iceman1001 [Mon, 15 Jun 2015 12:01:34 +0000 (14:01 +0200)]
ADD: added support for commands. READ_SIGNATURE 0x3C, READ_COUNTER 0x39 for NTAGs in "hf 14a sim"
the ECC signature is taken from a NTAG 215 tag. Might work.
Counters always returns 0, :)
iceman1001 [Sun, 14 Jun 2015 21:02:52 +0000 (23:02 +0200)]
FIX: minor variable fixes when compiling on linux.
cmddata.c: In function ‘Cmdmandecoderaw’:
cmddata.c:420:2: warning: format ‘%i’ expects argument of type ‘int *’, but argument 4 has type ‘size_t *’ [-Wformat=]
sscanf(Cmd, "%i %i", &invert, &maxErr);
^
cmdlfem4x.c: In function ‘CmdEM410xRead’:
cmdlfem4x.c:58:2: warning: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat=]
sprintf(id, "%010llx",lo);
^
iceman1001 [Sun, 14 Jun 2015 15:19:41 +0000 (17:19 +0200)]
chg: added some more outputs to the reveng-crc script e.lua ... now shows -b -B -l -L also in columns. You'll need to read the reveng -h helptext to understand.
iceman1001 [Sun, 14 Jun 2015 12:39:50 +0000 (14:39 +0200)]
ADD: @marshmellow42 's 14b reader changes.
FIX: @marshmellow42 's ASKbiphaseDemod fixes.
CHG: added a check in ASKbiphaseDemod to make a compiler warning message go away.
iceman1001 [Tue, 9 Jun 2015 11:31:53 +0000 (13:31 +0200)]
CHG: all @marshmellow42 's changes to make the reveng work.
ADD: lua script test for using the reveng inside lua. *prove of concept*
it implements -h help
-d data in a hexstring
-w width of the crc family. (ie 16 gives all CRC-16 calculations.
it iterates thru all found crc presets in a crc family based on the width of crc. It calcs crc and the reverse crc.
iceman1001 [Sun, 31 May 2015 19:49:00 +0000 (21:49 +0200)]
FIX: minor fix to the magictest function. It always makes a select tag first, but never took in consideration that the tag already could have been selected.
iceman1001 [Tue, 26 May 2015 09:04:57 +0000 (11:04 +0200)]
CHG: moved a xor function into util.c
CHG: added some calls to clearCommandBuffer() in /hf mfu/hf 14a sim/hf mf sim/ commands.
CHG: minor adjustments to relative pathing.
iceman1001 [Mon, 25 May 2015 11:10:55 +0000 (13:10 +0200)]
FIX: dumptoemul.lua removed the extra linebreak in the end, making some load commands complain.
MOV: moved the try32/try64 attacks (mfkey32/mfkey64) into the nonce2key.c file
CHG: added @marshmellow42 changes to hf mfu dump layout.
ADD: an extra call to BigBuf_free in readcard.. just to make sure that it doesn't leak memory.
ADD: expermimental call to "try32" for "hf mf sim x".
iceman1001 [Sun, 24 May 2015 19:50:15 +0000 (21:50 +0200)]
FIX: ELOAD/ESAVE/CLOAD/CSAVE filename bufferoverflow, and filename generation if UID not readable.
Thanks @p-l-
ref: https://github.com/Proxmark/proxmark3/commit/0b14440dce5d879fed70afb455b1f7c56ee85b1e
marshmellow42 [Fri, 22 May 2015 17:17:51 +0000 (13:17 -0400)]
hf mfu minor output adjustments
dump key placed properly for EV1 and NTAGs
config pages for ntags corrected in printout
note on config that PWD and PACK cannot
actually be read from memory (probably could just delete them (other
than it shows what memory block they are stored in for changing...)
iceman1001 [Thu, 21 May 2015 21:17:01 +0000 (23:17 +0200)]
FIX; the "L" optional parameter for swapping endianess on used authentication key. It is now implemented for following commands.
"HF MFU INFO"
"HF MFU DUMP"
"HF MFU RDBL"
"HF MFU WRBL"
CHG; I commented away the option to add the key to the dump, since it is not written in big-endian, like the data is on ULC. This needs to be addressed before it comes back. I like the idea of having keys inside the dumps on the correct places.
iceman1001 [Wed, 20 May 2015 21:44:11 +0000 (23:44 +0200)]
CHG: Merged the "hf mfu rdbl" and "hf mfu crdbl" commands into "hf mfu rdbl". One read command.
CHG: Merged the "hf mfu wrbl" and "hf mfu cwrbl" commands into "hf mfu wrbl". One write command.
Both new commands implement a help, authentication (0x1A/0x1B) for ULC and the rest,
iceman1001 [Tue, 19 May 2015 19:45:06 +0000 (21:45 +0200)]
FIX: comment out a #include to reveng (my experiment)
ADD: Started to add a NTAG203 identification. Its a hard tag to pinpoint. Doesn't have GET_VERSION,
iceman1001 [Sat, 16 May 2015 13:30:17 +0000 (15:30 +0200)]
chg: @marshmellows changes to "hf 14a reader"
add: the experimental "hf 14a sim x" attack impl.
chg: sorry, but I never liked that sniffing was called snooping in this command. So I changed it to "sniff".