]>
cvs.zerfleddert.de Git - proxmark3-svn/log
iceman1001 [Fri, 23 Sep 2016 14:35:26 +0000 (16:35 +0200)]
FIX: This commit fixes the broken LF since I change the spindelay calls. The original problem is that spindelayus calls is incremented with21.3us each step, making it very hard to find exact timings found in the datasheets for T55x7, HID etcetc. When @marshmellow and I looked into this 2014, I had this on my back of my mind but forgot it since I didn't know how the source code / pm3 worked. This behavior in spindelayus has given the bit-period for ON/OFF measured in (us) very hard to find. Its kind of magic that it worked so far so good. Well until I started to look into the "hf legic" bitbanging ASK ON/OFF keying and that one needs a much more precis timer. Same goes for the PCF7931 code.
I've added a precise timer in the new files ticks.c and moved some older stuff from util.c to have a solid base for this.
UNTESTED, and the timings measured for t55x7 in lfops.c and other parts has not been adjusted to this "correct" timer.
Iceman [Wed, 21 Sep 2016 18:37:43 +0000 (20:37 +0200)]
Update README.md
Added a dontation call, https://paypal.me/iceman1001/
iceman1001 [Wed, 21 Sep 2016 17:03:32 +0000 (19:03 +0200)]
CHG: extracted some timers functionality, to get unified access to a timer/clock which counts in ticks. Moved stuff from util.c
iceman1001 [Tue, 20 Sep 2016 21:20:27 +0000 (23:20 +0200)]
ADD: some new mifare key found,
iceman1001 [Wed, 14 Sep 2016 14:18:04 +0000 (16:18 +0200)]
CHG: adjusted timing according to @sentinel 's traces
Iceman [Tue, 13 Sep 2016 21:37:39 +0000 (23:37 +0200)]
Merge pull request #26 from ickerwx/indentation_fix
Indentation fix
René Werner [Tue, 13 Sep 2016 19:04:13 +0000 (21:04 +0200)]
used tabs instead of spaces
René Werner [Tue, 13 Sep 2016 18:57:25 +0000 (20:57 +0200)]
fixed indentation to get rid of warnings
warnings are treated as errors, so a warning due to misleading
indentation is kinda annoying
iceman1001 [Mon, 12 Sep 2016 07:19:49 +0000 (09:19 +0200)]
CHG: Small steps, the waiting time between frames was unclear. At least now the tags answers to a readbyte command after the setup phase.
iceman1001 [Sun, 11 Sep 2016 09:14:12 +0000 (11:14 +0200)]
CHG: reverted back from the idea of measureing in (us) microseconds, the timer is too raw, gives 10-15us delays. Now we are measuring ticks, which is (1 us = 1.5ticks)
like it was before. ie: 80us = 80*1.5 = 120ticks.
iceman1001 [Sat, 10 Sep 2016 20:47:11 +0000 (22:47 +0200)]
CHG: this timing should be quite good. needs to be verified.
iceman1001 [Sat, 10 Sep 2016 19:43:08 +0000 (21:43 +0200)]
CHG: a better micro second (us) spindely function. At average it has 8-10us delay, but its linear. Making error less when you want to wait longer..
SpinDelayCountUs(20) gives a delay of 28us.
SpinDelayCountUs(100) gives a delay of 110us.
SpinDelayCountUs(500) gives a delay of 508us.
iceman1001 [Fri, 9 Sep 2016 09:58:53 +0000 (11:58 +0200)]
ADD: since the client now calls legic prng, this is needed here too.
CHG: the OS X QT4 vs QT5 detection. NOT fixed yet.
iceman1001 [Fri, 9 Sep 2016 09:57:31 +0000 (11:57 +0200)]
FIX: Even the US clock had the issues with not resetting properly. Now its always ZERO when you call StartCountUS.
iceman1001 [Fri, 9 Sep 2016 09:56:20 +0000 (11:56 +0200)]
In my attempts to make the LEGIC code better, its not working now. Timings if off.
CHG: switching to US clock.
CHG: better trace annotation for legic
CHG: Legic prng can now give a x bits in once.
iceman1001 [Wed, 7 Sep 2016 10:36:46 +0000 (12:36 +0200)]
CHG: better annotation for 'legic'
iceman1001 [Sat, 3 Sep 2016 10:20:12 +0000 (12:20 +0200)]
FIX: Better legic annotation, show which byte was targeted during read and write commands.
iceman1001 [Sat, 3 Sep 2016 10:19:05 +0000 (12:19 +0200)]
FIX: IV now is trunckated to 7bits in 'hf legic read,write, writeraw'
FIX: IV LSB bit is always set, in 'hf legic read,write, writeraw'
iceman1001 [Sat, 3 Sep 2016 10:18:02 +0000 (12:18 +0200)]
FIX: the acknowledgement response in setup phase now deals with MIN22, MIN256, MIN1024 tag accordingly.
iceman1001 [Fri, 2 Sep 2016 14:25:54 +0000 (16:25 +0200)]
ADD: started to add tracelog in legic
ADD: remake of legic codebase.
ADD: started with a annotation for LEGIC in 'hf list'
iceman1001 [Thu, 1 Sep 2016 18:36:42 +0000 (20:36 +0200)]
CHG: Adding clarity to the command helptext.
iceman1001 [Thu, 1 Sep 2016 18:36:10 +0000 (20:36 +0200)]
CHG: Supressing output for LF or HF antenna values if zero, in 'hw tune' command
iceman1001 [Thu, 1 Sep 2016 18:34:56 +0000 (20:34 +0200)]
FIX: added a sanity check in preamble search to make sure it doesn't look out-of-bounds in the memcmp call
iceman1001 [Thu, 1 Sep 2016 18:31:22 +0000 (20:31 +0200)]
CHG: removed call to bigbuff free.
iceman1001 [Thu, 1 Sep 2016 14:11:31 +0000 (16:11 +0200)]
CHG: a different version string when compiling on systems without git or the release tags.
iceman1001 [Thu, 1 Sep 2016 14:10:25 +0000 (16:10 +0200)]
FIX: Only need to print a uint32_t,
iceman1001 [Thu, 1 Sep 2016 14:09:31 +0000 (16:09 +0200)]
FIX: bug in nextwatch demod, which if the found psk bits was smaller than the preamble the client crashed.
REM: removed some debugstatements
iceman1001 [Wed, 31 Aug 2016 22:52:54 +0000 (00:52 +0200)]
CHG: reverting use of bigbuff, because I forgot that every switch between LF/HF images destroys BigBuff.
iceman1001 [Wed, 31 Aug 2016 20:10:06 +0000 (22:10 +0200)]
CHG: removed a redundant include to strings.h, which made compilation errors on OS X
iceman1001 [Wed, 31 Aug 2016 19:11:57 +0000 (21:11 +0200)]
FIX: should fix the typedefintion error for OS X regarding bool cmd_send
iceman1001 [Wed, 31 Aug 2016 17:24:18 +0000 (19:24 +0200)]
CHG: A repaint the plot window should be done to make sure its visual.
iceman1001 [Wed, 31 Aug 2016 17:22:52 +0000 (19:22 +0200)]
CHG: the loop in main, for usb_poll_validate_length, shouldn't do anything, it should be done inside the next call to usb_read...
iceman1001 [Wed, 31 Aug 2016 17:18:48 +0000 (19:18 +0200)]
CHG: this timeout doesn't influence the bad performance with my older pm3 device (green pcb). I think its too slow.
iceman1001 [Wed, 31 Aug 2016 17:17:39 +0000 (19:17 +0200)]
FIX: Forget that the prng was 0x8000 length and not 0xFFFF. Sorry. Also returned to the decomposed loop. Don't know if this armsrc optimises this at compilation time. Does someone know?
CHG: returned the iso14443a_setup order, it might influence my older PM3 device.
*Note* my Elechouse revisions PM3 works great with this but my older xpfga (green pcb) is hopeless. It can't fix onto the nonces in 'hf mf mifare' I think its too slow.
iceman1001 [Mon, 29 Aug 2016 18:29:31 +0000 (20:29 +0200)]
ADD: added a simple averging filter function. input parameter K, can be 1 to 8
ref: http://www.edn.com/design/systems-design/
4320010 /A-simple-software-lowpass-filter-suits-embedded-system-applications
iceman1001 [Fri, 26 Aug 2016 20:31:45 +0000 (22:31 +0200)]
FIX: the check for formatlen was wrong.
Still missing the other formats, only 26bit in this one.
iceman1001 [Fri, 26 Aug 2016 15:19:27 +0000 (17:19 +0200)]
CHG: starting to add the legic changes.. *work in progress*
iceman1001 [Fri, 26 Aug 2016 15:18:48 +0000 (17:18 +0200)]
FIX: minor adjustments to 'lf awid bruteforce'
FIX: making the 'lf hid bruteforce' to work the same way as the awid one..
iceman1001 [Fri, 26 Aug 2016 15:17:40 +0000 (17:17 +0200)]
FIX: fixes the broken build,...
FIX: increased the timeout, to make 'hf mf chk' work better.
iceman1001 [Fri, 26 Aug 2016 14:35:30 +0000 (16:35 +0200)]
FIX: 'lf awid bruteforce' cleaning up all debug messages
iceman1001 [Fri, 26 Aug 2016 14:22:56 +0000 (16:22 +0200)]
FIX: Better udp_csr handeling. Usb messages gets to the device better, which makes "lf awid bruteforce" work :)
iceman1001 [Wed, 24 Aug 2016 13:05:10 +0000 (15:05 +0200)]
CHG: forgot a semicolon...
iceman1001 [Wed, 24 Aug 2016 13:01:36 +0000 (15:01 +0200)]
CHG: removed some extra time to sync,
CHG: first_try , it must recalibrate all the times when it comes from the client.
iceman1001 [Wed, 24 Aug 2016 12:58:50 +0000 (14:58 +0200)]
some text changes.
iceman1001 [Wed, 24 Aug 2016 12:10:30 +0000 (14:10 +0200)]
CHG: added a verification to see if the found candidate key was able to validate against tag. If not ok, start darkside attack again.
iceman1001 [Wed, 24 Aug 2016 10:37:31 +0000 (12:37 +0200)]
FIX: the underlaying bug on deviceside code. The SSPCLOCK wasn't reset to zero sometimes. More specific, TC2 wasn't reset cause all sorts of timing issues for the device side randomly. Like 'hf mf mifare', like iclass, like 'hf mf sim' etc etc.
iceman1001 [Wed, 24 Aug 2016 10:35:24 +0000 (12:35 +0200)]
CHG: change the number of calls to prng_successor was done. Fewer should mean faster :)
iceman1001 [Wed, 24 Aug 2016 10:34:34 +0000 (12:34 +0200)]
CHG: fixed the collapsing comments when opening this file in notepad++ Need spaces between // text or /* ...
iceman1001 [Wed, 24 Aug 2016 10:32:43 +0000 (12:32 +0200)]
REM: removed an test function
iceman1001 [Wed, 24 Aug 2016 10:32:05 +0000 (12:32 +0200)]
CHG: Changed the number of times the call to prng_successor is called.
iceman1001 [Wed, 24 Aug 2016 10:31:09 +0000 (12:31 +0200)]
CHG: syntax suger.
iceman1001 [Sun, 21 Aug 2016 18:51:29 +0000 (20:51 +0200)]
CHG: updated Reveng version from 1.4.0 -> 1.4.4 .
---snippet from their update log:
1.4.4 27 July 2016
Added 5 new algorithms, CRC-8/AUTOSAR, CRC-8/OPENSAFETY, CRC-16/OPENSAFETY-A, CRC-16/OPENSAFETY-B and CRC-32/AUTOSAR from the CRC Catalogue.
Added a build option to verify the order of the preset and alias tables at compile time.
1.4.3 14 July 2016
Added algorithm CRC-16/CMS from the CRC Catalogue.
1.4.2 8 July 2016
Added algorithm CRC-16/PROFIBUS from the CRC Catalogue.
1.4.1a 29 June 2016
Fixed a regression that caused the Windows release to crash on older systems.
1.4.1 27 June 2016
-P sets the Width value just like -k.
pcmp() quickly returns when the comparands are identical.
Added resources for the Windows executable.
iceman1001 [Sun, 14 Aug 2016 15:38:54 +0000 (17:38 +0200)]
ADD: Mifare Desfire defines
iceman1001 [Sun, 14 Aug 2016 15:38:11 +0000 (17:38 +0200)]
chg; syntax suger
iceman1001 [Sun, 14 Aug 2016 15:11:42 +0000 (17:11 +0200)]
help text adjustments
iceman1001 [Sun, 14 Aug 2016 15:04:40 +0000 (17:04 +0200)]
ADD: added a sanity check in T55x7 commands info/trace/detect against useing the commands when device is in offline but user didn't use '1' in arguments.
iceman1001 [Sun, 14 Aug 2016 14:29:39 +0000 (16:29 +0200)]
add: annotage Mifare Desfire. from https://github.com/JohannesStoye/proxmark3/commit/
3102c1bae358566e112e465e58da27ffb7219bc9 #diff-
93cfa90a992ea759349344d0de98029e
Thanks @johannesStoye
iceman1001 [Wed, 10 Aug 2016 14:29:23 +0000 (16:29 +0200)]
chg: remove a char..
iceman1001 [Wed, 10 Aug 2016 14:28:23 +0000 (16:28 +0200)]
CHG: more struct errors.. my bad,
iceman1001 [Wed, 10 Aug 2016 14:25:56 +0000 (16:25 +0200)]
CHG: removed some debug statements, added another. Change the crapto1.c, lets see if the special attack works better now against chinese clones.
iceman1001 [Wed, 10 Aug 2016 14:24:49 +0000 (16:24 +0200)]
CHG: minor code cleaning in 'hf 14a reader'
iceman1001 [Wed, 10 Aug 2016 14:23:59 +0000 (16:23 +0200)]
CHG: on a slow usb connection it seems the pingcmd which stops the bruteforce on deviceside doesnt get there. Lets send three pings to make sure the device gets it.
iceman1001 [Wed, 10 Aug 2016 08:55:29 +0000 (10:55 +0200)]
FIX: at least now the special zero parity attack, repeats and doesn't crash. However it doesn't find the key either :(
iceman1001 [Tue, 9 Aug 2016 21:13:18 +0000 (23:13 +0200)]
CHG; still looking at 14b, this time started to look at the tracelog times not working.
iceman1001 [Tue, 9 Aug 2016 21:11:07 +0000 (23:11 +0200)]
started fixing the paritiy == 0 special attack against chinese clones with bad prng, which hasnt been working for ages.
iceman1001 [Tue, 9 Aug 2016 10:15:26 +0000 (12:15 +0200)]
fix: wrong spelling
iceman1001 [Tue, 9 Aug 2016 10:11:11 +0000 (12:11 +0200)]
FIX: Travis CI complains about missing stdbool.h includes
iceman1001 [Tue, 9 Aug 2016 09:56:06 +0000 (11:56 +0200)]
ADD: 'lf awid brute' is now possible to give a starting cardnumber. if given, the bruteforce loops from it as a mid point. Testing one step up, then one step down until it reaches 65535 and 0.
CHG: 'lf awid brute' inputs are now changed, take notice to new format.
iceman1001 [Tue, 9 Aug 2016 07:12:16 +0000 (09:12 +0200)]
syntax suger
chg: added clearCommandBuffer(); before calls to sendcommand.
iceman1001 [Tue, 9 Aug 2016 07:10:26 +0000 (09:10 +0200)]
CHG: textual fixes in help text
CHG: better exit message for 'lf awid bruteforce'
iceman1001 [Mon, 8 Aug 2016 20:17:15 +0000 (22:17 +0200)]
FIX: delay was parsed incorrect into a uint8_t...
CHG: help text fixed
iceman1001 [Mon, 8 Aug 2016 20:09:51 +0000 (22:09 +0200)]
ADD: Added a delay in ms to 'lf awid brute' Thanks to @crayon for the idea.
iceman1001 [Mon, 8 Aug 2016 19:27:53 +0000 (21:27 +0200)]
FIX: the cmdline parsing was a bit too hard. Thanks to @crayon for pointing out there were a bug here.
iceman1001 [Mon, 8 Aug 2016 17:02:46 +0000 (19:02 +0200)]
layouts.
iceman1001 [Mon, 8 Aug 2016 17:00:53 +0000 (19:00 +0200)]
even more..
iceman1001 [Mon, 8 Aug 2016 17:00:09 +0000 (19:00 +0200)]
more layout
iceman1001 [Mon, 8 Aug 2016 16:58:05 +0000 (18:58 +0200)]
correcting the layout...
iceman1001 [Mon, 8 Aug 2016 16:51:34 +0000 (18:51 +0200)]
textual changes.
iceman1001 [Mon, 8 Aug 2016 16:07:36 +0000 (18:07 +0200)]
CHG: added the libncurses5-dev instruction for COMPILING.txt
CHG: updated the readme with latest changes from changelog
iceman1001 [Mon, 8 Aug 2016 15:56:04 +0000 (17:56 +0200)]
textual changes
iceman1001 [Mon, 8 Aug 2016 15:49:30 +0000 (17:49 +0200)]
ADD: J-Run's 2nd phase tool mf_key_brute ref: https://github.com/J-Run/mf_key_brute Estimated time to search keyspace is ~18min.
J_Run's 2nd phase of multiple sector nested authentication key recovery
You have a known 4 last bytes of a key recovered with mf_nonce_brute tool.
First 2 bytes of key will be bruteforced
Usage: hf mf keybrute [h] <block number> <A|B> <key>
options:
h this help
<block number> target block number
<A|B> target key type
<key> candidate key from mf_nonce_brute tool
samples:
hf mf keybrute 1 A
000011223344
iceman1001 [Mon, 8 Aug 2016 05:46:12 +0000 (07:46 +0200)]
Merge branch 'master' of https://github.com/iceman1001/proxmark3
Iceman [Mon, 8 Aug 2016 05:43:26 +0000 (07:43 +0200)]
Merge pull request #21 from alexgrin/iceman_master
FIX: erroneous semicolon
Alexis Green [Mon, 8 Aug 2016 03:07:25 +0000 (20:07 -0700)]
FIX: erroneous semicolon
iceman1001 [Sun, 7 Aug 2016 20:15:35 +0000 (22:15 +0200)]
fix: forgot something small.. sloppy.
iceman1001 [Sun, 7 Aug 2016 20:05:10 +0000 (22:05 +0200)]
ADD: added the 'max frame size' parameter set, valid sizes: 16|24|32|40|48|64|96|128|256
it can be verified by setting debuglevel to 3 or more.
iceman1001 [Sun, 7 Aug 2016 19:19:11 +0000 (21:19 +0200)]
CHG: fixes to match the new arguments to the darkside attack (keytype A|B and blocknumber) in mifare_autopwn.lua script.
iceman1001 [Sun, 7 Aug 2016 19:08:17 +0000 (21:08 +0200)]
CHG: moved some TEA crypto stuff from 14b into analyse.
iceman1001 [Sun, 7 Aug 2016 19:05:09 +0000 (21:05 +0200)]
CHG: increased the script-filename column width from 16 to 21.
iceman1001 [Sun, 7 Aug 2016 16:50:25 +0000 (18:50 +0200)]
textual changes.
iceman1001 [Sun, 7 Aug 2016 16:49:36 +0000 (18:49 +0200)]
CHG: applied some of the changes unto "hf 14b snoop" *untested* Hard to test without a proper reader/tag to snoop
iceman1001 [Sun, 7 Aug 2016 15:49:33 +0000 (17:49 +0200)]
CHG: iso14443b.c got some more love. using the "hf 14b raw" command gives now a much stabil read from more distances than before.
Iceman [Sat, 6 Aug 2016 20:42:39 +0000 (22:42 +0200)]
Merge pull request #20 from alexgrin/iceman_master
FIX: Coverity badge link now works.
Alexis Green [Thu, 4 Aug 2016 22:52:54 +0000 (15:52 -0700)]
FIX: Coverity badge link now works.
iceman1001 [Thu, 4 Aug 2016 19:57:40 +0000 (21:57 +0200)]
CHG: some calyspo stuff
iceman1001 [Thu, 4 Aug 2016 19:57:18 +0000 (21:57 +0200)]
CHG: marshmellow42 's improved "hf mf sim x"
iceman1001 [Thu, 4 Aug 2016 19:54:11 +0000 (21:54 +0200)]
CHG: moved a defince arraylen into util.h and changed to uppercase.
iceman1001 [Thu, 4 Aug 2016 19:52:32 +0000 (21:52 +0200)]
CHG: trying to unify the crc algos in one place.
iceman1001 [Thu, 4 Aug 2016 19:51:26 +0000 (21:51 +0200)]
ADD: @donwan581 select keytype for the darkside attack.
iceman1001 [Thu, 4 Aug 2016 19:37:43 +0000 (21:37 +0200)]
CHG: cleaning up.