## [unreleased][unreleased]
### Added
+- ISO14443a stand-alone operation with ARM CFLAG="WITH_ISO14443a_StandAlone". This code can read & emulate two banks of 14a tag UIDs and write to "magic" cards (Craig Young)
- AWID26 command context added as 'lf awid' containing realtime demodulation as well as cloning/simulation based on tag numbers (Craig Young)
+- Added 'hw status'. This command makes the ARM print out some runtime information. (holiman)
+- Added 'hw ping'. This command just sends a usb packets and checks if the pm3 is responsive. Can be used to abort certain operations which supports abort over usb. (holiman)
### Changed
- Changed lf config's `threshold` to a graph (signed) metric and it will trigger on + or - value set to. (example: set to 50 and recording would begin at first graphed value of >= 50 or <= -50) (marshmellow)
- EPA functions (`hf epa`) now support both ISO 14443-A and 14443-B cards (frederikmoellers)
+- 'hw version' only talks to ARM at startup, after that the info is cached. (pwpiwi)
## [2.2.0][2015-07-12]
+### Changed
+- Added `hf 14b raw -s` option to auto select a 14b std tag before raw command
- Changed `hf 14b write` to `hf 14b sriwrite` as it only applied to sri tags (marshmellow)
-- Added `hf 14b reader` to `hf search` (marshmellow)
+- Added `hf 14b info` to `hf search` (marshmellow)
- Added compression of fpga config and data, *BOOTROM REFLASH REQUIRED* (piwi)
- Implemented better detection of mifare-tags that are not vulnerable to classic attacks (`hf mf mifare`, `hf mf nested`) (piwi)
}
}
+void BigBuf_print_status(void)
+{
+ Dbprintf("Memory");
+ Dbprintf(" BIGBUF_SIZE.............%d", BIGBUF_SIZE);
+ Dbprintf(" BigBuf_hi .............%d", BigBuf_hi);
+ Dbprintf("Tracing");
+ Dbprintf(" tracing ................%d", tracing);
+ Dbprintf(" traceLen ...............%d", traceLen);
+}
+
// return the maximum trace length (i.e. the unallocated size of BigBuf)
uint16_t BigBuf_max_traceLen(void)
traceLen += iLen;
// parity bytes
- if (parity != NULL && iLen != 0) {
+ if (iLen != 0) {
+ if (parity != NULL) {
memcpy(trace + traceLen, parity, num_paritybytes);
+ } else {
+ memset(trace + traceLen, 0x00, num_paritybytes);
+ }
}
traceLen += num_paritybytes;
return TRUE;
}
+
// Emulator memory
uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length){
uint8_t* mem = BigBuf_get_EM_addr();
extern uint8_t *BigBuf_malloc(uint16_t);
extern void BigBuf_free(void);
extern void BigBuf_free_keep_EM(void);
-
+extern void BigBuf_print_status(void);
extern uint16_t BigBuf_get_traceLen(void);
-extern void clear_trace();
+extern void clear_trace(void);
extern void set_tracing(bool enable);
extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader);
#remove one of the following defines and comment out the relevant line
#in the next section to remove that particular feature from compilation
-APP_CFLAGS = -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE \
+APP_CFLAGS = -DWITH_ISO14443a_StandAlone -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -DWITH_ICLASS -DWITH_LEGICRF -DWITH_HITAG -DWITH_CRC -DON_DEVICE \
-fno-strict-aliasing -ffunction-sections -fdata-sections
#-DWITH_LCD
#include <hitag2.h>
#include "lfsampling.h"
#include "BigBuf.h"
+#include "mifareutil.h"
#ifdef WITH_LCD
#include "LCD.h"
#endif
+// Craig Young - 14a stand-alone code
+#ifdef WITH_ISO14443a_StandAlone
+ #include "iso14443a.h"
+#endif
+
#define abs(x) ( ((x)<0) ? -(x) : (x) )
//=============================================================================
#define TOSEND_BUFFER_SIZE (9*MAX_FRAME_SIZE + 1 + 1 + 2) // 8 data bits and 1 parity bit per payload byte, 1 correction bit, 1 SOC bit, 2 EOC bits
uint8_t ToSend[TOSEND_BUFFER_SIZE];
-int ToSendMax;
+int ToSendMax = 0;
static int ToSendBit;
struct common_area common_area __attribute__((section(".commonarea")));
int i, adcval = 0, peak = 0, peakv = 0, peakf = 0; //ptr = 0
int vLf125 = 0, vLf134 = 0, vHf = 0; // in mV
- LED_B_ON();
+ LED_B_ON();
/*
* Sweeps the useful LF range of the proxmark from
for (i=18; i >= 0; i--) LF_Results[i] = 0;
- LED_A_ON();
+ LED_A_ON();
// Let the FPGA drive the high-frequency antenna around 13.56 MHz.
- FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
SpinDelay(20);
vHf = (MAX_ADC_HF_VOLTAGE * AvgAdc(ADC_CHAN_HF)) >> 10;
cmd_send(CMD_MEASURED_ANTENNA_TUNING, vLf125 | (vLf134<<16), vHf, peakf | (peakv<<16), LF_Results, 256);
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
- LED_A_OFF();
- LED_B_OFF();
+ LED_A_OFF();
+ LED_B_OFF();
return;
}
uint32_t compressed_data_section_size = common_area.arg1;
cmd_send(CMD_ACK, *(AT91C_DBGU_CIDR), text_and_rodata_section_size + compressed_data_section_size, 0, VersionString, strlen(VersionString));
}
-
-#ifdef WITH_LF
-// samy's sniff and repeat routine
-void SamyRun()
+/**
+ * Prints runtime information about the PM3.
+**/
+void SendStatus(void)
{
- DbpString("Stand-alone mode! No PC necessary.");
- FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+ BigBuf_print_status();
+ Fpga_print_status();
+ printConfig(); //LF Sampling config
+ Dbprintf("Various");
+ Dbprintf(" MF_DBGLEVEL......%d", MF_DBGLEVEL);
+ Dbprintf(" ToSendMax........%d",ToSendMax);
+ Dbprintf(" ToSendBit........%d",ToSendBit);
+}
- // 3 possible options? no just 2 for now
-#define OPTS 2
+#if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF)
- int high[OPTS], low[OPTS];
+#define OPTS 2
+void StandAloneMode()
+{
+ DbpString("Stand-alone mode! No PC necessary.");
// Oooh pretty -- notify user we're in elite samy mode now
LED(LED_RED, 200);
LED(LED_ORANGE, 200);
LED(LED_ORANGE, 200);
LED(LED_RED, 200);
+}
+
+#endif
+
+
+
+#ifdef WITH_ISO14443a_StandAlone
+void StandAloneMode14a()
+{
+ StandAloneMode();
+ FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
+
+ int selected = 0;
+ int playing = 0;
+ int cardRead[OPTS] = {0};
+ uint8_t readUID[10] = {0};
+ uint32_t uid_1st[OPTS]={0};
+ uint32_t uid_2nd[OPTS]={0};
+
+ LED(selected + 1, 0);
+
+ for (;;)
+ {
+ usb_poll();
+ WDT_HIT();
+
+ // Was our button held down or pressed?
+ int button_pressed = BUTTON_HELD(1000);
+ SpinDelay(300);
+
+ // Button was held for a second, begin recording
+ if (button_pressed > 0 && cardRead[selected] == 0)
+ {
+ LEDsoff();
+ LED(selected + 1, 0);
+ LED(LED_RED2, 0);
+
+ // record
+ Dbprintf("Enabling iso14443a reader mode for [Bank: %u]...", selected);
+
+ // wait for button to be released
+ while(BUTTON_PRESS())
+ WDT_HIT();
+ /* need this delay to prevent catching some weird data */
+ SpinDelay(500);
+ /* Code for reading from 14a tag */
+ uint8_t uid[10] ={0};
+ uint32_t cuid;
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
+
+ for ( ; ; )
+ {
+ WDT_HIT();
+ if (!iso14443a_select_card(uid, NULL, &cuid))
+ continue;
+ else
+ {
+ Dbprintf("Read UID:"); Dbhexdump(10,uid,0);
+ memcpy(readUID,uid,10*sizeof(uint8_t));
+ uint8_t *dst = (uint8_t *)&uid_1st[selected];
+ // Set UID byte order
+ for (int i=0; i<4; i++)
+ dst[i] = uid[3-i];
+ dst = (uint8_t *)&uid_2nd[selected];
+ for (int i=0; i<4; i++)
+ dst[i] = uid[7-i];
+ break;
+ }
+ }
+ LEDsoff();
+ LED(LED_GREEN, 200);
+ LED(LED_ORANGE, 200);
+ LED(LED_GREEN, 200);
+ LED(LED_ORANGE, 200);
+
+ LEDsoff();
+ LED(selected + 1, 0);
+ // Finished recording
+
+ // If we were previously playing, set playing off
+ // so next button push begins playing what we recorded
+ playing = 0;
+
+ cardRead[selected] = 1;
+
+ }
+ /* MF UID clone */
+ else if (button_pressed > 0 && cardRead[selected] == 1)
+ {
+ LEDsoff();
+ LED(selected + 1, 0);
+ LED(LED_ORANGE, 250);
+
+
+ // record
+ Dbprintf("Preparing to Clone card [Bank: %x]; uid: %08x", selected, uid_1st[selected]);
+
+ // wait for button to be released
+ while(BUTTON_PRESS())
+ {
+ // Delay cloning until card is in place
+ WDT_HIT();
+ }
+ Dbprintf("Starting clone. [Bank: %u]", selected);
+ // need this delay to prevent catching some weird data
+ SpinDelay(500);
+ // Begin clone function here:
+ /* Example from client/mifarehost.c for commanding a block write for "magic Chinese" cards:
+ UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
+ memcpy(c.d.asBytes, data, 16);
+ SendCommand(&c);
+
+ Block read is similar:
+ UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
+ We need to imitate that call with blockNo 0 to set a uid.
+
+ The get and set commands are handled in this file:
+ // Work with "magic Chinese" card
+ case CMD_MIFARE_CSETBLOCK:
+ MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+ break;
+ case CMD_MIFARE_CGETBLOCK:
+ MifareCGetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
+ //
+ break;
+
+ mfCSetUID provides example logic for UID set workflow:
+ -Read block0 from card in field with MifareCGetBlock()
+ -Configure new values without replacing reserved bytes
+ memcpy(block0, uid, 4); // Copy UID bytes from byte array
+ // Mifare UID BCC
+ block0[4] = block0[0]^block0[1]^block0[2]^block0[3]; // BCC on byte 5
+ Bytes 5-7 are reserved SAK and ATQA for mifare classic
+ -Use mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER) to write it
+ */
+ uint8_t oldBlock0[16] = {0}, newBlock0[16] = {0}, testBlock0[16] = {0};
+ // arg0 = Flags == CSETBLOCK_SINGLE_OPER=0x1F, arg1=returnSlot, arg2=blockNo
+ MifareCGetBlock(0x1F, 1, 0, oldBlock0);
+ Dbprintf("UID from target tag: %02X%02X%02X%02X", oldBlock0[0],oldBlock0[1],oldBlock0[2],oldBlock0[3]);
+ memcpy(newBlock0,oldBlock0,16);
+ // Copy uid_1st for bank (2nd is for longer UIDs not supported if classic)
+
+ newBlock0[0] = uid_1st[selected]>>24;
+ newBlock0[1] = 0xFF & (uid_1st[selected]>>16);
+ newBlock0[2] = 0xFF & (uid_1st[selected]>>8);
+ newBlock0[3] = 0xFF & (uid_1st[selected]);
+ newBlock0[4] = newBlock0[0]^newBlock0[1]^newBlock0[2]^newBlock0[3];
+ // arg0 = needWipe, arg1 = workFlags, arg2 = blockNo, datain
+ MifareCSetBlock(0, 0xFF,0, newBlock0);
+ MifareCGetBlock(0x1F, 1, 0, testBlock0);
+ if (memcmp(testBlock0,newBlock0,16)==0)
+ {
+ DbpString("Cloned successfull!");
+ cardRead[selected] = 0; // Only if the card was cloned successfully should we clear it
+ }
+ LEDsoff();
+ LED(selected + 1, 0);
+ // Finished recording
+
+ // If we were previously playing, set playing off
+ // so next button push begins playing what we recorded
+ playing = 0;
+
+ }
+ // Change where to record (or begin playing)
+ else if (button_pressed && cardRead[selected])
+ {
+ // Next option if we were previously playing
+ if (playing)
+ selected = (selected + 1) % OPTS;
+ playing = !playing;
+
+ LEDsoff();
+ LED(selected + 1, 0);
+
+ // Begin transmitting
+ if (playing)
+ {
+ LED(LED_GREEN, 0);
+ DbpString("Playing");
+ while (!BUTTON_HELD(500)) { // Loop simulating tag until the button is held a half-sec
+ Dbprintf("Simulating ISO14443a tag with uid[0]: %08x, uid[1]: %08x [Bank: %u]", uid_1st[selected],uid_2nd[selected],selected);
+ SimulateIso14443aTag(1,uid_1st[selected],uid_2nd[selected],NULL);
+ }
+ //cardRead[selected] = 1;
+ Dbprintf("Done playing [Bank: %u]",selected);
+
+ /* We pressed a button so ignore it here with a delay */
+ SpinDelay(300);
+
+ // when done, we're done playing, move to next option
+ selected = (selected + 1) % OPTS;
+ playing = !playing;
+ LEDsoff();
+ LED(selected + 1, 0);
+ }
+ else
+ while(BUTTON_PRESS())
+ WDT_HIT();
+ }
+ }
+}
+#elif WITH_LF
+// samy's sniff and repeat routine
+void SamyRun()
+{
+ StandAloneMode();
+ FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
+
+ int high[OPTS], low[OPTS];
int selected = 0;
int playing = 0;
int cardRead = 0;
}
}
}
-#endif
+#endif
/*
OBJECTIVE
Listen and detect an external reader. Determine the best location
break;
case CMD_T55XX_WRITE_BLOCK:
T55xxWriteBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes[0]);
+ cmd_send(CMD_ACK,0,0,0,0,0);
break;
case CMD_T55XX_READ_TRACE:
T55xxReadTrace();
case CMD_VERSION:
SendVersion();
break;
-
+ case CMD_STATUS:
+ SendStatus();
+ break;
+ case CMD_PING:
+ cmd_send(CMD_ACK,0,0,0,0,0);
+ break;
#ifdef WITH_LCD
case CMD_LCD_RESET:
LCDReset();
WDT_HIT();
#ifdef WITH_LF
+#ifndef WITH_ISO14443a_StandAlone
if (BUTTON_HELD(1000) > 0)
SamyRun();
+#endif
+#endif
+#ifdef WITH_ISO14443a
+#ifdef WITH_ISO14443a_StandAlone
+ if (BUTTON_HELD(1000) > 0)
+ StandAloneMode14a();
+#endif
#endif
}
}
#include <stdint.h>
#include <stddef.h>
#include <stdlib.h>
-#include <sys/types.h>
-#include <string.h>
-#include <strings.h>
-#include "../common/crc32.h"
-#include "../common/lfdemod.h"
+#include <sys/types.h>
+#include "common.h"
+#include "crc32.h"
+#include "lfdemod.h"
#include "BigBuf.h"
#include "fpgaloader.h"
#include "hitag2.h"
uint8_t i;
unsigned char temp[8];
-
uint8_t* tin = (uint8_t*) in;
uint8_t* tout = (uint8_t*) out;
}
}
+
/******************************************************************************/
*/
#include "desfire_crypto.h"
-static void xor (const uint8_t *ivect, uint8_t *data, const size_t len);
-
-static size_t key_macing_length (desfirekey_t key);
+static void xor (const uint8_t *ivect, uint8_t *data, const size_t len);
+static size_t key_macing_length (desfirekey_t key);
static void xor (const uint8_t *ivect, uint8_t *data, const size_t len) {
for (size_t i = 0; i < len; i++) {
HIGH(whichGpio);
}
+
+void Fpga_print_status(void)
+{
+ Dbprintf("Fgpa");
+ if(downloaded_bitstream == FPGA_BITSTREAM_HF) Dbprintf(" mode.............HF");
+ else if(downloaded_bitstream == FPGA_BITSTREAM_LF) Dbprintf(" mode.............LF");
+ else Dbprintf(" mode.............%d", downloaded_bitstream);
+}
void FpgaSetupSsc(void);
void SetupSpi(int mode);
bool FpgaSetupSscDma(uint8_t *buf, int len);
+void Fpga_print_status();
#define FpgaDisableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS;
#define FpgaEnableSscDma(void) AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
void SetAdcMuxFor(uint32_t whichGpio);
// param:
// bit 0 - trigger from first card answer
// bit 1 - trigger from first reader 7-bit request
-
LEDsoff();
-
iso14443a_setup(FPGA_HF_ISO14443A_SNIFFER);
// Allocate memory from BigBuf for some buffers
// free all previous allocations first
BigBuf_free();
-
+
+ // init trace buffer
+ clear_trace();
+ set_tracing(TRUE);
+
// The command (reader -> tag) that we're receiving.
uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE);
uint8_t *receivedCmdPar = BigBuf_malloc(MAX_PARITY_SIZE);
// The DMA buffer, used to stream samples from the FPGA
uint8_t *dmaBuf = BigBuf_malloc(DMA_BUFFER_SIZE);
- // init trace buffer
- clear_trace();
- set_tracing(TRUE);
-
uint8_t *data = dmaBuf;
uint8_t previous_data = 0;
int maxDataLen = 0;
}
} // main cycle
- DbpString("COMMAND FINISHED");
-
FpgaDisableSscDma();
+ LEDsoff();
+
Dbprintf("maxDataLen=%d, Uart.state=%x, Uart.len=%d", maxDataLen, Uart.state, Uart.len);
Dbprintf("traceLen=%d, Uart.output[0]=%08x", BigBuf_get_traceLen(), (uint32_t)Uart.output[0]);
- LEDsoff();
}
//-----------------------------------------------------------------------------
ar_nr_responses[8], // AR2
ar_nr_responses[9] // NR2
);
+ Dbprintf("../tools/mfkey/mfkey32v2 %06x%08x %08x %08x %08x %08x %08x %08x",
+ ar_nr_responses[0], // UID1
+ ar_nr_responses[1], // UID2
+ ar_nr_responses[2], // NT1
+ ar_nr_responses[3], // AR1
+ ar_nr_responses[4], // NR1
+ ar_nr_responses[7], // NT2
+ ar_nr_responses[8], // AR2
+ ar_nr_responses[9] // NR2
+ );
}
uint8_t len = ar_nr_collected*5*4;
cmd_send(CMD_ACK,CMD_SIMULATE_MIFARE_CARD,len,0,&ar_nr_responses,len);
else {
// Check for ISO 14443A-4 compliant commands, look at left nibble
switch (receivedCmd[0]) {
-
+ case 0x02:
+ case 0x03: { // IBlock (command no CID)
+ dynamic_response_info.response[0] = receivedCmd[0];
+ dynamic_response_info.response[1] = 0x90;
+ dynamic_response_info.response[2] = 0x00;
+ dynamic_response_info.response_n = 3;
+ } break;
case 0x0B:
- case 0x0A: { // IBlock (command)
+ case 0x0A: { // IBlock (command CID)
dynamic_response_info.response[0] = receivedCmd[0];
dynamic_response_info.response[1] = 0x00;
dynamic_response_info.response[2] = 0x90;
dynamic_response_info.response_n = 2;
} break;
- case 0xBA: { //
- memcpy(dynamic_response_info.response,"\xAB\x00",2);
- dynamic_response_info.response_n = 2;
+ case 0xBA: { // ping / pong
+ dynamic_response_info.response[0] = 0xAB;
+ dynamic_response_info.response[1] = 0x00;
+ dynamic_response_info.response_n = 2;
} break;
case 0xCA:
case 0xC2: { // Readers sends deselect command
- memcpy(dynamic_response_info.response,"\xCA\x00",2);
- dynamic_response_info.response_n = 2;
+ dynamic_response_info.response[0] = 0xCA;
+ dynamic_response_info.response[1] = 0x00;
+ dynamic_response_info.response_n = 2;
} break;
default: {
}
}
-
void ReaderTransmitBitsPar(uint8_t* frame, uint16_t bits, uint8_t *par, uint32_t *timing)
{
CodeIso14443aBitsAsReaderPar(frame, bits, par);
}
}
-
void ReaderTransmitPar(uint8_t* frame, uint16_t len, uint8_t *par, uint32_t *timing)
{
ReaderTransmitBitsPar(frame, len*8, par, timing);
}
-
void ReaderTransmitBits(uint8_t* frame, uint16_t len, uint32_t *timing)
{
// Generate parity and redirect
ReaderTransmitBitsPar(frame, len, par, timing);
}
-
void ReaderTransmit(uint8_t* frame, uint16_t len, uint32_t *timing)
{
// Generate parity and redirect
ar_nr_responses[8], // AR2
ar_nr_responses[9] // NR2
);
+ Dbprintf("../tools/mfkey/mfkey32v2 %06x%08x %08x %08x %08x %08x %08x %08x",
+ ar_nr_responses[0], // UID1
+ ar_nr_responses[1], // UID2
+ ar_nr_responses[2], // NT1
+ ar_nr_responses[3], // AR1
+ ar_nr_responses[4], // NR1
+ ar_nr_responses[7], // NT2
+ ar_nr_responses[8], // AR2
+ ar_nr_responses[9] // NR2
+ );
} else {
Dbprintf("Failed to obtain two AR/NR pairs!");
if(ar_nr_collected > 0 ) {
// And reset the Miller decoder including its (now outdated) input buffer
UartInit(receivedCmd, receivedCmdPar);
+ // why not UartReset?
}
TagIsActive = (Demod.state != DEMOD_UNSYNCD);
}
} // main cycle
- DbpString("COMMAND FINISHED");
-
FpgaDisableSscDma();
MfSniffEnd();
-
- Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.len=%x", maxDataLen, Uart.state, Uart.len);
LEDsoff();
+ Dbprintf("maxDataLen=%x, Uart.state=%x, Uart.len=%x", maxDataLen, Uart.state, Uart.len);
}
#ifndef __ISO14443A_H
#define __ISO14443A_H
-#include "../include/common.h"
-#include "../include/mifare.h"
+#include "common.h"
+#include "mifare.h"
#include "mifaresniff.h"
typedef struct {
* false if we are still waiting for some more
*
*/
+ #define abs(x) ( ((x)<0) ? -(x) : (x) )
static RAMFUNC int Handle14443bSamplesDemod(int ci, int cq)
{
int v = 0;
// LEGIC RF simulation code
//-----------------------------------------------------------------------------
-#include "../include/proxmark3.h"
+#include "proxmark3.h"
#include "apps.h"
#include "util.h"
#include "string.h"
#include "legicrf.h"
-#include "../include/legic_prng.h"
-#include "../common/crc.h"
+#include "legic_prng.h"
+#include "crc.h"
static struct legic_frame {
int bits;
for(;;) {
//wait until SSC_CLK goes HIGH
while(!(AT91C_BASE_PIOA->PIO_PDSR & GPIO_SSC_CLK)) {
- if(BUTTON_PRESS() || usb_poll()) {
+ if(BUTTON_PRESS() || (usb_poll_validate_length() )) {
DbpString("Stopped");
return;
}
void printConfig()
{
- Dbprintf("Sampling config: ");
+ Dbprintf("LF Sampling config: ");
Dbprintf(" [q] divisor: %d ", config.divisor);
Dbprintf(" [b] bps: %d ", config.bits_per_sample);
Dbprintf(" [d] decimation: %d ", config.decimation);
void setSamplingConfig(sample_config *sc);
sample_config * getSamplingConfig();
+
+void printConfig();
+
+
#endif // LFSAMPLING_H
#ifndef __MIFARECMD_H\r
#define __MIFARECMD_H\r
\r
-#include "../include/proxmark3.h"\r
+#include "proxmark3.h"\r
#include "apps.h"\r
#include "util.h"\r
#include "string.h"\r
\r
-#include "../common/iso14443crc.h"\r
+#include "iso14443crc.h"\r
#include "iso14443a.h"\r
#include "crapto1.h"\r
#include "mifareutil.h"\r
-#include "../include/common.h"\r
+#include "common.h"\r
+\r
\r
#endif
\ No newline at end of file
#ifndef __MIFARESNIFF_H\r
#define __MIFARESNIFF_H\r
\r
-#include "../include/proxmark3.h"\r
+#include "proxmark3.h"\r
#include "apps.h"\r
#include "util.h"\r
#include "string.h"\r
\r
-#include "../common/iso14443crc.h"\r
+#include "iso14443crc.h"\r
#include "iso14443a.h"\r
#include "crapto1.h"\r
#include "mifareutil.h"\r
-#include "../include/common.h"\r
+#include "common.h"\r
\r
#define SNF_INIT 0\r
#define SNF_NO_FIELD 1\r
//-----------------------------------------------------------------------------\r
// code for work with mifare cards.\r
//-----------------------------------------------------------------------------\r
+#include "crapto1.h"\r
\r
#ifndef __MIFAREUTIL_H\r
#define __MIFAREUTIL_H\r
while(!((sr = AT91C_BASE_EFC0->EFC_FSR) & AT91C_MC_FRDY));
if(sr & (AT91C_MC_LOCKE | AT91C_MC_PROGE)) {
dont_ack = 1;
- cmd_send(CMD_NACK,0,0,0,0,0);
+ cmd_send(CMD_NACK,sr,0,0,0,0);
}
}
} break;
int len = (resp.arg[1] > sizeof(data)) ? sizeof(data) : resp.arg[1];
memcpy(data, resp.d.asBytes, len);
tryMfk32(uid, data, key);
+ tryMfk32_moebius(uid, data, key);
//tryMfk64(uid, data, key);
PrintAndLog("--");
}
c.arg[1] = (datalen & 0xFFFF) | (numbits << 16);
memcpy(c.d.asBytes,data,datalen);
+ clearCommandBuffer();
SendCommand(&c);
if (reply) {
int CmdHF14AMfuELoad(const char *Cmd)
{
- FILE * f;
- char filename[FILE_PATH_SIZE];
- char *fnameptr = filename;
- char buf[64] = {0x00};
- uint8_t buf8[64] = {0x00};
- int i, len, blockNum, numBlocks;
- int nameParamNo = 1;
+ //FILE * f;
+ //char filename[FILE_PATH_SIZE];
+ //char *fnameptr = filename;
+ //char buf[64] = {0x00};
+ //uint8_t buf8[64] = {0x00};
+ //int i, len, blockNum, numBlocks;
+ //int nameParamNo = 1;
char ctmp = param_getchar(Cmd, 0);
int CmdVersion(const char *Cmd)
{
+ clearCommandBuffer();
UsbCommand c = {CMD_VERSION};
static UsbCommand resp = {0, {0, 0, 0}};
-
+
if (resp.arg[0] == 0 && resp.arg[1] == 0) { // no cached information available
SendCommand(&c);
- if (WaitForResponseTimeout(CMD_ACK,&resp,1000) && Cmd != NULL) {
- PrintAndLog("Prox/RFID mark3 RFID instrument");
- PrintAndLog((char*)resp.d.asBytes);
- lookupChipID(resp.arg[0], resp.arg[1]);
- }
- } else if (Cmd != NULL) {
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
PrintAndLog("Prox/RFID mark3 RFID instrument");
PrintAndLog((char*)resp.d.asBytes);
lookupChipID(resp.arg[0], resp.arg[1]);
}
-
+ } else {
+ PrintAndLog("[[[ Cached information ]]]\n");
+ PrintAndLog("Prox/RFID mark3 RFID instrument");
+ PrintAndLog((char*)resp.d.asBytes);
+ lookupChipID(resp.arg[0], resp.arg[1]);
+ PrintAndLog("");
+ }
+ return 0;
+}
+
+int CmdStatus(const char *Cmd)
+{
+ UsbCommand c = {CMD_STATUS};
+ SendCommand(&c);
+ return 0;
+}
+
+int CmdPing(const char *Cmd)
+{
+ clearCommandBuffer();
+ UsbCommand resp;
+ UsbCommand c = {CMD_PING};
+ SendCommand(&c);
+ if (WaitForResponseTimeout(CMD_ACK,&resp,1000)) {
+ PrintAndLog("Ping successfull");
+ }else{
+ PrintAndLog("Ping failed");
+ }
return 0;
}
{"setmux", CmdSetMux, 0, "<loraw|hiraw|lopkd|hipkd> -- Set the ADC mux to a specific value"},
{"tune", CmdTune, 0, "Measure antenna tuning"},
{"version", CmdVersion, 0, "Show version information about the connected Proxmark"},
+ {"status", CmdStatus, 0, "Show runtime status information about the connected Proxmark"},
+ {"ping", CmdPing, 0, "Test if the pm3 is responsive"},
{NULL, NULL, 0, NULL}
};
#include "cmdparser.h" // CmdsParse, CmdsHelp
#include "cmdlfawid.h" // AWID function declarations
#include "lfdemod.h" // parityTest
-
+#include "cmdmain.h"
static int CmdHelp(const char *Cmd);
if (Cmd[0]=='h' || Cmd[0] == 'H') return usage_lf_awid_fskdemod();
UsbCommand c={CMD_AWID_DEMOD_FSK};
c.arg[0]=findone;
+ clearCommandBuffer();
SendCommand(&c);
return 0;
}
c.arg[2] = 96; // Bitstream length: 96-bits == 12 bytes
for (i=0; i < 96; i++)
c.d.asBytes[i] = (BS[i/8] & (1<<(7-(i%8))))?1:0;
- SendCommand(&c);
+ clearCommandBuffer();
+ SendCommand(&c);
return 0;
}
int CmdAWIDClone(const char *Cmd)
{
+clearCommandBuffer();
uint32_t fc=0,cn=0,blocks[4] = {0x00107060, 0, 0, 0x11111111}, i=0;
uint8_t BitStream[12];
uint8_t *BS=BitStream;
- UsbCommand c;
-
+ UsbCommand c, resp;
if (sscanf(Cmd, "%u %u", &fc, &cn ) != 2) {
return usage_lf_awid_clone();
c.arg[1] = i;
c.arg[2] = 0;
SendCommand(&c);
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 1000)){
+ PrintAndLog("Error occurred, device did not respond during write operation.");
+ return -1;
+ }
+
}
}
return 0;
#include "elf.h"
#include "proxendian.h"
#include "usb_cmd.h"
+#include "at91sam7s512.h"
void SendCommand(UsbCommand* txcmd);
void ReceiveCommand(UsbCommand* rxcmd);
return -1;
}
-static int wait_for_ack(void)
+static int wait_for_ack(UsbCommand *ack)
{
- UsbCommand ack;
- ReceiveCommand(&ack);
- if (ack.cmd != CMD_ACK) {
- printf("Error: Unexpected reply 0x%04"llx" (expected ACK)\n", ack.cmd);
+ ReceiveCommand(ack);
+ if (ack->cmd != CMD_ACK) {
+ printf("Error: Unexpected reply 0x%04"llx" (expected ACK)\n", ack->cmd);
return -1;
}
return 0;
c.arg[2] = 0;
}
SendCommand(&c);
- return wait_for_ack();
+ return wait_for_ack(&c);
} else {
fprintf(stderr, "Note: Your bootloader does not understand the new START_FLASH command\n");
fprintf(stderr, " It is recommended that you update your bootloader\n\n");
c.arg[0] = address;
memcpy(c.d.asBytes, block_buf, length);
SendCommand(&c);
- return wait_for_ack();
+ int ret = wait_for_ack(&c);
+ if (ret && c.arg[0]) {
+ uint32_t lock_bits = c.arg[0] >> 16;
+ bool lock_error = c.arg[0] & AT91C_MC_LOCKE;
+ bool prog_error = c.arg[0] & AT91C_MC_PROGE;
+ bool security_bit = c.arg[0] & AT91C_MC_SECURITY;
+ printf("%s", lock_error?" Lock Error\n":"");
+ printf("%s", prog_error?" Invalid Command or bad Keyword\n":"");
+ printf("%s", security_bit?" Security Bit is set!\n":"");
+ printf(" Lock Bits: 0x%04x\n", lock_bits);
+ }
+ return ret;
}
// Write a file's segments to Flash
#include "proxmark3.h"
#include "flash.h"
#include "uart.h"
-#include "../include/usb_cmd.h"
+#include "usb_cmd.h"
#ifdef _WIN32
# define unlink(x)
#define CMD_BUFF_CLEAR 0x0105
#define CMD_READ_MEM 0x0106
#define CMD_VERSION 0x0107
+#define CMD_STATUS 0x0108
+#define CMD_PING 0x0109
+
// For low-frequency tags
#define CMD_READ_TI_TYPE 0x0202
CMD_BUFF_CLEAR = 0x0105,
CMD_READ_MEM = 0x0106,
CMD_VERSION = 0x0107,
-
+ CMD_STATUS = 0x0108,
+ CMD_PING = 0x0109,
--// For low-frequency tags
CMD_READ_TI_TYPE = 0x0202,
CMD_WRITE_TI_TYPE = 0x0203,
while not core.ukbhit() do
local result = core.WaitForResponseTimeout(cmds.CMD_ACK,1000)
if result then
- -- Unpacking the three arg-parameters
- local count,cmd,isOK = bin.unpack('LL',result)
- if isOK ~= 1 then return nil, "Error occurred" end
+ --[[
+ I don't understand, they cmd and args are defined as uint32_t, however,
+ looking at the returned data, they all look like 64-bit things:
+
+ print("result", bin.unpack("HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH", result))
+
+ FF 00 00 00 00 00 00 00 <-- 64 bits of data
+ FE FF FF FF 00 00 00 00 <-- 64 bits of data
+ 00 00 00 00 00 00 00 00 <-- 64 bits of data
+ 00 00 00 00 00 00 00 00 <-- 64 bits of data
+ 04 7F 12 E2 00 <-- this is where 'data' starts
+
+ So below I use LI to pick out the "FEFF FFFF", don't know why it works..
+ --]]
+ -- Unpacking the arg-parameters
+ local count,cmd,isOK = bin.unpack('LI',result)
+ --print("response", isOK)--FF FF FF FF
+ if isOK == 0xFFFFFFFF then
+ return nil, "Button pressed. Aborted."
+ elseif isOK == 0xFFFFFFFE then
+ return nil, "Card is not vulnerable to Darkside attack (doesn't send NACK on authentication requests). You can try 'script run mfkeys' or 'hf mf chk' to test various known keys."
+ elseif isOK == 0xFFFFFFFD then
+ return nil, "Card is not vulnerable to Darkside attack (its random number generator is not predictable). You can try 'script run mfkeys' or 'hf mf chk' to test various known keys."
+ elseif isOK ~= 1 then
+ return nil, "Error occurred"
+ end
-- The data-part is left
// ISO14443 CRC calculation code.
//-----------------------------------------------------------------------------
-#include "../common/iso14443crc.h"
+#include "iso14443crc.h"
static unsigned short UpdateCrc14443(unsigned char ch, unsigned short *lpwCrc)
{
#ifndef __ISO14443CRC_H
#define __ISO14443CRC_H
-#include "../include/common.h"
+#include "common.h"
//-----------------------------------------------------------------------------
// Routines to compute the CRCs (two different flavours, just for confusion)
//-----------------------------------------------------------------------------
-#include "../include/proxmark3.h"
+#include "proxmark3.h"
#include <stdint.h>
#include <stdlib.h>
//#include "iso15693tools.h"
// LEFIC's obfuscation function
//-----------------------------------------------------------------------------
-#include "../include/legic_prng.h"
+#include "legic_prng.h"
struct lfsr {
uint8_t a;
return (pUdp->UDP_CSR[AT91C_EP_OUT] & btReceiveBank);\r
}\r
\r
+/**\r
+ In github PR #129, some users appears to get a false positive from\r
+ usb_poll, which returns true, but the usb_read operation\r
+ still returns 0.\r
+ This check is basically the same as above, but also checks\r
+ that the length available to read is non-zero, thus hopefully fixes the\r
+ bug.\r
+**/\r
+bool usb_poll_validate_length()\r
+{\r
+\r
+ if (!usb_check()) return false;\r
+ if (!(pUdp->UDP_CSR[AT91C_EP_OUT] & btReceiveBank)) return false;\r
+ return (pUdp->UDP_CSR[AT91C_EP_OUT] >> 16) > 0;\r
+}\r
+\r
//*----------------------------------------------------------------------------\r
//* \fn usb_read\r
//* \brief Read available data from Endpoint OUT\r
void usb_enable();\r
bool usb_check();\r
bool usb_poll();\r
+bool usb_poll_validate_length();\r
uint32_t usb_read(byte_t* data, size_t len);\r
uint32_t usb_write(const byte_t* data, const size_t len);\r
\r
#define CMD_BUFF_CLEAR 0x0105
#define CMD_READ_MEM 0x0106
#define CMD_VERSION 0x0107
+#define CMD_STATUS 0x0108
+#define CMD_PING 0x0109
// For low-frequency tags
#define CMD_READ_TI_TYPE 0x0202