From 6e1bd28aac052e6b8f77964d2c182802fc109d7e Mon Sep 17 00:00:00 2001 From: slurdge Date: Wed, 17 Jul 2019 14:50:59 +0200 Subject: [PATCH 01/12] Fix build for linux And move to xenial --- .travis.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index be68e761a..ee0ed1196 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,22 +1,16 @@ # Travis-CI Build for RfidResearchGroup/Proxmark3 language: c -#default linux build env is: Ubuntu 14.04 trusty +#default linux build env is: xenial compiler: gcc # Test on Linux and MacOS matrix: include: -# - os: osx -# osx_image: xcode7.3 # OS X 10.11 -# - os: osx -# osx_image: xcode8.3 # OS X 10.12 -# - os: osx -# osx_image: xcode9 # OS X 10.13 - os: osx osx_image: xcode9.1 # OS X 10.13.1 - os: linux - dist: trusty + dist: xenial sudo: required before_install: @@ -25,7 +19,7 @@ before_install: ## Note: all dependencies on MacOS should be resolved by the brew install command if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get update -qq; - sudo apt-get install -y gcc-arm-none-eabi; + sudo apt-get install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libnewlib-dev binutils-arm-none-eabi; elif [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update; brew tap RfidResearchGroup/proxmark3; From 7efaeec0549a785f3c7037970b7a2fbd1d119c91 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 17 Jul 2019 19:01:51 +0200 Subject: [PATCH 02/12] Linux install: limit dependencies to the really needed ones --- .../Linux-Installation-Instructions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/md/Installation_Instructions/Linux-Installation-Instructions.md b/doc/md/Installation_Instructions/Linux-Installation-Instructions.md index bb5afb268..fe23db001 100644 --- a/doc/md/Installation_Instructions/Linux-Installation-Instructions.md +++ b/doc/md/Installation_Instructions/Linux-Installation-Instructions.md @@ -25,7 +25,7 @@ Install the requirements ```sh sudo apt-get install p7zip git ca-certificates build-essential libreadline5 libreadline-dev \ -libusb-0.1-4 libusb-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi libstdc++-arm-none-eabi-newlib libqt4-dev +libusb-0.1-4 libusb-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi libnewlib-dev libqt4-dev ``` If you don't need the graphical components of the Proxmark3 client, you can skip the installation of `libqt4-dev`. From 7d836d9f1b76c6054b7fbc4b195bb613048b0d17 Mon Sep 17 00:00:00 2001 From: slurdge Date: Wed, 17 Jul 2019 19:17:20 +0200 Subject: [PATCH 03/12] Less apt libs for compilation --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ee0ed1196..b81af3d97 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,7 @@ before_install: ## Note: all dependencies on MacOS should be resolved by the brew install command if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get update -qq; - sudo apt-get install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libnewlib-dev binutils-arm-none-eabi; + sudo apt-get install -y gcc-arm-none-eabi libnewlib-dev; elif [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update; brew tap RfidResearchGroup/proxmark3; From 259c730bb06f0c45ae8050ea281507c5b390094e Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 17 Jul 2019 20:15:47 +0200 Subject: [PATCH 04/12] exit(EXIT_FAILURE) if a port was specified to the client and no pm3 is usable --- client/proxmark3.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/client/proxmark3.c b/client/proxmark3.c index 480f39fa3..1d3a0e8b5 100644 --- a/client/proxmark3.c +++ b/client/proxmark3.c @@ -503,6 +503,9 @@ int main(int argc, char *argv[]) { CloseProxmark(); } + if ((port != NULL) && (!session.pm3_present)) + exit(EXIT_FAILURE); + if (!session.pm3_present) PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") "mode. Check \"%s -h\" if it's not what you want.\n", exec_name); @@ -531,5 +534,5 @@ int main(int argc, char *argv[]) { CloseProxmark(); } - exit(0); + exit(EXIT_SUCCESS); } From dfdef0bbcc6d5d3888d4851cbd14c2d20ac3cb32 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 17 Jul 2019 20:39:32 +0200 Subject: [PATCH 05/12] Clarify some PLATFORM_EXTRAS usages --- Makefile.platform.sample | 3 +++ doc/uart_notes.md | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile.platform.sample b/Makefile.platform.sample index b0d6cf5fe..9d0e2d965 100644 --- a/Makefile.platform.sample +++ b/Makefile.platform.sample @@ -1,4 +1,7 @@ # If you want to use it, copy this file as Makefile.platform and adjust it to your needs +# Run 'make PLATFORM=' to get an exhaustive list of possible parameters for this file. + PLATFORM=PM3RDV4 +# If you want more than one PLATFORM_EXTRAS option, separate them by spaces: #PLATFORM_EXTRAS=BTADDON #STANDALONE=LF_SAMYRUN diff --git a/doc/uart_notes.md b/doc/uart_notes.md index d074bddc8..88b10a109 100644 --- a/doc/uart_notes.md +++ b/doc/uart_notes.md @@ -27,10 +27,10 @@ Proxmark3 RDV4 has a FPC connector outputting on 2 pins a USART from the ARM: USART support is in `common/usart.c`. There are mainly two ways to use this USART: -* connect the host client to the Proxmark3 via this USART instead of USB-CDC, this is the `FPC_USART_HOST`. The most used way is through the BT add-on (blue shark) that we will cover later. Instead of BT add-on, we can also use e.g. a FTDI cable (mostly for internal development, it's much slower than USB-CDC anyway) or in the future other ways to connect the host such as a USART-to-Wi-Fi bridge. +* connect the host client to the Proxmark3 via this USART instead of USB-CDC, this is the `FPC_USART_HOST` option you can add to `PLATFORM_EXTRAS` in `Makefile.platform`. The most used way is through the BT add-on (blue shark) that we will cover later. Instead of BT add-on, we can also use e.g. a FTDI cable (mostly for internal development, it's much slower than USB-CDC anyway) or in the future other ways to connect the host such as a USART-to-Wi-Fi bridge. * connect "slave" devices to the Proxmark3 to add functionnalities. In such case, the host client will use USB-CDC and the USART will be use to, e.g. connect the Proxmark3 to various daughterboards. These is no such example of daughterboard as of today, except when we're talking to the BT add-on in its AT configuration mode. -This USART can be reached from the host client (if connected via USB-CDC) through the following commands, available in `FPC_USART_DEV` build: +This USART can be reached from the host client (if connected via USB-CDC) through the following commands, available when you add `FPC_USART_DEV` to `PLATFORM_EXTRAS` in `Makefile.platform`: * `usart config`, to configure the baudrate and the parity of the Proxmark3 USART * `usart txrx/tx/rx/txhex/rxhex` to transmit and receive bytes @@ -45,7 +45,7 @@ Internally, the desired baudrate is converted to UART settings: a BRGR and a FP. When the BT add-on is turned on but no actively connected to a host, it's in a configuration mode where it accepts "AT" commands and its blue LED is blinking at about 1Hz. -Some specific commands are available in `BTADDON` build, only to configure specific features of the BT add-on: +Some specific commands are available when you add `BTADDON` to `PLATFORM_EXTRAS` in `Makefile.platform` (it will automatically enable `FPC_USART_HOST` as well), to configure specific features of the BT add-on: * `usart btpin`, to change the BT add-on PIN * `usart btfactory`, to guess the current BT add-on UART settings and to reset its configuration. From 9dc1b1664d6c5e8bb908295141e41e39038f01f9 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 17 Jul 2019 21:11:34 +0200 Subject: [PATCH 06/12] Add external flash layout notes --- README.md | 1 + doc/ext_flash_notes.md | 95 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 doc/ext_flash_notes.md diff --git a/README.md b/README.md index a1e7ad76c..e3be68472 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ Note that it also supports other Proxmark3 platforms as well! |[Issues](#issues)|[Blue shark manual](/doc/bt_manual_v10.md) |[Advanced compilation parameters](/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md)| |[Notes on UART](/doc/uart_notes.md)||| |[Notes on Frame format](/doc/new_frame_format.md)||| +|[Notes on external flash](/doc/ext_flash_notes.md)||| |[Notes on Termux / Android](/doc/termux_notes.md)||| |[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode) || |[Donations](#Donations)||| diff --git a/doc/ext_flash_notes.md b/doc/ext_flash_notes.md new file mode 100644 index 000000000..46059d9ca --- /dev/null +++ b/doc/ext_flash_notes.md @@ -0,0 +1,95 @@ +# External flash + +External 256kbytes flash is a unique feature of the RDV4 edition. + +## Addresses + +Flash memory is + +* 256kb (0x40000= 262144) +* divided into 4 pages of 64kb (0x10000 = 65536) +* 4 pages divided into 16 sectors of 4kb (0x1000 = 4096), so last sector is at 0x3F000 + +Therefore a flash address can be interpreted as such: +``` +0xPSxxx e.g. 0x3FF7F + ^ page ^ page 3 + ^ sector ^ sector 0xF + ^^^ offset ^^^ offset 0xF7F +``` + +## Layout + +Page 0: +* available for user data +* to dump it: `mem dump f page0_dump o 0 l 65536` +* to erase it: `mem wipe p 0` + +Page 1: +* available for user data +* to dump it: `mem dump f page1_dump o 65536 l 65536` +* to erase it: `mem wipe p 1` + +Page 2: +* available for user data +* to dump it: `mem dump f page2_dump o 131072 l 65536` +* to erase it: `mem wipe p 2` + +Page 3: +* used by Proxmark3 RDV4 specific functions: flash signature and keys dictionaries, see below for details +* to dump it: `mem dump f page3_dump o 196608 l 65536` +* to erase it: + * **Beware** it will erase your flash signature (see below) so better to back it up first as you won't be able to regenerate it by yourself! + * It's possible to erase completely page 3 by erase the entire flash memory with the voluntarily undocumented command `mem wipe i`. + * Updating keys dictionaries doesn't require to erase page 3. + +## Page3 Layout + +Page3 is used as follows by the Proxmark3 RDV4 firmware: + +* **MF_KEYS** + * offset: page 3 sector 9 (0x9) @ 3*0x10000+9*0x1000=0x39000 + * length: 2 sectors + +* **ICLASS_KEYS** + * offset: page 3 sector 11 (0xB) @ 3*0x10000+11*0x1000=0x3B000 + * length: 1 sector + +* **T55XX_KEYS** + * offset: page 3 sector 12 (0xC) @ 3*0x10000+12*0x1000=0x3C000 + * length: 1 sector + +* **T55XX_CONFIG** + * offset: page 3 sector 13 (0xD) @ 3*0x10000+13*0x1000=0x3D000 + * length: 1 sector (actually only a few bytes are used to store `t55xx_config` structure) + +* **RSA SIGNATURE**, see below for details + * offset: page 3 sector 15 (0xF) offset 0xF7F @ 3*0x10000+15*0x1000+0xF7F=0x3FF7F + * length: 128 bytes + * offset should have been 0x3FF80 but historically it's one byte off and therefore the last byte of the flash is unused + +## RSA signature + +To ensure your Proxmark3 RDV4 is not a counterfeit product, its external flash contains a RSA signature of the flash unique ID. +You can verify it with: `mem info` + +``` +[usb] pm3 --> mem info + +[=] --- Flash memory Information --------- + +[=] ------------------------------------------------------------- +[=] ID | xx xx xx xx xx xx xx xx +[=] SHA1 | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx +[=] RSA SIGNATURE | +[00] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx +[01] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx +[02] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx +[03] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx +[=] KEY length | 128 +[+] RSA key validation ok +[+] RSA Verification ok +``` + +For a backup of the signature: `mem dump p f flash_signature_dump o 262015 l 128` + From f748c217b6013e2af335d66a03aea2d9fa2981a3 Mon Sep 17 00:00:00 2001 From: Iceman Date: Thu, 18 Jul 2019 15:27:12 +0200 Subject: [PATCH 07/12] Update README.md appveyor RRG/Iceman link. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e3be68472..46dc5f785 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ This repo is based on iceman fork for Proxmark3. It is dedicated to bringing the most out of the new features for Proxmark3 RDV4.0 new hardware and design. Note that it also supports other Proxmark3 platforms as well! -[![Build status](https://ci.appveyor.com/api/projects/status/ct5blik2wa96bv0x/branch/master?svg=true)](https://ci.appveyor.com/project/iceman1001/proxmark3-ji4wj/branch/master) +[![Build status](https://ci.appveyor.com/api/projects/status/uvk6cexs6xxwonn4/branch/master?svg=true)](https://ci.appveyor.com/project/iceman1001/proxmark3-isfoh/branch/master) [![Latest release](https://img.shields.io/github/release/RfidResearchGroup/proxmark3.svg)](https://github.com/RfidResearchGroup/proxmark3/releases/latest) --- From 29f8bfb80c08bc506ca85cf554912b2a1592f3a3 Mon Sep 17 00:00:00 2001 From: Julien Piat Date: Thu, 18 Jul 2019 15:54:21 +0200 Subject: [PATCH 08/12] Update default_keys.dic with new keys from Scan Badge APK --- client/default_keys.dic | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/client/default_keys.dic b/client/default_keys.dic index c8d96bd44..4df09cb1c 100644 --- a/client/default_keys.dic +++ b/client/default_keys.dic @@ -944,5 +944,9 @@ A23456789123 A00003000084 675A32413770 395244733978 +A0004A000036 +2C9F3D45BA13 +4243414F5250 +DFE73BE48AC6 # B069D0D03D17 From 5a5b3db92ee618b435c202b1946723b98f1b5b85 Mon Sep 17 00:00:00 2001 From: Julien Piat Date: Thu, 18 Jul 2019 16:11:03 +0200 Subject: [PATCH 09/12] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c78d813db..89a4d7ec8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Change: new keys for Vigik badges in default_keys.dict (@luminouw) - Add 'hw standalone' to jump to standalone mode from command line or script (@doegox) - Add to 'hf 14a apdu' print apdu and compose apdu (@merlokk) - Change: buggy 'mem read' removed, 'mem save' renamed 'mem dump', can now display too (@doegox) From 1e0433c1d79002cce7e67e54d247673ce3a29403 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Wed, 17 Jul 2019 19:02:01 +0300 Subject: [PATCH 10/12] now code can't use uninitialized fpga link and encoders/decoders --- armsrc/iso14443a.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index b5e612ec9..db20481c8 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -13,6 +13,7 @@ #define MAX_ISO14A_TIMEOUT 524288 static uint32_t iso14a_timeout; +static bool iso14443a_active = false; uint8_t colpos = 0; int rsamples = 0; @@ -1551,6 +1552,9 @@ void PrepareDelayedTransfer(uint16_t delay) { //------------------------------------------------------------------------------------- static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) { + if (!iso14443a_active) + return; + FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD); if (timing) { @@ -1922,6 +1926,9 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start //----------------------------------------------------------------------------- static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset) { uint32_t c = 0; + + if (!iso14443a_active) + return false; // Set FPGA mode to "reader listen mode", no modulation (listen // only, since we are receiving, not transmitting). @@ -2354,6 +2361,14 @@ void iso14443a_setup(uint8_t fpga_minor_mode) { UartReset(); NextTransferTime = 2 * DELAY_ARM2AIR_AS_READER; iso14a_set_timeout(1060); // 106 * 10ms default + + iso14443a_active = true; +} + +void iso14443a_off() { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LED_D_OFF(); + iso14443a_active = false; } /* Peter Fillmore 2015 @@ -2558,7 +2573,7 @@ void ReaderIso14443a(PacketCommandNG *c) { return; OUT: - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + iso14443a_off(); set_tracing(false); LEDsoff(); } @@ -2854,7 +2869,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) { reply_mix(CMD_ACK, isOK, 0, 0, buf, sizeof(buf)); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + iso14443a_off(); LEDsoff(); set_tracing(false); } @@ -3094,7 +3109,7 @@ void DetectNACKbug() { //reply_mix(CMD_ACK, isOK, num_nacks, i, 0, 0); BigBuf_free(); - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + iso14443a_off(); LEDsoff(); set_tracing(false); } From e87abc9681ecae0cac02adc52984bbd92c1511e5 Mon Sep 17 00:00:00 2001 From: merlokk <807634+merlokk@users.noreply.github.com> Date: Thu, 18 Jul 2019 17:32:56 +0300 Subject: [PATCH 11/12] small fix apdu leds --- armsrc/iso14443a.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index db20481c8..11f2ca66b 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -13,6 +13,7 @@ #define MAX_ISO14A_TIMEOUT 524288 static uint32_t iso14a_timeout; +// if iso14443a not active - transmit/receive dont try to execute static bool iso14443a_active = false; uint8_t colpos = 0; @@ -2367,7 +2368,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) { void iso14443a_off() { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LED_D_OFF(); + LEDsoff(); iso14443a_active = false; } @@ -2575,7 +2576,6 @@ void ReaderIso14443a(PacketCommandNG *c) { OUT: iso14443a_off(); set_tracing(false); - LEDsoff(); } // Determine the distance between two nonces. @@ -2870,7 +2870,6 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) { reply_mix(CMD_ACK, isOK, 0, 0, buf, sizeof(buf)); iso14443a_off(); - LEDsoff(); set_tracing(false); } @@ -3110,6 +3109,5 @@ void DetectNACKbug() { //reply_mix(CMD_ACK, isOK, num_nacks, i, 0, 0); BigBuf_free(); iso14443a_off(); - LEDsoff(); set_tracing(false); } From 9cd80406e210830d04e4fb3f7f24e7c32f2c01e9 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 18 Jul 2019 16:39:48 +0200 Subject: [PATCH 12/12] Add Travis badge --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 46dc5f785..331edb337 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,9 @@ This repo is based on iceman fork for Proxmark3. It is dedicated to bringing the most out of the new features for Proxmark3 RDV4.0 new hardware and design. Note that it also supports other Proxmark3 platforms as well! -[![Build status](https://ci.appveyor.com/api/projects/status/uvk6cexs6xxwonn4/branch/master?svg=true)](https://ci.appveyor.com/project/iceman1001/proxmark3-isfoh/branch/master) -[![Latest release](https://img.shields.io/github/release/RfidResearchGroup/proxmark3.svg)](https://github.com/RfidResearchGroup/proxmark3/releases/latest) +| Releases | Linux & OSX CI | Windows CI | +| ------------------- |:-------------------:| -------------------:| +| [![Latest release](https://img.shields.io/github/release/RfidResearchGroup/proxmark3.svg)](https://github.com/RfidResearchGroup/proxmark3/releases/latest) | [![Build status](https://travis-ci.org/RfidResearchGroup/proxmark3.svg?branch=master)](https://travis-ci.org/RfidResearchGroup/proxmark3) | [![Build status](https://ci.appveyor.com/api/projects/status/uvk6cexs6xxwonn4/branch/master?svg=true)](https://ci.appveyor.com/project/iceman1001/proxmark3-isfoh/branch/master) | ---