github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-07-16 10:03:04 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

make style

Browse source
This commit is contained in:
iceman1001 2021-12-27 19:36:42 +01:00
parent e37a1a81ec
commit 0d38da5de2
14 changed files with 205 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

38
armsrc/Standalone/hf_craftbyte.c
View file

@ -86,25 +86,25 @@ void RunMod(void) {
} }
Dbprintf("Starting simulation, press pm3-button to stop and go back to search state."); Dbprintf("Starting simulation, press pm3-button to stop and go back to search state.");
if (card.sak == 0x08 && card.atqa[0] == 0x04 && card.atqa[1] == 0) { if (card.sak == 0x08 && card.atqa[0] == 0x04 && card.atqa[1] == 0) {
DbpString("Mifare Classic 1k"); DbpString("Mifare Classic 1k");
SimulateIso14443aTag(1, flags, card.uid, 0); SimulateIso14443aTag(1, flags, card.uid, 0);
} else if (card.sak == 0x08 && card.atqa[0] == 0x44 && card.atqa[1] == 0) { } else if (card.sak == 0x08 && card.atqa[0] == 0x44 && card.atqa[1] == 0) {
DbpString("Mifare Classic 4k "); DbpString("Mifare Classic 4k ");
SimulateIso14443aTag(8, flags, card.uid, 0); SimulateIso14443aTag(8, flags, card.uid, 0);
} else if (card.sak == 0x00 && card.atqa[0] == 0x44 && card.atqa[1] == 0) { } else if (card.sak == 0x00 && card.atqa[0] == 0x44 && card.atqa[1] == 0) {
DbpString("Mifare Ultralight"); DbpString("Mifare Ultralight");
SimulateIso14443aTag(2, flags, card.uid, 0); SimulateIso14443aTag(2, flags, card.uid, 0);
} else if (card.sak == 0x20 && card.atqa[0] == 0x04 && card.atqa[1] == 0x03) { } else if (card.sak == 0x20 && card.atqa[0] == 0x04 && card.atqa[1] == 0x03) {
DbpString("Mifare DESFire"); DbpString("Mifare DESFire");
SimulateIso14443aTag(3, flags, card.uid, 0); SimulateIso14443aTag(3, flags, card.uid, 0);
} else if (card.sak == 0x20 && card.atqa[0] == 0x44 && card.atqa[1] == 0x03) { } else if (card.sak == 0x20 && card.atqa[0] == 0x44 && card.atqa[1] == 0x03) {
DbpString("Mifare DESFire Ev1/Plus/JCOP"); DbpString("Mifare DESFire Ev1/Plus/JCOP");
SimulateIso14443aTag(3, flags, card.uid, 0); SimulateIso14443aTag(3, flags, card.uid, 0);
} else { } else {
Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation"); Dbprintf("Unrecognized tag type -- defaulting to Mifare Classic emulation");
SimulateIso14443aTag(1, flags, card.uid, 0); SimulateIso14443aTag(1, flags, card.uid, 0);
} }
// Go back to search state if user presses pm3-button // Go back to search state if user presses pm3-button
state = STATE_READ; state = STATE_READ;

4
armsrc/lfops.c
View file

@ -394,7 +394,7 @@ static bool prev_keep = false;
*/ */
void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint16_t period_1, uint8_t *symbol_extra, uint16_t *period_extra, uint8_t *command, bool verbose, bool keep_field_on, uint32_t samples, bool ledcontrol) { void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint16_t period_1, uint8_t *symbol_extra, uint16_t *period_extra, uint8_t *command, bool verbose, bool keep_field_on, uint32_t samples, bool ledcontrol) {
if (!prev_keep){ if (!prev_keep) {
FpgaDownloadAndGo(FPGA_BITSTREAM_LF); FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
} }
// use lf config settings // use lf config settings
@ -402,7 +402,7 @@ void ModThenAcquireRawAdcSamples125k(uint32_t delay_off, uint16_t period_0, uint
LFSetupFPGAForADC(sc->divisor, true); LFSetupFPGAForADC(sc->divisor, true);
// this causes the field to turn on for uncontrolled amount of time, so we'll turn it off // this causes the field to turn on for uncontrolled amount of time, so we'll turn it off
if (!prev_keep){ if (!prev_keep) {
// Make sure the tag is reset // Make sure the tag is reset
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);

2
armsrc/lfzx.c
View file

@ -55,7 +55,7 @@ Tx = 8us = 1fc
#define ZX_WAIT_GAP 90 #define ZX_WAIT_GAP 90
#define ZX_GAP 8 // 4 - 10 #define ZX_GAP 8 // 4 - 10
#define ZX_T0 18 #define ZX_T0 18
#define ZX_T0_MIN 14 #define ZX_T0_MIN 14
#define ZX_T0_MAX 22 #define ZX_T0_MAX 22
#define ZX_T1 28 #define ZX_T1 28
#define ZX_T1_MIN 26 #define ZX_T1_MIN 26

2
armsrc/lfzx.h
View file

@ -16,4 +16,4 @@
int zx8211_read(zx8211_data_t *zxd, bool ledcontrol); int zx8211_read(zx8211_data_t *zxd, bool ledcontrol);
int zx8211_write(zx8211_data_t *zxd, bool ledcontrol); int zx8211_write(zx8211_data_t *zxd, bool ledcontrol);
#endif #endif

76
client/luascripts/hf_ntag_bruteforce.lua
View file

@ -24,22 +24,22 @@ local DEBUG = true
-- SPEEDTEST -- SPEEDTEST
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------
-- BRUTEFORCE ALL HEX COMBINATIONS: -- BRUTEFORCE ALL HEX COMBINATIONS:
-- --
-- With the -t 10 ( lowest possible delay ) and FFFFFFFF attempts or in decimal 4.294.967.295 combinations -- With the -t 10 ( lowest possible delay ) and FFFFFFFF attempts or in decimal 4.294.967.295 combinations
-- --
-- My test showed that this script can do 255 password attempts in approxemately 170 seconds -- My test showed that this script can do 255 password attempts in approxemately 170 seconds
-- --
-- That is : 255 / 170 = 1,5 attempt/second -- That is : 255 / 170 = 1,5 attempt/second
-- --
-- So .. 4.294.967.295 combinations / 1,5 per second = 2.863.311.530 seconds and it is roughly 90 years -- So .. 4.294.967.295 combinations / 1,5 per second = 2.863.311.530 seconds and it is roughly 90 years
-- --
-------------------------------------------------------------------------------------------------------------
-- PASSWORD LISTS:
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------
-- Crunch can generate all (14.776.336) combinations of 4 chars with a-z + A-Z + 0-9 like this: -- PASSWORD LISTS:
-------------------------------------------------------------------------------------------------------------
-- Crunch can generate all (14.776.336) combinations of 4 chars with a-z + A-Z + 0-9 like this:
-- --
-- crunch 4 4 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" -o keys/4_chars_and_digits.list -- crunch 4 4 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" -o keys/4_chars_and_digits.list
-- --
-- for LINE in $(cat keys/4_chars_and_digits.list) ; do echo -n ${LINE} |xxd -p -u;done > keys/4_chars_and_digits_hex.list -- for LINE in $(cat keys/4_chars_and_digits.list) ; do echo -n ${LINE} |xxd -p -u;done > keys/4_chars_and_digits_hex.list
-- --
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------
@ -79,11 +79,11 @@ desc = [[Description : Bruteforces 7 byte UID NTAG protected with a 32 bit
example = [[ example = [[
Example of how to run the script with bruteforcing of continuously HEX numbers with 1 secound delay between tests: Example of how to run the script with bruteforcing of continuously HEX numbers with 1 secound delay between tests:
script run ntag_bruteforce -s 00000000 -e FFFFFFFF -t 1000 -o /var/log/ntag_bruteforce.log script run ntag_bruteforce -s 00000000 -e FFFFFFFF -t 1000 -o /var/log/ntag_bruteforce.log
Example of how to run the script and bruteforc the card using passwords from the input file with 1s delay between tests Example of how to run the script and bruteforc the card using passwords from the input file with 1s delay between tests
script run ntag_bruteforce -i /home/my_4_char_passwords_list.txt -o /var/log/ntag_bruteforce.log script run ntag_bruteforce -i /home/my_4_char_passwords_list.txt -o /var/log/ntag_bruteforce.log
]] ]]
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------
@ -91,7 +91,7 @@ usage = [[
script run ntag_bruteforce [-s <start_id>] [-e <end_id>] [-t <timeout>] [ -o <output_file> ] [ -p ] [ -h for help ] script run ntag_bruteforce [-s <start_id>] [-e <end_id>] [-t <timeout>] [ -o <output_file> ] [ -p ] [ -h for help ]
script run ntag_bruteforce [-i <input_file>] [-t <timeout>] [ -o <output_file> ] [ -n | -x ] [ -p ] [ -h for help ] script run ntag_bruteforce [-i <input_file>] [-t <timeout>] [ -o <output_file> ] [ -n | -x ] [ -p ] [ -h for help ]
DESCRIPTION DESCRIPTION
This script will test either an 8 digit hexadecimal code or 4 char stings (will be converted to an 8 digit hex string ) This script will test either an 8 digit hexadecimal code or 4 char stings (will be converted to an 8 digit hex string )
against NFC cards of the type NTAG21x protected by a 32 bit password. against NFC cards of the type NTAG21x protected by a 32 bit password.
Read more about NTAGs here: https://www.nxp.com/docs/en/data-sheet/NTAG213_215_216.pdf Read more about NTAGs here: https://www.nxp.com/docs/en/data-sheet/NTAG213_215_216.pdf
@ -109,9 +109,9 @@ arguments = [[
-s 0-0xFFFFFFFF Start HEX value -s 0-0xFFFFFFFF Start HEX value
-e 0-0xFFFFFFFF End HEX value -e 0-0xFFFFFFFF End HEX value
# Or use a list of passwords from a file: # Or use a list of passwords from a file:
-x Passwords in HEX Password file (-i) contains HEX values (4 x 2hex -> 32 bit/line like: 00112233) -x Passwords in HEX Password file (-i) contains HEX values (4 x 2hex -> 32 bit/line like: 00112233)
-n NTAG Tools format Bruteforce with first 8 hex values of a md5 hash of the password -n NTAG Tools format Bruteforce with first 8 hex values of a md5 hash of the password
The password will be prefixed with hex value 20 (space) if the string/password is < 4 chars The password will be prefixed with hex value 20 (space) if the string/password is < 4 chars
]] ]]
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------
@ -132,7 +132,7 @@ end
local function read_lines_from(file) local function read_lines_from(file)
print(ansicolors.yellow..'\nPlease wait while loading password file..'..ansicolors.reset) print(ansicolors.yellow..'\nPlease wait while loading password file..'..ansicolors.reset)
readlines = {} readlines = {}
for line in io.lines(file) do for line in io.lines(file) do
readlines[#readlines + 1] = line readlines[#readlines + 1] = line
end end
print(ansicolors.yellow..'\nLoading password file finished'..ansicolors.reset) print(ansicolors.yellow..'\nLoading password file finished'..ansicolors.reset)
@ -142,7 +142,7 @@ end
-- write to file -- write to file
local function writeOutputBytes(bytes, outfile) local function writeOutputBytes(bytes, outfile)
local fileout,err = io.open(outfile,"wb") local fileout,err = io.open(outfile,"wb")
if err then if err then
print("### ERROR - Faild to open output-file "..outfile) print("### ERROR - Faild to open output-file "..outfile)
return false return false
end end
@ -265,34 +265,34 @@ local function main(args)
return help() return help()
end end
-- start hex value -- start hex value
if option == 's' then if option == 's' then
start_id = argument start_id = argument
end end
-- end hex value -- end hex value
if option == 'e' then if option == 'e' then
end_id = argument end_id = argument
end end
-- timeout -- timeout
if option == 't' then if option == 't' then
timeout = argument timeout = argument
end end
-- input file -- input file
if option == 'i' then if option == 'i' then
infile = argument infile = argument
if (file_check(infile) == false) then if (file_check(infile) == false) then
return oops('Input file: '..infile..' not found') return oops('Input file: '..infile..' not found')
else else
input_file_valid = true input_file_valid = true
end end
bruteforce = false bruteforce = false
end end
-- skip ping -- skip ping
if option == 'p' then if option == 'p' then
use_ping = false use_ping = false
end end
-- passwordlist is hex values -- passwordlist is hex values
if option == 'x' then if option == 'x' then
password_is_ascii = false password_is_ascii = false
pass_text = "Passwords in file is treated as: HEX" pass_text = "Passwords in file is treated as: HEX"
bruteforce = false bruteforce = false
end end
@ -301,8 +301,8 @@ local function main(args)
outfile = argument outfile = argument
if (file_check(argument)) then if (file_check(argument)) then
local answer = utils.confirm('\nThe output-file '..argument..' already exists!\nthis will delete the previous content!\ncontinue?') local answer = utils.confirm('\nThe output-file '..argument..' already exists!\nthis will delete the previous content!\ncontinue?')
if (answer == false) then if (answer == false) then
return oops('Quiting') return oops('Quiting')
end end
end end
end end
@ -312,21 +312,21 @@ local function main(args)
bruteforce = false bruteforce = false
end end
-- help -- help
if option == 'h' then if option == 'h' then
return help() return help()
end end
end end
-- min timeout is set to 1 sec if it is empty -- min timeout is set to 1 sec if it is empty
timeout = tonumber(timeout) timeout = tonumber(timeout)
if timeout < 10 then if timeout < 10 then
timeout = 10 timeout = 10
end end
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------
-- BRUTEFORCE -- BRUTEFORCE
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------
-- select bruteforce method -- select bruteforce method
if bruteforce then if bruteforce then
if not check_if_number_is_hex(start_id) then if not check_if_number_is_hex(start_id) then
print(ansicolors.red..'\n### ERROR - start_id value '..start_id..' is out of the range of a 32-bit integer (0 to 0xFFFFFFFF) - Did you forget to add 0x ?'..ansicolors.reset) print(ansicolors.red..'\n### ERROR - start_id value '..start_id..' is out of the range of a 32-bit integer (0 to 0xFFFFFFFF) - Did you forget to add 0x ?'..ansicolors.reset)
return return
end end
@ -346,7 +346,7 @@ local function main(args)
end end
local cmd = string.format( command, hexvalue ) local cmd = string.format( command, hexvalue )
core.console(cmd) core.console(cmd)
print('[=] Tested password '..ansicolors.yellow..ansicolors.bright..string.format("%08X",hexvalue)..ansicolors.reset) print('[=] Tested password '..ansicolors.yellow..ansicolors.bright..string.format("%08X",hexvalue)..ansicolors.reset)
print('[=] Ran command: "'..cmd..'"') print('[=] Ran command: "'..cmd..'"')
--core.console('msleep -t'..timeout); --core.console('msleep -t'..timeout);
if use_ping then if use_ping then
@ -359,8 +359,8 @@ local function main(args)
-- END BRUTEFORCE WITH CONTINUOUSLY HEX NUMBERS -- -- END BRUTEFORCE WITH CONTINUOUSLY HEX NUMBERS --
----------------------------------------------------- -----------------------------------------------------
else else
if not input_file_valid then if not input_file_valid then
return oops('Can not bruteforce without a password list file ( -i password_list_file.txt ) ') return oops('Can not bruteforce without a password list file ( -i password_list_file.txt ) ')
end end
----------------------------------------------------- -----------------------------------------------------
-- START BRUTEFORCE WITH PASSWORDS FROM A FILE -- -- START BRUTEFORCE WITH PASSWORDS FROM A FILE --
@ -385,7 +385,7 @@ local function main(args)
else else
if password_is_ascii then if password_is_ascii then
------------ ------------
-- ASCII -- ASCII
------------ ------------
if string.len(password) > 4 then if string.len(password) > 4 then
print('[!] Skipping password to long: '..password) print('[!] Skipping password to long: '..password)

2
client/src/cmdhf15.c
View file

@ -1391,7 +1391,7 @@ static int CmdHF15Dump(const char *Cmd) {
retry = 0; retry = 0;
blocknum++; blocknum++;
PrintAndLogEx(INPLACE, "blk %3d", blocknum ); PrintAndLogEx(INPLACE, "blk %3d", blocknum);
} }
} }

4
client/src/cmdhfksx6924.c
View file

@ -72,7 +72,7 @@ static int CmdHFKSX6924Balance(const char *Cmd) {
CLIParserFree(ctx); CLIParserFree(ctx);
SetAPDULogging(APDULogging); SetAPDULogging(APDULogging);
if ( KSX6924TrySelect()) { if (KSX6924TrySelect()) {
get_and_print_balance(); get_and_print_balance();
} }
@ -272,7 +272,7 @@ static int CmdHFKSX6924Initialize(const char *Cmd) {
PrintAndLogEx(SUCCESS, "Initialize Card : Mpda -> %02X %02X %02X %02X", data[0], data[1], data[2], data[3]); PrintAndLogEx(SUCCESS, "Initialize Card : Mpda -> %02X %02X %02X %02X", data[0], data[1], data[2], data[3]);
uint8_t response[25] = {0}; uint8_t response[25] = {0};
if (KSX6924InitializeCard(data[0], data[1], data[2], data[3], response) ) { if (KSX6924InitializeCard(data[0], data[1], data[2], data[3], response)) {
PrintAndLogEx(SUCCESS, "Response : %s", sprint_hex(response, sizeof(response))); PrintAndLogEx(SUCCESS, "Response : %s", sprint_hex(response, sizeof(response)));
} else { } else {
PrintAndLogEx(FAILED, "Initialize Card Error"); PrintAndLogEx(FAILED, "Initialize Card Error");

6
client/src/cmdlf.c
View file

@ -288,14 +288,14 @@ int CmdLFCommandRead(const char *Cmd) {
uint8_t n = 0; uint8_t n = 0;
crc_init_ref(&crc, 8, 0x1d, 0xff, 0, false, false); crc_init_ref(&crc, 8, 0x1d, 0xff, 0, false, false);
uint8_t i; uint8_t i;
for (i=0;i<cmd_len;i++) { for (i = 0; i < cmd_len; i++) {
if ((cmd[i] != '0') && (cmd[i] != '1')) { if ((cmd[i] != '0') && (cmd[i] != '1')) {
continue; continue;
} }
data <<= 1; data <<= 1;
data += cmd[i] - '0'; data += cmd[i] - '0';
n += 1; n += 1;
if (n==8) { if (n == 8) {
crc_update2(&crc, data, n); crc_update2(&crc, data, n);
n = 0; n = 0;
data = 0; data = 0;
@ -305,7 +305,7 @@ int CmdLFCommandRead(const char *Cmd) {
crc_update2(&crc, data, n); crc_update2(&crc, data, n);
} }
uint8_t crc_final = crc_finish(&crc); uint8_t crc_final = crc_finish(&crc);
for (int j=7; j>=0; j--) { for (int j = 7; j >= 0; j--) {
cmd[cmd_len] = ((crc_final >> j) & 1) ? '1' : '0'; cmd[cmd_len] = ((crc_final >> j) & 1) ? '1' : '0';
cmd_len++; cmd_len++;
} }

9
client/src/rl_vocabulory.h
View file

@ -216,6 +216,12 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf fido auth" }, { 0, "hf fido auth" },
{ 0, "hf fido make" }, { 0, "hf fido make" },
{ 0, "hf fido assert" }, { 0, "hf fido assert" },
{ 1, "hf ksx6924 help" },
{ 0, "hf ksx6924 balance" },
{ 0, "hf ksx6924 info" },
{ 0, "hf ksx6924 initialize" },
{ 0, "hf ksx6924 prec" },
{ 0, "hf ksx6924 select" },
{ 1, "hf jooki help" }, { 1, "hf jooki help" },
{ 0, "hf jooki clone" }, { 0, "hf jooki clone" },
{ 1, "hf jooki decode" }, { 1, "hf jooki decode" },
@ -635,6 +641,9 @@ const static vocabulory_t vocabulory[] = {
{ 0, "lf visa2000 reader" }, { 0, "lf visa2000 reader" },
{ 0, "lf visa2000 clone" }, { 0, "lf visa2000 clone" },
{ 0, "lf visa2000 sim" }, { 0, "lf visa2000 sim" },
{ 1, "lf zx help" },
{ 1, "lf zx demod" },
{ 0, "lf zx reader" },
{ 1, "mem help" }, { 1, "mem help" },
{ 0, "mem baudrate" }, { 0, "mem baudrate" },
{ 0, "mem dump" }, { 0, "mem dump" },

2
common/crc.c
View file

@ -146,4 +146,4 @@ uint32_t CRC8Hitag1(uint8_t *buff, size_t size) {
crc_update2(&crc, buff[i], 8); crc_update2(&crc, buff[i], 8);
} }
return crc_finish(&crc); return crc_finish(&crc);
} }

106
doc/commands.json
View file

@ -2317,7 +2317,7 @@
}, },
"hf help": { "hf help": {
"command": "hf help", "command": "hf help",
"description": "-------- ----------------------- high frequency ----------------------- 14a { iso14443a rfids... } 14b { iso14443b rfids... } 15 { iso15693 rfids... } cipurse { cipurse transport cards... } epa { german identification card... } emrtd { machine readable travel document... } felica { iso18092 / felica rfids... } fido { fido and fido2 authenticators... } jooki { jooki rfids... } iclass { iclass rfids... } legic { legic rfids... } lto { lto cartridge memory rfids... } mf { mifare rfids... } mfp { mifare plus rfids... } mfu { mifare ultralight rfids... } mfdes { mifare desfire rfids... } seos { seos rfids... } st25ta { st25ta rfids... } thinfilm { thinfilm rfids... } topaz { topaz (nfc type 1) rfids... } waveshare { waveshare nfc epaper... } ----------- --------------------- general --------------------- help this help list list protocol data in trace buffer search search for known hf tags --------------------------------------------------------------------------------------- hf list available offline: yes alias of `trace list -t raw` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol", "description": "-------- ----------------------- high frequency ----------------------- 14a { iso14443a rfids... } 14b { iso14443b rfids... } 15 { iso15693 rfids... } cipurse { cipurse transport cards... } epa { german identification card... } emrtd { machine readable travel document... } felica { iso18092 / felica rfids... } fido { fido and fido2 authenticators... } ksx6924 { ks x 6924 (t-money, snapper+) rfids } jooki { jooki rfids... } iclass { iclass rfids... } legic { legic rfids... } lto { lto cartridge memory rfids... } mf { mifare rfids... } mfp { mifare plus rfids... } mfu { mifare ultralight rfids... } mfdes { mifare desfire rfids... } seos { seos rfids... } st25ta { st25ta rfids... } thinfilm { thinfilm rfids... } topaz { topaz (nfc type 1) rfids... } waveshare { waveshare nfc epaper... } ----------- --------------------- general --------------------- help this help list list protocol data in trace buffer search search for known hf tags --------------------------------------------------------------------------------------- hf list available offline: yes alias of `trace list -t raw` with selected protocol data to annotate trace buffer you can load a trace from file (see `trace load -h`) or it be downloaded from device by default it accepts all other arguments of `trace list`. note that some might not be relevant for this specific protocol",
"notes": [ "notes": [
"hf list -f -> show frame delay times", "hf list -f -> show frame delay times",
"hf list -1 -> use trace buffer" "hf list -1 -> use trace buffer"
@ -2834,6 +2834,75 @@
], ],
"usage": "hf jooki sim [-h] [-b <base64>]" "usage": "hf jooki sim [-h] [-b <base64>]"
}, },
"hf ksx6924 help": {
"command": "hf ksx6924 help",
"description": "help this help --------------------------------------------------------------------------------------- hf ksx6924 balance available offline: no gets the current purse balance",
"notes": [
"hf ksx6924 balance"
],
"offline": true,
"options": [
"-h, --help this help",
"-k, --keep keep field on for next command",
"-a, --apdu show apdu reqests and responses"
],
"usage": "hf ksx6924 balance [-hka]"
},
"hf ksx6924 info": {
"command": "hf ksx6924 info",
"description": "get info about a ks x 6924 transit card. this application is used by t-money (south korea) and snapper+ (wellington, new zealand).",
"notes": [
"hf ksx6924 info"
],
"offline": false,
"options": [
"-h, --help this help",
"-k, --keep keep field on for next command",
"-a, --apdu show apdu reqests and responses"
],
"usage": "hf ksx6924 info [-hka]"
},
"hf ksx6924 initialize": {
"command": "hf ksx6924 initialize",
"description": "perform transaction initialization (mpda)",
"notes": [
"hf ksx6924 initialize 000003e8 -> mpda"
],
"offline": false,
"options": [
"-h, --help this help",
"-k, --keep keep field on for next command",
"-a, --apdu show apdu reqests and responses"
],
"usage": "hf ksx6924 initialize [-hka] <mpda 4byte hex> [<mpda 4byte hex>]..."
},
"hf ksx6924 prec": {
"command": "hf ksx6924 prec",
"description": "executes proprietary read record command. data format is unknown. other records are available with 'emv getrec'.",
"notes": [
"hf ksx6924 prec 0b -> read proprietary record 0x0b"
],
"offline": false,
"options": [
"-h, --help this help",
"-k, --keep keep field on for next command",
"-a, --apdu show apdu reqests and responses"
],
"usage": "hf ksx6924 prec [-hka] <record 1byte hex> [<record 1byte hex>]..."
},
"hf ksx6924 select": {
"command": "hf ksx6924 select",
"description": "selects ks x 6924 application, and leaves field up",
"notes": [
"hf ksx6924 select"
],
"offline": false,
"options": [
"-h, --help this help",
"-a, --apdu show apdu reqests and responses"
],
"usage": "hf ksx6924 select [-ha]"
},
"hf legic crc": { "hf legic crc": {
"command": "hf legic crc", "command": "hf legic crc",
"description": "calculates the legic crc8/crc16 on the given data", "description": "calculates the legic crc8/crc16 on the given data",
@ -6236,9 +6305,11 @@
"-z, --zero <us> zero time period", "-z, --zero <us> zero time period",
"-s, --samples <dec> number of samples to collect", "-s, --samples <dec> number of samples to collect",
"-v, --verbose verbose output", "-v, --verbose verbose output",
"-k, --keep keep signal field on after receive",
"--crc-ht calculate and append crc-8/hitag (also for zx8211)",
"-@ continuous mode" "-@ continuous mode"
], ],
"usage": "lf cmdread [-hv@] [-d <us>] [-c <0|1|...>] [-e <us>]... [-o <us>] [-z <us>] [-s <dec>]" "usage": "lf cmdread [-hvk@] [-d <us>] [-c <0|1|...>] [-e <us>]... [-o <us>] [-z <us>] [-s <dec>] [--crc-ht]"
}, },
"lf cotag help": { "lf cotag help": {
"command": "lf cotag help", "command": "lf cotag help",
@ -7099,7 +7170,7 @@
}, },
"lf help": { "lf help": {
"command": "lf help", "command": "lf help",
"description": "help this help ----------- -------------- low frequency -------------- awid { awid rfids... } cotag { cotag chips... } destron { fdx-a destron rfids... } em { em chips & rfids... } fdxb { fdx-b rfids... } gallagher { gallagher rfids... } gproxii { guardall prox ii rfids... } hid { hid prox rfids... } hitag { hitag chips... } idteck { idteck rfids... } indala { indala rfids... } io { ioprox rfids... } jablotron { jablotron rfids... } keri { keri rfids... } motorola { motorola rfids... } nedap { nedap rfids... } nexwatch { nexwatch rfids... } noralsy { noralsy rfids... } pac { pac/stanley rfids... } paradox { paradox rfids... } pcf7931 { pcf7931 chips... } presco { presco rfids... } pyramid { farpointe/pyramid rfids... } securakey { securakey rfids... } ti { ti chips... } t55xx { t55xx chips... } viking { viking rfids... } visa2000 { visa2000 rfids... } ----------- --------------------- general --------------------- search read and search for valid known tag --------------------------------------------------------------------------------------- lf config available offline: no get/set config for lf sampling, bit/sample, decimation, frequency these changes are temporary, will be reset after a power cycle. - use `lf read` performs a read (active field) - use `lf sniff` performs a sniff (no active field)", "description": "help this help ----------- -------------- low frequency -------------- awid { awid rfids... } cotag { cotag chips... } destron { fdx-a destron rfids... } em { em chips & rfids... } fdxb { fdx-b rfids... } gallagher { gallagher rfids... } gproxii { guardall prox ii rfids... } hid { hid prox rfids... } hitag { hitag chips... } idteck { idteck rfids... } indala { indala rfids... } io { ioprox rfids... } jablotron { jablotron rfids... } keri { keri rfids... } motorola { motorola rfids... } nedap { nedap rfids... } nexwatch { nexwatch rfids... } noralsy { noralsy rfids... } pac { pac/stanley rfids... } paradox { paradox rfids... } pcf7931 { pcf7931 chips... } presco { presco rfids... } pyramid { farpointe/pyramid rfids... } securakey { securakey rfids... } ti { ti chips... } t55xx { t55xx chips... } viking { viking rfids... } visa2000 { visa2000 rfids... } zx { zx8211 rfids... } ----------- --------------------- general --------------------- search read and search for valid known tag --------------------------------------------------------------------------------------- lf config available offline: no get/set config for lf sampling, bit/sample, decimation, frequency these changes are temporary, will be reset after a power cycle. - use `lf read` performs a read (active field) - use `lf sniff` performs a sniff (no active field)",
"notes": [ "notes": [
"lf config -> shows current config", "lf config -> shows current config",
"lf config -b 8 --125 -> samples at 125 khz, 8 bps", "lf config -b 8 --125 -> samples at 125 khz, 8 bps",
@ -9020,6 +9091,31 @@
], ],
"usage": "lf visa2000 sim [-h] --cn <dec>" "usage": "lf visa2000 sim [-h] --cn <dec>"
}, },
"lf zx help": {
"command": "lf zx help",
"description": "help this help demod demodulate an zx 8211 tag from the graphbuffer --------------------------------------------------------------------------------------- lf zx demod available offline: yes try to find zx8211 preamble, if found decode / descramble data",
"notes": [
"lf zx demod"
],
"offline": true,
"options": [
"-h, --help this help"
],
"usage": "lf zx demod [-h]"
},
"lf zx reader": {
"command": "lf zx reader",
"description": "read a zx tag",
"notes": [
"lf zx reader -@ -> continuous reader mode"
],
"offline": false,
"options": [
"-h, --help this help",
"-@ optional - continuous reader mode"
],
"usage": "lf zx reader [-h@]"
},
"mem dump": { "mem dump": {
"command": "mem dump", "command": "mem dump",
"description": "dumps flash memory on device into a file or view in console", "description": "dumps flash memory on device into a file or view in console",
@ -10053,8 +10149,8 @@
} }
}, },
"metadata": { "metadata": {
"commands_extracted": 591, "commands_extracted": 597,
"extracted_by": "PM3Help2JSON v1.00", "extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2021-12-17T02:04:29" "extracted_on": "2021-12-27T18:30:34"
} }
} }

25
doc/commands.md
View file

@ -317,6 +317,20 @@ Check column "offline" for their availability.
|`hf fido assert `|N |`FIDO2 GetAssertion command.` |`hf fido assert `|N |`FIDO2 GetAssertion command.`
### hf ksx6924
{ KS X 6924 (T-Money, Snapper+) RFIDs }
|command |offline |description
|------- |------- |-----------
|`hf ksx6924 help `|Y |`This help`
|`hf ksx6924 balance `|N |`Get current purse balance`
|`hf ksx6924 info `|N |`Get info about a KS X 6924 (T-Money, Snapper+) transit card`
|`hf ksx6924 initialize `|N |`Perform transaction initialization (Mpda)`
|`hf ksx6924 prec `|N |`Send proprietary get record command (CLA=90, INS=4C)`
|`hf ksx6924 select `|N |`Select application, and leave field up`
### hf jooki ### hf jooki
{ Jooki RFIDs... } { Jooki RFIDs... }
@ -1112,6 +1126,17 @@ Check column "offline" for their availability.
|`lf visa2000 sim `|N |`simulate Visa2000 tag` |`lf visa2000 sim `|N |`simulate Visa2000 tag`
### lf zx
{ ZX8211 RFIDs... }
|command |offline |description
|------- |------- |-----------
|`lf zx help `|Y |`This help`
|`lf zx demod `|Y |`demodulate an ZX 8211 tag from the GraphBuffer`
|`lf zx reader `|N |`attempt to read and extract tag data`
### mem ### mem
{ Flash memory manipulation... } { Flash memory manipulation... }

2
include/pm3_cmd.h
View file

@ -581,7 +581,7 @@ typedef struct {
#define CMD_LF_T55XX_DANGERRAW 0x0231 #define CMD_LF_T55XX_DANGERRAW 0x0231
// ZX8211 // ZX8211
#define CMD_LF_ZX_READ 0x0270 #define CMD_LF_ZX_READ 0x0270
#define CMD_LF_ZX_WRITE 0x0271 #define CMD_LF_ZX_WRITE 0x0271

2
include/zx8211.h
View file

@ -21,4 +21,4 @@ typedef struct {
bool parity; bool parity;
} zx8211_data_t; } zx8211_data_t;
#endif // ZX8211_H__ #endif // ZX8211_H__