- hf mf rdsc (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39
- hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
- hf mf dump (add): added (optional) card size parameter and support for non 1K cards
- hf mf dump (fix): Access Condition 011 not handled correctly (tried to access with key A)
- hf mf restore (add): added (optional) card size parameter and support for non 1K cards
- hf mf nested (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39
- hf mf nested (fix): always dumped 16 keys to dumpkeys.bin instead of correct number
- hf mf chk (fix): always dumped 16 keys to dumpkeys.bin instead of correct number
- hf mf eget (fix): displayed three instead of one block
- hf mf eload (add): load 4K .eml files (but accepts 1K .eml files for backwards compatibility)
- hf mf esave (add): always save the whole emulator memory (4K) instead of 1K only
- hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
- output of debug messages caused communication failures due to timing issues.
hf mf dbg 4 now required to see these debug messages.
- changed help text for hf mf dbg
- fixed minor bugs in help texts for hf mf sim and hf mf ecset
- display "key A" or "key B" instead of "key=0" or "key=1 in hf mf sim
- tracing was not always enabled when starting hf mf sniff or hf 14a snoop
- ATQA was displayed in wrong byte order in hf mf sniff
- 4 Byte UIDs were displayed as 7 Byte UIDs (padded with 0x000000) in hf mf sniff
- same for logfile names.
- assignment (=) had been used instead of == in comparisons (shouldn't have been relevant though)
This is a new LF edge detection algorithm for the FPGA.
- It uses a low-pass IIR filter to clean the signal
(see https://fail0verflow.com/blog/2014/proxmark3-fpga-iir-filter.html)
- The algorithm is able to detect consecutive peaks in the same
direction
- It uses an envelope follower to dynamically adjust the peak thresholds
- The main threshold used in the envelope follower can be set from the ARM side
fpga/lf_edge_detect.v,
fpga/lp20khz_1MSa_iir_filter.v,
fpga/min_max_tracker.v: New file.
fpga/lo_edge_detect.v, fpga/fpga_lf.v: Modify accordingly.
armsrc/apps.h (FPGA_CMD_SET_USER_BYTE1,
FPGA_CMD_SET_EDGE_DETECT_THRESHOLD): New FPGA command.
fpga/fpga_lf.v: Modify accordingly/Add a 8bit user register.
fpga/fpga_lf.bit: Update accordingly.
fpga/tests: New directory for testbenches
fpga/tests/Makefile: New file. It compiles the testbenches
and runs all the tests by default (comparing with the golden output)
fpga/tests/tb_lp20khz_1MSa_iir_filter.v,
fpga/tests/tb_min_max_tracker.v,
fpga/tests/tb_lf_edge_detect.v: New testbenches
fpga/tests/plot_edgedetect.py: New script to plot the results from
the edge detection tests.
fpga/tests/tb_data: New directory for data and golden outputs
- fixed a circular buffer rollover bug in iso14443a.c
- fixed 7 Byte UID handling in hf mf sniff
- fixed "cannot append" error in hf mf sniff d
- fixed hint on mfkey32 in hf mf sim x
- fixed hf mf sniff sometimes showing rogue data from previous calloc
- improve snooping/sniffing by syncing modulation detector window with reader signal (hi_iso14443a.v)
- code cleanup of hi_iso14443a.v
- enhanced tracing: hf 14a list now shows meaningful timing information. With new option f it also shows the frame delay times (fdt)
- small fix for hf 14b list - it used to run into the trace trailer
- hf 14a sim now obeys iso14443 timing (fdt of 1172 or 1234 resp.)
Note: you need to flash FPGA as well.
More details in http://www.proxmark.org/forum/viewtopic.php?pid=9721#p9721
- PM: used GetCountMifare in MifareNested() for improved timing accuracy and to deliver better quality nonces
- PM: MifareNested now delivers exactly two different nonces to avoid time consuming multiple lfsr_recovery32() on client side
- Client: replaced quicksort by bucketsort in crapto1.c which is faster
- Client: use multithreading (two parallel calls to lfsr_recovery32())
- Client: fixed a small bug in mfnested() (always showed trgkey=0)
- Client: introduced a mutex for PrintAndLog() to avoid interlaced printing
Minor rework of hf mf chk:
- Avoid time consuming off/on cycles. Send a "halt" instead.
* Modified commands (lf em4x):
em410xwatch ['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)
em410xwrite <UID> <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate
* Better option checking for em410xwrite & fix for uninitialized vars
* Increased samples from 2000 to 4000 in em410xwatch (2000 is OK for clock=64, but too few for clock=32)
This fixes the bug that the USB communication breaks when collecting PACE nonces with no delay. The delay functionality has not been removed (it doesn't hurt to keep it), but using a delay of 0 is now possible without a high risk of getting too many errors.
-new files armsrc/epa.[ch] for ePA (electronic "Personalausweis") related functions
-Offers elementary functions (EPA_PACE_MSE_Set_AT etc.)
-Also offers one new USB command: EPA_PACE_Collect_Nonce
-created new command subtree in client: client/hfepa.[ch] ("hf epa")
-offers "hf epa cnonces" (collect encrypted PACE nonces)
-more to come
-According to ISO14443-4, the block number (bit 0) in the PCB needs to be flipped every once in a while. Not doing so leads to the card not responding to commands anymore. The flipping is done according to the standard now.
-Declare iso14_apdu in iso14443a.h to enable usage from other .c files
-iso14_apdu now returns 0 if ReaderReceive returned 0 (to distinguish between the case that ReaderReceive returns -1 and the case that it returns 0)
-Added a new function to change the timeout (to enable changing it from other .c files without the need for a global variable)
