David Beauchamp
|
46c85b41e9
|
Added new t55xx password (002BCFCF) sniffed from cheap cloner
|
2024-06-07 11:39:47 -04:00 |
|
iceman1001
|
6e6d00505f
|
added the tears_for_fears.py script by Pierre Granier
|
2024-06-06 14:45:06 +02:00 |
|
iceman1001
|
f6ccda074c
|
text
|
2024-05-28 10:41:30 +02:00 |
|
iceman1001
|
efcfd3e126
|
text
|
2024-05-28 10:36:23 +02:00 |
|
iceman1001
|
d3d701f538
|
the generation of NrAr is used in the regression tests. I readded the old way and if you call the hitag2_gen_nRaR.py with five params, you get the nice commands instead
|
2024-05-27 15:08:49 +02:00 |
|
iceman1001
|
b9a583cdb5
|
swapped out to use bigbuff memory allocation and also show an empty message
|
2024-05-21 18:31:51 +02:00 |
|
iceman1001
|
1b387ae90e
|
some simple identification tests, will need to expand on the idea later
|
2024-05-20 21:26:12 +02:00 |
|
iceman1001
|
d9ec99f903
|
found the bug in a call to hex2binarray() fct which overwrote first 16 bytes of keystream. Fixed loops. Crack2 now generates same data as RFIDLer impl.
|
2024-05-16 22:49:24 +02:00 |
|
iceman1001
|
e5d5510b61
|
text
|
2024-05-15 09:37:44 +02:00 |
|
Henry Gabryjelski
|
f9dbe3fb6e
|
Update CHANGELOG.md
Signed-off-by: Henry Gabryjelski <henrygab@users.noreply.github.com>
|
2024-05-14 21:34:43 -07:00 |
|
iceman1001
|
77db65a590
|
there were several memory leaks in hf 15 dump . Fixed by @jlitewski
|
2024-05-13 14:29:27 +02:00 |
|
iceman1001
|
11a298dc42
|
changed hf search to look for topaz first and commented out ICT code path
|
2024-05-13 11:12:27 +02:00 |
|
iceman1001
|
bbbe985111
|
when changing to 50 loops on device side, the felica reader code on client side timedout and it wasnt handled good enough so the return code was PM3_SUCCESS giving a false positive. Increase timeout, decrease loops to 25, and better loop handling of return value
|
2024-05-12 20:17:50 +02:00 |
|
iceman1001
|
c50f109f05
|
the failed compiling on MINGW/proxspace warns over a overflow in buffer[5], the return value in utf8_check_first() can be 0 - 4, which used later in loop as index with 1 as start offset. a 4 will overflow the buffer[5]. Increased buffer with to just in case to support the zero terminator. Another option where this code will bail out is, 0 is goto out, 1 will trigger the assert and break client. A bit ruff I say.
|
2024-05-12 19:14:17 +02:00 |
|
RunTheBot
|
8bf57b2094
|
Update CHANGELOG.md
Signed-off-by: RunTheBot <58890327+RunTheBot@users.noreply.github.com>
|
2024-05-02 18:46:09 -04:00 |
|
iceman1001
|
dee84b5b6f
|
added "lf hitag crack2" to support the second attack vector against Hitag2, based on all work from @kevsecurity Kev Sheldrake in the RFIDler repo. This is WIP, not working at the moment
|
2024-04-26 15:38:06 +02:00 |
|
iceman1001
|
5396524dc4
|
the change to download the anticollision signal trace to "hf 14b reader" made it slow. Making it optional instead improves performance in "hf search"
|
2024-04-25 08:02:11 +02:00 |
|
iceman1001
|
641b8f3f57
|
added a trace file for looking at a genuine Hitag2 read out when card is configured in Crypto mode
|
2024-04-25 07:37:26 +02:00 |
|
iceman1001
|
36603818d1
|
fixed a valgrind memory usage of uninitialised array
|
2024-04-25 07:29:22 +02:00 |
|
iceman1001
|
59c07f911a
|
- now are able to verify signature. Thanks @doegox!
|
2024-04-24 00:23:16 +02:00 |
|
iceman1001
|
1a3613901e
|
since I messed up the calypso and mobib lua script, I made a native implentatin instead. I leave the decoding of the extracted data for people to come to have some sort of challenge
|
2024-04-23 10:09:46 +02:00 |
|
Iceman
|
9343014b68
|
Merge branch 'master' into purring-basilisk
Signed-off-by: Iceman <iceman@iuse.se>
|
2024-04-22 17:41:01 +02:00 |
|
iceman1001
|
c8849af5e0
|
This is the major changes made to the HITAG2 commands. Its heavly based on RFIDLers implementation and its been converted to work with Proxmark3. Special thanks to @kevsecurity for his amazing implementations of the Gone in 360 Seconds paper by Roel, Flavio & Balasch. Thanks to @adamlaurie for his RFIDler project. It wouldnt been doable without it.
|
2024-04-22 16:20:24 +02:00 |
|
JLitewski
|
97d5c4e50c
|
Merge branch 'master' into purring-basilisk
Signed-off-by: JLitewski <hackhalotwo@gmail.com>
|
2024-04-22 09:49:31 -04:00 |
|
iceman1001
|
fc2a3dd2c5
|
Updated the command according to @whywilson's findings. and fixed the wrong byte aswell
|
2024-04-22 15:41:59 +02:00 |
|
JLitewski
|
6097c531c8
|
Merge branch 'master' into purring-basilisk
Signed-off-by: JLitewski <hackhalotwo@gmail.com>
|
2024-04-22 06:42:45 -04:00 |
|
iceman1001
|
5025a18722
|
pushed update to use latest setup script
|
2024-04-22 09:51:42 +02:00 |
|
iceman1001
|
362cfff60a
|
fix ref name
|
2024-04-22 09:44:07 +02:00 |
|
iceman1001
|
02872796aa
|
should wait for a reply from device that sniffing is done
|
2024-04-22 09:26:25 +02:00 |
|
iceman1001
|
87c6633de1
|
add support for generation 2 magic command when setting UID on ISO15693 cards. ref:: https://github.com/RfidResearchGroup/proxmark3/issues/1604#issuecomment-2068444071
|
2024-04-22 09:04:01 +02:00 |
|
jlitewski
|
791f02209d
|
Implemented Buffer SaveStates
|
2024-04-20 14:14:15 -04:00 |
|
iceman1001
|
c860bd252a
|
textual detection
|
2024-04-20 09:38:04 +02:00 |
|
Jacob Litewski
|
bb1c662af0
|
Graph Markers, Version 2
|
2024-04-18 23:08:33 -04:00 |
|
iceman1001
|
6cc9c435e0
|
fix #2350 updated the swig wrappers to swig version 4.2.1. Lets hope it solves the OSX issues
|
2024-04-16 22:35:10 +02:00 |
|
iceman1001
|
3c8b1317c2
|
deprecated hex2bin and bin2hex. Use data num instead
|
2024-04-13 11:30:26 +02:00 |
|
iceman1001
|
500e10f3a5
|
text
|
2024-04-13 10:59:55 +02:00 |
|
iceman1001
|
9b8cf1e323
|
the waitforResponseTimeoutW fct will lock the client in situations like sniffing and if the device locks up there is no way to exit nice. This fix will look for life signs from the device. if lost, we will break. Allowing for the client to handle it better
|
2024-04-07 23:50:58 +02:00 |
|
iceman1001
|
a68a5a8825
|
if using readline , the CTRL-C should now handle it a bit more nicer. Especially the pm3 history file should be flushed with the upside you dont loose all your commands you issued and mistakingly pressed CTRL-C. for the linenoice and Win32, you still have this issue.
|
2024-04-06 20:57:54 +02:00 |
|
iceman1001
|
82a809887c
|
hf mf ginfo -now supports decoding of a user supplied configuration block and improved textual output
|
2024-04-05 00:40:13 +02:00 |
|
iceman1001
|
21f25ccd1f
|
the data load for long file since we got the extended sniff possibility is hard to see. This commit now shows a comma printed version. It helps me :)
|
2024-04-03 17:05:34 +02:00 |
|
iceman1001
|
64a5b048e5
|
text
|
2024-03-26 15:11:12 +01:00 |
|
iceman1001
|
c66e781a9c
|
annotation of the hitag2 protocol now properly identifies different parts without shifting of whole hex arrays. Took the idea from RFIdler (@adamLLaurie) where he treats it like a binary string instead. It works. Problem: We use whole bytes in our logging protocol and Hitag2 uses 5, 10, 32, 64 bits commands. START_AUTH is 11000, which as a MSB aligned byte is 0xC0. Now we shift it down to LSB centered and 11000 becomes 0x18. This reduces all issues with handing the rest of the array. \n\nTake note that our protocol uses whole bytes. I had to print out number of actually captured bits in the trace log now. Otherwise 65 or 71 bits would not look any different but will not work when used with other tools. This also means we abuse the logging protocol by using the parity byte arry to store number of "left over bits" in the par[0] position.
|
2024-03-26 15:04:39 +01:00 |
|
iceman1001
|
dd62dc9275
|
changelog
|
2024-03-20 23:33:02 +01:00 |
|
iceman1001
|
2f6f4806da
|
text
|
2024-03-20 23:31:14 +01:00 |
|
iceman1001
|
555fe1566f
|
changes to hf mf info for some more detections
|
2024-03-16 19:04:31 +01:00 |
|
Henry Gabryjelski
|
7036e91f2e
|
Add to changelog
|
2024-03-11 18:16:59 -07:00 |
|
Antonio Gamez Diaz
|
27ac51a991
|
Add entry in changelog.md
|
2024-03-11 20:15:45 +01:00 |
|
iceman1001
|
9de6f59136
|
modified standalone mode hf_unisniff. It now also sniffs iclass. Another option added was for hw standalone -b, which allows you to trigger a particular sniff from client. Good for debugging w/o need to recompile or upload a config file.
|
2024-03-06 21:07:42 +01:00 |
|
iceman1001
|
6a933555df
|
mem spiffs dump now honors the -d filename and save to file when used together with the -t param
|
2024-03-05 14:55:30 +01:00 |
|
iceman1001
|
41696acc19
|
the key type was wrong in the output. I figure this should fix it
|
2024-03-04 08:48:39 +01:00 |
|