ADD: using @holiman's "ubs_poll_validate_length() function in some device-side functions.
-hitag2, -legicrf, HIDdemodFSK, CmDAWIDdemodFSK, CmdEM410xdemod, CmdIOdemodFSK
It should enable them to be aborted with a call to "hw ping / hw status" instead of only button-press. Which is good when you are scripting stuff.
ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32. It is also inside the "hf 14a sim" with the "x" parameter.
FIX: "hf list 7816", the s-blocks is now also printed.
FIX: iso14443b.c got some minor adjustments in the demod and codeas14443btag. Seems it works better for me.
I still have the problem with powerup of a 14b tag. I need to run the "14b raw -c -p 05 00 08" a couple of times before I get an answer.
iceman1001 [Thu, 25 Jun 2015 10:25:44 +0000 (12:25 +0200)]
ADD: @marshmellow42 's 14b fixes.
FIX: 14b sim changes in iso14443b.c , *experimental* I took some timing loops from "14a sim" armsrc/iso14443a.c and merged it into the "14b sim". Now using two pm3's I can have one simulating and the other reading and it works. Ask @pwpiwi if you want to know more of what those timing loops does. Something about waiting for the fpga delay queue...
marshmellow42 [Tue, 23 Jun 2015 16:16:23 +0000 (12:16 -0400)]
fix bug in pskdemod return value if no samples...
... caused crash in data psknexwatchdemod if no samples were in the
graphbuffer.
also fixed hf mfu wrbl and rdbl to allow printing of help without a tag
being present.
Frederik Möllers [Mon, 22 Jun 2015 12:20:13 +0000 (14:20 +0200)]
Add PACE replay functionality
This function allows the user to specify APDUs which are sent to a card
supporting the PACE protocol. The response times are measured and
printed.
The code was pulled from the old Google Code repository (branch "epa")
and modified to fit into the new code base.
iceman1001 [Mon, 22 Jun 2015 07:49:12 +0000 (09:49 +0200)]
FIX: fastread dont do multiplication by zero, thanks @marshmellow42
ADD: "hf 14a sim t 7" now implements a simple incr_counter command. it sends ACK to all requests.
ADD: "hf 14a sim t 7" now prints the password when a "0x1B" (Authenticate) command is received.
iceman1001 [Sun, 21 Jun 2015 19:57:52 +0000 (21:57 +0200)]
CHG: "hf 14 sim t 7" ie NTAG simulation, now reads the emulator memory for read commands. this means you need to load the emulatormemory before... if you want it answer more correct..
iceman1001 [Sun, 21 Jun 2015 09:09:54 +0000 (11:09 +0200)]
FIX: "hf 14a sim" fixes to CRC calc.
ADD: added CHECK_TEARING command support in "hf 14a sim" (EV1/NTAG216 command)
BUGS: the read range probably will could currupt memory..ref:: http://www.proxmark.org/forum/viewtopic.php?pid=16611#p16611
pwpiwi [Fri, 12 Jun 2015 05:43:00 +0000 (07:43 +0200)]
fixing iso14443b (issue #103):
- fix: IQ demodulator (FPGA)
- fix: approximately align reader signal delay to tag response delay (FPGA)
- fix: remove deprecated RSSI calculation to improve decoder speed (iso14443b.c)
- fix: better approximation of signal amplitude to avoid false carrier detection (iso14443b.c)
- fix: remove initial power off in iso14443b raw command (iso14443b.c)
- add: enable tracing for iso14443b raw command (iso14443b.c)
- fix: client crashed when checking CRC for incomplete responses (iso14433b.c)
- speeding up snoop to avoid circular buffer overflow
- added some comments for better documentation
- rename functions (iso14443 -> iso14443b)
- remove unused code in hi_read_rx_xcorr.v
iceman1001 [Mon, 15 Jun 2015 12:01:34 +0000 (14:01 +0200)]
ADD: added support for commands. READ_SIGNATURE 0x3C, READ_COUNTER 0x39 for NTAGs in "hf 14a sim"
the ECC signature is taken from a NTAG 215 tag. Might work.
Counters always returns 0, :)
iceman1001 [Sun, 14 Jun 2015 21:02:52 +0000 (23:02 +0200)]
FIX: minor variable fixes when compiling on linux.
cmddata.c: In function ‘Cmdmandecoderaw’:
cmddata.c:420:2: warning: format ‘%i’ expects argument of type ‘int *’, but argument 4 has type ‘size_t *’ [-Wformat=]
sscanf(Cmd, "%i %i", &invert, &maxErr);
^
cmdlfem4x.c: In function ‘CmdEM410xRead’:
cmdlfem4x.c:58:2: warning: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat=]
sprintf(id, "%010llx",lo);
^
iceman1001 [Sun, 14 Jun 2015 15:19:41 +0000 (17:19 +0200)]
chg: added some more outputs to the reveng-crc script e.lua ... now shows -b -B -l -L also in columns. You'll need to read the reveng -h helptext to understand.
iceman1001 [Sun, 14 Jun 2015 12:39:50 +0000 (14:39 +0200)]
ADD: @marshmellow42 's 14b reader changes.
FIX: @marshmellow42 's ASKbiphaseDemod fixes.
CHG: added a check in ASKbiphaseDemod to make a compiler warning message go away.
iceman1001 [Tue, 9 Jun 2015 11:31:53 +0000 (13:31 +0200)]
CHG: all @marshmellow42 's changes to make the reveng work.
ADD: lua script test for using the reveng inside lua. *prove of concept*
it implements -h help
-d data in a hexstring
-w width of the crc family. (ie 16 gives all CRC-16 calculations.
it iterates thru all found crc presets in a crc family based on the width of crc. It calcs crc and the reverse crc.
pwpiwi [Tue, 2 Jun 2015 20:27:14 +0000 (22:27 +0200)]
fixing iso14443b (issue #103):
- most significant bit of tag data (which happens to be the sign bit)
had been dropped when snooping (FPGA change)
- avoid trying to decode both tag and reader data when snooping (we don't
have the time to do so).