iceman1001
ff9c043da2
FIX: T5555/Q5 datarate when used in "Q" parameter, consequential fix in lf commands. (RF-2/2) ie: ((64-2)>>1)
...
ADD: Marshmellow42 's timing fixes for em4305.
2017-02-13 10:58:28 +01:00
iceman1001
c7ea35a9fb
chg: textual changes
2017-02-07 22:29:24 +01:00
iceman1001
464f6dc571
CHG: lf hid wiegand
got some love. Still not correct.
2017-02-07 22:27:28 +01:00
iceman1001
bd94b97883
CHG: syntax sugar
2017-02-07 22:26:42 +01:00
iceman1001
cb1ba30a5e
FIX: first attempt to clean up EM4x50 commands.
...
- `lf em4x readwordPWD` merged into `lf em4x readword` See help text
- `lf em4x writewordPWD` merged into `lf em4x writeword` See help text
- `lf em4x readword` now download the collected signal data after command.
On device side the lfops.c has gotten some love. Code cleaner, increased EM_START_GAP from 55 FC to 56 FC, because of how our microsecond(us) clock works with 21.3us increments.
TODO: `lf em4x em4x50read` needs to be factored to use @marshmellow42 's ASKdemod instead of trying to do itself.
2017-02-07 22:26:06 +01:00
iceman1001
5ed5e418c9
CHG: testing to set 460800 baudrate as default, if it fails, go to 115200 baudrate. For Linux/Win. Works great in my environments.
2017-02-06 02:33:08 +01:00
iceman1001
6a1687cc3e
ADD: 'hf emv' - forgot to add some file
2017-02-05 22:16:50 +01:00
iceman1001
2e8d938bef
ADD: 'hf emv' - from @peterfillmore emv fork. A bit cleaned up and moved around. Should compile
2017-02-05 21:56:47 +01:00
iceman1001
3e83ff2159
CHG: '-DWITH_EMV' - fixing some compilation errors when compiling with peter fillmore's emv code. Warning a 256kb Proxmark3 device will only have 7% memory left if you enable this
2017-02-05 21:09:36 +01:00
iceman1001
e772774ba1
chg: more debug statements to find sending errors
2017-02-04 15:02:36 +01:00
iceman1001
3f84d47369
ADD: 'lf search' - @marshmellow42 's check if signal is noice.
2017-02-04 12:41:30 +01:00
iceman1001
cf5a79de33
ADD: 'hf 14a read' - correct identify Aztek tags, instead of claiming it to be "not mfu".
2017-02-04 12:32:14 +01:00
iceman1001
52108cabf3
CHG: 'lf cotag read' - added the raw output and the repeating byte pattern is 16bytes, so we only collect that many bytes from card
2017-02-03 00:07:55 +01:00
iceman1001
d228198808
fix: those pesky semicolons..
2017-02-02 21:32:46 +01:00
iceman1001
a330987de1
CHG: 'lf cotag demod' - now finds FC/CN Thanks to @marshmellow42
...
CHG: 'lf search' - now detects COTAG
2017-02-02 19:15:36 +01:00
iceman1001
96b516e180
CHG: minor fixes in setting arrays and error messages.
2017-02-02 15:39:35 +01:00
iceman1001
5f5b83b743
ADD: 'lf cotag read' - COTAG can be read now.
2017-02-02 15:32:21 +01:00
iceman1001
4401050bcc
ADD: 'hf standalone 14a mode", added "mifare 4k" detection.
...
ADD: 'hf 14a sim' - added mifare 4k simulation.
2017-02-01 14:41:06 +01:00
iceman1001
507afbf3e6
CHG: 'lf cotag read' - it now follows "lf config" settings when collecting signaldata.
2017-02-01 14:11:11 +01:00
iceman1001
bdf387c7ef
CHG: temporary disable hitag2_uid detection. Loop times out sometimes.
2017-01-31 22:38:02 +01:00
iceman1001
b828a4e168
CHG: 'lf snoop' - now automatically downloads samples after finished. (annoying step to do over and over)
...
FIX: 'lf snoop' - now turns of LF antenna after snoop.
FIX: 'lf cotag read' - now waits until the ACK cmd arrives before downloading samples.
2017-01-31 16:11:57 +01:00
iceman1001
71aa1ff824
FIX: fixes warning for "%zu" string formatspecifier on MINGW systems. (Thanks to @marshmellow42 for this one)
2017-01-31 05:33:24 +01:00
iceman1001
1cec48cc0e
ADD: added the writedumpfile function from "14araw.lua" into utils.lua
...
ADD: `ufodump.lua` - added the Aztek dump script. Since its an unknown tag hence the name.
2017-01-30 16:51:07 +01:00
iceman1001
84bdbc1917
FIX: 'hf 14a sim x' - adjusted and shows messages when verbose.
...
FIX: 'hf mf sim x i' - same as above.
In general we only use Moebius attack for "sim x", that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
2017-01-29 23:09:23 +01:00
iceman1001
2ce218042d
CHG: 'hf 14a sim e' - it now has a parameter for setfoundkeys to emulator memory.
...
CHG: textual changes.
2017-01-29 13:21:17 +01:00
iceman1001
7e735c1398
FIX: 'hf 14a sim x' - this fixes the error with using moebius attack and sim. Updating the nonce variable doesn't change the premodulated response. And it should update everytime it gets a command. One concering issue is that this takes time. Successfully works with two PM3. One acting reader, another sim.
2017-01-29 11:29:15 +01:00
iceman1001
76c0ec0ba8
FIX: missed include. for boolean defines
2017-01-27 10:56:14 +01:00
iceman1001
4653da4331
ADD: lf cotag
- added first try at basic functionality to read samples from Cotag. In lfops.c is the startup sequence that needs to be tested out.
2017-01-27 10:49:34 +01:00
iceman1001
bdebc8dbab
CHG: removed a -L path for OSX
2017-01-26 23:49:05 +01:00
iceman1001
2d3f8e5fa7
ADD: some defines to make headerfiles behave better.
...
CHG: syntax sugar
2017-01-26 14:23:05 +01:00
iceman1001
e069d740e3
still wrong...
2017-01-25 08:40:55 +01:00
iceman1001
4431b482d7
CHG:forget the "base"..
2017-01-25 08:36:51 +01:00
iceman1001
f364f71294
chg: known key is treated as a string.
2017-01-25 01:11:34 +01:00
iceman1001
137f207a8d
CHG: removed a dublett
2017-01-25 00:24:18 +01:00
iceman1001
b946d5f7f9
ADD: 'script run hard_autopwn' - a lua script which should run hardnested attack against all sectore and keytypes (A|B).
2017-01-25 00:23:13 +01:00
iceman1001
ced742717d
CHG: should remove a compiler warning on OSX
2017-01-23 23:12:41 +01:00
iceman1001
c840385eff
CHG: increase sample amount, since it found too few bits
2017-01-20 22:11:59 +01:00
iceman1001
53484563d7
CHG: lowered the samples read.
2017-01-20 22:06:53 +01:00
iceman1001
360a5b1b3c
FIX: the HID-Flasher depends on libusb to be able to compile On OSX the 'include paths' is different when using homebrew.
...
This project compiles on Ubuntu with libusb-dev installed. Lets see if it compiles on OSX....
2017-01-20 19:25:42 +01:00
iceman1001
1b75698cb7
FIX: 'lf hitag2' forgot to add some of @marshmellow42 's changes. Lf search should works just fine now.
2017-01-20 18:26:03 +01:00
iceman1001
69784c3801
ADD: 'lf search' - added @marshmellow42 's hitag2 identification
2017-01-20 10:09:06 +01:00
iceman1001
a38f5a0704
FIX: @marshmellow42 's fixes for enhanced STT and AskDemod. Now the "lf presco read" works on cargs with strong/clean/clipped waves
2017-01-20 10:03:53 +01:00
iceman1001
7898d3b55f
syntax sugar
2017-01-18 22:57:20 +01:00
iceman1001
316493876a
FIX: 'data print' - now don't crash the client when demodbuffer is empty
...
CHG: 'guard' - the Guard output more unified.
2017-01-18 22:55:37 +01:00
iceman1001
42c235e7ef
ADD: T55XX_WRITE_TIMEOUT to make sure all WaitForResponseTimeout for t55xx behaves the same.
...
CHG: removed some "DONE!" device prints..
CHG: unified some "clone" commands output.
2017-01-18 22:54:27 +01:00
iceman1001
ea7ce7fb68
CHG: removed duplicates entries
2017-01-18 20:22:15 +01:00
iceman1001
388d8618c7
CHG: moved definition and includes into header file
2017-01-18 20:19:42 +01:00
iceman1001
6df022667d
CHG: spelling mistakes. (
2017-01-18 20:19:08 +01:00
iceman1001
efbf81da52
FIX: 'hw tune' - peakf shouldn't be compare with voltages limits :)
2017-01-18 13:35:00 +01:00
iceman1001
bb52291837
CHG: 'hw tune' adhjusted the NON_VOLTAGE limit to 0.999v, below this value the antenna is considered not connected.
2017-01-18 13:18:03 +01:00
iceman1001
bf35008962
CHG: 'lf t55xx recoverpw" - added the possibility to cancel the command when pressing 'enter' key.
2017-01-18 11:27:17 +01:00
iceman1001
243f899b92
CHG: 'hw version' - change to "Proxmark3"
2017-01-17 22:59:14 +01:00
iceman1001
f56b1fae2d
FIX: sprint_bin_break didn't print the last digit in array.
2017-01-17 22:58:16 +01:00
iceman1001
3e5b5bb2da
ADD: 'lf t55xx detect' - added a search for known config blocks, if found it will select it. Usually when indala (psk) configured tags generates serveral possible configblocks. The found config block is set, not need to manually set it anymore. :)
2017-01-17 22:07:40 +01:00
iceman1001
9682ed9aaa
CHG: increased the t55xx writeblock timeout
2017-01-16 22:39:33 +01:00
iceman1001
81b7e89434
CHG: lowered the number of bytes collected for T55xxReadBlock. Was 12000 -> 7679
...
CHG: added some documentation about what arguments does.
CHG: 'data tune' - added flush after printf.
2017-01-16 21:06:51 +01:00
iceman1001
aed36ae5bd
ADD: 'install.sh' blacklist rules installed aswell. run as root to install.
2017-01-16 15:02:10 +01:00
iceman1001
d3fd5fd6d8
CHG: unused variables and remove of compiler warnings.
2017-01-16 15:00:40 +01:00
iceman1001
1cc80785e5
ADD: sprint_ascii function.
2017-01-16 14:47:24 +01:00
iceman1001
cf94c75b7e
CHG: 'lf t55xx' the no-time limit waiting for the device to ACK when transfering data from device to client, is changed to 8 seconds.
...
CHG: 'lf t55xx dump' - added ASCII printing of dumped data blocks.
2017-01-16 14:46:42 +01:00
iceman1001
c621ae0614
CHG: 'data zerograph' - array out-of-bounds fixed.
...
CHG: syntax sugar
2017-01-16 14:44:37 +01:00
iceman1001
3acac886bc
ADD: 'lf search' - added a rudimentary identification of IDTECK tags, will demod to PSK1, if fails it tries to PSK1 inverted demod.
2017-01-12 00:04:36 +01:00
iceman1001
ceb34a3c1b
CHG: syntax sugar
2017-01-11 23:09:47 +01:00
iceman1001
197c8f3f42
CHG: syntax sugar, minor spelling mistake
2017-01-11 23:08:59 +01:00
iceman1001
719000b7f4
syntax suger
2017-01-11 23:02:38 +01:00
iceman1001
fbc2bace4a
CHG: 'lf hid wiegand' - remaking the wiegand calcs
2017-01-11 23:02:07 +01:00
iceman1001
db289ea7d7
CHG: syntax suger
2017-01-11 23:01:15 +01:00
iceman1001
9a6bc2feb4
CHG: 'lf noralsy' Added tag allocation year in demod output.
...
CHG: 'lf noralsy clone|sim' Added tag allocation year as input parameter
2017-01-11 23:00:08 +01:00
iceman1001
3b875041dc
FIX: 'hf 14a reader' - when card SAK was 0x00, it calls GetHF14AMfU_Type() to try to identify if it is a UL/NTAG etc. The bug is that it ignored the return value.
...
when return_value == UL_ERROR, it shall not print the mfu tagtype annotation.
---faulty behavior
proxmark3> hf 14a reader
UID : 65 93 7f d1
ATQA : 00 04
SAK : 00 [2]
Tag is not Ultralight | NTAG | MY-D [ATQA: 00 04 SAK: 00]
TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
2017-01-11 22:00:17 +01:00
iceman1001
042db564ba
CHG: 'hf iclass replay' added help text.
...
CHG: 'hf iclass snoop' added help text.
CHG: 'hf iclass reader' added help text.
ADD: 'hf iclass reader' added the possibility to read only one tag instead of looping.
CHG: 'sprint_hex_ascii' function now replaces unprintable chars with '.', added this call to printIclassDumpInfo
2017-01-10 22:21:16 +01:00
iceman1001
76c74bf9ad
CHG: 'hf iclass decrypt' - adjusted the loops, to only decrypt Application 1. However I've noticed not all blocks in Application 1 is encrypted. :/ Still needs to be adjusted.
...
CHG: 'hf iclass reader' - added some output accessrights from the CopyReader source code.
And ofcourse, moved around stuff, like the usages in cmdhficlass.c
2017-01-10 18:23:05 +01:00
iceman1001
a0a61c91cc
CHG: adding the HID wiegand calcs again. Still need to set the bit37 indicator etc.
2017-01-09 22:17:43 +01:00
iceman1001
dd83c4572b
CHG: coverity complains about not reading the value from mifare_send_short
...
CHG: ubuntu 14.04 gcc4.8.4 complains about mem_avail still. Don't know why.
2017-01-09 22:15:36 +01:00
iceman1001
38a30dbf18
CHG: forgot to remove unused function.
2017-01-06 00:02:52 +01:00
iceman1001
e585a58ed1
CHG: looks bad but works.
2017-01-06 00:01:14 +01:00
iceman1001
08439eea22
CHG: textual changes.
...
CHG: remove unused #includes and added some comments
2017-01-05 15:56:52 +01:00
iceman1001
87c10b2a0f
CHG: some indala output is now only in debug mode
...
CHG: added 34|37 bits AWID format. I'm guessing 37bit is wrong since the parity is still there. Which it shouldn't
2017-01-05 15:55:19 +01:00
iceman1001
29f649c5ce
CHG: change the indala output abit, to only show when in debug mode. (ie: data setdebug 1)
2017-01-05 15:53:32 +01:00
iceman1001
c48211f7ed
ADD: 'lf animal' commands. CLONE/SIM/READ/DEMOD of FXD-B animal tags. Still some work left.
2017-01-05 01:51:47 +01:00
iceman1001
f80cd7e687
syntax suger, some tabs fixed
2017-01-03 19:33:21 +01:00
iceman1001
ea1c1ca6f8
CHG: 'analyse hid' added @holiman 's permute functions to the output to verify
2017-01-03 19:32:24 +01:00
Iceman
0b63a0fe2a
Merge pull request #63 from micolous/log-nonce
...
nonce2key: printf->PrintAndLog
2017-01-03 19:19:38 +01:00
iceman1001
deba67ab57
CHG: cleaning up stuff
2017-01-03 01:20:03 +01:00
iceman1001
34c3082338
CHG: added a key B wien,
2017-01-02 22:00:56 +01:00
Iceman
1772cf8bdd
fixed warning about size_t
...
CHG: warning needs %lu string formatter
2016-12-26 20:43:20 +01:00
Iceman
ef31a8b453
fix a warning
...
CHG: size_t is unsigned. switched to the correct string formatter
2016-12-26 20:39:13 +01:00
Michael Farrell
59152dcb05
nonce2key: printf->PrintAndLog
2016-12-24 10:09:01 +10:00
Michael Farrell
faad338efe
Fix some missing include statements which impact using proxmark3 client as a library.
2016-12-23 17:35:50 +10:00
iceman1001
62d0bbf62f
ADD: new found cloner pwd.
2016-12-20 09:25:02 +01:00
iceman1001
bb73c58d9a
CHG: made some debugs statements more clear, when "LF SEARCH" is used with "DATA SETDEBUG 1"
2016-12-19 15:32:18 +01:00
iceman1001
8cdf15c2b3
CHG: 'lf awid brute' - extra check if device gotten offline
...
CHG: 'lf t55x7 brute' - extra check if device gotten offline
CHG: 'lf nedap' - Nedap is supposed to be Diphase.
2016-12-19 14:55:58 +01:00
iceman1001
92014925d6
CHG: 'LF VISA2000' adding askedgedetection when decoding allows for some traces to be correct demodulated.
2016-12-16 19:06:19 +01:00
iceman1001
3375daee9e
CHG: 'LF VISA2000 CLONE' fixed the wrong blocknum index in output. Thanks @martin for pointing it out.
2016-12-16 12:50:44 +01:00
iceman1001
0a7e86db81
ADD: 'LF VISA2000' added one checksum test when demod / clone / sim
...
CHG: 'LF NORALSY' when chksum fails, return 0, to indicate for LF SEARCH that it failed.
2016-12-16 12:47:49 +01:00
iceman1001
32da0a464e
ADD: 'analyse chksum' added a nibble xor calc - calcSumNibbleXor
2016-12-16 12:05:38 +01:00
iceman1001
c08c796e8d
CHG: enhanced the debug output for some LF demod/decode
2016-12-16 12:04:37 +01:00
iceman1001
22eece1e2d
ADD: 'LF NORALSY' clone/sim/read commands. Partly done. some crc works, but whole format in not mapped yet.
...
ADD: 'LF SEARCH' added noralsy detection
2016-12-15 18:04:30 +01:00
iceman1001
d48175d4f4
FIX: 'lf presco' demod fixes.
...
ADD: 'lf search' now also looks for Presco.
I know that the helptext is wrong (d should be p)
2016-12-15 00:01:31 +01:00
iceman1001
371535d566
ADD: forgot to add the files
2016-12-14 23:26:14 +01:00
iceman1001
9945a928c7
Syntax suger
2016-12-14 23:25:28 +01:00
iceman1001
eb911aa8d6
ADD: 'lf visa2000' commands. (SIM/CLONE/READ) almost finished.
...
CHG: 'lf xxxxx' reduced number of samples from 30000 -> 20000 in "lf xxxxxx read" commands.
CHG: 'data samples' - didn't honor the silent parameter. It now output less for the 'lf xxxxxx read' commands.
2016-12-14 23:23:16 +01:00
iceman1001
dc3a58466d
CHG: 'lf search' changed output to be visible when debugging for IO prox
2016-12-13 12:27:40 +01:00
iceman1001
8b2a5d400a
FIX: 'hf iclass dump' / 'hf iclass readtagfile' - the faulty output from these commands are now fixed.
2016-12-09 14:38:51 +01:00
iceman1001
c5af4b5d8c
CHG: 'hf iclass dump' - output fixes
...
CHG: 'hf iclass readtagfile' - output fixes
2016-12-08 18:02:48 +01:00
iceman1001
541231b805
REM: removed a double entry. it seems 'hf mf check' doesnt uniq-sort this file.
2016-12-08 18:01:54 +01:00
iceman1001
b7f40ee2ad
CHG: added a check if err variable is NIL.
2016-11-22 11:55:23 +01:00
iceman1001
d1e197e9ec
FIX: the changes to uart.c timings seems to have fixed my problem with the pm3 device getting unresponsive.
...
CHG: "script run hard" now iterates all sectors on the tag and output the table style like "hf mf chkkey" do.
2016-11-22 01:58:11 +01:00
iceman1001
e108a48ac4
ADD: added the 'hf mf hardnested' to be called within LUA scripts.
...
ADD: 'script run hard' - a first try for a lua script to run the hardnested attack on a complete tag.
2016-11-21 16:08:12 +01:00
iceman1001
711ae19fca
CHG: Cleaning up
2016-11-18 11:31:52 +01:00
iceman1001
09bb01c73d
ADD: "analyse hid" - new function that implements the 'heart of darkness' hid/iclass permute function. Its converted from the php-solution found in the paper to C. Ref: https://github.com/akw0088/HID-Card-Copy/blob/master/key-permutation/permute.php
2016-11-17 18:20:44 +01:00
iceman1001
fa5974bbf3
FIX: @matrix latest fixes
2016-11-16 22:31:09 +01:00
iceman1001
f07ffa7672
FIX: "hf mf hardnested" - removed the call to free_candidates_memory, on my ubuntu env it crashes all the time with it.
2016-11-16 19:19:06 +01:00
iceman1001
da8279796e
FIX: that time.h issue is different on POSIX systems and WINDOWS system and in C...
2016-11-16 18:52:13 +01:00
iceman1001
a877bc2f01
FIX: wrong compile define used, __WIN32 should be _WIN32
2016-11-16 18:42:56 +01:00
iceman1001
7d159efe40
FIX: & 0xFF instead of uint8_t
2016-11-16 18:38:15 +01:00
iceman1001
1ca5dce0f4
FIX: removed some warnings about time_t in non-windows systems. This appeared since I fiddled in proxmark.h
2016-11-16 18:36:21 +01:00
iceman1001
3105b814c9
CHG: added the ping command to the header file.
2016-11-16 18:17:01 +01:00
iceman1001
06d09c98eb
CHG: "hf mf hardnested" - fixes and additions.
...
- freeing candidate lists after generate_candidates calls.
- longer timeout when waiting for responses (it takes a while to collect 58 nonces per call) From 3sec to 6sec
- if best_first_byte[0] (best guess) has been the same for 3 nonces calls in a row, it enters the generate_candidates test.
- when total_added_nonces increases but does not enter generate_candidates tests, it now increases the threshold_index variable. Make the output look better
Known bugs still.
- TestIfKeyExists sometimes crashes the client, still after the null check.
- proxmark3 device doesn't answer calls after entering brute_force call and fails finding a key, where it should start collecting nonces again. This bug doesn't make sense.
2016-11-16 18:16:14 +01:00
iceman1001
2618e313bf
CHG: textual change
2016-11-16 17:45:12 +01:00
iceman1001
4d812c139b
CHG: "hf mf hardnested"
...
- latest clean up from @matrix
- the device still doesnt answer when brute_force call fails. I've been trying to get the device to init after the brute_force call.
2016-11-15 12:49:13 +01:00
iceman1001
97f86b7a61
chg: removed a useless clearing of key_count. From @matrix 090682764b
2016-11-15 12:13:15 +01:00
iceman1001
71ac327ba8
FIX: 'hf mf hardnested' @matrix e0828439bf
2016-11-08 13:27:50 +01:00
iceman1001
360caababf
FIX: decrease 2^39 -> 2^38. its a big searchspace anyway.
...
FIX: changed output and rearranged collecting nonces logic.
Still problems with "hard" keys, the device stops responding after a "bruteforce" / "generate_candidates" call.. Very strange. shouldnt'
2016-11-07 22:41:18 +01:00
iceman1001
87a513aa1d
FIX: "hf mf hardnested" when "key found" exting the do-while loop doesn't need to wait for device to respond.
2016-11-07 11:54:32 +01:00
iceman1001
8e4a0b3585
FIX: "hf mf hardnested" merging of @matrix commit bd8249afec
2016-11-07 11:11:14 +01:00
iceman1001
7fd676db11
FIX: @matrix 869a03c2c6
...
it still counts down the good bytes,
and I fixed the elapsed time.
2016-11-05 14:54:25 +01:00
iceman1001
713f5d019c
CHG: still issues left.
2016-10-29 23:58:59 +02:00
iceman1001
5e14319d2c
FIX: several calls to nonce2key/nonce2key_ex has problems with not clearing up memory pointers laying around.
...
Still exists problem which needs to be dealt with.
2016-10-29 22:12:38 +02:00
iceman1001
60c33f7aa8
CHG: minor textual change to fit the minimum two calls nature for the zero parity attack
2016-10-29 21:45:36 +02:00
iceman1001
b403c30091
FIX: the time_t calls under mingw needs a #define _USE_32BIT_TIME_T 1 to be correct. It seems to work in "hf mf mifare" but not in "hf mf hardnested"
2016-10-29 21:42:46 +02:00
iceman1001
19693bdc06
FIX: 'hf mf mifare' - special zero parity attack vector now works. Thanks to the dude who figured this vector out: @douniwan5788 (sorry for comments, I was clearly wrong.) @piwi - for proving me wrong.
...
this version uses int64_t (signed) to signify end-of-lists (-1). It also needs its own compare function for the qsort. I didn't merge this into existing code which uses uint64_t. (too lazy)
2016-10-29 21:41:02 +02:00
Gabriele Gristina
e7f43e92e9
Merge remote-tracking branch 'upstream/master'
2016-10-29 15:19:55 +02:00
iceman1001
c3c12b5571
CHG: clean up
2016-10-28 16:37:26 +02:00
iceman1001
ba39db376c
CHG: just some parameter / variable name changes. Nuttin' special.
2016-10-28 16:37:01 +02:00
Michael Farrell
32beef538e
hf {14a,mf} sim: v is for verbose
2016-10-27 23:37:00 +11:00
Michael Farrell
dfdbfa0702
hf mf sim: Be less verbose by default, add option "m" to turn maths back on (Issue #45 )
2016-10-27 23:37:00 +11:00
Gabriele Gristina
236e8f7cc6
fixup code
2016-10-26 01:14:56 +02:00
iceman1001
9f02f471db
FIX: too small string?
2016-10-23 00:58:40 +02:00
iceman1001
be26ef45b4
FIX: valgrind complains about something here...
2016-10-23 00:50:23 +02:00
iceman1001
520d06e856
CHG: init the char array.
2016-10-23 00:38:09 +02:00
Michael Farrell
b6e05350b2
hf mf sim: Multiple fixes (iceman1001/proxmark3 #45 )
...
- Fix `hf mf sim` to use nonce_t structures, so key recovery works
- Increases verbosity on the key recovery functionality
- Fix use-after-free for k_sector
- Add help info on `e` option to `hf mf sim`
2016-10-22 21:53:53 +11:00
Michael Farrell
53f7c75a38
hf 14a: Fix typos in manufacturer list
2016-10-22 14:24:17 +11:00
iceman1001
2dcf60f3df
CHG: "hf mf hardnested" - less printing
...
CHG: some filehandles = NULL.
2016-10-21 16:06:53 +02:00
Gabriele Gristina
bbcd41a6e5
Speedup Mifare Plus Attack v2.2 (cleanup code)
2016-10-21 01:06:57 +02:00
Gabriele Gristina
0325c12f35
Speedup Mifare Plus Attack v2.1 (stable)
2016-10-21 00:43:43 +02:00
Gabriele Gristina
64c87a8c5f
Merge remote-tracking branch 'upstream/master'
2016-10-20 20:00:06 +02:00
iceman1001
36d87eeff0
FIX: client crash for global id, and removing my previous fix.
2016-10-20 17:31:23 +02:00
iceman1001
ed28bbe5ae
CHG: some debug statements instead, 'H' for helptext.
2016-10-20 01:51:27 +02:00
iceman1001
3c6354e99a
FIX: strange bug in "lf em em410xwatch" , which the client crasches when it reads a valid em tag.
2016-10-20 01:50:30 +02:00
iceman1001
d115f9a454
CHG: making printed statement a debug statement.
2016-10-20 01:16:32 +02:00
iceman1001
015e3b8170
syntax suger. never mind this
2016-10-20 00:41:34 +02:00
iceman1001
bd46dec63b
CHG: found even more keys
2016-10-19 21:27:34 +02:00
iceman1001
100fe0a5ee
textual suger
2016-10-19 21:26:56 +02:00
Gabriele Gristina
383a1fb368
Speedup Mifare Plus Attack v2
2016-10-19 00:13:53 +02:00
iceman1001
88f503735c
FIX: @aczid's fix 957702be9c
...
from original @matrix 057d2e9147
2016-10-18 18:45:29 +02:00
Gabriele Gristina
057d2e9147
Speedup Mifare Plus Attack v1
2016-10-18 01:21:56 +02:00
iceman1001
62254ea5a7
FIX: Since some changes in "hf mf chk" usbcommand package, this script has not been working. It now calls and gets the results back from the device.
...
CHG: changed the output listing to look like the other key-tables.
2016-10-17 17:20:33 +02:00
iceman1001
4ce2037b2a
ADD: found some more keys on the web
2016-10-17 13:16:27 +02:00
iceman1001
da1f16d6ef
CHG: increased debug output for Em410x
2016-10-16 21:50:41 +02:00
iceman1001
2a1a6aa382
FIX: "hf legic write" - removed a warning message and made the overwrite question working.
2016-10-14 16:39:38 +02:00
iceman1001
1f247f6ac6
ADD: "hf legic wipe" - it autodetects tagtype and fills all bytes from offset 7 to end with zeros.
...
Fills a legic tag memory with zeros. From byte7 and to the end.
Usage: hf legic wipe [h]
Options:
h : this help
Samples:
hf legic wipe
2016-10-14 15:23:20 +02:00
iceman1001
25cb718daf
FIX: this should remove a warning.
2016-10-10 21:55:18 +02:00
iceman1001
4697964f6a
CHG: "script run emlu2dump" now can read old legic hex-ascii dumps. (with spaces) and convert to a binary file
...
CHG: "script run emlu2html" now can read old legic hex-ascii dumps. (with spaces) and convert to a generic html file
These changes makes it easier to for old legic dumps to be used with the new "legic dump/restore/eload/esave" commands
2016-10-10 10:59:16 +02:00
iceman1001
f9eeab99a4
chg: textual changes.
2016-10-09 16:04:31 +02:00
iceman1001
564c9ae2b6
FIX: increased time-out to match 2.7sec it takes to write 256bytes.
2016-10-09 15:49:59 +02:00
iceman1001
539fd59ebe
CHG: "hf legic write" - now writes on the limits better.
...
CHG: "hf legic restore" - now restors :)
CHG: "hf legic rdmem" - now has a nice offset row above the read data. try: 'hf legic rdmem 0 100'
2016-10-09 15:41:31 +02:00
iceman1001
367996567b
CHG: "hf legic restore" - added a filesize and cardsize check
2016-10-08 19:25:23 +02:00
iceman1001
cd79d97223
CHG: syntax suger
2016-10-08 19:14:35 +02:00
iceman1001
f9b5377fd0
CHG: reordered the "hf search" internal checks. The iclass check takes 4.5sec to time-out...Incredible slow to identify.
2016-10-08 19:14:09 +02:00
iceman1001
5b9fb6f454
REM: "hf legic load" has been removed. It doesnt have a purpose anymore.
...
REM: "hf legic save" has been removed. It doesnt have a purpose anymore.
CHG: "hf legic restore" started with the logic for the restore. Some compares and write to tag left.
2016-10-08 19:10:46 +02:00
iceman1001
59fc313d99
CHG: help text
2016-10-07 20:49:26 +02:00
iceman1001
c2ab5e8c4e
FIX: "hf list legic" annotation now correct prints byte and value for "legic write" command
2016-10-07 20:23:57 +02:00
iceman1001
b816886806
FIX: one send command bug fixed. Turns out that uint16_t is too small for 21/23bits size. Who figured?
2016-10-07 19:11:38 +02:00
iceman1001
f0fa663814
CHG: "hf legic write" got a make over in how its called. Now called with 'offset' and 'data'
...
'hf legic write o 10 d 11223344' - this will write 4 bytes (0x11,0x22,0x33,0x44) to tag from offset 10 (0x0A)
2016-10-07 11:58:14 +02:00
iceman1001
ac42d5be85
chg: syntax suger
2016-10-07 00:18:02 +02:00
iceman1001
1bf1db845f
CHG: syntax suger
2016-10-07 00:17:18 +02:00
iceman1001
f6e01a3493
Renamed the calccrc8 functions and command.
2016-10-07 00:14:02 +02:00
iceman1001
5a08545794
ADD: added a compiling flag -DHAS_512_FLASH i common/Makefile.common, to be used for PM3 devices with 512KB. Original commit from @hewitt
2016-10-07 00:12:09 +02:00
iceman1001
77e1bab94a
REM: "hf legic writeraw" has been removed.
...
FIX: "hf legic eload" uploads now correct to device mem.
2016-10-06 19:34:53 +02:00
iceman1001
0e8cabed8d
ADD: "hf legic eload" - Load binary file to emulator memory. Use "h" for help text
...
ADD: "hf legic esave" - Save emulator memory to binary file. Use "h" for help text
2016-10-06 19:13:23 +02:00
iceman1001
9015ae0f5d
CHG: "hf legic dump" now automatically detects tagtype and dumps accordingly.
...
CHG: still #define codestyle should it be with or without semicolons?
2016-10-05 22:58:06 +02:00
iceman1001
00271f774a
FIX: undeclared var on deviceside,
...
FIX: "hf legic dump" is almost there.
2016-10-05 22:07:32 +02:00
iceman1001
633d068682
CHG: command name changes..
...
old "hf legic info" is now "hf legic reader"
old "hf legic read" is now "hf legic rdmem"
old "hf legic decode" is now "hf legic info"
ADD: new command "hf legic dump", which will autodetect tagtype and dump all mem to a binary file.
2016-10-05 21:42:13 +02:00
iceman
f8f62cebc6
CHG: execution mode
2016-10-05 17:57:01 +02:00
iceman
77e72e8b1b
CHG: execution mode
2016-10-05 17:56:44 +02:00
iceman1001
c15e07f11d
CHG: making timings a bit tighter == faster read of tag. Like 1ms for whole tag.
...
FIX: off-by-one bug in read-byte-loop.
2016-10-04 23:08:39 +02:00
iceman1001
e1a0ed65ff
FIX: forgot a LEN in print message.
2016-10-04 21:42:56 +02:00
iceman1001
1daa1226fd
CHG: reading a complete MIM1024 takes about 2.8sec. This timeout is changed to 3sec now.
2016-10-04 21:41:21 +02:00
iceman1001
7a8db2f678
CHG: "hf legic read" - increased timeout values client side, reading MIM1024 takes a bit of time
2016-10-04 21:26:19 +02:00
iceman1001
86087eba00
Textual changes in helptext. Still no clear.
2016-10-04 18:43:11 +02:00
iceman1001
7bc3c99e7e
CHG: "hf legic write" started to change this command to the updated code
2016-10-04 18:05:55 +02:00
iceman1001
77a689dbeb
CHG: revert legiccrc8 to old algo.
...
CHG: "hf legic decode" now loads EML memory
CHG: legic timings is better.
2016-10-04 00:07:07 +02:00
iceman1001
0b0b182fe2
CHG: changed to use BigBuff_Eml memory instead of big_buff_malloc.
...
CHG: downloading eml memory from device should use uint's
CHG: "hf legic read" has a different printing. It now prints 32bytes / row
2016-10-03 23:24:59 +02:00
iceman1001
5660920679
FIX: the "hf list legic" on MIM1024 wrapped around readingbyte 255 due to a too small varible size. Causing the upperbits to drop silently
2016-10-02 12:29:18 +02:00
iceman1001
61f97ca7ad
CHG: annotation now only print relevant help text given selected protocoll.
2016-09-29 21:37:19 +02:00
iceman1001
c649c43389
CHG: finally, the ticks timer does what it is supposed to do. 32bits and working.
2016-09-29 21:36:43 +02:00
iceman1001
fabef615ec
CHG: added addresize to legic select struct.
...
CHG: TIMER, it turns out the TC0, TC1 and TC2 is only 16bit. So adjust to use two clocks to get a 32bit timer.
CHG: code clean up in legic device side. consistency with variable names..
2016-09-29 17:43:39 +02:00
iceman1001
ce1cccd697
UPD: got the latest updates (@badboy) from @zhovner mfdread.
2016-09-29 14:18:21 +02:00
iceman1001
f2ba788536
ADD: @zhovner 's mfd file parser https://github.com/zhovner/mfdread Looks really nice the parsed fileoutput.
2016-09-29 12:23:35 +02:00
iceman1001
a39944216d
CHG: a select_legic function with structs and stuff and
2016-09-29 12:23:09 +02:00
iceman1001
d7e24e7c5f
CHG: 'hf list legic' doesn't print the parity now.
...
CHG: 'hf legic read' the device side timings is starting to look much better. HUGE Thanks to @will-rbnt for endless checks and logic analyser feedback. Without his effort this would not work. What does work? We can now use ANY IV in legic. The PM3 Master version is flawed, will only work with IV=0x55.
---still broke--- my crc implementation.. I know I'm about to look into it.
2016-09-28 21:37:08 +02:00
iceman1001
323e05cc20
CHG: added the verbose flag, to make the output in "hf search" lesser.
2016-09-26 21:39:04 +02:00
iceman1001
3c6542087e
CHG: @ikarus23 removed all missleadning warnings for GCC6.1.1.
2016-09-26 21:38:19 +02:00
iceman1001
3e750be37c
ADD: started to add a legic detection to "HF SEARCH"
2016-09-26 20:01:23 +02:00
iceman1001
f1f7430ae0
CHG: removed the ubuntu build variable which is no needed anymore to build on ubunutu.
...
CHG: Some warnings in cmdhflegic.c is solved.
2016-09-26 17:19:35 +02:00
iceman1001
7c91c8bf24
CHG: and now that I do actually check on bitlenght, I can get a better annotation yet again. Looking at it raises a question, acknowledge is 0x19 or 0x39, they just don't match up with tagtype identification of 0x0D, 0x1D, 0x39. I'll need to look at a 1024 tags response in a trace with a valid reader.
2016-09-26 12:58:11 +02:00
iceman1001
faabfafe30
CHG: using bitsend to determind the legic annotation in "hf list legic" makes false positives much less.
2016-09-26 12:26:37 +02:00
iceman1001
1c59e80aba
CHG: fix a "indent" warning.
2016-09-26 11:01:33 +02:00
iceman1001
7d0efb37d8
CHG: the "indent" software warns about some assingments. I've tried to fix them.
2016-09-26 10:37:00 +02:00
iceman1001
f885043422
FIX: "hf 14a read" / "hf mf *" / "hf mfdes info" and failure when calling these commands serveral times in row.
...
For long transactions the sspclock compare with >1 instead of >=1 .. Now the timer resets properly.
CHG: use some #define constants for iso-commands.
2016-09-23 21:28:07 +02:00
iceman1001
22f4dca88c
CHG: extracted some timers functionality, to get unified access to a timer/clock which counts in ticks. Moved stuff from util.c
2016-09-21 19:03:32 +02:00
iceman1001
4490a47690
ADD: some new mifare key found,
2016-09-20 23:20:27 +02:00
iceman1001
87342aadbc
CHG: adjusted timing according to @sentinel 's traces
2016-09-14 16:18:04 +02:00
iceman1001
111c6934d4
CHG: Small steps, the waiting time between frames was unclear. At least now the tags answers to a readbyte command after the setup phase.
2016-09-12 09:19:49 +02:00
iceman1001
76471e5d17
CHG: reverted back from the idea of measureing in (us) microseconds, the timer is too raw, gives 10-15us delays. Now we are measuring ticks, which is (1 us = 1.5ticks)
...
like it was before. ie: 80us = 80*1.5 = 120ticks.
2016-09-11 11:14:12 +02:00
iceman1001
f72669f366
ADD: since the client now calls legic prng, this is needed here too.
...
CHG: the OS X QT4 vs QT5 detection. NOT fixed yet.
2016-09-09 11:58:53 +02:00
iceman1001
ad5bc8cc8c
In my attempts to make the LEGIC code better, its not working now. Timings if off.
...
CHG: switching to US clock.
CHG: better trace annotation for legic
CHG: Legic prng can now give a x bits in once.
2016-09-09 11:56:20 +02:00
iceman1001
1b12afbd9f
CHG: better annotation for 'legic'
2016-09-07 12:36:46 +02:00
iceman1001
e619ddc071
FIX: Better legic annotation, show which byte was targeted during read and write commands.
2016-09-03 12:20:12 +02:00
iceman1001
b98827ffc3
FIX: IV now is trunckated to 7bits in 'hf legic read,write, writeraw'
...
FIX: IV LSB bit is always set, in 'hf legic read,write, writeraw'
2016-09-03 12:19:05 +02:00
iceman1001
c71c5ee156
ADD: started to add tracelog in legic
...
ADD: remake of legic codebase.
ADD: started with a annotation for LEGIC in 'hf list'
2016-09-02 16:25:54 +02:00
iceman1001
5b4664e79f
CHG: Adding clarity to the command helptext.
2016-09-01 20:36:42 +02:00
iceman1001
d801514d88
CHG: Supressing output for LF or HF antenna values if zero, in 'hw tune' command
2016-09-01 20:36:10 +02:00
iceman1001
22635d611e
FIX: Only need to print a uint32_t,
2016-09-01 16:10:25 +02:00
iceman1001
56d0fb8e4d
FIX: bug in nextwatch demod, which if the found psk bits was smaller than the preamble the client crashed.
...
REM: removed some debugstatements
2016-09-01 16:09:31 +02:00
iceman1001
3fc01243b0
CHG: A repaint the plot window should be done to make sure its visual.
2016-08-31 19:24:18 +02:00
iceman1001
4c543dbd3f
ADD: added a simple averging filter function. input parameter K, can be 1 to 8
...
ref: http://www.edn.com/design/systems-design/4320010/A-simple-software-lowpass-filter-suits-embedded-system-applications
2016-08-29 20:29:31 +02:00
iceman1001
7aa24806f4
FIX: the check for formatlen was wrong.
...
Still missing the other formats, only 26bit in this one.
2016-08-26 22:31:45 +02:00
iceman1001
ffa306de61
CHG: starting to add the legic changes.. *work in progress*
2016-08-26 17:19:27 +02:00
iceman1001
89603cbddc
FIX: minor adjustments to 'lf awid bruteforce'
...
FIX: making the 'lf hid bruteforce' to work the same way as the awid one..
2016-08-26 17:18:48 +02:00
iceman1001
f121b478a1
FIX: 'lf awid bruteforce' cleaning up all debug messages
2016-08-26 16:35:30 +02:00
iceman1001
ba1324a5fe
some text changes.
2016-08-24 14:58:50 +02:00
iceman1001
760157f50b
CHG: added a verification to see if the found candidate key was able to validate against tag. If not ok, start darkside attack again.
2016-08-24 14:10:30 +02:00
iceman1001
02d5a58388
CHG: Changed the number of times the call to prng_successor is called.
2016-08-24 12:32:05 +02:00
iceman1001
39d43ccc21
CHG: syntax suger.
2016-08-24 12:31:09 +02:00
iceman1001
2c9e30908c
CHG: updated Reveng version from 1.4.0 -> 1.4.4 .
...
---snippet from their update log:
1.4.4 27 July 2016
Added 5 new algorithms, CRC-8/AUTOSAR, CRC-8/OPENSAFETY, CRC-16/OPENSAFETY-A, CRC-16/OPENSAFETY-B and CRC-32/AUTOSAR from the CRC Catalogue.
Added a build option to verify the order of the preset and alias tables at compile time.
1.4.3 14 July 2016
Added algorithm CRC-16/CMS from the CRC Catalogue.
1.4.2 8 July 2016
Added algorithm CRC-16/PROFIBUS from the CRC Catalogue.
1.4.1a 29 June 2016
Fixed a regression that caused the Windows release to crash on older systems.
1.4.1 27 June 2016
-P sets the Width value just like -k.
pcmp() quickly returns when the comparands are identical.
Added resources for the Windows executable.
2016-08-21 20:51:29 +02:00
iceman1001
bc908d8f9d
ADD: Mifare Desfire defines
2016-08-14 17:38:54 +02:00
iceman1001
af17926620
chg; syntax suger
2016-08-14 17:38:11 +02:00
iceman1001
f2abf6732b
help text adjustments
2016-08-14 17:11:42 +02:00
iceman1001
ab74872d40
ADD: added a sanity check in T55x7 commands info/trace/detect against useing the commands when device is in offline but user didn't use '1' in arguments.
2016-08-14 17:04:40 +02:00
iceman1001
7e08450dcc
add: annotage Mifare Desfire. from 3102c1bae3 (diff-93cfa90a992ea759349344d0de98029e)
...
Thanks @johannesStoye
2016-08-14 16:29:39 +02:00
iceman1001
2b6ffe75a8
chg: remove a char..
2016-08-10 16:29:23 +02:00
iceman1001
4ab54914e3
CHG: more struct errors.. my bad,
2016-08-10 16:28:23 +02:00
iceman1001
31cf804877
CHG: removed some debug statements, added another. Change the crapto1.c, lets see if the special attack works better now against chinese clones.
2016-08-10 16:25:56 +02:00
iceman1001
823ad2e186
CHG: minor code cleaning in 'hf 14a reader'
2016-08-10 16:24:49 +02:00
iceman1001
56f1aaa234
CHG: on a slow usb connection it seems the pingcmd which stops the bruteforce on deviceside doesnt get there. Lets send three pings to make sure the device gets it.
2016-08-10 16:23:59 +02:00
iceman1001
6067df30c5
FIX: at least now the special zero parity attack, repeats and doesn't crash. However it doesn't find the key either :(
2016-08-10 10:55:29 +02:00
iceman1001
86db8973b0
CHG; still looking at 14b, this time started to look at the tracelog times not working.
2016-08-09 23:13:18 +02:00
iceman1001
59e933fc3f
started fixing the paritiy == 0 special attack against chinese clones with bad prng, which hasnt been working for ages.
2016-08-09 23:11:07 +02:00
iceman1001
05442fa6f7
fix: wrong spelling
2016-08-09 12:15:26 +02:00