iceman1001
732fe340cb
fix: 'hf search' - 14a detection was wrong. thanks @doegox for point it out.
2017-12-08 22:27:55 +01:00
iceman1001
56dbf3ea15
chg: 'hf mf nack' - adjustments in return values..
...
add: 'hf 14a info -n' added new parameter, to enable test for nack bug.
2017-12-06 00:34:57 +01:00
iceman1001
9959d5c1e7
chg: emv commands should now compile. no testing done.
2017-11-25 08:18:30 +01:00
iceman1001
25b173ea20
chg: 'hf 14a reader' - @pwpiwi 7c8115b273
2017-11-10 22:55:33 +01:00
iceman1001
8b83db2c1b
ADD: 'hf 14a apdu' @merlokk
2017-11-10 20:47:31 +01:00
iceman1001
6b78a8711d
ADD 'hf 14a info' : new command (old reader command) (@merlokk)
...
This enables use ut get a 14a reader function, if you want to do all other tests, go for this new command.
2017-10-30 12:29:02 +01:00
iceman1001
ee1612870c
CHG: 'info' unified helptext.
...
ADD: 'hf 14a info' - skeleton function
2017-10-30 12:17:32 +01:00
iceman1001
fdf1566c23
FIX: 'hf 14a reader' - detection of magic refactored, all test now assumes turn on/off readerfield.
2017-10-30 12:01:34 +01:00
iceman1001
59fbf1e354
chg: don't blindly trust other ppls changes
2017-10-29 20:07:45 +01:00
iceman1001
76e139701a
chg: @merlokk 's minor adjustment to waitCmd
2017-10-29 19:26:34 +01:00
iceman1001
a4b4a1a9a2
FIX: iso-14443a RATS optional (piwi)
2017-10-01 22:06:06 +02:00
iceman1001
c5616dfe76
minor corrections..
2017-08-29 15:47:26 +02:00
iceman1001
9f54a5e4b9
fix 'hf 14a read' needs a disconnect if failed.
...
fix 'hf mf csave' now prints which card size it is trying to dump
2017-08-29 14:47:17 +02:00
iceman1001
f10cc4a3ae
FIX: 'hf 14a reader' - set timeout for waiting on response for inital call. This will enable the command not to get "stuck"
2017-08-29 14:37:09 +02:00
iceman1001
aa711b2d92
chg: 'hf 14a cuids' - now can be interrupted with keyboard press
2017-08-09 09:26:41 +02:00
iceman1001
f28da2da6e
monster merge...
...
all those changes marshmellow did.. and more...
2017-07-30 09:17:48 +02:00
iceman1001
a8569849d6
part of monstermerge..
2017-07-27 20:58:59 +02:00
iceman1001
fe5c33092d
ADD: 'hf 14a reader' - added Mifare Classic Ev1 1k/4k identification.
2017-07-16 10:18:19 +02:00
iceman1001
e8015142cd
fix: TRUE/FALSE -> bools
...
fix: 'iclass' filepath 255, to use FILE_PATH_SIZE
fix: unified params test
2017-07-14 20:54:11 +02:00
iceman1001
8bc17414fd
new coverity scan complains..
...
fix 'lf hitag' bit comparisions wrong
fix 'standalone mode' logically dead code
2017-07-07 15:45:40 +02:00
iceman1001
3ca3d401c0
FIX: some adjustments to prng detection
2017-07-04 20:11:25 +02:00
iceman1001
4d18909596
ADD: 'hf 14a read' - detection if found Mifare Classic tag has a weak or hardend PRNG. Thanks to @doegox for implementing it in nfc-tools/mfoc Its a beauty :)
2017-06-26 21:45:22 +02:00
iceman1001
f24edfec54
CHG: hf 14a read
- started to add a Magic tag gen2 detection. SKipping it for now. Can't decide to put in on deviceside or in client.
...
FIX: `lf read` - ophs.. it works again.
ADD: `lf em 4x05--` - added a chipset definition
CHG: better kali fix - from @pwpivi
2017-02-28 08:16:02 +01:00
iceman1001
8db18d2f15
ADD: hf 14a read
- now can detect the newer magic generation 1b. In output 1A (old version, where all hf mf c* commands works) 1B is the newer.
2017-02-27 19:18:38 +01:00
iceman1001
41611deef9
CHG: some of @marshmellow42 's ref: 2b11c7c750
...
CHG: `lf em 410x` - when demoded to all zeros, it wasn't printed so some noninitalized tags just gets a empty "found em410x tag" message. Hav'nt decided on how to go further with it.
2017-02-27 14:04:50 +01:00
iceman1001
2e8d938bef
ADD: 'hf emv' - from @peterfillmore emv fork. A bit cleaned up and moved around. Should compile
2017-02-05 21:56:47 +01:00
iceman1001
cf5a79de33
ADD: 'hf 14a read' - correct identify Aztek tags, instead of claiming it to be "not mfu".
2017-02-04 12:32:14 +01:00
iceman1001
4401050bcc
ADD: 'hf standalone 14a mode", added "mifare 4k" detection.
...
ADD: 'hf 14a sim' - added mifare 4k simulation.
2017-02-01 14:41:06 +01:00
iceman1001
84bdbc1917
FIX: 'hf 14a sim x' - adjusted and shows messages when verbose.
...
FIX: 'hf mf sim x i' - same as above.
In general we only use Moebius attack for "sim x", that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
2017-01-29 23:09:23 +01:00
iceman1001
2ce218042d
CHG: 'hf 14a sim e' - it now has a parameter for setfoundkeys to emulator memory.
...
CHG: textual changes.
2017-01-29 13:21:17 +01:00
iceman1001
3b875041dc
FIX: 'hf 14a reader' - when card SAK was 0x00, it calls GetHF14AMfU_Type() to try to identify if it is a UL/NTAG etc. The bug is that it ignored the return value.
...
when return_value == UL_ERROR, it shall not print the mfu tagtype annotation.
---faulty behavior
proxmark3> hf 14a reader
UID : 65 93 7f d1
ATQA : 00 04
SAK : 00 [2]
Tag is not Ultralight | NTAG | MY-D [ATQA: 00 04 SAK: 00]
TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
2017-01-11 22:00:17 +01:00
iceman1001
ba39db376c
CHG: just some parameter / variable name changes. Nuttin' special.
2016-10-28 16:37:01 +02:00
Michael Farrell
32beef538e
hf {14a,mf} sim: v is for verbose
2016-10-27 23:37:00 +11:00
Michael Farrell
dfdbfa0702
hf mf sim: Be less verbose by default, add option "m" to turn maths back on (Issue #45 )
2016-10-27 23:37:00 +11:00
Michael Farrell
53f7c75a38
hf 14a: Fix typos in manufacturer list
2016-10-22 14:24:17 +11:00
iceman1001
cd79d97223
CHG: syntax suger
2016-10-08 19:14:35 +02:00
iceman1001
3c6542087e
CHG: @ikarus23 removed all missleadning warnings for GCC6.1.1.
2016-09-26 21:38:19 +02:00
iceman1001
823ad2e186
CHG: minor code cleaning in 'hf 14a reader'
2016-08-10 16:24:49 +02:00
iceman1001
52eeaef568
CHG: moved a defince arraylen into util.h and changed to uppercase.
2016-08-04 21:54:11 +02:00
Pavel Zhovner
57eba86be6
Typo in hf 14a sim help
2016-05-26 20:10:03 +03:00
iceman1001
f7c1a934d0
CHG: "hf 14a sim" now uses mfkey32 and mfkey32_moebius as methods to retrive the key in attack_mode.
2016-04-18 13:20:17 +02:00
iceman1001
0194ce8fc8
ADD: simulating can now handle triplesized UID (10b)
...
CHG: moved some mifare #DEFINES into protocols.h (ACK,NACK..)
2016-04-14 11:09:17 +02:00
iceman1001
6fc68747f6
ADD: well, starting with a luascript for reading calypso tags, made me remake the 14b raw command on client and device side. Sorry @marshmellow42 , but this one broke your "hf 14b info" implementation. I fixed the "hf 14b read" and the hf search. So not to bad, but still a bit broken. The 14b raw device side is now very similar to 14a raw. Which is good. There is a Standard 14b 0x050008 detection and STmicroelectronic 0x0600 detection on deviceside. This removes a lot of code client side.
...
I also made the SRi read functions better by combining them. The demodulation / uart code should be the same as last summers changes. The device side code can now be even smaller.
2016-03-20 19:33:07 +01:00
iceman1001
a0f33b6682
CHG: started to clean up the crapto1 imp in client/nonce2key/ folder.
2016-01-19 17:22:18 +01:00
iceman1001
a429510647
REM: Removed #define llx PRIx64, all these defines are located in proxmark3.h
2016-01-19 16:29:07 +01:00
iceman1001
4c685ac887
FIX: Coverity, unintended sign extention, CID #121363 , (numbits << 16) becomes int, then uint64_t. But the signness might set all upper bits to 1 in the process.
2016-01-12 22:33:54 +01:00
iceman1001
28415b5d90
FIX: Coverity, unchecked return value, CID #121292,..
...
basicallty the flush queue commmand is replaced with clearCommandBuffer();.
2016-01-12 22:30:22 +01:00
iceman1001
c46ea881a4
FIX: coverty scan, resourceleak in "hf mf sniff", added call to 'free' befor return.
...
FIX: coverty scan, overflow in "hf 14a raw", added an extra len check against USB_CMD_DATA_SIZE
2016-01-08 14:30:56 +01:00
iceman1001
9332b857ff
ADD: @marshmellow42 's fixes for Q5, t55xx, fskclock,
...
ADD: got tired of always writing wrong "hf 14a list", so I hooked it back up to call the "hf list" with argument. Things becomes smoother that way.
2015-12-16 11:01:46 +01:00
iceman1001
0956e0dba5
FIX: an error that I introduced to the csetblock command with wrong length of crc calcs.
...
CHG: variable name in csetblock change. just trying to be consistant.
ADD: code clean up in hf 14a, added some help text methods.
2015-11-10 11:45:45 +01:00
iceman1001
c2731f37be
CHG: a major remake of the "hf mf c*" commands. Ie chinese magic tags. Tried to make them consistent in parameter calls and simplified. And fixed the annoying gen1 tags that answers with a ACK/NACK on HALT commands..
2015-11-09 21:46:15 +01:00
iceman1001
e98572a1e2
I just merged @marshmellow's branch "iclass" and that was a lot of new functionality. *great work*
...
Things like the ICLASS, tryDecryptWord,
--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation, start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written, which has a lousy input check..
2015-10-07 23:00:46 +02:00
iceman1001
7838f4beba
MERGED: @holimans changes
...
MERGED: @piwi changes
MERGED: @marshmellows changes.
I'm not even gonna try write up all that stuff..
ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32. It is also inside the "hf 14a sim" with the "x" parameter.
2015-07-22 23:00:52 +02:00
iceman1001
32719adfa1
ADD: added support for some NTAG/EV1 commands to "hf 14a sim" on device side.
...
0x1B (authenticate)
0x3a (fast read)
0x60 (get_version)
This is used in a new mode on client, "hf 14a sim t 7"
2015-06-14 22:40:18 +02:00
iceman1001
c3c241f389
CHG: moved a xor function into util.c
...
CHG: added some calls to clearCommandBuffer() in /hf mfu/hf 14a sim/hf mf sim/ commands.
CHG: minor adjustments to relative pathing.
2015-05-26 11:04:57 +02:00
iceman1001
46cd801c5a
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain.
...
MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file
CHG: added @marshmellow42 changes to hf mfu dump layout.
ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory.
ADD: expermimental call to "try32" for "hf mf sim x".
2015-05-25 13:10:55 +02:00
iceman1001
623db3559b
CHG: the new NTAG_i2c_1K enums, broke the uint16_t size.. Had to go up one level.
2015-05-20 19:26:11 +02:00
iceman1001
9cdd47c292
chg: @marshmellows changes to "hf 14a reader"
...
add: the experimental "hf 14a sim x" attack impl.
chg: sorry, but I never liked that sniffing was called snooping in this command. So I changed it to "sniff".
2015-05-16 15:30:17 +02:00
iceman1001
09c2a802a1
ADD: @holimans changes.
2015-05-05 00:31:02 +02:00
iceman1001
466bc4599c
CHG: fixed a better detection for Ultralight, Ultralight-C, Ultralight-EV1 tags.
...
--see https://github.com/Proxmark/proxmark3/issues/96
-- still todo, finding a good way of detecting Magic Ultralight-C tags.
-- thanks @marshmellow for pointing out proper UL-C tags responses is different.
2015-04-28 20:58:18 +02:00
iceman1001
abcb166ffe
ADD: a minor modification to "HF 14A READ" to enable the correct identification between ULTRALIGHT / ULTRALIGHT-C / ULTRALIGHT EV1 tags.
2015-04-24 18:19:51 +02:00
iceman1001
0ec548dc21
Merge branch 'master' of https://github.com/Proxmark/proxmark3
...
Conflicts:
armsrc/lfops.c
client/cmddata.c
client/cmdlf.c
client/cmdlft55xx.c
client/cmdlft55xx.h
client/scripts/test_t55x7_bi.lua
2015-03-24 11:45:31 +01:00
iceman1001
963fa1c2b8
FIX: minor correction of the command description for HF 14A RAW.
2015-03-11 22:43:49 +01:00
pwpiwi
04bc1c660b
fix: hf 14a raw was broken
...
(see http://www.proxmark.org/forum/viewtopic.php?id=2351 )
2015-03-11 20:19:30 +01:00
pwpiwi
19a700a8b5
hf 14a: if the tag supports it, set default timeout according to ATS
...
hf epa: remove explicit but arbitrary timeout settings
Bugfix: don't timeout when frame transmission has already started
2015-02-11 22:20:22 +01:00
iceman1001
df3e429d71
minor fix for a help in "hf 14a snoop"
2015-01-21 21:24:37 +01:00
iceman1001
5ee701292f
Step 2 - Ultralight / Ultralight-C
...
With this the Pentura Labs / Midnitsnakes's original ultralight / ultralight-c implementation is enhanced and move to its own file. cmdhfmfu.c
2015-01-20 21:23:04 +01:00
Martin Holst Swende
68033ed776
Fixed error when no match is found for uidmapping
2015-01-11 21:49:13 +01:00
iceman1001
79bf1ad2cc
ADD: Jonor's timeout patch for "Hf 14a raw".
...
minor code clean up
2015-01-07 23:23:17 +01:00
iceman1001
b915fda392
FIX: a solution for the issue "hf mf esave - always saves 4K"
...
FIX: a solution for the issue "hf eload, esave, cload, save - filepath variable too short"
CHG: minor code clean up.
ADD: AES / CRC16 for lua. (and tnp3xx scripts.)
ADD: tnp3dump.lua script to dump tnp3xx tags.
ADD: tnp3sim.lua script to let PM3 imitate an tnp3xx tag. Needs to be tested live
2015-01-07 22:00:29 +01:00
iceman1001
52ab55ab0d
ADD: added a lot of ic ids to cmdhf15.c Thanks to Asper for the list.
...
ADD: added a manufacturer list in "hf 14a reader", only viable when UID is double or triple size. Thanks to Asper for the list.
ADD: detect chinese magic backdoor commands in "hf 14a reader"
CHG: minor code clean up.
2015-01-07 21:06:15 +01:00
iceman1001
3fe4ff4f03
CHG: generic code clean up. Removal of commented code.
...
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD: tnp3xx support
ADD: nxp tag idents.
ADD: identifiction of chinese backdoor commands to hf 14a reader.
2015-01-05 15:51:27 +01:00
Martin Holst Swende
4c3de57ad2
Reworked how 'hf 14a list' and 'hf iclass list' works, to use the same method. Now. use 'hf list 14a' and 'hf list iclass' instead. Plus, the output is now annotated (although the annotation-engine could use a bit more love from someone more familiar with the available commands
2015-01-04 21:22:54 +01:00
pwpiwi
52bfb95543
bugfixes in iso14443a.c and hf 14a reader
...
- introduced with the big frame and parity support (commit 6a1f2d82
): tag responses with len%8 == 0 were dropped - thanks iceman for testing and finding
- after unsuccessful hf 14a reader the field stayed on. Thanks to iceman for proposing the fix.
2014-12-23 11:21:42 +01:00
pwpiwi
545f203826
adapted hf iclass list to new trace format
2014-12-20 21:32:44 +01:00
pwpiwi
f10bf20c6c
Format hf 14a list output for bigger frame sizes
2014-12-18 19:39:16 +01:00
pwpiwi
6a1f2d82bb
bugfixes iso14443a (hf 14a commands)
...
- buffers were too small to handle 256 byte frames
- parity bits were only handled for up to 32 byte frames
- trace format was inefficient
- removed parity calculation from decoders in iclass.c (parity not used on air anyway)
2014-12-16 07:41:07 +01:00
pwpiwi
9a573554e0
minor bugfix and enhancement to hf 14a reader
...
- "SAK incorrectly claims ... " message was displayed incorrectly
- now decodes FSCI, SFGI, FWI and displays FSC, SFGT, FWT resp.
2014-07-15 08:35:27 +02:00
pwpiwi
19d6d91fd5
hf 14a reader enhancement
...
In order to be able to distinguish between Mifare Classic and Mifare Plus
in Security Level 1 (SL1, Mifare Classic Compatibility Mode), hf 14a reader
now always tries RATS - even if SAK claims not to support ISO14443-4.
2014-06-30 08:21:50 +02:00
pwpiwi
72b1090acf
Bugfixes:
...
- Byteorder was wrong when displaying ATQA in hf 14a read
- 7 Byte UIDs were truncated to 4 Bytes when displaying in hf 14a cuids
2014-06-26 07:57:49 +02:00
micki.held@gmx.de
7bc95e2e43
- fixed iso1443a ManchesterDecoder in order to fix broken Snoop/Sniff
...
- enhanced tracing: hf 14a list now shows meaningful timing information. With new option f it also shows the frame delay times (fdt)
- small fix for hf 14b list - it used to run into the trace trailer
- hf 14a sim now obeys iso14443 timing (fdt of 1172 or 1234 resp.)
Note: you need to flash FPGA as well.
More details in http://www.proxmark.org/forum/viewtopic.php?pid=9721#p9721
2014-02-19 20:35:04 +00:00
micki.held@gmx.de
e691fc45bc
- improved reader sensitivity for 14443a cards (FPGA change!)
...
- implemented ISO 14443A anticollision loop
See http://www.proxmark.org/forum/viewtopic.php?id=1797 further details
2013-11-19 18:52:40 +00:00
roel@libnfc.org
f66021cf48
fixed compiler warnings
2013-10-03 14:36:42 +00:00
martin.holst@gmail.com
5f6d6c9003
Raw 14a in commandline, patch by jonor, see http://proxmark.org/forum/viewtopic.php?id=1751 for more info
2013-09-28 19:28:55 +00:00
roel@libnfc.org
125a98a110
fixed stupid 64-bit formatting for x86/amd64 and unix/windows
2013-02-28 22:22:24 +00:00
roel@libnfc.org
28fdb04fd8
Finally, rewrote bootrom and flasher program, much faster now
2013-02-28 15:11:52 +00:00
roel@libnfc.org
79a73ab2d1
fixed USB GPIO bug reported by gregy, and fixed 'hf 14a reader' command
2013-02-27 13:23:38 +00:00
roel@libnfc.org
902cb3c00b
major USB update
2012-12-04 23:39:18 +00:00
roel@libnfc.org
db09cb3adb
MAJOR update, added hitag2 reader, emulation and eavesdropping, lots of new code, including FPGA tweaks
2012-09-18 13:52:50 +00:00
frederikmoellers@aol.de
5acd09bdfb
Basic support for EAC documents (e.g. German Identification Card)
...
-new files armsrc/epa.[ch] for ePA (electronic "Personalausweis") related functions
-Offers elementary functions (EPA_PACE_MSE_Set_AT etc.)
-Also offers one new USB command: EPA_PACE_Collect_Nonce
-created new command subtree in client: client/hfepa.[ch] ("hf epa")
-offers "hf epa cnonces" (collect encrypted PACE nonces)
-more to come
2012-08-28 21:39:50 +00:00
frederikmoellers@aol.de
db22dfe6ff
-Added .history to the svn:ignore property
...
-Added "hf 14a cuids" command to collect multiple ISO14443-A UIDs from one card in a batch
-The command takes one parameter (the number of UIDs to collect)
-This can be useful to analyze the RNGs of cards that generate random UIDs (e.g. MRTDs)
2012-08-14 14:56:09 +00:00
dn337t@gmail.com
561f7c11ef
added dissector for ISO 14443-A ATS response
2012-07-25 16:19:56 +00:00
Merlokbr@gmail.com
5cd9ec01e0
hf 14a snoop optimized and added parameters. hf 14a sniff - not work.
2012-07-07 15:29:51 +00:00
roel@libnfc.org
81cd0474cb
fixed a lot of simulation issues
2012-06-29 10:24:05 +00:00
W8M2Hg9lLmWqXSGC
713e7ffbc7
Added / modified SAK descriptions.
2012-02-05 09:30:08 +00:00
Merlokbr@gmail.com
23487cd23c
1. update SAK
...
2. ratte's fix. http://www.proxmark.org/forum/viewtopic.php?id=979
2011-11-04 12:35:00 +00:00
Merlokbr@gmail.com
9ca155ba44
0. its alpha version!!!
...
1. commands changed from "hf 14a" to "hf mf"
2. some code cleaning and small bugfixes
3. alpha version hf mf sim
4. added internal function GetTickCount() for time measuring
2011-06-10 13:35:10 +00:00
Merlokbr@gmail.com
f397b5cc87
1. fixed hf 14a mifare. added functionality to ignore one Nt
...
2. completed hf 14a nested
3. added hf 14a chk to check keys
5. added check keys to hf 14a mifare and hf 14a nested
6. added debug level to mifare commands
7. small bugs and improvements
2011-06-07 12:35:52 +00:00
Merlokbr@gmail.com
50193c1e3e
1. small bugfix in hf 14a mifare
...
2. now in cmd hf 14a mifare - blinks LED_C
3. bugfix in readblock
2. bugfix in USB CommandReceived
3. small improvements
2011-06-01 14:12:11 +00:00
Merlokbr@gmail.com
f89c705002
improved version of "hf 14a mifare" command
...
with merge with utility nonce2key
2011-05-31 11:31:20 +00:00