RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-02-13 02:34:48 +08:00
Code Issues Projects Releases Packages Wiki Activity
6627 commits 3 branches 15 tags 87 MiB
Commit graph

170 commits

Author SHA1 Message Date
iceman1001
033bc12933 chg: 'hf mf fchk' - adapttions to depth first exits 2017-12-11 22:33:50 +01:00
iceman1001
dd024b5300 chg: 'hf mf fchk' - depth first search 2017-12-11 21:43:29 +01:00
iceman1001
da57e74140 CHG: 'hf mf fchk' - two strategys. depth first for sector 1, AB. and width first with all sectors. 
first run strategy 1. then 2.
 2017-12-11 01:44:55 +01:00
iceman1001
26353cfd78 chg: 'hf mf fchk' - testing new strategy, Depth first for sector0. 2017-12-10 23:59:19 +01:00
iceman1001
bf2b2afeeb cleaning up. 
chg:  swapped random gen for mifare classic auth to known weak prng.
 2017-12-10 23:09:53 +01:00
iceman1001
cb92ed9ec0 fix 2017-12-10 20:09:16 +01:00
iceman1001
0e96c72476 fix: wupe timing (@pwpiwi) 7c7327e7c8 2017-12-10 20:02:51 +01:00
iceman1001
dfdf4e701f chg: testing to reinstate the auth-timeout 2017-12-10 11:18:44 +01:00
iceman1001
19fe01128c chg: 'hf mf chk' - reinstate the debuglevel 2017-12-10 11:11:23 +01:00
iceman1001
0e9f234f11 CHG: lessend the default debug level to MF_DBG_ERROR. 2017-12-09 08:27:56 +01:00
iceman1001
05991cdffb sloppy 2017-10-30 15:12:03 +01:00
iceman1001
deeb56f09c fix: 'hf mf hardnested' : without sending dummy answer, the can't select tag comes.. 2017-10-30 15:02:44 +01:00
iceman1001
6e46822c4c CHG: mcIdent now turn on/off readerfield. 2017-10-30 12:05:14 +01:00
iceman1001
71a500d824 CHG: 'hf mf fchk' - no need to send dummy coomand to trigger timeout. 
CHG: 'hf mf fchk' - added some debugstatements.  These will become optional later.
CHG: 'hf mf fchk' - lower re-try from 10 to 5
 2017-10-12 15:17:10 +02:00
iceman1001
2ca0ea8cb4 ADD: 'hf mf fastchk' - new command, improved check keys functionality. It uses a bunch of techniques to get a speedup. 
Using a dictionary file with 421keys,

Current implementation of checkkeys takes 300 sec.
This implementation of checkkeys takes 250 sec.

I implemented it as a separate command so it will be easier to compare between the old and new checkkeys.
Its also doing much on deviceside, which is a step to much funnier standalone modes  :))
 2017-10-05 16:00:56 +02:00
iceman1001
a4b4a1a9a2 FIX: iso-14443a RATS optional (piwi) 2017-10-01 22:06:06 +02:00
iceman1001
94f70caa7a when you need to add too much changes at the same time... 
fix: 'hf mf hardnested'  test cases doesn't need to verify key.
add: 'hf mf ' - collect nonces from classic tag.
chg: switch_off on armside,  a more unified way,  so we don't forget to turn of the antenna ...
chg:  renamed 'hf iclass snoop'  into 'hf iclass sniff'   in an attempt to make all sniff/snoop commands only SNIFF

chg: 'standalone' ->  starting the work of moving all standalone mods into a plugin kind of style, in its own folder.
 2017-08-26 12:57:18 +02:00
iceman1001
46a0ec7130 CHG: removed old TRUE/FALSE defines... some left still.. 2017-07-27 09:28:43 +02:00
iceman1001
cdc0f15104 FIX: playing with some delays. 2017-07-11 17:40:29 +02:00
iceman1001
ce56dd32e3 FIX: 'hf mf c*' works both with 1a/1b generation of tags. 2017-07-07 12:34:20 +02:00
angelsl
ece631fd06 Add Mifare Classic EV1 set load modulation command 2017-03-09 21:37:16 +08:00
iceman1001
57e1e31dce chg: unused .. but not for long 2017-03-06 19:15:01 +01:00
iceman1001
57778a4630 CHG: renamed struct sector -> sector_t 
CHG: defines on armside
CHG: #define WIN32 ->  _WIN32
CHG: started to enhance "hf mf chkkeys"
REM: removed some duplicates etc in default keys.
 2017-03-06 19:11:08 +01:00
iceman1001
f24edfec54 CHG: hf 14a read - started to add a Magic tag gen2 detection. SKipping it for now. Can't decide to put in on deviceside or in client. 
FIX:  `lf read` - ophs..  it works again.
ADD: `lf em 4x05--`  - added a chipset definition
CHG: better kali fix - from @pwpivi
 2017-02-28 08:16:02 +01:00
iceman1001
8db18d2f15 ADD: hf 14a read - now can detect the newer magic generation 1b. In output 1A (old version, where all hf mf c* commands works) 1B is the newer. 2017-02-27 19:18:38 +01:00
iceman1001
3c345a41b2 chg: moved to header file 2017-01-21 10:35:59 +01:00
iceman1001
77f3f9ff5c CHG: "hf mf hardnested" device side should empty bigbuff? 2016-11-16 17:44:08 +01:00
iceman1001
0b53530a10 CHG: "hf mf hardnested" disabled the tracelogging on deviceside during nonce acquiring. 2016-11-07 22:42:57 +01:00
iceman1001
d209443322 CHG: 'HF MF C*' (chinese backdoor commands) According to douniwan5788 some magic/clone tags answers to the halt cmd and some not. I think I captured his ideas. 
ref: 13b71e58fd
 2016-10-28 20:43:07 +02:00
iceman1001
f885043422 FIX: "hf 14a read" / "hf mf *" / "hf mfdes info" and failure when calling these commands serveral times in row. 
For long transactions the sspclock compare with >1 instead of >=1 ..   Now the timer resets properly.
CHG: use some #define constants for iso-commands.
 2016-09-23 21:28:07 +02:00
iceman1001
8d61d9b114 CHG: this timeout doesn't influence the bad performance with my older pm3 device (green pcb). I think its too slow. 2016-08-31 19:18:48 +02:00
iceman1001
cc70889743 FIX: fixes the broken build,... 
FIX:  increased the timeout,  to make 'hf mf chk' work better.
 2016-08-26 17:17:40 +02:00
iceman1001
6b23be6b7e CHG: cleaning up. 2016-08-04 21:37:43 +02:00
iceman1001
68410a4892 Syntaxt suger 2016-04-14 11:34:02 +02:00
iceman1001
88e20c9f6d syntax suger 2016-04-12 11:30:49 +02:00
iceman1001
86d597a510 ADD: added @pivi 's faster authentication method from 'hardnested' into "hf mf chk" (check keys) and removed the "halt" command. 
the speedup is great. Together with the previous speedups from making changes how the client sends the keys to the device,  make it lightning fast. It would be fun to see how much fast it is now.
 2016-04-11 15:25:00 +02:00
iceman1001
2abdfa491c CHG: mostly syntax suger, trying to uniform the look 'n feel.. To make calls act to what is expected. 2016-04-10 12:56:59 +02:00
iceman1001
aaa1a9a2dc CHG: Added calling clear bigbuff to zero out it also, instead of just "free" it. 
ADD:  downloading the EML part from BigBuffer specially.
 2016-03-12 09:03:28 +01:00
iceman1001
c7962313cc FIX: an extra break inside "Hf mf cgetsc" made it not read the fourth block in the sector. 2016-02-20 00:29:35 +01:00
iceman1001
838c15a643 ADD: added some time debug statements to be able to measure execution time. 
CHG: change the auth_ex method to send usb package faster,
REM: removed some bucketsort changes.
 2016-02-17 17:30:37 +01:00
iceman1001
82885445b3 FIX: cuid order... 2016-02-16 23:51:52 +01:00
iceman1001
7504dc50d5 Merge branch 'master' of https://github.com/iceman1001/proxmark3 
Conflicts:
	armsrc/crypto1.c
 2016-02-16 21:43:45 +01:00
iceman1001
6a18e46fa6 FIX: finally I took the effort to finish the "hf mf c*" commands on device side... 2016-02-15 22:04:24 +01:00
iceman1001
65c2d21d05 CHG: Syntax suger 2016-01-25 20:19:15 +01:00
iceman1001
810f53792e ADD: added the possibility to choose which block num to attack with "hf mf mifare" Before it only worked on block 0. 2016-01-20 22:26:01 +01:00
iceman1001
5ebcb867a3 FIX: Some uninitialized variables, some syntax suger, and some extra WDT_HIT calls inside "ReaderMifare" to stop it from trigger when running multiple times in a row. 2016-01-20 19:53:58 +01:00
iceman1001
d798d31cbe FIX: Coverity scans, uninitialized variables, 
CHG: unfolded some loops..
 2016-01-20 17:44:51 +01:00
iceman1001
4a71da5a35 FIX: Coverity Scan complains about resourceleaks, array reads outside of index, uninitialized variables. 2016-01-20 17:13:25 +01:00
iceman1001
9332b857ff ADD: @marshmellow42 's fixes for Q5, t55xx, fskclock, 
ADD:  got tired of always writing wrong "hf 14a list",  so I hooked it back up to call the "hf list" with argument. Things becomes smoother that way.
 2015-12-16 11:01:46 +01:00
iceman1001
f8ada309e9 ADD: @pwpiwi 's latest code from his 'hardnested' branch. 2015-12-15 08:51:29 +01:00
iceman1001
c188b1b9b2 ADD: @go_tus simple bruteforce for t55xx, refactored a bit. 
ADD: @pwpiwi 's implementation of Hardnested
 2015-11-27 16:24:00 +01:00
iceman1001
0956e0dba5 FIX: an error that I introduced to the csetblock command with wrong length of crc calcs. 
CHG:  variable name in csetblock change.  just trying to be consistant.
ADD:  code clean up in hf 14a,  added some help text methods.
 2015-11-10 11:45:45 +01:00
iceman1001
c2731f37be CHG: a major remake of the "hf mf c*" commands. Ie chinese magic tags. Tried to make them consistent in parameter calls and simplified. And fixed the annoying gen1 tags that answers with a ACK/NACK on HALT commands.. 2015-11-09 21:46:15 +01:00
iceman1001
acd7ccdbc9 CHG: some magic generation1 tags is not following protocol and answers to the "halt" command. This gives an error and makes the users think something went wrong. This also affected the magic identification in "Hf 14a reader" command, where it in those moments stated "NO" even if the tag is indeed a generation1. 2015-11-01 22:16:16 +01:00
iceman1001
5ee53a0e75 ADD: There were lot of calls to enable tracing, but very few to turn it of afterwards in the methods. 
Don't know if it has some influence but can't hurt calling  "set_tracing(FALSE);"  when method returns.
 2015-10-11 19:14:17 +02:00
iceman1001
0de8e3874d A lot of changes... 
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities,   (not a proper DEMOD, but a start)
.. GetCountUS  better precision from @pwpivi
.. bin2hex,  hex2bin  from @holiman

...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler,   nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block...  See Issue #136  https://github.com/Proxmark/proxmark3/issues/136    Not solved yet.

...
Started add SHA256..   not working yet..
 2015-10-04 18:01:33 +02:00
iceman1001
0db6ed9a71 Merge some PM3 master commits. Had to re-make the StandAloneMode to work with flags in SimulateIso14443aTag 2015-07-29 01:10:06 +02:00
iceman1001
b10a759fef @PM3 master merges, Piwi fix for mfnested 
@Marshmellow42 's fix for FDB
 2015-07-12 22:58:16 +02:00
iceman1001
99cf19d9e8 ADD: @pwpivi 's latest fixes for bigbuff 
ADD:  @marshmellow 14b changes.

fix:  fixes to the timing inside iso14443b.c  sniff/sending.  Between TX & RX there should be a 151us pause.
 2015-06-29 22:36:55 +02:00
iceman1001
c830303d7e FIX: @pwpiwi 's fixes for darkside / nested attack about the NACK/PRNG bugs. 2015-06-25 12:41:39 +02:00
iceman1001
2d2f7d1948 ADD: @marshmellow42 's changes / fixes. 2015-05-31 21:47:33 +02:00
iceman1001
95aeb706d7 CHG: @marshmellow42 changes on deviceside. 
ADD: increase debuglevel for printing a statment in ul_ev1_auth
 2015-05-27 23:23:46 +02:00
iceman1001
c068ebb78f Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/mifarecmd.c
	client/cmdhfmf.c
 2015-05-25 13:13:06 +02:00
iceman1001
46cd801c5a FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain. 
MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file
CHG: added @marshmellow42 changes to hf mfu dump layout.
ADD: an extra call to BigBuf_free in readcard..  just to make sure that it doesn't leak memory.
ADD: expermimental call to "try32" for "hf mf sim x".
 2015-05-25 13:10:55 +02:00
iceman1001
7444d916c6 FIX: hf mfu dump, now reads correct memory from device-side. 
CHG: hf mfu dump - output data styled :)
 2015-05-24 21:51:44 +02:00
marshmellow42
0ce03d9ab0 fix mfu dump getbigbuffer bug 
Thanks @iceman1001 for catching my oops, and fixing it :)
 2015-05-23 22:35:50 -04:00
iceman1001
ce432659f2 Adjustments after the big merge from PM3 master. 2015-05-23 08:38:46 +02:00
iceman1001
bcf61bd34a Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	README.txt
	armsrc/appmain.c
	armsrc/apps.h
	armsrc/des.c
	armsrc/iclass.c
	armsrc/mifarecmd.c
	armsrc/mifareutil.c
	armsrc/mifareutil.h
	client/cmddata.c
	client/cmdhf.c
	client/cmdhf14a.c
	client/cmdhficlass.c
	client/cmdhfmfu.c
	client/cmdhfmfu.h
	client/cmdscript.c
	client/lualibs/commands.lua
	client/lualibs/html_dumplib.lua
	client/scripting.c
	client/util.c
	common/protocols.h
	include/usb_cmd.h
 2015-05-23 08:16:40 +02:00
iceman1001
fff69a1e34 CHG: Merged the "hf mfu rdbl" and "hf mfu crdbl" commands into "hf mfu rdbl". One read command. 
CHG:  Merged the "hf mfu wrbl" and "hf mfu cwrbl" commands into "hf mfu wrbl". One write command.

Both new commands implement a help, authentication (0x1A/0x1B) for ULC and the rest,
 2015-05-20 23:44:11 +02:00
iceman1001
0a0d9a5828 @Marshmellow42 's fixes for bigbuf. 2015-05-19 18:46:38 +02:00
marshmellow42
d7acc6403e hf mfu dump - bigbuf allocation fix 
some larger nfc tags can get large so set the allocation to the 4k
CARD_MEMORY_SIZE buffersize.
 2015-05-19 11:30:50 -04:00
iceman1001
e7e9508883 @Marshmellow42 's cleanup isn device-side "hf mfu" code. Looks nice. Dump uses bigbuffer now, and can dump NTAG216 :) 
Consistency on the client-side code "hf mfu".  looks nice.
 2015-05-18 20:58:33 +02:00
marshmellow42
9d87eb6650 MF ultralight code cleanup 2015-05-18 13:11:00 -04:00
marshmellow42
8258f40969 Iceman1001 s MFU clean up 
cleaned up MF UL_C auth code device side.
 2015-05-17 20:49:25 -04:00
iceman1001
4d2e4eea58 CHG: the "HF MFU" authentication changes. 
CHG: name change from "hf 14a snoop"  ->  "hf 14a sniff"..
 2015-05-16 15:34:01 +02:00
marshmellow42
cceabb79e6 mfu info / dump attempt at missing auths 
NOT TESTED.  will test soon.  probably has bugs!
 2015-05-16 01:00:31 -04:00
marshmellow42
75377d29d6 MFU - Icemans further improvements 
add UL-C device side read card with authentication
add MF_UL-Annotations
add ntag, and more ul descriptions in hf mfu info
 2015-05-06 00:55:29 -04:00
iceman1001
8d53ea1403 CHG: added 2k3des to ULC READCARD. 2015-05-05 00:33:07 +02:00
marshmellow42
b3125340f3 Icemans UL-C Auth dev side fix plus a few other ... 
... small UL fixes
 2015-05-03 15:41:11 -04:00
iceman1001
062b7cb956 FIX: the HF MFU CREAD command on deviceside now can do a proper ATUTHENTICATION request with 2KEY3DES. 2015-05-01 15:29:19 +02:00
marshmellow42
92690507ab Iceman's updates to MFU info and dump 2015-04-30 09:28:43 -04:00
iceman1001
1ec21089b2 CHG: the work in progress of making "HF MFU INFO" / "HF MFU DUMP" goes on. 
ook @marshmellows changes and remade them a bit. TagTypeUL_t behaves like a flag-enum.
     "HF MFU DUMP" now autodetects tagtype, and the deviceside should report back proper length.
 2015-04-30 10:15:52 +02:00
marshmellow42
f168b2633b MF Ultralight - Iceman's updates + mine 
Beginning of Ultralight additions.
detection of Ultralight Types added
dump command now auto detects type
can authenticate Ultralight C
 2015-04-29 18:27:31 -04:00
iceman1001
add0504dea ADD: Started a "collect nonces" concept to be able to analyse the tag generated nonces. 2015-04-24 18:41:49 +02:00
iceman1001
aa60d1560e NEW: HF MFU SETPWD - set password to a Ultralight C tag. 
NEW: HF MFU SETUID - set UID to a magic UL / UL-C tag.   *not implemented*
CHG: minor alignment for "Hf list" output.
CHG: removed unneeded function parameters to the ultralight commands
CHG: the const MAX_MIFARE_FRAME_SIZE is changed to MAX_FRAME_SIZE in the ultralight commands since the UL-Ev1 can have bigger frames than 18bytes.
CHG: adding DES support for the Ultralight-c read commands on deviceside.
 2015-03-30 16:24:03 +02:00
iceman1001
0ec548dc21 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/lfops.c
	client/cmddata.c
	client/cmdlf.c
	client/cmdlft55xx.c
	client/cmdlft55xx.h
	client/scripts/test_t55x7_bi.lua
 2015-03-24 11:45:31 +01:00
iceman1001
3ac59c7fed Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/crapto1.c
	armsrc/iclass.c
	client/nonce2key/crapto1.c
 2015-03-06 09:02:15 +01:00
Martin Holst Swende
3000dc4e7e Generic tracing; removed iso14a_XX-functions, removed traceLen as global varible 2015-02-07 20:49:40 +01:00
pwpiwi
f71f4deb8f BigBuf and tracing rework: allow much longer traces in in hf commands 
- provided a BigBuf_malloc() function to dynamically allocate parts of BigBuf
  e.g. for DMA-Buffers, Frame-Buffers, Emulator-Memory
- the whole rest of BigBuf is now available for traces (instead of a small fixed amount)
- send actual traceLen together with trace data
- changed client side to cope with varying traceLen
- changed small buffers to automatic variables instead of parts of BigBuf
 2015-01-28 07:18:51 +01:00
iceman1001
c8b6da2295 Merge branch 'master' of https://github.com/holiman/proxmark3 
Conflicts:
	armsrc/appmain.c
	armsrc/apps.h

Step 1 for the Ultralight / Ultralight-c
 2015-01-20 20:59:24 +01:00
iceman1001
5149e37e66 Merge branch 'master' of https://github.com/Proxmark/proxmark3 
Conflicts:
	armsrc/appmain.c
	armsrc/apps.h
 2015-01-20 09:32:53 +01:00
Martin Holst Swende
f164662363 Merge branch 'master' of https://github.com/iceman1001/ForPm3 
Conflicts:
	armsrc/appmain.c
	armsrc/apps.h
 2015-01-15 21:50:03 +01:00
iceman1001
a631936e84 ADD: Midnitesnaks's & Pentura labs Ultralight-c modifications in ARMSRC. 
ADD:  des.c  ,  aes.c  in ARMSRC
 2015-01-13 23:18:04 +01:00
Martin Holst Swende
31d1caa526 Reverted some minor things, altered other things to get it to compile cleanly 2015-01-08 17:51:52 +01:00
iceman1001
787b5bd8a4 CHG: minor code clean up in ArmSrc. 
ADD: added some more default keys in Hf mf nested,  maybe it runs faster :)
 2015-01-08 00:08:33 +01:00
iceman1001
52ab55ab0d ADD: added a lot of ic ids to cmdhf15.c Thanks to Asper for the list. 
ADD: added a manufacturer list in "hf 14a reader",  only viable when UID is double or triple size.  Thanks to Asper for the list.
ADD: detect chinese magic backdoor commands in "hf 14a reader"
CHG: minor code clean up.
 2015-01-07 21:06:15 +01:00
iceman1001
3fe4ff4f03 CHG: generic code clean up. Removal of commented code. 
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD:  tnp3xx support
ADD:  nxp tag idents.
ADD:  identifiction of chinese backdoor commands to hf 14a reader.
 2015-01-05 15:51:27 +01:00
pwpiwi
6a1f2d82bb bugfixes iso14443a (hf 14a commands) 
- buffers were too small to handle 256 byte frames
- parity bits were only handled for up to 32 byte frames
- trace format was inefficient
- removed parity calculation from decoders in iclass.c (parity not used on air anyway)
 2014-12-16 07:41:07 +01:00
pwpiwi
baeaf57950 fix/add support for 4K (and other non 1K) card sizes in hf mf commands 
- hf mf rdsc (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39
- hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
- hf mf dump (add): added (optional) card size parameter and support for non 1K cards
- hf mf dump (fix): Access Condition 011 not handled correctly (tried to access with key A)
- hf mf restore (add): added (optional) card size parameter and support for non 1K cards
- hf mf nested (fix): didn't account for 16 block sectors, allowed max sector 63 instead of 39
- hf mf nested (fix): always dumped 16 keys to dumpkeys.bin instead of correct number
- hf mf chk (fix): always dumped 16 keys to dumpkeys.bin instead of correct number
- hf mf eget (fix): displayed three instead of one block
- hf mf eload (add): load 4K .eml files (but accepts 1K .eml files for backwards compatibility)
- hf mf esave (add): always save the whole emulator memory (4K) instead of 1K only
- hf mf ecfill (add): added (optional) card size parameter and support for non 1K cards
 2014-09-10 19:04:50 +02:00
iZsh
7cc204bff8 THIS REQUIRES A BOOTROM UPDATE!! To save FPGA area, split the LF and HF bitstreams and load them on-demand. 2014-06-20 01:02:59 +02:00