[i].index ..acoff.. "\n")
+ io.write(accyan.."in Segment index: "..inTAG.SEG[i].index ..acoff.. "\n")
elseif(check4LegicCash(inTAG.SEG[i].data)) then
io.write(accyan.."in Segment index: "..inTAG.SEG[i].index..acoff.."\n")
- lc=true;
+ lc=true;
lci=inTAG.SEG[i].index;
end
end
end
- print("\n"..dumpTag(inTAG).."\n")
+ print("\n"..dumpTag(inTAG).."\n")
if (lc) then actions["dlc"](lci) end
lc=false
- end
+ end
end,
---
-- dump backupTAG (and all Segments)
["do"] = function(x) if (istable(backupTAG)) then print("\n"..dumpTag(backupTAG).."\n") end end,
---
-- create a empty tagMap
- ["mm"] = function(x)
+ ["mm"] = function(x)
-- clear existing tagMap and init
- if (istable(inTAG)) then
+ if (istable(inTAG)) then
tagMap=makeTagMap()
end
end,
---
-- edit a tagMap
- ["em"] = function(x)
- if (istable(inTAG)==false) then
- if (confirm("no mainTAG in memory!\nread from PM3?")) then
- actions['rt']()
- elseif (confirm("load from File?")) then
- actions['lf']()
+ ["em"] = function(x)
+ if (istable(inTAG)==false) then
+ if (confirm("no mainTAG in memory!\nread from PM3?")) then
+ actions['rt']()
+ elseif (confirm("load from File?")) then
+ actions['lf']()
else return
- end
+ end
end
- if (istable(tagMap)==false) then actions['mm']() end
+ if (istable(tagMap)==false) then actions['mm']() end
-- edit
tagMap=editTagMap(inTAG, tagMap)
end,
---
-- save a tagMap
- ["sm"] = function(x)
+ ["sm"] = function(x)
if (istable(tagMap)) then
if (istable(tagMap) and #tagMap.mappings>0) then
print(accyan.."Map contains "..acoff..#tagMap..accyan.." mappings"..acoff)
saveTagMap(tagMap, input(accyan.."enter filename:"..acoff, "Legic.map"))
- else
+ else
print(acyellow.."no mappings in tagMap!"..acoff)
end
- end
+ end
end,
---
-- load a tagMap
- ["lm"] = function(x)
+ ["lm"] = function(x)
tagMap=loadTagMap(input(accyan.."enter filename:"..acoff, "Legic.map"))
end,
---
-- dump single segment
- ["ds"] = function(x)
+ ["ds"] = function(x)
if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
else sel=selectSegment(inTAG) end
- if (sel) then print("\n"..(dumpSegment(inTAG, sel) or acred.."no Segments available") ..acoff.."\n") end
+ if (sel) then print("\n"..(dumpSegment(inTAG, sel) or acred.."no Segments available") ..acoff.."\n") end
end,
---
-- edit segment header
- ["es"] = function(x)
+ ["es"] = function(x)
if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
else sel=selectSegment(inTAG) end
- if (sel) then
+ if (sel) then
if(istable(inTAG.SEG[0])) then
inTAG=editSegment(inTAG, sel)
inTAG.SEG[sel]=regenSegmentHeader(inTAG.SEG[sel])
- else print(acyellow.."no Segments in Tag"..acoff) end
+ else print(acyellow.."no Segments in Tag"..acoff) end
end
end,
---
-- add segment
- ["as"] = function(x)
+ ["as"] = function(x)
if (istable(inTAG.SEG[0])) then
inTAG=addSegment(inTAG)
inTAG.SEG[#inTAG.SEG-1]=regenSegmentHeader(inTAG.SEG[#inTAG.SEG-1])
- inTAG.SEG[#inTAG.SEG]=regenSegmentHeader(inTAG.SEG[#inTAG.SEG])
+ inTAG.SEG[#inTAG.SEG]=regenSegmentHeader(inTAG.SEG[#inTAG.SEG])
else print(accyan.."Master-Token / unsegmented Tag!"..acoff)
end
end,
---
-- remove segment
- ["rs"] = function(x)
+ ["rs"] = function(x)
if (istable(inTAG.SEG[0])) then
if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
else sel=selectSegment(inTAG) end
@@ -2409,16 +2409,16 @@ function modifyMode()
end,
---
-- edit data-portion of single segment
- ["ed"] = function(x)
+ ["ed"] = function(x)
if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
else sel=selectSegment(inTAG) end
- if (istable(inTAG.SEG[sel])) then
- inTAG.SEG[sel].data=editSegmentData(inTAG.SEG[sel].data)
+ if (istable(inTAG.SEG[sel])) then
+ inTAG.SEG[sel].data=editSegmentData(inTAG.SEG[sel].data)
end
end,
---
-- edit Tag (MCD, MSN, MCC etc.)
- ["et"] = function(x)
+ ["et"] = function(x)
if (istable(inTAG)) then
editTag(inTAG)
end
@@ -2428,14 +2428,14 @@ function modifyMode()
["mt"] = function(x) inTAG=makeToken(); actions.di() end,
---
-- fix segment-crc on single segment
- ["ts"] = function(x)
+ ["ts"] = function(x)
if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
else sel=selectSegment(inTAG) end
- regenSegmentHeader(inTAG.SEG[sel])
+ regenSegmentHeader(inTAG.SEG[sel])
end,
---
- -- toggle kgh-crc-flag on a single segment
- ["tk"] = function(x)
+ -- toggle kgh-crc-flag on a single segment
+ ["tk"] = function(x)
if (istable(inTAG) and istable(inTAG.SEG[0])) then
if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
else sel=selectSegment(inTAG) end
@@ -2447,7 +2447,7 @@ function modifyMode()
-- calculate LegicCrc8
["k"] = function(x)
if (type(x)=="string" and string.len(x)>0) then
- print(("%02x"):format(utils.Crc8Legic(x)))
+ print(("%02x"):format(utils.Crc8Legic(x)))
end
end,
---
@@ -2455,32 +2455,32 @@ function modifyMode()
["xb"] = function(x)
end,
---
- -- print string for LegicCrc8-calculation about single segment
- ["xc"] = function(x)
+ -- print string for LegicCrc8-calculation about single segment
+ ["xc"] = function(x)
if (istable(inTAG) and istable(inTAG.SEG[0])) then
if (type(x)=="string" and string.len(x)>0) then sel=tonumber(x,10)
- else sel=selectSegment(inTAG) end
- print("k "..kghCrcCredentials(inTAG, sel))
- end
+ else sel=selectSegment(inTAG) end
+ print("k "..kghCrcCredentials(inTAG, sel))
+ end
end,
---
-- fix legic-cash checksums
- ["flc"] = function(x)
+ ["flc"] = function(x)
if (type(x)=="string" and string.len(x)>0) then x=tonumber(x,10)
- else x=selectSegment(inTAG) end
+ else x=selectSegment(inTAG) end
inTAG.SEG[x].data=fixLegicCash(inTAG.SEG[x].data)
end,
---
-- edit legic-cash values fixLegicCash(data)
- ["elc"] = function(x)
+ ["elc"] = function(x)
x=autoSelectSegment(inTAG, "legiccash")
inTAG.SEG[x].data=editLegicCash(inTAG.SEG[x].data)
end,
---
-- dump legic-cash human-readable
- ["dlc"] = function(x)
+ ["dlc"] = function(x)
-- if segment index was user defined
- if (type(x)=="string" and string.len(x)>0) then
+ if (type(x)=="string" and string.len(x)>0) then
x=tonumber(x,10)
print(string.format("User-Selected Index %02d", x))
-- or try to find match
@@ -2493,11 +2493,11 @@ function modifyMode()
["d3p"] = function(x)
local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
-- if segment index was user defined
- if (type(x)=="string" and string.len(x)>0) then
+ if (type(x)=="string" and string.len(x)>0) then
x=tonumber(x,10)
print(string.format("User-Selected Index %02d", x))
-- or try to find match
- else x=autoSelectSegment(inTAG, "3rdparty") end
+ else x=autoSelectSegment(inTAG, "3rdparty") end
if (istable(inTAG) and istable(inTAG.SEG[x]) and inTAG.SEG[x].len == 100) then
uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
if (check43rdPartyCash1(uid, inTAG.SEG[x].data)) then
@@ -2510,7 +2510,7 @@ function modifyMode()
["r3p"] = function(x)
local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
-- if segment index was user defined
- if (type(x)=="string" and string.len(x)>0) then
+ if (type(x)=="string" and string.len(x)>0) then
x=tonumber(x,10)
print(string.format("User-Selected Index %02d", x))
-- or try to find match
@@ -2519,14 +2519,14 @@ function modifyMode()
end,
---
-- edit 3rd-party-cash-segment values (Balance, Mapping-UID, Stamp)
- ["e3p"] = function(x)
+ ["e3p"] = function(x)
local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
-- if segment index was user defined
- if (type(x)=="string" and string.len(x)>0) then
+ if (type(x)=="string" and string.len(x)>0) then
x=tonumber(x,10)
print(string.format("User-Selected Index %02d", x))
-- or try to find match
- else x=autoSelectSegment(inTAG, "3rdparty") end
+ else x=autoSelectSegment(inTAG, "3rdparty") end
if (istable(inTAG) and istable(inTAG.SEG[x]) and inTAG.SEG[x].len == 100) then
inTAG=edit3rdPartyCash1(inTAG, x)
dump3rdPartyCash1(inTAG, x)
@@ -2534,16 +2534,16 @@ function modifyMode()
end,
---
-- force fixing 3rd-party-checksums
- ["f3p"] = function(x)
+ ["f3p"] = function(x)
if(type(x)=="string" and string.len(x)>=2) then x=tonumber(x, 10)
else x=selectSegment(inTAG) end
- if (istable(inTAG.SEG[x])) then
+ if (istable(inTAG.SEG[x])) then
local uid=inTAG.MCD..inTAG.MSN0..inTAG.MSN1..inTAG.MSN2
inTAG.SEG[x].data=fix3rdPartyCash1(uid, inTAG.SEG[x].data)
- end
+ end
end,
---
- -- get stamp from single segment
+ -- get stamp from single segment
["gs"] = function(x)
if(type(x)=="string" and string.len(x)>=2) then x=tonumber(x, 10)
else x=selectSegment(inTAG) end
@@ -2554,7 +2554,7 @@ function modifyMode()
end,
---
-- calculate crc16
- ["c6"] = function(x) local crc16=string.format("%4.04x", utils.Crc16(x))
+ ["c6"] = function(x) local crc16=string.format("%4.04x", utils.Crc16(x))
print(string.sub(crc16, 0,2).." "..string.sub(crc16, 3,4))
end,
---
@@ -2562,27 +2562,27 @@ function modifyMode()
["cc"] = function(x) if (istable(inTAG)) then checkAllSegCrc(inTAG) end end,
---
-- set backup-area-bytes to '00'
- ["cb"] = function(x)
+ ["cb"] = function(x)
if (istable(inTAG)) then
print(accyan.."purge BackupArea"..acoff)
- inTAG=clearBackupArea(inTAG)
- end
- end,
+ inTAG=clearBackupArea(inTAG)
+ end
+ end,
---
-- check and fix all segments inTAG.SEG[x].kgh toggled 'on'
["ck"] = function(x) if (istable(inTAG)) then checkAllKghCrc(inTAG) end end,
---
-- check and fix all segments inTAG.SEG[x].kgh toggled 'on'
- ["tac"] = function(x)
- if (colored_output) then
+ ["tac"] = function(x)
+ if (colored_output) then
colored_output=false
else
colored_output=true
- end
+ end
load_colors(colored_output)
end,
}
- repeat
+ repeat
-- defualt message / prompt
ic=input("Legic command? ('h' for help - 'q' for quit)", "h")
-- command actions decisions (first match, longer commands before shorter)
@@ -2607,53 +2607,53 @@ function main(args)
-- just a spacer for better readability
print()
--- parse arguments
- for o, a in getopt.getopt(args, 'hrmi:do:c:') do
+ for o, a in getopt.getopt(args, 'hrmi:do:c:') do
-- display help
if o == "h" then return help(); end
-- read tag from PM3
if o == "r" then inTAG=readFromPM3() end
-- input file
if o == "i" then inTAG=readFile(a) end
- -- dump virtual-Tag
+ -- dump virtual-Tag
if o == "d" then dfs=true end
-- interacive modifying
if o == "m" then interactive=true; modifyMode() end
-- xor (e.g. for clone or plain file)
if o == "c" then cfs=true; crc=a end
-- output file
- if o == "o" then outfile=a; ofs=true end
+ if o == "o" then outfile=a; ofs=true end
end
-
+
-- file conversion (output to file)
if (ofs) then
-- dump infile / tag-read
- if (dfs) then
- print("-----------------------------------------")
+ if (dfs) then
+ print("-----------------------------------------")
print(dumpTag(inTAG))
end
bytes=tagToBytes(inTAG)
- if (cfs) then
+ if (cfs) then
-- xor willl be done in function writeFile
-- with the value of byte[5]
- bytes[5]=crc
+ bytes[5]=crc
end
-- write to outfile
- if (bytes) then
+ if (bytes) then
writeFile(bytes, outfile)
- --- read real tag into virtual tag
+ --- read real tag into virtual tag
-- inTAG=readFromPM3() end
--- or simply use the bytes that where wriiten
inTAG=bytesToTag(bytes, inTAG)
-- show new content
- if (dfs) then
+ if (dfs) then
print("-----------------------------------------")
- print(dumpTag(inTAG))
+ print(dumpTag(inTAG))
end
end
end
-
+
end
---
-- script start
-main(args)
\ No newline at end of file
+main(args)
From d59026518e02c37ab0673a670b9ea14e17ae399c Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Mon, 29 May 2017 09:39:25 +0200
Subject: [PATCH 23/24] FIX: fullimage.s19
According to @doegox the *.s19 file is generated with wrong offset for the data section.
ref: http://wiki.yobi.be/wiki/Proxmark#Flashing_full_image.2C_take_1
---
common/Makefile.common | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/Makefile.common b/common/Makefile.common
index 95820e667..e697ae140 100644
--- a/common/Makefile.common
+++ b/common/Makefile.common
@@ -99,7 +99,7 @@ $(VERSIONOBJ): $(OBJDIR)/%.o: %.c $(INCLUDES)
# See ldscript.common. -- Henryk Plötz <henryk@ploetzli.ch> 2009-08-27
OBJCOPY_TRANSLATIONS = --no-change-warnings \
--change-addresses -0x100000 --change-start 0 \
- --change-section-address .bss+0 --change-section-address .data+0 \
+ --change-section-address .bss+0 --change-section-address .data-0x100000 \
--change-section-address .commonarea+0
$(OBJDIR)/%.s19: $(OBJDIR)/%.elf
$(OBJCOPY) -Osrec --srec-forceS3 --strip-debug $(OBJCOPY_TRANSLATIONS) $^ $@
From 9f3d7bbe29ea114ea7b47279a9bb6a43bc606b17 Mon Sep 17 00:00:00 2001
From: Iceman <iceman@iuse.se>
Date: Mon, 29 May 2017 09:49:02 +0200
Subject: [PATCH 24/24] Update hfsnoop.c
Fix increment on bool variable (#294) (thanks to @ikarus23)
https://github.com/Proxmark/proxmark3/commit/c87c452120aa30e0db9ca8046f00def677365ae6
---
armsrc/hfsnoop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/armsrc/hfsnoop.c b/armsrc/hfsnoop.c
index 4af8522a5..7f641529a 100644
--- a/armsrc/hfsnoop.c
+++ b/armsrc/hfsnoop.c
@@ -31,7 +31,7 @@ void HfSnoop(int samplesToSkip, int triggersToSkip)
BigBuf_free(); BigBuf_Clear();
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers.\n", samplesToSkip, triggersToSkip);
- bool trigger_cnt;
+ int trigger_cnt;
LED_D_ON();
// Select correct configs