RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-20 23:36:31 +08:00
Code Issues Packages Projects Releases Wiki Activity
18860 commits 3 branches 14 tags 85 MiB
Commit graph

3722 commits

Author SHA1 Message Date
Henry Gabryjelski cc2bae2f4d lf em 4x70 writekey --> lf em 4x70 setkey 2024-03-13 09:38:35 -07:00
Henry Gabryjelski ba83ac065e lf em 4x70 writepin --> lf em 4x70 setpin 2024-03-13 09:25:43 -07:00
Henry Gabryjelski 160d61682b Add lf em 4x70 autorecover 
Also:
* common.h: Increase safety of some of the macros.
  Parenthesizing the macro parameters ... a best practice.
* firmware: partially-tracked source of "extra bits" messages.
  Add a TODO comment for further study.
* Improve reliability of `lf em 4x70 writekey`
  Authenticate w/new key after it is written.
  Particularly important for glass modules,
  or other tags with weaker coupling.
 2024-03-11 17:14:03 -07:00
iceman1001 4774bb20ef text 2024-03-08 11:59:50 +01:00
iceman1001 94aab17705 text 2024-03-07 21:08:54 +01:00
iceman1001 9de6f59136 modified standalone mode hf_unisniff. It now also sniffs iclass. Another option added was for hw standalone -b, which allows you to trigger a particular sniff from client. Good for debugging w/o need to recompile or upload a config file. 2024-03-06 21:07:42 +01:00
iceman1001 41696acc19 the key type was wrong in the output. I figure this should fix it 2024-03-04 08:48:39 +01:00
Iceman a0b26257db
Merge branch 'master' into id48 
Signed-off-by: Iceman <iceman@iuse.se>
 2024-03-03 22:06:54 +01:00
iceman1001 a5594d5f3c style, receive_ng_internal, when receiving NG frames we have an extra buffer. Somehow it seems to the be cause of issues with long emrtd dumps 2024-03-03 22:02:38 +01:00
Henry Gabryjelski 5b038631ca Comments change only 2024-03-03 12:16:16 -08:00
Iceman 547ffdef6b
Merge pull request #2299 from francesco-scar/led_order_proxmark3_easy 
Added led order parameter (for Proxmark3 Easy board)
 2024-02-21 20:31:49 +01:00
iceman1001 5a7bb278aa style 2024-02-20 11:14:44 +01:00
iceman1001 2ed69ad8f7 style 2024-02-20 11:14:17 +01:00
iceman1001 ac46d81244 Revert "Release v4.18218 - DEFCON is Cancelled" 
This reverts commit 8b6d8cbb79.
 2024-02-18 20:53:52 +01:00
iceman1001 8b6d8cbb79 Release v4.18218 - DEFCON is Cancelled 2024-02-18 20:53:52 +01:00
iceman1001 9f4be280e0 style 2024-02-18 20:14:32 +01:00
francesco-scar 2ba0fbdcde Added led order parameter (for Proxmark3 Easy board) 2024-02-18 12:57:26 +01:00
iceman1001 452981faa4 fix breaking compilation 2024-02-17 12:50:05 +01:00
iceman1001 f5e976afa6 style 2024-02-16 21:59:45 +01:00
iceman1001 c544d67d2b Thanks to the user jareckib for his solution of adding two extra blocks to t5577 in order to clone a more modern Electra tag. Find it under the extra param lf em 410x clone --electra 2024-02-16 21:21:02 +01:00
iceman1001 7990425a1c debug print lengths 2024-02-16 17:33:22 +01:00
iceman1001 eb85438b8e Merge branch 'master' of github.com:RfidResearchGroup/proxmark3 2024-02-16 17:30:53 +01:00
iceman1001 99e7a647bf fix lengths 2024-02-16 17:30:14 +01:00
wh201906 710c8ede8e
Better hw detectreader 
Fix regression in 5f831ee776
Add support for switching modes by keyboard
 2024-02-16 21:52:27 +08:00
iceman1001 0079493a36 simplified aes auth 2024-02-16 13:19:24 +01:00
iceman1001 bfcdce9613 adapt header file 2024-02-15 18:15:17 +01:00
iceman1001 3a76523276 use CBC ... 2024-02-15 17:53:04 +01:00
iceman1001 701dba34e4 adapt debug messages to 16/32 2024-02-15 17:18:14 +01:00
iceman1001 fccaee37b5 aes is 16 bytes 2024-02-15 17:12:34 +01:00
iceman1001 a4759c4ecd length check 2024-02-15 16:47:21 +01:00
iceman1001 c4c1601446 added rudimentary functions for doing AES authentication against MIFARE UL AES tags. (wip) 2024-02-15 16:20:47 +01:00
iceman1001 6597a1705a text 2024-02-04 23:20:56 +01:00
iceman1001 7c6d60e7ef style 2024-02-03 16:05:58 +01:00
Christian Zietz c1b23a761c Use struct for parameter passing in CMD_HF_ISO14443A_SET_THRESHOLDS 2024-02-03 12:09:08 +01:00
Christian Zietz 404d0a8c7b Fix 'make style' findings 2024-02-02 20:51:56 +01:00
Christian Zietz 43b257ddb4 Make demodulation threshold for Legic configurable 
This adds a new parameter to the "hw sethfthresh" command.
 2024-02-02 20:51:49 +01:00
Christian Zietz dbfd8b7a6d Make detection threshold for ISO14443A configurable 
This adds a new command "hw sethfthresh" to configure the thresholds
used inside the FPGA while demodulating ISO14443A. The thresholds
need to be increased on particularly noisy hardware, such as certain
Chinese PM3 Easy clones.
 2024-02-02 20:51:05 +01:00
iceman1001 81ce1fd4ab changed magic detection to use flags. Fixes previous problems with magic ntag, also renamed defines to seperate them better. 2024-02-02 15:53:57 +01:00
iceman1001 0afeb77c82 14b sim clean up 2024-01-28 12:30:29 +01:00
iceman1001 5028d6f664 style 2024-01-28 11:16:45 +01:00
iceman1001 c7af357dc1 style 2024-01-26 20:48:41 +01:00
iceman1001 adfab4992d not clear how the slot marker / anticollision loop works for xerox but we seem to ignore retlen 2024-01-26 19:48:52 +01:00
iceman1001 d5e99e394e clean 2024-01-26 18:52:30 +01:00
iceman1001 0796209ee4 xerox doesnt use framing 2024-01-26 16:48:01 +01:00
nvx e22776a7e0 style 2024-01-26 20:20:25 +10:00
nvx 49f7ae57dc Changed hf mf gdmcfg/gdmsetcfg commands to support Gen1a and GDM Alt magic wakeups 
This was implemented with a new pair of RPCs CMD_HF_MIFARE_READBL_EX and CMD_HF_MIFARE_WRITEBL_EX
these RPCs support all combinations of read/write commands, wakeup, and auth options so
in time can replace the other MFC read/write commands too reduce armsrc code size
and complexity.

Also added config parsing for the gdm cfg block when reading with hf mf gdmcfg and
explicitly with hf mf gdmparsecfg.
 2024-01-26 20:09:08 +10:00
iceman1001 2288c7e72b less memory footprint 2024-01-25 16:23:00 +01:00
iceman1001 acdda19316 style 2024-01-25 16:21:41 +01:00
iceman1001 b7928eb85e text 2024-01-25 11:22:55 +01:00
iceman1001 efc8c0b8ab added a interactive flag for hf14asniff, and unified text across the project 2024-01-25 10:21:36 +01:00
Yann GASCUEL f4d4e975ee iso15sim: init earlier to prevent other FPGA loading issue 2024-01-25 08:54:10 +01:00
iceman1001 414275802d style 2024-01-25 01:55:07 +01:00
iceman1001 28b887aedb text 2024-01-25 01:45:18 +01:00
iceman1001 8456e41b02 forgot the reverse part 2024-01-25 00:37:15 +01:00
iceman1001 ba578ee139 hf 15 sim, reverse uid and a shorter read from emul to get uid if none is user given 2024-01-25 00:34:05 +01:00
iceman1001 6c1ebc3398 cleaning up redundant functions. the extra checks in bigbuff might affect simulation 2024-01-24 23:41:48 +01:00
iceman1001 3f82965fa8 style 2024-01-24 23:37:27 +01:00
iceman1001 a6fa662d3c increase upload block size for 15 eload, was 64 now 256 2024-01-24 23:37:13 +01:00
iceman1001 2d9c1a941c style 2024-01-24 18:18:13 +01:00
iceman1001 db616ce7bf style 2024-01-24 17:12:56 +01:00
Iceman 769a0aa26b
Merge pull request #2270 from martian/rename-cmdreadmem-flag 
Rename CMD_READ_MEM_DOWNLOAD flag.
 2024-01-24 17:11:15 +01:00
Martijn Plak 6202da367f coding style 2024-01-24 17:05:37 +01:00
Martijn Plak 1d14bc38c5 Rename CMD_READ_MEM_DOWNLOAD flag. 
It got included in pm3_cmd.lua but shouldn't be because it's not a command.
Also, the bitshift in the value upsets some versions of lua.
 2024-01-24 16:36:52 +01:00
Yann GASCUEL c1bc9f75f6 iso15sim: fix type issue to make CodeQL happy 2024-01-24 15:47:39 +01:00
Yann GASCUEL e5f519e085 iso15sim: fix tag initialisation when full 00 uid provided 2024-01-24 13:59:13 +01:00
Yann GASCUEL aabbf7d4b2 iso15sim: enhance parameter controls and add reply when error 2024-01-24 13:59:13 +01:00
Yann GASCUEL 05912ff130 iso15sim: rename, move and PACK iso15_tag struct to be usable in client 2024-01-24 13:59:13 +01:00
Yann GASCUEL a9b068108b iso15sim: fix: typo 2024-01-24 13:59:13 +01:00
Yann GASCUEL c8dce595ba hf15sim: fix: ignore manifacturer code is present in requests 2024-01-24 13:59:13 +01:00
Yann GASCUEL 548b804650 standalone: hf_15sim: fix typo 2024-01-24 13:59:13 +01:00
Yann GASCUEL 7cd9f20efb iso15sim: add support for addressed requests including IC number 2024-01-24 13:59:13 +01:00
Yann GASCUEL f71eaaec55 iso15sim: add suppot for SET_PASSWORD 2024-01-24 13:59:13 +01:00
Yann GASCUEL 4a45aaf065 standalone: hf_15sim: adapt instruction depending on flash presence 2024-01-24 13:59:13 +01:00
Yann GASCUEL d73576ecf5 standalone: hf_15sim: text/debug fix 2024-01-24 13:59:13 +01:00
Yann GASCUEL afa821b3ec iso15sim: fix: reset error to 0 after an error append 2024-01-24 13:59:13 +01:00
Yann GASCUEL 8dc87d5432 iso15sim: get more variable randoms 2024-01-24 13:59:13 +01:00
Yann GASCUEL a72e72a0f7 standalone: hf_15sim: reduce debug 2024-01-24 13:59:12 +01:00
Yann GASCUEL bad694d779 iso15sim: unfix the random number 2024-01-24 13:59:12 +01:00
Yann GASCUEL 40069f6fd1 iso15sim: fix compile issue: remove unused variable 2024-01-24 13:59:12 +01:00
Yann GASCUEL 9611b411da iso15sim: fix: remove reader command tracing from SimTagIso() 
It's now already included in GetIso15693CommandFromReader().
 2024-01-24 13:59:12 +01:00
Yann GASCUEL 120c9ab534 iso15sim: fix addressed request minimal size 2024-01-24 13:59:12 +01:00
Yann GASCUEL 5e2ff11838 iso15sim: fix CRC lenght calculation du to change in Crc16ex() 2024-01-24 13:59:12 +01:00
Yann GASCUEL 4365378a2c iso15sim: safer flag ckecking 2024-01-24 13:59:12 +01:00
Yann GASCUEL e6a509b8a7 iso15sim: fix reversed UID print 2024-01-24 13:59:12 +01:00
Yann GASCUEL 90c6dcd355 HF_15SIM: fix & add debug info 2024-01-24 13:59:12 +01:00
Yann GASCUEL fa3c2e386b improve iso15 sniff quality 2024-01-24 13:59:12 +01:00
Yann GASCUEL 3327b23edd iso15sim fix & clean 2024-01-24 13:59:12 +01:00
Yann GASCUEL f8514f48d7 standalone: add HF_15SIM Standalone mode code source 
Also add it into documentation and build_all_firmwares.sh
(standalone mode was added in Standalone Makefiles in a previous commit)
 2024-01-24 13:59:12 +01:00
Yann GASCUEL b62bedc1dc iso15sim: add support for GET_RANDOM_NUMBER and ENABLE_PRIVACY 2024-01-24 13:59:12 +01:00
Yann GASCUEL 2a73285573 iso15sim rework: add support for lot of commands 2024-01-24 13:59:12 +01:00
iceman1001 d608d85e3b felica... shouldnt print dbhexdump.. it should be on client side 2024-01-23 19:18:44 +01:00
iceman1001 2be0bd14ee revert change of DMA size 2024-01-23 19:17:45 +01:00
iceman1001 081ff216eb style 2024-01-23 15:28:50 +01:00
nvx da564aed3c Fix hf sniff 
This was broken in commit 17ab86c52 as the forced rounding up of
the size to 4-byte alignment in BigBuf_malloc made the size check
possibly larger than the buffer size as the check was always +3 on
the requested size rather than the rounded size. This was made
worse by BigBuf_max_traceLen not taking into account alignment
either and the alignmentn check in hfsnoop.c checking to 2 byte
alignment instead of 4 byte alignment.

The alignment size check now checks the size after alignment
rounding, and BigBuf_max_traceLen takes into account alignment
losses too reducing the need for BigBuf consumers to have to care
about alignment.
 2024-01-24 00:10:05 +10:00
Martijn Plak ebdd30e92c readmem (ARM): boundary check against end of addressable space 2024-01-23 08:41:53 +01:00
Martijn Plak e35385fde1 Adding processor flash memory reading, viewing and writing to file. 
Works when the device is running either osimage or bootloader.

- New memory reading command in osimage and bootloader.
- Extended 'hw readmem' command with length parameter, file writing and hex viewer.
- Introduced '--dumpmem' option to proxmark3 executable to support dumping from bootloader.

Simple interactive examples:
  hw readmem -f flashdump
  hw readmem -l 1024
CLI example:
  ./pm3 --dumpmem flashdump.bin

Reading from arbitrary memory ranges can be unlocked using the 'raw' option.
 2024-01-22 16:40:05 +01:00
iceman1001 22fd440c83 style 2024-01-18 16:41:13 +01:00
iceman1001 5e4796c57b remove some debug statements 2024-01-18 16:32:13 +01:00
PhaseLoop 32a55654c4 Merge branch 'master' into bruteforce-smart-mode 2024-01-16 20:35:59 +00:00
PhaseLoop dd859a2061 add smart bruteforce mode to MF Classic and EM4x50 2024-01-16 20:06:03 +00:00
iceman1001 3268621fe0 Lowered the initial wait, Heuristic decided. Might need to look at Picopass datasheet and verify :) 2024-01-16 16:21:45 +01:00
iceman1001 730cc21f08 fix the field is off check 2024-01-16 15:49:35 +01:00
iceman1001 acaaeea450 picopass uses a different CRC algo 2024-01-16 15:32:43 +01:00
iceman1001 2981dd94f7 had to keep track if the field is on or off on deviceside for 14b raw.\nAdded picopass ISO14443-B anticollision. It allows us to send raw packages over 14b. 2024-01-16 15:12:16 +01:00
iceman1001 5b31211971 style 2024-01-16 11:53:42 +01:00
iceman1001 70b4bee761 reworked the 14B comms. Uses NG packets now. Most raw / apdu / write / rd got some love 2024-01-16 11:37:13 +01:00
iceman1001 73843fd366 testing to extent DMA buffer to 768 bytes 2024-01-15 17:36:19 +01:00
iceman1001 ca21348ff6 text 2024-01-15 17:14:04 +01:00
Iceman 5db2276602
Merge pull request #2249 from nvx/cardhopper_improvements 
Multiple hf_cardhopper improvements
 2024-01-15 13:11:24 +01:00
iceman1001 4df743c2a0 style 2024-01-15 13:08:55 +01:00
nvx 1828358ab0 Multiple hf_cardhopper improvements 
Allow button presses to break
Handle non-zero CID from reader by relaying RATS to the card and improving PPS and WTX handling
More reliably cook ATS values
Ignore packets that look like they're coming from the client (NG packets)
 2024-01-15 22:05:30 +10:00
iceman1001 02f5e729ca added a new command "hf 15 wipe" which zeros out a card memory with writeblocks. Improved restore and wipe time. Also identified TI tags and their quirks. On device side when getting a error response from tag it doesnt care about eof package. So we send that one too. Which leads to a spurious package we ignore on client side. 2024-01-15 04:11:20 +01:00
iceman1001 36be4d9556 text and style for comparing 2024-01-15 01:14:58 +01:00
iceman1001 8d0b41a911 this commit fixes #2244 #2246 #1596 #2101. Its kind of a big refactoring and I most likely broke something. With that said. Now: HF 15 commands now uses NG packets, hf 15 raw support -k keepfield on and -s select, hf 15 dump/rdbl/rdmulti should handle blocksizes of 4 or 8, the error messages are unified and error handling the same. Some understanding how add_option impacts response message from card. A more clear separation between PM3 flags and ISO15693 protocol flags. 2024-01-14 14:23:51 +01:00
PhaseLoop 8e0e8e2240 Merge branch 'master' into bruteforce-smart-mode 2024-01-13 16:53:05 +00:00
iceman1001 e69b46f6f6 logging enabled for 14b readblock.\nsupport for tearoff in 14b adpu\nfixed a bug in 14b raw when adding crc\n raw command should now not touch reserved emulator memory when freed 2024-01-09 13:07:43 +01:00
iceman1001 1efb38ba98 fix hf 14b dump command not lock up every other call and modified the output. 2024-01-09 10:22:27 +01:00
iceman1001 dae8f4ac4b forgot one 2024-01-08 23:48:45 +01:00
iceman1001 562faa8489 removed the inconsistency of both being a status value and length value 2024-01-08 23:40:45 +01:00
iceman1001 82aa6ac08c gave 14b commands some serious love and overhaul. package handling for APDU and different selects is improved. return codes now consequent 2024-01-08 21:17:42 +01:00
iceman1001 398803d930 adapt size of return messages in 14b 2024-01-07 22:34:08 +01:00
iceman1001 0c4a1066c1 text 2024-01-05 19:27:38 +01:00
iceman1001 b1a1ca8827 Revert "Release v4.17768 - Steamboat Willie" 
This reverts commit 57eeb712fd.
 2024-01-03 01:59:39 +01:00
iceman1001 57eeb712fd Release v4.17768 - Steamboat Willie 2024-01-03 01:59:39 +01:00
iceman1001 238572c337 style 2024-01-01 21:52:05 +01:00
iceman1001 21e54ba9b1 adjust 14b apdu which seems to trigger memory corruption device side 2024-01-01 21:49:32 +01:00
iceman1001 c54f6af925 code style, remove unneeded UID array allocations since we just dont use the UID later in those functions 2023-12-31 09:56:46 +01:00
iceman1001 3df5fb6d40 cleaned up style 2023-12-31 09:43:45 +01:00
iceman1001 873c1e57a3 cleaned up and reduced number of arrays used 2023-12-31 09:36:25 +01:00
iceman1001 f840dc810b made keytype instead of fixed keyB. would help in situations keyB is readable... 2023-12-31 09:35:42 +01:00
iceman1001 1f4f5febae adapt magic detection and textual output. Hf mf info - now uses found keys to send for magic detection 2023-12-30 23:08:58 +01:00
nvx 8f577ad963 Improved magic detection 
Magic detection no longer stops when a single type is found as cards may support multiple types of magic, so all detected types will be reported now.
GDM/USCUID chips are now detected when GDM magic auth is disabled but magic WUP (40 or 20) is enabled.
Gen2/CUID/DirectWrite is now detected when default keys and ACLs are used by attempting to write to block 0 but aborting before actually completing the write.
 2023-12-30 19:53:23 +10:00
nvx 33eaaa535f Changed hf_cardhopper standalone mode to allow running over the internal Proxmark3 USB-CDC serial port. 
This functionality can be enabled by adding the following to your Makefile.platform:
STANDALONE_PLATFORM_DEFS+=-DCARDHOPPER_USB
 2023-12-29 22:06:57 +10:00
iceman1001 0eea4e31c4 fiddling with thinfilm, which suffers in simulation 2023-12-18 22:18:21 +01:00
iceman1001 f8f135a3b7 style 2023-12-18 10:11:11 +01:00
iceman1001 1c8b2110bb reduce stack usage 2023-12-15 16:39:42 +01:00
iceman1001 20d95fa3ea remove some more parity arrays 2023-12-15 09:33:02 +01:00
iceman1001 30c7ce1335 wait until timeout 2023-12-15 09:22:35 +01:00
iceman1001 c210b370fe remove par 2023-12-15 09:13:20 +01:00
iceman1001 70520af03b style 2023-12-14 23:38:04 +01:00
iceman1001 6b9963b12a forgot to free the allocated memory 2023-12-14 23:37:37 +01:00
iceman1001 ab0ee92f57 the par[] array allocation was the root cause for the stack smashing. Making one static array to be reused across 14a functions took care of the issue.\nalso made the command allocation for ISO14 APDU sending a bigbuf allocation instead. Since nothing in the APDU has to do with EMULATOR memory etc. The trace log grows from start of bigbuff, allocations grows from end of bigbuff 2023-12-14 23:35:30 +01:00
iceman1001 95d1d5646f an attempt to reduce some stack memory. No need for the debug printing to be 512 bytes. Now limited to 200 chars 2023-12-14 23:29:43 +01:00
iceman1001 f4f832e121 style 2023-12-14 00:33:02 +01:00
iceman1001 ee1534103b make sure to turn off the antenna if entering this state 2023-12-14 00:31:09 +01:00
iceman1001 17ab86c52c make sure limit match up with the multiple of 4 bytes alignment 2023-12-14 00:30:15 +01:00
merlokk 2517e8b345 make style 2023-12-12 01:11:10 +02:00
merlokk 91892bc1bf add static encrypted nonce detection 2023-12-11 21:24:26 +02:00
merlokk ebe9d72cc2 set debug log level 2023-12-11 18:46:25 +02:00
iceman1001 97e2d7f026 changed "data num" to accept -r -i parameters where it will reverse or inverse the values.\nrenamed some util functions 2023-12-07 16:44:31 +01:00