X-Git-Url: http://cvs.zerfleddert.de/cgi-bin/gitweb.cgi/proxmark3-svn/blobdiff_plain/770f73457afd6d799d37d81f3a96bbbfb053b3a5..d9ed4e191445d342d11e35fbe4886980e40771a8:/README.txt?ds=sidebyside diff --git a/README.txt b/README.txt index 86fb2b15..101ae88d 100644 --- a/README.txt +++ b/README.txt @@ -1,87 +1,119 @@ -INTRO: - -This file contains enough software, logic (for the FPGA), and design -documentation for the hardware that you could, at least in theory, -do something useful with a proxmark3. It has commands to: - - * read any kind of 125 kHz unidirectional tag - * simulate any kind of 125 kHz unidirectional tag - -(This is enough to perform all of the silly cloning attacks, like the -ones that I did at the Capitol in Sacramento, or anything involving -a Verichip. From a technical standpoint, these are not that exciting, -although the `software radio' architecture of the proxmark3 makes it -easy and fun to support new formats.) - -As a bonus, I include some code to use the 13.56 MHz hardware, so you can: - - * do anything that a (medium-range) ISO 15693 reader could - * read an ISO 14443 tag, if you know the higher-layer protocol - * pretend to be an ISO 14443 tag, if you know the higher-layer protocol - * snoop on an ISO 14443 transaction - -I am not actively developing any of this. I have other projects that -seem to be more useful. - -USING THE PACKAGE: - -The software tools required to build include: - - * cygwin or other unix-like tools for Windows - * devkitPro (http://wiki.devkitpro.org/index.php/Getting_Started/devkitARM) - * Xilinx's WebPack tools - * Modelsim (for test only) - * perl - -When installing devkitPro, you only need to install the compiler itself. Additional -support libraries are not required. - -Documentation is minimal, but see the doc/ directory for what exists. A -previous familiarity with the ARM, with digital signal processing, -and with embedded programming in general is assumed. - -The device is used through a specialized command line interface; for -example, to clone a Verichip, you might type: - - loread ; this reads the tag, and stores the - ; raw samples in memory on the ARM - - losamples ; then we download the samples to - ; the PC - - vchdemod clone ; demodulate the ID, and then put it - ; back in a format that we can replay - - losim ; and then replay it - -To read an ISO 15693 tag, you might type: - - hiread ; read the tag; this involves sending a - ; particular command, and then getting - ; the response (which is stored as raw - ; samples in memory on the ARM) - - hisamples ; then download those samples to the PC - - hi15demod ; and demod them to bits (and check the - ; CRC etc. at the same time) - -Notice that in both cases the signal processing mostly happened on the PC -side; that is of course not practical for a real reader, but it is easier -to initially write your code and debug on the PC side than on the ARM. As -long as you use integer math (and I do), it's trivial to port it over -when you're done. - -The USB driver and bootloader are documented (and available separately -for download, if you wish to use them in another project) at - - http://cq.cx/trivia.pl - - -OBTAINING HARDWARE: - -Most of the ultra-low-volume contract assemblers that have sprung up -(Screaming Circuits, the various cheap Asian suppliers, etc.) could put +The iceman fork +--------------- + +NOTICE: + +The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3 + +NEWS: + +::THIS FORK IS HIGHLY EXPERIMENTAL:: + + +## Build Status Travis CI +[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3) + +## Build Status Coverity Scan +[![Coverity Scan Build Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/projects/proxmark3-iceman-fork) + + +Whats in this fork? I have scraped the web for different enhancements to the PM3 source code and not all of them ever found their way to the master branch. +Among the stuff is + + * Jonor's hf 14a raw timing patch + * Piwi's updates. (usually gets into the master) + * Piwi's "topaz" branch + * Piwi's "hardnested" branch + * Holiman's iclass, (usually gets into the master) + * Marshmellow's fixes (usually gets into the master) + * Midnitesnake's Ultralight, Ultralight-c enhancements + * Izsh's lf peak modification / iir-filtering + * Aspers's tips and tricks from inside the PM3-gui-tool, settings.xml and other stuff. + * My own desfire, Ultralight extras, LF T55xx enhancements, bugs fixes (filelength, hf mf commands ), TNP3xxx lua scripts, Awid26, skidata scripts (will come) + * other obscure patches like for the sammy-mode, (offline you know), tagidentifications, defaultkeys. + * Minor textual changes here and there. + * Simulation of Ultralight/Ntag. + * Marshmellow's and my "RevEng" addon for the client. Ref: http://reveng.sourceforge.net/ + * Someone's alternative bruteforce Mifare changes.. (you need the two other exe to make it work) + + * A Bruteforce for T55XX passwords against tag. + * A Bruteforce for AWID 26, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a AWID Reader. + * A Bruteforce for HID, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a HID Reader. + * Blaposts Crapto1 v3.3 + * Icsom's legic script and legic enhancements + * Aczid's bitsliced bruteforce solver in 'hf mf hardnested' + +Give me a hint, and I'll see if I can't merge in the stuff you have. + +I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master. + +PM3 GUI: + +I do tend to rename and move stuff around, the official PM3-GUI from Gaucho will not work so well. *sorry* + + + +DEVELOPMENT: + +This fork is adjusted to compile on windows/mingw environment with Qt5.3.1 & GCC 4.9 +For people with linux you will need to patch some source code and some small change to one makefile. If you are lazy, you google the forum and find asper's or holimans makefile or you find your solution below. + +GC made updates to allow this to build easily on Ubuntu 14.04.2 LTS. + - See https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux + - Generally speaking, if you're running a "later" Proxmark, installation is very easy. + - Run "sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget + - Follow these instructions + Get devkitARM release 41 from SourceForge (choose either the 64/32 bit depending on your architecture, it is assumed you know how to check and recognize your architecture): + (64-bit) http://sourceforge.net/projects/devkitpro/files/devkitARM/previous/devkitARM_r41-x86_64-linux.tar.bz2/download + (32-bit) http://sourceforge.net/projects/devkitpro/files/devkitARM/previous/devkitARM_r41-i686-linux.tar.bz2/download + Extract the contents of the .tar.bz2: + tar jxvf devkitARM_r41--linux.tar.bz2 + Create a directory for the arm dev kit: + sudo mkdir -p /opt/devkitpro/ + Move the ARM developer kit to the newly created directory: + sudo mv devkitARM /opt/devkitpro/ + Add the appropriate environment variable: + export PATH=${PATH}:/opt/devkitpro/devkitARM/bin/ + Add the environment variable to your profile: + echo 'PATH=${PATH}:/opt/devkitpro/devkitARM/bin/ ' >> ~/.bashrc + - make all + +Common errors linux/macOS finds + +Error: + * \client\makefile the parameter -lgdi32 +Solution: + * Remove parameter. + +Error: + * Using older Qt4.6 gives compilation errors. +Solution + * Upgrade to Qt5.3.1 + OR + * Change these two line in \client\makefile + CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -I$(QTDIR)/include/QtWidgets -I/mingw/include + QTLDLIBS = -L$(QTDIR)/lib -lQt5Core -lQt5Gui -lQt5Widgets + + TO + + CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui + QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4 + + +An old Qt4 version makefile is found here: http://www.icesql.se/proxmark3/code/linuxmakefile.txt but this one doesn't have all new files in it. So I don't recommend it. + + +January 2015, Sweden +iceman at host iuse.se + + +The Proxmark 3 is available for purchase (assembled and tested) from the +following locations: + + * http://www.elechouse.com (new and revised hardware package 2015) + + +Most of the ultra-low-volume contract assemblers could put something like this together with a reasonable yield. A run of around a dozen units is probably cost-effective. The BOM includes (possibly- outdated) component pricing, and everything is available from Digikey @@ -99,37 +131,6 @@ The printed circuit board artwork is also available, as Gerbers and an Excellon drill file. -FUTURE PLANS, ENHANCEMENTS THAT YOU COULD MAKE: - -At some point I should write software involving a proper real-time -operating system for the ARM. I would then provide interrupt-driven -drivers for many of the peripherals that are polled now (the USB, -the data stream from the FPGA), which would make it easier to develop -complex applications. - -It would not be all that hard to implement the ISO 15693 reader properly -(with anticollision, all the commands supported, and so on)--the signal -processing is already written, so it is all straightforward applications -work. - -I have basic support for ISO 14443 as well: a sniffer, a simulated -tag, and a reader. It won't do anything useful unless you fill in the -high-layer protocol. - -Nicer (i.e., closer-to-optimal) implementations of all kinds of signal -processing would be useful as well. - -A practical implementation of the learning-the-tag's-ID-from-what-the- -reader-broadcasts-during-anticollision attacks would be relatively -straightforward. This would involve some signal processing on the FPGA, -but not much else after that. - -It would be neat to write a driver that could stream samples from the A/Ds -over USB to the PC, using the full available bandwidth of USB. I am not -yet sure what that would be good for, but surely something. This would -require a kernel-mode driver under Windows, though, which is more work. - - LICENSING: This program is free software; you can redistribute it and/or modify @@ -151,4 +152,3 @@ Jonathan Westhues user jwesthues, at host cq.cx May 2007, Cambridge MA -