diff --git a/CHANGELOG.md b/CHANGELOG.md index 6431af575..36d637697 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1728,7 +1728,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Added `lf t55xx recoverpw` - adds a new password recovery using bitflips and partial flips if password write went bad. (@alexgrin) - `hf legic` - added improved legic data mapping. (jason) - `hf mf mifare` - added possibility to target key A|B (@douniwan5788) - - Added `analyse lcr` - added a new main command group, to help analysing bytes & bits & nibbles. (@iceman1001) + - Added `analyse lrc` - added a new main command group, to help analysing bytes & bits & nibbles. (@iceman1001) - Added `lf nedap` - added identification of a NEDAP tag. (@iceman1001) - `lf viking clone` - fixed a bug. (@iceman1001) - Added bitsliced bruteforce solver in `hf mf hardnested` (@Aczid) diff --git a/armsrc/Standalone/hf_cardhopper.c b/armsrc/Standalone/hf_cardhopper.c index bf31e061a..4b4321a37 100644 --- a/armsrc/Standalone/hf_cardhopper.c +++ b/armsrc/Standalone/hf_cardhopper.c @@ -492,7 +492,7 @@ static void read_packet(packet_t *packet) { if (packet->len == 0x50 && dataReceived >= sizeof(PacketResponseNGPreamble) && packet->dat[0] == 0x4D && packet->dat[1] == 0x33 && packet->dat[2] == 0x61) { // PM3 NG packet magic - DbpString(_CYAN_("[@]") " PM3 NG packet recieved - ignoring"); + DbpString(_CYAN_("[@]") " PM3 NG packet received - ignoring"); // clear any remaining buffered data while (cardhopper_data_available()) { diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 0aabc64be..f14e48504 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -4047,15 +4047,15 @@ void SimulateIso14443aTagAID(uint8_t tagType, uint16_t flags, uint8_t *data, uin // aid len is found as a hex value in receivedCmd[6] (Index Starts at 0) int aid_len = receivedCmd[6]; - uint8_t *recieved_aid = &receivedCmd[7]; + uint8_t *received_aid = &receivedCmd[7]; // aid enumeration flag if (enumerate == true) { Dbprintf("Received AID (%d):", aid_len); - Dbhexdump(aid_len, recieved_aid, false); + Dbhexdump(aid_len, received_aid, false); } - if (memcmp(aidFilter, recieved_aid, aid_len) == 0) { // Evaluate the AID sent by the Reader to the AID supplied + if (memcmp(aidFilter, received_aid, aid_len) == 0) { // Evaluate the AID sent by the Reader to the AID supplied // AID Response will be parsed here memcpy(dynamic_response_info.response + 2, aidResponse, respondLen + 2); dynamic_response_info.response_n = respondLen + 2; diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 60372aa3f..9f4b87674 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -480,7 +480,7 @@ int mifare_ultra_aes_auth(uint8_t keyno, uint8_t *keybytes) { mbedtls_aes_setkey_enc(&actx, key, 128); mbedtls_aes_crypt_cbc(&actx, MBEDTLS_AES_ENCRYPT, sizeof(enc_rnd_ab), IV, rnd_ab, enc_rnd_ab); - // send & recieve + // send & receive len = mifare_sendcmd(MIFARE_ULAES_AUTH_2, enc_rnd_ab, sizeof(enc_rnd_ab), resp, sizeof(resp), respPar, NULL); if (len != 19) { if (g_dbglevel >= DBG_ERROR) Dbprintf("Cmd Error: %02x - expected 19 got " _RED_("%u"), resp[0], len); diff --git a/client/src/cmdanalyse.c b/client/src/cmdanalyse.c index d3456950d..d5f86a161 100644 --- a/client/src/cmdanalyse.c +++ b/client/src/cmdanalyse.c @@ -40,10 +40,10 @@ static int CmdHelp(const char *Cmd); static uint8_t calculateLRC(const uint8_t *d, uint8_t n) { - uint8_t lcr = 0; + uint8_t lrc = 0; for (uint8_t i = 0; i < n; i++) - lcr ^= d[i]; - return lcr; + lrc ^= d[i]; + return lrc; } /* static uint16_t matrixadd ( uint8_t* bytes, uint8_t len){ @@ -242,17 +242,17 @@ static int CmdAnalyseLfsr(const char *Cmd) { return PM3_SUCCESS; } -static int CmdAnalyseLCR(const char *Cmd) { +static int CmdAnalyseLRC(const char *Cmd) { CLIParserContext *ctx; - CLIParserInit(&ctx, "analyse lcr", + CLIParserInit(&ctx, "analyse lrc", "Specifying the bytes of a UID with a known LRC will find the last byte value\n" "needed to generate that LRC with a rolling XOR. All bytes should be specified in HEX.", - "analyse lcr -d 04008064BA -> Target (BA) requires final LRC XOR byte value: 5A" + "analyse lrc -d 04008064BA -> Target (BA) requires final LRC XOR byte value: 5A" ); void *argtable[] = { arg_param_begin, - arg_str1("d", "data", "", "bytes to calc missing XOR in a LCR"), + arg_str1("d", "data", "", "bytes to calc missing XOR in a LRC"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); @@ -1171,7 +1171,7 @@ static int CmdAnalyseUnits(const char *Cmd) { static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, - {"lcr", CmdAnalyseLCR, AlwaysAvailable, "Generate final byte for XOR LRC"}, + {"lrc", CmdAnalyseLRC, AlwaysAvailable, "Generate final byte for XOR LRC"}, {"crc", CmdAnalyseCRC, AlwaysAvailable, "Stub method for CRC evaluations"}, {"chksum", CmdAnalyseCHKSUM, AlwaysAvailable, "Checksum with adding, masking and one's complement"}, {"dates", CmdAnalyseDates, AlwaysAvailable, "Look for datestamps in a given array of bytes"}, diff --git a/client/src/pm3line_vocabulary.h b/client/src/pm3line_vocabulary.h index 4c67baf01..bd7fdbc45 100644 --- a/client/src/pm3line_vocabulary.h +++ b/client/src/pm3line_vocabulary.h @@ -63,7 +63,7 @@ const static vocabulary_t vocabulary[] = { { 1, "prefs set output" }, { 1, "prefs set plotsliders" }, { 1, "analyse help" }, - { 1, "analyse lcr" }, + { 1, "analyse lrc" }, { 1, "analyse crc" }, { 1, "analyse chksum" }, { 1, "analyse dates" }, @@ -267,6 +267,7 @@ const static vocabulary_t vocabulary[] = { { 0, "hf gallagher delete" }, { 1, "hf gallagher diversifykey" }, { 1, "hf gallagher decode" }, + { 1, "hf gallagher encode" }, { 1, "hf iclass help" }, { 1, "hf iclass list" }, { 0, "hf iclass dump" }, diff --git a/doc/commands.json b/doc/commands.json index f28a7e93b..7031a6922 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -97,16 +97,16 @@ }, "analyse help": { "command": "analyse help", - "description": "help This help lcr Generate final byte for XOR LRC crc Stub method for CRC evaluations chksum Checksum with adding, masking and one's complement dates Look for datestamps in a given array of bytes lfsr LFSR tests a num bits test nuid create NUID from 7byte UID demodbuff Load binary string to DemodBuffer freq Calc wave lengths foo muxer units convert ETU <> US <> SSP_CLK (3.39MHz) --------------------------------------------------------------------------------------- analyse lcr available offline: yes Specifying the bytes of a UID with a known LRC will find the last byte value needed to generate that LRC with a rolling XOR. All bytes should be specified in HEX.", + "description": "help This help lrc Generate final byte for XOR LRC crc Stub method for CRC evaluations chksum Checksum with adding, masking and one's complement dates Look for datestamps in a given array of bytes lfsr LFSR tests a num bits test nuid create NUID from 7byte UID demodbuff Load binary string to DemodBuffer freq Calc wave lengths foo muxer units convert ETU <> US <> SSP_CLK (3.39MHz) --------------------------------------------------------------------------------------- analyse lrc available offline: yes Specifying the bytes of a UID with a known LRC will find the last byte value needed to generate that LRC with a rolling XOR. All bytes should be specified in HEX.", "notes": [ - "analyse lcr -d 04008064BA -> Target (BA) requires final LRC XOR byte value: 5A" + "analyse lrc -d 04008064BA -> Target (BA) requires final LRC XOR byte value: 5A" ], "offline": true, "options": [ "-h, --help This help", - "-d, --data bytes to calc missing XOR in a LCR" + "-d, --data bytes to calc missing XOR in a LRC" ], - "usage": "analyse lcr [-h] -d " + "usage": "analyse lrc [-h] -d " }, "analyse lfsr": { "command": "analyse lfsr", @@ -380,15 +380,15 @@ }, "data envelope": { "command": "data envelope", - "description": "Create an square envelop of the samples", + "description": "Create an square envelope of the samples", "notes": [ - "data envelop" + "data envelope" ], "offline": true, "options": [ "-h, --help This help" ], - "usage": "data envelop [-h]" + "usage": "data envelope [-h]" }, "data fsktonrz": { "command": "data fsktonrz", @@ -582,7 +582,7 @@ "description": "Function takes a decimal or hexdecimal number and print it in decimal/hex/binary Will print message if number is a prime number", "notes": [ "data num --dec 2023", - "data num --hex 0x1000" + "data num --hex 2A" ], "offline": true, "options": [ @@ -3141,9 +3141,25 @@ ], "usage": "hf gallagher diversify [-h] --aid [--keynum ] [--uid ] [--sitekey ] [--apdu]" }, + "hf gallagher encode": { + "command": "hf gallagher encode", + "description": "Encode a Gallagher credential block Credential block can be specified with or without the bitwise inverse.", + "notes": [ + "hf gallagher encode --rc 1 --fc 22153 --cn 1253518 --il 1" + ], + "offline": true, + "options": [ + "-h, --help This help", + "-r, --rc Region code. 4 bits max", + "-f, --fc Facility code. 2 bytes max", + "-c, --cn Card number. 3 bytes max", + "-i, --il Issue level. 4 bits max" + ], + "usage": "hf gallagher encode [-h] -r -f -c -i " + }, "hf gallagher help": { "command": "hf gallagher help", - "description": "help This help diversifykey Diversify Gallagher key decode Decode Gallagher credential block --------------------------------------------------------------------------------------- hf gallagher reader available offline: no Read a Gallagher DESFire tag from the Card Application Directory, CAD Specify site key is required if using non-default key", + "description": "help This help diversifykey Diversify Gallagher key decode Decode Gallagher credential block encode Encode Gallagher credential block --------------------------------------------------------------------------------------- hf gallagher reader available offline: no Read a Gallagher DESFire tag from the Card Application Directory, CAD Specify site key is required if using non-default key", "notes": [ "hf gallagher reader -@ -> continuous reader mode", "hf gallagher reader --aid 2081f4 --sitekey 00112233445566778899aabbccddeeff -> skip CAD" @@ -4367,9 +4383,10 @@ "options": [ "-h, --help This help", "-b, --blk block number", - "-v, --verbose verbose output" + "-v, --verbose verbose output", + "--gdm use gdm alt (20/23) magic wakeup" ], - "usage": "hf mf cgetblk [-hv] -b " + "usage": "hf mf cgetblk [-hv] -b [--gdm]" }, "hf mf cgetsc": { "command": "hf mf cgetsc", @@ -4381,9 +4398,10 @@ "options": [ "-h, --help This help", "-s, --sec sector number", - "-v, --verbose verbose output" + "-v, --verbose verbose output", + "--gdm use gdm alt (20/23) magic wakeup" ], - "usage": "hf mf cgetsc [-hv] -s " + "usage": "hf mf cgetsc [-hv] -s [--gdm]" }, "hf mf chk": { "command": "hf mf chk", @@ -4431,9 +4449,10 @@ "--1k MIFARE Classic 1k / S50 (def)", "--2k MIFARE Classic/Plus 2k", "--4k MIFARE Classic 4k / S70", - "--emu from emulator memory" + "--emu from emulator memory", + "--gdm use gdm alt (20/23) magic wakeup" ], - "usage": "hf mf cload [-h] [-f ] [--mini] [--1k] [--2k] [--4k] [--emu]" + "usage": "hf mf cload [-h] [-f ] [--mini] [--1k] [--2k] [--4k] [--emu] [--gdm]" }, "hf mf csave": { "command": "hf mf csave", @@ -4450,9 +4469,10 @@ "--1k MIFARE Classic 1k / S50 (def)", "--2k MIFARE Classic/Plus 2k", "--4k MIFARE Classic 4k / S70", - "--emu to emulator memory" + "--emu to emulator memory", + "--gdm to emulator memory" ], - "usage": "hf mf csave [-h] [-f ] [--mini] [--1k] [--2k] [--4k] [--emu]" + "usage": "hf mf csave [-h] [-f ] [--mini] [--1k] [--2k] [--4k] [--emu] [--gdm]" }, "hf mf csetblk": { "command": "hf mf csetblk", @@ -4465,9 +4485,10 @@ "-h, --help This help", "-b, --blk block number", "-d, --data bytes to write, 16 hex bytes", - "-w, --wipe wipes card with backdoor cmd before writing" + "-w, --wipe wipes card with backdoor cmd before writing", + "--gdm use gdm alt (20/23) magic wakeup" ], - "usage": "hf mf csetblk [-hw] -b [-d ]" + "usage": "hf mf csetblk [-hw] -b [-d ] [--gdm]" }, "hf mf csetuid": { "command": "hf mf csetuid", @@ -4482,9 +4503,10 @@ "-w, --wipe wipes card with backdoor cmd`", "-u, --uid UID, 4/7 hex bytes", "-a, --atqa ATQA, 2 hex bytes", - "-s, --sak SAK, 1 hex byte" + "-s, --sak SAK, 1 hex byte", + "--gdm use gdm alt (20/23) magic wakeup" ], - "usage": "hf mf csetuid [-hw] [-u ] [-a ] [-s ]" + "usage": "hf mf csetuid [-hw] [-u ] [-a ] [-s ] [--gdm]" }, "hf mf cview": { "command": "hf mf cview", @@ -4500,9 +4522,10 @@ "--1k MIFARE Classic 1k / S50 (def)", "--2k MIFARE Classic/Plus 2k", "--4k MIFARE Classic 4k / S70", - "-v, --verbose verbose output" + "-v, --verbose verbose output", + "--gdm use gdm alt (20/23) magic wakeup" ], - "usage": "hf mf cview [-hv] [--mini] [--1k] [--2k] [--4k]" + "usage": "hf mf cview [-hv] [--mini] [--1k] [--2k] [--4k] [--gdm]" }, "hf mf cwipe": { "command": "hf mf cwipe", @@ -4516,9 +4539,10 @@ "-h, --help This help", "-u, --uid UID, 4 hex bytes", "-a, --atqa ATQA, 2 hex bytes", - "-s, --sak SAK, 1 hex byte" + "-s, --sak SAK, 1 hex byte", + "--gdm use gdm alt (20/23) magic wakeup" ], - "usage": "hf mf cwipe [-h] [-u ] [-a ] [-s ]" + "usage": "hf mf cwipe [-h] [-u ] [-a ] [-s ] [--gdm]" }, "hf mf darkside": { "command": "hf mf darkside", @@ -5383,17 +5407,18 @@ "--1k MIFARE Classic 1k / S50", "--2k MIFARE Classic/Plus 2k", "--4k MIFARE Classic 4k / S70", - "--atqa Provide explicit ATQA (2 bytes, overrides option t)", - "--sak Provide explicit SAK (1 bytes, overrides option t)", + "--atqa Provide explicit ATQA (2 bytes)", + "--sak Provide explicit SAK (1 bytes)", "-n, --num Automatically exit simulation after blocks have been read by reader. 0 = infinite", "-i, --interactive Console will not be returned until simulation finishes or is aborted", "-x Performs the 'reader attack', nr/ar attack against a reader.", "-y Performs the nested 'reader attack'. This requires preloading nt & nt_enc in emulator memory. Implies -x.", "-e, --emukeys Fill simulator keys from found keys. Requires -x or -y. Implies -i. Simulation will restart automatically.", - "-v, --verbose verbose output", - "--cve trigger CVE 2021_0430" + "--allowkeyb Allow key B even if readable", + "-v, --verbose Verbose output", + "--cve Trigger CVE 2021_0430" ], - "usage": "hf mf sim [-hixyev] [-u ] [--mini] [--1k] [--2k] [--4k] [--atqa ] [--sak ] [-n ] [--cve]" + "usage": "hf mf sim [-hixyev] [-u ] [--mini] [--1k] [--2k] [--4k] [--atqa ] [--sak ] [-n ] [--allowkeyb] [--cve]" }, "hf mf staticnested": { "command": "hf mf staticnested", @@ -8501,7 +8526,7 @@ "lf cmdread -d 50 -z 116 -o 166 -e W3000 -c W11000 -> probing for Hitag 2/S", "lf cmdread -d 50 -z 116 -o 166 -e W3000 -c W11010 -> probing for Hitag S", "lf cmdread -d 50 -z 116 -o 166 -e W3000 -c W11000 -s 2000 -@ -> probing for Hitag 2/S, oscilloscope style", - "lf cmdread -d 48 -z 112 -o 176 -e W3000 -e S240 -e E336 -c W0S00000010000E -> probing for Hitag \u00b5(micro)" + "lf cmdread -d 48 -z 112 -o 176 -e W3000 -e S240 -e E336 -c W0S00000010000E -> probing for Hitag \u00e6(micro)" ], "offline": false, "options": [ @@ -9737,7 +9762,7 @@ "-1, --ht1 Card type Hitag 1", "-2, --ht2 Card type Hitag 2", "-s, --hts Card type Hitag S", - "-m, --htm Card type Hitag \u03bc" + "-m, --htm Card type Hitag \u00ce\u00bc" ], "usage": "lf hitag eload [-h12sm] -f " }, @@ -9813,10 +9838,11 @@ "--nrar nonce / answer writer, 8 hex bytes", "--crypto crypto mode", "-k, --key pwd or key, 4 or 6 hex bytes", + "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", "-p, --page page address to read from", - "-c, --count how many pages to read. '0' reads all pages up to the end page (default: 1)" + "-c, --count how many pages to read. '0' reads all pages up to the end page (def: 1)" ], - "usage": "lf hitag hts rdbl [-h8] [--nrar ] [--crypto] [-k ] [-p ] [-c ]" + "usage": "lf hitag hts rdbl [-h8] [--nrar ] [--crypto] [-k ] [-m ] [-p ] [-c ]" }, "lf hitag hts reader": { "command": "lf hitag hts reader", @@ -9863,10 +9889,11 @@ "--nrar nonce / answer writer, 8 hex bytes", "--crypto crypto mode", "-k, --key pwd or key, 4 or 6 hex bytes", + "-m, --mode response protocol mode. 0 (Standard 00110), 1 (Advanced 11000), 2 (Advanced 11001), 3 (Fast Advanced 11010) (def: 3)", "-p, --page page address to write to", "-d, --data data, 4 hex bytes" ], - "usage": "lf hitag hts wrbl [-h8] [--nrar ] [--crypto] [-k ] -p -d " + "usage": "lf hitag hts wrbl [-h8] [--nrar ] [--crypto] [-k ] [-m ] -p -d " }, "lf hitag info": { "command": "lf hitag info", @@ -12976,8 +13003,8 @@ } }, "metadata": { - "commands_extracted": 748, + "commands_extracted": 749, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2024-10-18T15:36:53" + "extracted_on": "2024-11-02T12:57:51" } } diff --git a/doc/commands.md b/doc/commands.md index 717b659aa..c78c4aea1 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -74,7 +74,7 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`analyse help `|Y |`This help` -|`analyse lcr `|Y |`Generate final byte for XOR LRC` +|`analyse lrc `|Y |`Generate final byte for XOR LRC` |`analyse crc `|Y |`Stub method for CRC evaluations` |`analyse chksum `|Y |`Checksum with adding, masking and one's complement` |`analyse dates `|Y |`Look for datestamps in a given array of bytes` @@ -382,6 +382,7 @@ Check column "offline" for their availability. |`hf gallagher delete `|N |`Delete Gallagher credentials from a DESFire card` |`hf gallagher diversifykey`|Y |`Diversify Gallagher key` |`hf gallagher decode `|Y |`Decode Gallagher credential block` +|`hf gallagher encode `|Y |`Encode Gallagher credential block` ### hf iclass diff --git a/doc/magic_cards_notes.md b/doc/magic_cards_notes.md index 088756c49..87b9aa8b9 100644 --- a/doc/magic_cards_notes.md +++ b/doc/magic_cards_notes.md @@ -374,7 +374,7 @@ UID 4b: (actually NUID as there are no more "unique" IDs on 4b) ``` -Computing BCC on UID 11223344: `analyse lcr -d 11223344` = `44` +Computing BCC on UID 11223344: `analyse lrc -d 11223344` = `44` UID 7b: @@ -1607,9 +1607,9 @@ BCC1 Int LCK0 LCK1 UID is made of SN0..SN6 bytes -Computing BCC0 on UID 04112233445566: `analyse lcr -d 88041122` = `bf` +Computing BCC0 on UID 04112233445566: `analyse lrc -d 88041122` = `bf` -Computing BCC1 on UID 04112233445566: `analyse lcr -d 33445566` = `44` +Computing BCC1 on UID 04112233445566: `analyse lrc -d 33445566` = `44` Int is internal, typically 0x48