github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1221 from craftbyte/function/desfire-standalone

Browse source 
Added "UID Stealer" standalone mode
This commit is contained in:
Iceman 2021-03-15 00:59:56 +01:00 committed by GitHub
commit 636c5b81e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 121 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Added HF_CRAFTBYTE standalone mode that reads and emulates 14a UID (@craftbyte)
- Added a script to dump originality signatures from MFU EV1s and NTAGs (@aveao) - Added a script to dump originality signatures from MFU EV1s and NTAGs (@aveao)
- Added parsing of EF_CardAccess to display PACE algorithm, version and parameter in `hf emrtd info` (@aveao) - Added parsing of EF_CardAccess to display PACE algorithm, version and parameter in `hf emrtd info` (@aveao)
- Change, numerous commands more uses cliparser (@tcprst, @iceman1001) - Change, numerous commands more uses cliparser (@tcprst, @iceman1001)

5
armsrc/Standalone/Makefile.hal
View file

@ -50,6 +50,9 @@ define KNOWN_STANDALONE_DEFINITIONS
| HF_COLIN | Mifare ultra fast sniff/sim/clone | | HF_COLIN | Mifare ultra fast sniff/sim/clone |
| (RDV4 only) | - Colin Brigato | | (RDV4 only) | - Colin Brigato |
+----------------------------------------------------------+ +----------------------------------------------------------+
| HF_CRAFTBYTE | UID stealer - Emulates scanned 14a UID |
| | - Anze Jensterle |
+----------------------------------------------------------+
| HF_ICECLASS | Simulate HID iCLASS legacy ags | | HF_ICECLASS | Simulate HID iCLASS legacy ags |
| (RDV4 only) | storing in flashmem | | (RDV4 only) | storing in flashmem |
+----------------------------------------------------------+ +----------------------------------------------------------+
@ -71,7 +74,7 @@ define KNOWN_STANDALONE_DEFINITIONS
endef endef
STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE
STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MSDSAL HF_TCPRST HF_YOUNG STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MSDSAL HF_TCPRST HF_YOUNG
STANDALONE_MODES_REQ_SMARTCARD := STANDALONE_MODES_REQ_SMARTCARD :=
STANDALONE_MODES_REQ_FLASH := LF_ICEHID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS STANDALONE_MODES_REQ_FLASH := LF_ICEHID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS
ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),) ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),)

4
armsrc/Standalone/Makefile.inc
View file

@ -77,3 +77,7 @@ endif
ifneq (,$(findstring WITH_STANDALONE_LF_THAREXDE,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_LF_THAREXDE,$(APP_CFLAGS)))
SRC_STANDALONE = lf_tharexde.c SRC_STANDALONE = lf_tharexde.c
endif endif
# WITH_STANDALONE_HF_CRAFTBYTE
ifneq (,$(findstring WITH_STANDALONE_HF_CRAFTBYTE,$(APP_CFLAGS)))
SRC_STANDALONE = hf_craftbyte.c
endif

111
armsrc/Standalone/hf_craftbyte.c Normal file
View file

@ -0,0 +1,111 @@
//-----------------------------------------------------------------------------
// Copyright 2020 Anze Jensterle <dev@anze.dev>
//
// This code is licensed to you under the terms of the GNU GPL, version 2 or,
// at your option, any later version. See the LICENSE.txt file for the text of
// the license.
//-----------------------------------------------------------------------------
// main code for standalone HF/iso14a emulator
//-----------------------------------------------------------------------------
/*
* `hf_basicbreak` scans a card
*/
#include "standalone.h"
#include "proxmark3_arm.h"
#include "appmain.h"
#include "fpgaloader.h"
#include "util.h"
#include "dbprint.h"
#include "ticks.h"
#include "string.h"
#include "BigBuf.h"
#include "iso14443a.h"
#include "protocols.h"
#include "cmd.h"
#define STATE_READ 0
#define STATE_EMUL 1
typedef struct {
uint8_t uid[10];
uint8_t uidlen;
uint8_t atqa[2];
uint8_t sak;
} PACKED card_clone_t;
void ModInfo(void) {
DbpString("hf_craftbyte: standalone UID Stealer - Scans and emulates 14a UID");
}
void RunMod(void) {
StandAloneMode();
Dbprintf("HF UID emulator started");
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
// the main loop for your standalone mode
for (;;) {
WDT_HIT();
// exit from RunMod, send a usbcommand.
if (data_available()) break;
iso14a_card_select_t card;
card_clone_t clone;
SpinDelay(500);
// 0 = search, 1 = read, 2 = emul
int state = STATE_READ;
DbpString("Scanning...");
int button_pressed = BUTTON_NO_CLICK;
for (;;) {
// Was our button held down or pressed?
button_pressed = BUTTON_HELD(1000);
if (button_pressed != BUTTON_NO_CLICK || data_available())
break;
else if (state == STATE_READ) {
iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
if (!iso14443a_select_card(NULL, &card, NULL, true, 0, true)) {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
SpinDelay(500);
continue;
} else {
Dbprintf("Found card with SAQ: %02X, ATQA: %02X %02X, UID: ", card.sak, card.atqa[0], card.atqa[1]);
Dbhexdump(card.uidlen, card.uid, 0);
clone.uidlen = card.uidlen;
clone.sak = card.sak;
clone.atqa[0] = card.atqa[0];
clone.atqa[1] = card.atqa[1];
memcpy(clone.uid, card.uid, card.uidlen);
state = STATE_EMUL;
}
} else if (state == STATE_EMUL) {
uint8_t flags;
if (clone.uidlen == 4) flags |= FLAG_4B_UID_IN_DATA;
else if (clone.uidlen == 7) flags |= FLAG_7B_UID_IN_DATA;
else if (clone.uidlen == 10) flags |= FLAG_10B_UID_IN_DATA;
else {
Dbprintf("Unusual UID length, something is wrong. Try again please.");
state = STATE_READ;
continue;
}
Dbprintf("Starting simulation, press pm3-button to stop and go back to search state.");
SimulateIso14443aTag(3, flags, card.uid, 0);
// Go back to search state if user presses pm3-button
state = STATE_READ;
}
}
if (button_pressed == BUTTON_HOLD) //Holding down the button
break;
}
DbpString("exiting");
LEDsoff();
}

1
doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
View file

@ -90,6 +90,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
| HF_14ASNIFF | 14a sniff storing to flashmem - Micolous | HF_14ASNIFF | 14a sniff storing to flashmem - Micolous
| HF_AVEFUL | MIFARE Ultralight read/simulation - Ave Ozkal | HF_AVEFUL | MIFARE Ultralight read/simulation - Ave Ozkal
| HF_BOG | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito | HF_BOG | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito
| HF_CRAFTBYTE | UID stealer - Emulates scanned 14a UID - Anze Jensterle
| HF_COLIN | Mifare ultra fast sniff/sim/clone - Colin Brigato | HF_COLIN | Mifare ultra fast sniff/sim/clone - Colin Brigato
| HF_ICECLASS | iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem - Iceman1001 | HF_ICECLASS | iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem - Iceman1001
| HF_LEGIC | HF Legic Prime standalone - uhei | HF_LEGIC | HF Legic Prime standalone - uhei