iceman1001
05b50a6c26
fix #2418 - the tool mf_nonce_brute has in some odd cases when bruteforcing the last upper 16 bits a chance of actually decrypt the four bytes into a valid mifare classic protocol command with a valid ISO14443-a CRC. See github issue for example.\n We now bruteforce all 0xFFFF keyspace and keep track of how many candidates was found. The output has been improved to help user in this case too.
2024-07-11 10:57:19 +02:00
iceman1001
39639c803c
fix a wrong size when clearning allocated memory
2024-06-15 20:36:11 +02:00
Michael Jung
8209440a54
Fix ISO 14443-B tag simulation
...
See https://github.com/RfidResearchGroup/proxmark3/issues/1652
- Fix Bit Coding PICC -> PCD: Encoding for 0 and 1 bits were reversed.
- Add a frontend delay for TR0 (No subcarrier) in TransmitFor14443b_AsTag.
- Remove unconditionally prefixing the encoded data with two '1' bits.
- Improve the Type B PICC State Machine implementation.
With these improvements my PCD can read the ISO 14443-B tag emulated by a
Proxmark3 Easy.
Signed-off-by: Michael Jung <michael.jung@secore.ly>
2024-06-11 19:05:08 +02:00
iceman1001
3e1bd8f50a
the BT serial port setup on Windows didnt work properly. By adding the baud rate in the new termios settings the issue seem to be fixed. Also added some extra flushing calls and some more configuration settings for chars.
2024-06-11 14:32:35 +02:00
David Beauchamp
46c85b41e9
Added new t55xx password (002BCFCF) sniffed from cheap cloner
2024-06-07 11:39:47 -04:00
iceman1001
6e6d00505f
added the tears_for_fears.py script by Pierre Granier
2024-06-06 14:45:06 +02:00
iceman1001
f6ccda074c
text
2024-05-28 10:41:30 +02:00
iceman1001
efcfd3e126
text
2024-05-28 10:36:23 +02:00
iceman1001
d3d701f538
the generation of NrAr is used in the regression tests. I readded the old way and if you call the hitag2_gen_nRaR.py with five params, you get the nice commands instead
2024-05-27 15:08:49 +02:00
iceman1001
b9a583cdb5
swapped out to use bigbuff memory allocation and also show an empty message
2024-05-21 18:31:51 +02:00
iceman1001
1b387ae90e
some simple identification tests, will need to expand on the idea later
2024-05-20 21:26:12 +02:00
iceman1001
d9ec99f903
found the bug in a call to hex2binarray() fct which overwrote first 16 bytes of keystream. Fixed loops. Crack2 now generates same data as RFIDLer impl.
2024-05-16 22:49:24 +02:00
iceman1001
e5d5510b61
text
2024-05-15 09:37:44 +02:00
Henry Gabryjelski
f9dbe3fb6e
Update CHANGELOG.md
...
Signed-off-by: Henry Gabryjelski <henrygab@users.noreply.github.com>
2024-05-14 21:34:43 -07:00
iceman1001
77db65a590
there were several memory leaks in hf 15 dump
. Fixed by @jlitewski
2024-05-13 14:29:27 +02:00
iceman1001
11a298dc42
changed hf search to look for topaz first and commented out ICT code path
2024-05-13 11:12:27 +02:00
iceman1001
bbbe985111
when changing to 50 loops on device side, the felica reader code on client side timedout and it wasnt handled good enough so the return code was PM3_SUCCESS giving a false positive. Increase timeout, decrease loops to 25, and better loop handling of return value
2024-05-12 20:17:50 +02:00
iceman1001
c50f109f05
the failed compiling on MINGW/proxspace warns over a overflow in buffer[5], the return value in utf8_check_first() can be 0 - 4, which used later in loop as index with 1 as start offset. a 4 will overflow the buffer[5]. Increased buffer with to just in case to support the zero terminator. Another option where this code will bail out is, 0 is goto out, 1 will trigger the assert and break client. A bit ruff I say.
2024-05-12 19:14:17 +02:00
RunTheBot
8bf57b2094
Update CHANGELOG.md
...
Signed-off-by: RunTheBot <58890327+RunTheBot@users.noreply.github.com>
2024-05-02 18:46:09 -04:00
iceman1001
dee84b5b6f
added "lf hitag crack2" to support the second attack vector against Hitag2, based on all work from @kevsecurity Kev Sheldrake in the RFIDler repo. This is WIP, not working at the moment
2024-04-26 15:38:06 +02:00
iceman1001
5396524dc4
the change to download the anticollision signal trace to "hf 14b reader" made it slow. Making it optional instead improves performance in "hf search"
2024-04-25 08:02:11 +02:00
iceman1001
641b8f3f57
added a trace file for looking at a genuine Hitag2 read out when card is configured in Crypto mode
2024-04-25 07:37:26 +02:00
iceman1001
36603818d1
fixed a valgrind memory usage of uninitialised array
2024-04-25 07:29:22 +02:00
iceman1001
59c07f911a
- now are able to verify signature. Thanks @doegox!
2024-04-24 00:23:16 +02:00
iceman1001
1a3613901e
since I messed up the calypso and mobib lua script, I made a native implentatin instead. I leave the decoding of the extracted data for people to come to have some sort of challenge
2024-04-23 10:09:46 +02:00
Iceman
9343014b68
Merge branch 'master' into purring-basilisk
...
Signed-off-by: Iceman <iceman@iuse.se>
2024-04-22 17:41:01 +02:00
iceman1001
c8849af5e0
This is the major changes made to the HITAG2 commands. Its heavly based on RFIDLers implementation and its been converted to work with Proxmark3. Special thanks to @kevsecurity for his amazing implementations of the Gone in 360 Seconds paper by Roel, Flavio & Balasch. Thanks to @adamlaurie for his RFIDler project. It wouldnt been doable without it.
2024-04-22 16:20:24 +02:00
JLitewski
97d5c4e50c
Merge branch 'master' into purring-basilisk
...
Signed-off-by: JLitewski <hackhalotwo@gmail.com>
2024-04-22 09:49:31 -04:00
iceman1001
fc2a3dd2c5
Updated the command according to @whywilson's findings. and fixed the wrong byte aswell
2024-04-22 15:41:59 +02:00
JLitewski
6097c531c8
Merge branch 'master' into purring-basilisk
...
Signed-off-by: JLitewski <hackhalotwo@gmail.com>
2024-04-22 06:42:45 -04:00
iceman1001
5025a18722
pushed update to use latest setup script
2024-04-22 09:51:42 +02:00
iceman1001
362cfff60a
fix ref name
2024-04-22 09:44:07 +02:00
iceman1001
02872796aa
should wait for a reply from device that sniffing is done
2024-04-22 09:26:25 +02:00
iceman1001
87c6633de1
add support for generation 2 magic command when setting UID on ISO15693 cards. ref:: https://github.com/RfidResearchGroup/proxmark3/issues/1604#issuecomment-2068444071
2024-04-22 09:04:01 +02:00
jlitewski
791f02209d
Implemented Buffer SaveStates
2024-04-20 14:14:15 -04:00
iceman1001
c860bd252a
textual detection
2024-04-20 09:38:04 +02:00
Jacob Litewski
bb1c662af0
Graph Markers, Version 2
2024-04-18 23:08:33 -04:00
iceman1001
6cc9c435e0
fix #2350 updated the swig wrappers to swig version 4.2.1. Lets hope it solves the OSX issues
2024-04-16 22:35:10 +02:00
iceman1001
3c8b1317c2
deprecated hex2bin and bin2hex. Use data num
instead
2024-04-13 11:30:26 +02:00
iceman1001
500e10f3a5
text
2024-04-13 10:59:55 +02:00
iceman1001
9b8cf1e323
the waitforResponseTimeoutW fct will lock the client in situations like sniffing and if the device locks up there is no way to exit nice. This fix will look for life signs from the device. if lost, we will break. Allowing for the client to handle it better
2024-04-07 23:50:58 +02:00
iceman1001
a68a5a8825
if using readline , the CTRL-C should now handle it a bit more nicer. Especially the pm3 history file should be flushed with the upside you dont loose all your commands you issued and mistakingly pressed CTRL-C. for the linenoice and Win32, you still have this issue.
2024-04-06 20:57:54 +02:00
iceman1001
82a809887c
hf mf ginfo -now supports decoding of a user supplied configuration block and improved textual output
2024-04-05 00:40:13 +02:00
iceman1001
21f25ccd1f
the data load for long file since we got the extended sniff possibility is hard to see. This commit now shows a comma printed version. It helps me :)
2024-04-03 17:05:34 +02:00
iceman1001
64a5b048e5
text
2024-03-26 15:11:12 +01:00
iceman1001
c66e781a9c
annotation of the hitag2 protocol now properly identifies different parts without shifting of whole hex arrays. Took the idea from RFIdler (@adamLLaurie) where he treats it like a binary string instead. It works. Problem: We use whole bytes in our logging protocol and Hitag2 uses 5, 10, 32, 64 bits commands. START_AUTH is 11000, which as a MSB aligned byte is 0xC0. Now we shift it down to LSB centered and 11000 becomes 0x18. This reduces all issues with handing the rest of the array. \n\nTake note that our protocol uses whole bytes. I had to print out number of actually captured bits in the trace log now. Otherwise 65 or 71 bits would not look any different but will not work when used with other tools. This also means we abuse the logging protocol by using the parity byte arry to store number of "left over bits" in the par[0] position.
2024-03-26 15:04:39 +01:00
iceman1001
dd62dc9275
changelog
2024-03-20 23:33:02 +01:00
iceman1001
2f6f4806da
text
2024-03-20 23:31:14 +01:00
iceman1001
555fe1566f
changes to hf mf info for some more detections
2024-03-16 19:04:31 +01:00
Henry Gabryjelski
7036e91f2e
Add to changelog
2024-03-11 18:16:59 -07:00