Added new standalone mode HF_ST25_TEAROFF to store/restore ST25TB tags with tearoff for counters (@seclabz)

This commit is contained in:
seclabz 2025-04-16 14:05:10 +02:00
parent cf3cb6e03a
commit 19789381df
7 changed files with 1186 additions and 4 deletions

View file

@ -5,6 +5,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
## [unreleased][unreleased] ## [unreleased][unreleased]
- Fixed `hf mf fchk --mem` to actually use flash dict (@doegox) - Fixed `hf mf fchk --mem` to actually use flash dict (@doegox)
- Fixed `make install` on OSX thanks DaveItsLong (@doegox) - Fixed `make install` on OSX thanks DaveItsLong (@doegox)
- Added new standalone mode `HF_ST25_TEAROFF` to store/restore ST25TB tags with tearoff for counters (@seclabz)
## [Blue Ice.4.20142][2025-03-25] ## [Blue Ice.4.20142][2025-03-25]
- Added `des_talk.py` script for easier MIFARE DESFire handling (@trigat) - Added `des_talk.py` script for easier MIFARE DESFire handling (@trigat)

View file

@ -119,6 +119,9 @@ define KNOWN_STANDALONE_DEFINITIONS
| HF_REBLAY | 14A Relay over BT | | HF_REBLAY | 14A Relay over BT |
| (RDV4 only) | - Salvador Mendoza | | (RDV4 only) | - Salvador Mendoza |
+----------------------------------------------------------+ +----------------------------------------------------------+
| HF_ST25_TEAROFF | Store/restore ST25TB tags with |
| | tear-off for counters - SecLabz |
+----------------------------------------------------------+
| HF_TCPRST | IKEA Rothult read/sim/dump/emul | | HF_TCPRST | IKEA Rothult read/sim/dump/emul |
| | - Nick Draffen | | | - Nick Draffen |
+----------------------------------------------------------+ +----------------------------------------------------------+
@ -139,7 +142,7 @@ endef
STANDALONE_MODES := LF_SKELETON STANDALONE_MODES := LF_SKELETON
STANDALONE_MODES += LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_MULTIHID LF_NEDAP_SIM LF_NEXID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE STANDALONE_MODES += LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_MULTIHID LF_NEDAP_SIM LF_NEXID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE
STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_15SIM HF_AVEFUL HF_BOG HF_CARDHOPPER HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_TCPRST HF_TMUDFORD HF_UNISNIFF HF_YOUNG STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_15SIM HF_AVEFUL HF_BOG HF_CARDHOPPER HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_ST25_TEAROFF HF_TCPRST HF_TMUDFORD HF_UNISNIFF HF_YOUNG
STANDALONE_MODES += DANKARMULTI STANDALONE_MODES += DANKARMULTI
STANDALONE_MODES_REQ_BT := HF_CARDHOPPER HF_REBLAY STANDALONE_MODES_REQ_BT := HF_CARDHOPPER HF_REBLAY
STANDALONE_MODES_REQ_SMARTCARD := STANDALONE_MODES_REQ_SMARTCARD :=

View file

@ -157,6 +157,10 @@ endif
ifneq (,$(findstring WITH_STANDALONE_HF_YOUNG,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_YOUNG,$(APP_CFLAGS)))
SRC_STANDALONE = hf_young.c SRC_STANDALONE = hf_young.c
endif endif
# WITH_STANDALONE_HF_ST25_TEAROFF
ifneq (,$(findstring WITH_STANDALONE_HF_ST25_TEAROFF,$(APP_CFLAGS)))
SRC_STANDALONE = hf_st25_tearoff.c
endif
ifneq (,$(findstring WITH_STANDALONE_DANKARMULTI,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_DANKARMULTI,$(APP_CFLAGS)))
SRC_STANDALONE = dankarmulti.c SRC_STANDALONE = dankarmulti.c

File diff suppressed because it is too large Load diff

View file

@ -1585,7 +1585,7 @@ static void CodeIso14443bAsReader(const uint8_t *cmd, int len, bool framing) {
/* /*
* Convenience function to encode, transmit and trace iso 14443b comms * Convenience function to encode, transmit and trace iso 14443b comms
*/ */
static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len, uint32_t *start_time, uint32_t *eof_time, bool framing) { void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len, uint32_t *start_time, uint32_t *eof_time, bool framing) {
const tosend_t *ts = get_tosend(); const tosend_t *ts = get_tosend();
CodeIso14443bAsReader(cmd, len, framing); CodeIso14443bAsReader(cmd, len, framing);
TransmitFor14443b_AsReader(start_time); TransmitFor14443b_AsReader(start_time);
@ -1800,7 +1800,7 @@ static int iso14443b_select_cts_card(iso14b_cts_card_select_t *card) {
/** /**
* SRx Initialise. * SRx Initialise.
*/ */
static int iso14443b_select_srx_card(iso14b_card_select_t *card) { int iso14443b_select_srx_card(iso14b_card_select_t *card) {
// INITIATE command: wake up the tag using the INITIATE // INITIATE command: wake up the tag using the INITIATE
static const uint8_t init_srx[] = { ISO14443B_INITIATE, 0x00, 0x97, 0x5b }; static const uint8_t init_srx[] = { ISO14443B_INITIATE, 0x00, 0x97, 0x5b };
uint8_t r_init[3] = { 0x00 }; uint8_t r_init[3] = { 0x00 };
@ -2307,7 +2307,7 @@ void iso14443b_setup(void) {
// //
// I tried to be systematic and check every answer of the tag, every CRC, etc... // I tried to be systematic and check every answer of the tag, every CRC, etc...
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
static int read_14b_srx_block(uint8_t blocknr, uint8_t *block) { int read_14b_srx_block(uint8_t blocknr, uint8_t *block) {
uint8_t cmd[] = {ISO14443B_READ_BLK, blocknr, 0x00, 0x00}; uint8_t cmd[] = {ISO14443B_READ_BLK, blocknr, 0x00, 0x00};
AddCrc14B(cmd, 2); AddCrc14B(cmd, 2);

View file

@ -45,8 +45,11 @@ int iso14443b_select_card(iso14b_card_select_t *card);
void SimulateIso14443bTag(const uint8_t *pupi); void SimulateIso14443bTag(const uint8_t *pupi);
void read_14b_st_block(uint8_t blocknr); void read_14b_st_block(uint8_t blocknr);
int read_14b_srx_block(uint8_t blocknr, uint8_t *block);
int iso14443b_select_srx_card(iso14b_card_select_t *card);
void SniffIso14443b(void); void SniffIso14443b(void);
void SendRawCommand14443B(iso14b_raw_cmd_t *p); void SendRawCommand14443B(iso14b_raw_cmd_t *p);
void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len, uint32_t *start_time, uint32_t *eof_time, bool framing);
// States for 14B SIM command // States for 14B SIM command
#define SIM_POWER_OFF 0 #define SIM_POWER_OFF 0

View file

@ -140,6 +140,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
| HF_MFCSIM | Simulate Mifare Classic 1k card storing in flashmem - Ray Lee | HF_MFCSIM | Simulate Mifare Classic 1k card storing in flashmem - Ray Lee
| HF_MSDSAL | EMV Read and emulation - Salvador Mendoza | HF_MSDSAL | EMV Read and emulation - Salvador Mendoza
| HF_REBLAY | 14A relay over BT - Salvador Mendoza | HF_REBLAY | 14A relay over BT - Salvador Mendoza
| HF_ST25_TEAROFF | Store/restore ST25TB tags with tear-off for counters - SecLabz
| HF_TCPRST | IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation - Nick Draffen | HF_TCPRST | IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation - Nick Draffen
| HF_TMUDFORD | Read and emulate ISO15693 card UID - Tim Mudford | HF_TMUDFORD | Read and emulate ISO15693 card UID - Tim Mudford
| HF_UNISNIFF | Combined 14a/14b/15 sniffer with runtime selection & extra save options | HF_UNISNIFF | Combined 14a/14b/15 sniffer with runtime selection & extra save options