Merge branch 'master' of github.com:merlokk/proxmark3i into apdu_armside

2025-08-19 21:03:48 -07:00 · 2019-07-18 17:44:50 +03:00 · 2019-07-18 17:44:50 +03:00 · 6e15d6521d
commit 6e15d6521d
parent 87e183e664 757cbe2699
10 changed files with 137 additions and 22 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,22 +1,16 @@
 # Travis-CI Build for RfidResearchGroup/Proxmark3
 language: c

-#default linux build env is: Ubuntu 14.04 trusty
+#default linux build env is: xenial
 compiler: gcc

 # Test on Linux and MacOS
 matrix:
  include:
-#    - os: osx
-#      osx_image: xcode7.3	# OS X 10.11
-#    - os: osx
-#      osx_image: xcode8.3   # OS X 10.12
-#    - os: osx
-#      osx_image: xcode9     # OS X 10.13
    - os: osx
      osx_image: xcode9.1   # OS X 10.13.1
    - os: linux
-      dist: trusty
+      dist: xenial
      sudo: required

 before_install:
@ -25,7 +19,7 @@ before_install:
 ## Note: all dependencies on MacOS should be resolved by the brew install command
  if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then 
    sudo apt-get update -qq;
-    sudo apt-get install -y gcc-arm-none-eabi;
+    sudo apt-get install -y gcc-arm-none-eabi libnewlib-dev;
  elif [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
    brew update;
    brew tap RfidResearchGroup/proxmark3;
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...

 ## [unreleased][unreleased]
+ - Change: new keys for Vigik badges in default_keys.dict (@luminouw)
 - Add 'hw standalone' to jump to standalone mode from command line or script (@doegox)
 - Add to 'hf 14a apdu' print apdu and compose apdu (@merlokk)
 - Change: buggy 'mem read' removed, 'mem save' renamed 'mem dump', can now display too (@doegox)
--- a/Makefile.platform.sample
+++ b/Makefile.platform.sample
@ -1,4 +1,7 @@
 # If you want to use it, copy this file as Makefile.platform and adjust it to your needs
+# Run 'make PLATFORM=' to get an exhaustive list of possible parameters for this file.
+
 PLATFORM=PM3RDV4
+# If you want more than one PLATFORM_EXTRAS option, separate them by spaces:
 #PLATFORM_EXTRAS=BTADDON
 #STANDALONE=LF_SAMYRUN
--- a/README.md
+++ b/README.md
@ -3,8 +3,9 @@
 This repo is based on iceman fork for Proxmark3. It is dedicated to bringing the most out of the new features for Proxmark3 RDV4.0 new hardware and design.
 Note that it also supports other Proxmark3 platforms as well!

-[![Build status](https://ci.appveyor.com/api/projects/status/ct5blik2wa96bv0x/branch/master?svg=true)](https://ci.appveyor.com/project/iceman1001/proxmark3-ji4wj/branch/master)
-[![Latest release](https://img.shields.io/github/release/RfidResearchGroup/proxmark3.svg)](https://github.com/RfidResearchGroup/proxmark3/releases/latest)
+| Releases     | Linux & OSX CI       | Windows CI |
+| ------------------- |:-------------------:| -------------------:|
+| [![Latest release](https://img.shields.io/github/release/RfidResearchGroup/proxmark3.svg)](https://github.com/RfidResearchGroup/proxmark3/releases/latest) | [![Build status](https://travis-ci.org/RfidResearchGroup/proxmark3.svg?branch=master)](https://travis-ci.org/RfidResearchGroup/proxmark3) | [![Build status](https://ci.appveyor.com/api/projects/status/uvk6cexs6xxwonn4/branch/master?svg=true)](https://ci.appveyor.com/project/iceman1001/proxmark3-isfoh/branch/master) |

 ---

@ -19,6 +20,7 @@ Note that it also supports other Proxmark3 platforms as well!
 |[Issues](#issues)|[Blue shark manual](/doc/bt_manual_v10.md) |[Advanced compilation parameters](/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md)|
 |[Notes on UART](/doc/uart_notes.md)|||
 |[Notes on Frame format](/doc/new_frame_format.md)|||
+|[Notes on external flash](/doc/ext_flash_notes.md)|||
 |[Notes on Termux / Android](/doc/termux_notes.md)|||
 |[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode) ||
 |[Donations](#Donations)|||
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -13,6 +13,8 @@

 #define MAX_ISO14A_TIMEOUT 524288
 static uint32_t iso14a_timeout;
+// if iso14443a not active - transmit/receive dont try to execute
+static bool iso14443a_active = false;

 uint8_t colpos = 0;
 int rsamples = 0;
@ -1551,6 +1553,9 @@ void PrepareDelayedTransfer(uint16_t delay) {
 //-------------------------------------------------------------------------------------
 static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) {

+    if (!iso14443a_active)
+        return;
+
    FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_ISO14443A | FPGA_HF_ISO14443A_READER_MOD);

    if (timing) {
@ -1933,6 +1938,9 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start
 static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset) {
    uint32_t c = 0;
    
+    if (!iso14443a_active)
+        return false;
+
    // Set FPGA mode to "reader listen mode", no modulation (listen
    // only, since we are receiving, not transmitting).
    // Signal field is on with the appropriate LED
@ -2370,6 +2378,14 @@ void iso14443a_setup(uint8_t fpga_minor_mode) {
    UartReset();
    NextTransferTime = 2 * DELAY_ARM2AIR_AS_READER;
    iso14a_set_timeout(1060); // 106 * 10ms default
+    
+    iso14443a_active = true;
+}
+
+void iso14443a_off() {
+    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+    LEDsoff();
+    iso14443a_active = false;
 }

 /* Peter Fillmore 2015
@ -2574,9 +2590,8 @@ void ReaderIso14443a(PacketCommandNG *c) {
        return;

 OUT:
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
+    iso14443a_off();
    set_tracing(false);
-    LEDsoff();
 }

 // Determine the distance between two nonces.
@ -2870,8 +2885,7 @@ void ReaderMifare(bool first_try, uint8_t block, uint8_t keytype) {

    reply_mix(CMD_ACK, isOK, 0, 0, buf, sizeof(buf));

-    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-    LEDsoff();
+    iso14443a_off();
    set_tracing(false);
 }

@ -3110,7 +3124,6 @@ void DetectNACKbug() {

    //reply_mix(CMD_ACK, isOK, num_nacks, i, 0, 0);
    BigBuf_free();
-    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
-    LEDsoff();
+    iso14443a_off();
    set_tracing(false);
 }
--- a/client/default_keys.dic
+++ b/client/default_keys.dic
@ -944,5 +944,9 @@ A23456789123
 A00003000084
 675A32413770
 395244733978
+A0004A000036
+2C9F3D45BA13
+4243414F5250
+DFE73BE48AC6
 #
 B069D0D03D17
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@ -503,6 +503,9 @@ int main(int argc, char *argv[]) {
        CloseProxmark();
    }

+    if ((port != NULL) && (!session.pm3_present))
+        exit(EXIT_FAILURE);
+
    if (!session.pm3_present)
        PrintAndLogEx(INFO, "Running in " _YELLOW_("OFFLINE") "mode. Check \"%s -h\" if it's not what you want.\n", exec_name);

@ -531,5 +534,5 @@ int main(int argc, char *argv[]) {
        CloseProxmark();
    }

-    exit(0);
+    exit(EXIT_SUCCESS);
 }
--- a/doc/ext_flash_notes.md
+++ b/doc/ext_flash_notes.md
@ -0,0 +1,95 @@
+# External flash
+
+External 256kbytes flash is a unique feature of the RDV4 edition.
+
+## Addresses
+
+Flash memory is
+
+* 256kb (0x40000= 262144)
+* divided into 4 pages of 64kb (0x10000 = 65536)
+* 4 pages divided into 16 sectors of 4kb (0x1000 = 4096), so last sector is at 0x3F000
+
+Therefore a flash address can be interpreted as such:
+```
+0xPSxxx       e.g. 0x3FF7F
+  ^ page             ^ page 3
+   ^ sector           ^ sector 0xF
+    ^^^ offset         ^^^ offset 0xF7F
+```
+
+## Layout
+
+Page 0:
+* available for user data
+* to dump it: `mem dump f page0_dump o 0 l 65536`
+* to erase it: `mem wipe p 0`
+
+Page 1:
+* available for user data
+* to dump it: `mem dump f page1_dump o 65536 l 65536`
+* to erase it: `mem wipe p 1`
+
+Page 2:
+* available for user data
+* to dump it: `mem dump f page2_dump o 131072 l 65536`
+* to erase it: `mem wipe p 2`
+
+Page 3:
+* used by Proxmark3 RDV4 specific functions: flash signature and keys dictionaries, see below for details
+* to dump it: `mem dump f page3_dump o 196608 l 65536`
+* to erase it:
+  * **Beware** it will erase your flash signature (see below) so better to back it up first as you won't be able to regenerate it by yourself!
+  * It's possible to erase completely page 3 by erase the entire flash memory with the voluntarily undocumented command `mem wipe i`.
+  * Updating keys dictionaries doesn't require to erase page 3.
+
+## Page3 Layout
+
+Page3 is used as follows by the Proxmark3 RDV4 firmware:
+
+* **MF_KEYS**
+  * offset: page 3 sector  9 (0x9) @ 3*0x10000+9*0x1000=0x39000
+  * length: 2 sectors
+
+* **ICLASS_KEYS**
+  * offset: page 3 sector 11 (0xB) @ 3*0x10000+11*0x1000=0x3B000
+  * length: 1 sector
+
+* **T55XX_KEYS**
+  * offset: page 3 sector 12 (0xC) @ 3*0x10000+12*0x1000=0x3C000
+  * length: 1 sector
+
+* **T55XX_CONFIG**
+  * offset: page 3 sector 13 (0xD) @ 3*0x10000+13*0x1000=0x3D000
+  * length: 1 sector (actually only a few bytes are used to store `t55xx_config` structure)
+
+* **RSA SIGNATURE**, see below for details
+  * offset: page 3 sector 15 (0xF) offset 0xF7F @ 3*0x10000+15*0x1000+0xF7F=0x3FF7F
+  * length: 128 bytes
+  * offset should have been 0x3FF80 but historically it's one byte off and therefore the last byte of the flash is unused
+
+## RSA signature
+
+To ensure your Proxmark3 RDV4 is not a counterfeit product, its external flash contains a RSA signature of the flash unique ID.
+You can verify it with: `mem info`
+
+```
+[usb] pm3 --> mem info
+          
+[=] --- Flash memory Information ---------
+          
+[=] -------------------------------------------------------------          
+[=] ID            | xx xx xx xx xx xx xx xx           
+[=] SHA1          | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx           
+[=] RSA SIGNATURE |          
+[00] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
+[01] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
+[02] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
+[03] | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 
+[=] KEY length   | 128          
+[+] RSA key validation ok          
+[+] RSA Verification ok          
+```
+
+For a backup of the signature: `mem dump p f flash_signature_dump o 262015 l 128`
+
--- a/doc/md/Installation_Instructions/Linux-Installation-Instructions.md
+++ b/doc/md/Installation_Instructions/Linux-Installation-Instructions.md
@ -25,7 +25,7 @@ Install the requirements

 ```sh
 sudo apt-get install p7zip git ca-certificates build-essential libreadline5 libreadline-dev \
-libusb-0.1-4 libusb-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi libstdc++-arm-none-eabi-newlib libqt4-dev
+libusb-0.1-4 libusb-dev perl pkg-config wget libncurses5-dev gcc-arm-none-eabi libnewlib-dev libqt4-dev
 ```

 If you don't need the graphical components of the Proxmark3 client, you can skip the installation of `libqt4-dev`.
--- a/doc/uart_notes.md
+++ b/doc/uart_notes.md
@ -27,10 +27,10 @@ Proxmark3 RDV4 has a FPC connector outputting on 2 pins a USART from the ARM:
 USART support is in `common/usart.c`.

 There are mainly two ways to use this USART:
-* connect the host client to the Proxmark3 via this USART instead of USB-CDC, this is the `FPC_USART_HOST`. The most used way is through the BT add-on (blue shark) that we will cover later. Instead of BT add-on, we can also use e.g. a FTDI cable (mostly for internal development, it's much slower than USB-CDC anyway) or in the future other ways to connect the host such as a USART-to-Wi-Fi bridge.
+* connect the host client to the Proxmark3 via this USART instead of USB-CDC, this is the `FPC_USART_HOST` option you can add to `PLATFORM_EXTRAS` in `Makefile.platform`. The most used way is through the BT add-on (blue shark) that we will cover later. Instead of BT add-on, we can also use e.g. a FTDI cable (mostly for internal development, it's much slower than USB-CDC anyway) or in the future other ways to connect the host such as a USART-to-Wi-Fi bridge.
 * connect "slave" devices to the Proxmark3 to add functionnalities. In such case, the host client will use USB-CDC and the USART will be use to, e.g. connect the Proxmark3 to various daughterboards. These is no such example of daughterboard as of today, except when we're talking to the BT add-on in its AT configuration mode.

-This USART can be reached from the host client (if connected via USB-CDC) through the following commands, available in `FPC_USART_DEV` build:
+This USART can be reached from the host client (if connected via USB-CDC) through the following commands, available when you add `FPC_USART_DEV` to `PLATFORM_EXTRAS` in `Makefile.platform`:
 * `usart config`, to configure the baudrate and the parity of the Proxmark3 USART
 * `usart txrx/tx/rx/txhex/rxhex` to transmit and receive bytes

@ -45,7 +45,7 @@ Internally, the desired baudrate is converted to UART settings: a BRGR and a FP.

 When the BT add-on is turned on but no actively connected to a host, it's in a configuration mode where it accepts "AT" commands and its blue LED is blinking at about 1Hz.

-Some specific commands are available in `BTADDON` build, only to configure specific features of the BT add-on:
+Some specific commands are available when you add `BTADDON` to `PLATFORM_EXTRAS` in `Makefile.platform` (it will automatically enable `FPC_USART_HOST` as well), to configure specific features of the BT add-on:
 * `usart btpin`, to change the BT add-on PIN
 * `usart btfactory`, to guess the current BT add-on UART settings and to reset its configuration.