- lf t55xx brute (tries bruteforcing a range of pwds
- lf t55xx chk (uses dictionary file or RDV4 flashmem)
FIX: adjust lf sim (@marshmellow42) see 7008cf9c15
"attempt to speed up the loops waiting for carrier signal to go high or low
by only checking for a halt (button press or usbpol) every 256th loop
iteration. some users were experiencing modulating reactions to be too slow.
ADD: 'lf t55xx chk'
It uses @marshmellows42 idea behind commit (6178b085a0)
With calculating a baseline (read block0 32times and average the signal-ish) and sampling only 1024 signal data. The algo then proceeds to calc the average and keep track of the candidate which is given the most difference in signal data average value. I do some squaring and shifting for this.
The candidate is then send back to client to be tested properly with trymodulation like before.
This seems to work good on t55xx card which has a ASK configuration.
WORK-IN-PROGRESS
ADD: raw commands - added the basis for sending RAW commands to FeliCa.
CHG: CRC16 rework, uses table based implementation. This will change more functions as I go on.
https://github.com/federicodotta/proxmark3
--adjusted to fit iceman fork and latest enhancements to LF
(untested)
FIX: some calls to deviceside demods, use 0 instead of reference.
ADD: timeout after n cycles of simulating
Using a dictionary file with 421keys,
Current implementation of checkkeys takes 300 sec.
This implementation of checkkeys takes 250 sec.
I implemented it as a separate command so it will be easier to compare between the old and new checkkeys.
Its also doing much on deviceside, which is a step to much funnier standalone modes :))
fix: 'hf mf hardnested' test cases doesn't need to verify key.
add: 'hf mf ' - collect nonces from classic tag.
chg: switch_off on armside, a more unified way, so we don't forget to turn of the antenna ...
chg: renamed 'hf iclass snoop' into 'hf iclass sniff' in an attempt to make all sniff/snoop commands only SNIFF
chg: 'standalone' -> starting the work of moving all standalone mods into a plugin kind of style, in its own folder.
- `lf em4x readwordPWD` merged into `lf em4x readword` See help text
- `lf em4x writewordPWD` merged into `lf em4x writeword` See help text
- `lf em4x readword` now download the collected signal data after command.
On device side the lfops.c has gotten some love. Code cleaner, increased EM_START_GAP from 55 FC to 56 FC, because of how our microsecond(us) clock works with 21.3us increments.
TODO: `lf em4x em4x50read` needs to be factored to use @marshmellow42 's ASKdemod instead of trying to do itself.
Added a lot of #ifndef , extern C,
Move inside from ARMSRC -> THUMBS, which made the compiled image smaller.. I don't know if it broke anything.
Moved MF_DBGLEVEL definitions into common.h
Moved print_result from util.c into appmain.c
Also split up some struct typedef into header files so they could be reused in other code places.
''' danger ''' this might have broken stuff...
I also made the SRi read functions better by combining them. The demodulation / uart code should be the same as last summers changes. The device side code can now be even smaller.
ADD: Added the "lf t55x7 wakeup" command. It will send a pwd, and leave the antenna on.
Process like:
1. lf t55x7 wakeup p 11223344
2. lf search
---
It is still not finished, will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets.
ADD: @marshmellows "diphase" definition for T55x7.
MOV: extracted the aquisition from the t55x7 methods and put them inside lfsampling.c
FIX: pcf7931 write, there is 16bytes in a block.. not 4 as I thought before.
FIX: t55x7 lowered the WRITE_0 to 16. Even bigger gap.
Things like the ICLASS, tryDecryptWord,
--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation, start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written, which has a lousy input check..
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities, (not a proper DEMOD, but a start)
.. GetCountUS better precision from @pwpivi
.. bin2hex, hex2bin from @holiman
...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block... See Issue #136https://github.com/Proxmark/proxmark3/issues/136 Not solved yet.
...
Started add SHA256.. not working yet..
-hitag2, -legicrf, HIDdemodFSK, CmDAWIDdemodFSK, CmdEM410xdemod, CmdIOdemodFSK
It should enable them to be aborted with a call to "hw ping / hw status" instead of only button-press. Which is good when you are scripting stuff.
MERGED: @piwi changes
MERGED: @marshmellows changes.
I'm not even gonna try write up all that stuff..
ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32. It is also inside the "hf 14a sim" with the "x" parameter.
CHG: Merged the "hf mfu wrbl" and "hf mfu cwrbl" commands into "hf mfu wrbl". One write command.
Both new commands implement a help, authentication (0x1A/0x1B) for ULC and the rest,
NEW: HF MFU SETUID - set UID to a magic UL / UL-C tag. *not implemented*
CHG: minor alignment for "Hf list" output.
CHG: removed unneeded function parameters to the ultralight commands
CHG: the const MAX_MIFARE_FRAME_SIZE is changed to MAX_FRAME_SIZE in the ultralight commands since the UL-Ev1 can have bigger frames than 18bytes.
CHG: adding DES support for the Ultralight-c read commands on deviceside.
