github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 22:03:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'RfidResearchGroup:master' into pm3generic-flash

Browse source
This commit is contained in:
Alejandro 2023-01-27 15:02:19 +01:00 committed by GitHub
commit 63e54e94a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 225 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Added new magic gen4 cards command in docs (@McEloff)
- Added `hf tesla info` - intital information command to read TESLA cards (@iceman1001) - Added `hf tesla info` - intital information command to read TESLA cards (@iceman1001)
- Changed `hf emrtd info` - looking for lower case .bin extensions (@iceman1001) - Changed `hf emrtd info` - looking for lower case .bin extensions (@iceman1001)
- Changed `hf emrtd dump` - looking for lower case .bin extensions (@iceman1001) - Changed `hf emrtd dump` - looking for lower case .bin extensions (@iceman1001)

8
armsrc/Standalone/lf_prox2brute.c
View file

@ -57,7 +57,7 @@ void RunMod(void) {
WDT_HIT(); WDT_HIT();
// exit from SamyRun, send a usbcommand. // exit from SamyRun, send a usbcommand.
if (data_available()) { // early exit if (data_available()) { // early exit
DbpString("[=] You can take the shell back :) ..."); DbpString("[=] You can take the shell back :) ...");
LEDsoff(); LEDsoff();
return; return;
} }
@ -92,11 +92,11 @@ void RunMod(void) {
// switch leds to be able to know (aproximatly) which card number worked (64 tries loop) // switch leds to be able to know (aproximatly) which card number worked (64 tries loop)
LED_A_INV(); // switch led A every try LED_A_INV(); // switch led A every try
if ((cardnum-CARDNUM_START) % 8 == 7) // switch led B every 8 tries if ((cardnum - CARDNUM_START) % 8 == 7) // switch led B every 8 tries
LED_B_INV(); LED_B_INV();
if ((cardnum-CARDNUM_START) % 16 == 15) // switch led C every 16 tries if ((cardnum - CARDNUM_START) % 16 == 15) // switch led C every 16 tries
LED_C_INV(); LED_C_INV();
if ((cardnum-CARDNUM_START) % 32 == 31) // switch led D every 32 tries if ((cardnum - CARDNUM_START) % 32 == 31) // switch led D every 32 tries
LED_D_INV(); LED_D_INV();
} }

11
armsrc/iso14443a.c
View file

@ -1229,6 +1229,17 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r
AddCrc14A(rPPS, sizeof(rPPS) - 2); AddCrc14A(rPPS, sizeof(rPPS) - 2);
if (tagType == 7) {
uint8_t pwd[4];
uint8_t gen_pwd[4];
uint16_t start = (*pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH;
emlGetMemBt(pwd, start, sizeof(pwd));
Uint4byteToMemBe(gen_pwd, ul_ev1_pwdgenB(data));
if (memcmp(pwd, gen_pwd, sizeof(pwd)) == 0) {
rPACK[0] = 0x80;
rPACK[1] = 0x80;
}
}
AddCrc14A(rPACK, sizeof(rPACK) - 2); AddCrc14A(rPACK, sizeof(rPACK) - 2);
static tag_response_info_t responses_init[] = { static tag_response_info_t responses_init[] = {

10
client/luascripts/hf_mfu_amiibo_sim.lua
View file

@ -139,14 +139,10 @@ local function main(args)
-- force lock bytes, otherwise the Amiibo won't be recognized -- force lock bytes, otherwise the Amiibo won't be recognized
blocks[16] = blocks[16]:sub(1, 4)..'0FE0' blocks[16] = blocks[16]:sub(1, 4)..'0FE0'
-- add PWD and PACK if necessary -- add PWD and PACK
local uid = blocks[14]:sub(1, 6)..blocks[15]:sub(1, 8) local uid = blocks[14]:sub(1, 6)..blocks[15]:sub(1, 8)
if blocks[147] == nil or blocks[147] == '00000000' then blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55))
blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55)) blocks[148] = "80800000"
end
if blocks[148] == nil or blocks[148] == '00000000' then
blocks[148] = "80800000"
end
err = LoadEmulator(uid, blocks) err = LoadEmulator(uid, blocks)
if err then return oops(err) end if err then return oops(err) end

2
client/src/cmddata.c
View file

@ -1230,7 +1230,7 @@ int FSKrawDemod(uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow, bo
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, _YELLOW_("%s") " decoded bitstream", GetFSKType(fchigh, fclow, invert)); PrintAndLogEx(SUCCESS, _YELLOW_("%s") " decoded bitstream", GetFSKType(fchigh, fclow, invert));
PrintAndLogEx(INFO, "-----------------------"); PrintAndLogEx(INFO, "-----------------------");
printDemodBuff(0, false, invert, false); printDemodBuff(0, false, false, false);
} }
goto out; goto out;
} else { } else {

85
client/src/cmdhf15.c
View file

@ -652,9 +652,8 @@ static int CmdHF15Samples(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int NxpTestEAS(uint8_t *uid) static int NxpTestEAS(uint8_t *uid) {
{ uint8_t fast = 1;
uint8_t fast = 1;
uint8_t reply = 1; uint8_t reply = 1;
PacketResponseNG resp; PacketResponseNG resp;
uint16_t reqlen = 0; uint16_t reqlen = 0;
@ -681,7 +680,7 @@ static int NxpTestEAS(uint8_t *uid)
if (resp.length < 2) { if (resp.length < 2) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active"); PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active");
} else { } else {
uint8_t * recv = resp.data.asBytes; uint8_t *recv = resp.data.asBytes;
if (!(recv[0] & ISO15_RES_ERROR)) { if (!(recv[0] & ISO15_RES_ERROR)) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active."); PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active.");
@ -694,51 +693,51 @@ static int NxpTestEAS(uint8_t *uid)
} }
static int NxpCheckSig(uint8_t *uid) { static int NxpCheckSig(uint8_t *uid) {
uint8_t fast = 1; uint8_t fast = 1;
uint8_t reply = 1; uint8_t reply = 1;
PacketResponseNG resp; PacketResponseNG resp;
uint16_t reqlen = 0; uint16_t reqlen = 0;
uint8_t req[PM3_CMD_DATA_SIZE] = {0}; uint8_t req[PM3_CMD_DATA_SIZE] = {0};
// Check if we can also read the signature // Check if we can also read the signature
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS; req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_READ_SIGNATURE; req[reqlen++] = ISO15693_READ_SIGNATURE;
req[reqlen++] = 0x04; // IC manufacturer code req[reqlen++] = 0x04; // IC manufacturer code
memcpy(req + 3, uid, 8); // add UID memcpy(req + 3, uid, 8); // add UID
reqlen += 8; reqlen += 8;
AddCrc15(req, reqlen); AddCrc15(req, reqlen);
reqlen += 2; reqlen += 2;
clearCommandBuffer(); clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen); SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) { if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "iso15693 timeout"); PrintAndLogEx(WARNING, "iso15693 timeout");
DropField(); DropField();
return PM3_ETIMEOUT; return PM3_ETIMEOUT;
} }
DropField(); DropField();
if (resp.length < 2) { if (resp.length < 2) {
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command"); PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
return PM3_EWRONGANSWER; return PM3_EWRONGANSWER;
} }
uint8_t *recv = resp.data.asBytes; uint8_t *recv = resp.data.asBytes;
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) { if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0])); PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
return PM3_EWRONGANSWER; return PM3_EWRONGANSWER;
} }
uint8_t signature[32] = {0x00}; uint8_t signature[32] = {0x00};
memcpy(signature, recv + 1, 32); memcpy(signature, recv + 1, 32);
nxp_15693_print_signature(uid, signature); nxp_15693_print_signature(uid, signature);
return PM3_SUCCESS; return PM3_SUCCESS;
} }
// Get NXP system information from SLIX2 tag/VICC // Get NXP system information from SLIX2 tag/VICC
@ -822,11 +821,11 @@ static int NxpSysInfo(uint8_t *uid) {
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not")); PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not"));
if (support_easmode) { if (support_easmode) {
NxpTestEAS(uid); NxpTestEAS(uid);
} }
if (support_signature) { if (support_signature) {
NxpCheckSig(uid); NxpCheckSig(uid);
} }
return PM3_SUCCESS; return PM3_SUCCESS;
@ -968,16 +967,12 @@ static int CmdHF15Info(const char *Cmd) {
if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) { if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) {
PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info"); PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info");
return NxpSysInfo(uid); return NxpSysInfo(uid);
} } else if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) { //If it is an NTAG 5
else if(data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) //If it is an NTAG 5 PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
{
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
return NxpSysInfo(uid); return NxpSysInfo(uid);
} } else if (data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) { //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
else if(data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
{ return NxpTestEAS(uid);
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
return NxpTestEAS(uid);
} }
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");

2
client/src/cmdhflist.c
View file

@ -318,7 +318,7 @@ int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool i
snprintf(exp, size, "AUTH-B(%d)", cmd[1]); snprintf(exp, size, "AUTH-B(%d)", cmd[1]);
break; break;
} }
case MIFARE_MAGIC_GDM_AUTH_KEYA:{ case MIFARE_MAGIC_GDM_AUTH_KEYA: {
if (cmdsize > 3) { if (cmdsize > 3) {
snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]); snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]);
MifareAuthState = masNt; MifareAuthState = masNt;

4
client/src/cmdhftesla.c
View file

@ -198,12 +198,12 @@ static int info_hf_tesla(void) {
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "PUBLIC KEY"); PrintAndLogEx(INFO, "PUBLIC KEY");
for (int i=0; i < 3; i++) { for (int i = 0; i < 3; i++) {
PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65)); PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65));
} }
if (form_factor[1] == 1) { if (form_factor[1] == 1) {
PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor))); PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
} else if (form_factor[1] == 2){ } else if (form_factor[1] == 2) {
PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor))); PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
} }

9
client/src/pm3line_vocabulory.h
View file

@ -438,6 +438,12 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf st25ta protect" }, { 0, "hf st25ta protect" },
{ 0, "hf st25ta pwd" }, { 0, "hf st25ta pwd" },
{ 0, "hf st25ta sim" }, { 0, "hf st25ta sim" },
{ 1, "hf tesla help" },
{ 0, "hf tesla info" },
{ 1, "hf tesla list" },
{ 1, "hf texkom help" },
{ 0, "hf texkom reader" },
{ 0, "hf texkom sim" },
{ 1, "hf thinfilm help" }, { 1, "hf thinfilm help" },
{ 0, "hf thinfilm info" }, { 0, "hf thinfilm info" },
{ 1, "hf thinfilm list" }, { 1, "hf thinfilm list" },
@ -453,9 +459,6 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf topaz rdbl" }, { 0, "hf topaz rdbl" },
{ 1, "hf topaz view" }, { 1, "hf topaz view" },
{ 0, "hf topaz wrbl" }, { 0, "hf topaz wrbl" },
{ 1, "hf texkom help" },
{ 0, "hf texkom reader" },
{ 0, "hf texkom sim" },
{ 1, "hf xerox help" }, { 1, "hf xerox help" },
{ 0, "hf xerox info" }, { 0, "hf xerox info" },
{ 0, "hf xerox reader" }, { 0, "hf xerox reader" },

8
client/src/util.c
View file

@ -266,7 +266,7 @@ void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) {
uint8_t mod = len % breaks; uint8_t mod = len % breaks;
if (mod) { if (mod) {
char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true); hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true);
// add the spaces... // add the spaces...
@ -291,7 +291,7 @@ void print_hex_noascii_break(const uint8_t *data, const size_t len, uint8_t brea
uint8_t mod = len % breaks; uint8_t mod = len % breaks;
if (mod) { if (mod) {
char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 0, true); hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 0, true);
// add the spaces... // add the spaces...
@ -307,7 +307,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui
if ((data == NULL) || (len < 1)) if ((data == NULL) || (len < 1))
return; return;
char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
int i; int i;
for (i = 0; i < len; i += breaks) { for (i = 0; i < len; i += breaks) {
@ -614,7 +614,7 @@ void bytes_to_bytebits(const void *src, const size_t srclen, void *dest) {
// hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii // hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii
// up to 64 bytes or 512 bits // up to 64 bytes or 512 bits
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize) { uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize) {
static uint8_t buf[64]; static uint8_t buf[64] = {0};
memset(buf, 0x00, 64); memset(buf, 0x00, 64);
uint8_t *tmp = buf; uint8_t *tmp = buf;
for (uint8_t block = 0; block < (uint8_t)(len / blockSize); block++) { for (uint8_t block = 0; block < (uint8_t)(len / blockSize); block++) {

55
doc/commands.json
View file

@ -1101,14 +1101,16 @@
"command": "hf 14a chaining", "command": "hf 14a chaining",
"description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.", "description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.",
"notes": [ "notes": [
"hf 14a chaining disable -> disable chaining", "hf 14a chaining --off -> disable chaining",
"hf 14a chaining -> show chaining enable/disable state" "hf 14a chaining -> show chaining enable/disable state"
], ],
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help" "-h, --help This help",
"-1, --on enabled chaining",
"-0, --off disable chaining"
], ],
"usage": "hf 14a chaining [-h] [<enable/disable or 0/1>]" "usage": "hf 14a chaining [-h10]"
}, },
"hf 14a config": { "hf 14a config": {
"command": "hf 14a config", "command": "hf 14a config",
@ -2881,7 +2883,7 @@
}, },
"hf help": { "hf help": {
"command": "hf help", "command": "hf help",
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } texkom { Texkom RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags", "description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } tesla { TESLA Cards... } texkom { Texkom RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
"notes": [], "notes": [],
"offline": true, "offline": true,
"options": [], "options": [],
@ -6684,6 +6686,47 @@
], ],
"usage": "hf st25ta sim [-h] -u <hex>" "usage": "hf st25ta sim [-h] -u <hex>"
}, },
"hf tesla help": {
"command": "hf tesla help",
"description": "help This help list List ISO 14443A/7816 history",
"notes": [],
"offline": true,
"options": [],
"usage": ""
},
"hf tesla info": {
"command": "hf tesla info",
"description": "Get info about TESLA Key tag",
"notes": [
"hf tesla info"
],
"offline": false,
"options": [
"-h, --help This help"
],
"usage": "hf telsa info [-h]"
},
"hf tesla list": {
"command": "hf tesla list",
"description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol",
"notes": [
"hf tesla list --frame -> show frame delay times",
"hf tesla list -1 -> use trace buffer"
],
"offline": true,
"options": [
"-h, --help This help",
"-1, --buffer use data from trace buffer",
"--frame show frame delay times",
"-c mark CRC bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into Wireshark using encapsulation type \"ISO 14443\"",
"-f, --file <fn> filename of dictionary"
],
"usage": "hf tesla list [-h1crux] [--frame] [-f <fn>]"
},
"hf texkom help": { "hf texkom help": {
"command": "hf texkom help", "command": "hf texkom help",
"description": "help This help", "description": "help This help",
@ -11760,8 +11803,8 @@
} }
}, },
"metadata": { "metadata": {
"commands_extracted": 739, "commands_extracted": 742,
"extracted_by": "PM3Help2JSON v1.00", "extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2023-01-15T01:24:39" "extracted_on": "2023-01-27T01:57:37"
} }
} }

33
doc/commands.md
View file

@ -651,6 +651,28 @@ Check column "offline" for their availability.
|`hf st25ta sim `|N |`Fake ISO 14443A/ST tag` |`hf st25ta sim `|N |`Fake ISO 14443A/ST tag`
### hf tesla
{ TESLA Cards... }
|command |offline |description
|------- |------- |-----------
|`hf tesla help `|Y |`This help`
|`hf tesla info `|N |`Tag information`
|`hf tesla list `|Y |`List ISO 14443A/7816 history`
### hf texkom
{ Texkom RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf texkom help `|Y |`This help`
|`hf texkom reader `|N |`Act like a Texkom reader`
|`hf texkom sim `|N |`Simulate a Texkom tag`
### hf thinfilm ### hf thinfilm
{ Thinfilm RFIDs... } { Thinfilm RFIDs... }
@ -682,17 +704,6 @@ Check column "offline" for their availability.
|`hf topaz wrbl `|N |`Write block` |`hf topaz wrbl `|N |`Write block`
### hf texkom
{ Texkom RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf texkom help `|Y |`This help`
|`hf texkom reader `|N |`Act like a Texkom reader`
|`hf texkom sim `|N |`Simulate a Texkom tag`
### hf xerox ### hf xerox
{ Fuji/Xerox cartridge RFIDs... } { Fuji/Xerox cartridge RFIDs... }

35
doc/magic_cards_notes.md
View file

@ -1086,10 +1086,12 @@ CF <passwd> 35 <2b ATQA><1b SAK> // Configure ATQA/SAK (swap ATQ
CF <passwd> 68 <00-02> // Configure UID length CF <passwd> 68 <00-02> // Configure UID length
CF <passwd> 69 <00-01> // (De)Activate Ultralight mode CF <passwd> 69 <00-01> // (De)Activate Ultralight mode
CF <passwd> 6A <00-03> // Select Ultralight mode CF <passwd> 6A <00-03> // Select Ultralight mode
CF <passwd> 6B <1b> // Set Ultralight and M1 maximum read/write sectors
CF <passwd> C6 // Dump configuration CF <passwd> C6 // Dump configuration
CF <passwd> CC // Factory test, returns 6666 CF <passwd> CC // Factory test, returns 6666
CF <passwd> CD <1b block number><16b block data> // Backdoor write 16b block CF <passwd> CD <1b block number><16b block data> // Backdoor write 16b block
CF <passwd> CE <1b block number> // Backdoor read 16b block CF <passwd> CE <1b block number> // Backdoor read 16b block
CF <passwd> CF <1b param> // Unknown
CF <passwd> F0 <30b configuration data> // Configure all params in one cmd CF <passwd> F0 <30b configuration data> // Configure all params in one cmd
CF <passwd> F1 <30b configuration data> // Configure all params in one cmd and fuse the configuration permanently CF <passwd> F1 <30b configuration data> // Configure all params in one cmd and fuse the configuration permanently
CF <passwd> FE <4b new_password> // change password CF <passwd> FE <4b new_password> // change password
@ -1304,6 +1306,19 @@ script run hf_mf_ultimatecard -m 02
``` ```
Now the card supports the 3DES UL-C authentication. Now the card supports the 3DES UL-C authentication.
### Set Ultralight and M1 maximum read/write sectors
^[Top](#top) ^^[Gen4](#g4top)
```
hf 14a raw -s -c -t 1000 CF<passwd>6B<1b blocks>
```
Hexadecimal, maximum sector data, default 0xFF, range 0x00-0xFF
Example: set maximum 63 blocks read/write for Mifare Classic 1K
```
hf 14a raw -s -c -t 1000 CF000000006B3F
```
### Set shadow mode (GTU) ### Set shadow mode (GTU)
^[Top](#top) ^^[Gen4](#g4top) ^[Top](#top) ^^[Gen4](#g4top)
@ -1365,6 +1380,20 @@ Example: write block0 with factory data, default pwd
hf 14a raw -s -c -t 1000 CF00000000CD00112233441C000011778185BA18000000 hf 14a raw -s -c -t 1000 CF00000000CD00112233441C000011778185BA18000000
``` ```
### Unknown command
^[Top](#top) ^^[Gen4](#g4top)
This command modifies one byte in configuration dump, but purpose one is unknown.
```
hf 14a raw -s -c -t 1000 CF<passwd>CF<1b param>
```
* `<param>`
* `??`: ???
Example:
hf 14a raw -s -c -t 1000 CF00000000CF02
### Change backdoor password ### Change backdoor password
^[Top](#top) ^^[Gen4](#g4top) ^[Top](#top) ^^[Gen4](#g4top)
@ -1391,8 +1420,10 @@ hf 14a raw -s -c -t 1000 CF<passwd>C6
``` ```
Default configuration: Default configuration:
``` ```
00000000000002000978009102DABC191010111213141516040008004F6B 00000000000002000978009102DABC191010111213141516040008006B024F6B
^^^^ ?? ^^^^ ??
^^ cf cmd cf: ?? this byte set by cmd cf<pwd>cf<param>, factory value 0x02
^^ cf cmd 6b: maximum read/write sectors, factory value 0x6b
^^ cf cmd 6a: UL mode ^^ cf cmd 6a: UL mode
^^^^^^ cf cmd 35: ATQA/SAK ^^^^^^ cf cmd 35: ATQA/SAK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cf cmd 34: ATS length & content ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cf cmd 34: ATS length & content

43
include/ansi.h
View file

@ -21,18 +21,45 @@
#define AEND "\x1b[0m" #define AEND "\x1b[0m"
#define _BLUE_(s) "\x1b[34m" s AEND #define _BLACK_(s) "\x1b[30m" s AEND
#define _RED_(s) "\x1b[31m" s AEND #define _RED_(s) "\x1b[31m" s AEND
#define _GREEN_(s) "\x1b[32m" s AEND #define _GREEN_(s) "\x1b[32m" s AEND
#define _YELLOW_(s) "\x1b[33m" s AEND #define _YELLOW_(s) "\x1b[33m" s AEND
#define _MAGENTA_(s) "\x1b[35m" s AEND #define _BLUE_(s) "\x1b[34m" s AEND
#define _CYAN_(s) "\x1b[36m" s AEND #define _MAGENTA_(s) "\x1b[35m" s AEND
#define _WHITE_(s) "\x1b[37m" s AEND #define _CYAN_(s) "\x1b[36m" s AEND
#define _WHITE_(s) "\x1b[37m" s AEND
#define _BRIGHT_BLACK_(s) "\x1b[30;1m" s AEND
#define _BRIGHT_RED_(s) "\x1b[31;1m" s AEND
#define _BRIGHT_GREEN_(s) "\x1b[32;1m" s AEND
#define _BRIGHT_YELLOW_(s) "\x1b[33;1m" s AEND
#define _BRIGHT_BLUE_(s) "\x1b[34;1m" s AEND
#define _BRIGHT_MAGENTA_(s) "\x1b[35;1m" s AEND
#define _BRIGHT_CYAN_(s) "\x1b[36;1m" s AEND
#define _BRIGHT_WHITE_(s) "\x1b[37;1m" s AEND
#define _BACK_BLACK_(s) "\x1b[40m" s AEND
#define _BACK_RED_(s) "\x1b[41m" s AEND
#define _BACK_GREEN_(s) "\x1b[42m" s AEND
#define _BACK_YELLOW_(s) "\x1b[43m" s AEND
#define _BACK_BLUE_(s) "\x1b[44m" s AEND
#define _BACK_MAGENTA_(s) "\x1b[45m" s AEND
#define _BACK_CYAN_(s) "\x1b[46m" s AEND
#define _BACK_WHITE_(s) "\x1b[47m" s AEND
#define _BACK_BRIGHT_BLACK_(s) "\x1b[40;1m" s AEND
#define _BACK_BRIGHT_RED_(s) "\x1b[41;1m" s AEND
#define _BACK_BRIGHT_GREEN_(s) "\x1b[42;1m" s AEND
#define _BACK_BRIGHT_YELLOW_(s) "\x1b[43;1m" s AEND
#define _BACK_BRIGHT_BLUE_(s) "\x1b[44;1m" s AEND
#define _BACK_BRIGHT_MAGENTA_(s) "\x1b[45;1m" s AEND
#define _BACK_BRIGHT_CYAN_(s) "\x1b[46;1m" s AEND
#define _BACK_BRIGHT_WHITE_(s) "\x1b[47;1m" s AEND
#define _CLEAR_ "\x1b[2J" #define _CLEAR_ "\x1b[2J"
#define _TOP_ "\x1b[1;1f" #define _TOP_ "\x1b[1;1f"
#if defined(HAVE_READLINE) #if defined(HAVE_READLINE)
// https://wiki.hackzine.org/development/misc/readline-color-prompt.html // https://wiki.hackzine.org/development/misc/readline-color-prompt.html
// Applications may indicate that the prompt contains // Applications may indicate that the prompt contains