github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-07-16 10:03:04 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

style

Browse source
This commit is contained in:
iceman1001 2023-01-27 03:00:26 +01:00
parent 67ef18f4ed
commit 37d059d56f
8 changed files with 137 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

14
armsrc/Standalone/lf_prox2brute.c
View file

@ -57,19 +57,19 @@ void RunMod(void) {
WDT_HIT();
// exit from SamyRun, send a usbcommand.
if (data_available()) { // early exit
DbpString("[=] You can take the shell back :) ...");
DbpString("[=] You can take the shell back :) ...");
LEDsoff();
return;
}
}
LED_C_ON();
WAIT_BUTTON_RELEASED(); // We are now ready to start brutforcing card numbers
LEDsoff();
Dbprintf("[=] Starting HID ProxII Bruteforce from card %08x to %08x",
CARDNUM_START, MIN(CARDNUM_END, 0xFFFF));
for (cardnum = CARDNUM_START ; cardnum <= MIN(CARDNUM_END, 0xFFFF) ; cardnum++) {
WDT_HIT();
@ -92,14 +92,14 @@ void RunMod(void) {
// switch leds to be able to know (aproximatly) which card number worked (64 tries loop)
LED_A_INV(); // switch led A every try
if ((cardnum-CARDNUM_START) % 8 == 7) // switch led B every 8 tries
if ((cardnum - CARDNUM_START) % 8 == 7) // switch led B every 8 tries
LED_B_INV();
if ((cardnum-CARDNUM_START) % 16 == 15) // switch led C every 16 tries
if ((cardnum - CARDNUM_START) % 16 == 15) // switch led C every 16 tries
LED_C_INV();
if ((cardnum-CARDNUM_START) % 32 == 31) // switch led D every 32 tries
if ((cardnum - CARDNUM_START) % 32 == 31) // switch led D every 32 tries
LED_D_INV();
}
SpinErr((LED_A | LED_B | LED_C | LED_D), 250, 5); // Xmax tree
Dbprintf("[=] Ending HID ProxII Bruteforce from card %08x to %08x",
CARDNUM_START, cardnum - 1);

95
client/src/cmdhf15.c
View file

@ -652,14 +652,13 @@ static int CmdHF15Samples(const char *Cmd) {
return PM3_SUCCESS;
}
static int NxpTestEAS(uint8_t *uid)
{
uint8_t fast = 1;
static int NxpTestEAS(uint8_t *uid) {
uint8_t fast = 1;
uint8_t reply = 1;
PacketResponseNG resp;
uint16_t reqlen = 0;
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_EAS_ALARM;
req[reqlen++] = 0x04; // IC manufacturer code
@ -681,7 +680,7 @@ static int NxpTestEAS(uint8_t *uid)
if (resp.length < 2) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active");
} else {
uint8_t * recv = resp.data.asBytes;
uint8_t *recv = resp.data.asBytes;
if (!(recv[0] & ISO15_RES_ERROR)) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active.");
@ -689,56 +688,56 @@ static int NxpTestEAS(uint8_t *uid)
}
}
}
return PM3_SUCCESS;
}
}
static int NxpCheckSig(uint8_t *uid) {
uint8_t fast = 1;
uint8_t fast = 1;
uint8_t reply = 1;
PacketResponseNG resp;
uint16_t reqlen = 0;
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
// Check if we can also read the signature
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_READ_SIGNATURE;
req[reqlen++] = 0x04; // IC manufacturer code
memcpy(req + 3, uid, 8); // add UID
reqlen += 8;
AddCrc15(req, reqlen);
reqlen += 2;
// Check if we can also read the signature
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_READ_SIGNATURE;
req[reqlen++] = 0x04; // IC manufacturer code
memcpy(req + 3, uid, 8); // add UID
reqlen += 8;
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
AddCrc15(req, reqlen);
reqlen += 2;
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "iso15693 timeout");
DropField();
return PM3_ETIMEOUT;
}
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
DropField();
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "iso15693 timeout");
DropField();
return PM3_ETIMEOUT;
}
if (resp.length < 2) {
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
return PM3_EWRONGANSWER;
}
DropField();
uint8_t *recv = resp.data.asBytes;
if (resp.length < 2) {
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
return PM3_EWRONGANSWER;
}
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
return PM3_EWRONGANSWER;
}
uint8_t *recv = resp.data.asBytes;
uint8_t signature[32] = {0x00};
memcpy(signature, recv + 1, 32);
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
return PM3_EWRONGANSWER;
}
nxp_15693_print_signature(uid, signature);
return PM3_SUCCESS;
uint8_t signature[32] = {0x00};
memcpy(signature, recv + 1, 32);
nxp_15693_print_signature(uid, signature);
return PM3_SUCCESS;
}
// Get NXP system information from SLIX2 tag/VICC
@ -822,11 +821,11 @@ static int NxpSysInfo(uint8_t *uid) {
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not"));
if (support_easmode) {
NxpTestEAS(uid);
NxpTestEAS(uid);
}
if (support_signature) {
NxpCheckSig(uid);
NxpCheckSig(uid);
}
return PM3_SUCCESS;
@ -968,16 +967,12 @@ static int CmdHF15Info(const char *Cmd) {
if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) {
PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info");
return NxpSysInfo(uid);
}
else if(data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) //If it is an NTAG 5
{
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
} else if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) { //If it is an NTAG 5
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
return NxpSysInfo(uid);
}
else if(data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
{
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
return NxpTestEAS(uid);
} else if (data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) { //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
return NxpTestEAS(uid);
}
PrintAndLogEx(NORMAL, "");

2
client/src/cmdhflist.c
View file

@ -318,7 +318,7 @@ int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool i
snprintf(exp, size, "AUTH-B(%d)", cmd[1]);
break;
}
case MIFARE_MAGIC_GDM_AUTH_KEYA:{
case MIFARE_MAGIC_GDM_AUTH_KEYA: {
if (cmdsize > 3) {
snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]);
MifareAuthState = masNt;

12
client/src/cmdhftesla.c
View file

@ -29,7 +29,7 @@
#include "commonutil.h" // get_sw
#include "protocols.h" // ISO7816 APDU return co-des
#include "ui.h"
#include "cmdhf14a.h" // apdu chaining
#include "cmdhf14a.h" // apdu chaining
#define TIMEOUT 2000
@ -160,10 +160,10 @@ static int info_hf_tesla(void) {
sw = get_sw(response, resplen);
if (sw == ISO7816_OK) {
// save CETT for later
// save CETT for later
uint8_t cert[515] = {0};
memcpy(cert, response, resplen - 2);
PrintAndLogEx(INFO, "CERT # %i", i);
PrintAndLogEx(INFO, "%s", sprint_hex_inrow(cert, resplen - 2));
}
@ -198,12 +198,12 @@ static int info_hf_tesla(void) {
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "PUBLIC KEY");
for (int i=0; i < 3; i++) {
for (int i = 0; i < 3; i++) {
PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65));
}
if (form_factor[1] == 1) {
PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
} else if (form_factor[1] == 2){
} else if (form_factor[1] == 2) {
PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
}
@ -217,7 +217,7 @@ static int info_hf_tesla(void) {
if ((memcmp(pk[0], pk[1], 65) == 0)) {
PrintAndLogEx(INFO, " GaussKey detected");
}
//
//
return PM3_SUCCESS;
}

2
client/src/cmdscript.c
View file

@ -433,7 +433,7 @@ static int CmdScriptRun(const char *Cmd) {
#else
// The following line will implicitly pre-initialize Python
PyConfig_SetBytesArgv(&py_conf, argc + 1, argv);
// We disallowed in py_conf environment variables interfering with python interpreter's behavior.
// Let's manually enable the ones we truly need.
// This is required by Proxspace to work with an isolated Python configuration

9
client/src/pm3line_vocabulory.h
View file

@ -438,6 +438,12 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf st25ta protect" },
{ 0, "hf st25ta pwd" },
{ 0, "hf st25ta sim" },
{ 1, "hf tesla help" },
{ 0, "hf tesla info" },
{ 1, "hf tesla list" },
{ 1, "hf texkom help" },
{ 0, "hf texkom reader" },
{ 0, "hf texkom sim" },
{ 1, "hf thinfilm help" },
{ 0, "hf thinfilm info" },
{ 1, "hf thinfilm list" },
@ -453,9 +459,6 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf topaz rdbl" },
{ 1, "hf topaz view" },
{ 0, "hf topaz wrbl" },
{ 1, "hf texkom help" },
{ 0, "hf texkom reader" },
{ 0, "hf texkom sim" },
{ 1, "hf xerox help" },
{ 0, "hf xerox info" },
{ 0, "hf xerox reader" },

55
doc/commands.json
View file

@ -1101,14 +1101,16 @@
"command": "hf 14a chaining",
"description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.",
"notes": [
"hf 14a chaining disable -> disable chaining",
"hf 14a chaining --off -> disable chaining",
"hf 14a chaining -> show chaining enable/disable state"
],
"offline": false,
"options": [
"-h, --help This help"
"-h, --help This help",
"-1, --on enabled chaining",
"-0, --off disable chaining"
],
"usage": "hf 14a chaining [-h] [<enable/disable or 0/1>]"
"usage": "hf 14a chaining [-h10]"
},
"hf 14a config": {
"command": "hf 14a config",
@ -2881,7 +2883,7 @@
},
"hf help": {
"command": "hf help",
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } texkom { Texkom RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } tesla { TESLA Cards... } texkom { Texkom RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
"notes": [],
"offline": true,
"options": [],
@ -6684,6 +6686,47 @@
],
"usage": "hf st25ta sim [-h] -u <hex>"
},
"hf tesla help": {
"command": "hf tesla help",
"description": "help This help list List ISO 14443A/7816 history",
"notes": [],
"offline": true,
"options": [],
"usage": ""
},
"hf tesla info": {
"command": "hf tesla info",
"description": "Get info about TESLA Key tag",
"notes": [
"hf tesla info"
],
"offline": false,
"options": [
"-h, --help This help"
],
"usage": "hf telsa info [-h]"
},
"hf tesla list": {
"command": "hf tesla list",
"description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol",
"notes": [
"hf tesla list --frame -> show frame delay times",
"hf tesla list -1 -> use trace buffer"
],
"offline": true,
"options": [
"-h, --help This help",
"-1, --buffer use data from trace buffer",
"--frame show frame delay times",
"-c mark CRC bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into Wireshark using encapsulation type \"ISO 14443\"",
"-f, --file <fn> filename of dictionary"
],
"usage": "hf tesla list [-h1crux] [--frame] [-f <fn>]"
},
"hf texkom help": {
"command": "hf texkom help",
"description": "help This help",
@ -11760,8 +11803,8 @@
}
},
"metadata": {
"commands_extracted": 739,
"commands_extracted": 742,
"extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2023-01-15T01:24:39"
"extracted_on": "2023-01-27T01:57:37"
}
}

33
doc/commands.md
View file

@ -651,6 +651,28 @@ Check column "offline" for their availability.
|`hf st25ta sim `|N |`Fake ISO 14443A/ST tag`
### hf tesla
{ TESLA Cards... }
|command |offline |description
|------- |------- |-----------
|`hf tesla help `|Y |`This help`
|`hf tesla info `|N |`Tag information`
|`hf tesla list `|Y |`List ISO 14443A/7816 history`
### hf texkom
{ Texkom RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf texkom help `|Y |`This help`
|`hf texkom reader `|N |`Act like a Texkom reader`
|`hf texkom sim `|N |`Simulate a Texkom tag`
### hf thinfilm
{ Thinfilm RFIDs... }
@ -682,17 +704,6 @@ Check column "offline" for their availability.
|`hf topaz wrbl `|N |`Write block`
### hf texkom
{ Texkom RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf texkom help `|Y |`This help`
|`hf texkom reader `|N |`Act like a Texkom reader`
|`hf texkom sim `|N |`Simulate a Texkom tag`
### hf xerox
{ Fuji/Xerox cartridge RFIDs... }