RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-14 03:03:14 +08:00
Code Issues Projects Releases Packages Wiki Activity
2905 commits 3 branches 15 tags 87 MiB
Commit graph

910 commits

Author SHA1 Message Date
iceman1001
1bfbe92a53 FIX: coverity scan found some bugs in EMV code. These are the fixes to: 
-CID 141293 - missing va_end call
  -CID 141290 - return var not always given a value
  -CID 141289 - array out of bounds write. off by one.
  -CID 141288 - dead code because of CID 141287
  -CID 141287 - wrong mask
  -CID 141286 - wrong mask value
 2017-02-15 02:44:34 +01:00
iceman1001
573e8d72c7 FIX: 'EMV compiling' - Makefiles are very picky about how things are done. its parser is a bit paranoid. So, to make things easier and more correct. 
- armsrc/Makefile          when commenting out functionality,  move it below the comment otherwise APPS_CFLAG breaks to early.  See WITH_LCD
  - common/Makefile.common   enable / disable EMV,  uncomment two lines.  then make clean && make all.  flash,   MIGHT NOT work on 256kb devices

FIX: missing break in appmain.c made it go to iclass function..
 2017-02-13 15:32:48 +01:00
iceman1001
4c8fe2e976 CHG: some minor adjustments. 2017-02-13 11:06:30 +01:00
iceman1001
ff9c043da2 FIX: T5555/Q5 datarate when used in "Q" parameter, consequential fix in lf commands. (RF-2/2) ie: ((64-2)>>1) 
ADD: Marshmellow42 's timing fixes for em4305.
 2017-02-13 10:58:28 +01:00
iceman1001
cb1ba30a5e FIX: first attempt to clean up EM4x50 commands. 
- `lf em4x readwordPWD` merged into `lf em4x readword` See help text
 - `lf em4x writewordPWD` merged into `lf em4x writeword` See help text

 - `lf em4x readword` now download the collected signal data after command.

On device side the lfops.c has gotten some love. Code cleaner,  increased EM_START_GAP from 55 FC to 56 FC, because of how our microsecond(us) clock works with 21.3us increments.

TODO: `lf em4x em4x50read` needs to be factored to use @marshmellow42 's  ASKdemod instead of trying to do itself.
 2017-02-07 22:26:06 +01:00
iceman1001
5ed5e418c9 CHG: testing to set 460800 baudrate as default, if it fails, go to 115200 baudrate. For Linux/Win. Works great in my environments. 2017-02-06 02:33:08 +01:00
iceman1001
1903696e2a chg: uncomment -DWITH EMV to compile for EMV. 2017-02-06 00:57:31 +01:00
iceman1001
60ca588725 syntax sugar 2017-02-06 00:51:06 +01:00
iceman1001
d627a2fd8c FIX: commented code screws up notepad++ groupings. 2017-02-06 00:50:37 +01:00
iceman1001
a32e8034e0 FIX: get rid of de-referecing pointer warnings. 2017-02-06 00:49:32 +01:00
iceman1001
6a1687cc3e ADD: 'hf emv' - forgot to add some file 2017-02-05 22:16:50 +01:00
iceman1001
3e83ff2159 CHG: '-DWITH_EMV' - fixing some compilation errors when compiling with peter fillmore's emv code. Warning a 256kb Proxmark3 device will only have 7% memory left if you enable this 2017-02-05 21:09:36 +01:00
iceman1001
a330987de1 CHG: 'lf cotag demod' - now finds FC/CN Thanks to @marshmellow42 
CHG:  'lf search' - now detects COTAG
 2017-02-02 19:15:36 +01:00
iceman1001
5f5b83b743 ADD: 'lf cotag read' - COTAG can be read now. 2017-02-02 15:32:21 +01:00
iceman1001
4401050bcc ADD: 'hf standalone 14a mode", added "mifare 4k" detection. 
ADD: 'hf 14a sim' - added mifare 4k simulation.
 2017-02-01 14:41:06 +01:00
iceman1001
507afbf3e6 CHG: 'lf cotag read' - it now follows "lf config" settings when collecting signaldata. 2017-02-01 14:11:11 +01:00
iceman1001
d760c7b3d9 FIX: 'standalone_14a mode' - cleaned up the standalone14a mode code. It now detects and simulates 4,7byte uids, like it should. code refactored to be easier to understand. 2017-02-01 14:09:26 +01:00
iceman1001
16cfceb689 CHG: rename a local scope variable "data"->"cmd" 
CHG: call params to selectcard too few
CHG: 'standalone HF mode' - when copying second UID onto data array,  it should append after first one, not over the first one.
ref: https://github.com/iceman1001/proxmark3/issues/77    Lets see if this fixes the HF part of this issue
 2017-02-01 12:50:54 +01:00
iceman1001
b828a4e168 CHG: 'lf snoop' - now automatically downloads samples after finished. (annoying step to do over and over) 
FIX: 'lf snoop'      - now turns of LF antenna after snoop.
FIX: 'lf cotag read' - now waits until the ACK cmd arrives before downloading samples.
 2017-01-31 16:11:57 +01:00
iceman1001
84bdbc1917 FIX: 'hf 14a sim x' - adjusted and shows messages when verbose. 
FIX: 'hf mf sim x i' - same as above.

In general we only use Moebius attack for "sim x",  that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
 2017-01-29 23:09:23 +01:00
iceman1001
7e735c1398 FIX: 'hf 14a sim x' - this fixes the error with using moebius attack and sim. Updating the nonce variable doesn't change the premodulated response. And it should update everytime it gets a command. One concering issue is that this takes time. Successfully works with two PM3. One acting reader, another sim. 2017-01-29 11:29:15 +01:00
iceman1001
e99acd00cc CHG: the mifare Auth command can make use of a random nonce aswell. 
CHG: since sim commands are timing critical, I'm testing a smaller prand prng function from Intel
 2017-01-29 10:41:48 +01:00
iceman1001
4653da4331 ADD: lf cotag - added first try at basic functionality to read samples from Cotag. In lfops.c is the startup sequence that needs to be tested out. 2017-01-27 10:49:34 +01:00
iceman1001
74dde713b1 CHG: should remove the OSX linker warning: ld: warning: directory not found for option '-L/opt/local/lib' 2017-01-26 21:13:17 +01:00
iceman1001
2d3f8e5fa7 ADD: some defines to make headerfiles behave better. 
CHG: syntax sugar
 2017-01-26 14:23:05 +01:00
iceman1001
bf5d7992ce ADD: @micolous random nonce, adjusted to fit in. Icemanfork only uses Moebius attack, so no need for an extra parameter in client. 
ref: https://github.com/Proxmark/proxmark3/pull/209
 2017-01-26 14:21:51 +01:00
iceman1001
de39bf505a CHG: moved some from THUMB to ARM.. Looks like usb communication became bad. 2017-01-25 13:00:49 +01:00
iceman1001
0ccf8adac4 CHG: moved to header file 2017-01-25 00:34:00 +01:00
iceman1001
53d5dc643f CHG: fiddled with the headerfiles... and makefile... Tried to make them behave nice. So it isnt a hell to add new functions from third-party (like des, aes etc) 
Added a lot of #ifndef ,   extern C,
Move inside from ARMSRC -> THUMBS,  which made the compiled image smaller.. I don't know if it broke anything.
Moved MF_DBGLEVEL definitions into common.h
Moved print_result from util.c into appmain.c
Also split up some struct typedef  into header files so they could be reused in other code places.

''' danger '''  this might have broken stuff...
 2017-01-25 00:33:03 +01:00
iceman1001
0de81725ed syntax sugar 2017-01-21 11:34:33 +01:00
iceman1001
0f7279b22d syntax sugar 2017-01-21 11:33:14 +01:00
iceman1001
7dcd37fc2e chg: moved to header file 2017-01-21 11:29:16 +01:00
iceman1001
0062cc1ca1 removed unneeded include 2017-01-21 11:21:05 +01:00
iceman1001
5b749dcb0e CHG: moved to header file 2017-01-21 11:20:26 +01:00
iceman1001
8be98f12e9 syntax sugar 2017-01-21 11:07:44 +01:00
iceman1001
897a14c36f CHG: moved to header file. common.h has RAMFUNC definition 2017-01-21 11:06:48 +01:00
iceman1001
3c345a41b2 chg: moved to header file 2017-01-21 10:35:59 +01:00
iceman1001
8ce95353de CHG: moved to header file 2017-01-21 10:34:00 +01:00
iceman1001
405944a0ac CHG: moved to header file 2017-01-21 10:31:54 +01:00
iceman1001
5e1de05ab0 chg: moved to header file 2017-01-21 10:29:49 +01:00
iceman1001
0eea62d4c3 CHG: moved to header file 2017-01-21 10:29:21 +01:00
iceman1001
15d4bf3e78 CHG: moved to header file 2017-01-21 10:28:14 +01:00
iceman1001
e04f23fabf CHG: moved to header filer 2017-01-21 10:27:06 +01:00
iceman1001
995c94dc03 CHG: moved to header file 2017-01-21 10:25:29 +01:00
iceman1001
00e524aaf5 CHG: moved to header file 2017-01-21 10:24:06 +01:00
iceman1001
69784c3801 ADD: 'lf search' - added @marshmellow42 's hitag2 identification 2017-01-20 10:09:06 +01:00
iceman1001
9aeda6cbfb FIX: coverity scan error CID 121781, unused value. error 0x88 will be overritten by 0x00 directly. Don't know if this 0x88 will bug stuff out.... *wildside commit* 2017-01-19 20:21:21 +01:00
iceman1001
10493a0f19 CHG: fix covertyscan error CID 133851, Cardstate can't not be SIM_NOFIELD when it arrives to that switch statement. 2017-01-19 20:18:21 +01:00
iceman1001
42c235e7ef ADD: T55XX_WRITE_TIMEOUT to make sure all WaitForResponseTimeout for t55xx behaves the same. 
CHG:  removed some "DONE!" device prints..
CHG:  unified some "clone" commands output.
 2017-01-18 22:54:27 +01:00
iceman1001
1c07ca92c3 CHG: removed a delay in readblock 2017-01-16 22:38:31 +01:00
iceman1001
81b7e89434 CHG: lowered the number of bytes collected for T55xxReadBlock. Was 12000 -> 7679 
CHG: added some documentation about what arguments does.
CHG: 'data tune' - added flush after printf.
 2017-01-16 21:06:51 +01:00
iceman1001
aed36ae5bd ADD: 'install.sh' blacklist rules installed aswell. run as root to install. 2017-01-16 15:02:10 +01:00
iceman1001
f133389866 CHG: download data from device to client, make a debugstatment when send command failed. 2017-01-16 14:48:26 +01:00
iceman1001
701ad7cb3a chg: syntax sugar 2017-01-11 23:11:55 +01:00
iceman1001
dd83c4572b CHG: coverity complains about not reading the value from mifare_send_short 
CHG: ubuntu 14.04 gcc4.8.4 complains about mem_avail still. Don't know why.
 2017-01-09 22:15:36 +01:00
Iceman
6fe5fe8d52 LF sim 
`lf sim` - use config values for setting the frequency.
 2016-12-25 15:25:33 +01:00
iceman1001
55db344f97 CHG: used @marshmellow42 's version to fix lf continuous demod problems. 2016-12-19 16:04:27 +01:00
iceman1001
e4b65f5bc1 CHG: mental note to self, capslock is bad. 2016-12-19 12:53:38 +01:00
iceman1001
61d36d3695 FIX: 'LF IO FSKDEMOD' - no call to turn of the antenna when exit 
Thanks to @samyk

https://github.com/Proxmark/proxmark3/issues/203
 2016-12-19 12:51:21 +01:00
iceman1001
501c666b10 FIX: 'lf hid fskdemod' - no turning of the antenna afterwards. 
FIX: 'CMD_AWID_DEMOD

Thanks to @samyk
ref: https://github.com/Proxmark/proxmark3/issues/203
 2016-12-19 12:48:27 +01:00
iceman1001
f7e98f1fb6 FIX: 'iclass write' 2016-12-07 17:43:13 +01:00
iceman1001
5b8167fb97 FIX: 'iclass write' 
thanks to prof_abrasive && go_tus
ref:  http://www.proxmark.org/forum/viewtopic.php?id=4033
 2016-12-07 17:07:23 +01:00
iceman1001
77f3f9ff5c CHG: "hf mf hardnested" device side should empty bigbuff? 2016-11-16 17:44:08 +01:00
iceman1001
5fba8581f4 CHG: the reset of pcb_num should be before untraditional tags return. 2016-11-16 17:43:08 +01:00
iceman1001
0b53530a10 CHG: "hf mf hardnested" disabled the tracelogging on deviceside during nonce acquiring. 2016-11-07 22:42:57 +01:00
iceman1001
325f26e25d CHG: removed unused variable 2016-11-03 15:15:25 +01:00
iceman1001
3a051ec10b CHG: don't consider the respons at all when sending the HALT command. 2016-11-03 15:00:17 +01:00
iceman1001
d209443322 CHG: 'HF MF C*' (chinese backdoor commands) According to douniwan5788 some magic/clone tags answers to the halt cmd and some not. I think I captured his ideas. 
ref: 13b71e58fd
 2016-10-28 20:43:07 +02:00
iceman1001
30daf914ce FIX: looping logic error, doesn't need to increase with 1, if we do 8 checks every turn... 2016-10-28 13:06:34 +02:00
Michael Farrell
b6e05350b2 hf mf sim: Multiple fixes (iceman1001/proxmark3 #45) 
- Fix `hf mf sim` to use nonce_t structures, so key recovery works
- Increases verbosity on the key recovery functionality
- Fix use-after-free for k_sector
- Add help info on `e` option to `hf mf sim`
 2016-10-22 21:53:53 +11:00
iceman1001
2dcf60f3df CHG: "hf mf hardnested" - less printing 
CHG: some filehandles = NULL.
 2016-10-21 16:06:53 +02:00
iceman1001
67cd89033c CHG: experimenting with 'lf sim' It does send a signal now but... 2016-10-20 17:31:58 +02:00
iceman1001
c528cf3989 TEST: see if the readerfield is needed. 2016-10-20 01:52:26 +02:00
iceman1001
c50259b36a CHG: added a quitting message 2016-10-20 01:13:18 +02:00
iceman1001
8fd25db30c CHG: move the call to fpga_bitstream_lf, in order to save the uploaded data from the client. Changing bitstream wipes bigbuffer. 2016-10-20 01:06:17 +02:00
iceman1001
3b5aab1875 CHG: updated some comments. I still think I don't understand this code 2016-10-20 00:42:17 +02:00
iceman1001
f4d7d1fed1 CHG: removed CLOCK2, since its not used in the code. 2016-10-20 00:40:56 +02:00
iceman1001
f0a96745d0 CHG: the AT91C_BASE_PMC->PMC_PCER has a tendecy to be clear when set with "=", but my tickstimer also needs it, so I made it optional now. 2016-10-20 00:40:24 +02:00
iceman1001
49065576ad FIX: lf sim, seems like "lf sim" call SimulateTagLowFrequency direct from appmain.c and I removed the LF bitstream call thinking SimulateTagLowFrequency was only called from the sub FSK;ASK;PSK commands. 2016-10-20 00:39:15 +02:00
iceman1001
8fd0a564e5 CHG: removed unused clocks, 
CHG: now uses the DEFINEs instead. a bit clear
CHG: xor in the clocks,  should allow for co-exist with SSP clock.
 2016-10-19 21:26:29 +02:00
iceman1001
8255e1a685 CHG: just changed the comment. 2016-10-19 21:25:04 +02:00
iceman1001
29ff374e5d CHG: TI code did have the tickstimer started. 2016-10-19 21:24:20 +02:00
iceman1001
c3fc86d9af CHG: Xoring in the value allows for the ticks timers to co-exist. Or that is the idea. 2016-10-19 21:23:03 +02:00
iceman1001
4460be68c3 FIX: "lf sim" after changes to ticks timers on device side, there was a "starticks" call missing, which lead to not having any timers which is a problem for the WaitUS call. 2016-10-19 19:59:58 +02:00
iceman1001
b069fb8bba syntax suger 
and forgot to add method declaration to headerfile
 2016-10-14 15:47:40 +02:00
iceman1001
c7b4bcc4ab CHG: syntax suger 2016-10-10 21:53:44 +02:00
iceman1001
f8ff1483eb CHG: "hf legic sim" old imp, uses two timers, we have one. I'm seriously starting on thinking about a UART instead, to read the dmabuffer. If only I knew howto. 2016-10-10 21:52:58 +02:00
iceman1001
c2723575de CHG; added an option wither or not to clear emulator mem on init 2016-10-09 18:24:51 +02:00
iceman1001
539fd59ebe CHG: "hf legic write" - now writes on the limits better. 
CHG: "hf legic restore" - now restors :)
CHG: "hf legic rdmem" - now has a nice offset row above the read data.  try:  'hf legic rdmem 0 100'
 2016-10-09 15:41:31 +02:00
iceman1001
cd79d97223 CHG: syntax suger 2016-10-08 19:14:35 +02:00
iceman1001
8ddfbc34dc CHG: the call to TurnReadLFOn has a delay / number as parameter. Seems to be gone. 
FIX:  fixes to EM4050 code since when I changed the timer.  It should work nice now.
 2016-10-08 19:12:51 +02:00
iceman1001
7e7d3de5fa FIX: looks like "hf legic write" works again! 2016-10-07 23:07:59 +02:00
iceman1001
4409bf6ef3 CHG: "hf legic write" with these I managed to get one byte written. Its a start. 2016-10-07 22:16:38 +02:00
iceman1001
715bed5023 CHG: adjustments to 3.6ms 2016-10-07 21:28:09 +02:00
iceman1001
c2ab5e8c4e FIX: "hf list legic" annotation now correct prints byte and value for "legic write" command 2016-10-07 20:23:57 +02:00
iceman1001
e4d57949df FIX: wrong log bytes... 2016-10-07 19:15:08 +02:00
iceman1001
b816886806 FIX: one send command bug fixed. Turns out that uint16_t is too small for 21/23bits size. Who figured? 2016-10-07 19:11:38 +02:00
iceman1001
27c4a862f6 FIX: unused variable removed. 
CHG: start remaking the used timers in "Hf legic write"
 2016-10-07 12:23:07 +02:00
iceman1001
f0fa663814 CHG: "hf legic write" got a make over in how its called. Now called with 'offset' and 'data' 
'hf legic write o 10 d 11223344'  -  this will write 4 bytes (0x11,0x22,0x33,0x44) to tag from offset 10 (0x0A)
 2016-10-07 11:58:14 +02:00
iceman1001
e4a8d1e2ac CHG: started the process of fixing "hf legic write" and "hf legic sim" commands. 2016-10-07 00:15:47 +02:00