From 565f3f1feb3a82752cd6c7481959ff55de675729 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 00:34:29 +0100 Subject: [PATCH 1/3] Extend storage allocated for Mifare keys to 4095 keys. Update documentation on the feature and memory map --- CHANGELOG.md | 1 + doc/ext_flash_notes.md | 4 ++-- include/pmflash.h | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e07c4c9c..5462c11be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] +- Extended area for Mifare keys in SPI flash to hold 4095 keys (@piotrva) - Fixed DESFire D40 secure channel crypto (@nvx) - Fixed `hf mfp info` fix signature check on 4b UID cards (@doegox) - Automatically set maximum read/write block when using predefined types in `hf_mf_ultimatecard` script (@piotrva) diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index 96b968bc7..6e5fd4e02 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -63,8 +63,8 @@ Page 3: Page3 is used as follows by the Proxmark3 RDV4 firmware: * **MF_KEYS** - * offset: page 3 sector 9 (0x9) @ 3*0x10000+9*0x1000=0x39000 - * length: 2 sectors + * offset: page 3 sector 5 (0x5) @ 3*0x10000+5*0x1000=0x35000 + * length: 6 sectors * **ICLASS_KEYS** * offset: page 3 sector 11 (0xB) @ 3*0x10000+11*0x1000=0x3B000 diff --git a/include/pmflash.h b/include/pmflash.h index bbed4b12e..8f9f9c741 100644 --- a/include/pmflash.h +++ b/include/pmflash.h @@ -28,7 +28,7 @@ // 0x3E000 - 1 4kb sector = settings // 0x3D000 - 1 4kb sector = default T55XX keys dictionary // 0x3B000 - 1 4kb sector = default ICLASS keys dictionary -// 0x38000 - 3 4kb sectors = default MFC keys dictionary +// 0x35000 - 6 4kb sectors = default MFC keys dictionary // #ifndef FLASH_MEM_BLOCK_SIZE # define FLASH_MEM_BLOCK_SIZE 256 @@ -95,9 +95,9 @@ # define DEFAULT_ICLASS_KEYS_OFFSET_P(p64k) (DEFAULT_T55XX_KEYS_OFFSET_P(p64k) - DEFAULT_ICLASS_KEYS_LEN) #endif -// Reserved space for MIFARE Keys = 12 kb +// Reserved space for MIFARE Keys = 24 kb #ifndef DEFAULT_MF_KEYS_OFFSET -# define DEFAULT_MF_KEYS_LEN (0x3000) +# define DEFAULT_MF_KEYS_LEN (0x6000) # define DEFAULT_MF_KEYS_OFFSET (DEFAULT_ICLASS_KEYS_OFFSET - DEFAULT_MF_KEYS_LEN) # define DEFAULT_MF_KEYS_MAX ((DEFAULT_MF_KEYS_LEN - 2) / 6) #endif From 1b781aae9ff02dd8ae6c36abb5f0eac612d33d2c Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 00:35:37 +0100 Subject: [PATCH 2/3] Update documentation on SPI flash memory to use modern client function calls with dashes. --- doc/ext_flash_notes.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md index 6e5fd4e02..6a86c7778 100644 --- a/doc/ext_flash_notes.md +++ b/doc/ext_flash_notes.md @@ -36,22 +36,22 @@ Therefore a flash address can be interpreted as such: Page 0: * available for user data -* to dump it: `mem dump f page0_dump o 0 l 65536` +* to dump it: `mem dump -f page0_dump -o 0 -l 65536` * to erase it: `mem wipe p 0` Page 1: * available for user data -* to dump it: `mem dump f page1_dump o 65536 l 65536` +* to dump it: `mem dump -f page1_dump -o 65536 -l 65536` * to erase it: `mem wipe p 1` Page 2: * available for user data -* to dump it: `mem dump f page2_dump o 131072 l 65536` +* to dump it: `mem dump -f page2_dump -o 131072 -l 65536` * to erase it: `mem wipe p 2` Page 3: * used by Proxmark3 RDV4 specific functions: flash signature and keys dictionaries, see below for details -* to dump it: `mem dump f page3_dump o 196608 l 65536` +* to dump it: `mem dump -f page3_dump -o 196608 -l 65536` * to erase it: * **Beware** it will erase your flash signature so better to back it up first as you won't be able to regenerate it by yourself! * edit the source code to enable Page 3 as a valid input in the `mem wipe` command. From b1b10c2bea49121d5afe8fcdd311dcb75b78e030 Mon Sep 17 00:00:00 2001 From: Piotr Rzeszut Date: Sat, 7 Dec 2024 00:36:52 +0100 Subject: [PATCH 3/3] As extending SPI flash storage for Mifare need to run init_rdv4 script for a proper operation add a note under compilation instructions --- doc/md/Use_of_Proxmark/0_Compilation-Instructions.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md b/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md index 63076e720..1a291e9cd 100644 --- a/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md +++ b/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md @@ -117,6 +117,17 @@ or proxmark3 /dev/ttyACM0 --flash --unlock-bootloader --image /tmp/my-bootrom.elf --image /tmp/my-fullimage.elf ``` +## Updating SPI flash structure and contents (RDV4.x, some PM3 Easy variants) +^[Top](#top) + +For the devices equipped with external SPI flash memory chip in some cases it might be essential to update the memory structure as well as to upload new keys from the dictionaries. To do so execute following command inside the client: + +``` +[usb] pm3 --> script run init_rdv4 +``` + +For more details prease refer to [this doc](./2_Configuration-and-Verification.md). + ### The button trick ^[Top](#top)