RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2024-09-22 00:06:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
2918 commits 3 branches 14 tags 86 MiB
Commit graph

1857 commits

Author SHA1 Message Date
iceman1001 ff9c043da2 FIX: T5555/Q5 datarate when used in "Q" parameter, consequential fix in lf commands. (RF-2/2) ie: ((64-2)>>1) 
ADD: Marshmellow42 's timing fixes for em4305.
 2017-02-13 10:58:28 +01:00
iceman1001 c7ea35a9fb chg: textual changes 2017-02-07 22:29:24 +01:00
iceman1001 464f6dc571 CHG: lf hid wiegand got some love. Still not correct. 2017-02-07 22:27:28 +01:00
iceman1001 bd94b97883 CHG: syntax sugar 2017-02-07 22:26:42 +01:00
iceman1001 cb1ba30a5e FIX: first attempt to clean up EM4x50 commands. 
- `lf em4x readwordPWD` merged into `lf em4x readword` See help text
 - `lf em4x writewordPWD` merged into `lf em4x writeword` See help text

 - `lf em4x readword` now download the collected signal data after command.

On device side the lfops.c has gotten some love. Code cleaner,  increased EM_START_GAP from 55 FC to 56 FC, because of how our microsecond(us) clock works with 21.3us increments.

TODO: `lf em4x em4x50read` needs to be factored to use @marshmellow42 's  ASKdemod instead of trying to do itself.
 2017-02-07 22:26:06 +01:00
iceman1001 5ed5e418c9 CHG: testing to set 460800 baudrate as default, if it fails, go to 115200 baudrate. For Linux/Win. Works great in my environments. 2017-02-06 02:33:08 +01:00
iceman1001 6a1687cc3e ADD: 'hf emv' - forgot to add some file 2017-02-05 22:16:50 +01:00
iceman1001 2e8d938bef ADD: 'hf emv' - from @peterfillmore emv fork. A bit cleaned up and moved around. Should compile 2017-02-05 21:56:47 +01:00
iceman1001 3e83ff2159 CHG: '-DWITH_EMV' - fixing some compilation errors when compiling with peter fillmore's emv code. Warning a 256kb Proxmark3 device will only have 7% memory left if you enable this 2017-02-05 21:09:36 +01:00
iceman1001 e772774ba1 chg: more debug statements to find sending errors 2017-02-04 15:02:36 +01:00
iceman1001 3f84d47369 ADD: 'lf search' - @marshmellow42 's check if signal is noice. 2017-02-04 12:41:30 +01:00
iceman1001 cf5a79de33 ADD: 'hf 14a read' - correct identify Aztek tags, instead of claiming it to be "not mfu". 2017-02-04 12:32:14 +01:00
iceman1001 52108cabf3 CHG: 'lf cotag read' - added the raw output and the repeating byte pattern is 16bytes, so we only collect that many bytes from card 2017-02-03 00:07:55 +01:00
iceman1001 d228198808 fix: those pesky semicolons.. 2017-02-02 21:32:46 +01:00
iceman1001 a330987de1 CHG: 'lf cotag demod' - now finds FC/CN Thanks to @marshmellow42 
CHG:  'lf search' - now detects COTAG
 2017-02-02 19:15:36 +01:00
iceman1001 96b516e180 CHG: minor fixes in setting arrays and error messages. 2017-02-02 15:39:35 +01:00
iceman1001 5f5b83b743 ADD: 'lf cotag read' - COTAG can be read now. 2017-02-02 15:32:21 +01:00
iceman1001 4401050bcc ADD: 'hf standalone 14a mode", added "mifare 4k" detection. 
ADD: 'hf 14a sim' - added mifare 4k simulation.
 2017-02-01 14:41:06 +01:00
iceman1001 507afbf3e6 CHG: 'lf cotag read' - it now follows "lf config" settings when collecting signaldata. 2017-02-01 14:11:11 +01:00
iceman1001 bdf387c7ef CHG: temporary disable hitag2_uid detection. Loop times out sometimes. 2017-01-31 22:38:02 +01:00
iceman1001 b828a4e168 CHG: 'lf snoop' - now automatically downloads samples after finished. (annoying step to do over and over) 
FIX: 'lf snoop'      - now turns of LF antenna after snoop.
FIX: 'lf cotag read' - now waits until the ACK cmd arrives before downloading samples.
 2017-01-31 16:11:57 +01:00
iceman1001 71aa1ff824 FIX: fixes warning for "%zu" string formatspecifier on MINGW systems. (Thanks to @marshmellow42 for this one) 2017-01-31 05:33:24 +01:00
iceman1001 1cec48cc0e ADD: added the writedumpfile function from "14araw.lua" into utils.lua 
ADD: `ufodump.lua` - added the Aztek dump script. Since its an unknown tag hence the name.
 2017-01-30 16:51:07 +01:00
iceman1001 84bdbc1917 FIX: 'hf 14a sim x' - adjusted and shows messages when verbose. 
FIX: 'hf mf sim x i' - same as above.

In general we only use Moebius attack for "sim x",  that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
 2017-01-29 23:09:23 +01:00
iceman1001 2ce218042d CHG: 'hf 14a sim e' - it now has a parameter for setfoundkeys to emulator memory. 
CHG: textual changes.
 2017-01-29 13:21:17 +01:00
iceman1001 7e735c1398 FIX: 'hf 14a sim x' - this fixes the error with using moebius attack and sim. Updating the nonce variable doesn't change the premodulated response. And it should update everytime it gets a command. One concering issue is that this takes time. Successfully works with two PM3. One acting reader, another sim. 2017-01-29 11:29:15 +01:00
iceman1001 76c0ec0ba8 FIX: missed include. for boolean defines 2017-01-27 10:56:14 +01:00
iceman1001 4653da4331 ADD: lf cotag - added first try at basic functionality to read samples from Cotag. In lfops.c is the startup sequence that needs to be tested out. 2017-01-27 10:49:34 +01:00
iceman1001 bdebc8dbab CHG: removed a -L path for OSX 2017-01-26 23:49:05 +01:00
iceman1001 2d3f8e5fa7 ADD: some defines to make headerfiles behave better. 
CHG: syntax sugar
 2017-01-26 14:23:05 +01:00
iceman1001 e069d740e3 still wrong... 2017-01-25 08:40:55 +01:00
iceman1001 4431b482d7 CHG:forget the "base".. 2017-01-25 08:36:51 +01:00
iceman1001 f364f71294 chg: known key is treated as a string. 2017-01-25 01:11:34 +01:00
iceman1001 137f207a8d CHG: removed a dublett 2017-01-25 00:24:18 +01:00
iceman1001 b946d5f7f9 ADD: 'script run hard_autopwn' - a lua script which should run hardnested attack against all sectore and keytypes (A|B). 2017-01-25 00:23:13 +01:00
iceman1001 ced742717d CHG: should remove a compiler warning on OSX 2017-01-23 23:12:41 +01:00
iceman1001 c840385eff CHG: increase sample amount, since it found too few bits 2017-01-20 22:11:59 +01:00
iceman1001 53484563d7 CHG: lowered the samples read. 2017-01-20 22:06:53 +01:00
iceman1001 360a5b1b3c FIX: the HID-Flasher depends on libusb to be able to compile On OSX the 'include paths' is different when using homebrew. 
This project compiles on Ubuntu with libusb-dev installed.     Lets see if it compiles on OSX....
 2017-01-20 19:25:42 +01:00
iceman1001 1b75698cb7 FIX: 'lf hitag2' forgot to add some of @marshmellow42 's changes. Lf search should works just fine now. 2017-01-20 18:26:03 +01:00
iceman1001 69784c3801 ADD: 'lf search' - added @marshmellow42 's hitag2 identification 2017-01-20 10:09:06 +01:00
iceman1001 a38f5a0704 FIX: @marshmellow42 's fixes for enhanced STT and AskDemod. Now the "lf presco read" works on cargs with strong/clean/clipped waves 2017-01-20 10:03:53 +01:00
iceman1001 7898d3b55f syntax sugar 2017-01-18 22:57:20 +01:00
iceman1001 316493876a FIX: 'data print' - now don't crash the client when demodbuffer is empty 
CHG:  'guard' - the Guard output more unified.
 2017-01-18 22:55:37 +01:00
iceman1001 42c235e7ef ADD: T55XX_WRITE_TIMEOUT to make sure all WaitForResponseTimeout for t55xx behaves the same. 
CHG:  removed some "DONE!" device prints..
CHG:  unified some "clone" commands output.
 2017-01-18 22:54:27 +01:00
iceman1001 ea7ce7fb68 CHG: removed duplicates entries 2017-01-18 20:22:15 +01:00
iceman1001 388d8618c7 CHG: moved definition and includes into header file 2017-01-18 20:19:42 +01:00
iceman1001 6df022667d CHG: spelling mistakes. ( 2017-01-18 20:19:08 +01:00
iceman1001 efbf81da52 FIX: 'hw tune' - peakf shouldn't be compare with voltages limits :) 2017-01-18 13:35:00 +01:00
iceman1001 bb52291837 CHG: 'hw tune' adhjusted the NON_VOLTAGE limit to 0.999v, below this value the antenna is considered not connected. 2017-01-18 13:18:03 +01:00
iceman1001 bf35008962 CHG: 'lf t55xx recoverpw" - added the possibility to cancel the command when pressing 'enter' key. 2017-01-18 11:27:17 +01:00
iceman1001 243f899b92 CHG: 'hw version' - change to "Proxmark3" 2017-01-17 22:59:14 +01:00
iceman1001 f56b1fae2d FIX: sprint_bin_break didn't print the last digit in array. 2017-01-17 22:58:16 +01:00
iceman1001 3e5b5bb2da ADD: 'lf t55xx detect' - added a search for known config blocks, if found it will select it. Usually when indala (psk) configured tags generates serveral possible configblocks. The found config block is set, not need to manually set it anymore. :) 2017-01-17 22:07:40 +01:00
iceman1001 9682ed9aaa CHG: increased the t55xx writeblock timeout 2017-01-16 22:39:33 +01:00
iceman1001 81b7e89434 CHG: lowered the number of bytes collected for T55xxReadBlock. Was 12000 -> 7679 
CHG: added some documentation about what arguments does.
CHG: 'data tune' - added flush after printf.
 2017-01-16 21:06:51 +01:00
iceman1001 aed36ae5bd ADD: 'install.sh' blacklist rules installed aswell. run as root to install. 2017-01-16 15:02:10 +01:00
iceman1001 d3fd5fd6d8 CHG: unused variables and remove of compiler warnings. 2017-01-16 15:00:40 +01:00
iceman1001 1cc80785e5 ADD: sprint_ascii function. 2017-01-16 14:47:24 +01:00
iceman1001 cf94c75b7e CHG: 'lf t55xx' the no-time limit waiting for the device to ACK when transfering data from device to client, is changed to 8 seconds. 
CHG: 'lf t55xx dump' - added ASCII printing of dumped data blocks.
 2017-01-16 14:46:42 +01:00
iceman1001 c621ae0614 CHG: 'data zerograph' - array out-of-bounds fixed. 
CHG: syntax sugar
 2017-01-16 14:44:37 +01:00
iceman1001 3acac886bc ADD: 'lf search' - added a rudimentary identification of IDTECK tags, will demod to PSK1, if fails it tries to PSK1 inverted demod. 2017-01-12 00:04:36 +01:00
iceman1001 ceb34a3c1b CHG: syntax sugar 2017-01-11 23:09:47 +01:00
iceman1001 197c8f3f42 CHG: syntax sugar, minor spelling mistake 2017-01-11 23:08:59 +01:00
iceman1001 719000b7f4 syntax suger 2017-01-11 23:02:38 +01:00
iceman1001 fbc2bace4a CHG: 'lf hid wiegand' - remaking the wiegand calcs 2017-01-11 23:02:07 +01:00
iceman1001 db289ea7d7 CHG: syntax suger 2017-01-11 23:01:15 +01:00
iceman1001 9a6bc2feb4 CHG: 'lf noralsy' Added tag allocation year in demod output. 
CHG: 'lf noralsy clone|sim' Added tag allocation year as input parameter
 2017-01-11 23:00:08 +01:00
iceman1001 3b875041dc FIX: 'hf 14a reader' - when card SAK was 0x00, it calls GetHF14AMfU_Type() to try to identify if it is a UL/NTAG etc. The bug is that it ignored the return value. 
when return_value == UL_ERROR,  it shall not print the mfu tagtype annotation.

---faulty behavior
proxmark3> hf 14a reader
 UID : 65 93 7f d1
ATQA : 00 04
 SAK : 00 [2]
Tag is not Ultralight | NTAG | MY-D  [ATQA: 00 04 SAK: 00]

TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
 2017-01-11 22:00:17 +01:00
iceman1001 042db564ba CHG: 'hf iclass replay' added help text. 
CHG: 'hf iclass snoop'  added help text.
CHG: 'hf iclass reader' added help text.
ADD: 'hf iclass reader' added the possibility to read only one tag instead of looping.
CHG: 'sprint_hex_ascii' function now replaces unprintable chars with '.',   added this call to printIclassDumpInfo
 2017-01-10 22:21:16 +01:00
iceman1001 76c74bf9ad CHG: 'hf iclass decrypt' - adjusted the loops, to only decrypt Application 1. However I've noticed not all blocks in Application 1 is encrypted. :/ Still needs to be adjusted. 
CHG: 'hf iclass reader'  - added some output accessrights from the CopyReader source code.

And ofcourse,  moved around stuff,  like the usages in cmdhficlass.c
 2017-01-10 18:23:05 +01:00
iceman1001 a0a61c91cc CHG: adding the HID wiegand calcs again. Still need to set the bit37 indicator etc. 2017-01-09 22:17:43 +01:00
iceman1001 dd83c4572b CHG: coverity complains about not reading the value from mifare_send_short 
CHG: ubuntu 14.04 gcc4.8.4 complains about mem_avail still. Don't know why.
 2017-01-09 22:15:36 +01:00
iceman1001 38a30dbf18 CHG: forgot to remove unused function. 2017-01-06 00:02:52 +01:00
iceman1001 e585a58ed1 CHG: looks bad but works. 2017-01-06 00:01:14 +01:00
iceman1001 08439eea22 CHG: textual changes. 
CHG: remove unused #includes  and added some comments
 2017-01-05 15:56:52 +01:00
iceman1001 87c10b2a0f CHG: some indala output is now only in debug mode 
CHG: added 34|37 bits AWID format.  I'm guessing 37bit is wrong since the parity is still there. Which it shouldn't
 2017-01-05 15:55:19 +01:00
iceman1001 29f649c5ce CHG: change the indala output abit, to only show when in debug mode. (ie: data setdebug 1) 2017-01-05 15:53:32 +01:00
iceman1001 c48211f7ed ADD: 'lf animal' commands. CLONE/SIM/READ/DEMOD of FXD-B animal tags. Still some work left. 2017-01-05 01:51:47 +01:00
iceman1001 f80cd7e687 syntax suger, some tabs fixed 2017-01-03 19:33:21 +01:00
iceman1001 ea1c1ca6f8 CHG: 'analyse hid' added @holiman 's permute functions to the output to verify 2017-01-03 19:32:24 +01:00
Iceman 0b63a0fe2a Merge pull request #63 from micolous/log-nonce 
nonce2key: printf->PrintAndLog
 2017-01-03 19:19:38 +01:00
iceman1001 deba67ab57 CHG: cleaning up stuff 2017-01-03 01:20:03 +01:00
iceman1001 34c3082338 CHG: added a key B wien, 2017-01-02 22:00:56 +01:00
Iceman 1772cf8bdd fixed warning about size_t 
CHG:  warning needs %lu string formatter
 2016-12-26 20:43:20 +01:00
Iceman ef31a8b453 fix a warning 
CHG: size_t is unsigned. switched to the correct string formatter
 2016-12-26 20:39:13 +01:00
Michael Farrell 59152dcb05 nonce2key: printf->PrintAndLog 2016-12-24 10:09:01 +10:00
Michael Farrell faad338efe Fix some missing include statements which impact using proxmark3 client as a library. 2016-12-23 17:35:50 +10:00
iceman1001 62d0bbf62f ADD: new found cloner pwd. 2016-12-20 09:25:02 +01:00
iceman1001 bb73c58d9a CHG: made some debugs statements more clear, when "LF SEARCH" is used with "DATA SETDEBUG 1" 2016-12-19 15:32:18 +01:00
iceman1001 8cdf15c2b3 CHG: 'lf awid brute' - extra check if device gotten offline 
CHG: 'lf t55x7 brute' - extra check if device gotten offline
CHG: 'lf nedap' - Nedap is supposed to be Diphase.
 2016-12-19 14:55:58 +01:00
iceman1001 92014925d6 CHG: 'LF VISA2000' adding askedgedetection when decoding allows for some traces to be correct demodulated. 2016-12-16 19:06:19 +01:00
iceman1001 3375daee9e CHG: 'LF VISA2000 CLONE' fixed the wrong blocknum index in output. Thanks @martin for pointing it out. 2016-12-16 12:50:44 +01:00
iceman1001 0a7e86db81 ADD: 'LF VISA2000' added one checksum test when demod / clone / sim 
CHG: 'LF NORALSY' when chksum fails, return 0,  to indicate for LF SEARCH that it failed.
 2016-12-16 12:47:49 +01:00
iceman1001 32da0a464e ADD: 'analyse chksum' added a nibble xor calc - calcSumNibbleXor 2016-12-16 12:05:38 +01:00
iceman1001 c08c796e8d CHG: enhanced the debug output for some LF demod/decode 2016-12-16 12:04:37 +01:00
iceman1001 22eece1e2d ADD: 'LF NORALSY' clone/sim/read commands. Partly done. some crc works, but whole format in not mapped yet. 
ADD: 'LF SEARCH'  added noralsy detection
 2016-12-15 18:04:30 +01:00
iceman1001 d48175d4f4 FIX: 'lf presco' demod fixes. 
ADD: 'lf search' now also looks for Presco.

I know that the helptext is wrong (d should be p)
 2016-12-15 00:01:31 +01:00
iceman1001 371535d566 ADD: forgot to add the files 2016-12-14 23:26:14 +01:00
iceman1001 9945a928c7 Syntax suger 2016-12-14 23:25:28 +01:00
iceman1001 eb911aa8d6 ADD: 'lf visa2000' commands. (SIM/CLONE/READ) almost finished. 
CHG: 'lf xxxxx'  reduced number of samples from 30000 -> 20000 in "lf xxxxxx read" commands.
CHG: 'data samples'  - didn't honor the silent parameter. It now output less for the 'lf xxxxxx read' commands.
 2016-12-14 23:23:16 +01:00
iceman1001 dc3a58466d CHG: 'lf search' changed output to be visible when debugging for IO prox 2016-12-13 12:27:40 +01:00
iceman1001 8b2a5d400a FIX: 'hf iclass dump' / 'hf iclass readtagfile' - the faulty output from these commands are now fixed. 2016-12-09 14:38:51 +01:00
iceman1001 c5af4b5d8c CHG: 'hf iclass dump' - output fixes 
CHG:  'hf iclass readtagfile' - output fixes
 2016-12-08 18:02:48 +01:00
iceman1001 541231b805 REM: removed a double entry. it seems 'hf mf check' doesnt uniq-sort this file. 2016-12-08 18:01:54 +01:00
iceman1001 b7f40ee2ad CHG: added a check if err variable is NIL. 2016-11-22 11:55:23 +01:00
iceman1001 d1e197e9ec FIX: the changes to uart.c timings seems to have fixed my problem with the pm3 device getting unresponsive. 
CHG: "script run hard"  now iterates all sectors on the tag and output the table style like "hf mf chkkey" do.
 2016-11-22 01:58:11 +01:00
iceman1001 e108a48ac4 ADD: added the 'hf mf hardnested' to be called within LUA scripts. 
ADD: 'script run hard' - a first try for a lua script to run the hardnested attack on a complete tag.
 2016-11-21 16:08:12 +01:00
iceman1001 711ae19fca CHG: Cleaning up 2016-11-18 11:31:52 +01:00
iceman1001 09bb01c73d ADD: "analyse hid" - new function that implements the 'heart of darkness' hid/iclass permute function. Its converted from the php-solution found in the paper to C. Ref: https://github.com/akw0088/HID-Card-Copy/blob/master/key-permutation/permute.php 2016-11-17 18:20:44 +01:00
iceman1001 fa5974bbf3 FIX: @matrix latest fixes 2016-11-16 22:31:09 +01:00
iceman1001 f07ffa7672 FIX: "hf mf hardnested" - removed the call to free_candidates_memory, on my ubuntu env it crashes all the time with it. 2016-11-16 19:19:06 +01:00
iceman1001 da8279796e FIX: that time.h issue is different on POSIX systems and WINDOWS system and in C... 2016-11-16 18:52:13 +01:00
iceman1001 a877bc2f01 FIX: wrong compile define used, __WIN32 should be _WIN32 2016-11-16 18:42:56 +01:00
iceman1001 7d159efe40 FIX: & 0xFF instead of uint8_t 2016-11-16 18:38:15 +01:00
iceman1001 1ca5dce0f4 FIX: removed some warnings about time_t in non-windows systems. This appeared since I fiddled in proxmark.h 2016-11-16 18:36:21 +01:00
iceman1001 3105b814c9 CHG: added the ping command to the header file. 2016-11-16 18:17:01 +01:00
iceman1001 06d09c98eb CHG: "hf mf hardnested" - fixes and additions. 
- freeing candidate lists after generate_candidates calls.
  - longer timeout when waiting for responses (it takes a while to collect 58 nonces per call) From 3sec to 6sec
  - if best_first_byte[0] (best guess) has been the same for 3 nonces calls in a row, it enters the generate_candidates test.
  - when total_added_nonces increases but does not enter generate_candidates tests,  it now increases the threshold_index variable. Make the output look better

Known bugs still.
   - TestIfKeyExists sometimes crashes the client,  still after the null check.
   - proxmark3 device doesn't answer calls after entering brute_force call and fails finding a key,  where it should start collecting nonces again. This bug doesn't make sense.
 2016-11-16 18:16:14 +01:00
iceman1001 2618e313bf CHG: textual change 2016-11-16 17:45:12 +01:00
iceman1001 4d812c139b CHG: "hf mf hardnested" 
- latest clean up from @matrix
 - the device still doesnt answer when brute_force call fails. I've been trying to get the device to init after the brute_force call.
 2016-11-15 12:49:13 +01:00
iceman1001 97f86b7a61 chg: removed a useless clearing of key_count. From @matrix 090682764b 2016-11-15 12:13:15 +01:00
iceman1001 71ac327ba8 FIX: 'hf mf hardnested' @matrix e0828439bf 2016-11-08 13:27:50 +01:00
iceman1001 360caababf FIX: decrease 2^39 -> 2^38. its a big searchspace anyway. 
FIX: changed output and rearranged collecting nonces logic.

Still problems with "hard" keys,  the device stops responding after a "bruteforce" / "generate_candidates" call.. Very strange. shouldnt'
 2016-11-07 22:41:18 +01:00
iceman1001 87a513aa1d FIX: "hf mf hardnested" when "key found" exting the do-while loop doesn't need to wait for device to respond. 2016-11-07 11:54:32 +01:00
iceman1001 8e4a0b3585 FIX: "hf mf hardnested" merging of @matrix commit bd8249afec 2016-11-07 11:11:14 +01:00
iceman1001 7fd676db11 FIX: @matrix 869a03c2c6 
it still counts down the good bytes,
and I fixed the elapsed time.
 2016-11-05 14:54:25 +01:00
iceman1001 713f5d019c CHG: still issues left. 2016-10-29 23:58:59 +02:00
iceman1001 5e14319d2c FIX: several calls to nonce2key/nonce2key_ex has problems with not clearing up memory pointers laying around. 
Still exists problem which needs to be dealt with.
 2016-10-29 22:12:38 +02:00
iceman1001 60c33f7aa8 CHG: minor textual change to fit the minimum two calls nature for the zero parity attack 2016-10-29 21:45:36 +02:00
iceman1001 b403c30091 FIX: the time_t calls under mingw needs a #define _USE_32BIT_TIME_T 1 to be correct. It seems to work in "hf mf mifare" but not in "hf mf hardnested" 2016-10-29 21:42:46 +02:00
iceman1001 19693bdc06 FIX: 'hf mf mifare' - special zero parity attack vector now works. Thanks to the dude who figured this vector out: @douniwan5788 (sorry for comments, I was clearly wrong.) @piwi - for proving me wrong. 
this version uses int64_t  (signed)  to signify end-of-lists (-1). It also needs its own compare function for the qsort.  I didn't merge this into existing code which uses uint64_t. (too lazy)
 2016-10-29 21:41:02 +02:00
Gabriele Gristina e7f43e92e9 Merge remote-tracking branch 'upstream/master' 2016-10-29 15:19:55 +02:00
iceman1001 c3c12b5571 CHG: clean up 2016-10-28 16:37:26 +02:00
iceman1001 ba39db376c CHG: just some parameter / variable name changes. Nuttin' special. 2016-10-28 16:37:01 +02:00
Michael Farrell 32beef538e hf {14a,mf} sim: v is for verbose 2016-10-27 23:37:00 +11:00
Michael Farrell dfdbfa0702 hf mf sim: Be less verbose by default, add option "m" to turn maths back on (Issue #45) 2016-10-27 23:37:00 +11:00
Gabriele Gristina 236e8f7cc6 fixup code 2016-10-26 01:14:56 +02:00
iceman1001 9f02f471db FIX: too small string? 2016-10-23 00:58:40 +02:00
iceman1001 be26ef45b4 FIX: valgrind complains about something here... 2016-10-23 00:50:23 +02:00
iceman1001 520d06e856 CHG: init the char array. 2016-10-23 00:38:09 +02:00
Michael Farrell b6e05350b2 hf mf sim: Multiple fixes (iceman1001/proxmark3 #45) 
- Fix `hf mf sim` to use nonce_t structures, so key recovery works
- Increases verbosity on the key recovery functionality
- Fix use-after-free for k_sector
- Add help info on `e` option to `hf mf sim`
 2016-10-22 21:53:53 +11:00
Michael Farrell 53f7c75a38 hf 14a: Fix typos in manufacturer list 2016-10-22 14:24:17 +11:00
iceman1001 2dcf60f3df CHG: "hf mf hardnested" - less printing 
CHG: some filehandles = NULL.
 2016-10-21 16:06:53 +02:00
Gabriele Gristina bbcd41a6e5 Speedup Mifare Plus Attack v2.2 (cleanup code) 2016-10-21 01:06:57 +02:00
Gabriele Gristina 0325c12f35 Speedup Mifare Plus Attack v2.1 (stable) 2016-10-21 00:43:43 +02:00
Gabriele Gristina 64c87a8c5f Merge remote-tracking branch 'upstream/master' 2016-10-20 20:00:06 +02:00
iceman1001 36d87eeff0 FIX: client crash for global id, and removing my previous fix. 2016-10-20 17:31:23 +02:00
iceman1001 ed28bbe5ae CHG: some debug statements instead, 'H' for helptext. 2016-10-20 01:51:27 +02:00
iceman1001 3c6354e99a FIX: strange bug in "lf em em410xwatch" , which the client crasches when it reads a valid em tag. 2016-10-20 01:50:30 +02:00
iceman1001 d115f9a454 CHG: making printed statement a debug statement. 2016-10-20 01:16:32 +02:00
iceman1001 015e3b8170 syntax suger. never mind this 2016-10-20 00:41:34 +02:00
iceman1001 bd46dec63b CHG: found even more keys 2016-10-19 21:27:34 +02:00
iceman1001 100fe0a5ee textual suger 2016-10-19 21:26:56 +02:00
Gabriele Gristina 383a1fb368 Speedup Mifare Plus Attack v2 2016-10-19 00:13:53 +02:00
iceman1001 88f503735c FIX: @aczid's fix 957702be9c 
from original @matrix 057d2e9147
 2016-10-18 18:45:29 +02:00
Gabriele Gristina 057d2e9147 Speedup Mifare Plus Attack v1 2016-10-18 01:21:56 +02:00
iceman1001 62254ea5a7 FIX: Since some changes in "hf mf chk" usbcommand package, this script has not been working. It now calls and gets the results back from the device. 
CHG: changed the output listing to look like the other key-tables.
 2016-10-17 17:20:33 +02:00
iceman1001 4ce2037b2a ADD: found some more keys on the web 2016-10-17 13:16:27 +02:00
iceman1001 da1f16d6ef CHG: increased debug output for Em410x 2016-10-16 21:50:41 +02:00
iceman1001 2a1a6aa382 FIX: "hf legic write" - removed a warning message and made the overwrite question working. 2016-10-14 16:39:38 +02:00
iceman1001 1f247f6ac6 ADD: "hf legic wipe" - it autodetects tagtype and fills all bytes from offset 7 to end with zeros. 
Fills a legic tag memory with zeros. From byte7 and to the end.
 Usage:  hf legic wipe [h]
Options:
      h             : this help

Samples:
      hf legic wipe
 2016-10-14 15:23:20 +02:00
iceman1001 25cb718daf FIX: this should remove a warning. 2016-10-10 21:55:18 +02:00
iceman1001 4697964f6a CHG: "script run emlu2dump" now can read old legic hex-ascii dumps. (with spaces) and convert to a binary file 
CHG: "script run emlu2html" now can read old legic hex-ascii dumps. (with spaces) and convert to a generic html file

These changes makes it easier to for old legic dumps to be used with the new "legic dump/restore/eload/esave" commands
 2016-10-10 10:59:16 +02:00
iceman1001 f9eeab99a4 chg: textual changes. 2016-10-09 16:04:31 +02:00
iceman1001 564c9ae2b6 FIX: increased time-out to match 2.7sec it takes to write 256bytes. 2016-10-09 15:49:59 +02:00
iceman1001 539fd59ebe CHG: "hf legic write" - now writes on the limits better. 
CHG: "hf legic restore" - now restors :)
CHG: "hf legic rdmem" - now has a nice offset row above the read data.  try:  'hf legic rdmem 0 100'
 2016-10-09 15:41:31 +02:00
iceman1001 367996567b CHG: "hf legic restore" - added a filesize and cardsize check 2016-10-08 19:25:23 +02:00
iceman1001 cd79d97223 CHG: syntax suger 2016-10-08 19:14:35 +02:00
iceman1001 f9b5377fd0 CHG: reordered the "hf search" internal checks. The iclass check takes 4.5sec to time-out...Incredible slow to identify. 2016-10-08 19:14:09 +02:00
iceman1001 5b9fb6f454 REM: "hf legic load" has been removed. It doesnt have a purpose anymore. 
REM: "hf legic save"  has been removed. It doesnt have a purpose anymore.

CHG: "hf legic restore" started with the logic for the restore. Some compares and write to tag left.
 2016-10-08 19:10:46 +02:00
iceman1001 59fc313d99 CHG: help text 2016-10-07 20:49:26 +02:00
iceman1001 c2ab5e8c4e FIX: "hf list legic" annotation now correct prints byte and value for "legic write" command 2016-10-07 20:23:57 +02:00
iceman1001 b816886806 FIX: one send command bug fixed. Turns out that uint16_t is too small for 21/23bits size. Who figured? 2016-10-07 19:11:38 +02:00
iceman1001 f0fa663814 CHG: "hf legic write" got a make over in how its called. Now called with 'offset' and 'data' 
'hf legic write o 10 d 11223344'  -  this will write 4 bytes (0x11,0x22,0x33,0x44) to tag from offset 10 (0x0A)
 2016-10-07 11:58:14 +02:00
iceman1001 ac42d5be85 chg: syntax suger 2016-10-07 00:18:02 +02:00
iceman1001 1bf1db845f CHG: syntax suger 2016-10-07 00:17:18 +02:00
iceman1001 f6e01a3493 Renamed the calccrc8 functions and command. 2016-10-07 00:14:02 +02:00
iceman1001 5a08545794 ADD: added a compiling flag -DHAS_512_FLASH i common/Makefile.common, to be used for PM3 devices with 512KB. Original commit from @hewitt 2016-10-07 00:12:09 +02:00
iceman1001 77e1bab94a REM: "hf legic writeraw" has been removed. 
FIX: "hf legic eload" uploads now correct to device mem.
 2016-10-06 19:34:53 +02:00
iceman1001 0e8cabed8d ADD: "hf legic eload" - Load binary file to emulator memory. Use "h" for help text 
ADD:  "hf legic esave" - Save emulator memory to binary file. Use "h" for help text
 2016-10-06 19:13:23 +02:00
iceman1001 9015ae0f5d CHG: "hf legic dump" now automatically detects tagtype and dumps accordingly. 
CHG:  still #define codestyle  should it be with or without semicolons?
 2016-10-05 22:58:06 +02:00
iceman1001 00271f774a FIX: undeclared var on deviceside, 
FIX:  "hf legic dump" is almost there.
 2016-10-05 22:07:32 +02:00
iceman1001 633d068682 CHG: command name changes.. 
old "hf legic info" is now "hf legic reader"
old "hf legic read" is now "hf legic rdmem"
old "hf legic decode" is now "hf legic info"

ADD:  new command "hf legic dump",  which will autodetect tagtype and dump all mem to a binary file.
 2016-10-05 21:42:13 +02:00
iceman f8f62cebc6 CHG: execution mode 2016-10-05 17:57:01 +02:00
iceman 77e72e8b1b CHG: execution mode 2016-10-05 17:56:44 +02:00
iceman1001 c15e07f11d CHG: making timings a bit tighter == faster read of tag. Like 1ms for whole tag. 
FIX:  off-by-one bug in read-byte-loop.
 2016-10-04 23:08:39 +02:00
iceman1001 e1a0ed65ff FIX: forgot a LEN in print message. 2016-10-04 21:42:56 +02:00
iceman1001 1daa1226fd CHG: reading a complete MIM1024 takes about 2.8sec. This timeout is changed to 3sec now. 2016-10-04 21:41:21 +02:00
iceman1001 7a8db2f678 CHG: "hf legic read" - increased timeout values client side, reading MIM1024 takes a bit of time 2016-10-04 21:26:19 +02:00
iceman1001 86087eba00 Textual changes in helptext. Still no clear. 2016-10-04 18:43:11 +02:00
iceman1001 7bc3c99e7e CHG: "hf legic write" started to change this command to the updated code 2016-10-04 18:05:55 +02:00
iceman1001 77a689dbeb CHG: revert legiccrc8 to old algo. 
CHG: "hf legic decode" now loads EML memory
CHG: legic timings is better.
 2016-10-04 00:07:07 +02:00
iceman1001 0b0b182fe2 CHG: changed to use BigBuff_Eml memory instead of big_buff_malloc. 
CHG: downloading eml memory from device should use uint's
CHG: "hf legic read" has a different printing. It now prints 32bytes / row
 2016-10-03 23:24:59 +02:00
iceman1001 5660920679 FIX: the "hf list legic" on MIM1024 wrapped around readingbyte 255 due to a too small varible size. Causing the upperbits to drop silently 2016-10-02 12:29:18 +02:00
iceman1001 61f97ca7ad CHG: annotation now only print relevant help text given selected protocoll. 2016-09-29 21:37:19 +02:00
iceman1001 c649c43389 CHG: finally, the ticks timer does what it is supposed to do. 32bits and working. 2016-09-29 21:36:43 +02:00
iceman1001 fabef615ec CHG: added addresize to legic select struct. 
CHG: TIMER, it turns out the TC0, TC1 and TC2 is only 16bit.  So adjust to use two clocks to get a 32bit timer.
CHG: code clean up in legic device side.  consistency with variable names..
 2016-09-29 17:43:39 +02:00
iceman1001 ce1cccd697 UPD: got the latest updates (@badboy) from @zhovner mfdread. 2016-09-29 14:18:21 +02:00
iceman1001 f2ba788536 ADD: @zhovner 's mfd file parser https://github.com/zhovner/mfdread Looks really nice the parsed fileoutput. 2016-09-29 12:23:35 +02:00
iceman1001 a39944216d CHG: a select_legic function with structs and stuff and 2016-09-29 12:23:09 +02:00
iceman1001 d7e24e7c5f CHG: 'hf list legic' doesn't print the parity now. 
CHG: 'hf legic read' the device side timings is starting to look much better. HUGE Thanks to @will-rbnt for endless checks and logic analyser feedback. Without his effort this would not work. What does work? We can now use ANY IV in legic. The PM3 Master version is flawed, will only work with IV=0x55.

---still broke--- my crc implementation.. I know I'm about to look into it.
 2016-09-28 21:37:08 +02:00
iceman1001 323e05cc20 CHG: added the verbose flag, to make the output in "hf search" lesser. 2016-09-26 21:39:04 +02:00
iceman1001 3c6542087e CHG: @ikarus23 removed all missleadning warnings for GCC6.1.1. 2016-09-26 21:38:19 +02:00
iceman1001 3e750be37c ADD: started to add a legic detection to "HF SEARCH" 2016-09-26 20:01:23 +02:00
iceman1001 f1f7430ae0 CHG: removed the ubuntu build variable which is no needed anymore to build on ubunutu. 
CHG: Some warnings in cmdhflegic.c is solved.
 2016-09-26 17:19:35 +02:00
iceman1001 7c91c8bf24 CHG: and now that I do actually check on bitlenght, I can get a better annotation yet again. Looking at it raises a question, acknowledge is 0x19 or 0x39, they just don't match up with tagtype identification of 0x0D, 0x1D, 0x39. I'll need to look at a 1024 tags response in a trace with a valid reader. 2016-09-26 12:58:11 +02:00
iceman1001 faabfafe30 CHG: using bitsend to determind the legic annotation in "hf list legic" makes false positives much less. 2016-09-26 12:26:37 +02:00
iceman1001 1c59e80aba CHG: fix a "indent" warning. 2016-09-26 11:01:33 +02:00
iceman1001 7d0efb37d8 CHG: the "indent" software warns about some assingments. I've tried to fix them. 2016-09-26 10:37:00 +02:00
iceman1001 f885043422 FIX: "hf 14a read" / "hf mf *" / "hf mfdes info" and failure when calling these commands serveral times in row. 
For long transactions the sspclock compare with >1 instead of >=1 ..   Now the timer resets properly.
CHG: use some #define constants for iso-commands.
 2016-09-23 21:28:07 +02:00
iceman1001 22f4dca88c CHG: extracted some timers functionality, to get unified access to a timer/clock which counts in ticks. Moved stuff from util.c 2016-09-21 19:03:32 +02:00
iceman1001 4490a47690 ADD: some new mifare key found, 2016-09-20 23:20:27 +02:00
iceman1001 87342aadbc CHG: adjusted timing according to @sentinel 's traces 2016-09-14 16:18:04 +02:00
iceman1001 111c6934d4 CHG: Small steps, the waiting time between frames was unclear. At least now the tags answers to a readbyte command after the setup phase. 2016-09-12 09:19:49 +02:00
iceman1001 76471e5d17 CHG: reverted back from the idea of measureing in (us) microseconds, the timer is too raw, gives 10-15us delays. Now we are measuring ticks, which is (1 us = 1.5ticks) 
like it was before.   ie:  80us = 80*1.5 = 120ticks.
 2016-09-11 11:14:12 +02:00
iceman1001 f72669f366 ADD: since the client now calls legic prng, this is needed here too. 
CHG:  the OS X  QT4 vs QT5 detection.  NOT fixed yet.
 2016-09-09 11:58:53 +02:00
iceman1001 ad5bc8cc8c In my attempts to make the LEGIC code better, its not working now. Timings if off. 
CHG: switching to US clock.
CHG: better trace annotation for legic
CHG: Legic prng can now give a x bits in once.
 2016-09-09 11:56:20 +02:00
iceman1001 1b12afbd9f CHG: better annotation for 'legic' 2016-09-07 12:36:46 +02:00
iceman1001 e619ddc071 FIX: Better legic annotation, show which byte was targeted during read and write commands. 2016-09-03 12:20:12 +02:00
iceman1001 b98827ffc3 FIX: IV now is trunckated to 7bits in 'hf legic read,write, writeraw' 
FIX: IV LSB bit is always set, in 'hf legic read,write, writeraw'
 2016-09-03 12:19:05 +02:00
iceman1001 c71c5ee156 ADD: started to add tracelog in legic 
ADD: remake of legic codebase.
ADD: started with a annotation for LEGIC in 'hf list'
 2016-09-02 16:25:54 +02:00
iceman1001 5b4664e79f CHG: Adding clarity to the command helptext. 2016-09-01 20:36:42 +02:00
iceman1001 d801514d88 CHG: Supressing output for LF or HF antenna values if zero, in 'hw tune' command 2016-09-01 20:36:10 +02:00
iceman1001 22635d611e FIX: Only need to print a uint32_t, 2016-09-01 16:10:25 +02:00
iceman1001 56d0fb8e4d FIX: bug in nextwatch demod, which if the found psk bits was smaller than the preamble the client crashed. 
REM: removed some debugstatements
 2016-09-01 16:09:31 +02:00
iceman1001 3fc01243b0 CHG: A repaint the plot window should be done to make sure its visual. 2016-08-31 19:24:18 +02:00
iceman1001 4c543dbd3f ADD: added a simple averging filter function. input parameter K, can be 1 to 8 
ref: http://www.edn.com/design/systems-design/4320010/A-simple-software-lowpass-filter-suits-embedded-system-applications
 2016-08-29 20:29:31 +02:00
iceman1001 7aa24806f4 FIX: the check for formatlen was wrong. 
Still missing the other formats,  only 26bit in this one.
 2016-08-26 22:31:45 +02:00
iceman1001 ffa306de61 CHG: starting to add the legic changes.. *work in progress* 2016-08-26 17:19:27 +02:00
iceman1001 89603cbddc FIX: minor adjustments to 'lf awid bruteforce' 
FIX: making the 'lf hid bruteforce' to work the same way as the awid one..
 2016-08-26 17:18:48 +02:00
iceman1001 f121b478a1 FIX: 'lf awid bruteforce' cleaning up all debug messages 2016-08-26 16:35:30 +02:00
iceman1001 ba1324a5fe some text changes. 2016-08-24 14:58:50 +02:00
iceman1001 760157f50b CHG: added a verification to see if the found candidate key was able to validate against tag. If not ok, start darkside attack again. 2016-08-24 14:10:30 +02:00
iceman1001 02d5a58388 CHG: Changed the number of times the call to prng_successor is called. 2016-08-24 12:32:05 +02:00
iceman1001 39d43ccc21 CHG: syntax suger. 2016-08-24 12:31:09 +02:00
iceman1001 2c9e30908c CHG: updated Reveng version from 1.4.0 -> 1.4.4 . 
---snippet from their update log:

1.4.4 27 July 2016

    Added 5 new algorithms, CRC-8/AUTOSAR, CRC-8/OPENSAFETY, CRC-16/OPENSAFETY-A, CRC-16/OPENSAFETY-B and CRC-32/AUTOSAR from the CRC Catalogue.
    Added a build option to verify the order of the preset and alias tables at compile time.

1.4.3 14 July 2016

    Added algorithm CRC-16/CMS from the CRC Catalogue.

1.4.2 8 July 2016

    Added algorithm CRC-16/PROFIBUS from the CRC Catalogue.

1.4.1a 29 June 2016

    Fixed a regression that caused the Windows release to crash on older systems.

1.4.1 27 June 2016

    -P sets the Width value just like -k.
    pcmp() quickly returns when the comparands are identical.
    Added resources for the Windows executable.
 2016-08-21 20:51:29 +02:00
iceman1001 bc908d8f9d ADD: Mifare Desfire defines 2016-08-14 17:38:54 +02:00
iceman1001 af17926620 chg; syntax suger 2016-08-14 17:38:11 +02:00
iceman1001 f2abf6732b help text adjustments 2016-08-14 17:11:42 +02:00
iceman1001 ab74872d40 ADD: added a sanity check in T55x7 commands info/trace/detect against useing the commands when device is in offline but user didn't use '1' in arguments. 2016-08-14 17:04:40 +02:00
iceman1001 7e08450dcc add: annotage Mifare Desfire. from 3102c1bae3 (diff-93cfa90a992ea759349344d0de98029e) 
Thanks @johannesStoye
 2016-08-14 16:29:39 +02:00
iceman1001 2b6ffe75a8 chg: remove a char.. 2016-08-10 16:29:23 +02:00
iceman1001 4ab54914e3 CHG: more struct errors.. my bad, 2016-08-10 16:28:23 +02:00
iceman1001 31cf804877 CHG: removed some debug statements, added another. Change the crapto1.c, lets see if the special attack works better now against chinese clones. 2016-08-10 16:25:56 +02:00
iceman1001 823ad2e186 CHG: minor code cleaning in 'hf 14a reader' 2016-08-10 16:24:49 +02:00
iceman1001 56f1aaa234 CHG: on a slow usb connection it seems the pingcmd which stops the bruteforce on deviceside doesnt get there. Lets send three pings to make sure the device gets it. 2016-08-10 16:23:59 +02:00
iceman1001 6067df30c5 FIX: at least now the special zero parity attack, repeats and doesn't crash. However it doesn't find the key either :( 2016-08-10 10:55:29 +02:00
iceman1001 86db8973b0 CHG; still looking at 14b, this time started to look at the tracelog times not working. 2016-08-09 23:13:18 +02:00
iceman1001 59e933fc3f started fixing the paritiy == 0 special attack against chinese clones with bad prng, which hasnt been working for ages. 2016-08-09 23:11:07 +02:00
iceman1001 05442fa6f7 fix: wrong spelling 2016-08-09 12:15:26 +02:00