RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-01-09 17:56:53 +08:00
Code Issues Projects Releases Packages Wiki Activity
3559 commits 3 branches 15 tags 86 MiB
Commit graph

182 commits

Author SHA1 Message Date
iceman1001
75d04307a1 chg: adapting some HF voltage readings. 2018-02-07 13:11:10 +01:00
iceman1001
b06579e0d5 chg: 'hf felica reader' the felica_select_card struct got more properties 2018-01-30 03:32:33 +01:00
iceman1001
bf25b1c9ba chg: crc16 got a compute_crc function 2018-01-30 03:31:11 +01:00
iceman1001
095b3af43b CHG: 'hf 15' - swapped crc impl to table based. 2018-01-29 15:55:56 +01:00
iceman1001
29c15b3480 cHG.. missing 2018-01-29 13:48:18 +01:00
iceman1001
3634327bef chg: code cleaning. 2017-12-21 12:42:32 +01:00
iceman1001
5eafdbf872 ADD: 'hf iclass check' - increased speed in check keys with new algo. 
ADD: 'hf iclass' - trying to add the timeout-limits for commands in order to get a more stable iclass communication
 2017-12-21 10:13:40 +01:00
iceman1001
e02e145fae draft for a Mifare classic NACK bug detection. 
the idea is to have a statistically solid conclusion if tag does or does not have the NACK bug.

-in short, ref  https://github.com/iceman1001/proxmark3/issues/141
NACK bug;  when a tag responds with a NACK to a 8 byte nonce exchange during authentication when the bytes are wrong but the parity bits are correct.

This is a strong oracle which is used in the darkside attack.
 2017-12-04 19:36:26 +01:00
iceman1001
4b63f940f1 CHG: FeliCa implemenation by @satsuoni 2017-10-20 20:27:44 +02:00
iceman1001
9757a8f078 ADD: some felica defines 2017-10-10 14:33:27 +02:00
iceman1001
b4a03581c2 CHG: adjustments to the USB reading part. 2017-10-05 15:55:08 +02:00
iceman1001
a4b4a1a9a2 FIX: iso-14443a RATS optional (piwi) 2017-10-01 22:06:06 +02:00
iceman1001
0f7241f4b3 FIX: found old thread on forum from 2010, saying this bitshifts are wrong. 
ref:   http://www.proxmark.org/forum/viewtopic.php?id=643
 2017-09-26 00:19:54 +02:00
iceman1001
b439c76c6e CHG: changed name on define. Its now called CMD_UPLOAD_SIM_SAMPLES_125K .. Since we upload to device. 2017-09-14 11:13:10 +02:00
iceman1001
94f70caa7a when you need to add too much changes at the same time... 
fix: 'hf mf hardnested'  test cases doesn't need to verify key.
add: 'hf mf ' - collect nonces from classic tag.
chg: switch_off on armside,  a more unified way,  so we don't forget to turn of the antenna ...
chg:  renamed 'hf iclass snoop'  into 'hf iclass sniff'   in an attempt to make all sniff/snoop commands only SNIFF

chg: 'standalone' ->  starting the work of moving all standalone mods into a plugin kind of style, in its own folder.
 2017-08-26 12:57:18 +02:00
iceman1001
f28da2da6e monster merge... 
all those changes marshmellow did..  and more...
 2017-07-30 09:17:48 +02:00
iceman1001
a8569849d6 part of monstermerge.. 2017-07-27 20:58:59 +02:00
iceman1001
f942e1ed05 ADD: CRC8Mad() should be used to calc the crc-8 byte for Mifare MAD config block. Doesn't work of course... 
CHG: some T/F defines..
 2017-07-27 09:31:23 +02:00
angelsl
ece631fd06 Add Mifare Classic EV1 set load modulation command 2017-03-09 21:37:16 +08:00
iceman1001
99136c6eef CHG: finalized the merge between peter filmoores 14atagfuzz branch (emv). I seriously doubt anything works. 2017-03-01 21:51:23 +01:00
iceman1001
52108cabf3 CHG: 'lf cotag read' - added the raw output and the repeating byte pattern is 16bytes, so we only collect that many bytes from card 2017-02-03 00:07:55 +01:00
iceman1001
a330987de1 CHG: 'lf cotag demod' - now finds FC/CN Thanks to @marshmellow42 
CHG:  'lf search' - now detects COTAG
 2017-02-02 19:15:36 +01:00
iceman1001
84bdbc1917 FIX: 'hf 14a sim x' - adjusted and shows messages when verbose. 
FIX: 'hf mf sim x i' - same as above.

In general we only use Moebius attack for "sim x",  that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
 2017-01-29 23:09:23 +01:00
iceman1001
4653da4331 ADD: lf cotag - added first try at basic functionality to read samples from Cotag. In lfops.c is the startup sequence that needs to be tested out. 2017-01-27 10:49:34 +01:00
iceman1001
bf5d7992ce ADD: @micolous random nonce, adjusted to fit in. Icemanfork only uses Moebius attack, so no need for an extra parameter in client. 
ref: https://github.com/Proxmark/proxmark3/pull/209
 2017-01-26 14:21:51 +01:00
iceman1001
53d5dc643f CHG: fiddled with the headerfiles... and makefile... Tried to make them behave nice. So it isnt a hell to add new functions from third-party (like des, aes etc) 
Added a lot of #ifndef ,   extern C,
Move inside from ARMSRC -> THUMBS,  which made the compiled image smaller.. I don't know if it broke anything.
Moved MF_DBGLEVEL definitions into common.h
Moved print_result from util.c into appmain.c
Also split up some struct typedef  into header files so they could be reused in other code places.

''' danger '''  this might have broken stuff...
 2017-01-25 00:33:03 +01:00
iceman1001
793c301250 syntax sugar 2017-01-21 11:26:37 +01:00
iceman1001
69784c3801 ADD: 'lf search' - added @marshmellow42 's hitag2 identification 2017-01-20 10:09:06 +01:00
iceman1001
0e8cabed8d ADD: "hf legic eload" - Load binary file to emulator memory. Use "h" for help text 
ADD:  "hf legic esave" - Save emulator memory to binary file. Use "h" for help text
 2016-10-06 19:13:23 +02:00
iceman1001
fabef615ec CHG: added addresize to legic select struct. 
CHG: TIMER, it turns out the TC0, TC1 and TC2 is only 16bit.  So adjust to use two clocks to get a 32bit timer.
CHG: code clean up in legic device side.  consistency with variable names..
 2016-09-29 17:43:39 +02:00
iceman1001
a39944216d CHG: a select_legic function with structs and stuff and 2016-09-29 12:23:09 +02:00
iceman1001
3e750be37c ADD: started to add a legic detection to "HF SEARCH" 2016-09-26 20:01:23 +02:00
iceman1001
ad5bc8cc8c In my attempts to make the LEGIC code better, its not working now. Timings if off. 
CHG: switching to US clock.
CHG: better trace annotation for legic
CHG: Legic prng can now give a x bits in once.
 2016-09-09 11:56:20 +02:00
iceman1001
c71c5ee156 ADD: started to add tracelog in legic 
ADD: remake of legic codebase.
ADD: started with a annotation for LEGIC in 'hf list'
 2016-09-02 16:25:54 +02:00
iceman1001
83dad64b91 ADD: some new usb commmands from EMV, and for LEGIC. 2016-07-28 21:16:02 +02:00
iceman1001
e7470660c2 ADD: added the nonce_struct needed for @marshmellow42 's enhanced "sim x" attack. 2016-07-07 02:14:03 +02:00
iceman1001
348c57a0af REM: rmove stdio.h reference to make it compile on Mac OS X 2016-05-09 08:12:43 +02:00
iceman1001
048324d63b DEL: removed the homebrews script. It needed a seperate gitproject. 
CHG:  removed references to  stdio.h  and time.h  in ARMSRC.
 2016-05-06 23:51:03 +02:00
iceman1001
ce211cef39 FIX: corrected the FLAG_NR_AR_ATTACK 2016-04-18 13:02:36 +02:00
iceman1001
0194ce8fc8 ADD: simulating can now handle triplesized UID (10b) 
CHG: moved some mifare #DEFINES into protocols.h  (ACK,NACK..)
 2016-04-14 11:09:17 +02:00
iceman1001
06eb3b1a8c coverity fixes for my latest changes. 
Forgot some breaks in 7816 annotation, and  presco used an uninitalized char array.
 2016-03-22 08:40:20 +01:00
iceman1001
6fc68747f6 ADD: well, starting with a luascript for reading calypso tags, made me remake the 14b raw command on client and device side. Sorry @marshmellow42 , but this one broke your "hf 14b info" implementation. I fixed the "hf 14b read" and the hf search. So not to bad, but still a bit broken. The 14b raw device side is now very similar to 14a raw. Which is good. There is a Standard 14b 0x050008 detection and STmicroelectronic 0x0600 detection on deviceside. This removes a lot of code client side. 
I also made the SRi read functions better by combining them.   The demodulation / uart code should be the same as last summers changes.  The device side code can now be even smaller.
 2016-03-20 19:33:07 +01:00
iceman1001
f2c2b174cd CHG: moved some #define into include\common.h (which is call by apps.h), so we have one place for them. Also changed them to CAPITAL. 
ABS(),  MIN(), MAX()
 2016-03-13 07:16:42 +01:00
iceman1001
aaa1a9a2dc CHG: Added calling clear bigbuff to zero out it also, instead of just "free" it. 
ADD:  downloading the EML part from BigBuffer specially.
 2016-03-12 09:03:28 +01:00
iceman1001
0db11b71ef ADD: Added the HitagS from @spenneb ref:https://events.ccc.de/congress/2015/Fahrplan/events/7166.html 
PM3 Master PR: https://github.com/Proxmark/proxmark3/pull/167

Adjusted the ENUM names to fit in my fork.  We need a better namestandard for it.
 2016-03-04 19:06:47 +01:00
iceman1001
c188b1b9b2 ADD: @go_tus simple bruteforce for t55xx, refactored a bit. 
ADD: @pwpiwi 's implementation of Hardnested
 2015-11-27 16:24:00 +01:00
iceman1001
94422fa23f ADD: @marshmellow42 's fixex and resetread t55x7 2015-11-02 20:46:17 +01:00
iceman1001
1d0ccbe04b ADD: added the "hf snoop" patch original from @Enio, rearranged by @Etmatrix. 
ADD:  added the "t55x7" refactoring by @marshmellow42
 2015-10-27 21:47:21 +01:00
iceman1001
9276e859a6 ADD: @marshmellows42 's fixes for "lf cmdread" and CHANGELOG.md 
ADD:  Added the "lf t55x7 wakeup" command. It will send a pwd,  and leave the antenna on.
Process like:
1. lf t55x7 wakeup p 11223344
2. lf search

---
It is still not finished,  will work together with the "lf t55x7 commands" in next step when I figure out the process from the datasheets.
 2015-10-20 19:00:02 +02:00
iceman1001
e98572a1e2 I just merged @marshmellow's branch "iclass" and that was a lot of new functionality. *great work* 
Things like the ICLASS, tryDecryptWord,

--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation,  start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written,  which has a lousy input check..
 2015-10-07 23:00:46 +02:00