github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-19 21:03:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into master

Browse source 
Signed-off-by: Iceman <iceman@iuse.se>
This commit is contained in:
Iceman 2023-01-30 20:18:19 +01:00 committed by GitHub
commit 5a4338941d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 1087 additions and 164 deletions
Download patch file Download diff file Expand all files Collapse all files

11
CHANGELOG.md
View file

@ -4,6 +4,14 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
## [unreleased][unreleased]
- Added `lf em 4x70 brute` command (@adite)
## [Nitride.4.16191][2023-01-29]
- Changed `build_all_firmwares.sh` to fit GENERIC 256kb firmware images (@doegox)
- Fixed some coverity fixes (@iceman1001)
- Fixed `make accessrights` on Fedora (@mooey5775)
- Fixed `hf mfu info` - can now identify the 50 pF version of NTAG 210u(micro) (@mjacksn)
- Added `hf 15` sub-commands for controlling EAS, AFI, privacy mode, and the setting of passwords on SLIX tags (@mjacksn)
- Added new magic gen4 cards command in docs (@McEloff)
- Added `hf tesla info` - intital information command to read TESLA cards (@iceman1001)
- Changed `hf emrtd info` - looking for lower case .bin extensions (@iceman1001)
@ -42,7 +50,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
- Fixed `pm3` shell script now automatically detects WSL2 with USBIPD serial ports (@iceman1001)
- Fixed `trace list -c` - annotation of CRC bytes now is colored or squared if no ansi colors is supported (@iceman1001)
- Fixed `trace list -t mf` - now also finds UID if anticollision is partial captured, to be used for mfkey (@iceman1001)
- Fixed `make accessrights` on Fedora (@mooey5775)
## [Radium.4.15864][2022-10-29]
- Changed `lf indala sim` - now accepts fc / cn (@iceman1001)
@ -1365,6 +1373,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
- Mifare simulation, `hf mf sim` (was broken a long time) (@pwpiwi)
- Major improvements in LF area and data operations. (@marshmellow42, @iceman1001)
- Issues regarding LF simulation (@pwpiwi)
- Issue interpreting NXP "get sys info" command return value for icode tags. (@mjacksn)
### Added
- iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers do not seem to enforce update. (@holiman).

70
armsrc/appmain.c
View file

@ -453,6 +453,12 @@ static void SendCapabilities(void) {
capabilities.baudrate = g_usart_baudrate;
#endif
#ifdef RDV4
capabilities.is_rdv4 = true;
#else
capabilities.is_rdv4 = false;
#endif
#ifdef WITH_FLASH
capabilities.compiled_with_flash = true;
capabilities.hw_available_flash = FlashInit();
@ -1291,20 +1297,76 @@ static void PacketReceived(PacketCommandNG *packet) {
SetTag15693Uid(payload->uid);
break;
}
case CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY: {
case CMD_HF_ISO15693_SLIX_DISABLE_EAS: {
struct p {
uint8_t pwd[4];
bool usepwd;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
DisablePrivacySlixLIso15693(payload->pwd);
DisableEAS_AFISlixIso15693(payload->pwd, payload->usepwd);
break;
}
case CMD_HF_ISO15693_SLIX_L_DISABLE_AESAFI: {
case CMD_HF_ISO15693_SLIX_ENABLE_EAS: {
struct p {
uint8_t pwd[4];
bool usepwd;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
EnableEAS_AFISlixIso15693(payload->pwd, payload->usepwd);
break;
}
case CMD_HF_ISO15693_SLIX_WRITE_PWD: {
struct p {
uint8_t old_pwd[4];
uint8_t new_pwd[4];
uint8_t pwd_id;
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
WritePasswordSlixIso15693(payload->old_pwd, payload->new_pwd, payload->pwd_id);
break;
}
case CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY: {
struct p {
uint8_t pwd[4];
} PACKED;
struct p *payload = (struct p *) packet->data.asBytes;
DisableEAS_AFISlixLIso15693(payload->pwd);
DisablePrivacySlixIso15693(payload->pwd);
break;
}
case CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY: {
struct p {
uint8_t pwd[4];
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
EnablePrivacySlixIso15693(payload->pwd);
break;
}
case CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI: {
struct p {
uint8_t pwd[4];
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
PassProtectAFISlixIso15693(payload->pwd);
break;
}
case CMD_HF_ISO15693_WRITE_AFI: {
struct p {
uint8_t pwd[4];
bool use_pwd;
uint8_t uid[8];
bool use_uid;
uint8_t afi;
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
WriteAFIIso15693(payload->pwd, payload->use_pwd, payload->uid, payload->use_uid, payload->afi);
break;
}
case CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS: {
struct p {
uint8_t pwd[4];
} PACKED;
struct p *payload = (struct p *)packet->data.asBytes;
PassProtextEASSlixIso15693(payload->pwd);
break;
}

379
armsrc/iso15693.c
View file

@ -177,6 +177,36 @@ static void CodeIso15693AsReaderEOF(void) {
}
static int get_uid_slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid) {
uint8_t *answer = BigBuf_malloc(ISO15693_MAX_RESPONSE_LENGTH);
memset(answer, 0x00, ISO15693_MAX_RESPONSE_LENGTH);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t cmd[5] = {0};
BuildIdentifyRequest(cmd);
uint16_t recvlen = 0;
SendDataTag(cmd, sizeof(cmd), false, true, answer, ISO15693_MAX_RESPONSE_LENGTH, start_time, ISO15693_READER_TIMEOUT, eof_time, &recvlen);
if (recvlen != 12) {
return PM3_ETIMEOUT;
}
uid[0] = answer[2];
uid[1] = answer[3];
uid[2] = answer[4];
uid[3] = answer[5];
uid[4] = answer[6];
uid[5] = answer[7];
uid[6] = answer[8];
uid[7] = answer[9];
BigBuf_free();
return PM3_SUCCESS;
}
// encode data using "1 out of 256" scheme
// data rate is 1,66 kbit/s (fc/8192)
// is designed for more robust communication over longer distances
@ -2431,6 +2461,8 @@ void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t recv, uint
case ISO15693_WRITE_AFI:
case ISO15693_LOCK_AFI:
case ISO15693_WRITE_DSFID:
case ISO15693_WRITE_PASSWORD:
case ISO15693_PASSWORD_PROTECT_EAS:
case ISO15693_LOCK_DSFID:
timeout = ISO15693_READER_TIMEOUT_WRITE;
request_answer = data[0] & ISO15_REQ_OPTION;
@ -2640,7 +2672,7 @@ void SetTag15693Uid(const uint8_t *uid) {
switch_off();
}
static void init_password_15693_slixl(uint8_t *buffer, uint8_t *pwd, const uint8_t *rnd) {
static void init_password_15693_Slix(uint8_t *buffer, uint8_t *pwd, const uint8_t *rnd) {
memcpy(buffer, pwd, 4);
if (rnd) {
buffer[0] ^= rnd[0];
@ -2650,14 +2682,14 @@ static void init_password_15693_slixl(uint8_t *buffer, uint8_t *pwd, const uint8
}
}
static bool get_rnd_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *rnd) {
static bool get_rnd_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *rnd) {
// 0x04, == NXP from manufacture id list.
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_GET_RANDOM_NUMBER, 0x04, 0x00, 0x00 };
AddCrc15(c, 3);
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
int res = SendDataTag(c, sizeof(c), true, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res != PM3_SUCCESS && recvlen != 5) {
return false;
}
@ -2668,15 +2700,16 @@ static bool get_rnd_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t
return true;
}
static uint32_t set_pass_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t pass_id, uint8_t *password) {
static uint32_t disable_privacy_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t pass_id, uint8_t *password) {
uint8_t rnd[2];
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
// 0x04, == NXP from manufacture id list.
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH, ISO15693_SET_PASSWORD, 0x04, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
init_password_15693_slixl(&c[4], password, rnd);
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, ISO15693_SET_PASSWORD, 0x04, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
init_password_15693_Slix(&c[4], password, rnd);
AddCrc15(c, 8);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
@ -2689,16 +2722,226 @@ static uint32_t set_pass_15693_slixl(uint32_t start_time, uint32_t *eof_time, ui
return PM3_SUCCESS;
}
/*
static uint32_t enable_privacy_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
static uint32_t set_pass_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t pass_id, uint8_t *password, uint8_t *uid) {
uint8_t rnd[2];
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
// 0x04, == NXP from manufacture id list.
uint8_t c[] = { (ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS), ISO15693_SET_PASSWORD, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
init_password_15693_Slix(&c[12], password, rnd);
memcpy(&c[3], uid, 8);
AddCrc15(c, 16);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res != PM3_SUCCESS && recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
}
static uint32_t set_privacy_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *password) {
uint8_t rnd[2];
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
// 0x04, == NXP from manufacture id list.
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, 0xBA, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
init_password_15693_Slix(&c[3], password, rnd);
AddCrc15(c, 7);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res != PM3_SUCCESS && recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
}
static uint32_t disable_eas_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *password, bool usepwd) {
uint8_t uid[8];
get_uid_slix(start_time, eof_time, uid);
uint8_t rnd[2];
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
if (usepwd) {
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
if (res_setpass != PM3_SUCCESS) {
return PM3_EWRONGANSWER;
}
}
// 0x04, == NXP from manufacture id list.
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, 0xA3, 0x04, 0x00, 0x00};
AddCrc15(c, 3);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res != PM3_SUCCESS && recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
}
static uint32_t enable_eas_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *password, bool usepwd) {
uint8_t uid[8];
get_uid_slix(start_time, eof_time, uid);
uint8_t rnd[2];
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
if (usepwd) {
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
if (res_setpass != PM3_SUCCESS) {
return PM3_EWRONGANSWER;
}
}
// 0x04, == NXP from manufacture id list.
uint8_t c[] = { ISO15_REQ_DATARATE_HIGH, 0xA2, 0x04, 0x00, 0x00};
//init_password_15693_Slix(&c[3], password, rnd);
AddCrc15(c, 3);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res = SendDataTag(c, sizeof(c), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res != PM3_SUCCESS && recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
}
static uint32_t write_password_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t pwd_id, uint8_t *password, uint8_t *uid) {
uint8_t new_pwd_cmd[] = { (ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS), ISO15693_WRITE_PASSWORD, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, pwd_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
memcpy(&new_pwd_cmd[3], uid, 8);
memcpy(&new_pwd_cmd[12], password, 4);
AddCrc15(new_pwd_cmd, 16);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res_wrp = SendDataTag(new_pwd_cmd, sizeof(new_pwd_cmd), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res_wrp != PM3_SUCCESS && recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
}
static uint32_t pass_protect_EASAFI_15693_Slix(uint32_t start_time, uint32_t *eof_time, bool set_option_flag, uint8_t *password) {
uint8_t flags;
if (set_option_flag)
flags = ISO15_REQ_DATARATE_HIGH | ISO15_REQ_OPTION;
else
flags = ISO15_REQ_DATARATE_HIGH;
uint8_t uid[8];
get_uid_slix(start_time, eof_time, uid);
uint8_t rnd[2];
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
if (res_setpass != PM3_SUCCESS) {
return PM3_EWRONGANSWER;
}
uint8_t new_pass_protect_cmd[] = { flags, ISO15693_PASSWORD_PROTECT_EAS, 0x04, 0x00, 0x00};
AddCrc15(new_pass_protect_cmd, 3);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res = SendDataTag(new_pass_protect_cmd, sizeof(new_pass_protect_cmd), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res != PM3_SUCCESS && recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
}
static uint32_t write_afi_15693(uint32_t start_time, uint32_t *eof_time, uint8_t *password, bool usepwd, uint8_t *uid, bool use_uid, uint8_t afi) {
if (!use_uid) {
int res_getuid = get_uid_slix(start_time, eof_time, uid);
if (res_getuid != PM3_SUCCESS) {
return res_getuid;
}
}
if (usepwd) {
int res_setpass = set_pass_15693_Slix(start_time, eof_time, 0x10, password, uid);
if (res_setpass != PM3_SUCCESS) {
return PM3_EWRONGANSWER;
}
}
uint8_t cmd[] = { ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_WRITE_AFI, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
memcpy(&cmd[2], uid, 8);
cmd[10] = afi;
AddCrc15(cmd, 11);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
uint8_t recvbuf[ISO15693_MAX_RESPONSE_LENGTH];
uint16_t recvlen = 0;
int res = SendDataTag(cmd, sizeof(cmd), false, true, recvbuf, sizeof(recvbuf), start_time, ISO15693_READER_TIMEOUT_WRITE, eof_time, &recvlen);
if (res != PM3_SUCCESS || recvlen != 3) {
return PM3_EWRONGANSWER;
}
return PM3_SUCCESS;
}
/*
static uint32_t enable_privacy_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
uint8_t rnd[2];
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_ENABLE_PRIVACY, pass_id, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
memcpy(&c[3], uid, 8);
init_password_15693_slixl(&c[11], password, rnd);
init_password_15693_Slix(&c[11], password, rnd);
AddCrc15(c, 15);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
@ -2711,16 +2954,16 @@ static uint32_t enable_privacy_15693_slixl(uint32_t start_time, uint32_t *eof_ti
return PM3_SUCCESS;
}
static uint32_t write_password_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
static uint32_t write_password_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t pass_id, uint8_t *password) {
uint8_t rnd[2];
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_WRITE_PASSWORD, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
memcpy(&c[3], uid, 8);
c[11] = pass_id;
init_password_15693_slixl(&c[12], password, NULL);
init_password_15693_Slix(&c[12], password, NULL);
AddCrc15(c, 16);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
@ -2734,16 +2977,16 @@ static uint32_t write_password_15693_slixl(uint32_t start_time, uint32_t *eof_ti
return PM3_SUCCESS;
}
static uint32_t destroy_15693_slixl(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t *password) {
static uint32_t destroy_15693_Slix(uint32_t start_time, uint32_t *eof_time, uint8_t *uid, uint8_t *password) {
uint8_t rnd[2];
if (get_rnd_15693_slixl(start_time, eof_time, rnd) == false) {
if (get_rnd_15693_Slix(start_time, eof_time, rnd) == false) {
return PM3_ETIMEOUT;
}
uint8_t c[] = {ISO15_REQ_DATARATE_HIGH | ISO15_REQ_ADDRESS, ISO15693_DESTROY, ISO15693_ENABLE_PRIVACY, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
memcpy(&c[3], uid, 8);
init_password_15693_slixl(&c[11], password, rnd);
init_password_15693_Slix(&c[11], password, rnd);
AddCrc15(c, 15);
start_time = *eof_time + DELAY_ISO15693_VICC_TO_VCD_READER;
@ -2758,8 +3001,32 @@ static uint32_t destroy_15693_slixl(uint32_t start_time, uint32_t *eof_time, uin
*/
// Sets a PRIVACY password to all ZEROS
void DisablePrivacySlixLIso15693(uint8_t *password) {
void WritePasswordSlixIso15693(uint8_t *old_password, uint8_t *new_password, uint8_t pwd_id) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
int res = PM3_EFAILED;
uint8_t uid[8];
get_uid_slix(start_time, &eof_time, uid);
res = set_pass_15693_Slix(start_time, &eof_time, pwd_id, old_password, uid);
if (res != PM3_SUCCESS) {
reply_ng(CMD_HF_ISO15693_SLIX_WRITE_PWD, res, NULL, 0);
switch_off();
return;
}
res = write_password_15693_Slix(start_time, &eof_time, pwd_id, new_password, uid);
reply_ng(CMD_HF_ISO15693_SLIX_WRITE_PWD, res, NULL, 0);
switch_off();
}
void DisablePrivacySlixIso15693(uint8_t *password) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
@ -2769,13 +3036,12 @@ void DisablePrivacySlixLIso15693(uint8_t *password) {
// 0x04 Privacy
// 0x08 Destroy SLIX-L
// 0x10 EAS/AFI
int res = set_pass_15693_slixl(start_time, &eof_time, 0x04, password);
reply_ng(CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY, res, NULL, 0);
int res = disable_privacy_15693_Slix(start_time, &eof_time, 0x04, password);
reply_ng(CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY, res, NULL, 0);
switch_off();
}
// Sets a EAS/AFI password to all ZEROS
void DisableEAS_AFISlixLIso15693(uint8_t *password) {
void EnablePrivacySlixIso15693(uint8_t *password) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
@ -2785,8 +3051,71 @@ void DisableEAS_AFISlixLIso15693(uint8_t *password) {
// 0x04 Privacy
// 0x08 Destroy SLIX-L
// 0x10 EAS/AFI
int res = set_pass_15693_slixl(start_time, &eof_time, 0x10, password);
reply_ng(CMD_HF_ISO15693_SLIX_L_DISABLE_AESAFI, res, NULL, 0);
int res = set_privacy_15693_Slix(start_time, &eof_time, password);
reply_ng(CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY, res, NULL, 0);
switch_off();
}
void DisableEAS_AFISlixIso15693(uint8_t *password, bool usepwd) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
// Password identifier Password byte
// 0x04 Privacy
// 0x08 Destroy SLIX-L
// 0x10 EAS/AFI
int res = disable_eas_15693_Slix(start_time, &eof_time, password, usepwd);
reply_ng(CMD_HF_ISO15693_SLIX_DISABLE_EAS, res, NULL, 0);
switch_off();
}
void EnableEAS_AFISlixIso15693(uint8_t *password, bool usepwd) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
// Password identifier Password byte
// 0x04 Privacy
// 0x08 Destroy SLIX-L
// 0x10 EAS/AFI
int res = enable_eas_15693_Slix(start_time, &eof_time, password, usepwd);
reply_ng(CMD_HF_ISO15693_SLIX_ENABLE_EAS, res, NULL, 0);
switch_off();
}
void PassProtextEASSlixIso15693(uint8_t *password) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
int res = pass_protect_EASAFI_15693_Slix(start_time, &eof_time, false, password);
reply_ng(CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS, res, NULL, 0);
switch_off();
}
void PassProtectAFISlixIso15693(uint8_t *password) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
int res = pass_protect_EASAFI_15693_Slix(start_time, &eof_time, true, password);
reply_ng(CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI, res, NULL, 0);
switch_off();
}
void WriteAFIIso15693(uint8_t *password, bool use_pwd, uint8_t *uid, bool use_uid, uint8_t afi) {
LED_D_ON();
Iso15693InitReader();
StartCountSspClk();
uint32_t start_time = 0, eof_time = 0;
int res = write_afi_15693(start_time, &eof_time, password, use_pwd, uid, use_uid, afi);
//int res = PM3_SUCCESS;
reply_ng(CMD_HF_ISO15693_WRITE_AFI, res, NULL, 0);
switch_off();
}

10
armsrc/iso15693.h
View file

@ -62,6 +62,12 @@ int SendDataTagEOF(uint8_t *recv, uint16_t max_recv_len, uint32_t start_time, ui
void SetTag15693Uid(const uint8_t *uid);
void DisablePrivacySlixLIso15693(uint8_t *password);
void DisableEAS_AFISlixLIso15693(uint8_t *password);
void WritePasswordSlixIso15693(uint8_t *old_password, uint8_t *new_password, uint8_t pwd_id);
void DisablePrivacySlixIso15693(uint8_t *password);
void EnablePrivacySlixIso15693(uint8_t *password);
void DisableEAS_AFISlixIso15693(uint8_t *password, bool usepwd);
void EnableEAS_AFISlixIso15693(uint8_t *password, bool usepwd);
void PassProtextEASSlixIso15693(uint8_t *password);
void PassProtectAFISlixIso15693(uint8_t *password);
void WriteAFIIso15693(uint8_t *password, bool usepwd, uint8_t *uid, bool use_uid, uint8_t afi);
#endif

4
client/src/cmdflashmem.c
View file

@ -641,6 +641,10 @@ static int CmdFlashMemInfo(const char *Cmd) {
// Verify (public key)
bool is_verified = (mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 20, sha_hash, from_device) == 0);
if (got_private == false) {
mbedtls_rsa_free(rsa);
}
mbedtls_pk_free(&pkctx);
PrintAndLogEx(NORMAL, "");

6
client/src/cmdhf14a.c
View file

@ -1460,8 +1460,9 @@ static int CmdHF14AChaining(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 14a chaining",
"Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.",
"hf 14a chaining -> show chaining enable/disable state\n"
"hf 14a chaining --off -> disable chaining\n"
"hf 14a chaining -> show chaining enable/disable state\n");
);
void *argtable[] = {
arg_param_begin,
@ -1473,6 +1474,7 @@ static int CmdHF14AChaining(const char *Cmd) {
bool on = arg_get_lit(ctx, 1);
bool off = arg_get_lit(ctx, 2);
CLIParserFree(ctx);
if ((on + off) > 1) {
PrintAndLogEx(INFO, "Select only one option");
@ -1485,8 +1487,6 @@ static int CmdHF14AChaining(const char *Cmd) {
if (off)
Set_apdu_in_framing(false);
CLIParserFree(ctx);
PrintAndLogEx(INFO, "\nISO 14443-4 input chaining %s.\n", g_apdu_in_framing_enable ? "enabled" : "disabled");
return PM3_SUCCESS;
}

560
client/src/cmdhf15.c
View file

@ -789,14 +789,14 @@ static int NxpSysInfo(uint8_t *uid) {
}
bool support_signature = (recv[5] & 0x01);
bool support_easmode = (recv[4] & 0x03);
bool support_easmode = (recv[4] & 0x04);
PrintAndLogEx(INFO, "--------- " _CYAN_("NXP Sysinfo") " ---------");
PrintAndLogEx(INFO, " raw : %s", sprint_hex(recv, 8));
PrintAndLogEx(INFO, " Password protection configuration:");
PrintAndLogEx(INFO, " * Page L read%s password protected", ((recv[2] & 0x01) ? "" : " not"));
PrintAndLogEx(INFO, " * Page L write%s password protected", ((recv[2] & 0x02) ? "" : " not"));
PrintAndLogEx(INFO, " * Page H read%s password protected", ((recv[2] & 0x08) ? "" : " not"));
PrintAndLogEx(INFO, " * Page H read%s password protected", ((recv[2] & 0x10) ? "" : " not"));
PrintAndLogEx(INFO, " * Page H write%s password protected", ((recv[2] & 0x20) ? "" : " not"));
PrintAndLogEx(INFO, " Lock bits:");
@ -809,16 +809,16 @@ static int NxpSysInfo(uint8_t *uid) {
PrintAndLogEx(INFO, " * User memory password protection%s supported", ((recv[4] & 0x01) ? "" : " not"));
PrintAndLogEx(INFO, " * Counter feature%s supported", ((recv[4] & 0x02) ? "" : " not"));
PrintAndLogEx(INFO, " * EAS ID%s supported by EAS ALARM command", support_easmode ? "" : " not");
PrintAndLogEx(INFO, " * EAS password protection%s supported", ((recv[4] & 0x04) ? "" : " not"));
PrintAndLogEx(INFO, " * EAS password protection%s supported", ((recv[4] & 0x08) ? "" : " not"));
PrintAndLogEx(INFO, " * AFI password protection%s supported", ((recv[4] & 0x10) ? "" : " not"));
PrintAndLogEx(INFO, " * Extended mode%s supported by INVENTORY READ command", ((recv[4] & 0x20) ? "" : " not"));
PrintAndLogEx(INFO, " * EAS selection%s supported by extended mode in INVENTORY READ command", ((recv[4] & 0x40) ? "" : " not"));
PrintAndLogEx(INFO, " * READ SIGNATURE command%s supported", support_signature ? "" : " not");
PrintAndLogEx(INFO, " * Password protection for READ SIGNATURE command%s supported", ((recv[5] & 0x02) ? "" : " not"));
PrintAndLogEx(INFO, " * STAY QUIET PERSISTENT command%s supported", ((recv[5] & 0x03) ? "" : " not"));
PrintAndLogEx(INFO, " * STAY QUIET PERSISTENT command%s supported", ((recv[5] & 0x04) ? "" : " not"));
PrintAndLogEx(INFO, " * ENABLE PRIVACY command%s supported", ((recv[5] & 0x10) ? "" : " not"));
PrintAndLogEx(INFO, " * DESTROY command%s supported", ((recv[5] & 0x20) ? "" : " not"));
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not"));
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[7] & 0x80) ? "" : " not"));
if (support_easmode) {
NxpTestEAS(uid);
@ -1352,94 +1352,81 @@ static int CmdHF15WriteAfi(const char *Cmd) {
CLIParserInit(&ctx, "hf 15 writeafi",
"Write AFI on card",
"hf 15 writeafi -* --afi 12\n"
"hf 15 writeafi -u E011223344556677 --afi 12"
"hf 15 writeafi -u E011223344556677 --afi 12 -p 0F0F0F0F"
);
void *argtable[6 + 2] = {};
uint8_t arglen = arg_add_default(argtable);
argtable[arglen++] = arg_int1(NULL, "afi", "<dec>", "AFI number (0-255)");
argtable[arglen++] = arg_param_end;
void *argtable[5] = {};
argtable[0] = arg_param_begin;
argtable[1] = arg_str0("u", "uid", "<hex>", "full UID, 8 bytes");
argtable[2] = arg_int1(NULL, "afi", "<dec>", "AFI number (0-255)");
argtable[3] = arg_str0("p", "pwd", "<hex>", "optional AFI/EAS password");
argtable[4] = arg_param_end;
CLIExecWithReturn(ctx, Cmd, argtable, false);
CLIExecWithReturn(ctx, Cmd, argtable, true);
struct {
uint8_t pwd[4];
bool use_pwd;
uint8_t uid[8];
int uidlen = 0;
CLIGetHexWithReturn(ctx, 1, uid, &uidlen);
bool unaddressed = arg_get_lit(ctx, 2);
bool scan = arg_get_lit(ctx, 3);
int fast = (arg_get_lit(ctx, 4) == false);
bool add_option = arg_get_lit(ctx, 5);
bool use_uid;
uint8_t afi;
} PACKED payload;
int uidlen = 0;
CLIGetHexWithReturn(ctx, 1, payload.uid, &uidlen);
payload.afi = arg_get_int_def(ctx, 2, 0);
int pwdlen;
CLIGetHexWithReturn(ctx, 3, payload.pwd, &pwdlen);
int afi = arg_get_int_def(ctx, 6, 0);
CLIParserFree(ctx);
// sanity checks
if ((scan + unaddressed + uidlen) > 1) {
PrintAndLogEx(WARNING, "Select only one option /scan/unaddress/uid");
return PM3_EINVARG;
}
// request to be sent to device/card
uint16_t flags = arg_get_raw_flag(uidlen, unaddressed, scan, add_option);
uint8_t req[16] = {flags, ISO15693_WRITE_AFI};
uint16_t reqlen = 2;
if (unaddressed == false) {
if (scan) {
if (getUID(false, uid) != PM3_SUCCESS) {
PrintAndLogEx(WARNING, "no tag found");
return PM3_EINVARG;
}
uidlen = 8;
payload.use_pwd = false;
if (pwdlen == 4) {
payload.use_pwd = true;
}
payload.use_uid = false;
if (uidlen == 8) {
// add UID (scan, uid)
memcpy(req + reqlen, uid, sizeof(uid));
reqlen += sizeof(uid);
}
PrintAndLogEx(SUCCESS, "Using UID... " _GREEN_("%s"), iso15693_sprintUID(NULL, uid));
payload.use_uid = true;
}
// enforce, since we are writing
req[0] |= ISO15_REQ_OPTION;
// sanity checks
if (uidlen != 0 && uidlen != 8) {
PrintAndLogEx(WARNING, "uid must be 8 hex bytes if provided");
return PM3_EINVARG;
}
req[reqlen++] = (uint8_t)afi;
AddCrc15(req, reqlen);
reqlen += 2;
// arg: len, speed, recv?
// arg0 (datalen, cmd len? .arg0 == crc?)
// arg1 (speed == 0 == 1 of 256, == 1 == 1 of 4 )
// arg2 (recv == 1 == expect a response)
uint8_t read_response = 1;
if (pwdlen > 0 && pwdlen != 4) {
PrintAndLogEx(WARNING, "password must be 4 hex bytes if provided");
return PM3_ESOFT;
}
PacketResponseNG resp;
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, read_response, req, reqlen);
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(ERR, "iso15693 timeout");
SendCommandNG(CMD_HF_ISO15693_WRITE_AFI, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_WRITE_AFI, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ETIMEOUT;
return PM3_ESOFT;
}
DropField();
if (resp.status == PM3_ETEAROFF) {
switch (resp.status) {
case PM3_ETIMEOUT: {
PrintAndLogEx(WARNING, "no tag found");
break;
}
case PM3_EWRONGANSWER: {
PrintAndLogEx(WARNING, "error writing AFI");
break;
}
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "Wrote AFI 0x%02X", payload.afi);
break;
}
}
return resp.status;
}
uint8_t *data = resp.data.asBytes;
if ((data[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", data[0], TagErrorStr(data[0]));
return PM3_EWRONGANSWER;
}
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, "Wrote AFI 0x%02X", afi);
return PM3_SUCCESS;
}
// Writes the DSFID (Data Storage Format Identifier) of a card
@ -2378,10 +2365,148 @@ static int CmdHF15CSetUID(const char *Cmd) {
}
}
static int CmdHF15SlixEASEnable(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 15 slixeasenable",
"Enable EAS mode on SLIX ISO-15693 tag",
"hf 15 slixeasenable -p 0F0F0F0F");
void *argtable[] = {
arg_param_begin,
arg_str0("p", "pwd", "<hex>", "optional password, 8 hex bytes"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
struct {
uint8_t pwd[4];
bool usepwd;
} PACKED payload;
int pwdlen = 0;
int ret_pwdparse = CLIParamHexToBuf(arg_get_str(ctx, 1), payload.pwd, 4, &pwdlen);
if ((pwdlen > 0 && pwdlen != 4) || ret_pwdparse != 0) {
PrintAndLogEx(WARNING, "password must be 4 hex bytes if provided");
CLIParserFree(ctx);
return PM3_ESOFT;
}
CLIParserFree(ctx);
if (pwdlen > 0) {
PrintAndLogEx(INFO, "Trying to enable EAS mode using password " _GREEN_("%s")
, sprint_hex_inrow(payload.pwd, sizeof(payload.pwd))
);
payload.usepwd = true;
} else {
PrintAndLogEx(INFO, "Trying to enable EAS mode without using a password");
payload.usepwd = false;
}
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SLIX_ENABLE_EAS, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_ENABLE_EAS, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ESOFT;
}
switch (resp.status) {
case PM3_ETIMEOUT: {
PrintAndLogEx(WARNING, "no tag found");
break;
}
case PM3_EWRONGANSWER: {
if (pwdlen > 0) {
PrintAndLogEx(WARNING, "the password provided was not accepted");
} else {
PrintAndLogEx(WARNING, "either a password is required or EAS mode is locked");
}
break;
}
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "EAS mode is now enabled ( " _GREEN_("ok") " ) ");
break;
}
}
return resp.status;
}
static int CmdHF15SlixEASDisable(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 15 slixeasdisable",
"Disable EAS mode on SLIX ISO-15693 tag",
"hf 15 slixeasdisable -p 0F0F0F0F");
void *argtable[] = {
arg_param_begin,
arg_str0("p", "pwd", "<hex>", "optional password, 8 hex bytes"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
struct {
uint8_t pwd[4];
bool usepwd;
} PACKED payload;
int pwdlen = 0;
int ret_pwdparse = CLIParamHexToBuf(arg_get_str(ctx, 1), payload.pwd, 4, &pwdlen);
CLIParserFree(ctx);
if ((pwdlen > 0 && pwdlen != 4) || ret_pwdparse != 0) {
PrintAndLogEx(WARNING, "password must be 4 hex bytes if provided");
return PM3_ESOFT;
}
if (pwdlen > 0) {
PrintAndLogEx(INFO, "Trying to disable EAS mode using password " _GREEN_("%s")
, sprint_hex_inrow(payload.pwd, sizeof(payload.pwd))
);
payload.usepwd = true;
} else {
PrintAndLogEx(INFO, "Trying to enable EAS mode without using a password");
payload.usepwd = false;
}
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SLIX_DISABLE_EAS, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_DISABLE_EAS, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ESOFT;
}
switch (resp.status) {
case PM3_ETIMEOUT: {
PrintAndLogEx(WARNING, "no tag found");
break;
}
case PM3_EWRONGANSWER: {
if (pwdlen > 0) {
PrintAndLogEx(WARNING, "the password provided was not accepted");
} else {
PrintAndLogEx(WARNING, "either a password is required or EAS mode is locked");
}
break;
}
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "EAS mode is now disabled ( " _GREEN_("ok") " ) ");
break;
}
}
return resp.status;
}
static int CmdHF15SlixDisable(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 15 slixdisable",
CLIParserInit(&ctx, "hf 15 slixprivacydisable",
"Disable privacy mode on SLIX ISO-15693 tag",
"hf 15 slixdisable -p 0F0F0F0F");
@ -2404,8 +2529,8 @@ static int CmdHF15SlixDisable(const char *Cmd) {
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY, &resp, 2000) == false) {
SendCommandNG(CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ESOFT;
@ -2428,6 +2553,283 @@ static int CmdHF15SlixDisable(const char *Cmd) {
return resp.status;
}
static int CmdHF15SlixEnable(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 15 slixprivacyenable",
"Enable privacy mode on SLIX ISO-15693 tag",
"hf 15 slixenable -p 0F0F0F0F");
void *argtable[] = {
arg_param_begin,
arg_str1("p", "pwd", "<hex>", "password, 8 hex bytes"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
struct {
uint8_t pwd[4];
} PACKED payload;
int pwdlen = 0;
CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
CLIParserFree(ctx);
PrintAndLogEx(INFO, "Trying to enable privacy mode using password " _GREEN_("%s")
, sprint_hex_inrow(payload.pwd, sizeof(payload.pwd))
);
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ESOFT;
}
switch (resp.status) {
case PM3_ETIMEOUT: {
PrintAndLogEx(WARNING, "no tag found");
break;
}
case PM3_EWRONGANSWER: {
PrintAndLogEx(WARNING, "password was not accepted");
break;
}
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "privacy mode is now enabled ( " _GREEN_("ok") " ) ");
break;
}
}
return resp.status;
}
static int CmdHF15SlixWritePassword(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 15 slixwritepwd",
"Write a password on a SLIX family ISO-15693 tag.n"
"Some tags do not support all different password types.",
"hf 15 slixwritepwd -t READ -o 00000000 -n 12131415");
void *argtable[] = {
arg_param_begin,
arg_str1("t", "type", "<read|write|privacy|destroy|easafi>", "which password field to write to"),
arg_str0("o", "old", "<hex>", "old password (if present), 8 hex bytes"),
arg_str1("n", "new", "<hex>", "new password, 8 hex bytes"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
struct {
uint8_t old_pwd[4];
uint8_t new_pwd[4];
uint8_t pwd_id;
} PACKED payload;
int pwdlen = 0;
CLIGetHexWithReturn(ctx, 2, payload.old_pwd, &pwdlen);
if (pwdlen > 0 && pwdlen != 4) {
PrintAndLogEx(WARNING, "old password must be 4 hex bytes if provided");
CLIParserFree(ctx);
return PM3_ESOFT;
}
CLIGetHexWithReturn(ctx, 3, payload.new_pwd, &pwdlen);
if (pwdlen != 4) {
PrintAndLogEx(WARNING, "new password must be 4 hex bytes");
CLIParserFree(ctx);
return PM3_ESOFT;
}
int vlen = 0;
char value[10];
CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)value, sizeof(value), &vlen);
CLIParserFree(ctx);
if (vlen > 0) {
if (strcmp(value, "read") == 0) {
PrintAndLogEx(SUCCESS, "Selected read pass");
payload.pwd_id = 0x01;
} else if (strcmp(value, "write") == 0) {
PrintAndLogEx(SUCCESS, "Selected write pass");
payload.pwd_id = 0x02;
} else if (strcmp(value, "privacy") == 0) {
PrintAndLogEx(SUCCESS, "Selected privacy pass");
payload.pwd_id = 0x04;
} else if (strcmp(value, "destroy") == 0) {
PrintAndLogEx(SUCCESS, "Selected destroy pass");
payload.pwd_id = 0x08;
} else if (strcmp(value, "easafi") == 0) {
PrintAndLogEx(SUCCESS, "Selected easafi pass");
payload.pwd_id = 0x10;
} else {
PrintAndLogEx(ERR, "t argument must be 'read', 'write', 'privacy', 'destroy', or 'easafi'");
return PM3_EINVARG;
}
}
PrintAndLogEx(INFO, "Trying to write " _YELLOW_("%s") " as " _YELLOW_("%s") " password"
, sprint_hex_inrow(payload.new_pwd, sizeof(payload.new_pwd)), value);
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SLIX_WRITE_PWD, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_WRITE_PWD, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ESOFT;
}
switch (resp.status) {
case PM3_ETIMEOUT: {
PrintAndLogEx(WARNING, "no tag found");
break;
}
case PM3_EWRONGANSWER: {
PrintAndLogEx(WARNING, "password was not accepted");
break;
}
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "password written ( " _GREEN_("ok") " ) ");
break;
}
}
return resp.status;
}
static int CmdHF15AFIPassProtect(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 15 passprotectafi",
"This command enables the password protect of AFI.\n"
"*** OBS! This action can not be undone! ***",
"hf 15 passprotectafi -p 00000000 --force");
void *argtable[] = {
arg_param_begin,
arg_str1("p", "pwd", "<hex>", "EAS/AFI password, 8 hex bytes"),
arg_lit0(NULL, "force", "Force execution of command (irreversible) "),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
struct {
uint8_t pwd[4];
} PACKED payload;
int pwdlen = 0;
CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
bool force = arg_get_lit(ctx, 2);
CLIParserFree(ctx);
if (pwdlen != 4) {
PrintAndLogEx(WARNING, "password must be 4 hex bytes");
return PM3_ESOFT;
}
if (force == false) {
PrintAndLogEx(WARNING, "Use `--force` flag to override. OBS! Irreversable command");
return PM3_ESOFT;
}
PrintAndLogEx(INFO, "Trying to enable AFI password protection...");
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ESOFT;
}
switch (resp.status) {
case PM3_ETIMEOUT: {
PrintAndLogEx(WARNING, "no tag found");
break;
}
case PM3_EWRONGANSWER: {
PrintAndLogEx(WARNING, "error enabling AFI password protection");
break;
}
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "AFI password protected ( " _GREEN_("ok") " ) ");
break;
}
}
return resp.status;
}
static int CmdHF15EASPassProtect(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf 15 passprotecteas",
"This command enables the password protect of EAS.\n"
"*** OBS! This action can not be undone! ***",
"hf 15 passprotecteas -p 00000000 --force");
void *argtable[] = {
arg_param_begin,
arg_str1("p", "pwd", "<hex>", "EAS/AFI password, 8 hex bytes"),
arg_lit0(NULL, "force", "Force execution of command (irreversible) "),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
struct {
uint8_t pwd[4];
} PACKED payload;
int pwdlen = 0;
CLIGetHexWithReturn(ctx, 1, payload.pwd, &pwdlen);
bool force = arg_get_lit(ctx, 2);
CLIParserFree(ctx);
if (pwdlen != 4) {
PrintAndLogEx(WARNING, "password must be 4 hex bytes");
return PM3_ESOFT;
}
if (force == false) {
PrintAndLogEx(WARNING, "Use `--force` flag to override. OBS! Irreversable command");
return PM3_ESOFT;
}
PrintAndLogEx(INFO, "Trying to enable EAS password protection...");
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS, (uint8_t *)&payload, sizeof(payload));
if (WaitForResponseTimeout(CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "timeout while waiting for reply");
DropField();
return PM3_ESOFT;
}
switch (resp.status) {
case PM3_ETIMEOUT: {
PrintAndLogEx(WARNING, "no tag found");
break;
}
case PM3_EWRONGANSWER: {
PrintAndLogEx(WARNING, "error enabling EAS password protection");
break;
}
case PM3_SUCCESS: {
PrintAndLogEx(SUCCESS, "EAS password protected ( " _GREEN_("ok") " ) ");
break;
}
}
return resp.status;
}
static command_t CommandTable[] = {
{"-----------", CmdHF15Help, AlwaysAvailable, "--------------------- " _CYAN_("General") " ---------------------"},
{"help", CmdHF15Help, AlwaysAvailable, "This help"},
@ -2446,7 +2848,13 @@ static command_t CommandTable[] = {
{"esave", CmdHF15ESave, IfPm3Iso15693, "Save emulator memory into image file"},
{"eview", CmdHF15EView, IfPm3Iso15693, "View emulator memory"},
{"sim", CmdHF15Sim, IfPm3Iso15693, "Fake an ISO-15693 tag"},
{"slixdisable", CmdHF15SlixDisable, IfPm3Iso15693, "Disable privacy mode on SLIX ISO-15693 tag"},
{"slixwritepwd", CmdHF15SlixWritePassword, IfPm3Iso15693, "Writes a password on a SLIX ISO-15693 tag"},
{"slixeasdisable", CmdHF15SlixEASDisable, IfPm3Iso15693, "Disable EAS mode on SLIX ISO-15693 tag"},
{"slixeasenable", CmdHF15SlixEASEnable, IfPm3Iso15693, "Enable EAS mode on SLIX ISO-15693 tag"},
{"slixprivacydisable", CmdHF15SlixDisable, IfPm3Iso15693, "Disable privacy mode on SLIX ISO-15693 tag"},
{"slixprivacyenable", CmdHF15SlixEnable, IfPm3Iso15693, "Enable privacy mode on SLIX ISO-15693 tag"},
{"passprotectafi", CmdHF15AFIPassProtect, IfPm3Iso15693, "Password protect AFI - Cannot be undone"},
{"passprotecteas", CmdHF15EASPassProtect, IfPm3Iso15693, "Password protect EAS - Cannot be undone"},
{"wrbl", CmdHF15Write, IfPm3Iso15693, "Write a block"},
{"-----------", CmdHF15Help, IfPm3Iso15693, "----------------------- " _CYAN_("afi") " -----------------------"},
{"findafi", CmdHF15FindAfi, IfPm3Iso15693, "Brute force AFI of an ISO-15693 tag"},

1
client/src/cmdhfmfu.c
View file

@ -1472,6 +1472,7 @@ uint32_t GetHF14AMfU_Type(void) {
else if (memcmp(version, "\x00\x34\x21\x01\x01\x00\x0E", 7) == 0) { tagtype = UL_EV1_128; break; } // Mikron JSC Russia EV1 41 pages tag
else if (memcmp(version, "\x00\x04\x04\x01\x01\x00\x0B", 7) == 0) { tagtype = NTAG_210; break; }
else if (memcmp(version, "\x00\x04\x04\x01\x02\x00\x0B", 7) == 0) { tagtype = NTAG_210u; break; }
else if (memcmp(version, "\x00\x04\x04\x02\x02\x00\x0B", 7) == 0) { tagtype = NTAG_210u; break; }
else if (memcmp(version, "\x00\x04\x04\x01\x01\x00\x0E", 7) == 0) { tagtype = NTAG_212; break; }
else if (memcmp(version, "\x00\x04\x04\x02\x01\x00\x0F", 7) == 0) { tagtype = NTAG_213; break; }
else if (memcmp(version, "\x00\x53\x04\x02\x01\x00\x0F", 7) == 0) { tagtype = NTAG_213; break; } //Shanghai Feiju Microelectronics Co. Ltd. China (Xiaomi Air Purifier filter)

4
client/src/cmdhw.c
View file

@ -1298,6 +1298,10 @@ void pm3_version(bool verbose, bool oneliner) {
PrintAndLogEx(NORMAL, " FPC USART for BT add-on... %s", IfPm3FpcUsartHost() ? _GREEN_("present") : _YELLOW_("absent"));
} else {
PrintAndLogEx(NORMAL, " firmware.................. %s", _YELLOW_("PM3 GENERIC"));
if (IfPm3Flash()) {
PrintAndLogEx(NORMAL, " external flash............ %s", _GREEN_("present"));
}
if (IfPm3FpcUsartHost()) {
PrintAndLogEx(NORMAL, " FPC USART for BT add-on... %s", _GREEN_("present"));
}

2
client/src/cmdparser.c
View file

@ -38,7 +38,7 @@ bool IfPm3Present(void) {
bool IfPm3Rdv4Fw(void) {
if (!IfPm3Present())
return false;
return (g_pm3_capabilities.compiled_with_flash) || (g_pm3_capabilities.compiled_with_smartcard);
return (g_pm3_capabilities.is_rdv4);
}
bool IfPm3Flash(void) {

8
client/src/pm3line_vocabulory.h
View file

@ -177,7 +177,13 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf 15 esave" },
{ 0, "hf 15 eview" },
{ 0, "hf 15 sim" },
{ 0, "hf 15 slixdisable" },
{ 0, "hf 15 slixwritepwd" },
{ 0, "hf 15 slixeasdisable" },
{ 0, "hf 15 slixeasenable" },
{ 0, "hf 15 slixprivacydisable" },
{ 0, "hf 15 slixprivacyenable" },
{ 0, "hf 15 passprotectafi" },
{ 0, "hf 15 passprotecteas" },
{ 0, "hf 15 wrbl" },
{ 0, "hf 15 findafi" },
{ 0, "hf 15 writeafi" },

2
client/src/preferences.c
View file

@ -152,7 +152,7 @@ int preferences_save(void) {
}
uint8_t dummyData = 0x00;
size_t dummyDL = 0x00;
size_t dummyDL = 0x01;
if (saveFileJSON(fn, jsfCustom, &dummyData, dummyDL, &preferences_save_callback) != PM3_SUCCESS)
PrintAndLogEx(ERR, "Error saving preferences to \"%s\"", fn);

2
client/src/proxmark3.c
View file

@ -41,7 +41,7 @@ static int mainret = PM3_ESOFT;
#ifndef LIBPM3
#define BANNERMSG1 ""
#define BANNERMSG2 " [ :snowflake: ]"
#define BANNERMSG2 " [ :coffee: ]"
#define BANNERMSG3 ""
typedef enum LogoMode { UTF8, ANSI, ASCII } LogoMode;

1
common_arm/Makefile.hal
View file

@ -95,6 +95,7 @@ ifeq ($(PLATFORM),PM3RDV4)
PLATFORM_DEFS = -DWITH_SMARTCARD -DWITH_FLASH -DRDV4
PLTNAME = Proxmark3 RDV4
PLATFORM_FPGA = xc2s30
RDV4 = yes
else ifeq ($(PLATFORM),PM3OTHER)
$(warning PLATFORM=PM3OTHER is deprecated, please use PLATFORM=PM3GENERIC)
PLTNAME = Proxmark3 generic target

6
doc/T5577_Guide.md
View file

@ -393,8 +393,8 @@ required, please do not proceed.
| Hex Data | Binary Data |
|:--------:|:---------------------------------------|
| 00088040 | 000000000000100010000000111***0***0000 |
| 00088050 | 000000000000100010000000111***1***0000 |
| 000880E0 | 000000000000100010000000111***0***0000 |
| 000880F0 | 000000000000100010000000111***1***0000 |
See how in the above we changed the bit in location 28 from a 0 to 1
0 = No Password, 1 = Use Password
@ -533,7 +533,7 @@ required, please do not proceed.
[=] Downlink mode..... default/fixed bit length
[=] Password set...... No
```
Yes we can! We can see Block 0 is the correct config 00088040
Yes we can! We can see Block 0 is the correct config 000880E0
# Part 2 Configuration Blocks
^[Top](#top)

109
doc/commands.json
View file

@ -1101,8 +1101,8 @@
"command": "hf 14a chaining",
"description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.",
"notes": [
"hf 14a chaining --off -> disable chaining",
"hf 14a chaining -> show chaining enable/disable state"
"hf 14a chaining -> show chaining enable/disable state",
"hf 14a chaining --off -> disable chaining"
],
"offline": false,
"options": [
@ -1656,6 +1656,34 @@
],
"usage": "hf 15 list [-h1crux] [--frame] [-f <fn>]"
},
"hf 15 passprotectafi": {
"command": "hf 15 passprotectafi",
"description": "This command enables the password protect of AFI. *** OBS! This action can not be undone! ***",
"notes": [
"hf 15 passprotectafi -p 00000000 --force"
],
"offline": false,
"options": [
"-h, --help This help",
"-p, --pwd <hex> EAS/AFI password, 8 hex bytes",
"--force Force execution of command (irreversible)"
],
"usage": "hf 15 passprotectafi [-h] -p <hex> [--force]"
},
"hf 15 passprotecteas": {
"command": "hf 15 passprotecteas",
"description": "This command enables the password protect of EAS. *** OBS! This action can not be undone! ***",
"notes": [
"hf 15 passprotecteas -p 00000000 --force"
],
"offline": false,
"options": [
"-h, --help This help",
"-p, --pwd <hex> EAS/AFI password, 8 hex bytes",
"--force Force execution of command (irreversible)"
],
"usage": "hf 15 passprotecteas [-h] -p <hex> [--force]"
},
"hf 15 raw": {
"command": "hf 15 raw",
"description": "Sends raw bytes over ISO-15693 to card",
@ -1776,8 +1804,34 @@
],
"usage": "hf 15 sim [-h] -u <8b hex> [-b <dec>]"
},
"hf 15 slixdisable": {
"command": "hf 15 slixdisable",
"hf 15 slixeasdisable": {
"command": "hf 15 slixeasdisable",
"description": "Disable EAS mode on SLIX ISO-15693 tag",
"notes": [
"hf 15 slixeasdisable -p 0F0F0F0F"
],
"offline": false,
"options": [
"-h, --help This help",
"-p, --pwd <hex> optional password, 8 hex bytes"
],
"usage": "hf 15 slixeasdisable [-h] [-p <hex>]"
},
"hf 15 slixeasenable": {
"command": "hf 15 slixeasenable",
"description": "Enable EAS mode on SLIX ISO-15693 tag",
"notes": [
"hf 15 slixeasenable -p 0F0F0F0F"
],
"offline": false,
"options": [
"-h, --help This help",
"-p, --pwd <hex> optional password, 8 hex bytes"
],
"usage": "hf 15 slixeasenable [-h] [-p <hex>]"
},
"hf 15 slixprivacydisable": {
"command": "hf 15 slixprivacydisable",
"description": "Disable privacy mode on SLIX ISO-15693 tag",
"notes": [
"hf 15 slixdisable -p 0F0F0F0F"
@ -1787,7 +1841,35 @@
"-h, --help This help",
"-p, --pwd <hex> password, 8 hex bytes"
],
"usage": "hf 15 slixdisable [-h] -p <hex>"
"usage": "hf 15 slixprivacydisable [-h] -p <hex>"
},
"hf 15 slixprivacyenable": {
"command": "hf 15 slixprivacyenable",
"description": "Enable privacy mode on SLIX ISO-15693 tag",
"notes": [
"hf 15 slixenable -p 0F0F0F0F"
],
"offline": false,
"options": [
"-h, --help This help",
"-p, --pwd <hex> password, 8 hex bytes"
],
"usage": "hf 15 slixprivacyenable [-h] -p <hex>"
},
"hf 15 slixwritepwd": {
"command": "hf 15 slixwritepwd",
"description": "Write a password on a SLIX family ISO-15693 tag",
"notes": [
"hf 15 slixwritepwd -t READ -o 00000000 -n 12131415"
],
"offline": false,
"options": [
"-h, --help This help",
"-t, --type <read|write|privacy|destroy|easafi> which password field to write to (some tags do not support all password types)",
"-o, --old <hex> old password (if present), 8 hex bytes",
"-n, --new <hex> new password, 8 hex bytes"
],
"usage": "hf 15 slixwritepwd [-h] -t <read|write|privacy|destroy|easafi> [-o <hex>] -n <hex>"
},
"hf 15 sniff": {
"command": "hf 15 sniff",
@ -1827,19 +1909,16 @@
"description": "Write AFI on card",
"notes": [
"hf 15 writeafi -* --afi 12",
"hf 15 writeafi -u E011223344556677 --afi 12"
"hf 15 writeafi -u E011223344556677 --afi 12 -p 0F0F0F0F"
],
"offline": false,
"options": [
"-h, --help This help",
"-u, --uid <hex> full UID, 8 bytes",
"--ua unaddressed mode",
"-* scan for tag",
"-2 use slower '1 out of 256' mode",
"-o, --opt set OPTION Flag (needed for TI)",
"--afi <dec> AFI number (0-255)"
"--afi <dec> AFI number (0-255)",
"-p, --pwd <hex> optional AFI/EAS password"
],
"usage": "hf 15 writeafi [-h*2o] [-u <hex>] [--ua] --afi <dec>"
"usage": "hf 15 writeafi [-h] [-u <hex>] --afi <dec> [-p <hex>]"
},
"hf 15 writedsfid": {
"command": "hf 15 writedsfid",
@ -11408,7 +11487,7 @@
},
"script help": {
"command": "script help",
"description": "This is a feature to run Lua/Cmd/Python scripts. You can place scripts within the luascripts/cmdscripts/pyscripts folders. --------------------------------------------------------------------------------------- script list available offline: yes",
"description": "This is a feature to run Lua/Cmd scripts. You can place scripts within the luascripts/cmdscripts folders. --------------------------------------------------------------------------------------- script list available offline: yes",
"notes": [],
"offline": true,
"options": [],
@ -11803,8 +11882,8 @@
}
},
"metadata": {
"commands_extracted": 742,
"commands_extracted": 748,
"extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2023-01-27T01:57:37"
"extracted_on": "2023-01-29T17:39:28"
}
}

8
doc/commands.md
View file

@ -236,7 +236,13 @@ Check column "offline" for their availability.
|`hf 15 esave `|N |`Save emulator memory into image file`
|`hf 15 eview `|N |`View emulator memory`
|`hf 15 sim `|N |`Fake an ISO-15693 tag`
|`hf 15 slixdisable `|N |`Disable privacy mode on SLIX ISO-15693 tag`
|`hf 15 slixwritepwd `|N |`Writes a password on a SLIX ISO-15693 tag`
|`hf 15 slixeasdisable `|N |`Disable EAS mode on SLIX ISO-15693 tag`
|`hf 15 slixeasenable `|N |`Enable EAS mode on SLIX ISO-15693 tag`
|`hf 15 slixprivacydisable`|N |`Disable privacy mode on SLIX ISO-15693 tag`
|`hf 15 slixprivacyenable`|N |`Enable privacy mode on SLIX ISO-15693 tag`
|`hf 15 passprotectafi `|N |`Password protect AFI - Cannot be undone`
|`hf 15 passprotecteas `|N |`Password protect EAS - Cannot be undone`
|`hf 15 wrbl `|N |`Write a block`
|`hf 15 findafi `|N |`Brute force AFI of an ISO-15693 tag`
|`hf 15 writeafi `|N |`Writes the AFI on an ISO-15693 tag`

11
include/pm3_cmd.h
View file

@ -205,6 +205,7 @@ typedef struct {
// rdv4
bool hw_available_flash : 1;
bool hw_available_smartcard : 1;
bool is_rdv4 : 1;
} PACKED capabilities_t;
#define CAPABILITIES_VERSION 6
extern capabilities_t g_pm3_capabilities;
@ -520,8 +521,14 @@ typedef struct {
#define CMD_HF_ISO15693_COMMAND 0x0313
#define CMD_HF_ISO15693_FINDAFI 0x0315
#define CMD_HF_ISO15693_CSETUID 0x0316
#define CMD_HF_ISO15693_SLIX_L_DISABLE_PRIVACY 0x0317
#define CMD_HF_ISO15693_SLIX_L_DISABLE_AESAFI 0x0318
#define CMD_HF_ISO15693_SLIX_ENABLE_PRIVACY 0x0867
#define CMD_HF_ISO15693_SLIX_DISABLE_PRIVACY 0x0317
#define CMD_HF_ISO15693_SLIX_DISABLE_EAS 0x0318
#define CMD_HF_ISO15693_SLIX_ENABLE_EAS 0x0862
#define CMD_HF_ISO15693_SLIX_PASS_PROTECT_AFI 0x0863
#define CMD_HF_ISO15693_SLIX_PASS_PROTECT_EAS 0x0864
#define CMD_HF_ISO15693_SLIX_WRITE_PWD 0x0865
#define CMD_HF_ISO15693_WRITE_AFI 0x0866
#define CMD_HF_TEXKOM_SIMULATE 0x0320
#define CMD_HF_ISO15693_EML_CLEAR 0x0330
#define CMD_HF_ISO15693_EML_SETMEM 0x0331

3
tools/build_all_firmwares.sh
View file

@ -22,7 +22,8 @@ echo "Destination: ${DEST:=firmware}"
echo "Produce stats?: ${STATS:=false}"
# Which parts to skip for the 256kb version?
SKIPS256="SKIP_HITAG=1 SKIP_LEGICRF=1 SKIP_FELICA=1 SKIP_EM4x50=1 SKIP_ISO14443b=1"
SKIPS256="SKIP_HITAG=1 SKIP_LEGICRF=1 SKIP_FELICA=1 SKIP_EM4x50=1 SKIP_ISO14443b=1 SKIP_NFCBARCODE=1 SKIP_ZX8211=1"
make $MKFLAGS bootrom || exit 1
chmod 644 bootrom/obj/bootrom.elf