ADD: added a new string helper function "sprint_hex_ascii" in util.c
ADD: added "LF AWID BRUTE", a very simple bruteforce command for the awid commands.
it takes a facility-code, and iterates all possible 0xFFFF cardnum by sending sim command. It also uses the usb_poll function to stop the bruteforce on keypress and not leaving the pm3 device running the simulation.
the command implements the help parameter.
CHG: Minor code changes on T55X7 code. Default password is back to 'FF FF FF FF',
REM: removed @marshmellow42 's wakeup option in "lf t55x7 read",
--- BASICALLY:
if a T55X7 tag has following bits set:
AOR - send wakeup command with pwd, to enable LF interacting with it.
PWD - send read/write/trace/info command with pwd. No need to send wakeup.
ADD: Added the "lf t55x7 wakeup" command. It will send a pwd, and leave the antenna on.
Process like:
1. lf t55x7 wakeup p 11223344
2. lf search
---
It is still not finished, will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets.
ADD: @marshmellows "diphase" definition for T55x7.
MOV: extracted the aquisition from the t55x7 methods and put them inside lfsampling.c
FIX: pcf7931 write, there is 16bytes in a block.. not 4 as I thought before.
FIX: t55x7 lowered the WRITE_0 to 16. Even bigger gap.
Things like the ICLASS, tryDecryptWord,
--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation, start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written, which has a lousy input check..
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities, (not a proper DEMOD, but a start)
.. GetCountUS better precision from @pwpivi
.. bin2hex, hex2bin from @holiman
...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block... See Issue #136https://github.com/Proxmark/proxmark3/issues/136 Not solved yet.
...
Started add SHA256.. not working yet..
-hitag2, -legicrf, HIDdemodFSK, CmDAWIDdemodFSK, CmdEM410xdemod, CmdIOdemodFSK
It should enable them to be aborted with a call to "hw ping / hw status" instead of only button-press. Which is good when you are scripting stuff.
MERGED: @piwi changes
MERGED: @marshmellows changes.
I'm not even gonna try write up all that stuff..
ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32. It is also inside the "hf 14a sim" with the "x" parameter.
backend:
askman and askraw demods merged into askdemod (args adjusted
accordingly)
re-arranged lfdemod.h in alphabetical order and by category
front end:
data detectclock a (ask) now also reports the selected best start
position for demod
data manrawdecode takes an invert arg now
applies icemans full ata55x7 read/write settings
adds checksum to ioprox (thanks to iceman)
adds silent mode for lf read and getSamples
fix lf em em410xwatch and lf em410xspoof
improve data rawdemod ar - for biphase demods
improve detectclock a for strong antennas
lf t5xx commands updated from ICEMAN
lf em410x commands updated
lf search bug fix for 2 args
test scripts from iceman
lf demod:
better ask clock detection with Strong fully clipped waves
better ask raw demod with strong fully clipped waves
fsk demod add back in skipped bits during demod
nrz demod add back in skipped bits during demod
show command to UI:
data printdemodbuffer - allow printing of demod buffer
Add:
data askgproxiidemod - demod a gproxii tag
Fix:
adjust lf simxxx commands further for testing
added SimulateTagLowFrequencyTest function
with some adjustments that help ASK simulations
FSK and PSK still need help. Left original HID sim alone as for some it
may partially work.
- provided a BigBuf_malloc() function to dynamically allocate parts of BigBuf
e.g. for DMA-Buffers, Frame-Buffers, Emulator-Memory
- the whole rest of BigBuf is now available for traces (instead of a small fixed amount)
- send actual traceLen together with trace data
- changed client side to cope with varying traceLen
- changed small buffers to automatic variables instead of parts of BigBuf
added data fskparadoxdemod
added data setdebugmode (for demods)
added data shiftgraphzero (to help clean weak reads)
fixed a few bugs with the data detectaskclock
added data fskfcdetect to detect FSK clocks
adjusted most of my demods to put raw tag binary to demod buffer for
future sim and clone commands (psk still needs work)
CHG: USB_CMD_DATA_SIZE is now used as maxsize for transfer of data between client and pm3device
CHG: suggested a fix for the underscore problem in ioclass\fileutils.c
ADD: tnp3xx support
ADD: nxp tag idents.
ADD: identifiction of chinese backdoor commands to hf 14a reader.
fixed a few bugs in lf demod that the streamlining added. added new lf
em em410xdemod command that loops until button pressed. (similar to lf
hid fskdemod
* Modified commands (lf em4x):
em410xwatch ['h'] -- Watches for EM410x 125/134 kHz tags (option 'h' for 134)
em410xwrite <UID> <'0' T5555> <'1' T55x7> [clock rate] -- Write EM410x UID to T5555(Q5) or T55x7 tag, optionally setting clock rate
* Better option checking for em410xwrite & fix for uninitialized vars
* Increased samples from 2000 to 4000 in em410xwatch (2000 is OK for clock=64, but too few for clock=32)
