marshmellow42 [Wed, 21 Jun 2017 20:51:22 +0000 (16:51 -0400)]
iclass - updates
clean up output
allow readblock without authenticating (can read blocks 0, 1, 2, 5
without authenticating.)
add Application Issuer Area to reader output and use it to attempt to
identify legacy vs NOT legacy.
marshmellow42 [Tue, 20 Jun 2017 22:25:08 +0000 (18:25 -0400)]
some coverity fixes plus fix fdx help (#328)
* coverity fixes
cmdhflegic- indications are the i in calls to data_buf[i] could = 1052
and overflow the array.
cmdhfmfhard - +1 to add space for string null terminator - should we add
the 0 terminator value too?
reveng.c - memory leak
util.c - fix potential overflow of array buf[]
util_posix.c - possible integer overflow
* fix help errors
* fix sprint_hex_ascii
again
and this function is not even used anywhere... yet...
marshmellow42 [Thu, 8 Jun 2017 21:07:14 +0000 (17:07 -0400)]
fix compile issues on OS X 10.11
OSX 10.11 does not have clock_gettime()
clang <= 8.0.0 has a bug in __builtin_cpu_supports() and it doesn't
function.
see https://llvm.org/bugs/show_bug.cgi?id=25510
pwpiwi [Tue, 6 Jun 2017 16:38:07 +0000 (18:38 +0200)]
fix compile errors on non-Intel CPUs:
- client/Makefile: don't compile for different SIMD instruction sets if non-Intel
- hardnested cores: provide non-SIMD versions of core functions
pwpiwi [Mon, 29 May 2017 08:56:37 +0000 (10:56 +0200)]
New: implementing hf mf hardnested
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
fix USB descriptors
- indicate compliance with USB release 2.0
- set correct vendor and product IDs
- indicate power consumption (500mA)
- add String Descriptor 0 indicating supported languages
- add String Descriptors for Manufacturer and Product
to ui_overlays.h
add ui_overlays.h to .gitignore
should now compile to whatever qt version you have. (as long as it is
compatible with the overlays.ui file...)
Submitting a well documented Lua script whose purpose is to do
bulk, repeated, sequential programming of RFID tags. Could be useful
for users of the ACCX Open Access 4.0 or other simple RFID systems.
Tags programmed with this would potentially be vulnerabile to bisection
attacks, etc... But honestly, they likely would have been anyway.
To use run from within the proxmark3 client:
```
proxmark3> script run lf_bulk_program.lua -b 1000 -c 5 -f 23
--- Executing: lf_bulk_program.lua, args '-b 1000 -c 5 -f 23'
Press enter to program card 1000:23 (hex: 0020042e07d1)
also fixed a save_restore issue with grid alignments
now save_restoreGB() saves/restores offset values
added macro enumeration of SAVE vs RESTORE for save_restore commands.
add demod data to graph.
some bugs are known:
if you close the graph window data plot will not bring it back.
exiting the application without closing the widget form results in
error.
autocorrect graph y labels are ugly
form has old askdemod tab.
sticky button purpose not defined/labeled well.
doesn't clear s_Buff when new graph loaded or sampled.
probably more...
* Compatibility fixes for Qt5
- make Qt detection in client/Makefile independent of OS
- added -std=c++11 and -fPIC as compiler options (required by some Qt versions, breaks compiling with old ProxSpace environment)
fix missing terminating 0 in my_executable_directory (thanks @iceman1001).
fix warning about const used twice in get_my_executable_path() and get_my_executable_directory().
add parameter for # bits to read
auto get samples after lf read/snoop (don't need to do a `data samples`
anymore)
add safe function to get DemodBuffer
add some lf demod comments and apply new lf_read function instead of
read then get samples.
fixed output bug in lf t55xx config print
fixed small bug in lf t55xx detect during ST check