RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-13 02:34:48 +08:00
Code Issues Projects Releases Packages Wiki Activity
7294 commits 3 branches 15 tags 87 MiB
Commit graph

371 commits

Author SHA1 Message Date
Philippe Teuwen
0373696662 make style 2019-03-10 00:00:59 +01:00
Philippe Teuwen
9502b54aa0 include: fix mix of spaces & tabs 2019-03-09 18:41:30 +01:00
iceman1001
29adb88f32 fix: use correct define 2019-03-09 11:49:56 +01:00
Philippe Teuwen
60f292b18e remove spurious spaces & tabs at end of lines 2019-03-09 08:59:13 +01:00
merlokk
3b21b17509 move mifare stuff to its folder 2019-02-21 19:15:46 +02:00
merlokk
cf21f046d8 arm side 2019-01-30 18:15:47 +02:00
merlokk
1b3d96ab2d add apdu chaining to arm side 2019-01-29 19:30:15 +02:00
iceman1001
f215ebef80 Refactored 'lf t55xx brute', split it up into two commands. 
- lf t55xx brute  (tries bruteforcing a range of pwds
- lf t55xx chk    (uses dictionary file or RDV4 flashmem)

FIX: adjust lf sim (@marshmellow42)  see 7008cf9c15
"attempt to speed up the loops waiting for carrier signal to go high or low
by only checking for a halt (button press or usbpol) every 256th loop
iteration. some users were experiencing modulating reactions to be too slow.

ADD: 'lf t55xx chk'
It uses @marshmellows42 idea behind commit  (6178b085a0)
With calculating a baseline (read block0 32times and average the signal-ish) and sampling only 1024 signal data. The algo then proceeds to calc the average and keep track of the candidate which is given the most difference in signal data average value.    I do some squaring and shifting for this.
The candidate is then send back to client to be tested properly with  trymodulation like before.

This seems to work good on t55xx card which has a ASK configuration.

WORK-IN-PROGRESS
 2019-01-11 14:46:27 +01:00
iceman1001
0dee369a58 FIX: 'hf tune' - now works... 2019-01-06 20:28:23 +01:00
iceman1001
0fb0c35308 CHG: 'mem load' - the possibility to upload default_iclass_keys.dic, default_keys.dic, default_pwd.dic to predefined flashmemory sections. These will be used in pwd / key checking algorithms on device. 
CHG: 'script run read_pwd_mem.lua' - script now can print those uploaded dictionary files.

How to upload
pm3 --> mem load f default_iclass_keys i
pm3 --> mem load f default_keys m
pm3 --> mem load f default_pwd t

How to validate / view
PM3 -->scr run read_pwd_mem -o 237568 -k 8
pm3 -->scr run read_pwd_mem -o 241664 -k 6
pm3 -->scr run read_pwd_mem -o 245760 -k 4
 2019-01-01 18:01:40 +01:00
merlokk
f32088e25c fix states and get rid of INS code in receive (that code checks by controller) 2018-12-18 14:33:28 +02:00
merlokk
1941b9ca8b sdd sc raw t0 2018-12-17 23:48:05 +02:00
Chris
73230c8d15 chg: 'trace list 7816' - missing command 
chg: 'sc raw' - inverted select logic
 2018-11-13 22:29:33 +01:00
Chris
dc67b5d7c9 chg: revert fpga_major mode in LF. 
chg: 'lf t55xx deviceconfig'  - persistence to flashmem is now option with param P
 2018-09-23 05:29:55 +02:00
Chris
ba2543b627 ADD: 'lf t55xx deviceconfig' - command that allows for setting t55xx timings via the client. If run on a RDV40, it also saves the config to flashmemory. This gives you option to have custom timings for your custom antenna in order for your RDV40 to work optimal against a t55xx tag and with your custom antenna. (@iceman) 2018-09-11 18:35:07 +02:00
Colin J. Brigato
c74dbb63b8 Pass 2; commit 2; 2018-09-06 05:24:50 +02:00
Chris
bacf8aff0f add: FPC connector skeleton usart. Not working but if will be a starting point for those who might want to help out with it. 2018-07-30 09:54:44 +02:00
Chris
714de99f82 chg: i2c fixes. all working. 
chg: 'sc info'  now prints url to atr decoder.
chg: 'sc reader' has more options  A, S
 2018-07-09 11:22:51 +02:00
Chris
79158c7360 chg; preparing for more cmds. 2018-07-06 00:24:04 +02:00
Chris
fca841122f chg: 'sc reader' - hooked up atr. 2018-07-05 16:32:10 +02:00
Chris
ee006c6a7b add: sc upgrade - beta test 2018-07-05 14:38:31 +02:00
Chris
44e300930f fix: sc upg 2018-07-05 11:22:43 +02:00
Chris
35b7989b1c chg: OR in values. 2018-07-02 18:54:12 +02:00
Chris
f4ef31c4be chg: OR in registry changes when setting LOW or HIGH instead of assigning. A nicer behavior not messing with previous set bits. 2018-06-23 06:41:51 +02:00
Chris
e5e990fd4f chg: adjustment to RDV40 gpios, since it make use of some previous used for other things.. 2018-06-23 06:40:01 +02:00
Chris
ddd9f4e0fd chg: preparation for smart card 2018-06-23 06:39:23 +02:00
Chris
5a22a72e9c chg: some preparations for iso15 refactor 2018-06-23 06:37:08 +02:00
iceman1001
6b7819276d add: 'mem info' - rudamentary support for new command. 2018-05-06 09:26:06 +02:00
iceman1001
021c0a1349 ADD: 'mem' commands. For RDV40 devices only. 
If you don't have one,  comment out inside client/Makefile this line

CFLAGS += -DWITH_FLASH
 2018-05-03 12:15:03 +02:00
iceman1001
f64e244823 chg: define 2018-04-20 19:48:13 +02:00
iceman1001
a615fd6a9e chg: smartcard , testing to use pwm clock instead of timer clock. 
chg: added some comments
 2018-04-16 19:58:49 +02:00
Colin J. Brigato
9147698e97 UPDATES HF_COLIN to current 2018-03-10 13:13:21 +01:00
iceman1001
802994d30a add: 'hf 14 antifuzz' - the outline for the new functionality which fuzzes the anticollision phase ISO 14443a. 2018-02-28 13:21:47 +01:00
iceman1001
180e3d4df9 chg: adaptations for global debug var to be accessible 2018-02-21 14:59:06 +01:00
iceman1001
d54c4d3e05 chg: SPI tests for flashmem on PA10. (aka pm3 evo) Peripheral B, fixed. 2018-02-20 12:03:11 +01:00
iceman1001
a21ab49f14 chg: moved flash mem config for spi into flashmem.c 
chg:  fpgasendcommand,  now waits until command has been sent to fpga.
 2018-02-18 10:35:36 +01:00
iceman1001
1709c1ce1a chg: flash_mem - hooked up client - device comms 2018-02-13 15:36:20 +01:00
iceman1001
0495e93b6d add: flash memory support 2018-02-13 14:12:28 +01:00
iceman1001
ad73af95c2 ADD: beginning to add SPI to access flash memory. 2018-02-13 11:41:23 +01:00
iceman1001
75d04307a1 chg: adapting some HF voltage readings. 2018-02-07 13:11:10 +01:00
iceman1001
b06579e0d5 chg: 'hf felica reader' the felica_select_card struct got more properties 2018-01-30 03:32:33 +01:00
iceman1001
bf25b1c9ba chg: crc16 got a compute_crc function 2018-01-30 03:31:11 +01:00
iceman1001
095b3af43b CHG: 'hf 15' - swapped crc impl to table based. 2018-01-29 15:55:56 +01:00
iceman1001
29c15b3480 cHG.. missing 2018-01-29 13:48:18 +01:00
iceman1001
3634327bef chg: code cleaning. 2017-12-21 12:42:32 +01:00
iceman1001
5eafdbf872 ADD: 'hf iclass check' - increased speed in check keys with new algo. 
ADD: 'hf iclass' - trying to add the timeout-limits for commands in order to get a more stable iclass communication
 2017-12-21 10:13:40 +01:00
iceman1001
e02e145fae draft for a Mifare classic NACK bug detection. 
the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug.

-in short, ref  https://github.com/iceman1001/proxmark3/issues/141
NACK bug;  when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct.

This is a strong oracle which is used in the darkside attack.
 2017-12-04 19:36:26 +01:00
iceman1001
4b63f940f1 CHG: FeliCa implemenation by @satsuoni 2017-10-20 20:27:44 +02:00
iceman1001
9757a8f078 ADD: some felica defines 2017-10-10 14:33:27 +02:00
iceman1001
b4a03581c2 CHG: adjustments to the USB reading part. 2017-10-05 15:55:08 +02:00
iceman1001
a4b4a1a9a2 FIX: iso-14443a RATS optional (piwi) 2017-10-01 22:06:06 +02:00
iceman1001
0f7241f4b3 FIX: found old thread on forum from 2010, saying this bitshifts are wrong. 
ref:   http://www.proxmark.org/forum/viewtopic.php?id=643
 2017-09-26 00:19:54 +02:00
iceman1001
b439c76c6e CHG: changed name on define. Its now called CMD_UPLOAD_SIM_SAMPLES_125K .. Since we upload to device. 2017-09-14 11:13:10 +02:00
iceman1001
94f70caa7a when you need to add too much changes at the same time... 
fix: 'hf mf hardnested'  test cases doesn't need to verify key.
add: 'hf mf ' - collect nonces from classic tag.
chg: switch_off on armside,  a more unified way,  so we don't forget to turn of the antenna ...
chg:  renamed 'hf iclass snoop'  into 'hf iclass sniff'   in an attempt to make all sniff/snoop commands only SNIFF

chg: 'standalone' ->  starting the work of moving all standalone mods into a plugin kind of style, in its own folder.
 2017-08-26 12:57:18 +02:00
iceman1001
f28da2da6e monster merge... 
all those changes marshmellow did..  and more...
 2017-07-30 09:17:48 +02:00
iceman1001
a8569849d6 part of monstermerge.. 2017-07-27 20:58:59 +02:00
iceman1001
f942e1ed05 ADD: CRC8Mad() should be used to calc the crc-8 byte for Mifare MAD config block. Doesn't work of course... 
CHG: some T/F defines..
 2017-07-27 09:31:23 +02:00
angelsl
ece631fd06 Add Mifare Classic EV1 set load modulation command 2017-03-09 21:37:16 +08:00
iceman1001
99136c6eef CHG: finalized the merge between peter filmoores 14atagfuzz branch (emv). I seriously doubt anything works. 2017-03-01 21:51:23 +01:00
iceman1001
52108cabf3 CHG: 'lf cotag read' - added the raw output and the repeating byte pattern is 16bytes, so we only collect that many bytes from card 2017-02-03 00:07:55 +01:00
iceman1001
a330987de1 CHG: 'lf cotag demod' - now finds FC/CN Thanks to @marshmellow42 
CHG:  'lf search' - now detects COTAG
 2017-02-02 19:15:36 +01:00
iceman1001
84bdbc1917 FIX: 'hf 14a sim x' - adjusted and shows messages when verbose. 
FIX: 'hf mf sim x i' - same as above.

In general we only use Moebius attack for "sim x",  that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
 2017-01-29 23:09:23 +01:00
iceman1001
4653da4331 ADD: lf cotag - added first try at basic functionality to read samples from Cotag. In lfops.c is the startup sequence that needs to be tested out. 2017-01-27 10:49:34 +01:00
iceman1001
bf5d7992ce ADD: @micolous random nonce, adjusted to fit in. Icemanfork only uses Moebius attack, so no need for an extra parameter in client. 
ref: https://github.com/Proxmark/proxmark3/pull/209
 2017-01-26 14:21:51 +01:00
iceman1001
53d5dc643f CHG: fiddled with the headerfiles... and makefile... Tried to make them behave nice. So it isnt a hell to add new functions from third-party (like des, aes etc) 
Added a lot of #ifndef ,   extern C,
Move inside from ARMSRC -> THUMBS,  which made the compiled image smaller.. I don't know if it broke anything.
Moved MF_DBGLEVEL definitions into common.h
Moved print_result from util.c into appmain.c
Also split up some struct typedef  into header files so they could be reused in other code places.

''' danger '''  this might have broken stuff...
 2017-01-25 00:33:03 +01:00
iceman1001
793c301250 syntax sugar 2017-01-21 11:26:37 +01:00
iceman1001
69784c3801 ADD: 'lf search' - added @marshmellow42 's hitag2 identification 2017-01-20 10:09:06 +01:00
iceman1001
0e8cabed8d ADD: "hf legic eload" - Load binary file to emulator memory. Use "h" for help text 
ADD:  "hf legic esave" - Save emulator memory to binary file. Use "h" for help text
 2016-10-06 19:13:23 +02:00
iceman1001
fabef615ec CHG: added addresize to legic select struct. 
CHG: TIMER, it turns out the TC0, TC1 and TC2 is only 16bit.  So adjust to use two clocks to get a 32bit timer.
CHG: code clean up in legic device side.  consistency with variable names..
 2016-09-29 17:43:39 +02:00
iceman1001
a39944216d CHG: a select_legic function with structs and stuff and 2016-09-29 12:23:09 +02:00
iceman1001
3e750be37c ADD: started to add a legic detection to "HF SEARCH" 2016-09-26 20:01:23 +02:00
iceman1001
ad5bc8cc8c In my attempts to make the LEGIC code better, its not working now. Timings if off. 
CHG: switching to US clock.
CHG: better trace annotation for legic
CHG: Legic prng can now give a x bits in once.
 2016-09-09 11:56:20 +02:00
iceman1001
c71c5ee156 ADD: started to add tracelog in legic 
ADD: remake of legic codebase.
ADD: started with a annotation for LEGIC in 'hf list'
 2016-09-02 16:25:54 +02:00
iceman1001
83dad64b91 ADD: some new usb commmands from EMV, and for LEGIC. 2016-07-28 21:16:02 +02:00
iceman1001
e7470660c2 ADD: added the nonce_struct needed for @marshmellow42 's enhanced "sim x" attack. 2016-07-07 02:14:03 +02:00
iceman1001
348c57a0af REM: rmove stdio.h reference to make it compile on Mac OS X 2016-05-09 08:12:43 +02:00
iceman1001
048324d63b DEL: removed the homebrews script. It needed a seperate gitproject. 
CHG:  removed references to  stdio.h  and time.h  in ARMSRC.
 2016-05-06 23:51:03 +02:00
iceman1001
ce211cef39 FIX: corrected the FLAG_NR_AR_ATTACK 2016-04-18 13:02:36 +02:00
iceman1001
0194ce8fc8 ADD: simulating can now handle triplesized UID (10b) 
CHG: moved some mifare #DEFINES into protocols.h  (ACK,NACK..)
 2016-04-14 11:09:17 +02:00
iceman1001
06eb3b1a8c coverity fixes for my latest changes. 
Forgot some breaks in 7816 annotation, and  presco used an uninitalized char array.
 2016-03-22 08:40:20 +01:00
iceman1001
6fc68747f6 ADD: well, starting with a luascript for reading calypso tags, made me remake the 14b raw command on client and device side. Sorry @marshmellow42 , but this one broke your "hf 14b info" implementation. I fixed the "hf 14b read" and the hf search. So not to bad, but still a bit broken. The 14b raw device side is now very similar to 14a raw. Which is good. There is a Standard 14b 0x050008 detection and STmicroelectronic 0x0600 detection on deviceside. This removes a lot of code client side. 
I also made the SRi read functions better by combining them.   The demodulation / uart code should be the same as last summers changes.  The device side code can now be even smaller.
 2016-03-20 19:33:07 +01:00
iceman1001
f2c2b174cd CHG: moved some #define into include\common.h (which is call by apps.h), so we have one place for them. Also changed them to CAPITAL. 
ABS(),  MIN(), MAX()
 2016-03-13 07:16:42 +01:00
iceman1001
aaa1a9a2dc CHG: Added calling clear bigbuff to zero out it also, instead of just "free" it. 
ADD:  downloading the EML part from BigBuffer specially.
 2016-03-12 09:03:28 +01:00
iceman1001
0db11b71ef ADD: Added the HitagS from @spenneb ref:https://events.ccc.de/congress/2015/Fahrplan/events/7166.html 
PM3 Master PR: https://github.com/Proxmark/proxmark3/pull/167

Adjusted the ENUM names to fit in my fork.  We need a better namestandard for it.
 2016-03-04 19:06:47 +01:00
iceman1001
c188b1b9b2 ADD: @go_tus simple bruteforce for t55xx, refactored a bit. 
ADD: @pwpiwi 's implementation of Hardnested
 2015-11-27 16:24:00 +01:00
iceman1001
94422fa23f ADD: @marshmellow42 's fixex and resetread t55x7 2015-11-02 20:46:17 +01:00
iceman1001
1d0ccbe04b ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix. 
ADD:  added the "t55x7" refactoring by @marshmellow42
 2015-10-27 21:47:21 +01:00
iceman1001
9276e859a6 ADD: @marshmellows42 's fixes for "lf cmdread" and CHANGELOG.md 
ADD:  Added the "lf t55x7 wakeup" command. It will send a pwd,  and leave the antenna on.
Process like:
1. lf t55x7 wakeup p 11223344
2. lf search

---
It is still not finished,  will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets.
 2015-10-20 19:00:02 +02:00
iceman1001
e98572a1e2 I just merged @marshmellow's branch "iclass" and that was a lot of new functionality. *great work* 
Things like the ICLASS, tryDecryptWord,

--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation,  start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written,  which has a lousy input check..
 2015-10-07 23:00:46 +02:00
iceman1001
0de8e3874d A lot of changes... 
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities,   (not a proper DEMOD, but a start)
.. GetCountUS  better precision from @pwpivi
.. bin2hex,  hex2bin  from @holiman

...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler,   nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block...  See Issue #136  https://github.com/Proxmark/proxmark3/issues/136    Not solved yet.

...
Started add SHA256..   not working yet..
 2015-10-04 18:01:33 +02:00
iceman1001
7838f4beba MERGED: @holimans changes 
MERGED: @piwi changes
MERGED: @marshmellows changes.

I'm not even gonna try write up all that stuff..

ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32.   It is also inside the "hf 14a sim" with the "x" parameter.
 2015-07-22 23:00:52 +02:00
iceman1001
db25599d7f ADD: @holiman's clearCommandBuffer in cmdlft55xx.c 
ADD: @VERTCraig's AVID commands.

TEST: testing some changes to iso14443 demod.
 2015-07-18 20:43:14 +02:00
iceman1001
9783989b40 ADD: pwpiwi 's FPGA compress 2015-06-25 12:22:34 +02:00
iceman1001
d0f3338e0c ADD: PACE functionality ref: https://github.com/Proxmark/proxmark3/pull/121 
FIX:  some missing usb_commands for EPA.
 2015-06-23 22:30:18 +02:00
iceman1001
22e2470051 ADD: @marshmellow42 fudan detection in hf mfu 
ADD: @marshmellow42 14b reader changes.
ADD: @pwpiwi 14b fixes
 2015-06-21 11:07:05 +02:00
iceman1001
bcf61bd34a Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	README.txt
	armsrc/appmain.c
	armsrc/apps.h
	armsrc/des.c
	armsrc/iclass.c
	armsrc/mifarecmd.c
	armsrc/mifareutil.c
	armsrc/mifareutil.h
	client/cmddata.c
	client/cmdhf.c
	client/cmdhf14a.c
	client/cmdhficlass.c
	client/cmdhfmfu.c
	client/cmdhfmfu.h
	client/cmdscript.c
	client/lualibs/commands.lua
	client/lualibs/html_dumplib.lua
	client/scripting.c
	client/util.c
	common/protocols.h
	include/usb_cmd.h
 2015-05-23 08:16:40 +02:00
iceman1001
e7e9508883 @Marshmellow42 's cleanup isn device-side "hf mfu" code. Looks nice. Dump uses bigbuffer now, and can dump NTAG216 :) 
Consistency on the client-side code "hf mfu".  looks nice.
 2015-05-18 20:58:33 +02:00
marshmellow42
9d87eb6650 MF ultralight code cleanup 2015-05-18 13:11:00 -04:00
iceman1001
9926d131c4 chg: for the "hf mfu" authentication changes. 2015-05-16 15:32:43 +02:00
iceman1001
8949bb5dad Added @marshmellow42 "hf search" 2015-05-13 09:13:42 +02:00
marshmellow42
6ce0e5386a HF Search - refactoring cmds to work with it 2015-05-12 16:45:48 -04:00
marshmellow42
f168b2633b MF Ultralight - Iceman's updates + mine 
Beginning of Ultralight additions.
detection of Ultralight Types added
dump command now auto detects type
can authenticate Ultralight C
 2015-04-29 18:27:31 -04:00
iceman1001
add0504dea ADD: Started a "collect nonces" concept to be able to analyse the tag generated nonces. 2015-04-24 18:41:49 +02:00
iceman1001
02d352fea7 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/iclass.c
	armsrc/lfops.c
	client/cmdlf.c
	common/lfdemod.c
	include/usb_cmd.h
 2015-03-30 21:11:37 +02:00
iceman1001
aa60d1560e NEW: HF MFU SETPWD - set password to a Ultralight C tag. 
NEW: HF MFU SETUID - set UID to a magic UL / UL-C tag.   *not implemented*
CHG: minor alignment for "Hf list" output.
CHG: removed unneeded function parameters to the ultralight commands
CHG: the const MAX_MIFARE_FRAME_SIZE is changed to MAX_FRAME_SIZE in the ultralight commands since the UL-Ev1 can have bigger frames than 18bytes.
CHG: adding DES support for the Ultralight-c read commands on deviceside.
 2015-03-30 16:24:03 +02:00
Martin Holst Swende
caaf9618ae Minor mod to 'hf iclass read', it now also reads and prints the configuration of the tag found 2015-03-29 21:49:58 +02:00
iceman1001
0ec548dc21 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/lfops.c
	client/cmddata.c
	client/cmdlf.c
	client/cmdlft55xx.c
	client/cmdlft55xx.h
	client/scripts/test_t55x7_bi.lua
 2015-03-24 11:45:31 +01:00
iceman1001
05446d5bc3 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/lfops.c
	client/cmddata.c
	common/crc.c
	common/crc.h
	common/lfdemod.c
	include/crc.h
	include/crc.h.old
 2015-03-16 13:13:18 +01:00
marshmellow42
73d04bb417 data psk demod minor fixes, pyramid demod add CS 
also adjusted autocorrelate and added a printout for lf search u
 2015-03-13 11:09:12 -04:00
iceman1001
12d708fec1 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	client/cmddata.c
	client/cmddata.h
 2015-03-10 09:18:35 +01:00
marshmellow42
872e3d4d6f NEW lf simpsk 2015-02-21 21:36:02 -05:00
marshmellow42
abd6112fc4 Revert "Revert "lf simask, lf simfsk and bug fixes"" 
This reverts commit e396001c47.
 2015-02-19 21:35:34 -05:00
marshmellow42
e396001c47 Revert "lf simask, lf simfsk and bug fixes" 
This reverts commit fb0c84c3df.
 2015-02-19 21:22:05 -05:00
marshmellow42
fb0c84c3df lf simask, lf simfsk and bug fixes 2015-02-19 21:21:11 -05:00
iceman1001
d716ca2fc1 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/iclass.c
 2015-02-16 18:59:44 +01:00
Martin Holst Swende
7781a65656 Started work on 'hf iclass eload' - only client side so far, not yet supported in the device 2015-02-14 21:15:53 +01:00
iceman1001
2b61c24212 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/appmain.c
	armsrc/apps.h
	armsrc/lfops.c
 2015-02-10 08:58:14 +01:00
Martin Holst Swende
0644d5e3a3 Merged with master 2015-01-31 18:21:38 +01:00
Martin Holst Swende
31abe49fd3 Some more fixes to longer lf recordings. Now also supports longer snoops, and an additional command 'lf config' has been defined, instead of having to specify all params for every call 2015-01-30 23:03:44 +01:00
iceman1001
64d1b4efc9 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/Makefile
	armsrc/appmain.c
	armsrc/apps.h
	armsrc/epa.c
	armsrc/iclass.c
	armsrc/iso14443a.c
	armsrc/iso14443a.h
	armsrc/iso15693.c
	armsrc/lfops.c
	armsrc/mifarecmd.c
	armsrc/mifareutil.c
	armsrc/mifareutil.h
	armsrc/string.h
	armsrc/util.h
	bootrom/bootrom.c
	client/Makefile
	client/cmddata.c
	client/cmddata.h
	client/cmdhf.c
	client/cmdhf14a.c
	client/cmdhf14b.c
	client/cmdhf15.c
	client/cmdhficlass.c
	client/cmdhfmf.c
	client/cmdhfmfu.c
	client/cmdlf.c
	client/cmdlfem4x.c
	client/cmdlfhid.c
	client/cmdlfhitag.c
	client/cmdlfio.c
	client/cmdmain.c
	client/data.h
	client/flash.c
	client/graph.c
	client/graph.h
	client/loclass/elite_crack.c
	client/loclass/fileutils.c
	client/lualibs/commands.lua
	client/lualibs/html_dumplib.lua
	client/lualibs/mf_default_keys.lua
	client/lualibs/utils.lua
	client/mifarehost.c
	client/nonce2key/crapto1.c
	client/proxmark3.c
	client/scripting.c
	client/scripts/tnp3dump.lua
	client/scripts/tnp3sim.lua
	client/scripts/tracetest.lua
	common/Makefile.common
	common/cmd.c
	common/cmd.h
	common/lfdemod.c
	common/lfdemod.h
	common/usb_cdc.c
	common/usb_cdc.h
	include/usb_cmd.h
 2015-01-29 21:39:33 +01:00
pwpiwi
f71f4deb8f BigBuf and tracing rework: allow much longer traces in in hf commands 
- provided a BigBuf_malloc() function to dynamically allocate parts of BigBuf
  e.g. for DMA-Buffers, Frame-Buffers, Emulator-Memory
- the whole rest of BigBuf is now available for traces (instead of a small fixed amount)
- send actual traceLen together with trace data
- changed client side to cope with varying traceLen
- changed small buffers to automatic variables instead of parts of BigBuf
 2015-01-28 07:18:51 +01:00
iceman1001
9484ff3d6e ADD: tnp3xxx identification in luascripts. 
CHG: minor code clean up.
 2015-01-06 21:20:41 +01:00
iceman1001
3fe4ff4f03 CHG: generic code clean up. Removal of commented code. 
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD:  tnp3xx support
ADD:  nxp tag idents.
ADD:  identifiction of chinese backdoor commands to hf 14a reader.
 2015-01-05 15:51:27 +01:00
iceman1001
d3a22c7dfa ADD: Holimans new changes in master. 2015-01-05 02:01:24 +01:00
Martin Holst Swende
c8dd9b092e Some work on iclass dump and iclass list, now the dumping is a lot more stable. I think the comms should be measured and tuned a bit more, right now it kind of works thanks to retry-functionality, but the retries are probably not needed if we are a bit more careful about timing, so we don't send commands too fast for the tag to handle 2015-01-04 14:53:26 +01:00
iceman1001
b1329a0264 chg: updated the README.txt 
chg: updated the commands.lua so it is in sync with usb_cnd.c definitions.
 2015-01-02 00:09:59 +01:00
iceman1001
6ff6ade2f5 ADD: midnitesnakes desfire, ultralight changes from Unstable branch. 
ADD: Marshmellows fixes for the LF (demods) commands,  (LF SEACH)
ADD: Holimans changes with hash1_brute

FIXES:  minor fixes with some calls to "free" and redundant debug statement and code cleanup. removal of commented code.
 2014-12-31 11:35:43 +01:00
marshmellow42
66707a3b3c LF Demod bug fixes and add lf em em410xdemod 
fixed a few bugs in lf demod that the streamlining added.  added new lf
em em410xdemod command that loops until button pressed. (similar to lf
hid fskdemod
 2014-12-29 15:32:53 -05:00
iceman1001
d52e4e8819 ADD: HF 14A READER is now able to see if a presented card responses to the chinese magic backdoor commands. 
FIX: simple namechange of some defines where it hinted it was related to "eml" when it wasn't.
 2014-12-26 21:32:58 +01:00
iceman1001
95e635947b ADD: the option to simulate tnp3xxx inthe command "hf mf sim" 
ADD: found some new default keys
ADD: changed alot of memorys buffers to use constant values.  like usbbuffer sizes, tracelogs, etc etc
ADD: all changes Peter filmoore has in his pull request.
 2014-11-26 13:52:39 +01:00
iceman1001
c15d2bdc9b ADD: added identification for Mifare TNP3xxx tags. 
ADD: MD5-lua functionality
ADD: AES 128 decrypt lua functionality
ADD: test luc script for reading TNP3xxx tags
CHG: testing some changes for "hf 14b sim" / "lf em4x 410xsim"
 2014-11-03 13:49:19 +01:00
iceman1001
313ee67ea2 Fixed: "hf mfdes info" 2014-09-18 12:38:31 +02:00
iceman1001
f38a152863 First check in. 2014-09-11 23:23:46 +02:00
Martin Holst Swende
aa41c6058a Merged two iclass-reader functions into one to remove duplicated code, update loclass library with hash2 algo 2014-06-29 23:34:24 +02:00
Martin Holst Swende
3ad48540d4 Merge branch 'iclass-research' of https://github.com/PenturaLabs/proxmark3 into PenturaLabs-iclass-research 
Conflicts:
	README.txt
	armsrc/apps.h
	client/Makefile
	client/cmdhficlass.c
	client/cmdhficlass.h
 2014-06-28 20:52:37 +02:00
iZsh
b014c96d68 new command "lf snoop" to snoop raw ADC values 
fpga/lo_read.v (lf_field): new argument.
fpga/fpga_lf.v: modify accordingly.

armsrc/apps.h (FPGA_MAJOR_MODE_LF_READER): Rename as FPGA_MAJOR_MODE_LF_ADC.
armsrc/apps.h (FPGA_LF_ADC_READER_FIELD): New LF option.
armsrc/lfops.c: Modify accordingly.

client/cmdlf.c (CmdLFSnoop): New command.
armsrc/appmain.c, armsrc/lfops.c, client/cmdlf.h, include/usb_cmd.h: Modify accordingly.
 2014-06-21 21:33:54 +02:00
iZsh
7cc204bff8 THIS REQUIRES A BOOTROM UPDATE!! To save FPGA area, split the LF and HF bitstreams and load them on-demand. 2014-06-20 01:02:59 +02:00
penturalabs
fecd8202a5 implemented 'hf iclass dump xxxx', 
all you need is the magic key to dump contents of an iclass card
 2014-06-17 10:55:37 +01:00
penturalabs
c3963755b7 Implement replay command. 2014-04-15 11:47:01 +01:00
ikarus
9c6837165b Updated nameing (svn -> git) & fixed whitespaces. 2014-04-02 21:46:25 +02:00
Martin Holst Swende
23ca86b833 Changed size of version info 2014-04-02 11:55:16 +02:00
penturalabs
a1f3bb120f Added Kantech ioProx Support 2014-03-18 20:52:48 +00:00
martin.holst@gmail.com
d2f487af9c Various improvements on the Mifare1kSimulation. Fixed issue with tracebuffer not being cleared, fixed issue with 'static' errors, added modes for doing reader-only attack, added interactive mode, added possibility to set UID from cmdline, either 7-byte or 4-byte. See http://www.proxmark.org/forum/viewtopic.php?id=1529 and http://www.proxmark.org/forum/viewtopic.php?id=1649&p=3 for some more background and discussion 2014-01-31 21:17:34 +00:00
roel@libnfc.org
981bd4292e integrated MIFARE ultralight features, contributed by 'midnitesnake' 2013-10-11 08:43:23 +00:00
martin.holst@gmail.com
5f6d6c9003 Raw 14a in commandline, patch by jonor, see http://proxmark.org/forum/viewtopic.php?id=1751 for more info 2013-09-28 19:28:55 +00:00
martin.holst@gmail.com
7cf3ef203c Patch by jonor for raw ISO 1444B commands. See http://www.proxmark.org/forum/viewtopic.php?id=1729 for more info 2013-09-01 18:41:05 +00:00
roel@libnfc.org
ce55f5a291 moved RAMFUNC definition 2013-04-08 09:18:39 +00:00
roel@libnfc.org
759c16b31f client should compile without warnings on linux, mac, windows 2013-03-14 15:03:04 +00:00
roel@libnfc.org
54a942b05d merged all patches into CDC repository 2013-02-28 17:04:23 +00:00
roel@libnfc.org
28fdb04fd8 Finally, rewrote bootrom and flasher program, much faster now 2013-02-28 15:11:52 +00:00
roel@libnfc.org
9440213d6b fixed 64-bit cmd/arg for windows 2012-12-09 13:00:19 +00:00
roel@libnfc.org
80501bad5b tryout.... changed to 64-bit command arguments in stead of 32-bit 2012-12-07 22:41:41 +00:00
roel@libnfc.org
6e82300dda removed all old usb calls 2012-12-05 16:14:10 +00:00
roel@libnfc.org
ecab772ed0 added missing files, part2 2012-12-04 23:43:19 +00:00
roel@libnfc.org
902cb3c00b major USB update 2012-12-04 23:39:18 +00:00
roel@libnfc.org
bde10a5057 added hitag2 reading in crypto mode functionality 2012-10-16 15:18:13 +00:00
roel@libnfc.org
d19929cbe8 MAJOR update, added hitag2 reader, emulation and eavesdropping, lots of new code, including FPGA tweaks, part 2 2012-09-18 13:53:17 +00:00
frederikmoellers@aol.de
5acd09bdfb Basic support for EAC documents (e.g. German Identification Card) 
-new files armsrc/epa.[ch] for ePA (electronic "Personalausweis") related functions
    -Offers elementary functions (EPA_PACE_MSE_Set_AT etc.)
    -Also offers one new USB command: EPA_PACE_Collect_Nonce
-created new command subtree in client: client/hfepa.[ch] ("hf epa")
    -offers "hf epa cnonces" (collect encrypted PACE nonces)
-more to come
 2012-08-28 21:39:50 +00:00
frederikmoellers@aol.de
3ebf4b3d01 Corrected indentation in usb_cmd.h 
Also changed the command ID of CMD_WRITER_LEGIC_RF to ease visual spotting of empty ID blocks.
(ID was 0x0399 but it was above CMD_SNOOP_ICLASS with ID 0x0392)
 2012-08-23 23:32:18 +00:00
Merlokbr@gmail.com
39864b0bd4 "hf mf sniff" low level logics works. 2012-07-11 15:52:33 +00:00
Merlokbr@gmail.com
b62a5a8444 small improvements, added new command hf mf sniff (there will be cool sniffer). But now... here is optimized hf 14a snoop. As I see it works the same as th old version. 2012-07-06 16:19:05 +00:00
Merlokbr@gmail.com
545a1f385c another "magic card" backdoor - command "read block". Added several commands to manipulate card data. 2012-07-05 14:05:01 +00:00
Merlokbr@gmail.com
0675f200e6 Added work with "magic Chinese" card (card from: ouyangweidaxian@live.cn) with wipe support). Change UID and wipe only. 2012-07-05 07:31:56 +00:00
cex123@gmail.com
2414f97889 Added Indala cloning. Fixed HID cloning bug 2012-07-02 08:37:50 +00:00
dekoninggans@gmail.com
1e26214152 Extended iClass support with Card and Reader emulation! 2012-06-28 13:38:40 +00:00
marcin.mielczarczyk
2d4eae7617 Support for EM410x card mode in T5555/T55x7 tags. 2012-03-07 13:44:53 +00:00
cex123@gmail.com
ec09b62d88 2011-10-15 15:15:49 +00:00
Merlokbr@gmail.com
8556b852ed 1. updated usb commands 
2. added abilities to: clear, get, set, load from card, load from nested card emulator dump
3. tried to fix proxmark promt have seen everywhere (not so good)
4. reorganized arm code
 2011-06-17 18:39:54 +00:00
Merlokbr@gmail.com
9ca155ba44 0. its alpha version!!! 
1. commands changed from "hf 14a" to "hf mf" 
2. some code cleaning and small bugfixes
3. alpha version hf mf sim
4. added internal function GetTickCount() for time measuring
 2011-06-10 13:35:10 +00:00
Merlokbr@gmail.com
873014de8a linux patch by Wil 
http://www.proxmark.org/forum/profile.php?id=1639
 2011-06-07 14:30:07 +00:00
Merlokbr@gmail.com
f397b5cc87 1. fixed hf 14a mifare. added functionality to ignore one Nt 
2. completed hf 14a nested
3. added hf 14a chk to check keys
5. added check keys to hf 14a mifare and hf 14a nested
6. added debug level to mifare commands
7. small bugs and improvements
 2011-06-07 12:35:52 +00:00
Merlokbr@gmail.com
20f9a2a1d5 1. Mifare read block command 
2. Mifare read sector (via 1)
3. Mifare write block
4. fixed several bugs in iso 14443 select
added
Issue 23
Issue 26
 2011-05-26 12:55:15 +00:00
dekoninggans@gmail.com
cee5a30d53 Added iClass eavesdrop support for Proxmark3 2011-05-18 12:33:32 +00:00
adam@algroup.co.uk
9455b51c2a Issue 20 patch (refactored code of the iso15693 implementation as well as several enhancements) [Adrian Dabrowski "atrox"] 2010-10-19 14:25:17 +00:00
adam@algroup.co.uk
534983d735 iso14a reader patches [Hagen Fritsch] 2010-07-13 13:39:30 +00:00
adam@algroup.co.uk
3612a8a8e2 legic write/simulate [Anon] 2010-05-06 11:24:01 +00:00
d18c7db
0aa4cfc2f1 Fix up small error in main osc startup delay and replace more custom defines with standard Atmel defines 2010-03-04 08:15:59 +00:00
marcansoft
9e84fd5b73 Fix FMCN setting so it actually matches datasheet 
1.5us instead of 1us. 1us is only for fuse programming, not for regular
Flash programming.
 2010-03-04 05:01:32 +00:00
marcansoft
bd20f8f478 Add license headers to armsrc/bootrom/common stuff 
I have kept whatever copyright notices exist. Please add your own
copyright notice if you have made any nontrivial changes or additions to
the code. There are several files without any attribution, currently.
 2010-02-21 00:12:52 +00:00
marcansoft
f7e3ed8287 Clean up data types, some header cleanup, etc. 2010-02-20 22:51:00 +00:00
marcansoft
8419248d2d More CRLF -> LF conversion 2010-02-20 22:50:30 +00:00
marcansoft
e30c654b19 More en masse cleanup (whitespace/newlines/headers/etc) 2010-02-20 21:57:20 +00:00
izsh@fail0verflow.com
5e174a511b marcan's patch until he gets commit access. Remove C library's includes from the firmware side since it's not available anyway and not used 2010-02-20 03:07:55 +00:00
d18c7db
3ec3a4724e Removed hackish usb.h file, re-added Info.plist 2010-02-19 23:24:49 +00:00
d18c7db
393c3ef933 Attempt at getting the windows client to at least compile without bombing out with errors, may not be fully usable, e.g. plot window doesn't come up, etc 2010-02-18 08:24:26 +00:00
adam@algroup.co.uk
8e220a9126 put legic back in the system and add rumpletux's fast legic / prng code from forum 2010-02-05 08:18:02 +00:00
izsh.f0f
7fe9b0b742 Client cleanup and restructuring. Stage 1... 
Next Step is refactoring some of the giant functions which are
just copy/paste of some other ones with just a few line changes,
removing unnecessary 'goto' etc.

The MS Windows version is broken with this commit but will be fixed
soon. Everything can't be done all at once :P

The commands are now hierarchical, for example:
"hf 14a read" vs. "hf 14b read".
You can also request help:
"hf help", "data help", "hf 15 help" etc.

Indents are now space-based, not tab-based anymore. Hopefully
no one will be trolling about it, considering the suicide-prone work
being done here ;)

client/cmdhw.c, client/proxusb.c, client/cmdhw.h, client/proxusb.h,
client/cmdmain.c, client/cmdlfhid.c, client/cmdmain.h, client/cmdlfhid.h,
client/data.c, client/data.h, client/cmdhf.c, client/cmdlf.c,
client/cmdhf.h, client/cmdhf15.c, client/cmdhf14b.c, client/cmdlf.h,
client/cmdhf15.h, client/cmdhf14b.h, client/cmddata.c, client/cmddata.h,
client/ui.c, client/cmdparser.c, client/cmdlfti.c, client/ui.h,
client/cmdlfem4x.c, client/cmdparser.h, client/cmdlfti.h, client/cmdlfem4x.h,
client/graph.c, client/graph.h, client/cmdhf14a.c, client/cmdhf14a.h,
client/cmdhflegic.c, client/cmdhflegic.c: New files.

client/cli.c, client/flasher.c, client/snooper.c, client/proxmark3.c,
client/proxmark3.h, client/Makefile: Update accordingly.

client/flash.h, client/flash.c, client/proxgui.cpp: Cosmetic changes.

client/translate.h, client/command.c, client/gui.c,
client/usb.c, client/prox.h: Remove.

include/usb_cmd.h (CMD_ACQUIRE_RAW_ADC_SAMPLES_ISO_14443_SIM): Remove dead cmd.

common/crc16.h: New file.
common/crc16.c: Modify accordingly.
common/iso14443crc.h: New file.
common/iso14443_crc.c: Rename to
common/iso14443crc.c: and modify accordingly.

armsrc/lfops.c, armsrc/iso14443.c,
armsrc/iso14443a.c: include .h files from
the common directory instead of including the c files.

common/Makefile.common, armsrc/Makefile: Modify accordingly.
 2010-02-04 01:27:07 +00:00
daniel.boteanu
1eb7596aad Added hitune command for continuously measuring HF antenna tuning 2010-01-09 14:59:42 +00:00
henryk@ploetzli.ch
4ab6281664 Make the bootrom correctly nack in case of flash write error (e.g. due to lock bits) 2010-01-01 14:56:25 +00:00
roel@libnfc.org
6c5ad03860 mifare usb update 2009-12-30 00:18:35 +00:00
bushing
1dea88f976 fix some ARM build fail 2009-12-22 12:48:33 +00:00
bushing
3a8464f067 change usb_cmd struct to be more sane 
wean ourselves off translate.h
 2009-12-22 12:34:24 +00:00
henryk@ploetzli.ch
68d9d60a4d Add generic CRC calculation code 2009-11-25 20:41:41 +00:00
edouard@lafargue.name
c86cc30801 Added the new SRIX4K reading routine, thanks to jonor. Regression tested against SRI512 tags, 
but I do not have SRIX4K tags to test this with.
 2009-11-23 09:34:57 +00:00
henryk@ploetzli.ch
dcc10e5e31 Add basic communication shell for Legic RF in reader mode. Needs the new receive function of hi_read_tx. 2009-11-06 15:37:53 +00:00
henryk@ploetzli.ch
a7247d858b Add basic LEGIC RF communication in tag simulation mode 2009-10-12 11:47:39 +00:00
henryk@ploetzli.ch
bb4d2cca76 Add defines for TIMER_CLOCK? 2009-10-12 11:46:50 +00:00
henryk@ploetzli.ch
5fc8250f7f Add command to manually set ADC mux source 2009-10-09 15:57:07 +00:00
d18c7db
6949aca9fa Pushed standard AT91 defines into main code 2009-09-29 12:13:41 +00:00
henryk@ploetzli.ch
5d32e2bf60 Rename at91sam7s512.h for case sensitive filesystems 2009-09-28 11:29:17 +00:00