iceman1001 [Wed, 2 Dec 2015 21:46:11 +0000 (22:46 +0100)]
CHG: updated helptext for lf t55xx bruteforce
ADD: a ROL function in util.c
ADD: two pwdgen functions in cmdhfmfu.c, call them with a 7byte UID and get a 4byte number back. Will see if it can be connected with the "hf mfu info" command, make data extraction easier later on.
ADD: added some more easy pwd in the dictionary file default_pwd.dic
iceman1001 [Tue, 1 Dec 2015 21:47:03 +0000 (22:47 +0100)]
ADD: Added the possibility to exit the bruteforce mode (either rangesearch or file) with the keyboard.
FIX: if not found, the range search printed wrong number.
iceman1001 [Tue, 1 Dec 2015 21:38:37 +0000 (22:38 +0100)]
FIX: the lfsampling.c for t55xx had a tendecy to enter a neverending loop. Moved exit branch into the while statement, which seems to solve it.
FIX: Strange int -> uint8_t casting behavior (0x05 gets the 25bit set and becomes 0x10005 instead) in fskdemod, removed int and sscanf.
iceman1001 [Tue, 1 Dec 2015 12:07:01 +0000 (13:07 +0100)]
ADD: added the possibility to load a default pwd file to be used with the "lf t55xx bruteforce" command.
new option:
lf t55xx brutefore i default_pwd.dic - will load default pwds from file and test against tag.
iceman1001 [Sun, 22 Nov 2015 17:13:26 +0000 (18:13 +0100)]
ADD: 'hf mfu info' now prints following settings:
NFC_COUNTER_EN - If set, every read,fast_read increases a counter.
NFC_COUNTER_PROT_PWD - If set, reading nfc_counter needs a successfull pwd authentication before
These new settings is only valid for NTAG213/215/216,
iceman1001 [Sun, 22 Nov 2015 16:33:41 +0000 (17:33 +0100)]
ADD: @marshmellow's fixes to awid, viking and T55x7
ADD: 'lf t55xx detect' now can be called with a password.
ADD: trying to add the read counter and increase counter commands for ntag sim.
iceman1001 [Sat, 21 Nov 2015 17:48:58 +0000 (18:48 +0100)]
ADD: lf indalademod output, The binary string is now printed with linebreaks every 16bits
ADD: lf awid code is modified, some minor changes in outputs
ADD: lf t55xx write now prints the password on the same row, looks better when using the new "lf t55xx wipe" command.
ADD: the ioprox T55X7_IOPROX_CONFIG_BLOCK block.
iceman1001 [Tue, 10 Nov 2015 10:45:45 +0000 (11:45 +0100)]
FIX: an error that I introduced to the csetblock command with wrong length of crc calcs.
CHG: variable name in csetblock change. just trying to be consistant.
ADD: code clean up in hf 14a, added some help text methods.
iceman1001 [Mon, 9 Nov 2015 20:46:15 +0000 (21:46 +0100)]
CHG: a major remake of the "hf mf c*" commands. Ie chinese magic tags. Tried to make them consistent in parameter calls and simplified. And fixed the annoying gen1 tags that answers with a ACK/NACK on HALT commands..
iceman1001 [Sun, 1 Nov 2015 21:16:16 +0000 (22:16 +0100)]
CHG: some magic generation1 tags is not following protocol and answers to the "halt" command. This gives an error and makes the users think something went wrong. This also affected the magic identification in "Hf 14a reader" command, where it in those moments stated "NO" even if the tag is indeed a generation1.
iceman1001 [Sun, 1 Nov 2015 18:49:08 +0000 (19:49 +0100)]
ADD: help text for 'hf snoop' / 'hf search' / 'hf list'
CHG: minor code changes.
CHG: makefile , moved hi_sniffer.v from LF into HF row. @piwi suggestion for PR https://github.com/Proxmark/proxmark3/pull/141
iceman1001 [Wed, 21 Oct 2015 07:12:33 +0000 (09:12 +0200)]
ADD: 'LF T55X7 WAKEUP' command. For tags with AOR bit set, send this command with password to wake tag up and be able to do a "LF SEARCH" etc on it.
CHG: Minor code changes on T55X7 code. Default password is back to 'FF FF FF FF',
REM: removed @marshmellow42 's wakeup option in "lf t55x7 read",
--- BASICALLY:
if a T55X7 tag has following bits set:
AOR - send wakeup command with pwd, to enable LF interacting with it.
PWD - send read/write/trace/info command with pwd. No need to send wakeup.
iceman1001 [Sat, 17 Oct 2015 12:35:04 +0000 (14:35 +0200)]
FIX: "abort trap 6" error when runing the tnp3sim.lua script was because the CMD_MIFARE_EML_MEMSET needs to sent the bytewitdh now with recent changes in code to deal with different sizes in emulatormemory. the third argument should be 16 instead of 0.
iceman1001 [Thu, 15 Oct 2015 17:17:20 +0000 (19:17 +0200)]
FIX: a suggested fix for #136 where the "lf t55x7 read" command when called with a password. The call will now try loading the config block, decode it and see if PWD is set.
If PWD Bit is set, the call will be allowed to execute.
If PWD Bit is NOT set, the call will print a message and excute the call but without sending the password.
If config block is not being able to read or decode, the call with print a warning message and exit the call.
iceman1001 [Thu, 15 Oct 2015 09:00:07 +0000 (11:00 +0200)]
CHG: minor updates in the T55x7 methods. added the LED_A_ON / LED_A_OFF to indicate when a T55x7 command is running.
CHG: added some more comments to T55x7, next person who looks at this will have it easier.
iceman1001 [Thu, 15 Oct 2015 08:23:15 +0000 (10:23 +0200)]
ADD: @marshmellows fixes for t55x7 reading signal.
ADD: @marshmellows "diphase" definition for T55x7.
MOV: extracted the aquisition from the t55x7 methods and put them inside lfsampling.c
FIX: pcf7931 write, there is 16bytes in a block.. not 4 as I thought before.
FIX: t55x7 lowered the WRITE_0 to 16. Even bigger gap.
iceman1001 [Sun, 11 Oct 2015 17:14:17 +0000 (19:14 +0200)]
ADD: There were lot of calls to enable tracing, but very few to turn it of afterwards in the methods.
Don't know if it has some influence but can't hurt calling "set_tracing(FALSE);" when method returns.
iceman1001 [Wed, 7 Oct 2015 21:00:46 +0000 (23:00 +0200)]
I just merged @marshmellow's branch "iclass" and that was a lot of new functionality. *great work*
Things like the ICLASS, tryDecryptWord,
--
My other stuff like default keys, some new Mifare EV1 commands 0x40, 0x43 for the logging annotation, start of the T55x7 configblock helper functionality (ripped from Adam Lauries RFIdler code)
Changes to the PCF7931 functions written, which has a lousy input check..
iceman1001 [Sun, 4 Oct 2015 16:01:33 +0000 (18:01 +0200)]
A lot of changes...
.. ntag simulation stuff from @marshmellows branch "ntag/sim"
.. hf mf mifare fixes from @pwpivi.
.. hw status command
.. speedtest function from @pwpivi
.. Viking Functionalities, (not a proper DEMOD, but a start)
.. GetCountUS better precision from @pwpivi
.. bin2hex, hex2bin from @holiman
...
starting with getting the T55x7 CONFIGURATION_BLOCK for different clone situations. Ripped from Adam Lauries RFidler, nothing working or finished..
...
Started working with the T55x7 read command with password actually performs a write block... See Issue #136 https://github.com/Proxmark/proxmark3/issues/136 Not solved yet.
FIX: A old bug regarding: CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K command, where it causes the USB_COMMAND_BUFFER to overfill is corrected. The message: "WARNING: Command buffer about to overwrite command! This needs to be fixed!" was showing when it happens.
The solution is not to add the CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K to the storeCommand function.
MOD:: reverse back changes to 14443b.c
ADD: the hid-flasher/usb_cmd.h wasn't up to date with how it's other file /common/usb_cmd.h looks like.
ADD: utils.lua 14443v crc inside LUA.
ADD: utils.lua ConvertAsciiToHex method and minor adjustments checks.
ADD: using @holiman's "ubs_poll_validate_length() function in some device-side functions.
-hitag2, -legicrf, HIDdemodFSK, CmDAWIDdemodFSK, CmdEM410xdemod, CmdIOdemodFSK
It should enable them to be aborted with a call to "hw ping / hw status" instead of only button-press. Which is good when you are scripting stuff.
ADD: changed some commands inside the "Hf 14a sim" on deviceside.
ADD: @mobeius "two nonce" version for mfkey32. It is also inside the "hf 14a sim" with the "x" parameter.
FIX: "hf list 7816", the s-blocks is now also printed.
FIX: iso14443b.c got some minor adjustments in the demod and codeas14443btag. Seems it works better for me.
I still have the problem with powerup of a 14b tag. I need to run the "14b raw -c -p 05 00 08" a couple of times before I get an answer.
iceman1001 [Thu, 25 Jun 2015 10:25:44 +0000 (12:25 +0200)]
ADD: @marshmellow42 's 14b fixes.
FIX: 14b sim changes in iso14443b.c , *experimental* I took some timing loops from "14a sim" armsrc/iso14443a.c and merged it into the "14b sim". Now using two pm3's I can have one simulating and the other reading and it works. Ask @pwpiwi if you want to know more of what those timing loops does. Something about waiting for the fpga delay queue...