diff --git a/armsrc/Standalone/lf_prox2brute.c b/armsrc/Standalone/lf_prox2brute.c index 4f092007f..ecfaac9e3 100644 --- a/armsrc/Standalone/lf_prox2brute.c +++ b/armsrc/Standalone/lf_prox2brute.c @@ -57,19 +57,19 @@ void RunMod(void) { WDT_HIT(); // exit from SamyRun, send a usbcommand. if (data_available()) { // early exit - DbpString("[=] You can take the shell back :) ..."); + DbpString("[=] You can take the shell back :) ..."); LEDsoff(); return; } } - + LED_C_ON(); WAIT_BUTTON_RELEASED(); // We are now ready to start brutforcing card numbers LEDsoff(); Dbprintf("[=] Starting HID ProxII Bruteforce from card %08x to %08x", CARDNUM_START, MIN(CARDNUM_END, 0xFFFF)); - + for (cardnum = CARDNUM_START ; cardnum <= MIN(CARDNUM_END, 0xFFFF) ; cardnum++) { WDT_HIT(); @@ -92,14 +92,14 @@ void RunMod(void) { // switch leds to be able to know (aproximatly) which card number worked (64 tries loop) LED_A_INV(); // switch led A every try - if ((cardnum-CARDNUM_START) % 8 == 7) // switch led B every 8 tries + if ((cardnum - CARDNUM_START) % 8 == 7) // switch led B every 8 tries LED_B_INV(); - if ((cardnum-CARDNUM_START) % 16 == 15) // switch led C every 16 tries + if ((cardnum - CARDNUM_START) % 16 == 15) // switch led C every 16 tries LED_C_INV(); - if ((cardnum-CARDNUM_START) % 32 == 31) // switch led D every 32 tries + if ((cardnum - CARDNUM_START) % 32 == 31) // switch led D every 32 tries LED_D_INV(); } - + SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5); // Xmax tree Dbprintf("[=] Ending HID ProxII Bruteforce from card %08x to %08x", CARDNUM_START, cardnum - 1); diff --git a/client/src/cmdhf15.c b/client/src/cmdhf15.c index 76fc4869a..035a2218e 100644 --- a/client/src/cmdhf15.c +++ b/client/src/cmdhf15.c @@ -652,14 +652,13 @@ static int CmdHF15Samples(const char *Cmd) { return PM3_SUCCESS; } -static int NxpTestEAS(uint8_t *uid) -{ - uint8_t fast = 1; +static int NxpTestEAS(uint8_t *uid) { + uint8_t fast = 1; uint8_t reply = 1; PacketResponseNG resp; uint16_t reqlen = 0; uint8_t req[PM3_CMD_DATA_SIZE] = {0}; - + req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; req[reqlen++] = ISO15693_EAS_ALARM; req[reqlen++] = 0x04; // IC manufacturer code @@ -681,7 +680,7 @@ static int NxpTestEAS(uint8_t *uid) if (resp.length < 2) { PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active"); } else { - uint8_t * recv = resp.data.asBytes; + uint8_t *recv = resp.data.asBytes; if (!(recv[0] & ISO15_RES_ERROR)) { PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active."); @@ -689,56 +688,56 @@ static int NxpTestEAS(uint8_t *uid) } } } - + return PM3_SUCCESS; -} +} static int NxpCheckSig(uint8_t *uid) { - uint8_t fast = 1; + uint8_t fast = 1; uint8_t reply = 1; PacketResponseNG resp; uint16_t reqlen = 0; uint8_t req[PM3_CMD_DATA_SIZE] = {0}; - - // Check if we can also read the signature - req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; - req[reqlen++] = ISO15693_READ_SIGNATURE; - req[reqlen++] = 0x04; // IC manufacturer code - memcpy(req + 3, uid, 8); // add UID - reqlen += 8; - AddCrc15(req, reqlen); - reqlen += 2; + // Check if we can also read the signature + req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; + req[reqlen++] = ISO15693_READ_SIGNATURE; + req[reqlen++] = 0x04; // IC manufacturer code + memcpy(req + 3, uid, 8); // add UID + reqlen += 8; - clearCommandBuffer(); - SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen); + AddCrc15(req, reqlen); + reqlen += 2; - if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) { - PrintAndLogEx(WARNING, "iso15693 timeout"); - DropField(); - return PM3_ETIMEOUT; - } + clearCommandBuffer(); + SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen); - DropField(); + if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) { + PrintAndLogEx(WARNING, "iso15693 timeout"); + DropField(); + return PM3_ETIMEOUT; + } - if (resp.length < 2) { - PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command"); - return PM3_EWRONGANSWER; - } + DropField(); - uint8_t *recv = resp.data.asBytes; + if (resp.length < 2) { + PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command"); + return PM3_EWRONGANSWER; + } - if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) { - PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0])); - return PM3_EWRONGANSWER; - } + uint8_t *recv = resp.data.asBytes; - uint8_t signature[32] = {0x00}; - memcpy(signature, recv + 1, 32); + if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) { + PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0])); + return PM3_EWRONGANSWER; + } - nxp_15693_print_signature(uid, signature); - - return PM3_SUCCESS; + uint8_t signature[32] = {0x00}; + memcpy(signature, recv + 1, 32); + + nxp_15693_print_signature(uid, signature); + + return PM3_SUCCESS; } // Get NXP system information from SLIX2 tag/VICC @@ -822,11 +821,11 @@ static int NxpSysInfo(uint8_t *uid) { PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not")); if (support_easmode) { - NxpTestEAS(uid); + NxpTestEAS(uid); } if (support_signature) { - NxpCheckSig(uid); + NxpCheckSig(uid); } return PM3_SUCCESS; @@ -968,16 +967,12 @@ static int CmdHF15Info(const char *Cmd) { if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) { PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info"); return NxpSysInfo(uid); - } - else if(data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) //If it is an NTAG 5 - { - PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info"); + } else if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) { //If it is an NTAG 5 + PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info"); return NxpSysInfo(uid); - } - else if(data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status - { - PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status"); - return NxpTestEAS(uid); + } else if (data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) { //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status + PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status"); + return NxpTestEAS(uid); } PrintAndLogEx(NORMAL, ""); diff --git a/client/src/cmdhflist.c b/client/src/cmdhflist.c index a19ecdea9..232d4af19 100644 --- a/client/src/cmdhflist.c +++ b/client/src/cmdhflist.c @@ -318,7 +318,7 @@ int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool i snprintf(exp, size, "AUTH-B(%d)", cmd[1]); break; } - case MIFARE_MAGIC_GDM_AUTH_KEYA:{ + case MIFARE_MAGIC_GDM_AUTH_KEYA: { if (cmdsize > 3) { snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]); MifareAuthState = masNt; diff --git a/client/src/cmdhftesla.c b/client/src/cmdhftesla.c index 2680daa90..58f51f4c5 100644 --- a/client/src/cmdhftesla.c +++ b/client/src/cmdhftesla.c @@ -29,7 +29,7 @@ #include "commonutil.h" // get_sw #include "protocols.h" // ISO7816 APDU return co-des #include "ui.h" -#include "cmdhf14a.h" // apdu chaining +#include "cmdhf14a.h" // apdu chaining #define TIMEOUT 2000 @@ -160,10 +160,10 @@ static int info_hf_tesla(void) { sw = get_sw(response, resplen); if (sw == ISO7816_OK) { - // save CETT for later + // save CETT for later uint8_t cert[515] = {0}; memcpy(cert, response, resplen - 2); - + PrintAndLogEx(INFO, "CERT # %i", i); PrintAndLogEx(INFO, "%s", sprint_hex_inrow(cert, resplen - 2)); } @@ -198,12 +198,12 @@ static int info_hf_tesla(void) { PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "PUBLIC KEY"); - for (int i=0; i < 3; i++) { + for (int i = 0; i < 3; i++) { PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65)); } if (form_factor[1] == 1) { PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor))); - } else if (form_factor[1] == 2){ + } else if (form_factor[1] == 2) { PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor))); } @@ -217,7 +217,7 @@ static int info_hf_tesla(void) { if ((memcmp(pk[0], pk[1], 65) == 0)) { PrintAndLogEx(INFO, " GaussKey detected"); } - // + // return PM3_SUCCESS; } diff --git a/client/src/cmdscript.c b/client/src/cmdscript.c index 57cf54084..114205708 100644 --- a/client/src/cmdscript.c +++ b/client/src/cmdscript.c @@ -433,7 +433,7 @@ static int CmdScriptRun(const char *Cmd) { #else // The following line will implicitly pre-initialize Python PyConfig_SetBytesArgv(&py_conf, argc + 1, argv); - + // We disallowed in py_conf environment variables interfering with python interpreter's behavior. // Let's manually enable the ones we truly need. // This is required by Proxspace to work with an isolated Python configuration diff --git a/client/src/pm3line_vocabulory.h b/client/src/pm3line_vocabulory.h index 5a517c645..4cd9457b5 100644 --- a/client/src/pm3line_vocabulory.h +++ b/client/src/pm3line_vocabulory.h @@ -438,6 +438,12 @@ const static vocabulory_t vocabulory[] = { { 0, "hf st25ta protect" }, { 0, "hf st25ta pwd" }, { 0, "hf st25ta sim" }, + { 1, "hf tesla help" }, + { 0, "hf tesla info" }, + { 1, "hf tesla list" }, + { 1, "hf texkom help" }, + { 0, "hf texkom reader" }, + { 0, "hf texkom sim" }, { 1, "hf thinfilm help" }, { 0, "hf thinfilm info" }, { 1, "hf thinfilm list" }, @@ -453,9 +459,6 @@ const static vocabulory_t vocabulory[] = { { 0, "hf topaz rdbl" }, { 1, "hf topaz view" }, { 0, "hf topaz wrbl" }, - { 1, "hf texkom help" }, - { 0, "hf texkom reader" }, - { 0, "hf texkom sim" }, { 1, "hf xerox help" }, { 0, "hf xerox info" }, { 0, "hf xerox reader" }, diff --git a/doc/commands.json b/doc/commands.json index 1c21f81ba..bb781adb7 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -1101,14 +1101,16 @@ "command": "hf 14a chaining", "description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.", "notes": [ - "hf 14a chaining disable -> disable chaining", + "hf 14a chaining --off -> disable chaining", "hf 14a chaining -> show chaining enable/disable state" ], "offline": false, "options": [ - "-h, --help This help" + "-h, --help This help", + "-1, --on enabled chaining", + "-0, --off disable chaining" ], - "usage": "hf 14a chaining [-h] []" + "usage": "hf 14a chaining [-h10]" }, "hf 14a config": { "command": "hf 14a config", @@ -2881,7 +2883,7 @@ }, "hf help": { "command": "hf help", - "description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } texkom { Texkom RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags", + "description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } tesla { TESLA Cards... } texkom { Texkom RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags", "notes": [], "offline": true, "options": [], @@ -6684,6 +6686,47 @@ ], "usage": "hf st25ta sim [-h] -u " }, + "hf tesla help": { + "command": "hf tesla help", + "description": "help This help list List ISO 14443A/7816 history", + "notes": [], + "offline": true, + "options": [], + "usage": "" + }, + "hf tesla info": { + "command": "hf tesla info", + "description": "Get info about TESLA Key tag", + "notes": [ + "hf tesla info" + ], + "offline": false, + "options": [ + "-h, --help This help" + ], + "usage": "hf telsa info [-h]" + }, + "hf tesla list": { + "command": "hf tesla list", + "description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol", + "notes": [ + "hf tesla list --frame -> show frame delay times", + "hf tesla list -1 -> use trace buffer" + ], + "offline": true, + "options": [ + "-h, --help This help", + "-1, --buffer use data from trace buffer", + "--frame show frame delay times", + "-c mark CRC bytes", + "-r show relative times (gap and duration)", + "-u display times in microseconds instead of clock cycles", + "-x show hexdump to convert to pcap(ng)", + "or to import into Wireshark using encapsulation type \"ISO 14443\"", + "-f, --file filename of dictionary" + ], + "usage": "hf tesla list [-h1crux] [--frame] [-f ]" + }, "hf texkom help": { "command": "hf texkom help", "description": "help This help", @@ -11760,8 +11803,8 @@ } }, "metadata": { - "commands_extracted": 739, + "commands_extracted": 742, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2023-01-15T01:24:39" + "extracted_on": "2023-01-27T01:57:37" } } \ No newline at end of file diff --git a/doc/commands.md b/doc/commands.md index 1c6110cea..79499915b 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -651,6 +651,28 @@ Check column "offline" for their availability. |`hf st25ta sim `|N |`Fake ISO 14443A/ST tag` +### hf tesla + + { TESLA Cards... } + +|command |offline |description +|------- |------- |----------- +|`hf tesla help `|Y |`This help` +|`hf tesla info `|N |`Tag information` +|`hf tesla list `|Y |`List ISO 14443A/7816 history` + + +### hf texkom + + { Texkom RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf texkom help `|Y |`This help` +|`hf texkom reader `|N |`Act like a Texkom reader` +|`hf texkom sim `|N |`Simulate a Texkom tag` + + ### hf thinfilm { Thinfilm RFIDs... } @@ -682,17 +704,6 @@ Check column "offline" for their availability. |`hf topaz wrbl `|N |`Write block` -### hf texkom - - { Texkom RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf texkom help `|Y |`This help` -|`hf texkom reader `|N |`Act like a Texkom reader` -|`hf texkom sim `|N |`Simulate a Texkom tag` - - ### hf xerox { Fuji/Xerox cartridge RFIDs... }