RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-03-10 15:07:30 +08:00
Code Issues Projects Releases Packages Wiki Activity
1350 commits 3 branches 15 tags 87 MiB
Commit graph

1350 commits

This branch
This branch
All branches
Author SHA1 Message Date
iceman1001
9cdd47c292 chg: @marshmellows changes to "hf 14a reader" 
add: the experimental "hf 14a sim x" attack impl.
chg: sorry, but I never liked that sniffing was called snooping in this command. So I changed it to "sniff".
 2015-05-16 15:30:17 +02:00
iceman1001
833081e3e7 add: @marshmellow changes, 
chg: remade the authentication for ULC..
 2015-05-16 15:27:53 +02:00
iceman1001
224e8c1a4d ADD: @marshmellows fixes 2015-05-13 20:16:18 +02:00
iceman1001
7a5d49b5b4 @marshmellow42 ideas 
FIX: removed some unneeded calls to ul_switch_off_field.
FIX: once again the OTP is printed nevertheless if its a NDEF CC
 2015-05-13 15:48:32 +02:00
iceman1001
664bb5ae72 BUGS: more Coverity scan fixes. 2015-05-13 14:08:59 +02:00
iceman1001
2696349f16 BUGS: Coverty Scan, fixes some memory bugs 2015-05-13 13:23:53 +02:00
iceman1001
a198737b44 minor code clean up 2015-05-13 09:18:37 +02:00
iceman1001
046fd76608 a minor clean up when printing the key 2015-05-13 09:15:53 +02:00
iceman1001
8949bb5dad Added @marshmellow42 "hf search" 2015-05-13 09:13:42 +02:00
iceman1001
63146229bd ADD: preparation for @marshmellow42 "hf search" 
FIX: the "hf list" had not correct spaces between the lines, in my version. Fix now.
 2015-05-13 09:10:47 +02:00
iceman1001
c92cf81495 minor textual changes 2015-05-13 09:07:47 +02:00
iceman1001
2c39c25c67 Minor clean ups 2015-05-13 09:06:47 +02:00
iceman1001
70ee301e0d another key.. 2015-05-13 09:05:21 +02:00
iceman1001
e9a85114c5 ADD: Print the key for ULEV1/NTAG authentication if sent in cmdhf.c "HF LIST 14A" 2015-05-12 20:27:45 +02:00
iceman1001
3fd842ed98 ADD: found a BCARD KeyB on the net. ref: http://irq5.io/2013/04/13/decoding-bcard-conference-badges/ 2015-05-12 19:50:47 +02:00
iceman1001
b6901e17c8 FIX: increased the limit to 0xE6 for MIFARE_ULEV1_FASTREAD 
ADD: @marshmellows inital "hf search" command...
 2015-05-12 18:57:47 +02:00
iceman1001
98cdd56862 ADD: added option to call "hf mfu info" with a authentication key. 
ADD: added a help text for "hf mfu info"   usage_hf_mfu_info
ADD: added @marshmellows changes & fixes.
 2015-05-12 18:55:34 +02:00
iceman1001
fce738fc90 CHG: minor textual changes, consistency... 2015-05-11 20:38:13 +02:00
iceman1001
f288cb607f ADD: added a List parameter to tnp3clone.lua script. 2015-05-11 19:38:53 +02:00
iceman1001
0ad970fb02 ADD: another default key: VIGIK1 2015-05-11 19:37:44 +02:00
iceman1001
ebd7412d7d BUG: Read the wrong page(2) as Capability container, should be 3. 
BUG:  NTAG 215 identification was wrong (!=)  should been (==)
 2015-05-11 15:54:02 +02:00
iceman1001
802319a37e ADD: added the new magic detection, where we send a partial ISO14443A_CMD_WRITEBLOCK (0xA0) command to page 0. if the tag answer 0xA ACK (its magic) or if it answers 0x00 NACK its not. 
The normal behavior for a tag is to send NACK.
 2015-05-06 23:50:31 +02:00
iceman1001
334cc089c9 CHG: clearing a char array before using. 2015-05-06 22:41:40 +02:00
iceman1001
aebe77905b CHG: extracted the UL_C & UL magic tests. 
ADD: a raw write command also there.
CHG: "hf mfu info" got some more love,  looks better too.
      UL_EV1 / NTAG,  only try known passwords if AUTHLIM is set to 0.
 2015-05-06 22:40:46 +02:00
iceman1001
74c7ff4770 CHG: @marshmellows changes to anntations. 2015-05-06 14:20:24 +02:00
iceman1001
2b03dea768 ADD: UL-EV1 signature printing. 
CHG: @marshmellows changes.
 2015-05-06 14:19:23 +02:00
iceman1001
69a2953679 FIX: nasty bug when memcpy structs.. 
ADD: @piwi's  topaz commands
 2015-05-06 09:30:48 +02:00
iceman1001
a903be4361 CHG: "HF MFU INFO" extracted more printstatements 2015-05-05 23:26:05 +02:00
iceman1001
b9a3c8642e ADD: "HF MFU INFO" Reading and printing of UL-EV1 configuration pages. 2015-05-05 23:14:55 +02:00
iceman1001
8297860e25 CHG: making sure no buffer overflows will occure in ul_send_cmd_raw by adding responseLength parameter to all calls. 
CHG: added UL-C configurations details to be printed
 2015-05-05 22:15:02 +02:00
iceman1001
996fda30ee BUG: missing %s in printing version tagtype. Thanks @Marshmellow! 
BUG: buffer overflow when reading the Capability Container.   Thanks @Marshmellow!
 2015-05-05 13:25:54 +02:00
iceman1001
7d010c4991 chg: minor spelling change from MIFARE_ULEV1_VERS -> MIFARE_ULEV1_VERSION 2015-05-05 00:37:13 +02:00
iceman1001
cd07302754 CHG: reverted a method declaration. 2015-05-05 00:35:56 +02:00
iceman1001
74daee24b8 CHG: for the 2k3des changes 2015-05-05 00:34:20 +02:00
iceman1001
8d53ea1403 CHG: added 2k3des to ULC READCARD. 2015-05-05 00:33:07 +02:00
iceman1001
09c2a802a1 ADD: @holimans changes. 2015-05-05 00:31:02 +02:00
iceman1001
f07e76c687 CHG: minor spelling 2015-05-05 00:27:34 +02:00
iceman1001
e1c88b0965 ADD: @marshmellows changes 2015-05-05 00:26:17 +02:00
iceman1001
2c74558d71 CHG: enhanced the "hf mfu info" a lot. It can detect UL/UL-C/UL-EV1/NTAG213/NTAG215/NTAG216 
and at present it can detect if a UL-C tag is magic (uid changeable)

FOR UL it writes the first configuration pages 0-3.
For UL_C  it tests some default 3des keys,  and lock / confg bytes at pages 42-43,44-47
For UL_EV1  / NTAG  it collects the GETVERSION command and tries to read 3 counters.,  it also tries one default password of 0xFF,0xFF,0xFF,0xFF  for the EV1 /NTAG  authentication 0x1B.

FOR UL_C_MAGIC,  it tries to see if the gatherd nonces for authentication 0x1A is the same, which indicates on my tags that they are magic.

There is the @marshmellow changes to "hf mfu dump" command.

This commit needs testing, and is to be considered experimental.
 2015-05-05 00:25:10 +02:00
iceman1001
1c1c5f4cae CHG: "hf mfu crdbl" help text, got at correct length 3des key. 
CHG: Added @marshmellows fixes for "hf mfu info"
CHG: moved some debug printandlog statements around.
 2015-05-01 15:33:54 +02:00
iceman1001
062b7cb956 FIX: the HF MFU CREAD command on deviceside now can do a proper ATUTHENTICATION request with 2KEY3DES. 2015-05-01 15:29:19 +02:00
iceman1001
1ec21089b2 CHG: the work in progress of making "HF MFU INFO" / "HF MFU DUMP" goes on. 
ook @marshmellows changes and remade them a bit. TagTypeUL_t behaves like a flag-enum.
     "HF MFU DUMP" now autodetects tagtype, and the deviceside should report back proper length.
 2015-04-30 10:15:52 +02:00
iceman1001
a8be77afd1 CHG: re-factored the "HF MFU CAUTH" command to be simpler. 
ADD:  "HF MFU INFO",  added detection of MAGIC UL-C tags and a simple loop test 5 default 3des keys.
 2015-04-29 20:24:37 +02:00
iceman1001
c8ba098a9b REM: Removed the CSETUID stub. Its implemented on the client side instead. 2015-04-28 23:34:16 +02:00
iceman1001
5e336f53d9 REM: Removed the GetVendorStr, and used the getTagInfo() instead. 2015-04-28 23:32:45 +02:00
iceman1001
5d554ea67f ADD: HF MFU SETUID, this commands helps changing the UID on a magic UL, UL-C tag. 
It reads block2,  since only one byte is going to change. Then it proceds to write block 0,1,2 with recalc BCC1, BCC2 bytes.

CHG:  HF MFU INFO, got some love in the form of detection of UL/UL-C/UL-EV1.  Took same idea from HF 14A READER.
 2015-04-28 23:31:22 +02:00
iceman1001
68bf87e0c5 CHG: added some sanity checks for the Ultralight-EV1 annotations, to make less false positives in the tracelog 2015-04-28 20:59:20 +02:00
iceman1001
466bc4599c CHG: fixed a better detection for Ultralight, Ultralight-C, Ultralight-EV1 tags. 
--see https://github.com/Proxmark/proxmark3/issues/96
      -- still todo,  finding a good way of detecting Magic Ultralight-C tags.
      -- thanks @marshmellow for pointing out proper UL-C tags responses is different.
 2015-04-28 20:58:18 +02:00
iceman1001
76984409b9 FIX: forgot an argument. 2015-04-26 18:06:36 +02:00
iceman1001
fab0b37968 CHG: removed linebreak in string. 2015-04-26 18:05:45 +02:00