iceman1001 [Tue, 15 Nov 2016 11:49:13 +0000 (12:49 +0100)]
CHG: "hf mf hardnested"
- latest clean up from @matrix
- the device still doesnt answer when brute_force call fails. I've been trying to get the device to init after the brute_force call.
iceman1001 [Mon, 14 Nov 2016 20:41:18 +0000 (21:41 +0100)]
FIX: 'LF PYRAMID' the crc8_MAXIM and crc16_DNP was calling the wrong crc method. (update2 is the older and correct version). This solves the pyrmid issue with wrong checksums calculated.
Thanks to @rookieatall @marshmellow42 for pointing out the bug. ref: http://www.proxmark.org/forum/viewtopic.php?id=4006
iceman1001 [Sat, 5 Nov 2016 13:54:25 +0000 (14:54 +0100)]
FIX: @matrix https://github.com/matrix/proxmark3/commit/869a03c2c6267db16cd1418b9e5f2b9049b9a015
it still counts down the good bytes,
and I fixed the elapsed time.
iceman1001 [Sat, 29 Oct 2016 20:12:38 +0000 (22:12 +0200)]
FIX: several calls to nonce2key/nonce2key_ex has problems with not clearing up memory pointers laying around.
Still exists problem which needs to be dealt with.
iceman1001 [Sat, 29 Oct 2016 19:41:02 +0000 (21:41 +0200)]
FIX: 'hf mf mifare' - special zero parity attack vector now works. Thanks to the dude who figured this vector out: @douniwan5788 (sorry for comments, I was clearly wrong.) @piwi - for proving me wrong.
this version uses int64_t (signed) to signify end-of-lists (-1). It also needs its own compare function for the qsort. I didn't merge this into existing code which uses uint64_t. (too lazy)
iceman1001 [Fri, 28 Oct 2016 18:43:07 +0000 (20:43 +0200)]
CHG: 'HF MF C*' (chinese backdoor commands) According to douniwan5788 some magic/clone tags answers to the halt cmd and some not. I think I captured his ideas.
- Fix `hf mf sim` to use nonce_t structures, so key recovery works
- Increases verbosity on the key recovery functionality
- Fix use-after-free for k_sector
- Add help info on `e` option to `hf mf sim`
iceman1001 [Wed, 19 Oct 2016 22:39:15 +0000 (00:39 +0200)]
FIX: lf sim, seems like "lf sim" call SimulateTagLowFrequency direct from appmain.c and I removed the LF bitstream call thinking SimulateTagLowFrequency was only called from the sub FSK;ASK;PSK commands.
iceman1001 [Wed, 19 Oct 2016 17:59:58 +0000 (19:59 +0200)]
FIX: "lf sim" after changes to ticks timers on device side, there was a "starticks" call missing, which lead to not having any timers which is a problem for the WaitUS call.
iceman1001 [Mon, 17 Oct 2016 15:20:33 +0000 (17:20 +0200)]
FIX: Since some changes in "hf mf chk" usbcommand package, this script has not been working. It now calls and gets the results back from the device.
CHG: changed the output listing to look like the other key-tables.
iceman1001 [Mon, 10 Oct 2016 19:52:58 +0000 (21:52 +0200)]
CHG: "hf legic sim" old imp, uses two timers, we have one. I'm seriously starting on thinking about a UART instead, to read the dmabuffer. If only I knew howto.
iceman1001 [Mon, 10 Oct 2016 08:59:16 +0000 (10:59 +0200)]
CHG: "script run emlu2dump" now can read old legic hex-ascii dumps. (with spaces) and convert to a binary file
CHG: "script run emlu2html" now can read old legic hex-ascii dumps. (with spaces) and convert to a generic html file
These changes makes it easier to for old legic dumps to be used with the new "legic dump/restore/eload/esave" commands
iceman1001 [Sun, 9 Oct 2016 13:41:31 +0000 (15:41 +0200)]
CHG: "hf legic write" - now writes on the limits better.
CHG: "hf legic restore" - now restors :)
CHG: "hf legic rdmem" - now has a nice offset row above the read data. try: 'hf legic rdmem 0 100'
iceman1001 [Sat, 8 Oct 2016 17:12:51 +0000 (19:12 +0200)]
CHG: the call to TurnReadLFOn has a delay / number as parameter. Seems to be gone.
FIX: fixes to EM4050 code since when I changed the timer. It should work nice now.