* Jonor's hf 14a raw timing patch
* Piwi's updates. (usually gets into the master)
- * Piwi's "topaz" branch (not merged)
+ * Piwi's "topaz" branch
+ * Piwi's "hardnested" branch
* Holiman's iclass, (usually gets into the master)
* Marshmellow's fixes (usually gets into the master)
* Midnitesnake's Ultralight, Ultralight-c enhancements
* Minor textual changes here and there.
* Simulation of Ultralight/Ntag.
* Marshmellow's and my "RevEng" addon for the client. Ref: http://reveng.sourceforge.net/
- * Someone's alterantive bruteforce Mifare changes.. (you need the two other exe to make it work)
- *
+ * Someone's alternative bruteforce Mifare changes.. (you need the two other exe to make it work)
+
+ * A Bruteforce for T55XX passwords against tag.
+ * A Bruteforce for AWID 26, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a AWID Reader.
+
Give me a hint, and I'll see if I can't merge in the stuff you have.
The Proxmark 3 is available for purchase (assembled and tested) from the
following locations:
- * http://proxmark3.com/
- * http://www.xfpga.com/
+ * http://www.elechouse.com (new and revised hardware package 2015)
+
Most of the ultra-low-volume contract assemblers could put
something like this together with a reasonable yield. A run of around
reveng/poly.c\
reveng/getopt.c\
tea.c\
-
+ prng.c
ZLIBSRCS = deflate.c adler32.c trees.c zutil.c inflate.c inffast.c inftrees.c
ZLIB_FLAGS = -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED
}
int usage_data_hex2bin(){
-
- PrintAndLog("Usage: data bin2hex <binary_digits>");
+ PrintAndLog("Usage: data hex2bin <hex_digits>");
PrintAndLog(" This function will ignore all non-hexadecimal characters (but stop reading on whitespace)");
return 0;
-
}
int Cmdhex2bin(const char *Cmd)
{
int bg =0, en =0;
- if(param_getptr(Cmd, &bg, &en, 0))
- {
- return usage_data_hex2bin();
- }
-
+ if(param_getptr(Cmd, &bg, &en, 0)) return usage_data_hex2bin();
while(bg <= en )
{
// hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii
// up to 64 bytes or 512 bits
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize){
- static uint8_t buf[64];
+ uint8_t buf[64];
memset(buf, 0x00, 64);
uint8_t *tmp = buf;
for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
return tmp;
}
+void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest){
+ for (uint8_t block=0; block < (uint8_t)(len/blockSize); block++){
+ for (size_t i = 0; i < blockSize; i++){
+ dest[i+(blockSize*block)] = src[(blockSize-1-i)+(blockSize*block)];
+ }
+ }
+}
+
+
// -------------------------------------------------------------------------
// string parameters lib
// -------------------------------------------------------------------------
uint64_t bytes_to_num(uint8_t* src, size_t len);
void num_to_bytebits(uint64_t n, size_t len, uint8_t *dest);
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize);
+void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest);
char param_getchar(const char *line, int paramnum);
int param_getptr(const char *line, int *bg, int *en, int paramnum);
--- /dev/null
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+// Burtle Prng - Modified. 42iterations instead of 20.
+// ref: http://burtleburtle.net/bob/rand/smallprng.html
+//-----------------------------------------------------------------------------
+#include "prng.h"
+
+#define rot(x,k) (((x)<<(k))|((x)>>(32-(k))))
+uint32_t burtle_get_mod( prng_ctx *x ) {
+ uint32_t e = x->a - rot(x->b, 21);
+ x->a = x->b ^ rot(x->c, 19);
+ x->b = x->c + rot(x->d, 6);
+ x->c = x->d + e;
+ x->d = e + x->a;
+ return x->d;
+}
+
+void burtle_init_mod(prng_ctx *x, uint32_t seed ) {
+ x->a = 0xf1ea5eed;
+ x->b = x->c = x->d = seed;
+ for (uint8_t i=0; i < 42; ++i) {
+ (void)burtle_get_mod(x);
+ }
+}
+
+void burtle_init(prng_ctx *x, uint32_t seed ) {
+ uint32_t i;
+ x->a = 0xf1ea5eed, x->b = x->c = x->d = seed;
+ for (i=0; i < 20; ++i) {
+ (void)burtle_get_mod(x);
+ }
+}
+
+
+uint32_t GetSimplePrng( uint32_t seed ){
+ seed *= 0x19660D;
+ seed += 0x3C6EF35F;
+ return seed;
+}
--- /dev/null
+//-----------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+// Burtle Prng - Modified. 42iterations instead of 20.
+// ref: http://burtleburtle.net/bob/rand/smallprng.html
+//-----------------------------------------------------------------------------
+
+#ifndef __PRNG_H
+#define __PRNG_H
+#include <stdint.h>
+#include <stddef.h>
+typedef struct prng_ctx {
+ uint32_t a;
+ uint32_t b;
+ uint32_t c;
+ uint32_t d;
+} prng_ctx;
+
+//uint32_t burtle_get( prng_ctx *x );
+uint32_t burtle_get_mod( prng_ctx *x );
+void burtle_init_mod(prng_ctx *x, uint32_t seed );
+void burtle_init(prng_ctx *x, uint32_t seed );
+
+uint32_t GetSimplePrng( uint32_t seed );
+#endif /* __PRNG_H */
\ No newline at end of file
#define ROUNDS 32
#define DELTA 0x9E3779B9
#define SUM 0xC6EF3720
-#define SWAPENDIAN(x)\
- (x = (x >> 8 & 0xff00ff) | (x & 0xff00ff) << 8, x = x >> 16 | x << 16)
void tea_encrypt(uint8_t *v, uint8_t *key) {
//input
y = bytes_to_num(v, 4);
z = bytes_to_num(v+4, 4);
-
- // SWAPENDIAN(a);
- // SWAPENDIAN(b);
- // SWAPENDIAN(c);
- // SWAPENDIAN(d);
- // SWAPENDIAN(y);
- // SWAPENDIAN(z);
while ( n-- > 0 ) {
sum += DELTA;
z += ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d);
}
- // SWAPENDIAN(y);
- // SWAPENDIAN(z);
-
num_to_bytes(y, 4, v);
num_to_bytes(z, 4, v+4);
}
y = bytes_to_num(v, 4);
z = bytes_to_num(v+4, 4);
- // SWAPENDIAN(a);
- // SWAPENDIAN(b);
- // SWAPENDIAN(c);
- // SWAPENDIAN(d);
- // SWAPENDIAN(y);
- // SWAPENDIAN(z);
-
/* sum = delta<<5, in general sum = delta * n */
while ( n-- > 0 ) {
z -= ((y << 4) + c) ^ (y + sum) ^ ((y >> 5) + d);
y -= ((z << 4) + a) ^ (z + sum) ^ ((z >> 5) + b);
sum -= DELTA;
}
-
- // SWAPENDIAN(y);
- // SWAPENDIAN(z);
num_to_bytes(y, 4, v);
num_to_bytes(z, 4, v+4);
}