RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-22 00:06:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
2393 commits 3 branches 14 tags 86 MiB
Commit graph

146 commits

Author SHA1 Message Date
iceman1001 2dcf60f3df CHG: "hf mf hardnested" - less printing 
CHG: some filehandles = NULL.
 2016-10-21 16:06:53 +02:00
iceman1001 f885043422 FIX: "hf 14a read" / "hf mf *" / "hf mfdes info" and failure when calling these commands serveral times in row. 
For long transactions the sspclock compare with >1 instead of >=1 ..   Now the timer resets properly.
CHG: use some #define constants for iso-commands.
 2016-09-23 21:28:07 +02:00
iceman1001 5b4664e79f CHG: Adding clarity to the command helptext. 2016-09-01 20:36:42 +02:00
iceman1001 ba1324a5fe some text changes. 2016-08-24 14:58:50 +02:00
iceman1001 760157f50b CHG: added a verification to see if the found candidate key was able to validate against tag. If not ok, start darkside attack again. 2016-08-24 14:10:30 +02:00
iceman1001 6067df30c5 FIX: at least now the special zero parity attack, repeats and doesn't crash. However it doesn't find the key either :( 2016-08-10 10:55:29 +02:00
iceman1001 59e933fc3f started fixing the paritiy == 0 special attack against chinese clones with bad prng, which hasnt been working for ages. 2016-08-09 23:11:07 +02:00
iceman1001 d9ed4e1914 ADD: J-Run's 2nd phase tool mf_key_brute ref: https://github.com/J-Run/mf_key_brute Estimated time to search keyspace is ~18min. 
J_Run's 2nd phase of multiple sector nested authentication key recovery
You have a known 4 last bytes of a key recovered with mf_nonce_brute tool.
First 2 bytes of key will be bruteforced

Usage:  hf mf keybrute [h] <block number> <A|B> <key>
options:
      h               this help
      <block number>  target block number
      <A|B>           target key type
      <key>           candidate key from mf_nonce_brute tool
samples:
           hf mf keybrute 1 A 000011223344
 2016-08-08 17:49:30 +02:00
Alexis Green 170e7c9c51 FIX: erroneous semicolon 2016-08-07 20:07:25 -07:00
iceman1001 df007486f5 ADD: @donwan581 select keytype for the darkside attack. 2016-08-04 21:51:26 +02:00
iceman1001 2fdc489bb4 CHG: printing of progress dots is better now. 2016-05-19 12:47:23 +02:00
iceman1001 ea1ee62e55 CHG: better helptext 2016-04-29 22:24:08 +02:00
iceman1001 222bdb1cb3 Syntax suger 2016-04-24 21:43:38 +02:00
iceman1001 cd777a0545 FIX: Some Coverity Scan warnings. fread, not initialised etc etc 2016-04-23 18:23:46 +02:00
iceman1001 be6e909c5b FIX: time printing, like difftime in MINGW enviroments needs to use 32b time. 2016-04-23 13:02:20 +02:00
iceman1001 9ea10847ea CHG: timeing in chk keys, 2016-04-23 12:26:29 +02:00
iceman1001 fa0e0b109f CHG: moved out some usage_methods for help texts. 
CHG: added some time in the darkside, nested, hardnested, chk commands.
 2016-04-23 12:18:34 +02:00
iceman1001 5dc8b8fe27 CHG: unified some text messaged. 2016-04-23 11:43:02 +02:00
iceman1001 d948e0d140 CHG: 'hf mf chk' now correctly tests to read key B, when we specify target keytype B or ?. 
CHG: 'hf mf chk'  now correctly init all sector keys to 0xFFFFFFFFFFFF,  so it looks unified.
 2016-04-23 11:32:37 +02:00
iceman1001 6c84c90017 FIX: this fixes the "hf mf sniff l d f" command, which has been broken for a while. The cuid is correct used for decrypting. 
FIX: The flushing of logentries.
ADD: "hf mf sniff" - added the sniffing of UID's with a uidlen of 10.

Whats left? The key is not always found even if we use the "mfkey64" approach.

ADD: added the parity_zero attack in "hf mf mifare".  Still not working since piwi's changes to the iso14443a.c,  maybe needs a param to tell it to collect nonces for this special attack.
CHG: extracted some help-texts into usage_* methods. Changed some text as well

FIX:  "hf mf sim" command now uses both  mfkey32 and mfkey32_moebius version to find the key in attack mode.
CHG:  "hf mf sim" also now defaults to emul_memory to read a 4 byte UID.
 2016-04-18 13:18:02 +02:00
iceman1001 0194ce8fc8 ADD: simulating can now handle triplesized UID (10b) 
CHG: moved some mifare #DEFINES into protocols.h  (ACK,NACK..)
 2016-04-14 11:09:17 +02:00
iceman1001 2daa0d0b1e CHG: doesnt flush the printf() calls 2016-04-10 13:34:27 +02:00
iceman1001 c3559d162a textual changes 2016-03-23 14:04:10 +01:00
iceman1001 b03006794f CHG: removing some time-debug statements. 
CHG:  increased the time-out message 2sec, in proxmark,  to make "hf mf chk" work better.
CHG:  still trying to solve the "hf mf mifare" WDT_HIT bug.

With these changes,  the "hf mf chk" / "Hf mf nested" looks similar and should be a bit faster.
 2016-02-19 22:34:39 +01:00
iceman1001 b882b54314 FIX: introduced a bug in a loop by uint8_t inside crapto1.c 
CHG: textual helptext change in "hf mf nested"
CHG: loop inside "nested". Still not fast enough. I wonder if qsort can be exchanged for radixsort or bucket sort?
 2016-02-16 23:46:34 +01:00
iceman e7902ca0a5 chg: removed testmessage 2016-02-15 02:45:43 +01:00
iceman 480e2f2394 Merge branch 'master' of https://github.com/iceman1001/proxmark3 
Conflicts:
	client/cmdhfmf.c
	client/cmdmain.c
 2016-02-10 13:29:23 +01:00
iceman 847f7404ff CHG: added some timing messages, 2016-02-10 13:20:23 +01:00
iceman1001 a9e4e78f83 CHG: syntax suger 2016-02-10 13:12:01 +01:00
iceman1001 d294f5825d CHG: Syntax suger 
Experiment:  unfolded a loop.
Experiment: speeding up "Hf mf nested"
CHG: removed some default keys from "hf mf nested". It wasn't being used anyway.
CHG: changed the way "hf mf nested" reports back keys
CHG: "hf mf nested"  and "hf mf chk"   now prints the key-table.
CHG: changed the output list for "hf mf chk"
 2016-01-25 20:28:34 +01:00
iceman1001 f66114426b CHG: removed a debug statement 2016-01-21 13:01:07 +01:00
iceman1001 810f53792e ADD: added the possibility to choose which block num to attack with "hf mf mifare" Before it only worked on block 0. 2016-01-20 22:26:01 +01:00
iceman1001 0920f54c66 CHG: Remake the "hf mf chkkeys" It now prints the found keys like "hf mf nested" does. It also tries to read key B if Key A was found. It also continues to the next key to find, when there is one match. Earlier all keys in .dic file, was tested even if it was found. 2016-01-20 19:51:30 +01:00
iceman1001 495d7f1326 FIX: Coverity scan, forgot one fread ... 
CHG: Syntax suger
 2016-01-19 22:25:34 +01:00
iceman1001 b112787d4f ADD: Some instructions for configure CoverityScan using alternative compiler like the ARM-NONE-EABI-GCC 
FIX: stupid clock() == -1 on systems who doesn't have it..
 2016-01-19 21:48:29 +01:00
iceman1001 841d7af0dc FIX: Coverity Scan warnings on not using the fread return value. 2016-01-19 19:52:01 +01:00
iceman1001 a0f33b6682 CHG: started to clean up the crapto1 imp in client/nonce2key/ folder. 2016-01-19 17:22:18 +01:00
iceman1001 0697080e26 FIX: CoverityScan complains on getchar(), not reading the returning value 2016-01-19 16:58:07 +01:00
iceman1001 4750877f2d FIX: Coverity fix with resource leakage 
ADD: Implemented a addon to "hf mf nested"  if there is KEY_A 's found but not the same KEY_B,  try just read it from tag.
Makes the command a bit slower when it does these reads.   Plus some annoying debug statements,

CHG: changed the output for "hf mf nested"  to write Key A or B instead of 0 & 1..
 2016-01-16 23:02:04 +01:00
iceman1001 621601ecef ADD: some clocking for 'hf mf mifare', 'hf mf nested', 'hf mf chk' 2016-01-15 12:45:15 +01:00
iceman1001 4b8ee00f0d FIX: forgot to change a modified call from @pwpivi 's last update. 2016-01-13 12:49:21 +01:00
iceman1001 0d5ee8e245 ADD: @pwpiwi 's latest changes to 'hf mf hardnested' 2016-01-13 09:31:13 +01:00
iceman1001 95d96ea38a FIX: Coverity, Unintended sign extension, data[7] would have become int, then uint64_t. Should work better now with adding typecasting. 2016-01-12 23:40:57 +01:00
iceman1001 3906036e11 FIX: Coverity, Resource leak, CID #121361, filehandle f needs to be free 2016-01-12 23:38:47 +01:00
iceman1001 e683ecb6a5 FIX: Coverity, Resource leak, CID# 121360, keyBlock needs to be free 2016-01-12 23:37:33 +01:00
iceman1001 60daed79db FIX: Coverity, out-of-bounds write, CID#121340, CID#121341, CID#121342, CID#121343, wrong size in check, sprintf always adds a null terminator, so if filepath would have been 996 chars long, this might had happend... but no more. 2016-01-12 23:35:06 +01:00
iceman1001 f1db8c2207 CHG: Syntax suger 2016-01-12 23:29:05 +01:00
iceman1001 e72d1fbba2 FIX: Coverity, CID#121314, Explicit null dereferenced, in really odd occasions buf would be NULL, and sending NULL to memcpy dereferences it. Not sure about this fix. 2016-01-12 23:27:42 +01:00
iceman1001 28415b5d90 FIX: Coverity, unchecked return value, CID #121292,.. 
basicallty the flush queue commmand is replaced with clearCommandBuffer();.
 2016-01-12 22:30:22 +01:00
iceman1001 c46ea881a4 FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return. 
FIX: coverty scan, overflow in "hf 14a raw",  added an extra len check against USB_CMD_DATA_SIZE
 2016-01-08 14:30:56 +01:00