RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-21 07:46:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
4952 commits 3 branches 14 tags 86 MiB
Commit graph

224 commits

Author SHA1 Message Date
iceman1001 1d63258388 add: 'hf 14b raw' - added -t timeout option. see https://github.com/RfidResearchGroup/proxmark3/issues/125 2019-03-12 14:41:23 +01:00
iceman1001 35bc4a975e rename SNOOP -> SNIFF 2019-03-12 13:15:39 +01:00
Philippe Teuwen 1b2601a48a Add missing EOF LF 2019-03-12 00:12:26 +01:00
Philippe Teuwen 0373696662 make style 2019-03-10 00:00:59 +01:00
Philippe Teuwen 9502b54aa0 include: fix mix of spaces & tabs 2019-03-09 18:41:30 +01:00
iceman1001 29adb88f32 fix: use correct define 2019-03-09 11:49:56 +01:00
Philippe Teuwen 60f292b18e remove spurious spaces & tabs at end of lines 2019-03-09 08:59:13 +01:00
merlokk 3b21b17509 move mifare stuff to its folder 2019-02-21 19:15:46 +02:00
merlokk cf21f046d8 arm side 2019-01-30 18:15:47 +02:00
merlokk 1b3d96ab2d add apdu chaining to arm side 2019-01-29 19:30:15 +02:00
iceman1001 f215ebef80 Refactored 'lf t55xx brute', split it up into two commands. 
- lf t55xx brute  (tries bruteforcing a range of pwds
- lf t55xx chk    (uses dictionary file or RDV4 flashmem)

FIX: adjust lf sim (@marshmellow42)  see 7008cf9c15
"attempt to speed up the loops waiting for carrier signal to go high or low
by only checking for a halt (button press or usbpol) every 256th loop
iteration. some users were experiencing modulating reactions to be too slow.

ADD: 'lf t55xx chk'
It uses @marshmellows42 idea behind commit  (6178b085a0)
With calculating a baseline (read block0 32times and average the signal-ish) and sampling only 1024 signal data. The algo then proceeds to calc the average and keep track of the candidate which is given the most difference in signal data average value.    I do some squaring and shifting for this.
The candidate is then send back to client to be tested properly with  trymodulation like before.

This seems to work good on t55xx card which has a ASK configuration.

WORK-IN-PROGRESS
 2019-01-11 14:46:27 +01:00
iceman1001 0dee369a58 FIX: 'hf tune' - now works... 2019-01-06 20:28:23 +01:00
iceman1001 0fb0c35308 CHG: 'mem load' - the possibility to upload default_iclass_keys.dic, default_keys.dic, default_pwd.dic to predefined flashmemory sections. These will be used in pwd / key checking algorithms on device. 
CHG: 'script run read_pwd_mem.lua' - script now can print those uploaded dictionary files.

How to upload
pm3 --> mem load f default_iclass_keys i
pm3 --> mem load f default_keys m
pm3 --> mem load f default_pwd t

How to validate / view
PM3 -->scr run read_pwd_mem -o 237568 -k 8
pm3 -->scr run read_pwd_mem -o 241664 -k 6
pm3 -->scr run read_pwd_mem -o 245760 -k 4
 2019-01-01 18:01:40 +01:00
merlokk f32088e25c fix states and get rid of INS code in receive (that code checks by controller) 2018-12-18 14:33:28 +02:00
merlokk 1941b9ca8b sdd sc raw t0 2018-12-17 23:48:05 +02:00
Chris 73230c8d15 chg: 'trace list 7816' - missing command 
chg: 'sc raw' - inverted select logic
 2018-11-13 22:29:33 +01:00
Chris dc67b5d7c9 chg: revert fpga_major mode in LF. 
chg: 'lf t55xx deviceconfig'  - persistence to flashmem is now option with param P
 2018-09-23 05:29:55 +02:00
Chris ba2543b627 ADD: 'lf t55xx deviceconfig' - command that allows for setting t55xx timings via the client. If run on a RDV40, it also saves the config to flashmemory. This gives you option to have custom timings for your custom antenna in order for your RDV40 to work optimal against a t55xx tag and with your custom antenna. (@iceman) 2018-09-11 18:35:07 +02:00
Colin J. Brigato c74dbb63b8 Pass 2; commit 2; 2018-09-06 05:24:50 +02:00
Chris bacf8aff0f add: FPC connector skeleton usart. Not working but if will be a starting point for those who might want to help out with it. 2018-07-30 09:54:44 +02:00
Chris 714de99f82 chg: i2c fixes. all working. 
chg: 'sc info'  now prints url to atr decoder.
chg: 'sc reader' has more options  A, S
 2018-07-09 11:22:51 +02:00
Chris 79158c7360 chg; preparing for more cmds. 2018-07-06 00:24:04 +02:00
Chris fca841122f chg: 'sc reader' - hooked up atr. 2018-07-05 16:32:10 +02:00
Chris ee006c6a7b add: sc upgrade - beta test 2018-07-05 14:38:31 +02:00
Chris 44e300930f fix: sc upg 2018-07-05 11:22:43 +02:00
Chris 35b7989b1c chg: OR in values. 2018-07-02 18:54:12 +02:00
Chris f4ef31c4be chg: OR in registry changes when setting LOW or HIGH instead of assigning. A nicer behavior not messing with previous set bits. 2018-06-23 06:41:51 +02:00
Chris e5e990fd4f chg: adjustment to RDV40 gpios, since it make use of some previous used for other things.. 2018-06-23 06:40:01 +02:00
Chris ddd9f4e0fd chg: preparation for smart card 2018-06-23 06:39:23 +02:00
Chris 5a22a72e9c chg: some preparations for iso15 refactor 2018-06-23 06:37:08 +02:00
iceman1001 6b7819276d add: 'mem info' - rudamentary support for new command. 2018-05-06 09:26:06 +02:00
iceman1001 021c0a1349 ADD: 'mem' commands. For RDV40 devices only. 
If you don't have one,  comment out inside client/Makefile this line

CFLAGS += -DWITH_FLASH
 2018-05-03 12:15:03 +02:00
iceman1001 f64e244823 chg: define 2018-04-20 19:48:13 +02:00
iceman1001 a615fd6a9e chg: smartcard , testing to use pwm clock instead of timer clock. 
chg: added some comments
 2018-04-16 19:58:49 +02:00
Colin J. Brigato 9147698e97 UPDATES HF_COLIN to current 2018-03-10 13:13:21 +01:00
iceman1001 802994d30a add: 'hf 14 antifuzz' - the outline for the new functionality which fuzzes the anticollision phase ISO 14443a. 2018-02-28 13:21:47 +01:00
iceman1001 180e3d4df9 chg: adaptations for global debug var to be accessible 2018-02-21 14:59:06 +01:00
iceman1001 d54c4d3e05 chg: SPI tests for flashmem on PA10. (aka pm3 evo) Peripheral B, fixed. 2018-02-20 12:03:11 +01:00
iceman1001 a21ab49f14 chg: moved flash mem config for spi into flashmem.c 
chg:  fpgasendcommand,  now waits until command has been sent to fpga.
 2018-02-18 10:35:36 +01:00
iceman1001 1709c1ce1a chg: flash_mem - hooked up client - device comms 2018-02-13 15:36:20 +01:00
iceman1001 0495e93b6d add: flash memory support 2018-02-13 14:12:28 +01:00
iceman1001 ad73af95c2 ADD: beginning to add SPI to access flash memory. 2018-02-13 11:41:23 +01:00
iceman1001 75d04307a1 chg: adapting some HF voltage readings. 2018-02-07 13:11:10 +01:00
iceman1001 b06579e0d5 chg: 'hf felica reader' the felica_select_card struct got more properties 2018-01-30 03:32:33 +01:00
iceman1001 bf25b1c9ba chg: crc16 got a compute_crc function 2018-01-30 03:31:11 +01:00
iceman1001 095b3af43b CHG: 'hf 15' - swapped crc impl to table based. 2018-01-29 15:55:56 +01:00
iceman1001 29c15b3480 cHG.. missing 2018-01-29 13:48:18 +01:00
iceman1001 3634327bef chg: code cleaning. 2017-12-21 12:42:32 +01:00
iceman1001 5eafdbf872 ADD: 'hf iclass check' - increased speed in check keys with new algo. 
ADD: 'hf iclass' - trying to add the timeout-limits for commands in order to get a more stable iclass communication
 2017-12-21 10:13:40 +01:00
iceman1001 e02e145fae draft for a Mifare classic NACK bug detection. 
the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug.

-in short, ref  https://github.com/iceman1001/proxmark3/issues/141
NACK bug;  when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct.

This is a strong oracle which is used in the darkside attack.
 2017-12-04 19:36:26 +01:00