- lf t55xx brute (tries bruteforcing a range of pwds
- lf t55xx chk (uses dictionary file or RDV4 flashmem)
FIX: adjust lf sim (@marshmellow42) see 7008cf9c15
"attempt to speed up the loops waiting for carrier signal to go high or low
by only checking for a halt (button press or usbpol) every 256th loop
iteration. some users were experiencing modulating reactions to be too slow.
ADD: 'lf t55xx chk'
It uses @marshmellows42 idea behind commit (6178b085a0)
With calculating a baseline (read block0 32times and average the signal-ish) and sampling only 1024 signal data. The algo then proceeds to calc the average and keep track of the candidate which is given the most difference in signal data average value. I do some squaring and shifting for this.
The candidate is then send back to client to be tested properly with trymodulation like before.
This seems to work good on t55xx card which has a ASK configuration.
WORK-IN-PROGRESS
ADD: raw commands - added the basis for sending RAW commands to FeliCa.
CHG: CRC16 rework, uses table based implementation. This will change more functions as I go on.
https://github.com/federicodotta/proxmark3
--adjusted to fit iceman fork and latest enhancements to LF
(untested)
FIX: some calls to deviceside demods, use 0 instead of reference.
ADD: timeout after n cycles of simulating
Using a dictionary file with 421keys,
Current implementation of checkkeys takes 300 sec.
This implementation of checkkeys takes 250 sec.
I implemented it as a separate command so it will be easier to compare between the old and new checkkeys.
Its also doing much on deviceside, which is a step to much funnier standalone modes :))
fix: 'hf mf hardnested' test cases doesn't need to verify key.
add: 'hf mf ' - collect nonces from classic tag.
chg: switch_off on armside, a more unified way, so we don't forget to turn of the antenna ...
chg: renamed 'hf iclass snoop' into 'hf iclass sniff' in an attempt to make all sniff/snoop commands only SNIFF
chg: 'standalone' -> starting the work of moving all standalone mods into a plugin kind of style, in its own folder.
- `lf em4x readwordPWD` merged into `lf em4x readword` See help text
- `lf em4x writewordPWD` merged into `lf em4x writeword` See help text
- `lf em4x readword` now download the collected signal data after command.
On device side the lfops.c has gotten some love. Code cleaner, increased EM_START_GAP from 55 FC to 56 FC, because of how our microsecond(us) clock works with 21.3us increments.
TODO: `lf em4x em4x50read` needs to be factored to use @marshmellow42 's ASKdemod instead of trying to do itself.
Added a lot of #ifndef , extern C,
Move inside from ARMSRC -> THUMBS, which made the compiled image smaller.. I don't know if it broke anything.
Moved MF_DBGLEVEL definitions into common.h
Moved print_result from util.c into appmain.c
Also split up some struct typedef into header files so they could be reused in other code places.
''' danger ''' this might have broken stuff...
I also made the SRi read functions better by combining them. The demodulation / uart code should be the same as last summers changes. The device side code can now be even smaller.
