Henry Gabryjelski
cc2bae2f4d
lf em 4x70 writekey
--> lf em 4x70 setkey
2024-03-13 09:38:35 -07:00
Henry Gabryjelski
ba83ac065e
lf em 4x70 writepin
--> lf em 4x70 setpin
2024-03-13 09:25:43 -07:00
Henry Gabryjelski
160d61682b
Add lf em 4x70 autorecover
...
Also:
* common.h: Increase safety of some of the macros.
Parenthesizing the macro parameters ... a best practice.
* firmware: partially-tracked source of "extra bits" messages.
Add a TODO comment for further study.
* Improve reliability of `lf em 4x70 writekey`
Authenticate w/new key after it is written.
Particularly important for glass modules,
or other tags with weaker coupling.
2024-03-11 17:14:03 -07:00
iceman1001
4774bb20ef
text
2024-03-08 11:59:50 +01:00
iceman1001
94aab17705
text
2024-03-07 21:08:54 +01:00
iceman1001
9de6f59136
modified standalone mode hf_unisniff. It now also sniffs iclass. Another option added was for hw standalone -b, which allows you to trigger a particular sniff from client. Good for debugging w/o need to recompile or upload a config file.
2024-03-06 21:07:42 +01:00
iceman1001
41696acc19
the key type was wrong in the output. I figure this should fix it
2024-03-04 08:48:39 +01:00
Iceman
a0b26257db
Merge branch 'master' into id48
...
Signed-off-by: Iceman <iceman@iuse.se>
2024-03-03 22:06:54 +01:00
iceman1001
a5594d5f3c
style, receive_ng_internal, when receiving NG frames we have an extra buffer. Somehow it seems to the be cause of issues with long emrtd dumps
2024-03-03 22:02:38 +01:00
Henry Gabryjelski
5b038631ca
Comments change only
2024-03-03 12:16:16 -08:00
Iceman
547ffdef6b
Merge pull request #2299 from francesco-scar/led_order_proxmark3_easy
...
Added led order parameter (for Proxmark3 Easy board)
2024-02-21 20:31:49 +01:00
iceman1001
5a7bb278aa
style
2024-02-20 11:14:44 +01:00
iceman1001
2ed69ad8f7
style
2024-02-20 11:14:17 +01:00
iceman1001
ac46d81244
Revert "Release v4.18218 - DEFCON is Cancelled"
...
This reverts commit 8b6d8cbb79
.
2024-02-18 20:53:52 +01:00
iceman1001
8b6d8cbb79
Release v4.18218 - DEFCON is Cancelled
2024-02-18 20:53:52 +01:00
iceman1001
9f4be280e0
style
2024-02-18 20:14:32 +01:00
francesco-scar
2ba0fbdcde
Added led order parameter (for Proxmark3 Easy board)
2024-02-18 12:57:26 +01:00
iceman1001
452981faa4
fix breaking compilation
2024-02-17 12:50:05 +01:00
iceman1001
f5e976afa6
style
2024-02-16 21:59:45 +01:00
iceman1001
c544d67d2b
Thanks to the user jareckib for his solution of adding two extra blocks to t5577 in order to clone a more modern Electra tag. Find it under the extra param lf em 410x clone --electra
2024-02-16 21:21:02 +01:00
iceman1001
7990425a1c
debug print lengths
2024-02-16 17:33:22 +01:00
iceman1001
eb85438b8e
Merge branch 'master' of github.com:RfidResearchGroup/proxmark3
2024-02-16 17:30:53 +01:00
iceman1001
99e7a647bf
fix lengths
2024-02-16 17:30:14 +01:00
wh201906
710c8ede8e
Better hw detectreader
...
Fix regression in 5f831ee776
Add support for switching modes by keyboard
2024-02-16 21:52:27 +08:00
iceman1001
0079493a36
simplified aes auth
2024-02-16 13:19:24 +01:00
iceman1001
bfcdce9613
adapt header file
2024-02-15 18:15:17 +01:00
iceman1001
3a76523276
use CBC ...
2024-02-15 17:53:04 +01:00
iceman1001
701dba34e4
adapt debug messages to 16/32
2024-02-15 17:18:14 +01:00
iceman1001
fccaee37b5
aes is 16 bytes
2024-02-15 17:12:34 +01:00
iceman1001
a4759c4ecd
length check
2024-02-15 16:47:21 +01:00
iceman1001
c4c1601446
added rudimentary functions for doing AES authentication against MIFARE UL AES tags. (wip)
2024-02-15 16:20:47 +01:00
iceman1001
6597a1705a
text
2024-02-04 23:20:56 +01:00
iceman1001
7c6d60e7ef
style
2024-02-03 16:05:58 +01:00
Christian Zietz
c1b23a761c
Use struct for parameter passing in CMD_HF_ISO14443A_SET_THRESHOLDS
2024-02-03 12:09:08 +01:00
Christian Zietz
404d0a8c7b
Fix 'make style' findings
2024-02-02 20:51:56 +01:00
Christian Zietz
43b257ddb4
Make demodulation threshold for Legic configurable
...
This adds a new parameter to the "hw sethfthresh" command.
2024-02-02 20:51:49 +01:00
Christian Zietz
dbfd8b7a6d
Make detection threshold for ISO14443A configurable
...
This adds a new command "hw sethfthresh" to configure the thresholds
used inside the FPGA while demodulating ISO14443A. The thresholds
need to be increased on particularly noisy hardware, such as certain
Chinese PM3 Easy clones.
2024-02-02 20:51:05 +01:00
iceman1001
81ce1fd4ab
changed magic detection to use flags. Fixes previous problems with magic ntag, also renamed defines to seperate them better.
2024-02-02 15:53:57 +01:00
iceman1001
0afeb77c82
14b sim clean up
2024-01-28 12:30:29 +01:00
iceman1001
5028d6f664
style
2024-01-28 11:16:45 +01:00
iceman1001
c7af357dc1
style
2024-01-26 20:48:41 +01:00
iceman1001
adfab4992d
not clear how the slot marker / anticollision loop works for xerox but we seem to ignore retlen
2024-01-26 19:48:52 +01:00
iceman1001
d5e99e394e
clean
2024-01-26 18:52:30 +01:00
iceman1001
0796209ee4
xerox doesnt use framing
2024-01-26 16:48:01 +01:00
nvx
e22776a7e0
style
2024-01-26 20:20:25 +10:00
nvx
49f7ae57dc
Changed hf mf gdmcfg/gdmsetcfg commands to support Gen1a and GDM Alt magic wakeups
...
This was implemented with a new pair of RPCs CMD_HF_MIFARE_READBL_EX and CMD_HF_MIFARE_WRITEBL_EX
these RPCs support all combinations of read/write commands, wakeup, and auth options so
in time can replace the other MFC read/write commands too reduce armsrc code size
and complexity.
Also added config parsing for the gdm cfg block when reading with hf mf gdmcfg and
explicitly with hf mf gdmparsecfg.
2024-01-26 20:09:08 +10:00
iceman1001
2288c7e72b
less memory footprint
2024-01-25 16:23:00 +01:00
iceman1001
acdda19316
style
2024-01-25 16:21:41 +01:00
iceman1001
b7928eb85e
text
2024-01-25 11:22:55 +01:00
iceman1001
efc8c0b8ab
added a interactive flag for hf14asniff, and unified text across the project
2024-01-25 10:21:36 +01:00
Yann GASCUEL
f4d4e975ee
iso15sim: init earlier to prevent other FPGA loading issue
2024-01-25 08:54:10 +01:00
iceman1001
414275802d
style
2024-01-25 01:55:07 +01:00
iceman1001
28b887aedb
text
2024-01-25 01:45:18 +01:00
iceman1001
8456e41b02
forgot the reverse part
2024-01-25 00:37:15 +01:00
iceman1001
ba578ee139
hf 15 sim, reverse uid and a shorter read from emul to get uid if none is user given
2024-01-25 00:34:05 +01:00
iceman1001
6c1ebc3398
cleaning up redundant functions. the extra checks in bigbuff might affect simulation
2024-01-24 23:41:48 +01:00
iceman1001
3f82965fa8
style
2024-01-24 23:37:27 +01:00
iceman1001
a6fa662d3c
increase upload block size for 15 eload, was 64 now 256
2024-01-24 23:37:13 +01:00
iceman1001
2d9c1a941c
style
2024-01-24 18:18:13 +01:00
iceman1001
db616ce7bf
style
2024-01-24 17:12:56 +01:00
Iceman
769a0aa26b
Merge pull request #2270 from martian/rename-cmdreadmem-flag
...
Rename CMD_READ_MEM_DOWNLOAD flag.
2024-01-24 17:11:15 +01:00
Martijn Plak
6202da367f
coding style
2024-01-24 17:05:37 +01:00
Martijn Plak
1d14bc38c5
Rename CMD_READ_MEM_DOWNLOAD flag.
...
It got included in pm3_cmd.lua but shouldn't be because it's not a command.
Also, the bitshift in the value upsets some versions of lua.
2024-01-24 16:36:52 +01:00
Yann GASCUEL
c1bc9f75f6
iso15sim: fix type issue to make CodeQL happy
2024-01-24 15:47:39 +01:00
Yann GASCUEL
e5f519e085
iso15sim: fix tag initialisation when full 00 uid provided
2024-01-24 13:59:13 +01:00
Yann GASCUEL
aabbf7d4b2
iso15sim: enhance parameter controls and add reply when error
2024-01-24 13:59:13 +01:00
Yann GASCUEL
05912ff130
iso15sim: rename, move and PACK iso15_tag struct to be usable in client
2024-01-24 13:59:13 +01:00
Yann GASCUEL
a9b068108b
iso15sim: fix: typo
2024-01-24 13:59:13 +01:00
Yann GASCUEL
c8dce595ba
hf15sim: fix: ignore manifacturer code is present in requests
2024-01-24 13:59:13 +01:00
Yann GASCUEL
548b804650
standalone: hf_15sim: fix typo
2024-01-24 13:59:13 +01:00
Yann GASCUEL
7cd9f20efb
iso15sim: add support for addressed requests including IC number
2024-01-24 13:59:13 +01:00
Yann GASCUEL
f71eaaec55
iso15sim: add suppot for SET_PASSWORD
2024-01-24 13:59:13 +01:00
Yann GASCUEL
4a45aaf065
standalone: hf_15sim: adapt instruction depending on flash presence
2024-01-24 13:59:13 +01:00
Yann GASCUEL
d73576ecf5
standalone: hf_15sim: text/debug fix
2024-01-24 13:59:13 +01:00
Yann GASCUEL
afa821b3ec
iso15sim: fix: reset error to 0 after an error append
2024-01-24 13:59:13 +01:00
Yann GASCUEL
8dc87d5432
iso15sim: get more variable randoms
2024-01-24 13:59:13 +01:00
Yann GASCUEL
a72e72a0f7
standalone: hf_15sim: reduce debug
2024-01-24 13:59:12 +01:00
Yann GASCUEL
bad694d779
iso15sim: unfix the random number
2024-01-24 13:59:12 +01:00
Yann GASCUEL
40069f6fd1
iso15sim: fix compile issue: remove unused variable
2024-01-24 13:59:12 +01:00
Yann GASCUEL
9611b411da
iso15sim: fix: remove reader command tracing from SimTagIso()
...
It's now already included in GetIso15693CommandFromReader().
2024-01-24 13:59:12 +01:00
Yann GASCUEL
120c9ab534
iso15sim: fix addressed request minimal size
2024-01-24 13:59:12 +01:00
Yann GASCUEL
5e2ff11838
iso15sim: fix CRC lenght calculation du to change in Crc16ex()
2024-01-24 13:59:12 +01:00
Yann GASCUEL
4365378a2c
iso15sim: safer flag ckecking
2024-01-24 13:59:12 +01:00
Yann GASCUEL
e6a509b8a7
iso15sim: fix reversed UID print
2024-01-24 13:59:12 +01:00
Yann GASCUEL
90c6dcd355
HF_15SIM: fix & add debug info
2024-01-24 13:59:12 +01:00
Yann GASCUEL
fa3c2e386b
improve iso15 sniff quality
2024-01-24 13:59:12 +01:00
Yann GASCUEL
3327b23edd
iso15sim fix & clean
2024-01-24 13:59:12 +01:00
Yann GASCUEL
f8514f48d7
standalone: add HF_15SIM Standalone mode code source
...
Also add it into documentation and build_all_firmwares.sh
(standalone mode was added in Standalone Makefiles in a previous commit)
2024-01-24 13:59:12 +01:00
Yann GASCUEL
b62bedc1dc
iso15sim: add support for GET_RANDOM_NUMBER and ENABLE_PRIVACY
2024-01-24 13:59:12 +01:00
Yann GASCUEL
2a73285573
iso15sim rework: add support for lot of commands
2024-01-24 13:59:12 +01:00
iceman1001
d608d85e3b
felica... shouldnt print dbhexdump.. it should be on client side
2024-01-23 19:18:44 +01:00
iceman1001
2be0bd14ee
revert change of DMA size
2024-01-23 19:17:45 +01:00
iceman1001
081ff216eb
style
2024-01-23 15:28:50 +01:00
nvx
da564aed3c
Fix hf sniff
...
This was broken in commit 17ab86c52
as the forced rounding up of
the size to 4-byte alignment in BigBuf_malloc made the size check
possibly larger than the buffer size as the check was always +3 on
the requested size rather than the rounded size. This was made
worse by BigBuf_max_traceLen not taking into account alignment
either and the alignmentn check in hfsnoop.c checking to 2 byte
alignment instead of 4 byte alignment.
The alignment size check now checks the size after alignment
rounding, and BigBuf_max_traceLen takes into account alignment
losses too reducing the need for BigBuf consumers to have to care
about alignment.
2024-01-24 00:10:05 +10:00
Martijn Plak
ebdd30e92c
readmem (ARM): boundary check against end of addressable space
2024-01-23 08:41:53 +01:00
Martijn Plak
e35385fde1
Adding processor flash memory reading, viewing and writing to file.
...
Works when the device is running either osimage or bootloader.
- New memory reading command in osimage and bootloader.
- Extended 'hw readmem' command with length parameter, file writing and hex viewer.
- Introduced '--dumpmem' option to proxmark3 executable to support dumping from bootloader.
Simple interactive examples:
hw readmem -f flashdump
hw readmem -l 1024
CLI example:
./pm3 --dumpmem flashdump.bin
Reading from arbitrary memory ranges can be unlocked using the 'raw' option.
2024-01-22 16:40:05 +01:00
iceman1001
22fd440c83
style
2024-01-18 16:41:13 +01:00
iceman1001
5e4796c57b
remove some debug statements
2024-01-18 16:32:13 +01:00
PhaseLoop
32a55654c4
Merge branch 'master' into bruteforce-smart-mode
2024-01-16 20:35:59 +00:00
PhaseLoop
dd859a2061
add smart bruteforce mode to MF Classic and EM4x50
2024-01-16 20:06:03 +00:00
iceman1001
3268621fe0
Lowered the initial wait, Heuristic decided. Might need to look at Picopass datasheet and verify :)
2024-01-16 16:21:45 +01:00
iceman1001
730cc21f08
fix the field is off check
2024-01-16 15:49:35 +01:00
iceman1001
acaaeea450
picopass uses a different CRC algo
2024-01-16 15:32:43 +01:00
iceman1001
2981dd94f7
had to keep track if the field is on or off on deviceside for 14b raw.\nAdded picopass ISO14443-B anticollision. It allows us to send raw packages over 14b.
2024-01-16 15:12:16 +01:00
iceman1001
5b31211971
style
2024-01-16 11:53:42 +01:00
iceman1001
70b4bee761
reworked the 14B comms. Uses NG packets now. Most raw / apdu / write / rd got some love
2024-01-16 11:37:13 +01:00
iceman1001
73843fd366
testing to extent DMA buffer to 768 bytes
2024-01-15 17:36:19 +01:00
iceman1001
ca21348ff6
text
2024-01-15 17:14:04 +01:00
Iceman
5db2276602
Merge pull request #2249 from nvx/cardhopper_improvements
...
Multiple hf_cardhopper improvements
2024-01-15 13:11:24 +01:00
iceman1001
4df743c2a0
style
2024-01-15 13:08:55 +01:00
nvx
1828358ab0
Multiple hf_cardhopper improvements
...
Allow button presses to break
Handle non-zero CID from reader by relaying RATS to the card and improving PPS and WTX handling
More reliably cook ATS values
Ignore packets that look like they're coming from the client (NG packets)
2024-01-15 22:05:30 +10:00
iceman1001
02f5e729ca
added a new command "hf 15 wipe" which zeros out a card memory with writeblocks. Improved restore and wipe time. Also identified TI tags and their quirks. On device side when getting a error response from tag it doesnt care about eof package. So we send that one too. Which leads to a spurious package we ignore on client side.
2024-01-15 04:11:20 +01:00
iceman1001
36be4d9556
text and style for comparing
2024-01-15 01:14:58 +01:00
iceman1001
8d0b41a911
this commit fixes #2244 #2246 #1596 #2101 . Its kind of a big refactoring and I most likely broke something. With that said. Now: HF 15 commands now uses NG packets, hf 15 raw support -k keepfield on and -s select, hf 15 dump/rdbl/rdmulti should handle blocksizes of 4 or 8, the error messages are unified and error handling the same. Some understanding how add_option impacts response message from card. A more clear separation between PM3 flags and ISO15693 protocol flags.
2024-01-14 14:23:51 +01:00
PhaseLoop
8e0e8e2240
Merge branch 'master' into bruteforce-smart-mode
2024-01-13 16:53:05 +00:00
iceman1001
e69b46f6f6
logging enabled for 14b readblock.\nsupport for tearoff in 14b adpu\nfixed a bug in 14b raw when adding crc\n raw command should now not touch reserved emulator memory when freed
2024-01-09 13:07:43 +01:00
iceman1001
1efb38ba98
fix hf 14b dump command not lock up every other call and modified the output.
2024-01-09 10:22:27 +01:00
iceman1001
dae8f4ac4b
forgot one
2024-01-08 23:48:45 +01:00
iceman1001
562faa8489
removed the inconsistency of both being a status value and length value
2024-01-08 23:40:45 +01:00
iceman1001
82aa6ac08c
gave 14b commands some serious love and overhaul. package handling for APDU and different selects is improved. return codes now consequent
2024-01-08 21:17:42 +01:00
iceman1001
398803d930
adapt size of return messages in 14b
2024-01-07 22:34:08 +01:00
iceman1001
0c4a1066c1
text
2024-01-05 19:27:38 +01:00
iceman1001
b1a1ca8827
Revert "Release v4.17768 - Steamboat Willie"
...
This reverts commit 57eeb712fd
.
2024-01-03 01:59:39 +01:00
iceman1001
57eeb712fd
Release v4.17768 - Steamboat Willie
2024-01-03 01:59:39 +01:00
iceman1001
238572c337
style
2024-01-01 21:52:05 +01:00
iceman1001
21e54ba9b1
adjust 14b apdu which seems to trigger memory corruption device side
2024-01-01 21:49:32 +01:00
iceman1001
c54f6af925
code style, remove unneeded UID array allocations since we just dont use the UID later in those functions
2023-12-31 09:56:46 +01:00
iceman1001
3df5fb6d40
cleaned up style
2023-12-31 09:43:45 +01:00
iceman1001
873c1e57a3
cleaned up and reduced number of arrays used
2023-12-31 09:36:25 +01:00
iceman1001
f840dc810b
made keytype instead of fixed keyB. would help in situations keyB is readable...
2023-12-31 09:35:42 +01:00
iceman1001
1f4f5febae
adapt magic detection and textual output. Hf mf info - now uses found keys to send for magic detection
2023-12-30 23:08:58 +01:00
nvx
8f577ad963
Improved magic detection
...
Magic detection no longer stops when a single type is found as cards may support multiple types of magic, so all detected types will be reported now.
GDM/USCUID chips are now detected when GDM magic auth is disabled but magic WUP (40 or 20) is enabled.
Gen2/CUID/DirectWrite is now detected when default keys and ACLs are used by attempting to write to block 0 but aborting before actually completing the write.
2023-12-30 19:53:23 +10:00
nvx
33eaaa535f
Changed hf_cardhopper standalone mode to allow running over the internal Proxmark3 USB-CDC serial port.
...
This functionality can be enabled by adding the following to your Makefile.platform:
STANDALONE_PLATFORM_DEFS+=-DCARDHOPPER_USB
2023-12-29 22:06:57 +10:00
iceman1001
0eea4e31c4
fiddling with thinfilm, which suffers in simulation
2023-12-18 22:18:21 +01:00
iceman1001
f8f135a3b7
style
2023-12-18 10:11:11 +01:00
iceman1001
1c8b2110bb
reduce stack usage
2023-12-15 16:39:42 +01:00
iceman1001
20d95fa3ea
remove some more parity arrays
2023-12-15 09:33:02 +01:00
iceman1001
30c7ce1335
wait until timeout
2023-12-15 09:22:35 +01:00
iceman1001
c210b370fe
remove par
2023-12-15 09:13:20 +01:00
iceman1001
70520af03b
style
2023-12-14 23:38:04 +01:00
iceman1001
6b9963b12a
forgot to free the allocated memory
2023-12-14 23:37:37 +01:00
iceman1001
ab0ee92f57
the par[] array allocation was the root cause for the stack smashing. Making one static array to be reused across 14a functions took care of the issue.\nalso made the command allocation for ISO14 APDU sending a bigbuf allocation instead. Since nothing in the APDU has to do with EMULATOR memory etc. The trace log grows from start of bigbuff, allocations grows from end of bigbuff
2023-12-14 23:35:30 +01:00
iceman1001
95d1d5646f
an attempt to reduce some stack memory. No need for the debug printing to be 512 bytes. Now limited to 200 chars
2023-12-14 23:29:43 +01:00
iceman1001
f4f832e121
style
2023-12-14 00:33:02 +01:00
iceman1001
ee1534103b
make sure to turn off the antenna if entering this state
2023-12-14 00:31:09 +01:00
iceman1001
17ab86c52c
make sure limit match up with the multiple of 4 bytes alignment
2023-12-14 00:30:15 +01:00
merlokk
2517e8b345
make style
2023-12-12 01:11:10 +02:00
merlokk
91892bc1bf
add static encrypted nonce detection
2023-12-11 21:24:26 +02:00
merlokk
ebe9d72cc2
set debug log level
2023-12-11 18:46:25 +02:00
iceman1001
97e2d7f026
changed "data num" to accept -r -i parameters where it will reverse or inverse the values.\nrenamed some util functions
2023-12-07 16:44:31 +01:00