RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-21 07:46:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
1866 commits 3 branches 14 tags 86 MiB
Commit graph

1197 commits

Author SHA1 Message Date
iceman1001 1c8fbeb93e ADD: 'LF T55X7 WAKEUP' command. For tags with AOR bit set, send this command with password to wake tag up and be able to do a "LF SEARCH" etc on it. 
CHG:  Minor code changes on T55X7 code.   Default password is back to 'FF FF FF FF',
REM:  removed @marshmellow42 's wakeup option in "lf t55x7 read",

---  BASICALLY:
if a  T55X7 tag has following bits set:
AOR -  send wakeup command with pwd, to enable LF interacting with it.
PWD -  send read/write/trace/info command with pwd.  No need to send wakeup.
 2015-10-21 09:12:33 +02:00
iceman1001 f82894ba69 CHG: move some methods, its easier to read now. Cosmetic change. 2015-10-21 09:07:36 +02:00
iceman1001 9276e859a6 ADD: @marshmellows42 's fixes for "lf cmdread" and CHANGELOG.md 
ADD:  Added the "lf t55x7 wakeup" command. It will send a pwd,  and leave the antenna on.
Process like:
1. lf t55x7 wakeup p 11223344
2. lf search

---
It is still not finished,  will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets.
 2015-10-20 19:00:02 +02:00
iceman1001 b87f99f4bb ADD: some more keys found on a pastebin 2015-10-19 22:41:53 +02:00
iceman1001 a826cb0df1 FIX: tnp3sim, now can insert keys if the dumpfile is blank. Like the ,,,lander dumps... 2015-10-19 22:39:08 +02:00
iceman1001 f14c9bf915 FIX: "abort trap 6" error when runing the tnp3sim.lua script was because the CMD_MIFARE_EML_MEMSET needs to sent the bytewitdh now with recent changes in code to deal with different sizes in emulatormemory. the third argument should be 16 instead of 0. 2015-10-17 14:35:04 +02:00
iceman1001 d8a3b6c117 FIX: @tony pointed out that there was a method name lost... its been reinstated :) 2015-10-17 14:16:42 +02:00
iceman1001 a739812e89 FIX: thanks @tony, for pointing out a "end" statement inside tnp3sim.lua 
ADD: @marshmello42 fixs for t55x7
 2015-10-16 23:16:46 +02:00
iceman1001 952a812c00 FIX: a suggested fix for #136 where the "lf t55x7 read" command when called with a password. The call will now try loading the config block, decode it and see if PWD is set. 
If PWD Bit is set,  the call will be allowed to execute.
If PWD Bit is NOT set,  the call will print a message and excute the call but without sending the password.
If config block is not being able to read or decode,   the call with print a warning message and exit the call.
 2015-10-15 19:17:20 +02:00
iceman1001 6a09bea427 CHG: code clean up. Have some questions regarding the CopyVikingTo method. The configblock looks wrong.. 2015-10-15 11:30:37 +02:00
iceman1001 ac2df3460a ADD: @marshmellows fixes for t55x7 reading signal. 
ADD: @marshmellows "diphase" definition for T55x7.
MOV: extracted the aquisition from the t55x7 methods and put them inside lfsampling.c
FIX: pcf7931 write,   there is 16bytes in a block.. not 4 as I thought before.
FIX: t55x7 lowered the WRITE_0 to 16.  Even bigger gap.
 2015-10-15 10:23:15 +02:00
iceman1001 274e7dd110 FIX: fixed the "lf pcf7931 write" input validation. *untested* 2015-10-14 11:16:43 +02:00
iceman1001 ba52aac40e FIX: Removed a arrat from the struct configPcf in "LF PCF7931" 2015-10-12 21:49:11 +02:00
iceman1001 2285d9dd94 FIX: I did a clean up of the "LF PCF7931" code. The write command is not quite done. 
FIX: Added some more "clearCommandBuffer" calls before sending..
 2015-10-12 21:30:54 +02:00
iceman1001 5ee53a0e75 ADD: There were lot of calls to enable tracing, but very few to turn it of afterwards in the methods. 
Don't know if it has some influence but can't hurt calling  "set_tracing(FALSE);"  when method returns.
 2015-10-11 19:14:17 +02:00
iceman1001 3bc7b13d23 ADD: @marshmellow42's decrypt crypto-1 method, 
ADD:  @piwi's latest commit to PM3 Master, aiming at the WDR in "hf mf mifare".
 2015-10-11 09:07:29 +02:00
iceman1001 e98572a1e2 I just merged @marshmellow's branch "iclass" and that was a lot of new functionality. *great work* 
Things like the ICLASS, tryDecryptWord,

--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation,  start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written,  which has a lousy input check..
 2015-10-07 23:00:46 +02:00
iceman1001 f3cfe428f8 ADD: fixed some spelling misstakes in luascript. 
ADD: fixed some spelling misstakes in "hf mfu eload" help
 2015-10-05 21:25:00 +02:00
iceman1001 0de8e3874d A lot of changes... 
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities,   (not a proper DEMOD, but a start)
.. GetCountUS  better precision from @pwpivi
.. bin2hex,  hex2bin  from @holiman

...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler,   nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block...  See Issue #136  https://github.com/Proxmark/proxmark3/issues/136    Not solved yet.

...
Started add SHA256..   not working yet..
 2015-10-04 18:01:33 +02:00
iceman1001 05beaa8dd8 MINOR CHG: help text change for the "lf t55xx config" command. change NZ into NRZ 2015-08-12 21:39:29 +02:00
Iceman a71c68bdf0 Merge pull request #4 from gcohen55/ubuntu_makefile 
updated makefile, readme
 2015-08-04 09:34:24 +02:00
Gil Cohen 8fac5452b8 updated makefile, readme 2015-08-03 23:07:57 -05:00
iceman1001 a82c1ac827 FIX: A old bug regarding: CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K command, where it causes the USB_COMMAND_BUFFER to overfill is corrected. The message: "WARNING: Command buffer about to overwrite command! This needs to be fixed!" was showing when it happens. 
The solution is not to add the CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K  to the storeCommand function.
 2015-07-31 18:48:58 +02:00
iceman1001 f62b5e1204 added @piwi 's usb speed test. 
.. found out that my usb speed is really slow.  Started to look for reasons. Have a win7 64 env, running on a vmware image.
 2015-07-31 10:37:24 +02:00
iceman1001 5de79e20f1 MOD:: reverse back changes to 14443b.c 
ADD: the hid-flasher/usb_cmd.h  wasn't up to date with how it's other file /common/usb_cmd.h looks like.
ADD: utils.lua  14443v crc inside LUA.
ADD: utils.lua  ConvertAsciiToHex method and minor adjustments checks.
 2015-07-28 21:33:09 +02:00
iceman1001 3b4fa54235 REM: Remove a double pasted section of local variables. 2015-07-24 20:34:31 +02:00
iceman1001 14e1862537 REM: removed a comment 
ADD: added the ISO14443b command to commands.lua
 2015-07-24 16:45:52 +02:00
iceman1001 7838f4beba MERGED: @holimans changes 
MERGED: @piwi changes
MERGED: @marshmellows changes.

I'm not even gonna try write up all that stuff..

ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32.   It is also inside the "hf 14a sim" with the "x" parameter.
 2015-07-22 23:00:52 +02:00
iceman1001 f445df401e ADD: started with adding a "LS" command that lists the commands without the help text printed. To give easy clean list. 2015-07-22 11:19:15 +02:00
iceman1001 5b59bf20c7 FIX: "hf list 7816", the s-blocks is now also printed. 
FIX: iso14443b.c got some minor adjustments in the demod and codeas14443btag. Seems it works better for me.
I still have the problem with powerup of a 14b tag.  I need to run the "14b raw -c -p 05 00 08" a couple of times before I get an answer.
 2015-07-19 23:24:19 +02:00
iceman1001 db25599d7f ADD: @holiman's clearCommandBuffer in cmdlft55xx.c 
ADD: @VERTCraig's AVID commands.

TEST: testing some changes to iso14443 demod.
 2015-07-18 20:43:14 +02:00
iceman1001 c5f8c67ab4 ADD: ISO7816-4 annotation in "hf list". 
Only basic 7816 command apdu supported. USAGE::"hf list 7816"
 2015-07-17 21:56:00 +02:00
iceman1001 d8af608f8e TEST: Moebius two noce mfkey32... 2015-07-13 23:06:49 +02:00
iceman1001 b10a759fef @PM3 master merges, Piwi fix for mfnested 
@Marshmellow42 's fix for FDB
 2015-07-12 22:58:16 +02:00
iceman1001 6de14cec0e CHG: some minor changes in the ouput from hf 14b raw. 
ADD: @marshmello42 's textual change in LF.
 2015-06-29 22:37:55 +02:00
iceman1001 c830303d7e FIX: @pwpiwi 's fixes for darkside / nested attack about the NACK/PRNG bugs. 2015-06-25 12:41:39 +02:00
iceman1001 5ce7e22af6 ADD: forgot the zlib and some new fpga compress file.s 2015-06-25 12:29:41 +02:00
iceman1001 17ad0e0948 ADD: @marshmellow42 's 14b fixes. 
FIX: 14b sim changes in  iso14443b.c ,  *experimental*   I took some timing loops from "14a sim" armsrc/iso14443a.c  and merged it into the "14b sim".   Now using two pm3's I can have one simulating and the other reading and it works.  Ask @pwpiwi if you want to know more of what those timing loops does.  Something about waiting for the fpga delay queue...
 2015-06-25 12:25:44 +02:00
iceman1001 9783989b40 ADD: pwpiwi 's FPGA compress 2015-06-25 12:22:34 +02:00
iceman1001 f53020e729 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/Makefile
	armsrc/iso14443b.c
	armsrc/lfops.c
	client/cmdhf14b.c
	client/cmdhfmfu.c
	fpga/fpga_hf.bit
	fpga/hi_read_rx_xcorr.v
 2015-06-23 23:02:29 +02:00
iceman1001 d0f3338e0c ADD: PACE functionality ref: https://github.com/Proxmark/proxmark3/pull/121 
FIX:  some missing usb_commands for EPA.
 2015-06-23 22:30:18 +02:00
Martin Holst Swende 1e1de234ac Merge pull request #121 from frederikmoellers/master 
Add PACE replay functionality
 2015-06-23 22:23:08 +02:00
Martin Holst Swende b8d34d0598 Merge pull request #118 from marshmellow42/master 
fix t55xx write timing
 2015-06-23 22:18:50 +02:00
iceman1001 24344f28ad FIX: ref 2ec8773314 
@marshmellow42 's fixes for pskdemod and mfu.
 2015-06-23 19:22:40 +02:00
marshmellow42 2ec8773314 fix bug in pskdemod return value if no samples... 
... caused crash in data psknexwatchdemod if no samples were in the
graphbuffer.
also fixed hf mfu wrbl and rdbl to allow printing of help without a tag
being present.
 2015-06-23 12:16:23 -04:00
pwpiwi 01b7a6a898 Merge pull request #114 from pwpiwi/iso14443b_fix 
fixing iso14443b (issue #103): fix bug introduced during Bigbuf rework
 2015-06-23 07:14:52 +02:00
Frederik Möllers 3bb07d96c8 Add PACE replay functionality 
This function allows the user to specify APDUs which are sent to a card
supporting the PACE protocol. The response times are measured and
printed.
The code was pulled from the old Google Code repository (branch "epa")
and modified to fit into the new code base.
 2015-06-22 14:20:13 +02:00
iceman1001 22e2470051 ADD: @marshmellow42 fudan detection in hf mfu 
ADD: @marshmellow42 14b reader changes.
ADD: @pwpiwi 14b fixes
 2015-06-21 11:07:05 +02:00
marshmellow42 7c8b5e6811 comment fudan check possibilities 2015-06-20 21:33:42 -04:00
marshmellow42 f4217d58b6 add ultralight compatible test 2015-06-18 17:19:43 -04:00
iceman1001 abb215301c add: @pwpipi 's fixes to 14B 2015-06-18 09:52:53 +02:00
iceman1001 02984d683c ADD: @marshmellow42 's help text changes to the reveng 2015-06-18 09:52:25 +02:00
pwpiwi 132a02179c fixing iso 14443b (issue #103): 
- fix: treat empty commands as error
- deleting dead code
- rename USB-Commands (ISO14443 -> iso14443B)
 2015-06-18 09:49:22 +02:00
pwpiwi d5875804a3 fixing iso14443b (issue #103): 
fix: don't waste time to calculate parity bits. Instead add void parity bits to trace and ignore them on client side
 2015-06-18 07:56:08 +02:00
pwpiwi 51d4f6f114 fixing iso14443b (issue #103): 
- fix: IQ demodulator (FPGA)
- fix: approximately align reader signal delay to tag response delay (FPGA)
- fix: remove deprecated RSSI calculation to improve decoder speed (iso14443b.c)
- fix: better approximation of signal amplitude to avoid false carrier detection (iso14443b.c)
- fix: remove initial power off in iso14443b raw command (iso14443b.c)
- add: enable tracing for iso14443b raw command (iso14443b.c)
- fix: client crashed when checking CRC for incomplete responses (iso14433b.c)
- speeding up snoop to avoid circular buffer overflow
- added some comments for better documentation
- rename functions (iso14443 -> iso14443b)
- remove unused code in hi_read_rx_xcorr.v
 2015-06-17 20:27:36 +02:00
iceman1001 553e868f25 CHG: just made sure it uses a default file name now. 2015-06-15 21:02:17 +02:00
iceman1001 d71d59dbd1 ADD: @marshmellow42 's 14b changes. 2015-06-15 20:59:01 +02:00
iceman1001 ffaa0ff334 FIX: removed width in cmdcrc.c , to get rid of the compiler warning. 2015-06-15 13:59:33 +02:00
marshmellow42 6ac4cb270a minor fixes 
see @icemant1001 -
0ad1a1d492
for more details
 2015-06-15 00:44:57 -04:00
iceman1001 96e41bfcec add: a .gitignore to be able to add the folder client/obj/reveng. 2015-06-14 23:32:20 +02:00
iceman1001 d7f3f65361 add: a .gitignore to be able to add the folder client/platforms. 2015-06-14 23:31:52 +02:00
iceman1001 2495281d14 fix; stupid fixes for some compiler warnings messages of unused variables.. 2015-06-14 23:31:05 +02:00
iceman1001 0ad1a1d492 FIX: minor variable fixes when compiling on linux. 
cmddata.c: In function ‘Cmdmandecoderaw’:
cmddata.c:420:2: warning: format ‘%i’ expects argument of type ‘int *’, but argument 4 has type ‘size_t *’ [-Wformat=]
  sscanf(Cmd, "%i %i", &invert, &maxErr);
  ^

cmdlfem4x.c: In function ‘CmdEM410xRead’:
cmdlfem4x.c:58:2: warning: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat=]
  sprintf(id, "%010llx",lo);
  ^
 2015-06-14 23:02:52 +02:00
iceman1001 32719adfa1 ADD: added support for some NTAG/EV1 commands to "hf 14a sim" on device side. 
0x1B (authenticate)
          0x3a (fast read)
          0x60 (get_version)

       This is used in a new mode on client,  "hf 14a sim t 7"
 2015-06-14 22:40:18 +02:00
Martin Holst Swende 26fbe1fbd9 Merge pull request #117 from marshmellow42/master 
askbiphase bug fix
 2015-06-14 19:32:36 +02:00
iceman1001 c043981c04 chg: added some more outputs to the reveng-crc script e.lua ... now shows -b -B -l -L also in columns. You'll need to read the reveng -h helptext to understand. 2015-06-14 17:19:41 +02:00
iceman1001 b4c1f167da FIX: old bug back, and now fixed again. @marshmellow42 2015-06-14 17:18:22 +02:00
marshmellow42 fd227f4e7d add comment 2015-06-14 11:11:00 -04:00
marshmellow42 c7d6721290 bug fix. askdemod edits invert pointer, cannot be 0 2015-06-14 10:54:55 -04:00
iceman1001 1299c798fc ADD: @marshmellow42 's 14b reader changes. 
FIX: @marshmellow42 's ASKbiphaseDemod fixes.
CHG: added a check in ASKbiphaseDemod to make a compiler warning message go away.
 2015-06-14 14:39:50 +02:00
Martin Holst Swende 0f5b97d92c Merge pull request #115 from marshmellow42/master 
add-ons and bug fixes
 2015-06-14 09:02:13 +02:00
iceman1001 1417a7f9d0 minor textual changes from @marshmellow42 2015-06-13 12:14:38 +02:00
iceman1001 99789601dc ADD: @marshmellow42 's new "-g" search for crc in a hexstring *great* 
ADD: fixes in the reveng calling methods
 2015-06-10 08:46:16 +02:00
iceman1001 68ff832584 fix: nice output.. 2015-06-09 21:46:22 +02:00
iceman1001 dd1df4901d @marshmellows memory fixes for reveng1.30 in client.. 2015-06-09 21:32:22 +02:00
iceman1001 817d709615 @marshmellows memory fix 2015-06-09 21:29:24 +02:00
iceman1001 d352146782 CHG: minor layout and call fixes to e.lua (the test script for hooking up reveng1.30) 2015-06-09 21:28:06 +02:00
iceman1001 60e8657796 CHG: all @marshmellow42 's changes to make the reveng work. 
ADD: lua script test for using the reveng inside lua.  *prove of concept*
      it implements -h help
                    -d  data in a hexstring
                    -w  width of the crc family. (ie 16 gives all CRC-16 calculations.
     it iterates thru all found crc presets in a crc family based on the width of crc.  It calcs crc and the reverse crc.
 2015-06-09 13:31:53 +02:00
iceman1001 a71ece51e4 ADD: iso11784/85 FDX-B 
ADD: the source from RevEng 1.30, got into the PM3 client.
 2015-06-07 11:35:49 +02:00
marshmellow42 8e2e6c8eb0 add clock to ask rawdemod outputs 
fix biphase invert bug (correctly)
 2015-06-07 00:42:57 -04:00
marshmellow42 07b5a3c3ba Modified kermit crc to use existing crc calc code 2015-06-05 22:39:56 -04:00
marshmellow42 c2c7f6c271 fdx-b clean up 2015-06-04 13:10:33 -04:00
marshmellow42 6eaa8da9dc Add CCITT Kermit CRC check for FDX-B demod 2015-06-04 12:53:19 -04:00
iceman1001 ad6219fc91 ADD: @marshmellow42 's fixed version of the ISO11784 FDX-B 
ADD: crc16_ccitt_rev  (reverse version of crc16_ccitt 0x0000)
 2015-06-04 10:33:55 +02:00
marshmellow42 cf4d3e21b0 add fdx-b to cmddata.h 2015-06-04 00:05:37 -04:00
marshmellow42 ecfcb34cc5 add fdx-b to lf search 2015-06-04 00:04:49 -04:00
marshmellow42 b2c330b367 bug fix - biphase invert + fdx-b adjustments 2015-06-03 23:59:22 -04:00
marshmellow42 fd1d30cb76 addition animal tags demod info 2015-06-03 18:28:56 -04:00
marshmellow42 04bb05670d Testing animal tags 2015-06-03 16:52:20 -04:00
iceman1001 22a6a62fbb ADD: removed the paritythingy, I missunderstood its purpose. 2015-06-03 22:38:59 +02:00
iceman1001 7f96433c8a CHG: trying to get the askdemod / biphasedeocde / finding startmarker / removeparity to work in ISO11784demod 2015-06-03 22:19:32 +02:00
iceman1001 0df669a298 ADD: next step ISO11784/85 2015-06-03 21:35:03 +02:00
iceman1001 615f21dde2 FIX: a minor bug fix from @marshmellow42 in "data raw" and ask/biphase. 
ADD: started witha  ISO11784/85 demod function.
 2015-06-03 21:12:24 +02:00
iceman1001 4abb052f38 CHG: removed an extra fclose call 2015-06-02 12:20:48 +02:00
iceman1001 1c6e7f0393 ADD: @marshmellow42 's infineon MY D(tm) MOVE LEAN tag identification 2015-06-02 12:20:16 +02:00
iceman1001 d31d3804fe CHG: help text output was not aligned because of tabs/spaces 2015-06-02 12:18:54 +02:00
Martin Holst Swende 6a2e5adffd Merge pull request #108 from p-l-/fix-hf-mf-csave 
Ported hf mf esave trick for unreadable UIDs to hf mf csave
 2015-06-01 19:57:57 +02:00
marshmellow42 4a74e2be72 add my_d move lean identification. 2015-06-01 00:18:03 -04:00
iceman1001 af3b8b2dc6 CHG: remade selftest structure 
CHG: removed debugstatements
 2015-05-31 22:33:12 +02:00
marshmellow42 be290d68bd new lua script from @iceman1001 + bug fix in hf mfu 2015-05-31 16:08:58 -04:00
iceman1001 e86a89044a FIX: minor fix to the magictest function. It always makes a select tag first, but never took in consideration that the tag already could have been selected. 2015-05-31 21:49:00 +02:00
iceman1001 2d2f7d1948 ADD: @marshmellow42 's changes / fixes. 2015-05-31 21:47:33 +02:00
iceman1001 7142c87e1f ADD: a script to dump a specific type of Mifare Mini tags. 2015-05-31 21:46:25 +02:00
marshmellow42 1c4c0b0681 add @Iceman1001 s sha1 scripting changes. 2015-05-30 21:51:15 -04:00
marshmellow42 185e038c7d fixed further typo in lf t5 wr help 
also fixed offset option char to uint8_t warning in the new offset
option in data printdemodbuffer
 2015-05-28 23:14:06 -04:00
marshmellow42 5b37e87a24 fix help typo 2015-05-28 22:52:41 -04:00
marshmellow42 979bba376d add offset option to data printdemodbuffer 
easily see demod buffer's hex values at different bit offsets by using:
data printdemodbuffer x o <offset>
 2015-05-28 13:23:31 -04:00
iceman1001 95aeb706d7 CHG: @marshmellow42 changes on deviceside. 
ADD: increase debuglevel for printing a statment in ul_ev1_auth
 2015-05-27 23:23:46 +02:00
marshmellow42 4973f23d3c clean up mfu device side code 
+ add xor calc to util (prep for desfire)
commented out MifareUWriteBlockCompat as it isn't used in client
currently (it is a command we could support..  but why?)
relabeled a few device side mfu functions to be clearer.
 2015-05-27 12:24:13 -04:00
marshmellow42 dcbaa2b582 @iceman1001 s lua script fix 2015-05-26 20:31:07 -04:00
iceman1001 b18948fd92 ADD: aes128_encrypt ECB in scripting.c 
ADD: aes128_decrypt ECB in scripting.c
ADD: Sha1Hex method in utils.lua
 2015-05-26 21:51:18 +02:00
marshmellow42 22342f6dfe Add clearCommandBuffer before SendCommand 
adjust output of mfu rdbl to be consistent
fix output of mfu dump in case startPage was specified. (also was
missing "i" in second print...)
 2015-05-26 10:40:23 -04:00
iceman1001 ea75b30c81 ADD: SHA1 hashes calculations in sha1.c and LUA 2015-05-26 16:12:33 +02:00
iceman1001 b69947c245 CHG: print up to 20 possible keys. 2015-05-26 11:05:57 +02:00
iceman1001 c3c241f389 CHG: moved a xor function into util.c 
CHG: added some calls to clearCommandBuffer() in /hf mfu/hf 14a sim/hf mf sim/ commands.
CHG: minor adjustments to relative pathing.
 2015-05-26 11:04:57 +02:00
iceman1001 7c60a801d6 FIX: one too many parenthesis 2015-05-25 13:16:10 +02:00
iceman1001 c068ebb78f Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/mifarecmd.c
	client/cmdhfmf.c
 2015-05-25 13:13:06 +02:00
iceman1001 46cd801c5a FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. 
MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file
CHG: added @marshmellow42 changes to hf mfu dump layout.
ADD: an extra call to BigBuf_free in readcard..  just to make sure that it doesn't leak memory.
ADD: expermimental call to "try32" for "hf mf sim x".
 2015-05-25 13:10:55 +02:00
Pierre LALET 1d537ad65c Ported hf mf esave trick for unreadable UIDs to hf mf csave 
Thanks: iceman1001
 2015-05-25 11:47:27 +02:00
marshmellow42 e406dd5cc9 Merge remote-tracking branch 'upstream/master' 2015-05-24 22:31:13 -04:00
marshmellow42 79d7bcbb51 updated mfu rdbl and wrbl commands 
@iceman1001 s rdbl and wrbl cmd updates.
dump screen output adjusted
 2015-05-24 22:28:21 -04:00
Pierre LALET 292fe72535 Fix filenames for hf mf cload / csave 2015-05-24 22:43:08 +02:00
iceman1001 7444d916c6 FIX: hf mfu dump, now reads correct memory from device-side. 
CHG: hf mfu dump - output data styled :)
 2015-05-24 21:51:44 +02:00
iceman1001 d23f3f2c9a FIX: ELOAD/ESAVE/CLOAD/CSAVE filename bufferoverflow, and filename generation if UID not readable. 
Thanks @p-l-
ref: 0b14440dce
 2015-05-24 21:50:15 +02:00
Pierre LALET 0b14440dce Fix filenames for hf mf esave / eload 2015-05-24 20:14:22 +02:00
marshmellow42 0ce03d9ab0 fix mfu dump getbigbuffer bug 
Thanks @iceman1001 for catching my oops, and fixing it :)
 2015-05-23 22:35:50 -04:00
iceman1001 ce432659f2 Adjustments after the big merge from PM3 master. 2015-05-23 08:38:46 +02:00
iceman1001 bcf61bd34a Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	README.txt
	armsrc/appmain.c
	armsrc/apps.h
	armsrc/des.c
	armsrc/iclass.c
	armsrc/mifarecmd.c
	armsrc/mifareutil.c
	armsrc/mifareutil.h
	client/cmddata.c
	client/cmdhf.c
	client/cmdhf14a.c
	client/cmdhficlass.c
	client/cmdhfmfu.c
	client/cmdhfmfu.h
	client/cmdscript.c
	client/lualibs/commands.lua
	client/lualibs/html_dumplib.lua
	client/scripting.c
	client/util.c
	common/protocols.h
	include/usb_cmd.h
 2015-05-23 08:16:40 +02:00
marshmellow42 012c0761bd hf mfu minor output adjustments 
dump key placed properly for EV1 and NTAGs

config pages for ntags corrected in printout

note on config that PWD and PACK cannot
actually be read from memory  (probably could just delete them (other
than it shows what memory block they are stored in for changing...)
 2015-05-22 13:17:51 -04:00
marshmellow42 8f2e50b4c5 mfu info authkeyptr fix 
didn't follow @iceman1001 s l parameter changes fully...  fixed now..
:)
 2015-05-22 07:29:18 -04:00
iceman1001 a7e7cd419a FIX: camelcase on a variable caused some issues. 2015-05-22 08:48:23 +02:00
marshmellow42 06561c34ef fix to dump cmd print keys. 
add l option to info cmd.
add ascii print to dump (screen only)
other minor clean up
 2015-05-22 00:15:57 -04:00
iceman1001 2491a25235 FIX; the "L" optional parameter for swapping endianess on used authentication key. It is now implemented for following commands. 
"HF MFU INFO"
"HF MFU DUMP"
"HF MFU RDBL"
"HF MFU WRBL"

CHG;  I commented away the option to add the key to the dump, since it is not written in big-endian, like the data is on ULC. This needs to be addressed before it comes back. I like the idea of having keys inside the dumps on the correct places.
 2015-05-21 23:17:01 +02:00
marshmellow42 efd193519c hf mfu bug fixes, and help text fixes 2015-05-21 11:17:01 -04:00
iceman1001 f605970307 FIX: call the wrong usage_hf_mfu method. 
CHG: minor help text changes.
 2015-05-20 23:52:56 +02:00
iceman1001 fff69a1e34 CHG: Merged the "hf mfu rdbl" and "hf mfu crdbl" commands into "hf mfu rdbl". One read command. 
CHG:  Merged the "hf mfu wrbl" and "hf mfu cwrbl" commands into "hf mfu wrbl". One write command.

Both new commands implement a help, authentication (0x1A/0x1B) for ULC and the rest,
 2015-05-20 23:44:11 +02:00
marshmellow42 1c429594a1 further mfu info updates 
needed to auth select when a command failed for locked tags.
some output cleanups from @iceman1001
 2015-05-20 16:47:40 -04:00
iceman1001 329f5cf2a5 CHG: making sure all outputs follow the same pattern in "hf mfu info" 2015-05-20 22:04:40 +02:00
iceman1001 c81a80dc96 FIX: made the authentication part a bit clearer. It now uses two booleans to seperate which type of authentication was requested from user. 2015-05-20 21:44:22 +02:00
marshmellow42 cd87ee9133 finish NTAG i2c +... 
thanks iceman
 2015-05-20 15:42:58 -04:00
marshmellow42 46fcd738e0 finish NTAG i2c +... 
thanks @iceman1001
 2015-05-20 15:41:48 -04:00
iceman1001 1fa96198bb ADD: @marshmellow42 latest fixes, 
CHG: change name to fancey "NTAG I²C 1K"
 2015-05-20 21:03:58 +02:00
marshmellow42 8241872c47 ULEV1_48 had the wrong max block 2015-05-20 14:22:26 -04:00
marshmellow42 ea11861793 minor adjustments to hf mfu 2015-05-20 14:17:43 -04:00
marshmellow42 c7442b7673 Add NTAG i2c and bug fix 
also streamlined select tag code
 2015-05-20 14:06:46 -04:00
iceman1001 623db3559b CHG: the new NTAG_i2c_1K enums, broke the uint16_t size.. Had to go up one level. 2015-05-20 19:26:11 +02:00
iceman1001 05f7accdbb CHG: @marshmellows changes. 
ADD: NTAG i2c 1K / NTAG i2c 2K identification.
 2015-05-20 19:20:26 +02:00
marshmellow42 a383f4b708 Add ntag 210, 212, 203 and bug fix 2015-05-20 11:27:44 -04:00
iceman1001 b61e397962 ADD: NTAG_210, NTAG_212 support / identification. @marshmellow42 's idea. 2015-05-20 14:09:40 +02:00
iceman1001 e9bb4f47ee CHG: "hf mfu info" now always tries to read the NDEF CC. (was restricted to only NTAG213,215,216 before) 2015-05-20 10:36:55 +02:00
iceman1001 593fc3c9a3 FIX: comment out a #include to reveng (my experiment) 
ADD: Started to add a NTAG203 identification.   Its a hard tag to pinpoint. Doesn't have GET_VERSION,
 2015-05-19 21:45:06 +02:00
marshmellow42 29250969b0 @iceman1001 s comments/updates mfu cmds 2015-05-18 22:07:11 -04:00
iceman1001 e7e9508883 @Marshmellow42 's cleanup isn device-side "hf mfu" code. Looks nice. Dump uses bigbuffer now, and can dump NTAG216 :) 
Consistency on the client-side code "hf mfu".  looks nice.
 2015-05-18 20:58:33 +02:00
marshmellow42 9d87eb6650 MF ultralight code cleanup 2015-05-18 13:11:00 -04:00
marshmellow42 8258f40969 Iceman1001 s MFU clean up 
cleaned up MF UL_C auth code device side.
 2015-05-17 20:49:25 -04:00
iceman1001 4f5cb23aa1 CHG: the name change from "HF 14A SNOOP" -> "HF 14A SNIFF" 2015-05-16 15:37:27 +02:00
iceman1001 9962091e29 ADD: experimantal test of adding "reveng 1.30" source code into the PM3 Client. 2015-05-16 15:36:40 +02:00
iceman1001 9cdd47c292 chg: @marshmellows changes to "hf 14a reader" 
add: the experimental "hf 14a sim x" attack impl.
chg: sorry, but I never liked that sniffing was called snooping in this command. So I changed it to "sniff".
 2015-05-16 15:30:17 +02:00
iceman1001 833081e3e7 add: @marshmellow changes, 
chg: remade the authentication for ULC..
 2015-05-16 15:27:53 +02:00
marshmellow42 cceabb79e6 mfu info / dump attempt at missing auths 
NOT TESTED.  will test soon.  probably has bugs!
 2015-05-16 01:00:31 -04:00
marshmellow42 ae8303c13c mfu dump - beginning of additions 2015-05-15 01:19:58 -04:00
marshmellow42 5b99376a8f hf mfu dump testing 2015-05-15 00:57:51 -04:00
marshmellow42 93737008ee @iceman1001 s default keys 2015-05-14 22:55:18 -04:00
marshmellow42 9ccfb3a8bc @iceman1001 's updated lualibs 2015-05-13 21:36:20 -04:00
marshmellow42 ab7fdfcbed @iceman1001 updated scripts 2015-05-13 21:20:23 -04:00
marshmellow42 d730878d8c scripting updates from @iceman1001 
it compiles but i'm not sure how to fully test it...
:)
 2015-05-13 21:14:35 -04:00
iceman1001 224e8c1a4d ADD: @marshmellows fixes 2015-05-13 20:16:18 +02:00
marshmellow42 6fdf42c61c minor hf mfu info adjustment from @iceman1001 2015-05-13 11:22:27 -04:00
marshmellow42 e6432f0579 @iceman1001 s coverity scan fixes 2015-05-13 11:14:17 -04:00
marshmellow42 2b3af97df2 various bug fixes 2015-05-13 11:07:47 -04:00
iceman1001 7a5d49b5b4 @marshmellow42 ideas 
FIX: removed some unneeded calls to ul_switch_off_field.
FIX: once again the OTP is printed nevertheless if its a NDEF CC
 2015-05-13 15:48:32 +02:00
iceman1001 664bb5ae72 BUGS: more Coverity scan fixes. 2015-05-13 14:08:59 +02:00
iceman1001 2696349f16 BUGS: Coverty Scan, fixes some memory bugs 2015-05-13 13:23:53 +02:00
iceman1001 046fd76608 a minor clean up when printing the key 2015-05-13 09:15:53 +02:00
iceman1001 8949bb5dad Added @marshmellow42 "hf search" 2015-05-13 09:13:42 +02:00
iceman1001 63146229bd ADD: preparation for @marshmellow42 "hf search" 
FIX: the "hf list" had not correct spaces between the lines, in my version. Fix now.
 2015-05-13 09:10:47 +02:00
iceman1001 c92cf81495 minor textual changes 2015-05-13 09:07:47 +02:00
iceman1001 70ee301e0d another key.. 2015-05-13 09:05:21 +02:00
marshmellow42 a2e2bb8a15 hf mfu info - ICEMANS updates 
plus slight change to UL_EV1 auth annotation.
 2015-05-12 18:16:55 -04:00
marshmellow42 6ce0e5386a HF Search - refactoring cmds to work with it 2015-05-12 16:45:48 -04:00
iceman1001 e9a85114c5 ADD: Print the key for ULEV1/NTAG authentication if sent in cmdhf.c "HF LIST 14A" 2015-05-12 20:27:45 +02:00
iceman1001 3fd842ed98 ADD: found a BCARD KeyB on the net. ref: http://irq5.io/2013/04/13/decoding-bcard-conference-badges/ 2015-05-12 19:50:47 +02:00
iceman1001 b6901e17c8 FIX: increased the limit to 0xE6 for MIFARE_ULEV1_FASTREAD 
ADD: @marshmellows inital "hf search" command...
 2015-05-12 18:57:47 +02:00
iceman1001 98cdd56862 ADD: added option to call "hf mfu info" with a authentication key. 
ADD: added a help text for "hf mfu info"   usage_hf_mfu_info
ADD: added @marshmellows changes & fixes.
 2015-05-12 18:55:34 +02:00
marshmellow42 8ceb6b03e5 hf search - prelim - re-use hf mfu GetTagType... 
in hf 14a reader to identify UL(+)

still a work in progress.
 2015-05-12 00:19:44 -04:00
marshmellow42 2be768af57 hf mfu info bugs 2015-05-11 18:22:50 -04:00
marshmellow42 4693c188ab minor hf mfu output consistancies 2015-05-11 16:25:11 -04:00
marshmellow42 345fb24aaa hf mfu info - ICEMANS bug fixes. 2015-05-11 15:56:12 -04:00
marshmellow42 f04ef47311 hf mfu info bug fixes 2015-05-11 14:49:37 -04:00
iceman1001 fce738fc90 CHG: minor textual changes, consistency... 2015-05-11 20:38:13 +02:00
iceman1001 f288cb607f ADD: added a List parameter to tnp3clone.lua script. 2015-05-11 19:38:53 +02:00
iceman1001 0ad970fb02 ADD: another default key: VIGIK1 2015-05-11 19:37:44 +02:00
iceman1001 ebd7412d7d BUG: Read the wrong page(2) as Capability container, should be 3. 
BUG:  NTAG 215 identification was wrong (!=)  should been (==)
 2015-05-11 15:54:02 +02:00
marshmellow42 f805ac7a2b minor adjustments to mfu info 2015-05-08 13:01:27 -04:00
marshmellow42 c585a5cf0b further MFU info updates (mainly icemans) 2015-05-06 22:15:41 -04:00
iceman1001 802319a37e ADD: added the new magic detection, where we send a partial ISO14443A_CMD_WRITEBLOCK (0xA0) command to page 0. if the tag answer 0xA ACK (its magic) or if it answers 0x00 NACK its not. 
The normal behavior for a tag is to send NACK.
 2015-05-06 23:50:31 +02:00
iceman1001 334cc089c9 CHG: clearing a char array before using. 2015-05-06 22:41:40 +02:00
iceman1001 aebe77905b CHG: extracted the UL_C & UL magic tests. 
ADD: a raw write command also there.
CHG: "hf mfu info" got some more love,  looks better too.
      UL_EV1 / NTAG,  only try known passwords if AUTHLIM is set to 0.
 2015-05-06 22:40:46 +02:00
marshmellow42 372a82570b MFU adj to allow 0 len returns on raw cmds 2015-05-06 10:17:39 -04:00
marshmellow42 45673b9457 MFU adjustment to allow 0 len returns from raw cmds 2015-05-06 10:16:31 -04:00
marshmellow42 abab60ae21 MFU info adjustments 2015-05-06 09:27:03 -04:00
iceman1001 74c7ff4770 CHG: @marshmellows changes to anntations. 2015-05-06 14:20:24 +02:00
iceman1001 2b03dea768 ADD: UL-EV1 signature printing. 
CHG: @marshmellows changes.
 2015-05-06 14:19:23 +02:00
iceman1001 69a2953679 FIX: nasty bug when memcpy structs.. 
ADD: @piwi's  topaz commands
 2015-05-06 09:30:48 +02:00
marshmellow42 75377d29d6 MFU - Icemans further improvements 
add UL-C device side read card with authentication
add MF_UL-Annotations
add ntag, and more ul descriptions in hf mfu info
 2015-05-06 00:55:29 -04:00
iceman1001 a903be4361 CHG: "HF MFU INFO" extracted more printstatements 2015-05-05 23:26:05 +02:00
iceman1001 b9a3c8642e ADD: "HF MFU INFO" Reading and printing of UL-EV1 configuration pages. 2015-05-05 23:14:55 +02:00
iceman1001 8297860e25 CHG: making sure no buffer overflows will occure in ul_send_cmd_raw by adding responseLength parameter to all calls. 
CHG: added UL-C configurations details to be printed
 2015-05-05 22:15:02 +02:00
iceman1001 996fda30ee BUG: missing %s in printing version tagtype. Thanks @Marshmellow! 
BUG: buffer overflow when reading the Capability Container.   Thanks @Marshmellow!
 2015-05-05 13:25:54 +02:00
iceman1001 09c2a802a1 ADD: @holimans changes. 2015-05-05 00:31:02 +02:00
iceman1001 f07e76c687 CHG: minor spelling 2015-05-05 00:27:34 +02:00
iceman1001 e1c88b0965 ADD: @marshmellows changes 2015-05-05 00:26:17 +02:00
iceman1001 2c74558d71 CHG: enhanced the "hf mfu info" a lot. It can detect UL/UL-C/UL-EV1/NTAG213/NTAG215/NTAG216 
and at present it can detect if a UL-C tag is magic (uid changeable)

FOR UL it writes the first configuration pages 0-3.
For UL_C  it tests some default 3des keys,  and lock / confg bytes at pages 42-43,44-47
For UL_EV1  / NTAG  it collects the GETVERSION command and tries to read 3 counters.,  it also tries one default password of 0xFF,0xFF,0xFF,0xFF  for the EV1 /NTAG  authentication 0x1B.

FOR UL_C_MAGIC,  it tries to see if the gatherd nonces for authentication 0x1A is the same, which indicates on my tags that they are magic.

There is the @marshmellow changes to "hf mfu dump" command.

This commit needs testing, and is to be considered experimental.
 2015-05-05 00:25:10 +02:00
marshmellow42 63e1d35a07 Merge remote-tracking branch 'upstream/master' 2015-05-03 23:31:58 -04:00
marshmellow42 f9848fd647 MFU dump UL-C with key 
adding UL-C auth and keys to dump cmd
swapped endian for input of hf mfu crdbl to match output of hf mfu info
cmd and tag info app
 2015-05-03 23:17:11 -04:00
Martin Holst Swende 4b36037948 Fixes to issue #100 2015-05-03 22:09:52 +02:00
marshmellow42 b3125340f3 Icemans UL-C Auth dev side fix plus a few other ... 
... small UL fixes
 2015-05-03 15:41:11 -04:00
iceman1001 1c1c5f4cae CHG: "hf mfu crdbl" help text, got at correct length 3des key. 
CHG: Added @marshmellows fixes for "hf mfu info"
CHG: moved some debug printandlog statements around.
 2015-05-01 15:33:54 +02:00
marshmellow42 7eec1204e7 fix bug in mfu cauth 2015-04-30 10:34:20 -04:00
marshmellow42 92690507ab Iceman's updates to MFU info and dump 2015-04-30 09:28:43 -04:00
iceman1001 1ec21089b2 CHG: the work in progress of making "HF MFU INFO" / "HF MFU DUMP" goes on. 
ook @marshmellows changes and remade them a bit. TagTypeUL_t behaves like a flag-enum.
     "HF MFU DUMP" now autodetects tagtype, and the deviceside should report back proper length.
 2015-04-30 10:15:52 +02:00
marshmellow42 f168b2633b MF Ultralight - Iceman's updates + mine 
Beginning of Ultralight additions.
detection of Ultralight Types added
dump command now auto detects type
can authenticate Ultralight C
 2015-04-29 18:27:31 -04:00
iceman1001 a8be77afd1 CHG: re-factored the "HF MFU CAUTH" command to be simpler. 
ADD:  "HF MFU INFO",  added detection of MAGIC UL-C tags and a simple loop test 5 default 3des keys.
 2015-04-29 20:24:37 +02:00
iceman1001 5e336f53d9 REM: Removed the GetVendorStr, and used the getTagInfo() instead. 2015-04-28 23:32:45 +02:00
iceman1001 5d554ea67f ADD: HF MFU SETUID, this commands helps changing the UID on a magic UL, UL-C tag. 
It reads block2,  since only one byte is going to change. Then it proceds to write block 0,1,2 with recalc BCC1, BCC2 bytes.

CHG:  HF MFU INFO, got some love in the form of detection of UL/UL-C/UL-EV1.  Took same idea from HF 14A READER.
 2015-04-28 23:31:22 +02:00
marshmellow42 bdfb62b405 Iceman's script aes fix #93 
Thanks Iceman (note I did not have a tag to double test this one. :)
 2015-04-28 15:53:07 -04:00
marshmellow42 4745afb647 Iceman's Issue #96 fix 2015-04-28 15:35:23 -04:00
iceman1001 68bf87e0c5 CHG: added some sanity checks for the Ultralight-EV1 annotations, to make less false positives in the tracelog 2015-04-28 20:59:20 +02:00
iceman1001 466bc4599c CHG: fixed a better detection for Ultralight, Ultralight-C, Ultralight-EV1 tags. 
--see https://github.com/Proxmark/proxmark3/issues/96
      -- still todo,  finding a good way of detecting Magic Ultralight-C tags.
      -- thanks @marshmellow for pointing out proper UL-C tags responses is different.
 2015-04-28 20:58:18 +02:00
iceman1001 fab0b37968 CHG: removed linebreak in string. 2015-04-26 18:05:45 +02:00
iceman1001 984f957105 ADD: some more default keys. 2015-04-26 18:05:06 +02:00
iceman1001 c309eca94a CHG: added some linebreaks for the help output in LF. 2015-04-26 18:03:57 +02:00
iceman1001 11b1e2e506 ADD: "HF 14A READ", got ULTRALIGHT C / EV1 annotation 2015-04-26 18:03:21 +02:00
iceman1001 fb2d24882e Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	client/cmddata.c
	client/cmddata.h
	client/cmdhfmf.c
	client/cmdlf.c
	client/cmdlfem4x.h
	client/cmdlft55xx.c
	client/lualibs/default_toys.lua
	client/scripts/tnp3clone.lua
	client/scripts/tnp3dump.lua
	client/scripts/tnp3sim.lua
 2015-04-24 19:04:01 +02:00
iceman1001 395f6a814f ADD: changes to the Ultralight diviersification algo. 2015-04-24 18:38:24 +02:00
iceman1001 1b3c567df2 ADD: charatect name, level, sequence number, 
CHG: minor code clean up.
 2015-04-24 18:37:40 +02:00
iceman1001 0beb94e67b CHG: some minor code cleanup. 2015-04-24 18:36:11 +02:00
iceman1001 bb84c38196 ADD: found another sub-type, 2015-04-24 18:35:09 +02:00
iceman1001 e8b07838ab ADD: more toy-tokens, among others some missing swapforce. 2015-04-24 18:34:24 +02:00
iceman1001 64ad618e9c ADD: some missing enums: 
ISO14A_SET_TIMEOUT = 0x40,
	ISO14A_NO_SELECT = 0x80,
	ISO14A_TOPAZMODE = 0x100
 2015-04-24 18:33:31 +02:00
iceman1001 abcb166ffe ADD: a minor modification to "HF 14A READ" to enable the correct identification between ULTRALIGHT / ULTRALIGHT-C / ULTRALIGHT EV1 tags. 2015-04-24 18:19:51 +02:00
Martin Holst Swende a3abb02897 Merge branch 'master' of github.com:Proxmark/proxmark3 2015-04-23 09:51:04 +02:00
Martin Holst Swende 0e6c7336b0 Fixed issue with dumping iclass tags > 2KB in size 2015-04-23 09:50:44 +02:00
marshmellow42 8e0cf02308 minor change to lf em4x menu & iceman script... 
...updates
 2015-04-10 00:06:59 -04:00
iceman1001 9c09e006d6 CHG: removed unused code. 
FIX: moved some checks to make the script run a tad bit faster.
 2015-04-09 20:38:38 +02:00
iceman1001 26b8f38b63 CHG: changed some help texts. 2015-04-09 20:36:12 +02:00
iceman1001 68e6434527 FIX: some minor corrections to identify more tokens. 2015-04-09 20:35:04 +02:00
iceman1001 d87779d6d1 FIX: fixed a minor bug introduced when changing from OpenSSL -> PolarSSL. 
ADD:  changed code to handle both  encrypt and decrypt AES 128.
 2015-04-09 20:34:34 +02:00
marshmellow42 664f658650 nexwatch fix .h file + icemans mf csetblk w arg 
forgot to include the new nexwatch command in the header...
added icemans hf mf csetblk w parameter fix
 2015-04-08 15:08:05 -04:00
marshmellow42 25d3e5cc83 Merge remote-tracking branch 'upstream/master' 2015-04-08 14:19:19 -04:00