RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-22 16:26:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
18079 commits 3 branches 14 tags 86 MiB
Commit graph

3582 commits

Author SHA1 Message Date
iceman1001 d608d85e3b felica... shouldnt print dbhexdump.. it should be on client side 2024-01-23 19:18:44 +01:00
iceman1001 2be0bd14ee revert change of DMA size 2024-01-23 19:17:45 +01:00
iceman1001 081ff216eb style 2024-01-23 15:28:50 +01:00
nvx da564aed3c Fix hf sniff 
This was broken in commit 17ab86c52 as the forced rounding up of
the size to 4-byte alignment in BigBuf_malloc made the size check
possibly larger than the buffer size as the check was always +3 on
the requested size rather than the rounded size. This was made
worse by BigBuf_max_traceLen not taking into account alignment
either and the alignmentn check in hfsnoop.c checking to 2 byte
alignment instead of 4 byte alignment.

The alignment size check now checks the size after alignment
rounding, and BigBuf_max_traceLen takes into account alignment
losses too reducing the need for BigBuf consumers to have to care
about alignment.
 2024-01-24 00:10:05 +10:00
Martijn Plak ebdd30e92c readmem (ARM): boundary check against end of addressable space 2024-01-23 08:41:53 +01:00
Martijn Plak e35385fde1 Adding processor flash memory reading, viewing and writing to file. 
Works when the device is running either osimage or bootloader.

- New memory reading command in osimage and bootloader.
- Extended 'hw readmem' command with length parameter, file writing and hex viewer.
- Introduced '--dumpmem' option to proxmark3 executable to support dumping from bootloader.

Simple interactive examples:
  hw readmem -f flashdump
  hw readmem -l 1024
CLI example:
  ./pm3 --dumpmem flashdump.bin

Reading from arbitrary memory ranges can be unlocked using the 'raw' option.
 2024-01-22 16:40:05 +01:00
iceman1001 22fd440c83 style 2024-01-18 16:41:13 +01:00
iceman1001 5e4796c57b remove some debug statements 2024-01-18 16:32:13 +01:00
PhaseLoop 32a55654c4 Merge branch 'master' into bruteforce-smart-mode 2024-01-16 20:35:59 +00:00
PhaseLoop dd859a2061 add smart bruteforce mode to MF Classic and EM4x50 2024-01-16 20:06:03 +00:00
iceman1001 3268621fe0 Lowered the initial wait, Heuristic decided. Might need to look at Picopass datasheet and verify :) 2024-01-16 16:21:45 +01:00
iceman1001 730cc21f08 fix the field is off check 2024-01-16 15:49:35 +01:00
iceman1001 acaaeea450 picopass uses a different CRC algo 2024-01-16 15:32:43 +01:00
iceman1001 2981dd94f7 had to keep track if the field is on or off on deviceside for 14b raw.\nAdded picopass ISO14443-B anticollision. It allows us to send raw packages over 14b. 2024-01-16 15:12:16 +01:00
iceman1001 5b31211971 style 2024-01-16 11:53:42 +01:00
iceman1001 70b4bee761 reworked the 14B comms. Uses NG packets now. Most raw / apdu / write / rd got some love 2024-01-16 11:37:13 +01:00
iceman1001 73843fd366 testing to extent DMA buffer to 768 bytes 2024-01-15 17:36:19 +01:00
iceman1001 ca21348ff6 text 2024-01-15 17:14:04 +01:00
Iceman 5db2276602
Merge pull request #2249 from nvx/cardhopper_improvements 
Multiple hf_cardhopper improvements
 2024-01-15 13:11:24 +01:00
iceman1001 4df743c2a0 style 2024-01-15 13:08:55 +01:00
nvx 1828358ab0 Multiple hf_cardhopper improvements 
Allow button presses to break
Handle non-zero CID from reader by relaying RATS to the card and improving PPS and WTX handling
More reliably cook ATS values
Ignore packets that look like they're coming from the client (NG packets)
 2024-01-15 22:05:30 +10:00
iceman1001 02f5e729ca added a new command "hf 15 wipe" which zeros out a card memory with writeblocks. Improved restore and wipe time. Also identified TI tags and their quirks. On device side when getting a error response from tag it doesnt care about eof package. So we send that one too. Which leads to a spurious package we ignore on client side. 2024-01-15 04:11:20 +01:00
iceman1001 36be4d9556 text and style for comparing 2024-01-15 01:14:58 +01:00
iceman1001 8d0b41a911 this commit fixes #2244 #2246 #1596 #2101. Its kind of a big refactoring and I most likely broke something. With that said. Now: HF 15 commands now uses NG packets, hf 15 raw support -k keepfield on and -s select, hf 15 dump/rdbl/rdmulti should handle blocksizes of 4 or 8, the error messages are unified and error handling the same. Some understanding how add_option impacts response message from card. A more clear separation between PM3 flags and ISO15693 protocol flags. 2024-01-14 14:23:51 +01:00
PhaseLoop 8e0e8e2240 Merge branch 'master' into bruteforce-smart-mode 2024-01-13 16:53:05 +00:00
iceman1001 e69b46f6f6 logging enabled for 14b readblock.\nsupport for tearoff in 14b adpu\nfixed a bug in 14b raw when adding crc\n raw command should now not touch reserved emulator memory when freed 2024-01-09 13:07:43 +01:00
iceman1001 1efb38ba98 fix hf 14b dump command not lock up every other call and modified the output. 2024-01-09 10:22:27 +01:00
iceman1001 dae8f4ac4b forgot one 2024-01-08 23:48:45 +01:00
iceman1001 562faa8489 removed the inconsistency of both being a status value and length value 2024-01-08 23:40:45 +01:00
iceman1001 82aa6ac08c gave 14b commands some serious love and overhaul. package handling for APDU and different selects is improved. return codes now consequent 2024-01-08 21:17:42 +01:00
iceman1001 398803d930 adapt size of return messages in 14b 2024-01-07 22:34:08 +01:00
iceman1001 0c4a1066c1 text 2024-01-05 19:27:38 +01:00
iceman1001 b1a1ca8827 Revert "Release v4.17768 - Steamboat Willie" 
This reverts commit 57eeb712fd.
 2024-01-03 01:59:39 +01:00
iceman1001 57eeb712fd Release v4.17768 - Steamboat Willie 2024-01-03 01:59:39 +01:00
iceman1001 238572c337 style 2024-01-01 21:52:05 +01:00
iceman1001 21e54ba9b1 adjust 14b apdu which seems to trigger memory corruption device side 2024-01-01 21:49:32 +01:00
iceman1001 c54f6af925 code style, remove unneeded UID array allocations since we just dont use the UID later in those functions 2023-12-31 09:56:46 +01:00
iceman1001 3df5fb6d40 cleaned up style 2023-12-31 09:43:45 +01:00
iceman1001 873c1e57a3 cleaned up and reduced number of arrays used 2023-12-31 09:36:25 +01:00
iceman1001 f840dc810b made keytype instead of fixed keyB. would help in situations keyB is readable... 2023-12-31 09:35:42 +01:00
iceman1001 1f4f5febae adapt magic detection and textual output. Hf mf info - now uses found keys to send for magic detection 2023-12-30 23:08:58 +01:00
nvx 8f577ad963 Improved magic detection 
Magic detection no longer stops when a single type is found as cards may support multiple types of magic, so all detected types will be reported now.
GDM/USCUID chips are now detected when GDM magic auth is disabled but magic WUP (40 or 20) is enabled.
Gen2/CUID/DirectWrite is now detected when default keys and ACLs are used by attempting to write to block 0 but aborting before actually completing the write.
 2023-12-30 19:53:23 +10:00
nvx 33eaaa535f Changed hf_cardhopper standalone mode to allow running over the internal Proxmark3 USB-CDC serial port. 
This functionality can be enabled by adding the following to your Makefile.platform:
STANDALONE_PLATFORM_DEFS+=-DCARDHOPPER_USB
 2023-12-29 22:06:57 +10:00
iceman1001 0eea4e31c4 fiddling with thinfilm, which suffers in simulation 2023-12-18 22:18:21 +01:00
iceman1001 f8f135a3b7 style 2023-12-18 10:11:11 +01:00
iceman1001 1c8b2110bb reduce stack usage 2023-12-15 16:39:42 +01:00
iceman1001 20d95fa3ea remove some more parity arrays 2023-12-15 09:33:02 +01:00
iceman1001 30c7ce1335 wait until timeout 2023-12-15 09:22:35 +01:00
iceman1001 c210b370fe remove par 2023-12-15 09:13:20 +01:00
iceman1001 70520af03b style 2023-12-14 23:38:04 +01:00
iceman1001 6b9963b12a forgot to free the allocated memory 2023-12-14 23:37:37 +01:00
iceman1001 ab0ee92f57 the par[] array allocation was the root cause for the stack smashing. Making one static array to be reused across 14a functions took care of the issue.\nalso made the command allocation for ISO14 APDU sending a bigbuf allocation instead. Since nothing in the APDU has to do with EMULATOR memory etc. The trace log grows from start of bigbuff, allocations grows from end of bigbuff 2023-12-14 23:35:30 +01:00
iceman1001 95d1d5646f an attempt to reduce some stack memory. No need for the debug printing to be 512 bytes. Now limited to 200 chars 2023-12-14 23:29:43 +01:00
iceman1001 f4f832e121 style 2023-12-14 00:33:02 +01:00
iceman1001 ee1534103b make sure to turn off the antenna if entering this state 2023-12-14 00:31:09 +01:00
iceman1001 17ab86c52c make sure limit match up with the multiple of 4 bytes alignment 2023-12-14 00:30:15 +01:00
merlokk 2517e8b345 make style 2023-12-12 01:11:10 +02:00
merlokk 91892bc1bf add static encrypted nonce detection 2023-12-11 21:24:26 +02:00
merlokk ebe9d72cc2 set debug log level 2023-12-11 18:46:25 +02:00
iceman1001 97e2d7f026 changed "data num" to accept -r -i parameters where it will reverse or inverse the values.\nrenamed some util functions 2023-12-07 16:44:31 +01:00
iceman1001 89bcdcddbc style 2023-12-06 22:42:16 +01:00
iceman1001 fdc1c9d864 text 2023-12-06 22:16:53 +01:00
Anonymous cdafe764f1 Merge branch 'unisniff' of https://github.com/hazardousvoltage/proxmark3 into unisniff 2023-12-03 08:46:26 -05:00
Anonymous 9b752c6ecb hf_unisniff: rename "ask" to "user" to avoid confusion with "ASK" sniffing 2023-12-03 08:44:06 -05:00
Iceman 56d957a689
Merge pull request #2192 from hazardousvoltage/unisniff 
Implement hf_unisniff, 14a/14b/15 sniffer with runtime selection and more save options
 2023-12-03 07:10:06 +01:00
wh201906 bb529a9077
Fix corrupted data caused by CMD_WTX 
No need to wait for 2.5s (1s + FPGA_LOAD_WAIT_TIME) if the real-time
sampling stops.
Make sure the LF bitstream is loaded before real-time sampling so the
response of CMD_WTX won't appear.
 2023-12-02 17:04:03 +08:00
Anonymous 322411c44f Implement hf_unisniff, 14a/14b/15 sniffer with runtime selection and more save options 2023-12-01 22:39:46 -05:00
iceman1001 a913b2c662 style 2023-12-01 10:59:18 +01:00
Iceman 17a93a3b1b
Merge pull request #2173 from wh201906/lf_sniff_clean 
Real-time LF sampling
 2023-12-01 10:54:10 +01:00
nvx 7b0ca43695 Fix iClass dump truncating the AA2 area and improve dump reliability by fixing cmd retry delays. 2023-11-26 19:04:54 +10:00
wh201906 3ee13c9ba6
Apply suggestions from @henrygab 
Check if memory allocation fails
Fix memory leak
Initialize struct in declaration
Add/Fix some notes
Remove unlikely() in favor of readability
Remove a hard-coded magic number
 2023-11-15 18:04:52 +08:00
Henry Gabryjelski 627cf6e3d5
Slow clock speed message update 
Signed-off-by: Henry Gabryjelski <henrygab@users.noreply.github.com>
 2023-11-14 01:52:02 -08:00
wh201906 ab9f49f86e
Some minor fixes 
Use longer timeout in WaitForRawDataTimeout() to handle CMD_WTX
Fix a wrong type
Apply changes to other similar part
Remove unused instructions
 2023-11-14 10:46:45 +08:00
wh201906 b4cc7c02cd
Real-time LF sampling mode on armsrc 2023-11-14 01:43:20 +08:00
wh201906 9e8b1ceda7
Reduce duplicate payload structure for lf read/sniff 2023-11-14 01:05:27 +08:00
Philippe Teuwen 4f9016814e Revert "Release v4.17511 - Faraday" 
This reverts commit 6e9df18de6.
 2023-11-13 10:19:09 +01:00
Philippe Teuwen 6e9df18de6 Release v4.17511 - Faraday 2023-11-13 10:19:09 +01:00
Philippe Teuwen 73db5cb912 style: missing include of own header 2023-11-11 18:24:34 +01:00
iceman1001 d137b74de7 missing 2023-11-06 23:19:46 +01:00
iceman1001 6653bffe00 coverity fixes 2023-11-06 22:58:14 +01:00
iceman1001 bf6f5518ac fix overflow (@wh201906) 2023-11-06 17:12:03 +01:00
wh201906 2d48e33a99
Some small fix 2023-11-06 18:45:10 +08:00
wh201906 85e38ddc38
Add --ms option in hw status 
To specify the timeout of connection speed test
 2023-11-06 16:35:43 +08:00
iceman1001 82e7830e5b style 2023-10-30 22:20:55 +01:00
yah01 9d07ee497c Improve lf sampling performance 
Signed-off-by: yah01 <yah2er0ne@outlook.com>
 2023-10-27 13:47:26 +08:00
iceman1001 5ae919d8ee since we split the image for iclass, every time we swap back to hf / mf commands there is a penalty for swapping fpga image. this fix some allow for fast simulation part 2023-10-18 20:43:52 +02:00
iceman1001 1f3cf80898 style 2023-10-18 20:34:35 +02:00
iceman1001 185da09e62 we use calloc 2023-10-18 20:20:55 +02:00
iceman1001 efac735bad added support for HID SAM picopass communications. Nasty array copying but does the trick. Will need refactoring. 2023-10-18 19:59:34 +02:00
iceman1001 14a0e0bc72 fix old length for sim module 2023-10-18 15:18:58 +02:00
Jean-Michel Picod 8cc7022604 Remove compilation error. 
Function is already declared (non-static) in armsrc.
Compiler was complaining about re-defining a non-static func by a static
one.
 2023-10-17 19:33:59 +02:00
PhaseLoop 4003ad72fe update 2023-10-16 19:19:30 +00:00
iceman1001 026cd7d53d style 2023-10-15 13:21:16 +02:00
iceman1001 0f9f5f116c text 2023-10-15 10:11:27 +02:00
iceman1001 0ff41fa652 style 2023-10-12 14:53:26 +02:00
iceman1001 ef348a2aa0 adapt a bit 2023-10-12 14:51:18 +02:00
iceman1001 7cec258349 minor adjustments to texts 2023-10-09 20:09:22 +02:00
iceman1001 4986959706 fix logic for epurse updates 2023-10-09 15:48:01 +02:00
iceman1001 7b3e84c0d6 better fix for the PAGEMAP issue 2023-10-09 15:14:53 +02:00
iceman1001 d41f0c394e hf iclass wrbl - the pagemap bit maps isnt the best to handle all four cases. This atleast fixes one issue with them 2023-10-09 15:04:49 +02:00