iceman1001 [Wed, 15 Feb 2017 01:44:34 +0000 (02:44 +0100)]
FIX: coverity scan found some bugs in EMV code. These are the fixes to:
-CID 141293 - missing va_end call
-CID 141290 - return var not always given a value
-CID 141289 - array out of bounds write. off by one.
-CID 141288 - dead code because of CID 141287
-CID 141287 - wrong mask
-CID 141286 - wrong mask value
iceman1001 [Mon, 13 Feb 2017 14:32:48 +0000 (15:32 +0100)]
FIX: 'EMV compiling' - Makefiles are very picky about how things are done. its parser is a bit paranoid. So, to make things easier and more correct.
- armsrc/Makefile when commenting out functionality, move it below the comment otherwise APPS_CFLAG breaks to early. See WITH_LCD
- common/Makefile.common enable / disable EMV, uncomment two lines. then make clean && make all. flash, MIGHT NOT work on 256kb devices
FIX: missing break in appmain.c made it go to iclass function..
iceman1001 [Mon, 13 Feb 2017 09:58:28 +0000 (10:58 +0100)]
FIX: T5555/Q5 datarate when used in "Q" parameter, consequential fix in lf commands. (RF-2/2) ie: ((64-2)>>1)
ADD: Marshmellow42 's timing fixes for em4305.
iceman1001 [Tue, 7 Feb 2017 21:26:06 +0000 (22:26 +0100)]
FIX: first attempt to clean up EM4x50 commands.
- `lf em4x readwordPWD` merged into `lf em4x readword` See help text
- `lf em4x writewordPWD` merged into `lf em4x writeword` See help text
- `lf em4x readword` now download the collected signal data after command.
On device side the lfops.c has gotten some love. Code cleaner, increased EM_START_GAP from 55 FC to 56 FC, because of how our microsecond(us) clock works with 21.3us increments.
TODO: `lf em4x em4x50read` needs to be factored to use @marshmellow42 's ASKdemod instead of trying to do itself.
iceman1001 [Sun, 5 Feb 2017 20:09:36 +0000 (21:09 +0100)]
CHG: '-DWITH_EMV' - fixing some compilation errors when compiling with peter fillmore's emv code. Warning a 256kb Proxmark3 device will only have 7% memory left if you enable this
iceman1001 [Wed, 1 Feb 2017 13:09:26 +0000 (14:09 +0100)]
FIX: 'standalone_14a mode' - cleaned up the standalone14a mode code. It now detects and simulates 4,7byte uids, like it should. code refactored to be easier to understand.
iceman1001 [Wed, 1 Feb 2017 11:50:54 +0000 (12:50 +0100)]
CHG: rename a local scope variable "data"->"cmd"
CHG: call params to selectcard too few
CHG: 'standalone HF mode' - when copying second UID onto data array, it should append after first one, not over the first one.
ref: https://github.com/iceman1001/proxmark3/issues/77 Lets see if this fixes the HF part of this issue
iceman1001 [Tue, 31 Jan 2017 15:11:57 +0000 (16:11 +0100)]
CHG: 'lf snoop' - now automatically downloads samples after finished. (annoying step to do over and over)
FIX: 'lf snoop' - now turns of LF antenna after snoop.
FIX: 'lf cotag read' - now waits until the ACK cmd arrives before downloading samples.
iceman1001 [Mon, 30 Jan 2017 15:51:07 +0000 (16:51 +0100)]
ADD: added the writedumpfile function from "14araw.lua" into utils.lua
ADD: `ufodump.lua` - added the Aztek dump script. Since its an unknown tag hence the name.
iceman1001 [Sun, 29 Jan 2017 22:09:23 +0000 (23:09 +0100)]
FIX: 'hf 14a sim x' - adjusted and shows messages when verbose.
FIX: 'hf mf sim x i' - same as above.
In general we only use Moebius attack for "sim x", that means a clean up on device side code. simpler to understand. It still tries to gather 8 different collections of nonces combo. When one is complete, it get sent to client which runs moebius direct.
iceman1001 [Sun, 29 Jan 2017 10:29:15 +0000 (11:29 +0100)]
FIX: 'hf 14a sim x' - this fixes the error with using moebius attack and sim. Updating the nonce variable doesn't change the premodulated response. And it should update everytime it gets a command. One concering issue is that this takes time. Successfully works with two PM3. One acting reader, another sim.
iceman1001 [Sun, 29 Jan 2017 09:41:48 +0000 (10:41 +0100)]
CHG: the mifare Auth command can make use of a random nonce aswell.
CHG: since sim commands are timing critical, I'm testing a smaller prand prng function from Intel
iceman1001 [Tue, 24 Jan 2017 23:33:03 +0000 (00:33 +0100)]
CHG: fiddled with the headerfiles... and makefile... Tried to make them behave nice. So it isnt a hell to add new functions from third-party (like des, aes etc)
Added a lot of #ifndef , extern C,
Move inside from ARMSRC -> THUMBS, which made the compiled image smaller.. I don't know if it broke anything.
Moved MF_DBGLEVEL definitions into common.h
Moved print_result from util.c into appmain.c
Also split up some struct typedef into header files so they could be reused in other code places.
projects / proxmark3-svn / log