RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-20 12:07:05 +08:00
Code Issues Projects Releases Packages Wiki Activity
2254 commits 3 branches 15 tags 89 MiB
Commit graph

1447 commits

Author SHA1 Message Date
iceman1001
22f4dca88c CHG: extracted some timers functionality, to get unified access to a timer/clock which counts in ticks. Moved stuff from util.c 2016-09-21 19:03:32 +02:00
iceman1001
4490a47690 ADD: some new mifare key found, 2016-09-20 23:20:27 +02:00
iceman1001
87342aadbc CHG: adjusted timing according to @sentinel 's traces 2016-09-14 16:18:04 +02:00
iceman1001
111c6934d4 CHG: Small steps, the waiting time between frames was unclear. At least now the tags answers to a readbyte command after the setup phase. 2016-09-12 09:19:49 +02:00
iceman1001
76471e5d17 CHG: reverted back from the idea of measureing in (us) microseconds, the timer is too raw, gives 10-15us delays. Now we are measuring ticks, which is (1 us = 1.5ticks) 
like it was before.   ie:  80us = 80*1.5 = 120ticks.
 2016-09-11 11:14:12 +02:00
iceman1001
f72669f366 ADD: since the client now calls legic prng, this is needed here too. 
CHG:  the OS X  QT4 vs QT5 detection.  NOT fixed yet.
 2016-09-09 11:58:53 +02:00
iceman1001
ad5bc8cc8c In my attempts to make the LEGIC code better, its not working now. Timings if off. 
CHG: switching to US clock.
CHG: better trace annotation for legic
CHG: Legic prng can now give a x bits in once.
 2016-09-09 11:56:20 +02:00
iceman1001
1b12afbd9f CHG: better annotation for 'legic' 2016-09-07 12:36:46 +02:00
iceman1001
e619ddc071 FIX: Better legic annotation, show which byte was targeted during read and write commands. 2016-09-03 12:20:12 +02:00
iceman1001
b98827ffc3 FIX: IV now is trunckated to 7bits in 'hf legic read,write, writeraw' 
FIX: IV LSB bit is always set, in 'hf legic read,write, writeraw'
 2016-09-03 12:19:05 +02:00
iceman1001
c71c5ee156 ADD: started to add tracelog in legic 
ADD: remake of legic codebase.
ADD: started with a annotation for LEGIC in 'hf list'
 2016-09-02 16:25:54 +02:00
iceman1001
5b4664e79f CHG: Adding clarity to the command helptext. 2016-09-01 20:36:42 +02:00
iceman1001
d801514d88 CHG: Supressing output for LF or HF antenna values if zero, in 'hw tune' command 2016-09-01 20:36:10 +02:00
iceman1001
22635d611e FIX: Only need to print a uint32_t, 2016-09-01 16:10:25 +02:00
iceman1001
56d0fb8e4d FIX: bug in nextwatch demod, which if the found psk bits was smaller than the preamble the client crashed. 
REM: removed some debugstatements
 2016-09-01 16:09:31 +02:00
iceman1001
3fc01243b0 CHG: A repaint the plot window should be done to make sure its visual. 2016-08-31 19:24:18 +02:00
iceman1001
4c543dbd3f ADD: added a simple averging filter function. input parameter K, can be 1 to 8 
ref: http://www.edn.com/design/systems-design/4320010/A-simple-software-lowpass-filter-suits-embedded-system-applications
 2016-08-29 20:29:31 +02:00
iceman1001
7aa24806f4 FIX: the check for formatlen was wrong. 
Still missing the other formats,  only 26bit in this one.
 2016-08-26 22:31:45 +02:00
iceman1001
ffa306de61 CHG: starting to add the legic changes.. *work in progress* 2016-08-26 17:19:27 +02:00
iceman1001
89603cbddc FIX: minor adjustments to 'lf awid bruteforce' 
FIX: making the 'lf hid bruteforce' to work the same way as the awid one..
 2016-08-26 17:18:48 +02:00
iceman1001
f121b478a1 FIX: 'lf awid bruteforce' cleaning up all debug messages 2016-08-26 16:35:30 +02:00
iceman1001
ba1324a5fe some text changes. 2016-08-24 14:58:50 +02:00
iceman1001
760157f50b CHG: added a verification to see if the found candidate key was able to validate against tag. If not ok, start darkside attack again. 2016-08-24 14:10:30 +02:00
iceman1001
02d5a58388 CHG: Changed the number of times the call to prng_successor is called. 2016-08-24 12:32:05 +02:00
iceman1001
39d43ccc21 CHG: syntax suger. 2016-08-24 12:31:09 +02:00
iceman1001
2c9e30908c CHG: updated Reveng version from 1.4.0 -> 1.4.4 . 
---snippet from their update log:

1.4.4 27 July 2016

    Added 5 new algorithms, CRC-8/AUTOSAR, CRC-8/OPENSAFETY, CRC-16/OPENSAFETY-A, CRC-16/OPENSAFETY-B and CRC-32/AUTOSAR from the CRC Catalogue.
    Added a build option to verify the order of the preset and alias tables at compile time.

1.4.3 14 July 2016

    Added algorithm CRC-16/CMS from the CRC Catalogue.

1.4.2 8 July 2016

    Added algorithm CRC-16/PROFIBUS from the CRC Catalogue.

1.4.1a 29 June 2016

    Fixed a regression that caused the Windows release to crash on older systems.

1.4.1 27 June 2016

    -P sets the Width value just like -k.
    pcmp() quickly returns when the comparands are identical.
    Added resources for the Windows executable.
 2016-08-21 20:51:29 +02:00
iceman1001
bc908d8f9d ADD: Mifare Desfire defines 2016-08-14 17:38:54 +02:00
iceman1001
af17926620 chg; syntax suger 2016-08-14 17:38:11 +02:00
iceman1001
f2abf6732b help text adjustments 2016-08-14 17:11:42 +02:00
iceman1001
ab74872d40 ADD: added a sanity check in T55x7 commands info/trace/detect against useing the commands when device is in offline but user didn't use '1' in arguments. 2016-08-14 17:04:40 +02:00
iceman1001
7e08450dcc add: annotage Mifare Desfire. from 3102c1bae3 (diff-93cfa90a992ea759349344d0de98029e) 
Thanks @johannesStoye
 2016-08-14 16:29:39 +02:00
iceman1001
2b6ffe75a8 chg: remove a char.. 2016-08-10 16:29:23 +02:00
iceman1001
4ab54914e3 CHG: more struct errors.. my bad, 2016-08-10 16:28:23 +02:00
iceman1001
31cf804877 CHG: removed some debug statements, added another. Change the crapto1.c, lets see if the special attack works better now against chinese clones. 2016-08-10 16:25:56 +02:00
iceman1001
823ad2e186 CHG: minor code cleaning in 'hf 14a reader' 2016-08-10 16:24:49 +02:00
iceman1001
56f1aaa234 CHG: on a slow usb connection it seems the pingcmd which stops the bruteforce on deviceside doesnt get there. Lets send three pings to make sure the device gets it. 2016-08-10 16:23:59 +02:00
iceman1001
6067df30c5 FIX: at least now the special zero parity attack, repeats and doesn't crash. However it doesn't find the key either :( 2016-08-10 10:55:29 +02:00
iceman1001
86db8973b0 CHG; still looking at 14b, this time started to look at the tracelog times not working. 2016-08-09 23:13:18 +02:00
iceman1001
59e933fc3f started fixing the paritiy == 0 special attack against chinese clones with bad prng, which hasnt been working for ages. 2016-08-09 23:11:07 +02:00
iceman1001
05442fa6f7 fix: wrong spelling 2016-08-09 12:15:26 +02:00
iceman1001
f5291a6ce1 FIX: Travis CI complains about missing stdbool.h includes 2016-08-09 12:11:11 +02:00
iceman1001
10c4231ec7 ADD: 'lf awid brute' is now possible to give a starting cardnumber. if given, the bruteforce loops from it as a mid point. Testing one step up, then one step down until it reaches 65535 and 0. 
CHG: 'lf awid brute' inputs are now changed, take notice to new format.
 2016-08-09 11:56:06 +02:00
iceman1001
3d4207f3b6 syntax suger 
chg:  added clearCommandBuffer(); before calls to sendcommand.
 2016-08-09 09:12:16 +02:00
iceman1001
8a5b3c2a45 CHG: textual fixes in help text 
CHG: better exit message for 'lf awid bruteforce'
 2016-08-09 09:10:26 +02:00
iceman1001
9bfd93ec15 FIX: delay was parsed incorrect into a uint8_t... 
CHG: help text fixed
 2016-08-08 22:17:15 +02:00
iceman1001
934dfd728d ADD: Added a delay in ms to 'lf awid brute' Thanks to @crayon for the idea. 2016-08-08 22:09:51 +02:00
iceman1001
471f89b8bd FIX: the cmdline parsing was a bit too hard. Thanks to @crayon for pointing out there were a bug here. 2016-08-08 21:27:53 +02:00
iceman1001
d9ed4e1914 ADD: J-Run's 2nd phase tool mf_key_brute ref: https://github.com/J-Run/mf_key_brute Estimated time to search keyspace is ~18min. 
J_Run's 2nd phase of multiple sector nested authentication key recovery
You have a known 4 last bytes of a key recovered with mf_nonce_brute tool.
First 2 bytes of key will be bruteforced

Usage:  hf mf keybrute [h] <block number> <A|B> <key>
options:
      h               this help
      <block number>  target block number
      <A|B>           target key type
      <key>           candidate key from mf_nonce_brute tool
samples:
           hf mf keybrute 1 A 000011223344
 2016-08-08 17:49:30 +02:00
Alexis Green
170e7c9c51 FIX: erroneous semicolon 2016-08-07 20:07:25 -07:00
iceman1001
b62cbadb61 CHG: fixes to match the new arguments to the darkside attack (keytype A|B and blocknumber) in mifare_autopwn.lua script. 2016-08-07 21:19:11 +02:00