github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into allin

Browse source 
update
This commit is contained in:
tharexde 2020-10-26 00:31:27 +01:00
commit 3ce365ee2b
42 changed files with 245 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

12
armsrc/em4x50.c
View file

@ -357,7 +357,7 @@ static int find_double_listen_window(bool bcommand) {
// data transmission from card has to be stopped, because
// a commamd shall be issued
// unfortunately the posititon in listen window (where
// unfortunately the position in listen window (where
// command request has to be sent) has gone, so if a
// second window follows - sync on this to issue a command
@ -547,7 +547,7 @@ static bool find_em4x50_tag(void) {
static int request_receive_mode(void) {
// To issue a command we have to find a listen window first.
// Because identification and sychronization at the same time is not
// Because identification and synchronization at the same time is not
// possible when using pulse lengths a double listen window is used.
return find_double_listen_window(true);
}
@ -583,7 +583,7 @@ static bool check_ack(bool bliw) {
// "bit" of listen window)
wait_timer0(T0 * 2 * EM4X50_T_TAG_FULL_PERIOD);
// check for listen window (if first bit cannot be inerpreted
// check for listen window (if first bit cannot be interpreted
// as a valid bit it must belong to a listen window)
if (invalid_bit()) {
@ -812,7 +812,7 @@ static bool standard_read(int *now, uint32_t *words) {
int fwr = *now;
// start with the identification of two succsessive listening windows
// start with the identification of two successive listening windows
if (find_double_listen_window(false)) {
// read and save words until following double listen window is detected
@ -954,7 +954,7 @@ static int write(uint32_t word, uint32_t addresses) {
// send data
em4x50_reader_send_word(word);
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occured
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occurred
reply_ng(CMD_LF_EM4X50_WRITE, PM3_ETEAROFF, NULL, 0);
return PM3_ETEAROFF;
} else {
@ -992,7 +992,7 @@ static int write_password(uint32_t password, uint32_t new_password) {
// send address data
em4x50_reader_send_word(password);
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occured
if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occurred
reply_ng(CMD_LF_EM4X50_WRITE, PM3_ETEAROFF, NULL, 0);
return PM3_ETEAROFF;
} else {

13
armsrc/i2c.c
View file

@ -181,7 +181,7 @@ static bool WaitSCL_L(void) {
// It timeout reading response from card
// Which ever comes first
static bool WaitSCL_L_timeout(void) {
volatile uint32_t delay = 18000;
volatile uint32_t delay = 1800;
while (delay--) {
// exit on SCL LOW
if (!SCL_read)
@ -219,7 +219,7 @@ static bool I2C_WaitForSim(void) {
// 8051 speaks with smart card.
// 1000*50*3.07 = 153.5ms
// 1byte transfer == 1ms with max frame being 256bytes
if (!WaitSCL_H_delay(30 * 1000 * 50))
if (!WaitSCL_H_delay(20 * 1000 * 50))
return false;
return true;
@ -634,6 +634,9 @@ bool sc_rx_bytes(uint8_t *dest, uint8_t *destlen) {
len = I2C_BufferRead(dest, *destlen, I2C_DEVICE_CMD_READ, I2C_DEVICE_ADDRESS_MAIN);
LED_C_ON();
if (len > 1) {
break;
} else if (len == 1) {
@ -706,12 +709,12 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) {
}
void SmartCardAtr(void) {
smart_card_atr_t card;
LED_D_ON();
set_tracing(true);
I2C_Reset_EnterMainProgram();
bool isOK = GetATR(&card, true);
reply_mix(CMD_ACK, isOK, sizeof(smart_card_atr_t), 0, &card, sizeof(smart_card_atr_t));
smart_card_atr_t card;
int res = GetATR(&card, true) ? PM3_SUCCESS : PM3_ETIMEOUT;
reply_ng(CMD_SMART_ATR, res, (uint8_t*)&card, sizeof(smart_card_atr_t));
set_tracing(false);
LEDsoff();
}

9
armsrc/iso14443a.c
View file

@ -1778,9 +1778,10 @@ static void PrepareDelayedTransfer(uint16_t delay) {
//-------------------------------------------------------------------------------------
static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) {
if (!hf_field_active)
if (!hf_field_active) {
Dbprintf("Warning: HF field is off, ignoring TransmitFor14443a command");
return;
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);
if (timing) {
@ -2189,8 +2190,10 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start
//-----------------------------------------------------------------------------
bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint8_t *received_len) {
if (!hf_field_active)
if (!hf_field_active) {
Dbprintf("Warning: HF field is off, ignoring GetIso14443aAnswerFromTag_Thinfilm command");
return false;
}
// Set FPGA mode to "reader listen mode", no modulation (listen
// only, since we are receiving, not transmitting).

5
armsrc/iso15693.c
View file

@ -1708,6 +1708,11 @@ void SimTagIso15693(uint8_t *uid) {
bool exit_loop = false;
while (exit_loop == false) {
button_pressed = BUTTON_PRESS();
if (button_pressed || data_available())
break;
WDT_HIT();
// find reader field

2
client/luascripts/hf_mf_format.lua
View file

@ -36,7 +36,7 @@ arguments = [[
-k <key> - the current six byte key with write access
-n <key> - the new key that will be written to the card
-a <access> - the new access bytes that will be written to the card
-x - execute the commands aswell.
-x - execute the commands as well.
]]
local TIMEOUT = 2000 -- Shouldn't take longer than 2 seconds

40
client/src/cmdhf.c
View file

@ -57,7 +57,7 @@ static int usage_hf_search(void) {
}
static int usage_hf_sniff(void) {
PrintAndLogEx(NORMAL, "The high frequence sniffer will assign all available memory on device for sniffed data");
PrintAndLogEx(NORMAL, "The high frequency sniffer will assign all available memory on device for sniffed data");
PrintAndLogEx(NORMAL, "Use " _YELLOW_("'data samples'")" command to download from device, and " _YELLOW_("'data plot'")" to look at it");
PrintAndLogEx(NORMAL, "Press button to quit the sniffing.\n");
PrintAndLogEx(NORMAL, "Usage: hf sniff <skip pairs> <skip triggers>");
@ -311,18 +311,7 @@ int CmdHFSniff(const char *Cmd) {
return PM3_SUCCESS;
}
int CmdHFPlot(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf plot",
"Plots HF signal after RF signal path and A/D conversion.",
"This can be used after any hf command and will show the last few milliseconds of the HF signal.\n"
"Note: If the last hf command terminated because of a timeout you will most probably see nothing.\n");
void *argtable[] = {
arg_param_begin,
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIParserFree(ctx);
int handle_hf_plot(void) {
uint8_t buf[FPGA_TRACE_SIZE];
@ -333,7 +322,7 @@ int CmdHFPlot(const char *Cmd) {
}
for (size_t i = 0; i < FPGA_TRACE_SIZE; i++) {
GraphBuffer[i] = ((int)buf[i]) - 127;
GraphBuffer[i] = ((int)buf[i]) - 128;
}
GraphTraceLen = FPGA_TRACE_SIZE;
@ -349,14 +338,31 @@ int CmdHFPlot(const char *Cmd) {
return PM3_SUCCESS;
}
int CmdHFPlot(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf plot",
"Plots HF signal after RF signal path and A/D conversion.",
"This can be used after any hf command and will show the last few milliseconds of the HF signal.\n"
"Note: If the last hf command terminated because of a timeout you will most probably see nothing.\n");
void *argtable[] = {
arg_param_begin,
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIParserFree(ctx);
return handle_hf_plot();
}
static command_t CommandTable[] = {
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"--------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("High Frequency") " -----------------------"},
{"14a", CmdHF14A, AlwaysAvailable, "{ ISO14443A RFIDs... }"},
{"14b", CmdHF14B, AlwaysAvailable, "{ ISO14443B RFIDs... }"},
{"15", CmdHF15, AlwaysAvailable, "{ ISO15693 RFIDs... }"},
// {"cryptorf", CmdHFCryptoRF, AlwaysAvailable, "{ CryptoRF RFIDs... }"},
{"epa", CmdHFEPA, AlwaysAvailable, "{ German Identification Card... }"},
{"felica", CmdHFFelica, AlwaysAvailable, "{ ISO18092 / Felica RFIDs... }"},
{"felica", CmdHFFelica, AlwaysAvailable, "{ ISO18092 / FeliCa RFIDs... }"},
{"fido", CmdHFFido, AlwaysAvailable, "{ FIDO and FIDO2 authenticators... }"},
{"iclass", CmdHFiClass, AlwaysAvailable, "{ ICLASS RFIDs... }"},
{"legic", CmdHFLegic, AlwaysAvailable, "{ LEGIC RFIDs... }"},
@ -369,6 +375,8 @@ static command_t CommandTable[] = {
{"thinfilm", CmdHFThinfilm, AlwaysAvailable, "{ Thinfilm RFIDs... }"},
{"topaz", CmdHFTopaz, AlwaysAvailable, "{ TOPAZ (NFC Type 1) RFIDs... }"},
{"waveshare", CmdHFWaveshare, AlwaysAvailable, "{ Waveshare NFC ePaper... }"},
{"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("General") " ---------------------"},
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"list", CmdTraceList, AlwaysAvailable, "List protocol data in trace buffer"},
{"plot", CmdHFPlot, IfPm3Hfplot, "Plot signal"},
{"tune", CmdHFTune, IfPm3Present, "Continuously measure HF antenna tuning"},

1
client/src/cmdhf.h
View file

@ -19,4 +19,5 @@ int CmdHFSearch(const char *Cmd);
int CmdHFSniff(const char *Cmd);
int CmdHFPlot(const char *Cmd);
int handle_hf_plot(void);
#endif

56
client/src/cmdhf14a.c
View file

@ -27,6 +27,8 @@
#include "crc16.h"
#include "util_posix.h" // msclock
#include "aidsearch.h"
#include "cmdhf.h" // handle HF plot
bool APDUInFramingEnable = true;
@ -265,6 +267,7 @@ static int usage_hf_14a_reader(void) {
PrintAndLogEx(NORMAL, " s silent (no messages)");
PrintAndLogEx(NORMAL, " x just drop the signal field");
PrintAndLogEx(NORMAL, " 3 ISO14443-3 select only (skip RATS)");
PrintAndLogEx(NORMAL, " @ continuous mode. Updates hf plot as well");
return PM3_SUCCESS;
}
@ -475,9 +478,9 @@ int Hf14443_4aGetCardData(iso14a_card_select_t *card) {
static int CmdHF14AReader(const char *Cmd) {
uint32_t cm = ISO14A_CONNECT;
bool disconnectAfter = true, silent = false;
bool disconnectAfter = true, silent = false, continuous = false;
int cmdp = 0;
int res = PM3_SUCCESS;
while (param_getchar(Cmd, cmdp) != 0x00) {
switch (tolower(param_getchar(Cmd, cmdp))) {
case 'h':
@ -494,6 +497,9 @@ static int CmdHF14AReader(const char *Cmd) {
case 'x':
cm &= ~ISO14A_CONNECT;
break;
case '@':
continuous = true;
break;
default:
PrintAndLogEx(WARNING, "Unknown command.");
return PM3_EINVARG;
@ -503,7 +509,10 @@ static int CmdHF14AReader(const char *Cmd) {
if (!disconnectAfter)
cm |= ISO14A_NO_DISCONNECT;
if (continuous) {
PrintAndLogEx(INFO, "Press " _GREEN_("Enter") " to exit");
}
do {
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO14443A_READER, cm, 0, 0, NULL, 0);
@ -512,7 +521,8 @@ static int CmdHF14AReader(const char *Cmd) {
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
if (!silent) PrintAndLogEx(WARNING, "iso14443a card select failed");
DropField();
return PM3_ESOFT;
res = PM3_ESOFT;
goto plot;
}
iso14a_card_select_t card;
@ -529,16 +539,20 @@ static int CmdHF14AReader(const char *Cmd) {
if (select_status == 0) {
if (!silent) PrintAndLogEx(WARNING, "iso14443a card select failed");
DropField();
return PM3_ESOFT;
res = PM3_ESOFT;
goto plot;
}
if (select_status == 3) {
if (!(silent && continuous)) {
PrintAndLogEx(INFO, "Card doesn't support standard iso14443-3 anticollision");
PrintAndLogEx(SUCCESS, "ATQA: %02x %02x", card.atqa[1], card.atqa[0]);
DropField();
return PM3_ESOFT;
}
DropField();
res = PM3_ESOFT;
goto plot;
}
if (!(silent && continuous)) {
PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen));
PrintAndLogEx(SUCCESS, "ATQA: " _GREEN_("%02x %02x"), card.atqa[1], card.atqa[0]);
PrintAndLogEx(SUCCESS, " SAK: " _GREEN_("%02x [%" PRIu64 "]"), card.sak, resp.oldarg[0]);
@ -546,17 +560,35 @@ static int CmdHF14AReader(const char *Cmd) {
if (card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
PrintAndLogEx(SUCCESS, " ATS: " _GREEN_("%s"), sprint_hex(card.ats, card.ats_len));
}
}
if (!disconnectAfter) {
if (!silent) PrintAndLogEx(SUCCESS, "Card is selected. You can now start sending commands");
}
}
if (disconnectAfter) {
if (!silent) PrintAndLogEx(INFO, "field dropped.");
plot:
if (continuous) {
res = handle_hf_plot();
if (res != PM3_SUCCESS) {
break;
}
}
if (kbd_enter_pressed()) {
break;
}
} while (continuous);
if (disconnectAfter) {
if (silent == false) {
PrintAndLogEx(INFO, "field dropped.");
}
}
if (continuous)
return PM3_SUCCESS;
else
return res;
}
static int CmdHF14AInfo(const char *Cmd) {

4
client/src/cmdhf15.c
View file

@ -1116,13 +1116,13 @@ static int CmdHF15Sim(const char *Cmd) {
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
CLIParserFree(ctx);
if (uidlen != 9) {
if (uidlen != 8) {
PrintAndLogEx(WARNING, "UID must include 16 HEX symbols");
return PM3_EINVARG;
}
PrintAndLogEx(SUCCESS, "Starting simulating UID " _YELLOW_("%s"), iso15693_sprintUID(NULL, payload.uid));
PrintAndLogEx(INFO, "press " _YELLOW_("`enter`") " to cancel");
PrintAndLogEx(INFO, "press " _YELLOW_("`Pm3 button`") " to cancel");
PacketResponseNG resp;
clearCommandBuffer();

6
client/src/cmdhficlass.c
View file

@ -561,7 +561,7 @@ static void mem_app_config(const picopass_hdr *hdr) {
PrintAndLogEx(INFO, " Write A...... credit");
PrintAndLogEx(INFO, " Write B...... credit");
PrintAndLogEx(INFO, " Debit........ debit or credit");
PrintAndLogEx(INFO, " redit........ credit");
PrintAndLogEx(INFO, " Credit....... credit");
}
}
@ -715,7 +715,7 @@ static int CmdHFiClassSim(const char *Cmd) {
return PM3_EMALLOC;
}
memset(dump, 0, datalen);//<-- Need zeroes for the EPURSE - field (offical)
memset(dump, 0, datalen);//<-- Need zeroes for the EPURSE - field (official)
uint8_t i = 0;
for (i = 0 ; i < NUM_CSNS ; i++) {
@ -2249,7 +2249,7 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) {
}
if (auth == false && verbose) {
PrintAndLogEx(WARNING, "warning: no authentication used with read. Typical for cards configured toin `non-secure page`");
PrintAndLogEx(WARNING, "warning: no authentication used with read. Typical for cards configured into `non-secure page`");
}

2
client/src/cmdhflist.c
View file

@ -419,7 +419,7 @@ void annotateIclass(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool
uint8_t key[8];
if (check_known_default(csn, epurse, rmac, tmac, key)) {
snprintf(exp, size, "( " _GREEN_("%s") ")", sprint_hex(key, 8));
snprintf(exp, size, "( " _GREEN_("%s") " )", sprint_hex_inrow(key, 8));
}
curr_state = PICO_NONE;
}

37
client/src/cmdhflto.c
View file

@ -22,6 +22,15 @@
#include "protocols.h"
#include "fileutils.h" //saveFile
/*
iceman notes
We can't dump LTO 5 or 6 tags yet since we don't have a datasheet.
If you have access to datasheet, le me know!
LTO w Type info 00 01 has 101 blocks.
LTO w Type info 00 03 has 255 blocks.
LTO w Type info 00 xx has NN blocks.
*/
#define CM_MEM_MAX_SIZE 0x1FE0 // (32byte/block * 255block = 8160byte)
static int CmdHelp(const char *Cmd);
@ -185,6 +194,17 @@ static int CmdHfLTOInfo(const char *Cmd) {
return infoLTO(true);
}
static const char* lto_print_size(uint8_t ti) {
switch(ti) {
case 1:
return "101 blocks / 3232 bytes";
case 3:
return "255 blocks / 8160 bytes";
default :
return "";
}
}
int infoLTO(bool verbose) {
clearCommandBuffer();
@ -199,8 +219,9 @@ int infoLTO(bool verbose) {
if (ret_val == PM3_SUCCESS) {
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, "UID: " _YELLOW_("%s"), sprint_hex_inrow(serial_number, sizeof(serial_number)));
PrintAndLogEx(SUCCESS, "TYPE INFO: " _YELLOW_("%s"), sprint_hex_inrow(type_info, sizeof(type_info)));
PrintAndLogEx(SUCCESS, "UID......... " _YELLOW_("%s"), sprint_hex_inrow(serial_number, sizeof(serial_number)));
PrintAndLogEx(SUCCESS, "Type info... " _YELLOW_("%s"), sprint_hex_inrow(type_info, sizeof(type_info)));
PrintAndLogEx(SUCCESS, "Memory...... " _YELLOW_("%s"), lto_print_size(type_info[1]));
}
return ret_val;
@ -442,11 +463,18 @@ int dumpLTO(uint8_t *dump, bool verbose) {
lto_switch_off_field();
return ret_val;
}
// 0003 == 255 blocks x 32 = 8160 bytes
// 0001 == 101 blocks x 32 = 3232 bytes
uint8_t blocks = 0xFF;
if (type_info[1] == 0x01) {
blocks = 0x65;
}
PrintAndLogEx(SUCCESS, "Found LTO tag w " _YELLOW_("%s") " memory", lto_print_size(type_info[1]));
uint8_t block_data_d00_d15[18];
uint8_t block_data_d16_d31[18];
for (uint8_t i = 0; i < 255; i++) {
for (uint8_t i = 0; i < blocks; i++) {
ret_val = lto_rdbl(i, block_data_d00_d15, block_data_d16_d31, verbose);
@ -458,6 +486,8 @@ int dumpLTO(uint8_t *dump, bool verbose) {
lto_switch_off_field();
return ret_val;
}
PrintAndLogEx(INPLACE, "...reading block %d", i);
fflush(stdout);
}
lto_switch_off_field();
@ -502,6 +532,7 @@ static int CmdHfLTODump(const char *Cmd) {
}
int ret_val = dumpLTO(dump, true);
PrintAndLogEx(NORMAL, "");
if (ret_val != PM3_SUCCESS) {
free(dump);
return ret_val;

2
client/src/cmdhfmf.c
View file

@ -2962,7 +2962,7 @@ out:
printKeyTable(sectorsCnt, e_sector);
if (use_flashmemory && found_keys == (sectorsCnt << 1)) {
PrintAndLogEx(SUCCESS, "Card dumped aswell. run " _YELLOW_("`%s %c`"),
PrintAndLogEx(SUCCESS, "Card dumped as well. run " _YELLOW_("`%s %c`"),
"hf mf esave",
GetFormatFromSector(sectorsCnt)
);

1
client/src/cmdhw.c
View file

@ -681,6 +681,7 @@ static int CmdConnect(const char *Cmd) {
}
static command_t CommandTable[] = {
{"-------------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Hardware") " -----------------------"},
{"help", CmdHelp, AlwaysAvailable, "This help"},
{"connect", CmdConnect, AlwaysAvailable, "connect Proxmark3 to serial port"},
{"dbg", CmdDbg, IfPm3Present, "Set Proxmark3 debug level"},

6
client/src/cmdlf.c
View file

@ -113,7 +113,7 @@ static int usage_lf_read(void) {
return PM3_SUCCESS;
}
static int usage_lf_sim(void) {
PrintAndLogEx(NORMAL, "Simulate low frequence tag from graphbuffer.");
PrintAndLogEx(NORMAL, "Simulate low frequency tag from graphbuffer.");
PrintAndLogEx(NORMAL, "Usage: lf sim [h] <gap>");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h This help");
@ -126,7 +126,7 @@ static int usage_lf_sim(void) {
return PM3_SUCCESS;
}
static int usage_lf_sniff(void) {
PrintAndLogEx(NORMAL, "Sniff low frequence signal.");
PrintAndLogEx(NORMAL, "Sniff low frequency signal.");
PrintAndLogEx(NORMAL, "Usage: lf sniff [h] [q] [s #samples] [@]");
PrintAndLogEx(NORMAL, "Options:");
PrintAndLogEx(NORMAL, " h This help");
@ -1526,7 +1526,7 @@ out:
}
static command_t CommandTable[] = {
{"-----------", CmdHelp, AlwaysAvailable, "-------------- " _CYAN_("Direct") " --------------"},
{"-----------", CmdHelp, AlwaysAvailable, "-------------- " _CYAN_("Low Frequency") " --------------"},
{"awid", CmdLFAWID, AlwaysAvailable, "{ AWID RFIDs... }"},
{"cotag", CmdLFCOTAG, AlwaysAvailable, "{ COTAG CHIPs... }"},
{"destron", CmdLFDestron, AlwaysAvailable, "{ FDX-A Destron RFIDs... }"},

4
client/src/cmdlfem4x.c
View file

@ -199,9 +199,11 @@ void printEM410x(uint32_t hi, uint64_t id) {
if (hi) {
//output 88 bit em id
PrintAndLogEx(NORMAL, "\nEM TAG ID : "_YELLOW_("%06X%016" PRIX64), hi, id);
PrintAndLogEx(NORMAL, "Clock rate : "_YELLOW_("RF/%d"), g_DemodClock);
} else {
//output 40 bit em id
PrintAndLogEx(NORMAL, "\nEM TAG ID : "_YELLOW_("%010" PRIX64), id);
PrintAndLogEx(NORMAL, "Clock rate : "_YELLOW_("RF/%d"), g_DemodClock);
PrintAndLogEx(NORMAL, "\nPossible de-scramble patterns\n");
PrintAndLogEx(NORMAL, "Unique TAG ID : %010" PRIX64, id2lo);
PrintAndLogEx(NORMAL, "HoneyWell IdentKey {");
@ -652,7 +654,7 @@ static command_t CommandTable[] = {
{"4x50_dump", CmdEM4x50Dump, IfPm3EM4x50, "dump EM4x50 tag"},
{"4x50_info", CmdEM4x50Info, IfPm3EM4x50, "tag information EM4x50"},
{"4x50_write", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"},
{"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change passwword of EM4x50 tag"},
{"4x50_write_password", CmdEM4x50WritePassword, IfPm3EM4x50, "change password of EM4x50 tag"},
{"4x50_read", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"},
{"4x50_wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe data from EM4x50"},
{"4x50_brute", CmdEM4x50Brute, IfPm3EM4x50, "guess password of EM4x50"},

6
client/src/cmdlfem4x05.c
View file

@ -591,7 +591,7 @@ int CmdEM4x05Dump(const char *Cmd) {
// To flag any blocks locked we need to read blocks 14 and 15 first
// dont swap endin until we get block lock flags.
// dont swap endian until we get block lock flags.
status14 = em4x05_read_word_ext(EM4305_PROT1_BLOCK, pwd, usePwd, &word);
if (status14 == PM3_SUCCESS) {
if ((word & 0x00008000) != 0x00) {
@ -662,7 +662,7 @@ int CmdEM4x05Dump(const char *Cmd) {
} else if (card_type == EM_4X69) {
// To flag any blocks locked we need to read blocks 14 and 15 first
// dont swap endin until we get block lock flags.
// dont swap endian until we get block lock flags.
status14 = em4x05_read_word_ext(EM4469_PROT_BLOCK, pwd, usePwd, &word);
if (status14 == PM3_SUCCESS) {
if ((word & 0x00008000) != 0x00) {
@ -1951,7 +1951,7 @@ int CmdEM4x05Sniff(const char *Cmd) {
// Read Word 1001 <adr> => 4 + 7 => 11
// Protect 1100 <data> => 4 + 45 => 49
// Disable 1010 <data> => 4 + 45 => 49
// -> disaable 1010 11111111 0 11111111 0 11111111 0 11111111 0 00000000 0
// -> disable 1010 11111111 0 11111111 0 11111111 0 11111111 0 00000000 0
// Check to see if we got the leading 0
if (((strncmp (bits,"00011",5) == 0)&& (bitidx == 50)) ||

6
client/src/cmdlfhid.c
View file

@ -433,8 +433,6 @@ static int CmdHIDBrute(const char *Cmd) {
cn_hi.OEM = arg_get_int_def(ctx, 6, 0);
delay = arg_get_int_def(ctx, 7, 1000);
CLIParserFree(ctx);
if (arg_get_lit(ctx, 8) && arg_get_lit(ctx, 9)) {
direction = 0;
} else if (arg_get_lit(ctx, 8)) {
@ -443,6 +441,8 @@ static int CmdHIDBrute(const char *Cmd) {
direction = 2;
}
CLIParserFree(ctx);
if (verbose) {
PrintAndLogEx(INFO, "Wiegand format#.. %i", format_idx);
PrintAndLogEx(INFO, "OEM#............. %u", cn_hi.OEM);
@ -470,7 +470,7 @@ static int CmdHIDBrute(const char *Cmd) {
cn_low = cn_hi;
// main loop
// iceman: could add options for bruteforcing OEM, ISSUE or FC aswell..
// iceman: could add options for bruteforcing OEM, ISSUE or FC as well..
bool exitloop = false;
bool fin_hi, fin_low;
fin_hi = fin_low = false;

15
client/src/cmdsmartcard.c
View file

@ -698,13 +698,12 @@ static int CmdSmartInfo(const char *Cmd) {
clearCommandBuffer();
SendCommandNG(CMD_SMART_ATR, NULL, 0);
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
if (!WaitForResponseTimeout(CMD_SMART_ATR, &resp, 2500)) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return PM3_ETIMEOUT;
}
uint8_t isok = resp.oldarg[0] & 0xFF;
if (!isok) {
if (resp.status != PM3_SUCCESS) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return PM3_ESOFT;
}
@ -771,13 +770,12 @@ static int CmdSmartReader(const char *Cmd) {
clearCommandBuffer();
SendCommandNG(CMD_SMART_ATR, NULL, 0);
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
if (!WaitForResponseTimeout(CMD_SMART_ATR, &resp, 2500)) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return PM3_ETIMEOUT;
}
uint8_t isok = resp.oldarg[0] & 0xFF;
if (!isok) {
if (resp.status != PM3_SUCCESS) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return PM3_ESOFT;
}
@ -1186,14 +1184,13 @@ bool smart_select(bool silent, smart_card_atr_t *atr) {
clearCommandBuffer();
SendCommandNG(CMD_SMART_ATR, NULL, 0);
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2500)) {
if (!WaitForResponseTimeout(CMD_SMART_ATR, &resp, 2500)) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return false;
}
uint8_t isok = resp.oldarg[0] & 0xFF;
if (!isok) {
if (resp.status != PM3_SUCCESS) {
if (!silent) PrintAndLogEx(WARNING, "smart card select failed");
return false;
}

4
client/src/proxmark3.c
View file

@ -502,7 +502,7 @@ static void set_my_user_directory(void) {
// if not found, default to current directory
if (my_user_directory == NULL) {
my_user_directory = GetCurrentDir(_cwd_Buffer, sizeof(_cwd_Buffer));
// change all slashs to / (windows should not care...
// change all slashes to / (windows should not care...
for (int i = 0; i < strlen(_cwd_Buffer); i++)
if (_cwd_Buffer[i] == '\\') _cwd_Buffer[i] = '/';
// my_user_directory = ".";
@ -1044,7 +1044,7 @@ int main(int argc, char *argv[]) {
InitGraphics(argc, argv, script_cmds_file, script_cmd, stayInCommandLoop);
MainGraphics();
# else
// for *nix distro's, check enviroment variable to verify a display
// for *nix distro's, check environment variable to verify a display
char *display = getenv("DISPLAY");
if (display && strlen(display) > 1) {
InitGraphics(argc, argv, script_cmds_file, script_cmd, stayInCommandLoop);

2
common/legic_prng.c
View file

@ -24,7 +24,7 @@ static struct lfsr {
// * someone mentioned iv must be ODD.
// Hack:
// Now we have a special case with iv == 0
// it sets b to 0 aswell to make sure we get a all zero keystream out
// it sets b to 0 as well to make sure we get a all zero keystream out
// which is used in the initialisation phase sending the IV
//
void legic_prng_init(uint8_t iv) {

2
doc/bt_manual_v10.md
View file

@ -269,7 +269,7 @@ See instructions above (method 1) for initial pairing.
#### 5.3.1 Connecting rdv4.0 with Bluetooth on MacOS
^[Top](#top)
With MacOS Mojave 10.14.5 you could experience some continuosly disconnecting and difficult to recconnect the device at the system wakeup, to avoid this problem do a PRAM reset before to add your Proxmark3 RDV4 Blue Shark:
With MacOS Mojave 10.14.5 you could experience some continuously disconnecting and difficult to reconnect the device at the system wakeup, to avoid this problem do a PRAM reset before to add your Proxmark3 RDV4 Blue Shark:
1. Open a Terminal and execute this command: sudo rm -R /Library/Preferences/com.apple.Bluetooth.plist.
2. Shut down your Mac.

6
doc/cheatsheet.md
View file

@ -1,7 +1,7 @@
<a id="Top"></a>
# Command Cheat Sheet
|Generic|Low Frequence 125 kHz|High Frequence 13.56 MHz|
|Generic|Low Frequency 125 kHz|High Frequency 13.56 MHz|
|---|---|---|
|[Generic](#Generic)|[T55XX](#T55XX)|[MIFARE](#MIFARE)|
|[Data](#Data)|[HID Prox](#HID-Prox)|[iCLASS](#iCLASS)|
@ -324,7 +324,7 @@ pm3 --> script run hf_mf_uidbruteforce -s 0x11223344556677 -e 0x11223344556679 -
## Wiegand manipulation
^[Top](#top)
List all available weigand formats in client
List all available wiegand formats in client
```
pm3 --> wiegand list
```
@ -592,7 +592,7 @@ Options
-k <key> The current six byte key with write access
-n <key> The new key that will be written to the card
-a <access> The new access bytes that will be written to the card
-x Execute the commands aswell
-x Execute the commands as well
pm3 --> script run hf_mf_format -k FFFFFFFFFFFF -n FFFFFFFFFFFF -x
```

2
doc/cliparser.md
View file

@ -25,7 +25,7 @@ And then it fell into silence since it wasn't well documented how to use the cli
Fast forward today, where more commands has used the cliparser but it still wasn't the natural way when adding a new client command to the Proxmark3 client.
After more discussions among @doegox, @iceman1001 and @mrwalker the concept became more clear on how to use the cliparser lib in the _preferred_ way.
The aftermath was a design and layout specified which lead to a simpler implementation of the cliparser in the client source code while still unifiy all helptexts with the new colours support and a defined layout. As seen below, the simplicity and clearness.
The aftermath was a design and layout specified which lead to a simpler implementation of the cliparser in the client source code while still unifying all helptexts with the new colours support and a defined layout. As seen below, the simplicity and clearness.
![sample of new style helptext](http://www.icedev.se/proxmark3/helptext.png)

8
doc/clocks.md
View file

@ -92,7 +92,7 @@ About 1 us precision
* `void StartCountUS(void)`
* `uint32_t RAMFUNC GetCountUS(void)`
Use two chainer timers TC0 and TC1.
Use two chained timers TC0 and TC1.
TC0 runs at 1.5 MHz and TC1 is clocked when TC0 reaches 0xC000.
Maximal value: 0x7fffffff = 2147 s
@ -110,13 +110,13 @@ About 1 cycle of 13.56 MHz? precision
* `uint32_t RAMFUNC GetCountSspClk(void)`
* `uint32_t RAMFUNC GetCountSspClkDelta(uint32_t start)` <= **TODO** could be used more often
Use two chainer timers TC0 and TC1.
Use two chained timers TC0 and TC1.
TC0 runs at SSP_CLK from FPGA (13.56 MHz?) and TC1 is clocked when TC0 loops.
Usage:
* for iso14443 commands to count field cycles
* Also usable with FPGA in LF mode ?? cf `armsrc/legicrfsim.c` SSP Clock is clocked by the FPGA at 212 kHz (subcarrier frequency)
* Also usable with FPGA in LF mode ?? cf `armsrc/legicrfsim.c` SSP Clock is clocked by the FPGA at 212 kHz (sub-carrier frequency)
Can't be used at the same time as CountUS or Ticks functions.
@ -133,7 +133,7 @@ cf `armsrc/ticks.c`
* `void WaitMS(uint32_t ms)`
* `void StopTicks(void)` <= **TODO** why a stop for this timer and not for CountUS / CountSspClk ?
Use two chainer timers TC0 and TC1.
Use two chained timers TC0 and TC1.
TC0 runs at 1.5 MHz and TC1 is clocked when TC0 loops.
Maximal value: 0xffffffff = 2863 s (but don't use high value with WaitTicks else you'll trigger WDT)

7
doc/cloner_notes.md
View file

@ -1,12 +1,13 @@
# Notes on Cloner gunes
# Notes on Cloner guns
This document is based mostly on information posted on http://www.proxmark.org/forum/viewtopic.php?pid=39903#p39903
- [Notes on Cloner guns](#notes-on-cloner-guns)
- [Blue and black cloners](#blue-and-black-cloners)
- [White cloner (pre 2015)](#white-cloner-pre-2015)
- [White cloner (after 2016)](#white-cloner-after-2016)
- [White cloner (after 2016 D Quality)](#white-cloner-after-2016-d-quality)
- [restore page1 data](#restore-page1-data)
- [Restore page1 data](#restore-page1-data)
- [Sniffing the comms](#sniffing-the-comms)
@ -67,7 +68,7 @@ If t55xx write b 2 d 2D782308 1
The T55x7 protocol uses a pwm based protocol for writing to tags. In order to make decoding easier try the new command as seen below instead. It will try to extract the data written.
```
-- after threshold limit 20 is triggred, skip 10000 samples before collecting samples.
-- after threshold limit 20 is triggered, skip 10000 samples before collecting samples.
lf config s 10000 t 20
lf t55xx sniff

4
doc/colors_notes.md
View file

@ -10,13 +10,13 @@ The client should autodetect color support when starting.
You can also use the command `pref show` to see and set your personal setting.
Why use colors in the Proxmark client? When evertyhing is white it is hard to extract the important information fast. You also need new-lines for extra space to be easier to read.
Why use colors in the Proxmark client? When everything is white it is hard to extract the important information fast. You also need new-lines for extra space to be easier to read.
We have gradually been introducing this color scheme into the client since we got decent color support on all systems: OSX, Linux, WSL, Proxspace.
## style/color
^[Top](#top)
The following definition has be crystalized out from these experiments. Its not set in stone yet so take this document as a guideline for how to create unified system scheme.
The following definition has be crystallized out from these experiments. Its not set in stone yet so take this document as a guideline for how to create unified system scheme.
### Definition
^[Top](#top)

6
doc/emv_notes.md
View file

@ -5,7 +5,7 @@
- Get ATR|ATS
- Get AID by PSE (`emv pse`)
- Get AID by appliation list (`emv search`)
- Get AID by application list (`emv search`)
- Select application (`emv select`)
- Format PDOL (look at next part)
- Execute GPO (`emv gpo` this step and format PDOL)
@ -27,7 +27,7 @@
- Get ATR|ATS
- Get AID by PSE (`emv pse`)
- Get AID by appliation list (`emv search`)
- Get AID by application list (`emv search`)
- Select application (`emv select`)
- Format PDOL (look at next part)
- Execute GPO (`emv gpo` this step and format PDOL)
@ -62,7 +62,7 @@ It works for VISA(r) and Mastercard(r) transactions. It may work with other EMV
^[Top](#top)
MSD - Magnetic Stripe mode
VSDC - contact transacion
VSDC - contact transaction
qVSDC - contactless transaction
### Mastercard(r) transactions

12
doc/fpga_arm_notes.md
View file

@ -34,7 +34,7 @@ LF analog path (MCP6294 opamp. This has a GBW of 10 MHz), all 'slow' signals.
## FPGA
Since the SPARTAN II is a old outdated FPGA, thus is very limited resource there was a need to split LF and HF functionality into two seperate FPGA images. Which are stored in ARM flash memory as bitstreams.
Since the SPARTAN II is a old outdated FPGA, thus is very limited resource there was a need to split LF and HF functionality into two separate FPGA images. Which are stored in ARM flash memory as bitstreams.
We swap between these images by flashing fpga from ARM on the go. It takes about 1sec. Hence its usually a bad idea to program your device to continuously execute LF alt HF commands.
@ -43,7 +43,7 @@ The FPGA images is precompiled and located inside the /fpga folder.
- fpga_lf.bit
There is very rarely changes to the images so there is no need to setup a fpga tool chain to compile it yourself.
Since the FPGA is very old, the Xilinix WebPack ISE 10.1 is the last working tool chain. You can download this legacy development on xilinix and register for a free product installation id.
Since the FPGA is very old, the Xilinx WebPack ISE 10.1 is the last working tool chain. You can download this legacy development on Xilinx and register for a free product installation id.
Or use mine `11LTAJ5ZJK3PXTUBMF0C0J6C4` The package to download is about 7Gb and linux based. Though I recently managed to install it on WSL for Windows 10.
In order to save space, these fpga images are LZ4 compressed and included in the fullimage.elf file when compiling the ARM SRC. `make armsrc`
@ -131,7 +131,7 @@ it into the memory of the FPGA. This gives some major advantages:
The FPGA has two main tasks. The first task is to demodulate the signal received from the ADC and relay
this as a digital encoded signal to the ARM. Depending on the task this might be the demodulation of a
100% Amplitude Shift Keying (ASK) signal from the reader or the load modulation of a card. The encodin
100% Amplitude Shift Keying (ASK) signal from the reader or the load modulation of a card. The encoding
schemes used to communicate the signal to the ARM are Modified Miller for the reader and Manchester
encoding for the card signal.
@ -153,10 +153,10 @@ these samples. When the Proxmark is in sniffing mode this is done for both the M
Miller at the same time. Whenever one of the decoding procedures returns a valid message, this message
is stored in another buffer (BigBuf) and both decoding procedures are set to an un-synced state. The
BigBuf is limited to the available memory on the ARM. The current firmware has 2 KB of memory
reserved for traces (Besides the tracethe buffer also stores some temporary data that is needed in the
reserved for traces (Besides the trace, the buffer also stores some temporary data that is needed in the
processing). When the BigBuf buffer is full the function normally returns. A new function call from the
client is needed to download the BigBuf contents to the computer. The BigBuf is especially useful for
ptocol investigation. Every single message is stored in this buffer. When a card is emulated or when the
protocol investigation. Every single message is stored in this buffer. When a card is emulated or when the
Proxmark is used as a reader the BigBuf can be used to store status messages or protocol exceptions.
```
@ -226,7 +226,7 @@ is the master). The ARM connects to the outside world over USB.
## FPGA purpose
Digtal signal processing.
Digital signal processing.
In short, apply low pass / hi pass filtering, peak detect, correlate signal meaning IQ pair collecting.
IQ means measure at In-phase and 90 phase shift later Quadrature-phase, with IQ samples you can plot the signal on a vector plan.

4
doc/loclass_notes.md
View file

@ -2,7 +2,7 @@
This document is primarily intended for understanding `hf iclass loclass` and files used with it.
LOCLASS aim is to recoved the used masterkey for that specific reader configued in Elite mode / High Security mode.
LOCLASS aim is to recover the used masterkey for that specific reader configured in Elite mode / High Security mode.
LOCLASS, is a two part attack. First is the online part where you gather needed information from the reader by presenting a carefully selected CSN and save the responses to file. For the first part you run `hf iclass sim 2` and take notice of the saved filename.
@ -23,4 +23,4 @@ This test mode uses two files.
- `iclass_dump.bin`
this is a sample file from `hf iclass sim 2`, with complete keytable recovery, using 128 carefully selected CSN and the file contains the MAC results from reader.
- `iclass_key.bin`
this is file shall contain the legacy masterkey, AA1 key. loclass uses it to verify that permution / reversing / generation of key is correct.
this is file shall contain the legacy masterkey, AA1 key. loclass uses it to verify that permutation / reversing / generation of key is correct.

4
doc/magic_cards_notes.md
View file

@ -267,7 +267,7 @@ Android compatible
* some cards use a fix "08" or "18" in anticollision, no matter the block0. Including all 7b.
* BCC:
* some cards play blindly the block0 BCC byte, beware!
* some cards compute a proper BCC in anticollision. Including all 7b comuting their BCC0 and BCC1.
* some cards compute a proper BCC in anticollision. Including all 7b computing their BCC0 and BCC1.
* ATS:
* some cards don't reply to RATS
* some reply with an ATS
@ -363,7 +363,7 @@ Initial UID is AA55C396
### Identify
Only possible before personalisation.
Only possible before personalization.
```
hf 14a info

2
doc/md/Development/Coverity-Scan-Config-and-Run.md
View file

@ -1,6 +1,6 @@
## Coverity Scan Config & Run
Download the Coverity Scan Self-buld and install it.
Download the Coverity Scan Self-build and install it.
You will need to configure ARM-NON-EABI- Compiler for it to use:
Configure

2
doc/md/Installation_Instructions/Linux-Installation-Instructions.md
View file

@ -73,7 +73,7 @@ git clone https://github.com/RfidResearchGroup/proxmark3.git
# Check ModemManager
### ⚠️ Very important ⚠️
make sure ModemManager will not interfer, otherwise it could brick your Proxmark3!
make sure ModemManager will not interfere, otherwise it could brick your Proxmark3!
Read carefully [this page about ModemManager](ModemManager-Must-Be-Discarded.md) and follow its instructions.
# Check connection

8
doc/md/Installation_Instructions/ModemManager-Must-Be-Discarded.md
View file

@ -8,7 +8,7 @@ ModemManager is pre-installed on many different Linux distributions, very probab
It's intended to prepare and configure the mobile broadband (2G/3G/4G) devices, whether they are built-in or dongles.
Some are serial, so when the Proxmark3 is plugged and a `/dev/ttyACM0` appears, ModemManager attempts to talk to it to see if it's a modem replying to AT commands.
Now imagine what happens when you're flashing your Proxmark3 and ModemManager suddently starts sending bytes to it at the same time...
Now imagine what happens when you're flashing your Proxmark3 and ModemManager suddenly starts sending bytes to it at the same time...
Yes it makes the flashing failing. And if it happens while you're flashing the bootloader, it will require a JTAG device to unbrick the Proxmark3.
ModemManager is a threat for the Proxmark3, but also for many other embedded devices, such as some Arduino platforms.
@ -35,7 +35,7 @@ sudo systemctl disable ModemManager
# Solution 3: use filtering udev rules
If you *really* need ModemManager, e.g. for your 4G device, you'll have to use some filtering rules to make sure it doesn't interfer with the Proxmark3.
If you *really* need ModemManager, e.g. for your 4G device, you'll have to use some filtering rules to make sure it doesn't interfere with the Proxmark3.
Once you have cloned the Proxmark3 repository, you can run `make udev` to install udev rules that will tell ModemManager to not look at your Proxmark3.
@ -89,7 +89,7 @@ sudo journalctl -f|grep "ModemManager.*\[filter\]"
```
Now plug in the Proxmark 3.
If ModemManager interfers, you'll get logs like this:
If ModemManager interferes, you'll get logs like this:
```
ModemManager[xxxxx]: <debug> [filter] (tty/ttyACM0): port allowed: cdc-acm interface reported AT-capable
```
@ -108,7 +108,7 @@ sudo mmcli -G ERR
# I didn't read carefully this page and now my Proxmark3 is not responding
First of all, follow the instructions above to make sure ModemManager will not interfer with the Proxmark3 anymore.
First of all, follow the instructions above to make sure ModemManager will not interfere with the Proxmark3 anymore.
Now there are two possibilities:

4
doc/md/Installation_Instructions/Troubleshooting.md
View file

@ -66,7 +66,7 @@ Another possibility is if, when using the button for entering bootloader mode, t
### Determine if the bootloader was damaged or only the main OS image
Unplug, press the Proxmark3 button and keep it pressed when you plug it on USB. If the red LEDs show a "off/on/off/on" pattern, you're goot, you manually entered into the bootloader mode.
Unplug, press the Proxmark3 button and keep it pressed when you plug it on USB. If the red LEDs show a "off/on/off/on" pattern, you're good, you manually entered into the bootloader mode.
On new bootloaders, you can release the button. If the pattern disappears, you're on an older bootloader and you've to do it again and keep the button pressed during all the flashing operation.
Once in bootloader mode, flash the main image.
@ -200,7 +200,7 @@ brew remove proxmark3
brew reinstall proxmark3
```
On Ubuntu 16.04 (xenial) you should either conside a later release or you can install a later toolchain.
On Ubuntu 16.04 (xenial) you should either consider a later release or you can install a later toolchain.
sample error output:

2
doc/md/Installation_Instructions/Windows-Installation-Instructions.md
View file

@ -150,7 +150,7 @@ Note that it may take a quite long time for a freshly plugged Proxmark3 to be vi
Now you're ready to follow the [compilation instructions](/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md).
## Color text on windows 10
In later versions of windows 10 you may be able to get color to work by setting this registery key
In later versions of windows 10 you may be able to get color to work by setting this registry key
```
[HKEY_CURRENT_USER\Console]
"VirtualTerminalLevel"=dword:00000001

2
doc/md/Use_of_Proxmark/2_Configuration-and-Verification.md
View file

@ -25,7 +25,7 @@ Set all t55xx settings to defaults (will set all 4 at once)
To make sure you got the latest sim module firmware.
_Lastest version is v3.11_
_Latest version is v3.11_
```
[usb] pm3 --> hw status

2
doc/new_frame_format.md
View file

@ -190,7 +190,7 @@ Meanwhile, a fast transition to MIX frames can be done with:
## Bootrom
Bootrom code will still use the old frame format to remain compatible with other repos supporting the old format and because it would hardly gain anything from the new format:
* almost all frames convey 512b of payload, so difference in overhead is neglictible
* almost all frames convey 512b of payload, so difference in overhead is negligible
* bringing flash over usart sounds risky and would be terribly slow anyway (115200 bauds vs. 7M bauds).
`SendCommandBL` is the same as `SendCommandOLD` with a different name to be sure not to migrate it.

2
doc/path_notes.md
View file

@ -67,7 +67,7 @@ Dictionaries used by the client will be copied to
Here you find the default dictionaries used for commands like `hf mf chk`, `hf mf fchk`, `lf t55xx chk`
A dictionary file is a text based file with one key per line in hexdecimal form.
The length of the key is decided by the Proxmark3 client for the different commands. All chars afterwards on line is ignored.
if key isn't a hex number, the key is igonored.
if key isn't a hex number, the key is ignored.
- t55xx, Mifare Ultralight/NTAG - uses 4 hexbytes (11223344)
- Mifare classic uses 6 hexbytes (112233445566)

2
doc/termux_notes.md
View file

@ -181,7 +181,7 @@ Install [this free app](https://play.google.com/store/apps/details?id=masar.bb)
^[Top](#top)
You need to pair the proxmark3 in the Android settings.
In the app choose your registred PM3 device as 'device A'.
In the app choose your registered PM3 device as 'device A'.
Select TCP server as 'Device B' and choose an unused port (e.g. 4321).
Ensure 'Retransmission' is set to 'both ways'.

6
doc/trace_notes.md
View file

@ -17,7 +17,7 @@ With `trace list` a table is shown which gives timing information, the src of th
### Timing
^[Top](#top)
The Start and the End coloumn lists timestamps when the transmission of the shown data started (time of first bit) and when it ended (end of last modulation).
The Start and the End column lists timestamps when the transmission of the shown data started (time of first bit) and when it ended (end of last modulation).
The unit for this time information depends on the protocol in use:
@ -29,7 +29,7 @@ The unit for this time information depends on the protocol in use:
* iClass, ISO15693, ISO18092 and FeliCa have no accurate timing information at the moment
* For others timing is not available
By specifing the option ```f``` (e.g. ```trace list 14a f```) the frame delay times are shown. (So you don't have to do the math by your own).
By specifying the option ```f``` (e.g. ```trace list 14a f```) the frame delay times are shown. (So you don't have to do the math by your own).
### Sources
^[Top](#top)
@ -39,7 +39,7 @@ If the data is marked as a response the source is shown as Tag. Otherwise it is
### Data
^[Top](#top)
This coloumn show the raw bytes trasmitted over the air. With option ```c``` CRC bytes are marked in square brackets.
This column shows the raw bytes transmitted over the air. With option ```c``` CRC bytes are marked in square brackets.
### CRC
^[Top](#top)

4
doc/uart_notes.md
View file

@ -28,7 +28,7 @@ USART support is in `common/usart.c`.
There are mainly two ways to use this USART:
* connect the host client to the Proxmark3 via this USART instead of USB-CDC, this is the `FPC_USART_HOST` option you can add to `PLATFORM_EXTRAS` in `Makefile.platform`. The most used way is through the BT add-on (blue shark) that we will cover later. Instead of BT add-on, we can also use e.g. a FTDI cable (mostly for internal development, it's much slower than USB-CDC anyway) or in the future other ways to connect the host such as a USART-to-Wi-Fi bridge.
* connect "slave" devices to the Proxmark3 to add functionnalities. In such case, the host client will use USB-CDC and the USART will be use to, e.g. connect the Proxmark3 to various daughterboards. These is no such example of daughterboard as of today, except when we're talking to the BT add-on in its AT configuration mode.
* connect "slave" devices to the Proxmark3 to add functionalities. In such case, the host client will use USB-CDC and the USART will be use to, e.g. connect the Proxmark3 to various daughterboards. These is no such example of daughterboard as of today, except when we're talking to the BT add-on in its AT configuration mode.
This USART can be reached from the host client (if connected via USB-CDC) through the following commands, available when you add `FPC_USART_DEV` to `PLATFORM_EXTRAS` in `Makefile.platform`:
* `usart config`, to configure the baudrate and the parity of the Proxmark3 USART
@ -63,7 +63,7 @@ The add-on acts as a bridge, between its UART and the BT communication channel,
The Bluetooth RFCOMM protocol provides an emulation of serial ports over the L2CAP protocol ([ref](https://www.amd.e-technik.uni-rostock.de/ma/gol/lectures/wirlec/bluetooth_info/rfcomm.html)).
As for USB-CDC, the real speed of the link is unrelated to serial baudrate notion. Litterature mentions a maximal value of 360kbps for some implementations, but the HC-06 Bluetooth module within the BT add-on is limited as the vast majority of similar devices to 128kbps.
As for USB-CDC, the real speed of the link is unrelated to serial baudrate notion. Literature mentions a maximal value of 360kbps for some implementations, but the HC-06 Bluetooth module within the BT add-on is limited as the vast majority of similar devices to 128kbps.
### BT add-on baudrate