RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-20 23:36:31 +08:00
Code Issues Packages Projects Releases Wiki Activity
6418 commits 3 branches 14 tags 85 MiB
Commit graph

306 commits

Author SHA1 Message Date
vratiskol 64c3ae8b34 hf mf sim 2019-03-15 21:04:25 +01:00
Philippe Teuwen 3807848171 fix DetectNACKbug: sync_cycles is signed 2019-03-12 23:37:53 +01:00
Philippe Teuwen 961d929f4d changing {} style to match majority of previous style 2019-03-10 11:20:22 +01:00
Philippe Teuwen 0373696662 make style 2019-03-10 00:00:59 +01:00
Philippe Teuwen 8a7c6825b5 armsrc: fix mix of spaces & tabs 2019-03-09 20:34:41 +01:00
Philippe Teuwen 60f292b18e remove spurious spaces & tabs at end of lines 2019-03-09 08:59:13 +01:00
merlokk 69f3e65dd0 fix memmove if len=0 2019-02-05 18:39:03 +02:00
merlokk 0e5d896893 fix endless loop 2019-02-05 18:27:48 +02:00
merlokk cf21f046d8 arm side 2019-01-30 18:15:47 +02:00
merlokk 1b3d96ab2d add apdu chaining to arm side 2019-01-29 19:30:15 +02:00
iceman1001 2612cd006a CHG: bigbuf adaptations 2019-01-09 12:00:06 +01:00
iceman1001 3ae871f534 CHG: 'hf 14a antifuzz' - original implementation by @asfabw, reworked a bit - WORK IN PROGRESS - 2019-01-07 09:32:16 +01:00
merlokk 0cfa47e628 merged iso14 arm side 2018-11-08 20:29:08 +02:00
Chris abdd51b6b3 chg: 'hf mf sim' led 2018-06-23 06:31:42 +02:00
iceman1001 110a7b28cb chg: 'hf 14a sim' - possibility to simulate FM11RF005SH (@maozhenyu123) 
chg: 'hf 14a info' - tag identification for FM11RF005SH (@maozhenyu123)

Fudan FM11RF005SH , has 512bit mem,  16blocks w 4bytes / block.
Support REQA, READ, WRITE, AUTH.   Unknown how the auth is done.

The ATQA/SAK ,  or a trace from one of these tags would be intersting to look at.
 2018-05-06 09:24:28 +02:00
iceman1001 3f5aab8f05 chg: preparing for iso7816 module statuses 2018-04-03 11:45:20 +02:00
iceman1001 802994d30a add: 'hf 14 antifuzz' - the outline for the new functionality which fuzzes the anticollision phase ISO 14443a. 2018-02-28 13:21:47 +01:00
iceman1001 fe34cac012 FIX: 'hf mf darkside' - no more WDT crashes. plus positive sideeffects (@pwpiwi) 
https://github.com/Proxmark/proxmark3/pull/569
 2018-02-08 19:11:35 +01:00
iceman1001 374571046d remove debug.. 2018-02-07 20:12:16 +01:00
iceman1001 aee5fcb24a debugs 2018-02-07 17:22:23 +01:00
iceman1001 3464fbe1df fix 'hf mf darkside' - adapted solution from @pwpivi 2018-02-05 20:46:14 +01:00
iceman1001 fca1c9b7cf chg: 'hf mf mifare' - (deviceside) reset cycles when negative or too large 2018-02-05 16:47:10 +01:00
iceman1001 52d69ed4ee CHG: refactor CRC16 algos. This is a big change, most likely some parts broke, hard to test it all. 2018-02-01 15:19:47 +01:00
iceman1001 c6207d09e1 chg: 'hf felica reader' is better, almost working good 2018-01-30 03:29:37 +01:00
iceman1001 ede55a1498 add: fast 8bit reversal. 2018-01-27 22:20:56 +01:00
iceman1001 be82f9f018 DEL: 'hf mf sniff' - since it is very similar to 'hf 14a sniff' , I removed this command. The desired functionality will become a new 'hf list mf' option in the future. 2018-01-18 14:11:22 +01:00
iceman1001 b4afc8cdc4 fix: 'hf mf sniff' - @merlokk 's adjustments 2018-01-17 00:28:40 +01:00
iceman1001 5ee4eeb84b chg: 'hf mf sim' wrong debuglevel for message 2018-01-11 22:08:02 +01:00
iceman1001 05b62d0b3d syntax sugar 2018-01-05 17:40:07 +01:00
iceman1001 594e4fe169 fix: (@pwpivi) fa85b08504 2017-12-12 15:49:43 +01:00
iceman1001 0e96c72476 fix: wupe timing (@pwpiwi) 7c7327e7c8 2017-12-10 20:02:51 +01:00
iceman1001 71fa461403 fix: timeout issues with checkkeys etc 2017-12-10 11:38:26 +01:00
iceman1001 0430b84f65 CHG: 'hf 14a sim', 'hf mf sim' - now uses weak PRNG from Crypto1 as nonce generation. 2017-12-07 15:21:06 +01:00
iceman1001 44280abf62 chg: reverting back to more or less offical pm3 version. 2017-12-07 15:02:15 +01:00
iceman1001 e94ceecb79 chg: 'hf mf mifare' - my darkside attack has been buggy last months. This reverts back to offical pm3. 2017-12-06 21:53:11 +01:00
iceman1001 2e35725f2f chg: 'hf mf mifare' - the darkside attack works bad... 2017-12-06 01:09:12 +01:00
iceman1001 56dbf3ea15 chg: 'hf mf nack' - adjustments in return values.. 
add: 'hf 14a info -n'  added new parameter,  to enable test for nack bug.
 2017-12-06 00:34:57 +01:00
iceman1001 e5f92935a1 chg: more adjustments 2017-12-06 00:17:49 +01:00
iceman1001 0c0e20eb06 chg: adjustments 2017-12-06 00:12:15 +01:00
iceman1001 6a028bdd18 fix: 'hf mf nack' - now does it better.. 2017-12-06 00:03:34 +01:00
iceman1001 0a1a48df01 chg: 'hf mf nack' - extracted in into mifarehost for easier usage in other cmds like 
'hf 14a info'
chg: 'hf mf nack' - changes on devices side from @doegox   Thanks!
 2017-12-05 23:34:52 +01:00
iceman1001 db82738527 chg: 'hf mf mifare' - warning if select card failed but continue searching 
chg: 'hf mf nack' - warning if select card failed but continue searching
 2017-12-05 18:18:20 +01:00
iceman1001 8b3ff03599 chg: 'hf mf nack' - cleaning up 2017-12-05 18:14:19 +01:00
iceman1001 a43f156370 chg: 'hf mf nack' - minor 2017-12-05 18:04:21 +01:00
iceman1001 6e5038f224 chg: 'hf mf nack' - only test all 256 parities for one nonce when synced. 
0 nack = has not bug.
1 nack == has bug
x nacks == most likely a clone card which answers nack to all requests.
 2017-12-05 17:57:44 +01:00
iceman1001 ba4df1b9fc chg: 'hf mf nack' - trace on. 2017-12-05 13:25:16 +01:00
iceman1001 08193fd2e5 chg: getting crazy out of sync when running against magic cards. 2017-12-05 12:30:40 +01:00
iceman1001 984a26370d chg: 'hf mf nack' better output 2017-12-05 11:53:42 +01:00
iceman1001 4289846383 chg 2017-12-05 11:39:31 +01:00
iceman1001 a2ba749a04 chg... 2017-12-05 11:37:10 +01:00
iceman1001 0e9a0d4b71 chg: remove unused vars 2017-12-05 11:35:07 +01:00
iceman1001 4f3e9f0f1f chg: 'hf mf nack' - loop three times. change nonce 2017-12-05 11:33:32 +01:00
iceman1001 355572826a chg: this debug statement interups with all other printouts. 2017-12-05 11:01:05 +01:00
iceman1001 ea6136456c chg: 'hf mf nack' - use faster iso select 2017-12-05 10:52:53 +01:00
iceman1001 e02e145fae draft for a Mifare classic NACK bug detection. 
the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug.

-in short, ref  https://github.com/iceman1001/proxmark3/issues/141
NACK bug;  when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct.

This is a strong oracle which is used in the darkside attack.
 2017-12-04 19:36:26 +01:00
iceman1001 2c7930d178 fix: missing. 2017-11-25 10:22:47 +01:00
iceman1001 9d4d8b6e2c chg: iso14443a timeouts, (@pwpiwi) 
chg: apdu prolonged timeout (@merlokk)
 2017-11-25 10:11:37 +01:00
iceman1001 92f37c4c22 chg: 'apdu' @merlokk changes 
chg:  @piwi's changes to timing
chg: @piwi's changes to rats.
 2017-11-11 22:39:13 +01:00
iceman1001 2fc88b924d CHG: increased time to powerup tag 2017-10-12 15:14:41 +02:00
iceman1001 2ca0ea8cb4 ADD: 'hf mf fastchk' - new command, improved check keys functionality. It uses a bunch of techniques to get a speedup. 
Using a dictionary file with 421keys,

Current implementation of checkkeys takes 300 sec.
This implementation of checkkeys takes 250 sec.

I implemented it as a separate command so it will be easier to compare between the old and new checkkeys.
Its also doing much on deviceside, which is a step to much funnier standalone modes  :))
 2017-10-05 16:00:56 +02:00
iceman1001 a4b4a1a9a2 FIX: iso-14443a RATS optional (piwi) 2017-10-01 22:06:06 +02:00
iceman1001 f21555b1b2 fix: stack corruptions. keep it simple. (coverty scan 170498, 170497, 170496) 2017-09-05 10:10:24 +02:00
iceman1001 292a4ca602 'hf 14b sniff' - removed stuff which wasn't very useful. cleaner now. Not sure if it works :( 
'hf iclass sniff' - playing with this one.  Don't expect it to work yet :(
   - increase dma_buffer_size to 256
   - moved initialization to a own function. Just looks cleaner :)
   - change the debug output to follow MF_DBGLEVEL
'hf mf sniff' - unnecessary cast removed
 2017-08-27 19:41:24 +02:00
iceman1001 94f70caa7a when you need to add too much changes at the same time... 
fix: 'hf mf hardnested'  test cases doesn't need to verify key.
add: 'hf mf ' - collect nonces from classic tag.
chg: switch_off on armside,  a more unified way,  so we don't forget to turn of the antenna ...
chg:  renamed 'hf iclass snoop'  into 'hf iclass sniff'   in an attempt to make all sniff/snoop commands only SNIFF

chg: 'standalone' ->  starting the work of moving all standalone mods into a plugin kind of style, in its own folder.
 2017-08-26 12:57:18 +02:00
iceman1001 269b89373d chg: testing another loop style 2017-08-21 17:18:24 +02:00
iceman1001 24d332fac7 fixes.. 2017-07-11 18:27:59 +02:00
iceman1001 cdc0f15104 FIX: playing with some delays. 2017-07-11 17:40:29 +02:00
iceman1001 5f18400cbe FIX: 'hf iclass reader' marshmellows fixes. 
CHG:  removing some #define TRUE
 2017-07-07 12:38:49 +02:00
iceman1001 a7e677061a FIX: 'hf 14a sim' - mifare ul-ev1 simulation didn't follow protocol, (thanks to @Vyacheslav for pointing it out) 
ref:  https://github.com/iceman1001/proxmark3/issues/110
FIX: 'hf 14a raw' - zero lenth commands and AppendCrc14443a doesn't work well together.
FIX: 'hf 14a raw' - made clear comments and making params comparing as it should be.
FIX: 'hf 14a raw' - when selecting tag, and it failed,  the PM3 device was left with antenna on. This has now been fixed as it turns off antenna and leds.
 2017-06-26 21:36:56 +02:00
iceman1001 8eeb3c6a0b CHG: And that should be everything cleaned up with unneed functions and calls. 2017-03-06 11:53:55 +01:00
iceman1001 7dfa1b021e CHG: breaking, forgot some.. 2017-03-06 11:50:26 +01:00
iceman1001 00baf27097 FIX: since the correctionNeeded logic changed, with PR #87 (https://github.com/iceman1001/proxmark3/pull/87) this is the consequence changes to it. 2017-03-06 11:27:15 +01:00
Timo Hirvonen 17ab9dcca0 Improved logic for determining the correct Frame Delay Time (FDT) value based on the last bit transmitted by the PCD 2017-03-06 11:39:12 +02:00
iceman1001 99136c6eef CHG: finalized the merge between peter filmoores 14atagfuzz branch (emv). I seriously doubt anything works. 2017-03-01 21:51:23 +01:00
iceman1001 d24026ade8 BUG: forgot to remove 2017-02-25 23:14:55 +01:00
iceman1001 d32691f1da FIX: hf mf sim - authentication works again. 
CHG: `lf em`- renamed.
CHG: removed functionality in whereami.c, not needed.
 2017-02-25 23:00:20 +01:00
iceman1001 60ca588725 syntax sugar 2017-02-06 00:51:06 +01:00
iceman1001 4401050bcc ADD: 'hf standalone 14a mode", added "mifare 4k" detection. 
ADD: 'hf 14a sim' - added mifare 4k simulation.
 2017-02-01 14:41:06 +01:00
iceman1001 16cfceb689 CHG: rename a local scope variable "data"->"cmd" 
CHG: call params to selectcard too few
CHG: 'standalone HF mode' - when copying second UID onto data array,  it should append after first one, not over the first one.
ref: https://github.com/iceman1001/proxmark3/issues/77    Lets see if this fixes the HF part of this issue
 2017-02-01 12:50:54 +01:00
iceman1001 84bdbc1917 FIX: 'hf 14a sim x' - adjusted and shows messages when verbose. 
FIX: 'hf mf sim x i' - same as above.

In general we only use Moebius attack for "sim x",  that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
 2017-01-29 23:09:23 +01:00
iceman1001 7e735c1398 FIX: 'hf 14a sim x' - this fixes the error with using moebius attack and sim. Updating the nonce variable doesn't change the premodulated response. And it should update everytime it gets a command. One concering issue is that this takes time. Successfully works with two PM3. One acting reader, another sim. 2017-01-29 11:29:15 +01:00
iceman1001 e99acd00cc CHG: the mifare Auth command can make use of a random nonce aswell. 
CHG: since sim commands are timing critical, I'm testing a smaller prand prng function from Intel
 2017-01-29 10:41:48 +01:00
iceman1001 bf5d7992ce ADD: @micolous random nonce, adjusted to fit in. Icemanfork only uses Moebius attack, so no need for an extra parameter in client. 
ref: https://github.com/Proxmark/proxmark3/pull/209
 2017-01-26 14:21:51 +01:00
iceman1001 0f7279b22d syntax sugar 2017-01-21 11:33:14 +01:00
iceman1001 dd83c4572b CHG: coverity complains about not reading the value from mifare_send_short 
CHG: ubuntu 14.04 gcc4.8.4 complains about mem_avail still. Don't know why.
 2017-01-09 22:15:36 +01:00
iceman1001 5fba8581f4 CHG: the reset of pcb_num should be before untraditional tags return. 2016-11-16 17:43:08 +01:00
iceman1001 30daf914ce FIX: looping logic error, doesn't need to increase with 1, if we do 8 checks every turn... 2016-10-28 13:06:34 +02:00
Michael Farrell b6e05350b2 hf mf sim: Multiple fixes (iceman1001/proxmark3 #45) 
- Fix `hf mf sim` to use nonce_t structures, so key recovery works
- Increases verbosity on the key recovery functionality
- Fix use-after-free for k_sector
- Add help info on `e` option to `hf mf sim`
 2016-10-22 21:53:53 +11:00
iceman1001 d5bded10e2 CHG: lowered the timout again, but re-added the spindelay since 14a requires 5ms powerup before entering the idle-state where tag starts to listen. 
CHG: fix the ticks compare xx > 1 into  xx >= 1
 2016-09-23 23:23:17 +02:00
iceman1001 f885043422 FIX: "hf 14a read" / "hf mf *" / "hf mfdes info" and failure when calling these commands serveral times in row. 
For long transactions the sspclock compare with >1 instead of >=1 ..   Now the timer resets properly.
CHG: use some #define constants for iso-commands.
 2016-09-23 21:28:07 +02:00
iceman1001 be818b1417 FIX: Forget that the prng was 0x8000 length and not 0xFFFF. Sorry. Also returned to the decomposed loop. Don't know if this armsrc optimises this at compilation time. Does someone know? 
CHG: returned the iso14443a_setup order, it might influence my older PM3 device.

*Note*  my Elechouse revisions PM3 works great with this but my older xpfga (green pcb) is hopeless.  It can't fix onto the nonces in 'hf mf mifare'  I think its too slow.
 2016-08-31 19:17:39 +02:00
iceman1001 ed8c2aeb63 CHG: forgot a semicolon... 2016-08-24 15:05:10 +02:00
iceman1001 bcacb3168b CHG: removed some extra time to sync, 
CHG: first_try ,  it must recalibrate all the times when it comes from the client.
 2016-08-24 15:01:36 +02:00
iceman1001 f38cfd6693 CHG: fixed the collapsing comments when opening this file in notepad++ Need spaces between // text or /* ... 2016-08-24 12:34:34 +02:00
iceman1001 6067df30c5 FIX: at least now the special zero parity attack, repeats and doesn't crash. However it doesn't find the key either :( 2016-08-10 10:55:29 +02:00
iceman1001 df007486f5 ADD: @donwan581 select keytype for the darkside attack. 2016-08-04 21:51:26 +02:00
iceman1001 6b23be6b7e CHG: cleaning up. 2016-08-04 21:37:43 +02:00
iceman1001 0a856e292a CHG: adjusted the debug message to the correct mfkey32v2 with right number of parameters. 2016-06-22 09:35:18 +02:00
iceman1001 b070f4e495 CHG: only need a byte in this loop 2016-04-29 22:24:37 +02:00
iceman1001 57850d9dfb CHG: FpgaSetupDMA, handle when it returns NULL. 2016-04-27 20:42:44 +02:00