iceman1001
2e8d938bef
ADD: 'hf emv' - from @peterfillmore emv fork. A bit cleaned up and moved around. Should compile
2017-02-05 21:56:47 +01:00
iceman1001
cf5a79de33
ADD: 'hf 14a read' - correct identify Aztek tags, instead of claiming it to be "not mfu".
2017-02-04 12:32:14 +01:00
iceman1001
4401050bcc
ADD: 'hf standalone 14a mode", added "mifare 4k" detection.
...
ADD: 'hf 14a sim' - added mifare 4k simulation.
2017-02-01 14:41:06 +01:00
iceman1001
84bdbc1917
FIX: 'hf 14a sim x' - adjusted and shows messages when verbose.
...
FIX: 'hf mf sim x i' - same as above.
In general we only use Moebius attack for "sim x", that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
2017-01-29 23:09:23 +01:00
iceman1001
2ce218042d
CHG: 'hf 14a sim e' - it now has a parameter for setfoundkeys to emulator memory.
...
CHG: textual changes.
2017-01-29 13:21:17 +01:00
iceman1001
3b875041dc
FIX: 'hf 14a reader' - when card SAK was 0x00, it calls GetHF14AMfU_Type() to try to identify if it is a UL/NTAG etc. The bug is that it ignored the return value.
...
when return_value == UL_ERROR, it shall not print the mfu tagtype annotation.
---faulty behavior
proxmark3> hf 14a reader
UID : 65 93 7f d1
ATQA : 00 04
SAK : 00 [2]
Tag is not Ultralight | NTAG | MY-D [ATQA: 00 04 SAK: 00]
TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
2017-01-11 22:00:17 +01:00
iceman1001
ba39db376c
CHG: just some parameter / variable name changes. Nuttin' special.
2016-10-28 16:37:01 +02:00
Michael Farrell
32beef538e
hf {14a,mf} sim: v is for verbose
2016-10-27 23:37:00 +11:00
Michael Farrell
dfdbfa0702
hf mf sim: Be less verbose by default, add option "m" to turn maths back on (Issue #45 )
2016-10-27 23:37:00 +11:00
Michael Farrell
53f7c75a38
hf 14a: Fix typos in manufacturer list
2016-10-22 14:24:17 +11:00
iceman1001
cd79d97223
CHG: syntax suger
2016-10-08 19:14:35 +02:00
iceman1001
3c6542087e
CHG: @ikarus23 removed all missleadning warnings for GCC6.1.1.
2016-09-26 21:38:19 +02:00
iceman1001
823ad2e186
CHG: minor code cleaning in 'hf 14a reader'
2016-08-10 16:24:49 +02:00
iceman1001
52eeaef568
CHG: moved a defince arraylen into util.h and changed to uppercase.
2016-08-04 21:54:11 +02:00
Pavel Zhovner
57eba86be6
Typo in hf 14a sim help
2016-05-26 20:10:03 +03:00
iceman1001
f7c1a934d0
CHG: "hf 14a sim" now uses mfkey32 and mfkey32_moebius as methods to retrive the key in attack_mode.
2016-04-18 13:20:17 +02:00
iceman1001
0194ce8fc8
ADD: simulating can now handle triplesized UID (10b)
...
CHG: moved some mifare #DEFINES into protocols.h (ACK,NACK..)
2016-04-14 11:09:17 +02:00
iceman1001
6fc68747f6
ADD: well, starting with a luascript for reading calypso tags, made me remake the 14b raw command on client and device side. Sorry @marshmellow42 , but this one broke your "hf 14b info" implementation. I fixed the "hf 14b read" and the hf search. So not to bad, but still a bit broken. The 14b raw device side is now very similar to 14a raw. Which is good. There is a Standard 14b 0x050008 detection and STmicroelectronic 0x0600 detection on deviceside. This removes a lot of code client side.
...
I also made the SRi read functions better by combining them. The demodulation / uart code should be the same as last summers changes. The device side code can now be even smaller.
2016-03-20 19:33:07 +01:00
iceman1001
a0f33b6682
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-19 17:22:18 +01:00
iceman1001
a429510647
REM: Removed #define llx PRIx64, all these defines are located in proxmark3.h
2016-01-19 16:29:07 +01:00
iceman1001
4c685ac887
FIX: Coverity, unintended sign extention, CID #121363 , (numbits << 16) becomes int, then uint64_t. But the signness might set all upper bits to 1 in the process.
2016-01-12 22:33:54 +01:00
iceman1001
28415b5d90
FIX: Coverity, unchecked return value, CID #121292,..
...
basicallty the flush queue commmand is replaced with clearCommandBuffer();.
2016-01-12 22:30:22 +01:00
iceman1001
c46ea881a4
FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return.
...
FIX: coverty scan, overflow in "hf 14a raw", added an extra len check against USB_CMD_DATA_SIZE
2016-01-08 14:30:56 +01:00
iceman1001
9332b857ff
ADD: @marshmellow42 's fixes for Q5, t55xx, fskclock,
...
ADD: got tired of always writing wrong "hf 14a list", so I hooked it back up to call the "hf list" with argument. Things becomes smoother that way.
2015-12-16 11:01:46 +01:00
iceman1001
0956e0dba5
FIX: an error that I introduced to the csetblock command with wrong length of crc calcs.
...
CHG: variable name in csetblock change. just trying to be consistant.
ADD: code clean up in hf 14a, added some help text methods.
2015-11-10 11:45:45 +01:00
iceman1001
c2731f37be
CHG: a major remake of the "hf mf c*" commands. Ie chinese magic tags. Tried to make them consistent in parameter calls and simplified. And fixed the annoying gen1 tags that answers with a ACK/NACK on HALT commands..
2015-11-09 21:46:15 +01:00
iceman1001
e98572a1e2
I just merged @marshmellow's branch "iclass" and that was a lot of new functionality. *great work*
...
Things like the ICLASS, tryDecryptWord,
--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation, start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written, which has a lousy input check..
2015-10-07 23:00:46 +02:00
iceman1001
7838f4beba
MERGED: @holimans changes
...
MERGED: @piwi changes
MERGED: @marshmellows changes.
I'm not even gonna try write up all that stuff..
ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32. It is also inside the "hf 14a sim" with the "x" parameter.
2015-07-22 23:00:52 +02:00
iceman1001
32719adfa1
ADD: added support for some NTAG/EV1 commands to "hf 14a sim" on device side.
...
0x1B (authenticate)
0x3a (fast read)
0x60 (get_version)
This is used in a new mode on client, "hf 14a sim t 7"
2015-06-14 22:40:18 +02:00
iceman1001
c3c241f389
CHG: moved a xor function into util.c
...
CHG: added some calls to clearCommandBuffer() in /hf mfu/hf 14a sim/hf mf sim/ commands.
CHG: minor adjustments to relative pathing.
2015-05-26 11:04:57 +02:00
iceman1001
46cd801c5a
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain.
...
MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file
CHG: added @marshmellow42 changes to hf mfu dump layout.
ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory.
ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 13:10:55 +02:00
iceman1001
623db3559b
CHG: the new NTAG_i2c_1K enums, broke the uint16_t size.. Had to go up one level.
2015-05-20 19:26:11 +02:00
iceman1001
9cdd47c292
chg: @marshmellows changes to "hf 14a reader"
...
add: the experimental "hf 14a sim x" attack impl.
chg: sorry, but I never liked that sniffing was called snooping in this command. So I changed it to "sniff".
2015-05-16 15:30:17 +02:00
iceman1001
09c2a802a1
ADD: @holimans changes.
2015-05-05 00:31:02 +02:00
iceman1001
466bc4599c
CHG: fixed a better detection for Ultralight, Ultralight-C, Ultralight-EV1 tags.
...
--see https://github.com/Proxmark/proxmark3/issues/96
-- still todo, finding a good way of detecting Magic Ultralight-C tags.
-- thanks @marshmellow for pointing out proper UL-C tags responses is different.
2015-04-28 20:58:18 +02:00
iceman1001
abcb166ffe
ADD: a minor modification to "HF 14A READ" to enable the correct identification between ULTRALIGHT / ULTRALIGHT-C / ULTRALIGHT EV1 tags.
2015-04-24 18:19:51 +02:00
iceman1001
0ec548dc21
Merge branch 'master' of https://github.com/Proxmark/proxmark3
...
Conflicts:
armsrc/lfops.c
client/cmddata.c
client/cmdlf.c
client/cmdlft55xx.c
client/cmdlft55xx.h
client/scripts/test_t55x7_bi.lua
2015-03-24 11:45:31 +01:00
iceman1001
963fa1c2b8
FIX: minor correction of the command description for HF 14A RAW.
2015-03-11 22:43:49 +01:00
pwpiwi
04bc1c660b
fix: hf 14a raw was broken
...
(see http://www.proxmark.org/forum/viewtopic.php?id=2351 )
2015-03-11 20:19:30 +01:00
pwpiwi
19a700a8b5
hf 14a: if the tag supports it, set default timeout according to ATS
...
hf epa: remove explicit but arbitrary timeout settings
Bugfix: don't timeout when frame transmission has already started
2015-02-11 22:20:22 +01:00
iceman1001
df3e429d71
minor fix for a help in "hf 14a snoop"
2015-01-21 21:24:37 +01:00
iceman1001
5ee701292f
Step 2 - Ultralight / Ultralight-C
...
With this the Pentura Labs / Midnitsnakes's original ultralight / ultralight-c implementation is enhanced and move to its own file. cmdhfmfu.c
2015-01-20 21:23:04 +01:00
Martin Holst Swende
68033ed776
Fixed error when no match is found for uidmapping
2015-01-11 21:49:13 +01:00
iceman1001
79bf1ad2cc
ADD: Jonor's timeout patch for "Hf 14a raw".
...
minor code clean up
2015-01-07 23:23:17 +01:00
iceman1001
b915fda392
FIX: a solution for the issue "hf mf esave - always saves 4K"
...
FIX: a solution for the issue "hf eload, esave, cload, save - filepath variable too short"
CHG: minor code clean up.
ADD: AES / CRC16 for lua. (and tnp3xx scripts.)
ADD: tnp3dump.lua script to dump tnp3xx tags.
ADD: tnp3sim.lua script to let PM3 imitate an tnp3xx tag. Needs to be tested live
2015-01-07 22:00:29 +01:00
iceman1001
52ab55ab0d
ADD: added a lot of ic ids to cmdhf15.c Thanks to Asper for the list.
...
ADD: added a manufacturer list in "hf 14a reader", only viable when UID is double or triple size. Thanks to Asper for the list.
ADD: detect chinese magic backdoor commands in "hf 14a reader"
CHG: minor code clean up.
2015-01-07 21:06:15 +01:00
iceman1001
3fe4ff4f03
CHG: generic code clean up. Removal of commented code.
...
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD: tnp3xx support
ADD: nxp tag idents.
ADD: identifiction of chinese backdoor commands to hf 14a reader.
2015-01-05 15:51:27 +01:00
Martin Holst Swende
4c3de57ad2
Reworked how 'hf 14a list' and 'hf iclass list' works, to use the same method. Now. use 'hf list 14a' and 'hf list iclass' instead. Plus, the output is now annotated (although the annotation-engine could use a bit more love from someone more familiar with the available commands
2015-01-04 21:22:54 +01:00
pwpiwi
52bfb95543
bugfixes in iso14443a.c and hf 14a reader
...
- introduced with the big frame and parity support (commit 6a1f2d82
): tag responses with len%8 == 0 were dropped - thanks iceman for testing and finding
- after unsuccessful hf 14a reader the field stayed on. Thanks to iceman for proposing the fix.
2014-12-23 11:21:42 +01:00
pwpiwi
545f203826
adapted hf iclass list to new trace format
2014-12-20 21:32:44 +01:00