ADD: added @azcid 's bitsliced BF solver for @piwi 's hardnested command. Awsume work! The original patch demanded some tweaking to work in mingw.
This is not tested for other systems so far.
CHG: "hf 14a sim" command , correct use of FLAGS
CHG: "hf 14a sim" command, changed the data collection for the attackmode in SimulateIso14443aTag. It now uses @holiman 's original implementation. But we can't change "NR", so we do next.
CHG: "hf 14a sim" command, nonce is increase with every new auth. This is for the "mfkey32_moebius" attack to work.
CHG: "hf mf sim" command (function void Mifare1ksim ) now handles UID' with length 10.
CHG: "hf mf sim" command nonce is increase with every new auth. This is for the "mfkey32_moebius" attack to work.
FIX: this fixes the "hf mf sniff l d f" command, which has been broken for a while. The cuid is correct used for decrypting.
FIX: The flushing of logentries.
ADD: "hf mf sniff" - added the sniffing of UID's with a uidlen of 10.
Whats left? The key is not always found even if we use the "mfkey64" approach.
ADD: added the parity_zero attack in "hf mf mifare". Still not working since piwi's changes to the iso14443a.c, maybe needs a param to tell it to collect nonces for this special attack.
CHG: extracted some help-texts into usage_* methods. Changed some text as well
FIX: "hf mf sim" command now uses both mfkey32 and mfkey32_moebius version to find the key in attack mode.
CHG: "hf mf sim" also now defaults to emul_memory to read a 4 byte UID.
FIX: this fixes the mftry32, mftry32moebius and trymf64 implementations. Which is used in the "hf mf sim x" and "hf 14a sim x" built in attacks.
ADD: added the nonce2key version which should be able to find the key when the collected PARITIES is ZERO.
Syntaxt suger,
and some clean up in the "hf mf mifare" code. I removed the three strategies Pivi added to make the code easier and added a lot of comments to understand.
the WDT bug is still there in this code. Needs further testing yet, before I commit the fix.
So far the fix is quite stable on ubuntu, but on mingw/win is breaking still. Which at this point doesnt make any sense.
ADD: added @pivi 's faster authentication method from 'hardnested' into "hf mf chk" (check keys) and removed the "halt" command.
the speedup is great. Together with the previous speedups from making changes how the client sends the keys to the device, make it lightning fast. It would be fun to see how much fast it is now.
removed some old code,
rename a function, that tries to add IIRfilter Butterworth on a signal. Lets see if I can get it to work on Graphbuffer data one of these days.
CHG: Updated RevEng1.31 to 1.40
--snipped changelog
1.4.0 24 February 2016
* Added 11 new algorithms, CRC-4/INTERLAKEN, CRC-7/UMTS,
CRC-8/LTE, CRC-8/SAE-J1850, CRC-11/UMTS, CRC-16/LJ1200,
CRC-24/BLE, CRC-24/INTERLAKEN, CRC-24/LTE-A, CRC-24/LTE-B,
CRC-30/CDMA, and 4 new aliases, CRC-12/UMTS, CRC-16/LTE,
CRC-16/UMTS, CRC-32/INTERLAKEN, from the CRC Catalogue.
* Eliminated string comparison when testing if a model name is
an alias.
* Split off presets into preset.c.
* Eliminated bogus calls to bsearch() in preset.c.
iceman1001 [Mon, 21 Mar 2016 21:05:59 +0000 (22:05 +0100)]
CHG: testing for windows clients to get a higher baudrate. Was 9600, testing 115200 as for non_win.
CHG: testing to set USB 2.0 standard, instead of USB1.1 ...
iceman1001 [Sun, 20 Mar 2016 18:33:07 +0000 (19:33 +0100)]
ADD: well, starting with a luascript for reading calypso tags, made me remake the 14b raw command on client and device side. Sorry @marshmellow42 , but this one broke your "hf 14b info" implementation. I fixed the "hf 14b read" and the hf search. So not to bad, but still a bit broken. The 14b raw device side is now very similar to 14a raw. Which is good. There is a Standard 14b 0x050008 detection and STmicroelectronic 0x0600 detection on deviceside. This removes a lot of code client side.
I also made the SRi read functions better by combining them. The demodulation / uart code should be the same as last summers changes. The device side code can now be even smaller.
iceman1001 [Sun, 13 Mar 2016 06:20:21 +0000 (07:20 +0100)]
CHG: Added the BigBuf_Clear_ext calls, returned to Marshmellow42 's / pwpiwi 's sampledemod. The 14B commands works again...
CHG: re-arranged the Uart, Demod structes init, reset, in a first attempt to prepair to move them to a seperate file.
iceman1001 [Sun, 13 Mar 2016 06:16:42 +0000 (07:16 +0100)]
CHG: moved some #define into include\common.h (which is call by apps.h), so we have one place for them. Also changed them to CAPITAL.
ABS(), MIN(), MAX()
iceman1001 [Sun, 6 Mar 2016 11:40:04 +0000 (12:40 +0100)]
ADD: Added the autodetection of Topaz to "HF SEARCH"
FIX: Fixed a minor bug in "HF SEARCH" where it always found a "14b" tag, making the command never test for other formats afterward the 14b test.
The 14b detection is not good still, conflicting return values is main reason for this bug
iceman1001 [Sun, 6 Mar 2016 09:35:25 +0000 (10:35 +0100)]
CHG; a fix for "HF TUNE", I always were annoyed with the hf tune where it printed one value per row endlessly. So this fixes that, it uses "\r" to print on the same row. Works on MINGW/WINDOWS. Havn'nt tested it on Linux yet. But it looks good now.
iceman1001 [Sat, 27 Feb 2016 18:47:10 +0000 (19:47 +0100)]
ADD: Started to add a "LF GUARD CLONE/SIM" functionality. *not working* all thats needed now is fixing the transformation from FacilityCode/CardNumber -> raw data for t55x7.
iceman1001 [Sat, 27 Feb 2016 08:21:19 +0000 (09:21 +0100)]
FIX: spelling misstakes.
FIX: output of block number should be two digits for nicer layout
FIX: strange branching in the pyramid demod in cmddata.c, it will now always print the unknown length message
FIX: another go at the coverity scan bug in proxmark3.c. (resource leak for cmd)
iceman1001 [Fri, 26 Feb 2016 20:11:56 +0000 (21:11 +0100)]
FIX: calcs wiegand correct, adds wiegand parity correct, adds checksum correct, add even parity to blocks correct.
- when ran it clones nice, the "lf search" finds a pyramid och checksom is ok. However, the wiegand decode is wrong.
Something about where in bitarray to put the startformat bit and wiegand bits...