iceman1001
1c8fbeb93e
ADD: 'LF T55X7 WAKEUP' command. For tags with AOR bit set, send this command with password to wake tag up and be able to do a "LF SEARCH" etc on it.
...
CHG: Minor code changes on T55X7 code. Default password is back to 'FF FF FF FF',
REM: removed @marshmellow42 's wakeup option in "lf t55x7 read",
--- BASICALLY:
if a T55X7 tag has following bits set:
AOR - send wakeup command with pwd, to enable LF interacting with it.
PWD - send read/write/trace/info command with pwd. No need to send wakeup.
2015-10-21 09:12:33 +02:00
iceman1001
f82894ba69
CHG: move some methods, its easier to read now. Cosmetic change.
2015-10-21 09:07:36 +02:00
iceman1001
9276e859a6
ADD: @marshmellows42 's fixes for "lf cmdread" and CHANGELOG.md
...
ADD: Added the "lf t55x7 wakeup" command. It will send a pwd, and leave the antenna on.
Process like:
1. lf t55x7 wakeup p 11223344
2. lf search
---
It is still not finished, will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets.
2015-10-20 19:00:02 +02:00
iceman1001
b87f99f4bb
ADD: some more keys found on a pastebin
2015-10-19 22:41:53 +02:00
iceman1001
a826cb0df1
FIX: tnp3sim, now can insert keys if the dumpfile is blank. Like the ,,,lander dumps...
2015-10-19 22:39:08 +02:00
iceman1001
f14c9bf915
FIX: "abort trap 6" error when runing the tnp3sim.lua script was because the CMD_MIFARE_EML_MEMSET needs to sent the bytewitdh now with recent changes in code to deal with different sizes in emulatormemory. the third argument should be 16 instead of 0.
2015-10-17 14:35:04 +02:00
iceman1001
d8a3b6c117
FIX: @tony pointed out that there was a method name lost... its been reinstated :)
2015-10-17 14:16:42 +02:00
iceman1001
a739812e89
FIX: thanks @tony, for pointing out a "end" statement inside tnp3sim.lua
...
ADD: @marshmello42 fixs for t55x7
2015-10-16 23:16:46 +02:00
iceman1001
952a812c00
FIX: a suggested fix for #136 where the "lf t55x7 read" command when called with a password. The call will now try loading the config block, decode it and see if PWD is set.
...
If PWD Bit is set, the call will be allowed to execute.
If PWD Bit is NOT set, the call will print a message and excute the call but without sending the password.
If config block is not being able to read or decode, the call with print a warning message and exit the call.
2015-10-15 19:17:20 +02:00
iceman1001
6a09bea427
CHG: code clean up. Have some questions regarding the CopyVikingTo method. The configblock looks wrong..
2015-10-15 11:30:37 +02:00
iceman1001
ac2df3460a
ADD: @marshmellows fixes for t55x7 reading signal.
...
ADD: @marshmellows "diphase" definition for T55x7.
MOV: extracted the aquisition from the t55x7 methods and put them inside lfsampling.c
FIX: pcf7931 write, there is 16bytes in a block.. not 4 as I thought before.
FIX: t55x7 lowered the WRITE_0 to 16. Even bigger gap.
2015-10-15 10:23:15 +02:00
iceman1001
274e7dd110
FIX: fixed the "lf pcf7931 write" input validation. *untested*
2015-10-14 11:16:43 +02:00
iceman1001
ba52aac40e
FIX: Removed a arrat from the struct configPcf in "LF PCF7931"
2015-10-12 21:49:11 +02:00
iceman1001
2285d9dd94
FIX: I did a clean up of the "LF PCF7931" code. The write command is not quite done.
...
FIX: Added some more "clearCommandBuffer" calls before sending..
2015-10-12 21:30:54 +02:00
iceman1001
5ee53a0e75
ADD: There were lot of calls to enable tracing, but very few to turn it of afterwards in the methods.
...
Don't know if it has some influence but can't hurt calling "set_tracing(FALSE);" when method returns.
2015-10-11 19:14:17 +02:00
iceman1001
3bc7b13d23
ADD: @marshmellow42's decrypt crypto-1 method,
...
ADD: @piwi's latest commit to PM3 Master, aiming at the WDR in "hf mf mifare".
2015-10-11 09:07:29 +02:00
iceman1001
e98572a1e2
I just merged @marshmellow's branch "iclass" and that was a lot of new functionality. *great work*
...
Things like the ICLASS, tryDecryptWord,
--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation, start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written, which has a lousy input check..
2015-10-07 23:00:46 +02:00
iceman1001
f3cfe428f8
ADD: fixed some spelling misstakes in luascript.
...
ADD: fixed some spelling misstakes in "hf mfu eload" help
2015-10-05 21:25:00 +02:00
iceman1001
0de8e3874d
A lot of changes...
...
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities, (not a proper DEMOD, but a start)
.. GetCountUS better precision from @pwpivi
.. bin2hex, hex2bin from @holiman
...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet.
...
Started add SHA256.. not working yet..
2015-10-04 18:01:33 +02:00
iceman1001
05beaa8dd8
MINOR CHG: help text change for the "lf t55xx config" command. change NZ into NRZ
2015-08-12 21:39:29 +02:00
Iceman
a71c68bdf0
Merge pull request #4 from gcohen55/ubuntu_makefile
...
updated makefile, readme
2015-08-04 09:34:24 +02:00
Gil Cohen
8fac5452b8
updated makefile, readme
2015-08-03 23:07:57 -05:00
iceman1001
a82c1ac827
FIX: A old bug regarding: CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K command, where it causes the USB_COMMAND_BUFFER to overfill is corrected. The message: "WARNING: Command buffer about to overwrite command! This needs to be fixed!" was showing when it happens.
...
The solution is not to add the CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K to the storeCommand function.
2015-07-31 18:48:58 +02:00
iceman1001
f62b5e1204
added @piwi 's usb speed test.
...
.. found out that my usb speed is really slow. Started to look for reasons. Have a win7 64 env, running on a vmware image.
2015-07-31 10:37:24 +02:00
iceman1001
5de79e20f1
MOD:: reverse back changes to 14443b.c
...
ADD: the hid-flasher/usb_cmd.h wasn't up to date with how it's other file /common/usb_cmd.h looks like.
ADD: utils.lua 14443v crc inside LUA.
ADD: utils.lua ConvertAsciiToHex method and minor adjustments checks.
2015-07-28 21:33:09 +02:00
iceman1001
3b4fa54235
REM: Remove a double pasted section of local variables.
2015-07-24 20:34:31 +02:00
iceman1001
14e1862537
REM: removed a comment
...
ADD: added the ISO14443b command to commands.lua
2015-07-24 16:45:52 +02:00
iceman1001
7838f4beba
MERGED: @holimans changes
...
MERGED: @piwi changes
MERGED: @marshmellows changes.
I'm not even gonna try write up all that stuff..
ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32. It is also inside the "hf 14a sim" with the "x" parameter.
2015-07-22 23:00:52 +02:00
iceman1001
f445df401e
ADD: started with adding a "LS" command that lists the commands without the help text printed. To give easy clean list.
2015-07-22 11:19:15 +02:00
iceman1001
5b59bf20c7
FIX: "hf list 7816", the s-blocks is now also printed.
...
FIX: iso14443b.c got some minor adjustments in the demod and codeas14443btag. Seems it works better for me.
I still have the problem with powerup of a 14b tag. I need to run the "14b raw -c -p 05 00 08" a couple of times before I get an answer.
2015-07-19 23:24:19 +02:00
iceman1001
db25599d7f
ADD: @holiman's clearCommandBuffer in cmdlft55xx.c
...
ADD: @VERTCraig's AVID commands.
TEST: testing some changes to iso14443 demod.
2015-07-18 20:43:14 +02:00
iceman1001
c5f8c67ab4
ADD: ISO7816-4 annotation in "hf list".
...
Only basic 7816 command apdu supported. USAGE::"hf list 7816"
2015-07-17 21:56:00 +02:00
iceman1001
d8af608f8e
TEST: Moebius two noce mfkey32...
2015-07-13 23:06:49 +02:00
iceman1001
b10a759fef
@PM3 master merges, Piwi fix for mfnested
...
@Marshmellow42 's fix for FDB
2015-07-12 22:58:16 +02:00
iceman1001
6de14cec0e
CHG: some minor changes in the ouput from hf 14b raw.
...
ADD: @marshmello42 's textual change in LF.
2015-06-29 22:37:55 +02:00
iceman1001
c830303d7e
FIX: @pwpiwi 's fixes for darkside / nested attack about the NACK/PRNG bugs.
2015-06-25 12:41:39 +02:00
iceman1001
5ce7e22af6
ADD: forgot the zlib and some new fpga compress file.s
2015-06-25 12:29:41 +02:00
iceman1001
17ad0e0948
ADD: @marshmellow42 's 14b fixes.
...
FIX: 14b sim changes in iso14443b.c , *experimental* I took some timing loops from "14a sim" armsrc/iso14443a.c and merged it into the "14b sim". Now using two pm3's I can have one simulating and the other reading and it works. Ask @pwpiwi if you want to know more of what those timing loops does. Something about waiting for the fpga delay queue...
2015-06-25 12:25:44 +02:00
iceman1001
9783989b40
ADD: pwpiwi 's FPGA compress
2015-06-25 12:22:34 +02:00
iceman1001
f53020e729
Merge branch 'master' of https://github.com/Proxmark/proxmark3
...
Conflicts:
armsrc/Makefile
armsrc/iso14443b.c
armsrc/lfops.c
client/cmdhf14b.c
client/cmdhfmfu.c
fpga/fpga_hf.bit
fpga/hi_read_rx_xcorr.v
2015-06-23 23:02:29 +02:00
iceman1001
d0f3338e0c
ADD: PACE functionality ref: https://github.com/Proxmark/proxmark3/pull/121
...
FIX: some missing usb_commands for EPA.
2015-06-23 22:30:18 +02:00
Martin Holst Swende
1e1de234ac
Merge pull request #121 from frederikmoellers/master
...
Add PACE replay functionality
2015-06-23 22:23:08 +02:00
Martin Holst Swende
b8d34d0598
Merge pull request #118 from marshmellow42/master
...
fix t55xx write timing
2015-06-23 22:18:50 +02:00
iceman1001
24344f28ad
FIX: ref 2ec8773314
...
@marshmellow42 's fixes for pskdemod and mfu.
2015-06-23 19:22:40 +02:00
marshmellow42
2ec8773314
fix bug in pskdemod return value if no samples...
...
... caused crash in data psknexwatchdemod if no samples were in the
graphbuffer.
also fixed hf mfu wrbl and rdbl to allow printing of help without a tag
being present.
2015-06-23 12:16:23 -04:00
pwpiwi
01b7a6a898
Merge pull request #114 from pwpiwi/iso14443b_fix
...
fixing iso14443b (issue #103 ): fix bug introduced during Bigbuf rework
2015-06-23 07:14:52 +02:00
Frederik Möllers
3bb07d96c8
Add PACE replay functionality
...
This function allows the user to specify APDUs which are sent to a card
supporting the PACE protocol. The response times are measured and
printed.
The code was pulled from the old Google Code repository (branch "epa")
and modified to fit into the new code base.
2015-06-22 14:20:13 +02:00
iceman1001
22e2470051
ADD: @marshmellow42 fudan detection in hf mfu
...
ADD: @marshmellow42 14b reader changes.
ADD: @pwpiwi 14b fixes
2015-06-21 11:07:05 +02:00
marshmellow42
7c8b5e6811
comment fudan check possibilities
2015-06-20 21:33:42 -04:00
marshmellow42
f4217d58b6
add ultralight compatible test
2015-06-18 17:19:43 -04:00
iceman1001
abb215301c
add: @pwpipi 's fixes to 14B
2015-06-18 09:52:53 +02:00
iceman1001
02984d683c
ADD: @marshmellow42 's help text changes to the reveng
2015-06-18 09:52:25 +02:00
pwpiwi
132a02179c
fixing iso 14443b (issue #103 ):
...
- fix: treat empty commands as error
- deleting dead code
- rename USB-Commands (ISO14443 -> iso14443B)
2015-06-18 09:49:22 +02:00
pwpiwi
d5875804a3
fixing iso14443b (issue #103 ):
...
fix: don't waste time to calculate parity bits. Instead add void parity bits to trace and ignore them on client side
2015-06-18 07:56:08 +02:00
pwpiwi
51d4f6f114
fixing iso14443b (issue #103 ):
...
- fix: IQ demodulator (FPGA)
- fix: approximately align reader signal delay to tag response delay (FPGA)
- fix: remove deprecated RSSI calculation to improve decoder speed (iso14443b.c)
- fix: better approximation of signal amplitude to avoid false carrier detection (iso14443b.c)
- fix: remove initial power off in iso14443b raw command (iso14443b.c)
- add: enable tracing for iso14443b raw command (iso14443b.c)
- fix: client crashed when checking CRC for incomplete responses (iso14433b.c)
- speeding up snoop to avoid circular buffer overflow
- added some comments for better documentation
- rename functions (iso14443 -> iso14443b)
- remove unused code in hi_read_rx_xcorr.v
2015-06-17 20:27:36 +02:00
iceman1001
553e868f25
CHG: just made sure it uses a default file name now.
2015-06-15 21:02:17 +02:00
iceman1001
d71d59dbd1
ADD: @marshmellow42 's 14b changes.
2015-06-15 20:59:01 +02:00
iceman1001
ffaa0ff334
FIX: removed width in cmdcrc.c , to get rid of the compiler warning.
2015-06-15 13:59:33 +02:00
marshmellow42
6ac4cb270a
minor fixes
...
see @icemant1001 -
0ad1a1d492
for more details
2015-06-15 00:44:57 -04:00
iceman1001
96e41bfcec
add: a .gitignore to be able to add the folder client/obj/reveng.
2015-06-14 23:32:20 +02:00
iceman1001
d7f3f65361
add: a .gitignore to be able to add the folder client/platforms.
2015-06-14 23:31:52 +02:00
iceman1001
2495281d14
fix; stupid fixes for some compiler warnings messages of unused variables..
2015-06-14 23:31:05 +02:00
iceman1001
0ad1a1d492
FIX: minor variable fixes when compiling on linux.
...
cmddata.c: In function ‘Cmdmandecoderaw’:
cmddata.c:420:2: warning: format ‘%i’ expects argument of type ‘int *’, but argument 4 has type ‘size_t *’ [-Wformat=]
sscanf(Cmd, "%i %i", &invert, &maxErr);
^
cmdlfem4x.c: In function ‘CmdEM410xRead’:
cmdlfem4x.c:58:2: warning: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat=]
sprintf(id, "%010llx",lo);
^
2015-06-14 23:02:52 +02:00
iceman1001
32719adfa1
ADD: added support for some NTAG/EV1 commands to "hf 14a sim" on device side.
...
0x1B (authenticate)
0x3a (fast read)
0x60 (get_version)
This is used in a new mode on client, "hf 14a sim t 7"
2015-06-14 22:40:18 +02:00
Martin Holst Swende
26fbe1fbd9
Merge pull request #117 from marshmellow42/master
...
askbiphase bug fix
2015-06-14 19:32:36 +02:00
iceman1001
c043981c04
chg: added some more outputs to the reveng-crc script e.lua ... now shows -b -B -l -L also in columns. You'll need to read the reveng -h helptext to understand.
2015-06-14 17:19:41 +02:00
iceman1001
b4c1f167da
FIX: old bug back, and now fixed again. @marshmellow42
2015-06-14 17:18:22 +02:00
marshmellow42
fd227f4e7d
add comment
2015-06-14 11:11:00 -04:00
marshmellow42
c7d6721290
bug fix. askdemod edits invert pointer, cannot be 0
2015-06-14 10:54:55 -04:00
iceman1001
1299c798fc
ADD: @marshmellow42 's 14b reader changes.
...
FIX: @marshmellow42 's ASKbiphaseDemod fixes.
CHG: added a check in ASKbiphaseDemod to make a compiler warning message go away.
2015-06-14 14:39:50 +02:00
Martin Holst Swende
0f5b97d92c
Merge pull request #115 from marshmellow42/master
...
add-ons and bug fixes
2015-06-14 09:02:13 +02:00
iceman1001
1417a7f9d0
minor textual changes from @marshmellow42
2015-06-13 12:14:38 +02:00
iceman1001
99789601dc
ADD: @marshmellow42 's new "-g" search for crc in a hexstring *great*
...
ADD: fixes in the reveng calling methods
2015-06-10 08:46:16 +02:00
iceman1001
68ff832584
fix: nice output..
2015-06-09 21:46:22 +02:00
iceman1001
dd1df4901d
@marshmellows memory fixes for reveng1.30 in client..
2015-06-09 21:32:22 +02:00
iceman1001
817d709615
@marshmellows memory fix
2015-06-09 21:29:24 +02:00
iceman1001
d352146782
CHG: minor layout and call fixes to e.lua (the test script for hooking up reveng1.30)
2015-06-09 21:28:06 +02:00
iceman1001
60e8657796
CHG: all @marshmellow42 's changes to make the reveng work.
...
ADD: lua script test for using the reveng inside lua. *prove of concept*
it implements -h help
-d data in a hexstring
-w width of the crc family. (ie 16 gives all CRC-16 calculations.
it iterates thru all found crc presets in a crc family based on the width of crc. It calcs crc and the reverse crc.
2015-06-09 13:31:53 +02:00
iceman1001
a71ece51e4
ADD: iso11784/85 FDX-B
...
ADD: the source from RevEng 1.30, got into the PM3 client.
2015-06-07 11:35:49 +02:00
marshmellow42
8e2e6c8eb0
add clock to ask rawdemod outputs
...
fix biphase invert bug (correctly)
2015-06-07 00:42:57 -04:00
marshmellow42
07b5a3c3ba
Modified kermit crc to use existing crc calc code
2015-06-05 22:39:56 -04:00
marshmellow42
c2c7f6c271
fdx-b clean up
2015-06-04 13:10:33 -04:00
marshmellow42
6eaa8da9dc
Add CCITT Kermit CRC check for FDX-B demod
2015-06-04 12:53:19 -04:00
iceman1001
ad6219fc91
ADD: @marshmellow42 's fixed version of the ISO11784 FDX-B
...
ADD: crc16_ccitt_rev (reverse version of crc16_ccitt 0x0000)
2015-06-04 10:33:55 +02:00
marshmellow42
cf4d3e21b0
add fdx-b to cmddata.h
2015-06-04 00:05:37 -04:00
marshmellow42
ecfcb34cc5
add fdx-b to lf search
2015-06-04 00:04:49 -04:00
marshmellow42
b2c330b367
bug fix - biphase invert + fdx-b adjustments
2015-06-03 23:59:22 -04:00
marshmellow42
fd1d30cb76
addition animal tags demod info
2015-06-03 18:28:56 -04:00
marshmellow42
04bb05670d
Testing animal tags
2015-06-03 16:52:20 -04:00
iceman1001
22a6a62fbb
ADD: removed the paritythingy, I missunderstood its purpose.
2015-06-03 22:38:59 +02:00
iceman1001
7f96433c8a
CHG: trying to get the askdemod / biphasedeocde / finding startmarker / removeparity to work in ISO11784demod
2015-06-03 22:19:32 +02:00
iceman1001
0df669a298
ADD: next step ISO11784/85
2015-06-03 21:35:03 +02:00
iceman1001
615f21dde2
FIX: a minor bug fix from @marshmellow42 in "data raw" and ask/biphase.
...
ADD: started witha ISO11784/85 demod function.
2015-06-03 21:12:24 +02:00
iceman1001
4abb052f38
CHG: removed an extra fclose call
2015-06-02 12:20:48 +02:00
iceman1001
1c6e7f0393
ADD: @marshmellow42 's infineon MY D(tm) MOVE LEAN tag identification
2015-06-02 12:20:16 +02:00
iceman1001
d31d3804fe
CHG: help text output was not aligned because of tabs/spaces
2015-06-02 12:18:54 +02:00
Martin Holst Swende
6a2e5adffd
Merge pull request #108 from p-l-/fix-hf-mf-csave
...
Ported hf mf esave trick for unreadable UIDs to hf mf csave
2015-06-01 19:57:57 +02:00
marshmellow42
4a74e2be72
add my_d move lean identification.
2015-06-01 00:18:03 -04:00
iceman1001
af3b8b2dc6
CHG: remade selftest structure
...
CHG: removed debugstatements
2015-05-31 22:33:12 +02:00
marshmellow42
be290d68bd
new lua script from @iceman1001 + bug fix in hf mfu
2015-05-31 16:08:58 -04:00
iceman1001
e86a89044a
FIX: minor fix to the magictest function. It always makes a select tag first, but never took in consideration that the tag already could have been selected.
2015-05-31 21:49:00 +02:00
iceman1001
2d2f7d1948
ADD: @marshmellow42 's changes / fixes.
2015-05-31 21:47:33 +02:00
iceman1001
7142c87e1f
ADD: a script to dump a specific type of Mifare Mini tags.
2015-05-31 21:46:25 +02:00
marshmellow42
1c4c0b0681
add @Iceman1001 s sha1 scripting changes.
2015-05-30 21:51:15 -04:00
marshmellow42
185e038c7d
fixed further typo in lf t5 wr help
...
also fixed offset option char to uint8_t warning in the new offset
option in data printdemodbuffer
2015-05-28 23:14:06 -04:00
marshmellow42
5b37e87a24
fix help typo
2015-05-28 22:52:41 -04:00
marshmellow42
979bba376d
add offset option to data printdemodbuffer
...
easily see demod buffer's hex values at different bit offsets by using:
data printdemodbuffer x o <offset>
2015-05-28 13:23:31 -04:00
iceman1001
95aeb706d7
CHG: @marshmellow42 changes on deviceside.
...
ADD: increase debuglevel for printing a statment in ul_ev1_auth
2015-05-27 23:23:46 +02:00
marshmellow42
4973f23d3c
clean up mfu device side code
...
+ add xor calc to util (prep for desfire)
commented out MifareUWriteBlockCompat as it isn't used in client
currently (it is a command we could support.. but why?)
relabeled a few device side mfu functions to be clearer.
2015-05-27 12:24:13 -04:00
marshmellow42
dcbaa2b582
@iceman1001 s lua script fix
2015-05-26 20:31:07 -04:00
iceman1001
b18948fd92
ADD: aes128_encrypt ECB in scripting.c
...
ADD: aes128_decrypt ECB in scripting.c
ADD: Sha1Hex method in utils.lua
2015-05-26 21:51:18 +02:00
marshmellow42
22342f6dfe
Add clearCommandBuffer before SendCommand
...
adjust output of mfu rdbl to be consistent
fix output of mfu dump in case startPage was specified. (also was
missing "i" in second print...)
2015-05-26 10:40:23 -04:00
iceman1001
ea75b30c81
ADD: SHA1 hashes calculations in sha1.c and LUA
2015-05-26 16:12:33 +02:00
iceman1001
b69947c245
CHG: print up to 20 possible keys.
2015-05-26 11:05:57 +02:00
iceman1001
c3c241f389
CHG: moved a xor function into util.c
...
CHG: added some calls to clearCommandBuffer() in /hf mfu/hf 14a sim/hf mf sim/ commands.
CHG: minor adjustments to relative pathing.
2015-05-26 11:04:57 +02:00
iceman1001
7c60a801d6
FIX: one too many parenthesis
2015-05-25 13:16:10 +02:00
iceman1001
c068ebb78f
Merge branch 'master' of https://github.com/Proxmark/proxmark3
...
Conflicts:
armsrc/mifarecmd.c
client/cmdhfmf.c
2015-05-25 13:13:06 +02:00
iceman1001
46cd801c5a
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain.
...
MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file
CHG: added @marshmellow42 changes to hf mfu dump layout.
ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory.
ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 13:10:55 +02:00
Pierre LALET
1d537ad65c
Ported hf mf esave trick for unreadable UIDs to hf mf csave
...
Thanks: iceman1001
2015-05-25 11:47:27 +02:00
marshmellow42
e406dd5cc9
Merge remote-tracking branch 'upstream/master'
2015-05-24 22:31:13 -04:00
marshmellow42
79d7bcbb51
updated mfu rdbl and wrbl commands
...
@iceman1001 s rdbl and wrbl cmd updates.
dump screen output adjusted
2015-05-24 22:28:21 -04:00
Pierre LALET
292fe72535
Fix filenames for hf mf cload / csave
2015-05-24 22:43:08 +02:00
iceman1001
7444d916c6
FIX: hf mfu dump, now reads correct memory from device-side.
...
CHG: hf mfu dump - output data styled :)
2015-05-24 21:51:44 +02:00
iceman1001
d23f3f2c9a
FIX: ELOAD/ESAVE/CLOAD/CSAVE filename bufferoverflow, and filename generation if UID not readable.
...
Thanks @p-l-
ref: 0b14440dce
2015-05-24 21:50:15 +02:00
Pierre LALET
0b14440dce
Fix filenames for hf mf esave / eload
2015-05-24 20:14:22 +02:00
marshmellow42
0ce03d9ab0
fix mfu dump getbigbuffer bug
...
Thanks @iceman1001 for catching my oops, and fixing it :)
2015-05-23 22:35:50 -04:00
iceman1001
ce432659f2
Adjustments after the big merge from PM3 master.
2015-05-23 08:38:46 +02:00
iceman1001
bcf61bd34a
Merge branch 'master' of https://github.com/Proxmark/proxmark3
...
Conflicts:
README.txt
armsrc/appmain.c
armsrc/apps.h
armsrc/des.c
armsrc/iclass.c
armsrc/mifarecmd.c
armsrc/mifareutil.c
armsrc/mifareutil.h
client/cmddata.c
client/cmdhf.c
client/cmdhf14a.c
client/cmdhficlass.c
client/cmdhfmfu.c
client/cmdhfmfu.h
client/cmdscript.c
client/lualibs/commands.lua
client/lualibs/html_dumplib.lua
client/scripting.c
client/util.c
common/protocols.h
include/usb_cmd.h
2015-05-23 08:16:40 +02:00
marshmellow42
012c0761bd
hf mfu minor output adjustments
...
dump key placed properly for EV1 and NTAGs
config pages for ntags corrected in printout
note on config that PWD and PACK cannot
actually be read from memory (probably could just delete them (other
than it shows what memory block they are stored in for changing...)
2015-05-22 13:17:51 -04:00
marshmellow42
8f2e50b4c5
mfu info authkeyptr fix
...
didn't follow @iceman1001 s l parameter changes fully... fixed now..
:)
2015-05-22 07:29:18 -04:00
iceman1001
a7e7cd419a
FIX: camelcase on a variable caused some issues.
2015-05-22 08:48:23 +02:00
marshmellow42
06561c34ef
fix to dump cmd print keys.
...
add l option to info cmd.
add ascii print to dump (screen only)
other minor clean up
2015-05-22 00:15:57 -04:00
iceman1001
2491a25235
FIX; the "L" optional parameter for swapping endianess on used authentication key. It is now implemented for following commands.
...
"HF MFU INFO"
"HF MFU DUMP"
"HF MFU RDBL"
"HF MFU WRBL"
CHG; I commented away the option to add the key to the dump, since it is not written in big-endian, like the data is on ULC. This needs to be addressed before it comes back. I like the idea of having keys inside the dumps on the correct places.
2015-05-21 23:17:01 +02:00
marshmellow42
efd193519c
hf mfu bug fixes, and help text fixes
2015-05-21 11:17:01 -04:00
iceman1001
f605970307
FIX: call the wrong usage_hf_mfu method.
...
CHG: minor help text changes.
2015-05-20 23:52:56 +02:00
iceman1001
fff69a1e34
CHG: Merged the "hf mfu rdbl" and "hf mfu crdbl" commands into "hf mfu rdbl". One read command.
...
CHG: Merged the "hf mfu wrbl" and "hf mfu cwrbl" commands into "hf mfu wrbl". One write command.
Both new commands implement a help, authentication (0x1A/0x1B) for ULC and the rest,
2015-05-20 23:44:11 +02:00
marshmellow42
1c429594a1
further mfu info updates
...
needed to auth select when a command failed for locked tags.
some output cleanups from @iceman1001
2015-05-20 16:47:40 -04:00
iceman1001
329f5cf2a5
CHG: making sure all outputs follow the same pattern in "hf mfu info"
2015-05-20 22:04:40 +02:00
iceman1001
c81a80dc96
FIX: made the authentication part a bit clearer. It now uses two booleans to seperate which type of authentication was requested from user.
2015-05-20 21:44:22 +02:00
marshmellow42
cd87ee9133
finish NTAG i2c +...
...
thanks iceman
2015-05-20 15:42:58 -04:00
marshmellow42
46fcd738e0
finish NTAG i2c +...
...
thanks @iceman1001
2015-05-20 15:41:48 -04:00
iceman1001
1fa96198bb
ADD: @marshmellow42 latest fixes,
...
CHG: change name to fancey "NTAG I²C 1K"
2015-05-20 21:03:58 +02:00
marshmellow42
8241872c47
ULEV1_48 had the wrong max block
2015-05-20 14:22:26 -04:00
marshmellow42
ea11861793
minor adjustments to hf mfu
2015-05-20 14:17:43 -04:00
marshmellow42
c7442b7673
Add NTAG i2c and bug fix
...
also streamlined select tag code
2015-05-20 14:06:46 -04:00
iceman1001
623db3559b
CHG: the new NTAG_i2c_1K enums, broke the uint16_t size.. Had to go up one level.
2015-05-20 19:26:11 +02:00
iceman1001
05f7accdbb
CHG: @marshmellows changes.
...
ADD: NTAG i2c 1K / NTAG i2c 2K identification.
2015-05-20 19:20:26 +02:00
marshmellow42
a383f4b708
Add ntag 210, 212, 203 and bug fix
2015-05-20 11:27:44 -04:00
iceman1001
b61e397962
ADD: NTAG_210, NTAG_212 support / identification. @marshmellow42 's idea.
2015-05-20 14:09:40 +02:00
iceman1001
e9bb4f47ee
CHG: "hf mfu info" now always tries to read the NDEF CC. (was restricted to only NTAG213,215,216 before)
2015-05-20 10:36:55 +02:00
iceman1001
593fc3c9a3
FIX: comment out a #include to reveng (my experiment)
...
ADD: Started to add a NTAG203 identification. Its a hard tag to pinpoint. Doesn't have GET_VERSION,
2015-05-19 21:45:06 +02:00
marshmellow42
29250969b0
@iceman1001 s comments/updates mfu cmds
2015-05-18 22:07:11 -04:00
iceman1001
e7e9508883
@Marshmellow42 's cleanup isn device-side "hf mfu" code. Looks nice. Dump uses bigbuffer now, and can dump NTAG216 :)
...
Consistency on the client-side code "hf mfu". looks nice.
2015-05-18 20:58:33 +02:00
marshmellow42
9d87eb6650
MF ultralight code cleanup
2015-05-18 13:11:00 -04:00
marshmellow42
8258f40969
Iceman1001 s MFU clean up
...
cleaned up MF UL_C auth code device side.
2015-05-17 20:49:25 -04:00
iceman1001
4f5cb23aa1
CHG: the name change from "HF 14A SNOOP" -> "HF 14A SNIFF"
2015-05-16 15:37:27 +02:00
iceman1001
9962091e29
ADD: experimantal test of adding "reveng 1.30" source code into the PM3 Client.
2015-05-16 15:36:40 +02:00
iceman1001
9cdd47c292
chg: @marshmellows changes to "hf 14a reader"
...
add: the experimental "hf 14a sim x" attack impl.
chg: sorry, but I never liked that sniffing was called snooping in this command. So I changed it to "sniff".
2015-05-16 15:30:17 +02:00
iceman1001
833081e3e7
add: @marshmellow changes,
...
chg: remade the authentication for ULC..
2015-05-16 15:27:53 +02:00
marshmellow42
cceabb79e6
mfu info / dump attempt at missing auths
...
NOT TESTED. will test soon. probably has bugs!
2015-05-16 01:00:31 -04:00
marshmellow42
ae8303c13c
mfu dump - beginning of additions
2015-05-15 01:19:58 -04:00
marshmellow42
5b99376a8f
hf mfu dump testing
2015-05-15 00:57:51 -04:00
marshmellow42
93737008ee
@iceman1001 s default keys
2015-05-14 22:55:18 -04:00
marshmellow42
9ccfb3a8bc
@iceman1001 's updated lualibs
2015-05-13 21:36:20 -04:00
marshmellow42
ab7fdfcbed
@iceman1001 updated scripts
2015-05-13 21:20:23 -04:00
marshmellow42
d730878d8c
scripting updates from @iceman1001
...
it compiles but i'm not sure how to fully test it...
:)
2015-05-13 21:14:35 -04:00
iceman1001
224e8c1a4d
ADD: @marshmellows fixes
2015-05-13 20:16:18 +02:00
marshmellow42
6fdf42c61c
minor hf mfu info adjustment from @iceman1001
2015-05-13 11:22:27 -04:00
marshmellow42
e6432f0579
@iceman1001 s coverity scan fixes
2015-05-13 11:14:17 -04:00
marshmellow42
2b3af97df2
various bug fixes
2015-05-13 11:07:47 -04:00
iceman1001
7a5d49b5b4
@marshmellow42 ideas
...
FIX: removed some unneeded calls to ul_switch_off_field.
FIX: once again the OTP is printed nevertheless if its a NDEF CC
2015-05-13 15:48:32 +02:00
iceman1001
664bb5ae72
BUGS: more Coverity scan fixes.
2015-05-13 14:08:59 +02:00
iceman1001
2696349f16
BUGS: Coverty Scan, fixes some memory bugs
2015-05-13 13:23:53 +02:00
iceman1001
046fd76608
a minor clean up when printing the key
2015-05-13 09:15:53 +02:00
iceman1001
8949bb5dad
Added @marshmellow42 "hf search"
2015-05-13 09:13:42 +02:00
iceman1001
63146229bd
ADD: preparation for @marshmellow42 "hf search"
...
FIX: the "hf list" had not correct spaces between the lines, in my version. Fix now.
2015-05-13 09:10:47 +02:00
iceman1001
c92cf81495
minor textual changes
2015-05-13 09:07:47 +02:00
iceman1001
70ee301e0d
another key..
2015-05-13 09:05:21 +02:00
marshmellow42
a2e2bb8a15
hf mfu info - ICEMANS updates
...
plus slight change to UL_EV1 auth annotation.
2015-05-12 18:16:55 -04:00
marshmellow42
6ce0e5386a
HF Search - refactoring cmds to work with it
2015-05-12 16:45:48 -04:00
iceman1001
e9a85114c5
ADD: Print the key for ULEV1/NTAG authentication if sent in cmdhf.c "HF LIST 14A"
2015-05-12 20:27:45 +02:00
iceman1001
3fd842ed98
ADD: found a BCARD KeyB on the net. ref: http://irq5.io/2013/04/13/decoding-bcard-conference-badges/
2015-05-12 19:50:47 +02:00
iceman1001
b6901e17c8
FIX: increased the limit to 0xE6 for MIFARE_ULEV1_FASTREAD
...
ADD: @marshmellows inital "hf search" command...
2015-05-12 18:57:47 +02:00
iceman1001
98cdd56862
ADD: added option to call "hf mfu info" with a authentication key.
...
ADD: added a help text for "hf mfu info" usage_hf_mfu_info
ADD: added @marshmellows changes & fixes.
2015-05-12 18:55:34 +02:00
marshmellow42
8ceb6b03e5
hf search - prelim - re-use hf mfu GetTagType...
...
in hf 14a reader to identify UL(+)
still a work in progress.
2015-05-12 00:19:44 -04:00
marshmellow42
2be768af57
hf mfu info bugs
2015-05-11 18:22:50 -04:00
marshmellow42
4693c188ab
minor hf mfu output consistancies
2015-05-11 16:25:11 -04:00
marshmellow42
345fb24aaa
hf mfu info - ICEMANS bug fixes.
2015-05-11 15:56:12 -04:00
marshmellow42
f04ef47311
hf mfu info bug fixes
2015-05-11 14:49:37 -04:00
iceman1001
fce738fc90
CHG: minor textual changes, consistency...
2015-05-11 20:38:13 +02:00
iceman1001
f288cb607f
ADD: added a List parameter to tnp3clone.lua script.
2015-05-11 19:38:53 +02:00
iceman1001
0ad970fb02
ADD: another default key: VIGIK1
2015-05-11 19:37:44 +02:00
iceman1001
ebd7412d7d
BUG: Read the wrong page(2) as Capability container, should be 3.
...
BUG: NTAG 215 identification was wrong (!=) should been (==)
2015-05-11 15:54:02 +02:00
marshmellow42
f805ac7a2b
minor adjustments to mfu info
2015-05-08 13:01:27 -04:00
marshmellow42
c585a5cf0b
further MFU info updates (mainly icemans)
2015-05-06 22:15:41 -04:00
iceman1001
802319a37e
ADD: added the new magic detection, where we send a partial ISO14443A_CMD_WRITEBLOCK (0xA0) command to page 0. if the tag answer 0xA ACK (its magic) or if it answers 0x00 NACK its not.
...
The normal behavior for a tag is to send NACK.
2015-05-06 23:50:31 +02:00
iceman1001
334cc089c9
CHG: clearing a char array before using.
2015-05-06 22:41:40 +02:00
iceman1001
aebe77905b
CHG: extracted the UL_C & UL magic tests.
...
ADD: a raw write command also there.
CHG: "hf mfu info" got some more love, looks better too.
UL_EV1 / NTAG, only try known passwords if AUTHLIM is set to 0.
2015-05-06 22:40:46 +02:00
marshmellow42
372a82570b
MFU adj to allow 0 len returns on raw cmds
2015-05-06 10:17:39 -04:00
marshmellow42
45673b9457
MFU adjustment to allow 0 len returns from raw cmds
2015-05-06 10:16:31 -04:00
marshmellow42
abab60ae21
MFU info adjustments
2015-05-06 09:27:03 -04:00
iceman1001
74c7ff4770
CHG: @marshmellows changes to anntations.
2015-05-06 14:20:24 +02:00
iceman1001
2b03dea768
ADD: UL-EV1 signature printing.
...
CHG: @marshmellows changes.
2015-05-06 14:19:23 +02:00
iceman1001
69a2953679
FIX: nasty bug when memcpy structs..
...
ADD: @piwi's topaz commands
2015-05-06 09:30:48 +02:00
marshmellow42
75377d29d6
MFU - Icemans further improvements
...
add UL-C device side read card with authentication
add MF_UL-Annotations
add ntag, and more ul descriptions in hf mfu info
2015-05-06 00:55:29 -04:00
iceman1001
a903be4361
CHG: "HF MFU INFO" extracted more printstatements
2015-05-05 23:26:05 +02:00
iceman1001
b9a3c8642e
ADD: "HF MFU INFO" Reading and printing of UL-EV1 configuration pages.
2015-05-05 23:14:55 +02:00
iceman1001
8297860e25
CHG: making sure no buffer overflows will occure in ul_send_cmd_raw by adding responseLength parameter to all calls.
...
CHG: added UL-C configurations details to be printed
2015-05-05 22:15:02 +02:00
iceman1001
996fda30ee
BUG: missing %s in printing version tagtype. Thanks @Marshmellow!
...
BUG: buffer overflow when reading the Capability Container. Thanks @Marshmellow!
2015-05-05 13:25:54 +02:00
iceman1001
09c2a802a1
ADD: @holimans changes.
2015-05-05 00:31:02 +02:00
iceman1001
f07e76c687
CHG: minor spelling
2015-05-05 00:27:34 +02:00
iceman1001
e1c88b0965
ADD: @marshmellows changes
2015-05-05 00:26:17 +02:00
iceman1001
2c74558d71
CHG: enhanced the "hf mfu info" a lot. It can detect UL/UL-C/UL-EV1/NTAG213/NTAG215/NTAG216
...
and at present it can detect if a UL-C tag is magic (uid changeable)
FOR UL it writes the first configuration pages 0-3.
For UL_C it tests some default 3des keys, and lock / confg bytes at pages 42-43,44-47
For UL_EV1 / NTAG it collects the GETVERSION command and tries to read 3 counters., it also tries one default password of 0xFF,0xFF,0xFF,0xFF for the EV1 /NTAG authentication 0x1B.
FOR UL_C_MAGIC, it tries to see if the gatherd nonces for authentication 0x1A is the same, which indicates on my tags that they are magic.
There is the @marshmellow changes to "hf mfu dump" command.
This commit needs testing, and is to be considered experimental.
2015-05-05 00:25:10 +02:00
marshmellow42
63e1d35a07
Merge remote-tracking branch 'upstream/master'
2015-05-03 23:31:58 -04:00
marshmellow42
f9848fd647
MFU dump UL-C with key
...
adding UL-C auth and keys to dump cmd
swapped endian for input of hf mfu crdbl to match output of hf mfu info
cmd and tag info app
2015-05-03 23:17:11 -04:00
Martin Holst Swende
4b36037948
Fixes to issue #100
2015-05-03 22:09:52 +02:00
marshmellow42
b3125340f3
Icemans UL-C Auth dev side fix plus a few other ...
...
... small UL fixes
2015-05-03 15:41:11 -04:00
iceman1001
1c1c5f4cae
CHG: "hf mfu crdbl" help text, got at correct length 3des key.
...
CHG: Added @marshmellows fixes for "hf mfu info"
CHG: moved some debug printandlog statements around.
2015-05-01 15:33:54 +02:00
marshmellow42
7eec1204e7
fix bug in mfu cauth
2015-04-30 10:34:20 -04:00
marshmellow42
92690507ab
Iceman's updates to MFU info and dump
2015-04-30 09:28:43 -04:00
iceman1001
1ec21089b2
CHG: the work in progress of making "HF MFU INFO" / "HF MFU DUMP" goes on.
...
ook @marshmellows changes and remade them a bit. TagTypeUL_t behaves like a flag-enum.
"HF MFU DUMP" now autodetects tagtype, and the deviceside should report back proper length.
2015-04-30 10:15:52 +02:00
marshmellow42
f168b2633b
MF Ultralight - Iceman's updates + mine
...
Beginning of Ultralight additions.
detection of Ultralight Types added
dump command now auto detects type
can authenticate Ultralight C
2015-04-29 18:27:31 -04:00
iceman1001
a8be77afd1
CHG: re-factored the "HF MFU CAUTH" command to be simpler.
...
ADD: "HF MFU INFO", added detection of MAGIC UL-C tags and a simple loop test 5 default 3des keys.
2015-04-29 20:24:37 +02:00
iceman1001
5e336f53d9
REM: Removed the GetVendorStr, and used the getTagInfo() instead.
2015-04-28 23:32:45 +02:00
iceman1001
5d554ea67f
ADD: HF MFU SETUID, this commands helps changing the UID on a magic UL, UL-C tag.
...
It reads block2, since only one byte is going to change. Then it proceds to write block 0,1,2 with recalc BCC1, BCC2 bytes.
CHG: HF MFU INFO, got some love in the form of detection of UL/UL-C/UL-EV1. Took same idea from HF 14A READER.
2015-04-28 23:31:22 +02:00
marshmellow42
bdfb62b405
Iceman's script aes fix #93
...
Thanks Iceman (note I did not have a tag to double test this one. :)
2015-04-28 15:53:07 -04:00
marshmellow42
4745afb647
Iceman's Issue #96 fix
2015-04-28 15:35:23 -04:00
iceman1001
68bf87e0c5
CHG: added some sanity checks for the Ultralight-EV1 annotations, to make less false positives in the tracelog
2015-04-28 20:59:20 +02:00
iceman1001
466bc4599c
CHG: fixed a better detection for Ultralight, Ultralight-C, Ultralight-EV1 tags.
...
--see https://github.com/Proxmark/proxmark3/issues/96
-- still todo, finding a good way of detecting Magic Ultralight-C tags.
-- thanks @marshmellow for pointing out proper UL-C tags responses is different.
2015-04-28 20:58:18 +02:00
iceman1001
fab0b37968
CHG: removed linebreak in string.
2015-04-26 18:05:45 +02:00
iceman1001
984f957105
ADD: some more default keys.
2015-04-26 18:05:06 +02:00
iceman1001
c309eca94a
CHG: added some linebreaks for the help output in LF.
2015-04-26 18:03:57 +02:00
iceman1001
11b1e2e506
ADD: "HF 14A READ", got ULTRALIGHT C / EV1 annotation
2015-04-26 18:03:21 +02:00
iceman1001
fb2d24882e
Merge branch 'master' of https://github.com/Proxmark/proxmark3
...
Conflicts:
client/cmddata.c
client/cmddata.h
client/cmdhfmf.c
client/cmdlf.c
client/cmdlfem4x.h
client/cmdlft55xx.c
client/lualibs/default_toys.lua
client/scripts/tnp3clone.lua
client/scripts/tnp3dump.lua
client/scripts/tnp3sim.lua
2015-04-24 19:04:01 +02:00
iceman1001
395f6a814f
ADD: changes to the Ultralight diviersification algo.
2015-04-24 18:38:24 +02:00
iceman1001
1b3c567df2
ADD: charatect name, level, sequence number,
...
CHG: minor code clean up.
2015-04-24 18:37:40 +02:00
iceman1001
0beb94e67b
CHG: some minor code cleanup.
2015-04-24 18:36:11 +02:00
iceman1001
bb84c38196
ADD: found another sub-type,
2015-04-24 18:35:09 +02:00
iceman1001
e8b07838ab
ADD: more toy-tokens, among others some missing swapforce.
2015-04-24 18:34:24 +02:00
iceman1001
64ad618e9c
ADD: some missing enums:
...
ISO14A_SET_TIMEOUT = 0x40,
ISO14A_NO_SELECT = 0x80,
ISO14A_TOPAZMODE = 0x100
2015-04-24 18:33:31 +02:00
iceman1001
abcb166ffe
ADD: a minor modification to "HF 14A READ" to enable the correct identification between ULTRALIGHT / ULTRALIGHT-C / ULTRALIGHT EV1 tags.
2015-04-24 18:19:51 +02:00
Martin Holst Swende
a3abb02897
Merge branch 'master' of github.com:Proxmark/proxmark3
2015-04-23 09:51:04 +02:00
Martin Holst Swende
0e6c7336b0
Fixed issue with dumping iclass tags > 2KB in size
2015-04-23 09:50:44 +02:00
marshmellow42
8e0cf02308
minor change to lf em4x menu & iceman script...
...
...updates
2015-04-10 00:06:59 -04:00
iceman1001
9c09e006d6
CHG: removed unused code.
...
FIX: moved some checks to make the script run a tad bit faster.
2015-04-09 20:38:38 +02:00
iceman1001
26b8f38b63
CHG: changed some help texts.
2015-04-09 20:36:12 +02:00
iceman1001
68e6434527
FIX: some minor corrections to identify more tokens.
2015-04-09 20:35:04 +02:00
iceman1001
d87779d6d1
FIX: fixed a minor bug introduced when changing from OpenSSL -> PolarSSL.
...
ADD: changed code to handle both encrypt and decrypt AES 128.
2015-04-09 20:34:34 +02:00
marshmellow42
664f658650
nexwatch fix .h file + icemans mf csetblk w arg
...
forgot to include the new nexwatch command in the header...
added icemans hf mf csetblk w parameter fix
2015-04-08 15:08:05 -04:00
marshmellow42
25d3e5cc83
Merge remote-tracking branch 'upstream/master'
2015-04-08 14:19:19 -04:00