From c1bc38b39af96a706e088e80ebad93ef1a19ecf1 Mon Sep 17 00:00:00 2001 From: Iceman Date: Fri, 31 Jan 2025 22:24:45 +0100 Subject: [PATCH 01/11] Update Troubleshooting.md Signed-off-by: Iceman --- .../Troubleshooting.md | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/doc/md/Installation_Instructions/Troubleshooting.md b/doc/md/Installation_Instructions/Troubleshooting.md index 14402b68f..079e4bf4a 100644 --- a/doc/md/Installation_Instructions/Troubleshooting.md +++ b/doc/md/Installation_Instructions/Troubleshooting.md @@ -29,6 +29,7 @@ Always use the latest repository commits from *master* branch. There are always - [Qt Session management error](#qt-session-management-error) - [found architecture 'x86\_64' required architecture 'arm64' error](#found-architecture-x86_64-required-architecture-arm64-error) - [wrong permissions on runtime directory /run/user/1000](#wrong-permissions-on-runtime-directory-runuser1000) + - [proxspace `file not found or locked` on Windows 11](#proxspace-file-not-found-or-locked-on-windows-11) ## `pm3` or `pm3-flash*` doesn't see my Proxmark @@ -360,4 +361,33 @@ export XDG_RUNTIME_DIR=/run/user/1000 or export XDG_RUNTIME_DIR=/var/run/user/1000 -``` \ No newline at end of file +``` + +## proxspace 'file not found or locked' on Windows 11 +^[Top](#top) + +if you receive an error "file not found or locked" for any operation that needs to write a file. + +The cause is that Windows locks down many folders as 'read only', and you can't easily change this setting. + +How to fix (use this at your own risk): + +``` + Open your Windows Settings Control Panel + Then select "Privacy and security" + Then select "Windows Security" + Then select "Virus & threat protection" + Then scroll down and select "Manage ransomware protection" + Then select "Allow an app through Controlled folder access" + Answer "Yes" to allow this app to make changes to your system + Then select "Add an allowed app" to select the proper "proxmark3.exe" in the client folder. + +Potentially also do: + Select "Recently blocked apps" + Then select the most recent "proxmark3.exe" by pressing the "+" next to it. + Then select "Close". + +Side note: +You may also be able to choose "Browse all apps" and find your specific proxmark3.exe in the client folder but +be sure to choose the proper location and specific file in case you have more than one stored on your PC somewhere. +``` From ecf5b0d7eb406eafd09f4b7b694bb72989424583 Mon Sep 17 00:00:00 2001 From: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> Date: Sat, 1 Feb 2025 04:28:49 +0000 Subject: [PATCH 02/11] Add files via upload A simple script for searching the password for T5577. The script creates a dictionary starting from the entered starting year to the entered ending year. There are two search methods - DDMMYYYY or YYYYMMDD. Checking the entire year takes about 1 minutes and 50 seconds. Date from 1900 to 2100. The script may be useful if the password is for example date of birth. Signed-off-by: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> --- client/luascripts/t55_chk_date.lua | 158 +++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 client/luascripts/t55_chk_date.lua diff --git a/client/luascripts/t55_chk_date.lua b/client/luascripts/t55_chk_date.lua new file mode 100644 index 000000000..1a1400fbd --- /dev/null +++ b/client/luascripts/t55_chk_date.lua @@ -0,0 +1,158 @@ +local os = require("os") +local ac = require('ansicolors') +local utils = require('utils') +local getopt = require('getopt') +local dash = string.rep('--', 32) + +author = ' Author: jareckib - created 01.02.2025' +version = ' version v1.00' +desc = [[ + A simple script for searching the password for T5577. The script creates a + dictionary starting from the entered starting year to the entered ending year. + There are two search methods - DDMMYYYY or YYYYMMDD. Checking the entire year + takes about 1 minutes and 50 seconds. Date from 1900 to 2100. The script may be + useful if the password is for example date of birth. + + ]] +usage = [[ + script run t55_chk_date +]] +arguments = [[ + script run t55_chk_date -h : this help +]] + +local debug = true + +local function dbg(args) + if not DEBUG then return end + if type(args) == 'table' then + local i = 1 + while args[i] do + dbg(args[i]) + i = i+1 + end + else + print('###', args) + end +end + +local function help() + print() + print(ac.green..author) + print(version) + print(ac.yellow..desc) + print(ac.cyan..' Usage'..ac.reset) + print(usage) + print(ac.cyan..' Arguments'..ac.reset) + print(arguments) +end + +local dir = os.getenv('HOME') .. '/proxmark3/client/dictionaries/' +local dictionary_path = dir .. 'T5577date.dic' + +local days_in_month = { + [1] = 31, [2] = 28, [3] = 31, [4] = 30, [5] = 31, [6] = 30, + [7] = 31, [8] = 31, [9] = 30, [10] = 31, [11] = 30, [12] = 31 +} + +local function generate_dictionary(start_year, end_year, mode) + local file = io.open(dictionary_path, "w") + if not file then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Cannot create T5577date.dic') + return false + end + + for year = start_year, end_year do + for month = 1, 12 do + local days_in_current_month = days_in_month[month] + if month == 2 and ((year % 4 == 0 and year % 100 ~= 0) or (year % 400 == 0)) then + days_in_current_month = 29 + end + + for day = 1, days_in_current_month do + local month_str = string.format("%02d", month) + local day_str = string.format("%02d", day) + local year_str = tostring(year) + local entry = (mode == "1") and (year_str .. month_str .. day_str) or (day_str .. month_str .. year_str) + file:write(entry .. "\n") + end + end + end + + file:close() + return true +end + +local function get_valid_year_input(prompt) + local year + while true do + io.write(prompt) + local input = io.read() + if input == "" then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Year cannot be empty') + else + year = tonumber(input) + if not year then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Invalid input (digits only)') + elseif year < 1900 then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Year cannot be less than 1900') + elseif year > 2100 then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Year cannot be greater than 2100') + else + break + end + end + end + return year +end + +local function get_valid_ending_year_input(start_year) + local end_year + while true do + io.write(" Enter the ending year: " .. ac.yellow) + local input = io.read() + io.write(ac.reset..'') + if input == "" then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Ending year cannot be empty') + else + end_year = tonumber(input) + if not end_year then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Invalid input (digits only)') + elseif end_year < 1900 or end_year > 2100 then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Year must be between 1900 and 2100') + elseif end_year < start_year then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Ending year cannot be less than the starting year') + else + break + end + end + end + return end_year +end + +local function main(args) + for o, a in getopt.getopt(args, 'h') do + if o == 'h' then return help() end + end + core.console('clear') + print(dash) + print(dash) + local start_year = get_valid_year_input(" Enter the starting year: " .. ac.yellow) + io.write(ac.reset..'') + local end_year = get_valid_ending_year_input(start_year) + io.write(' Choose the searching mode ('..ac.cyan..'1'..ac.reset..' - YYYYMMDD '..ac.cyan..'2'..ac.reset..' - DDMMYYYY): ') + local mode = io.read() + if mode ~= "1" and mode ~= "2" then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Invalid choice.') + return + end + if generate_dictionary(start_year, end_year, mode) then + print(ac.green .. " File created: " .. dictionary_path .. ac.reset) + print(ac.cyan .. " Starting password testing on T5577..." .. ac.reset) + core.console('lf t55 chk -f ' .. dictionary_path) + else + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Problem saving the file.') + end +end + +main(args) \ No newline at end of file From a573fd4631a625f147460c26b7ce0c37d6ef8584 Mon Sep 17 00:00:00 2001 From: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> Date: Sun, 2 Feb 2025 02:49:47 +0000 Subject: [PATCH 03/11] Update t55_chk_date.lua Signed-off-by: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> --- client/luascripts/t55_chk_date.lua | 40 +++++++++++++++++------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/client/luascripts/t55_chk_date.lua b/client/luascripts/t55_chk_date.lua index 1a1400fbd..a6b217832 100644 --- a/client/luascripts/t55_chk_date.lua +++ b/client/luascripts/t55_chk_date.lua @@ -5,15 +5,14 @@ local getopt = require('getopt') local dash = string.rep('--', 32) author = ' Author: jareckib - created 01.02.2025' -version = ' version v1.00' +version = ' version v1.01' desc = [[ A simple script for searching the password for T5577. The script creates a dictionary starting from the entered starting year to the entered ending year. There are two search methods - DDMMYYYY or YYYYMMDD. Checking the entire year - takes about 1 minutes and 50 seconds. Date from 1900 to 2100. The script may be - useful if the password is for example date of birth. - - ]] + takes about 1 minute and 50 seconds. Date from 1900 to 2100. The script may be + useful if the password is, for example, a date of birth. +]] usage = [[ script run t55_chk_date ]] @@ -21,15 +20,13 @@ arguments = [[ script run t55_chk_date -h : this help ]] -local debug = true +local DEBUG = true local function dbg(args) if not DEBUG then return end if type(args) == 'table' then - local i = 1 - while args[i] do - dbg(args[i]) - i = i+1 + for _, v in ipairs(args) do + dbg(v) end else print('###', args) @@ -130,6 +127,19 @@ local function get_valid_ending_year_input(start_year) return end_year end +local function get_valid_mode_input() + local mode + while true do + io.write(' Choose the searching mode ('..ac.cyan..'1'..ac.reset..' - YYYYMMDD '..ac.cyan..'2'..ac.reset..' - DDMMYYYY): ') + mode = io.read() + if mode == "1" or mode == "2" then + return mode + else + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Invalid choice. Please enter 1 or 2.') + end + end +end + local function main(args) for o, a in getopt.getopt(args, 'h') do if o == 'h' then return help() end @@ -140,12 +150,8 @@ local function main(args) local start_year = get_valid_year_input(" Enter the starting year: " .. ac.yellow) io.write(ac.reset..'') local end_year = get_valid_ending_year_input(start_year) - io.write(' Choose the searching mode ('..ac.cyan..'1'..ac.reset..' - YYYYMMDD '..ac.cyan..'2'..ac.reset..' - DDMMYYYY): ') - local mode = io.read() - if mode ~= "1" and mode ~= "2" then - print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Invalid choice.') - return - end + local mode = get_valid_mode_input() + if generate_dictionary(start_year, end_year, mode) then print(ac.green .. " File created: " .. dictionary_path .. ac.reset) print(ac.cyan .. " Starting password testing on T5577..." .. ac.reset) @@ -155,4 +161,4 @@ local function main(args) end end -main(args) \ No newline at end of file +main(args) From 82c059adbb879c6b061b1069119fea4c971c6593 Mon Sep 17 00:00:00 2001 From: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> Date: Sun, 2 Feb 2025 19:26:42 +0000 Subject: [PATCH 04/11] t55_chk_lua Author: jareckib - created 02.02.2025 version v1.00 A simple script for searching the password for T5577. The script creates a dictionary starting from the entered starting year to the entered ending year. There are two search methods - DDMMYYYY or YYYYMMDD. Checking the entire year takes about 1 minute and 50 seconds. Date from 1900 to 2100. The script may be useful if the password is, for example, a date of birth. Usage: script run t55_chk [-s start_year] [-e end_year] [-d | -y] Options: -h Show this help message -s Starting year (required) -e Ending year (default: current year) -d Search method: DDMMYYYY -y Search method: YYYYMMDD Examples: script run t55_chk -s 1999 -d - start from 1999, end year is current year, method 01011999 script run t55_chk -s 1999 -y - start from 1999, end year is current year, method 19990101 script run t55_chk -s 1999 -e 2001 -y - start from 1999, end year 2001, method 19990101 script run t55_chk -s 1999 -e 2001 -d - start from 1999, end year 2001, method 01011999 Signed-off-by: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> --- client/luascripts/t55_chk.lua | 122 ++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 client/luascripts/t55_chk.lua diff --git a/client/luascripts/t55_chk.lua b/client/luascripts/t55_chk.lua new file mode 100644 index 000000000..1cc8d69c2 --- /dev/null +++ b/client/luascripts/t55_chk.lua @@ -0,0 +1,122 @@ +local os = require("os") +local ac = require('ansicolors') +local getopt = require('getopt') +local dir = os.getenv('HOME') .. '/proxmark3/client/dictionaries/' +local dictionary_path = dir .. 'T5577date.dic' +local cyan = ac.cyan +local res = ac.reset + +author = ' Author: jareckib - created 02.02.2025' +version = ' version v1.00' +desc = [[ + A simple script for searching the password for T5577. The script creates a + dictionary starting from the entered starting year to the entered ending year. + There are two search methods - DDMMYYYY or YYYYMMDD. Checking the entire year + takes about 1 minute and 50 seconds. Date from 1900 to 2100. The script may be + useful if the password is, for example, a date of birth. +]] + +usage = [[ + script run t55_chk [-s start_year] [-e end_year] [-d | -y] +]] +options = [[ + -h Show this help message + -s Starting year (required) + -e Ending year (default: current year) + -d Search method: DDMMYYYY + -y Search method: YYYYMMDD +]] +examples = [[ + script run t55_chk -s 1999 -d - start from 1999, end year is current year, method 01011999 + script run t55_chk -s 1999 -y - start from 1999, end year is current year, method 19990101 + script run t55_chk -s 1999 -e 2001 -y - start from 1999, end year 2001, method 19990101 + script run t55_chk -s 1999 -e 2001 -d - start from 1999, end year 2001, method 01011999 +]] + +local function help() + print(ac.green..author..res) + print(version) + print(desc) + print(cyan..' Usage:'..res) + print(usage) + print(cyan..' Options:'..res) + print(options) + print(cyan..' Examples:'..res) + print(examples) +end + +local function generate_dictionary(start_year, end_year, mode) + local file = io.open(dictionary_path, "w") + if not file then + print(ac.yellow .. ' ERROR: ' .. res .. 'Cannot create T5577date.dic') + return false + end + + for year = start_year, end_year do + for month = 1, 12 do + for day = 1, 31 do + local entry = (mode == "y") and + (string.format("%04d%02d%02d", year, month, day)) or + (string.format("%02d%02d%04d", day, month, year)) + file:write(entry .. "\n") + end + end + end + + file:close() + return true +end + +local function oops(err) + core.console('clear') + print( string.rep('--',39) ) + print( string.rep('--',39) ) + print(ac.red..' ERROR:'..res.. err) + print( string.rep('--',39) ) + print( string.rep('--',39) ) + return nil, err +end + +local function main(args) + if #args == 0 then return help() end + + local start_year, end_year, mode = nil, nil, nil + local current_year = tonumber(os.date("%Y")) + + for o, a in getopt.getopt(args, 'hs:e:dy') do + if o == 'h' then return help() end + if o == 's' then + start_year = tonumber(a) + if not start_year then return oops('Invalid start year') end + end + if o == 'e' then + end_year = tonumber(a) + if not end_year then return oops('Invalid end year (-e)') end + end + if o == 'd' then mode = "d" end + if o == 'y' then mode = "y" end + end + + if not start_year then return oops('Starting year is required') end + if start_year < 1900 or start_year > 2100 then + return oops('Start year must be between 1900 and 2100') + end + if args[#args] == "-e" then return oops('Ending year cannot be empty') end + if not end_year then end_year = current_year end + if end_year < 1900 or end_year > 2100 then + return oops('End year must be between 1900 and 2100') + end + + if end_year < start_year then return oops('End year cannot be earlier than start year') end + if not mode then return oops('You must select searching method'..cyan..' -d'..res.. ' or '..cyan.. '-y'..res) end + + if generate_dictionary(start_year, end_year, mode) then + print(ac.green .. " File created: " .. dictionary_path .. res) + print(cyan .. " Starting password testing on T5577..." .. res) + core.console('lf t55 chk -f ' .. dictionary_path) + else + return oops('Problem saving the file') + end +end + +main(args) \ No newline at end of file From 500845b30a6e70780b2fccf27225d0805efd5ff8 Mon Sep 17 00:00:00 2001 From: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> Date: Sun, 2 Feb 2025 20:13:34 +0000 Subject: [PATCH 05/11] t55_chk.lua Generated dictionary fixed february - 28 or 29 Signed-off-by: Jarek Barwinski <116510448+jareckib@users.noreply.github.com> --- client/t55_chk.lua | 133 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 client/t55_chk.lua diff --git a/client/t55_chk.lua b/client/t55_chk.lua new file mode 100644 index 000000000..8f88cdf3c --- /dev/null +++ b/client/t55_chk.lua @@ -0,0 +1,133 @@ +local os = require("os") +local ac = require('ansicolors') +local getopt = require('getopt') +local dir = os.getenv('HOME') .. '/proxmark3/client/dictionaries/' +local dictionary_path = dir .. 'T5577date.dic' +local cyan = ac.cyan +local res = ac.reset + +author = ' Author: jareckib - created 02.02.2025' +version = ' version v1.01' +desc = [[ + A simple script for searching the password for T5577. The script creates a + dictionary starting from the entered starting year to the entered ending year. + There are two search methods - DDMMYYYY or YYYYMMDD. Checking the entire year + takes about 1 minute and 50 seconds. Date from 1900 to 2100. The script may be + useful if the password is, for example, a date of birth. +]] + +usage = [[ + script run t55_chk [-s start_year] [-e end_year] [-d | -y] +]] +options = [[ + -h Show this help message + -s Starting year (required) + -e Ending year (default: current year) + -d Search method: DDMMYYYY + -y Search method: YYYYMMDD +]] +examples = [[ + script run t55_chk -s 1999 -d - start from 1999, end year is current year, method 01011999 + script run t55_chk -s 1999 -y - start from 1999, end year is current year, method 19990101 + script run t55_chk -s 1999 -e 2001 -y - start from 1999, end year 2001, method 19990101 + script run t55_chk -s 1999 -e 2001 -d - start from 1999, end year 2001, method 01011999 +]] + +local function help() + print(ac.green..author..res) + print(version) + print(desc) + print(cyan..' Usage:'..res) + print(usage) + print(cyan..' Options:'..res) + print(options) + print(cyan..' Examples:'..res) + print(examples) +end + +local days_in_month = { + [1] = 31, [2] = 28, [3] = 31, [4] = 30, [5] = 31, [6] = 30, + [7] = 31, [8] = 31, [9] = 30, [10] = 31, [11] = 30, [12] = 31 +} + +local function generate_dictionary(start_year, end_year, mode) + local file = io.open(dictionary_path, "w") + if not file then + print(ac.yellow .. ' ERROR: ' .. ac.reset .. 'Cannot create T5577date.dic') + return false + end + + for year = start_year, end_year do + for month = 1, 12 do + local days_in_current_month = days_in_month[month] + if month == 2 and ((year % 4 == 0 and year % 100 ~= 0) or (year % 400 == 0)) then + days_in_current_month = 29 + end + + for day = 1, days_in_current_month do + local month_str = string.format("%02d", month) + local day_str = string.format("%02d", day) + local year_str = tostring(year) + local entry = (mode == "1") and (year_str .. month_str .. day_str) or (day_str .. month_str .. year_str) + file:write(entry .. "\n") + end + end + end + + file:close() + return true +end + +local function oops(err) + core.console('clear') + print( string.rep('--',39) ) + print( string.rep('--',39) ) + print(ac.red..' ERROR:'..res.. err) + print( string.rep('--',39) ) + print( string.rep('--',39) ) + return nil, err +end + +local function main(args) + if #args == 0 then return help() end + + local start_year, end_year, mode = nil, nil, nil + local current_year = tonumber(os.date("%Y")) + + for o, a in getopt.getopt(args, 'hs:e:dy') do + if o == 'h' then return help() end + if o == 's' then + start_year = tonumber(a) + if not start_year then return oops('Invalid start year') end + end + if o == 'e' then + end_year = tonumber(a) + if not end_year then return oops('Invalid end year (-e)') end + end + if o == 'd' then mode = "d" end + if o == 'y' then mode = "y" end + end + + if not start_year then return oops('Starting year is required') end + if start_year < 1900 or start_year > 2100 then + return oops('Start year must be between 1900 and 2100') + end + if args[#args] == "-e" then return oops('Ending year cannot be empty') end + if not end_year then end_year = current_year end + if end_year < 1900 or end_year > 2100 then + return oops('End year must be between 1900 and 2100') + end + + if end_year < start_year then return oops('End year cannot be earlier than start year') end + if not mode then return oops('You must select searching method'..cyan..' -d'..res.. ' or '..cyan.. '-y'..res) end + + if generate_dictionary(start_year, end_year, mode) then + print(ac.green .. " File created: " .. dictionary_path .. res) + print(cyan .. " Starting password testing on T5577..." .. res) + core.console('lf t55 chk -f ' .. dictionary_path) + else + return oops('Problem saving the file') + end +end + +main(args) \ No newline at end of file From 766d30ecfa9689453e060a025be6538d8a804a46 Mon Sep 17 00:00:00 2001 From: Benjamin DELPY Date: Sun, 2 Feb 2025 22:57:31 +0100 Subject: [PATCH 06/11] Update intertic.py to support new ContractProvider for Strasbourg/CTS Signed-off-by: Benjamin DELPY --- client/pyscripts/intertic.py | 1 + 1 file changed, 1 insertion(+) diff --git a/client/pyscripts/intertic.py b/client/pyscripts/intertic.py index 7c940238d..f262040c2 100644 --- a/client/pyscripts/intertic.py +++ b/client/pyscripts/intertic.py @@ -284,6 +284,7 @@ FRA_OrganizationalAuthority_Contract_Provider = { }, 0x091: { 1: InterticHelper('Strasbourg', 'CTS', Describe_Usage_4), # More dump needed, not only tram ! + 5: InterticHelper('Strasbourg', 'CTS / new', Describe_Usage_4), # More dump needed, not only tram ! }, 0x502: { 83: InterticHelper('Annecy', 'Sibra', Describe_Usage_2), From 1ae4cf37d80d24e8ac006e0892e69e31c45bbda2 Mon Sep 17 00:00:00 2001 From: Donny <107092000+Donny-Guo@users.noreply.github.com> Date: Sun, 2 Feb 2025 23:42:19 -0800 Subject: [PATCH 07/11] Fix facility code and card number checking in LF HID Brute --- client/src/cmdlfhid.c | 5 +- client/src/wiegand_formats.c | 157 ++++++++++------------------------- client/src/wiegand_formats.h | 10 ++- 3 files changed, 58 insertions(+), 114 deletions(-) diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 4ad3cbc66..5c97c6683 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -544,6 +544,7 @@ static int CmdHIDBrute(const char *Cmd) { } wiegand_card_t card_hi, card_low; + cardformatlimit_t limit = get_card_format_limit(format_idx); memset(&card_hi, 0, sizeof(wiegand_card_t)); char field[3] = {0}; @@ -623,13 +624,13 @@ static int CmdHIDBrute(const char *Cmd) { return PM3_ESOFT; } if (strcmp(field, "fc") == 0) { - if (card_hi.FacilityCode < 0xFF) { + if (card_hi.FacilityCode < limit.FacilityCode) { card_hi.FacilityCode++; } else { fin_hi = true; } } else if (strcmp(field, "cn") == 0) { - if (card_hi.CardNumber < 0xFFFF) { + if (card_hi.CardNumber < limit.CardNumber) { card_hi.CardNumber++; } else { fin_hi = true; diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index e3e146153..4641ec3c9 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -1499,46 +1499,46 @@ static void hid_print_card(wiegand_card_t *card, const cardformat_t format) { } static const cardformat_t FormatTable[] = { - {"H10301", Pack_H10301, Unpack_H10301, "HID H10301 26-bit", {1, 1, 0, 0, 1}}, // imported from old pack/unpack - {"ind26", Pack_ind26, Unpack_ind26, "Indala 26-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"ind27", Pack_ind27, Unpack_ind27, "Indala 27-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"indasc27", Pack_indasc27, Unpack_indasc27, "Indala ASC 27-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"Tecom27", Pack_Tecom27, Unpack_Tecom27, "Tecom 27-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"2804W", Pack_2804W, Unpack_2804W, "2804 Wiegand 28-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"ind29", Pack_ind29, Unpack_ind29, "Indala 29-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"ATSW30", Pack_ATSW30, Unpack_ATSW30, "ATS Wiegand 30-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"ADT31", Pack_ADT31, Unpack_ADT31, "HID ADT 31-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"HCP32", Pack_hcp32, Unpack_hcp32, "HID Check Point 32-bit", {1, 0, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"HPP32", Pack_hpp32, Unpack_hpp32, "HID Hewlett-Packard 32-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"Kastle", Pack_Kastle, Unpack_Kastle, "Kastle 32-bit", {1, 1, 1, 0, 1}}, // from @xilni; PR #23 on RfidResearchGroup/proxmark3 - {"Kantech", Pack_Kantech, Unpack_Kantech, "Indala/Kantech KFS 32-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"WIE32", Pack_wie32, Unpack_wie32, "Wiegand 32-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"D10202", Pack_D10202, Unpack_D10202, "HID D10202 33-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"H10306", Pack_H10306, Unpack_H10306, "HID H10306 34-bit", {1, 1, 0, 0, 1}}, // imported from old pack/unpack - {"N10002", Pack_N10002, Unpack_N10002, "Honeywell/Northern N10002 34-bit", {1, 1, 0, 0, 1}}, // from proxclone.com - {"Optus34", Pack_Optus, Unpack_Optus, "Indala Optus 34-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"SMP34", Pack_Smartpass, Unpack_Smartpass, "Cardkey Smartpass 34-bit", {1, 1, 1, 0, 0}}, // from cardinfo.barkweb.com.au - {"BQT34", Pack_bqt34, Unpack_bqt34, "BQT 34-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"C1k35s", Pack_C1k35s, Unpack_C1k35s, "HID Corporate 1000 35-bit std", {1, 1, 0, 0, 1}}, // imported from old pack/unpack - {"C15001", Pack_C15001, Unpack_C15001, "HID KeyScan 36-bit", {1, 1, 0, 1, 1}}, // from Proxmark forums - {"S12906", Pack_S12906, Unpack_S12906, "HID Simplex 36-bit", {1, 1, 1, 0, 1}}, // from cardinfo.barkweb.com.au - {"Sie36", Pack_Sie36, Unpack_Sie36, "HID 36-bit Siemens", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"H10320", Pack_H10320, Unpack_H10320, "HID H10320 37-bit BCD", {1, 0, 0, 0, 1}}, // from Proxmark forums - {"H10302", Pack_H10302, Unpack_H10302, "HID H10302 37-bit huge ID", {1, 0, 0, 0, 1}}, // from Proxmark forums - {"H10304", Pack_H10304, Unpack_H10304, "HID H10304 37-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"P10004", Pack_P10004, Unpack_P10004, "HID P10004 37-bit PCSC", {1, 1, 0, 0, 0}}, // from @bthedorff; PR #1559 - {"HGen37", Pack_HGeneric37, Unpack_HGeneric37, "HID Generic 37-bit", {1, 0, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"MDI37", Pack_MDI37, Unpack_MDI37, "PointGuard MDI 37-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"BQT38", Pack_bqt38, Unpack_bqt38, "BQT 38-bit", {1, 1, 1, 0, 1}}, // from cardinfo.barkweb.com.au - {"ISCS", Pack_iscs38, Unpack_iscs38, "ISCS 38-bit", {1, 1, 0, 1, 1}}, // from cardinfo.barkweb.com.au - {"PW39", Pack_pw39, Unpack_pw39, "Pyramid 39-bit wiegand format", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"P10001", Pack_P10001, Unpack_P10001, "HID P10001 Honeywell 40-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"Casi40", Pack_CasiRusco40, Unpack_CasiRusco40, "Casi-Rusco 40-bit", {1, 0, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"C1k48s", Pack_C1k48s, Unpack_C1k48s, "HID Corporate 1000 48-bit std", {1, 1, 0, 0, 1}}, // imported from old pack/unpack - {"BC40", Pack_bc40, Unpack_bc40, "Bundy TimeClock 40-bit", {1, 1, 0, 1, 1}}, // from - {"Avig56", Pack_Avig56, Unpack_Avig56, "Avigilon 56-bit", {1, 1, 0, 0, 1}}, - {"Defcon32", Pack_Defcon32, Unpack_Defcon32, "Custom Defcon RFCTF 42 BIT format", {1, 1, 1, 0, 1}}, // Created by (@micsen) for the CTF - {NULL, NULL, NULL, NULL, {0, 0, 0, 0, 0}} // Must null terminate array + {"H10301", Pack_H10301, Unpack_H10301, "HID H10301 26-bit", {1, 1, 0, 0, 1}, {0xFF, 0xFFFF, 0, 0}}, // imported from old pack/unpack + {"ind26", Pack_ind26, Unpack_ind26, "Indala 26-bit", {1, 1, 0, 0, 1}, {0xFFF, 0xFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ind27", Pack_ind27, Unpack_ind27, "Indala 27-bit", {1, 1, 0, 0, 0}, {0x1FFF, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"indasc27", Pack_indasc27, Unpack_indasc27, "Indala ASC 27-bit", {1, 1, 0, 0, 0}, {0x1FFF, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"Tecom27", Pack_Tecom27, Unpack_Tecom27, "Tecom 27-bit", {1, 1, 0, 0, 0}, {0x7FF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"2804W", Pack_2804W, Unpack_2804W, "2804 Wiegand 28-bit", {1, 1, 0, 0, 1}, {0xFF, 0x7FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ind29", Pack_ind29, Unpack_ind29, "Indala 29-bit", {1, 1, 0, 0, 0}, {0x1FFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ATSW30", Pack_ATSW30, Unpack_ATSW30, "ATS Wiegand 30-bit", {1, 1, 0, 0, 1}, {0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ADT31", Pack_ADT31, Unpack_ADT31, "HID ADT 31-bit", {1, 1, 0, 0, 0}, {0xF, 0x7FFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"HCP32", Pack_hcp32, Unpack_hcp32, "HID Check Point 32-bit", {1, 0, 0, 0, 0}, {0, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"HPP32", Pack_hpp32, Unpack_hpp32, "HID Hewlett-Packard 32-bit", {1, 1, 0, 0, 0}, {0xFFF, 0x1FFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"Kastle", Pack_Kastle, Unpack_Kastle, "Kastle 32-bit", {1, 1, 1, 0, 1}, {0xFF, 0xFFFF, 0x1F, 0}}, // from @xilni; PR #23 on RfidResearchGroup/proxmark3 + {"Kantech", Pack_Kantech, Unpack_Kantech, "Indala/Kantech KFS 32-bit", {1, 1, 0, 0, 0}, {0xFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"WIE32", Pack_wie32, Unpack_wie32, "Wiegand 32-bit", {1, 1, 0, 0, 0}, {0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"D10202", Pack_D10202, Unpack_D10202, "HID D10202 33-bit", {1, 1, 0, 0, 1}, {0x7F, 0xFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"H10306", Pack_H10306, Unpack_H10306, "HID H10306 34-bit", {1, 1, 0, 0, 1}, {0xFFFF, 0xFFFF, 0, 0}}, // imported from old pack/unpack + {"N10002", Pack_N10002, Unpack_N10002, "Honeywell/Northern N10002 34-bit", {1, 1, 0, 0, 1}, {0xFFFF, 0xFFFF, 0, 0}}, // from proxclone.com + {"Optus34", Pack_Optus, Unpack_Optus, "Indala Optus 34-bit", {1, 1, 0, 0, 0}, {0x3FF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"SMP34", Pack_Smartpass, Unpack_Smartpass, "Cardkey Smartpass 34-bit", {1, 1, 1, 0, 0}, {0x3FF, 0xFFFF, 0x7, 0}}, // from cardinfo.barkweb.com.au + {"BQT34", Pack_bqt34, Unpack_bqt34, "BQT 34-bit", {1, 1, 0, 0, 1}, {0xFF, 0xFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"C1k35s", Pack_C1k35s, Unpack_C1k35s, "HID Corporate 1000 35-bit std", {1, 1, 0, 0, 1}, {0xFFF, 0xFFFFF, 0, 0}}, // imported from old pack/unpack + {"C15001", Pack_C15001, Unpack_C15001, "HID KeyScan 36-bit", {1, 1, 0, 1, 1}, {0xFF, 0xFFFF, 0, 0x3FF}}, // from Proxmark forums + {"S12906", Pack_S12906, Unpack_S12906, "HID Simplex 36-bit", {1, 1, 1, 0, 1}, {0xFF, 0x3, 0xFFFFFF, 0}}, // from cardinfo.barkweb.com.au + {"Sie36", Pack_Sie36, Unpack_Sie36, "HID 36-bit Siemens", {1, 1, 0, 0, 1}, {0x3FFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"H10320", Pack_H10320, Unpack_H10320, "HID H10320 37-bit BCD", {1, 0, 0, 0, 1}, {0, 99999999, 0, 0}}, // from Proxmark forums + {"H10302", Pack_H10302, Unpack_H10302, "HID H10302 37-bit huge ID", {1, 0, 0, 0, 1}, {0, 0x7FFFFFFFF, 0, 0}}, // from Proxmark forums + {"H10304", Pack_H10304, Unpack_H10304, "HID H10304 37-bit", {1, 1, 0, 0, 1}, {0xFFFF, 0x7FFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"P10004", Pack_P10004, Unpack_P10004, "HID P10004 37-bit PCSC", {1, 1, 0, 0, 0}, {0x1FFF, 0x3FFFF, 0, 0}}, // from @bthedorff; PR #1559 + {"HGen37", Pack_HGeneric37, Unpack_HGeneric37, "HID Generic 37-bit", {1, 0, 0, 0, 1}, {0, 0x7FFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"MDI37", Pack_MDI37, Unpack_MDI37, "PointGuard MDI 37-bit", {1, 1, 0, 0, 1}, {0xF, 0x1FFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"BQT38", Pack_bqt38, Unpack_bqt38, "BQT 38-bit", {1, 1, 1, 0, 1}, {0xFFF, 0x3FFFF, 0x7, 0}}, // from cardinfo.barkweb.com.au + {"ISCS", Pack_iscs38, Unpack_iscs38, "ISCS 38-bit", {1, 1, 0, 1, 1}, {0x3FF, 0xFFFFFF, 0, 0x7}}, // from cardinfo.barkweb.com.au + {"PW39", Pack_pw39, Unpack_pw39, "Pyramid 39-bit wiegand format", {1, 1, 0, 0, 1}, {0xFFFF, 0xFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"P10001", Pack_P10001, Unpack_P10001, "HID P10001 Honeywell 40-bit", {1, 1, 0, 0, 0}, {0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"Casi40", Pack_CasiRusco40, Unpack_CasiRusco40, "Casi-Rusco 40-bit", {1, 0, 0, 0, 0}, {0, 0xFFFFFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"C1k48s", Pack_C1k48s, Unpack_C1k48s, "HID Corporate 1000 48-bit std", {1, 1, 0, 0, 1}, {0x003FFFFF, 0x007FFFFF, 0, 0}}, // imported from old pack/unpack + {"BC40", Pack_bc40, Unpack_bc40, "Bundy TimeClock 40-bit", {1, 1, 0, 1, 1}, {0xFFF, 0xFFFFF, 0, 0x7F}}, // from + {"Avig56", Pack_Avig56, Unpack_Avig56, "Avigilon 56-bit", {1, 1, 0, 0, 1}, {0xFFFFF, 0x3FFFFFFFF, 0, 0}}, + {"Defcon32", Pack_Defcon32, Unpack_Defcon32, "Custom Defcon RFCTF 42 BIT format", {1, 1, 1, 0, 1}, {0xFFFF, 0xFFFFF, 0xF, 0}}, // Created by (@micsen) for the CTF + {NULL, NULL, NULL, NULL, {0, 0, 0, 0, 0}, {0, 0, 0, 0}} // Must null terminate array }; void HIDListFormats(void) { @@ -1664,74 +1664,9 @@ void HIDUnpack(int idx, wiegand_message_t *packed) { } } -int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose) { - uint8_t n = length - 1; - uint8_t pad = data[0]; - char *binstr = (char *)calloc((length * 8) + 1, sizeof(uint8_t)); - if (binstr == NULL) { - return PM3_EMALLOC; - } - - bytes_2_binstr(binstr, data + 1, n); - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(data, length)); - PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - binstr[strlen(binstr) - pad] = '\0'; - PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); - - size_t hexlen = 0; - uint8_t hex[16] = {0}; - binstr_2_bytes(hex, &hexlen, binstr); - PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); - - uint32_t top = 0, mid = 0, bot = 0; - if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { - PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); - free(binstr); - return PM3_EINVARG; - } - - PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "Wiegand decode"); - wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); - HIDTryUnpack(&packed); - - PrintAndLogEx(NORMAL, ""); - - if (strlen(binstr) >= 26 && verbose) { - - // iCLASS Legacy - PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); - PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // HID Prox II - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); - PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - - // MIFARE Classic - char mfcbin[28] = {0}; - mfcbin[0] = '1'; - memcpy(mfcbin + 1, binstr, strlen(binstr)); - binstr_2_bytes(hex, &hexlen, mfcbin); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); - PrintAndLogEx(SUCCESS, " hf mf eclr;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); - PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); - PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); - PrintAndLogEx(NORMAL, ""); - - PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); - PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); - PrintAndLogEx(NORMAL, ""); - } - free(binstr); - return PM3_SUCCESS; -} +cardformatlimit_t get_card_format_limit(int format_idx){ + if ((format_idx < 0) || (format_idx > ARRAYLEN(FormatTable) - 2)) + return FormatTable[ARRAYLEN(FormatTable) - 1].FieldLimits; + else + return FormatTable[format_idx].FieldLimits; +} \ No newline at end of file diff --git a/client/src/wiegand_formats.h b/client/src/wiegand_formats.h index 630d9cbb4..51606b763 100644 --- a/client/src/wiegand_formats.h +++ b/client/src/wiegand_formats.h @@ -38,6 +38,13 @@ typedef struct { bool hasParity; } cardformatdescriptor_t; +typedef struct { + uint32_t FacilityCode; + uint64_t CardNumber; + uint32_t IssueLevel; + uint32_t OEM; +} cardformatlimit_t; + // Structure for defined Wiegand card formats available for packing/unpacking typedef struct { const char *Name; @@ -45,6 +52,7 @@ typedef struct { bool (*Unpack)(wiegand_message_t *packed, wiegand_card_t *card); const char *Descrp; cardformatdescriptor_t Fields; + cardformatlimit_t FieldLimits; } cardformat_t; void HIDListFormats(void); @@ -54,7 +62,7 @@ bool HIDPack(int format_idx, wiegand_card_t *card, wiegand_message_t *packed, bo bool HIDTryUnpack(wiegand_message_t *packed); void HIDPackTryAll(wiegand_card_t *card, bool preamble); void HIDUnpack(int idx, wiegand_message_t *packed); -int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose); void print_wiegand_code(wiegand_message_t *packed); void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed); +cardformatlimit_t get_card_format_limit(int format_idx); #endif From 80942c8badaef5a6d151ba18ac1246b809674ad8 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 3 Feb 2025 10:10:55 +0100 Subject: [PATCH 08/11] Fix ARM GCC14 warning error: '%02X' directive output may be truncated writing between 2 and 4 bytes into a region of size 3 [-Werror=format-truncation=] --- client/src/cmdhfseos.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index 65a00000d..479906aff 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -999,7 +999,7 @@ static int seos_pacs_adf_select(char *oid, int oid_len, uint8_t *get_data, int g snprintf(selectedOID, sizeof(selectedOID), "%s", oid); uint16_t selectedOIDLen = strlen(selectedOID); - char selectedOIDLenHex[3]; + char selectedOIDLenHex[5]; snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen) / 2); char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; @@ -1112,9 +1112,8 @@ static int seos_adf_select(char *oid, int oid_len, int key_index) { const char *ADFprefix = "06"; char selectedOID[100]; snprintf(selectedOID, sizeof(selectedOID), "%s", oid); - uint16_t selectedOIDLen = strlen(selectedOID); - char selectedOIDLenHex[3]; + char selectedOIDLenHex[5]; snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen) / 2); char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; From 272286f56581d7da059148b0d17f656464600adf Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 3 Feb 2025 10:11:28 +0100 Subject: [PATCH 09/11] Fix Opensuse-leap docker: use ARM GCC14 --- docker/opensuse-leap/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/opensuse-leap/Dockerfile b/docker/opensuse-leap/Dockerfile index f381bfd9e..701ac8505 100644 --- a/docker/opensuse-leap/Dockerfile +++ b/docker/opensuse-leap/Dockerfile @@ -6,7 +6,7 @@ RUN zypper --non-interactive install --no-recommends shadow sudo git patterns-de RUN zypper addrepo https://download.opensuse.org/repositories/home:wkazubski/15.6/home:wkazubski.repo && \ zypper --gpg-auto-import-keys refresh && \ - zypper --non-interactive install cross-arm-none-eabi-gcc13 cross-arm-none-eabi-newlib + zypper --non-interactive install cross-arm-none-eabi-gcc14 cross-arm-none-eabi-newlib RUN zypper --non-interactive install cmake python3 python3-pip && \ python3 -m pip install ansicolors sslcrypto From f0830ce6b0a03fe5198ef8cfd4cafd6d1aa9b7be Mon Sep 17 00:00:00 2001 From: Donny <107092000+Donny-Guo@users.noreply.github.com> Date: Mon, 3 Feb 2025 01:58:08 -0800 Subject: [PATCH 10/11] Remove new struct and recover missing code section --- client/src/cmdlfhid.c | 6 +- client/src/wiegand_formats.c | 157 +++++++++++++++++++++++++---------- client/src/wiegand_formats.h | 14 ++-- 3 files changed, 119 insertions(+), 58 deletions(-) diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 5c97c6683..baed95b29 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -544,7 +544,7 @@ static int CmdHIDBrute(const char *Cmd) { } wiegand_card_t card_hi, card_low; - cardformatlimit_t limit = get_card_format_limit(format_idx); + cardformatdescriptor_t card_descriptor = HIDGetCardFormat(format_idx).Fields; memset(&card_hi, 0, sizeof(wiegand_card_t)); char field[3] = {0}; @@ -624,13 +624,13 @@ static int CmdHIDBrute(const char *Cmd) { return PM3_ESOFT; } if (strcmp(field, "fc") == 0) { - if (card_hi.FacilityCode < limit.FacilityCode) { + if (card_hi.FacilityCode < card_descriptor.MaxFC) { card_hi.FacilityCode++; } else { fin_hi = true; } } else if (strcmp(field, "cn") == 0) { - if (card_hi.CardNumber < limit.CardNumber) { + if (card_hi.CardNumber < card_descriptor.MaxCN) { card_hi.CardNumber++; } else { fin_hi = true; diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index 4641ec3c9..34d4bdb51 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -1499,46 +1499,46 @@ static void hid_print_card(wiegand_card_t *card, const cardformat_t format) { } static const cardformat_t FormatTable[] = { - {"H10301", Pack_H10301, Unpack_H10301, "HID H10301 26-bit", {1, 1, 0, 0, 1}, {0xFF, 0xFFFF, 0, 0}}, // imported from old pack/unpack - {"ind26", Pack_ind26, Unpack_ind26, "Indala 26-bit", {1, 1, 0, 0, 1}, {0xFFF, 0xFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"ind27", Pack_ind27, Unpack_ind27, "Indala 27-bit", {1, 1, 0, 0, 0}, {0x1FFF, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"indasc27", Pack_indasc27, Unpack_indasc27, "Indala ASC 27-bit", {1, 1, 0, 0, 0}, {0x1FFF, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"Tecom27", Pack_Tecom27, Unpack_Tecom27, "Tecom 27-bit", {1, 1, 0, 0, 0}, {0x7FF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"2804W", Pack_2804W, Unpack_2804W, "2804 Wiegand 28-bit", {1, 1, 0, 0, 1}, {0xFF, 0x7FFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"ind29", Pack_ind29, Unpack_ind29, "Indala 29-bit", {1, 1, 0, 0, 0}, {0x1FFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"ATSW30", Pack_ATSW30, Unpack_ATSW30, "ATS Wiegand 30-bit", {1, 1, 0, 0, 1}, {0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"ADT31", Pack_ADT31, Unpack_ADT31, "HID ADT 31-bit", {1, 1, 0, 0, 0}, {0xF, 0x7FFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"HCP32", Pack_hcp32, Unpack_hcp32, "HID Check Point 32-bit", {1, 0, 0, 0, 0}, {0, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"HPP32", Pack_hpp32, Unpack_hpp32, "HID Hewlett-Packard 32-bit", {1, 1, 0, 0, 0}, {0xFFF, 0x1FFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"Kastle", Pack_Kastle, Unpack_Kastle, "Kastle 32-bit", {1, 1, 1, 0, 1}, {0xFF, 0xFFFF, 0x1F, 0}}, // from @xilni; PR #23 on RfidResearchGroup/proxmark3 - {"Kantech", Pack_Kantech, Unpack_Kantech, "Indala/Kantech KFS 32-bit", {1, 1, 0, 0, 0}, {0xFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"WIE32", Pack_wie32, Unpack_wie32, "Wiegand 32-bit", {1, 1, 0, 0, 0}, {0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"D10202", Pack_D10202, Unpack_D10202, "HID D10202 33-bit", {1, 1, 0, 0, 1}, {0x7F, 0xFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"H10306", Pack_H10306, Unpack_H10306, "HID H10306 34-bit", {1, 1, 0, 0, 1}, {0xFFFF, 0xFFFF, 0, 0}}, // imported from old pack/unpack - {"N10002", Pack_N10002, Unpack_N10002, "Honeywell/Northern N10002 34-bit", {1, 1, 0, 0, 1}, {0xFFFF, 0xFFFF, 0, 0}}, // from proxclone.com - {"Optus34", Pack_Optus, Unpack_Optus, "Indala Optus 34-bit", {1, 1, 0, 0, 0}, {0x3FF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"SMP34", Pack_Smartpass, Unpack_Smartpass, "Cardkey Smartpass 34-bit", {1, 1, 1, 0, 0}, {0x3FF, 0xFFFF, 0x7, 0}}, // from cardinfo.barkweb.com.au - {"BQT34", Pack_bqt34, Unpack_bqt34, "BQT 34-bit", {1, 1, 0, 0, 1}, {0xFF, 0xFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"C1k35s", Pack_C1k35s, Unpack_C1k35s, "HID Corporate 1000 35-bit std", {1, 1, 0, 0, 1}, {0xFFF, 0xFFFFF, 0, 0}}, // imported from old pack/unpack - {"C15001", Pack_C15001, Unpack_C15001, "HID KeyScan 36-bit", {1, 1, 0, 1, 1}, {0xFF, 0xFFFF, 0, 0x3FF}}, // from Proxmark forums - {"S12906", Pack_S12906, Unpack_S12906, "HID Simplex 36-bit", {1, 1, 1, 0, 1}, {0xFF, 0x3, 0xFFFFFF, 0}}, // from cardinfo.barkweb.com.au - {"Sie36", Pack_Sie36, Unpack_Sie36, "HID 36-bit Siemens", {1, 1, 0, 0, 1}, {0x3FFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"H10320", Pack_H10320, Unpack_H10320, "HID H10320 37-bit BCD", {1, 0, 0, 0, 1}, {0, 99999999, 0, 0}}, // from Proxmark forums - {"H10302", Pack_H10302, Unpack_H10302, "HID H10302 37-bit huge ID", {1, 0, 0, 0, 1}, {0, 0x7FFFFFFFF, 0, 0}}, // from Proxmark forums - {"H10304", Pack_H10304, Unpack_H10304, "HID H10304 37-bit", {1, 1, 0, 0, 1}, {0xFFFF, 0x7FFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"P10004", Pack_P10004, Unpack_P10004, "HID P10004 37-bit PCSC", {1, 1, 0, 0, 0}, {0x1FFF, 0x3FFFF, 0, 0}}, // from @bthedorff; PR #1559 - {"HGen37", Pack_HGeneric37, Unpack_HGeneric37, "HID Generic 37-bit", {1, 0, 0, 0, 1}, {0, 0x7FFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"MDI37", Pack_MDI37, Unpack_MDI37, "PointGuard MDI 37-bit", {1, 1, 0, 0, 1}, {0xF, 0x1FFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"BQT38", Pack_bqt38, Unpack_bqt38, "BQT 38-bit", {1, 1, 1, 0, 1}, {0xFFF, 0x3FFFF, 0x7, 0}}, // from cardinfo.barkweb.com.au - {"ISCS", Pack_iscs38, Unpack_iscs38, "ISCS 38-bit", {1, 1, 0, 1, 1}, {0x3FF, 0xFFFFFF, 0, 0x7}}, // from cardinfo.barkweb.com.au - {"PW39", Pack_pw39, Unpack_pw39, "Pyramid 39-bit wiegand format", {1, 1, 0, 0, 1}, {0xFFFF, 0xFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"P10001", Pack_P10001, Unpack_P10001, "HID P10001 Honeywell 40-bit", {1, 1, 0, 0, 0}, {0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"Casi40", Pack_CasiRusco40, Unpack_CasiRusco40, "Casi-Rusco 40-bit", {1, 0, 0, 0, 0}, {0, 0xFFFFFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au - {"C1k48s", Pack_C1k48s, Unpack_C1k48s, "HID Corporate 1000 48-bit std", {1, 1, 0, 0, 1}, {0x003FFFFF, 0x007FFFFF, 0, 0}}, // imported from old pack/unpack - {"BC40", Pack_bc40, Unpack_bc40, "Bundy TimeClock 40-bit", {1, 1, 0, 1, 1}, {0xFFF, 0xFFFFF, 0, 0x7F}}, // from - {"Avig56", Pack_Avig56, Unpack_Avig56, "Avigilon 56-bit", {1, 1, 0, 0, 1}, {0xFFFFF, 0x3FFFFFFFF, 0, 0}}, - {"Defcon32", Pack_Defcon32, Unpack_Defcon32, "Custom Defcon RFCTF 42 BIT format", {1, 1, 1, 0, 1}, {0xFFFF, 0xFFFFF, 0xF, 0}}, // Created by (@micsen) for the CTF - {NULL, NULL, NULL, NULL, {0, 0, 0, 0, 0}, {0, 0, 0, 0}} // Must null terminate array + {"H10301", Pack_H10301, Unpack_H10301, "HID H10301 26-bit", {1, 1, 0, 0, 1, 0xFF, 0xFFFF, 0, 0}}, // imported from old pack/unpack + {"ind26", Pack_ind26, Unpack_ind26, "Indala 26-bit", {1, 1, 0, 0, 1, 0xFFF, 0xFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ind27", Pack_ind27, Unpack_ind27, "Indala 27-bit", {1, 1, 0, 0, 0, 0x1FFF, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"indasc27", Pack_indasc27, Unpack_indasc27, "Indala ASC 27-bit", {1, 1, 0, 0, 0, 0x1FFF, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"Tecom27", Pack_Tecom27, Unpack_Tecom27, "Tecom 27-bit", {1, 1, 0, 0, 0, 0x7FF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"2804W", Pack_2804W, Unpack_2804W, "2804 Wiegand 28-bit", {1, 1, 0, 0, 1, 0xFF, 0x7FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ind29", Pack_ind29, Unpack_ind29, "Indala 29-bit", {1, 1, 0, 0, 0, 0x1FFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ATSW30", Pack_ATSW30, Unpack_ATSW30, "ATS Wiegand 30-bit", {1, 1, 0, 0, 1, 0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"ADT31", Pack_ADT31, Unpack_ADT31, "HID ADT 31-bit", {1, 1, 0, 0, 0, 0xF, 0x7FFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"HCP32", Pack_hcp32, Unpack_hcp32, "HID Check Point 32-bit", {1, 0, 0, 0, 0, 0, 0x3FFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"HPP32", Pack_hpp32, Unpack_hpp32, "HID Hewlett-Packard 32-bit", {1, 1, 0, 0, 0, 0xFFF, 0x1FFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"Kastle", Pack_Kastle, Unpack_Kastle, "Kastle 32-bit", {1, 1, 1, 0, 1, 0xFF, 0xFFFF, 0x1F, 0}}, // from @xilni; PR #23 on RfidResearchGroup/proxmark3 + {"Kantech", Pack_Kantech, Unpack_Kantech, "Indala/Kantech KFS 32-bit", {1, 1, 0, 0, 0, 0xFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"WIE32", Pack_wie32, Unpack_wie32, "Wiegand 32-bit", {1, 1, 0, 0, 0, 0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"D10202", Pack_D10202, Unpack_D10202, "HID D10202 33-bit", {1, 1, 0, 0, 1, 0x7F, 0xFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"H10306", Pack_H10306, Unpack_H10306, "HID H10306 34-bit", {1, 1, 0, 0, 1, 0xFFFF, 0xFFFF, 0, 0}}, // imported from old pack/unpack + {"N10002", Pack_N10002, Unpack_N10002, "Honeywell/Northern N10002 34-bit", {1, 1, 0, 0, 1, 0xFFFF, 0xFFFF, 0, 0}}, // from proxclone.com + {"Optus34", Pack_Optus, Unpack_Optus, "Indala Optus 34-bit", {1, 1, 0, 0, 0, 0x3FF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"SMP34", Pack_Smartpass, Unpack_Smartpass, "Cardkey Smartpass 34-bit", {1, 1, 1, 0, 0, 0x3FF, 0xFFFF, 0x7, 0}}, // from cardinfo.barkweb.com.au + {"BQT34", Pack_bqt34, Unpack_bqt34, "BQT 34-bit", {1, 1, 0, 0, 1, 0xFF, 0xFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"C1k35s", Pack_C1k35s, Unpack_C1k35s, "HID Corporate 1000 35-bit std", {1, 1, 0, 0, 1, 0xFFF, 0xFFFFF, 0, 0}}, // imported from old pack/unpack + {"C15001", Pack_C15001, Unpack_C15001, "HID KeyScan 36-bit", {1, 1, 0, 1, 1, 0xFF, 0xFFFF, 0, 0x3FF}}, // from Proxmark forums + {"S12906", Pack_S12906, Unpack_S12906, "HID Simplex 36-bit", {1, 1, 1, 0, 1, 0xFF, 0x3, 0xFFFFFF, 0}}, // from cardinfo.barkweb.com.au + {"Sie36", Pack_Sie36, Unpack_Sie36, "HID 36-bit Siemens", {1, 1, 0, 0, 1, 0x3FFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"H10320", Pack_H10320, Unpack_H10320, "HID H10320 37-bit BCD", {1, 0, 0, 0, 1, 0, 99999999, 0, 0}}, // from Proxmark forums + {"H10302", Pack_H10302, Unpack_H10302, "HID H10302 37-bit huge ID", {1, 0, 0, 0, 1, 0, 0x7FFFFFFFF, 0, 0}}, // from Proxmark forums + {"H10304", Pack_H10304, Unpack_H10304, "HID H10304 37-bit", {1, 1, 0, 0, 1, 0xFFFF, 0x7FFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"P10004", Pack_P10004, Unpack_P10004, "HID P10004 37-bit PCSC", {1, 1, 0, 0, 0, 0x1FFF, 0x3FFFF, 0, 0}}, // from @bthedorff; PR #1559 + {"HGen37", Pack_HGeneric37, Unpack_HGeneric37, "HID Generic 37-bit", {1, 0, 0, 0, 1, 0, 0x7FFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"MDI37", Pack_MDI37, Unpack_MDI37, "PointGuard MDI 37-bit", {1, 1, 0, 0, 1, 0xF, 0x1FFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"BQT38", Pack_bqt38, Unpack_bqt38, "BQT 38-bit", {1, 1, 1, 0, 1, 0xFFF, 0x3FFFF, 0x7, 0}}, // from cardinfo.barkweb.com.au + {"ISCS", Pack_iscs38, Unpack_iscs38, "ISCS 38-bit", {1, 1, 0, 1, 1, 0x3FF, 0xFFFFFF, 0, 0x7}}, // from cardinfo.barkweb.com.au + {"PW39", Pack_pw39, Unpack_pw39, "Pyramid 39-bit wiegand format", {1, 1, 0, 0, 1, 0xFFFF, 0xFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"P10001", Pack_P10001, Unpack_P10001, "HID P10001 Honeywell 40-bit", {1, 1, 0, 0, 0, 0xFFF, 0xFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"Casi40", Pack_CasiRusco40, Unpack_CasiRusco40, "Casi-Rusco 40-bit", {1, 0, 0, 0, 0, 0, 0xFFFFFFFFFF, 0, 0}}, // from cardinfo.barkweb.com.au + {"C1k48s", Pack_C1k48s, Unpack_C1k48s, "HID Corporate 1000 48-bit std", {1, 1, 0, 0, 1, 0x003FFFFF, 0x007FFFFF, 0, 0}}, // imported from old pack/unpack + {"BC40", Pack_bc40, Unpack_bc40, "Bundy TimeClock 40-bit", {1, 1, 0, 1, 1, 0xFFF, 0xFFFFF, 0, 0x7F}}, // from + {"Avig56", Pack_Avig56, Unpack_Avig56, "Avigilon 56-bit", {1, 1, 0, 0, 1, 0xFFFFF, 0x3FFFFFFFF, 0, 0}}, + {"Defcon32", Pack_Defcon32, Unpack_Defcon32, "Custom Defcon RFCTF 42 BIT format", {1, 1, 1, 0, 1, 0xFFFF, 0xFFFFF, 0xF, 0}}, // Created by (@micsen) for the CTF + {NULL, NULL, NULL, NULL, {0, 0, 0, 0, 0, 0, 0, 0, 0}} // Must null terminate array }; void HIDListFormats(void) { @@ -1664,9 +1664,74 @@ void HIDUnpack(int idx, wiegand_message_t *packed) { } } -cardformatlimit_t get_card_format_limit(int format_idx){ - if ((format_idx < 0) || (format_idx > ARRAYLEN(FormatTable) - 2)) - return FormatTable[ARRAYLEN(FormatTable) - 1].FieldLimits; - else - return FormatTable[format_idx].FieldLimits; -} \ No newline at end of file +int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose) { + uint8_t n = length - 1; + uint8_t pad = data[0]; + char *binstr = (char *)calloc((length * 8) + 1, sizeof(uint8_t)); + if (binstr == NULL) { + return PM3_EMALLOC; + } + + bytes_2_binstr(binstr, data + 1, n); + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(SUCCESS, "PACS......... " _GREEN_("%s"), sprint_hex_inrow(data, length)); + PrintAndLogEx(SUCCESS, "padded bin... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + binstr[strlen(binstr) - pad] = '\0'; + PrintAndLogEx(SUCCESS, "bin.......... " _GREEN_("%s") " ( %zu )", binstr, strlen(binstr)); + + size_t hexlen = 0; + uint8_t hex[16] = {0}; + binstr_2_bytes(hex, &hexlen, binstr); + PrintAndLogEx(SUCCESS, "hex.......... " _GREEN_("%s"), sprint_hex_inrow(hex, hexlen)); + + uint32_t top = 0, mid = 0, bot = 0; + if (binstring_to_u96(&top, &mid, &bot, binstr) != strlen(binstr)) { + PrintAndLogEx(ERR, "Binary string contains none <0|1> chars"); + free(binstr); + return PM3_EINVARG; + } + + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "Wiegand decode"); + wiegand_message_t packed = initialize_message_object(top, mid, bot, strlen(binstr)); + HIDTryUnpack(&packed); + + PrintAndLogEx(NORMAL, ""); + + if (strlen(binstr) >= 26 && verbose) { + + // iCLASS Legacy + PrintAndLogEx(INFO, "Clone to " _YELLOW_("iCLASS Legacy")); + PrintAndLogEx(SUCCESS, " hf iclass encode --ki 0 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // HID Prox II + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("HID Prox II")); + PrintAndLogEx(SUCCESS, " lf hid clone -w H10301 --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + + // MIFARE Classic + char mfcbin[28] = {0}; + mfcbin[0] = '1'; + memcpy(mfcbin + 1, binstr, strlen(binstr)); + binstr_2_bytes(hex, &hexlen, mfcbin); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic") " (Pm3 simulation)"); + PrintAndLogEx(SUCCESS, " hf mf eclr;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 0 -d 049DBA42A23E80884400C82000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 1 -d 1B014D48000000000000000000000000;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 3 -d A0A1A2A3A4A5787788C189ECA97F8C2A;"); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 5 -d 020000000000000000000000%s;", sprint_hex_inrow(hex, hexlen)); + PrintAndLogEx(SUCCESS, " hf mf esetblk --blk 7 -d 484944204953787788AA204752454154;"); + PrintAndLogEx(SUCCESS, " hf mf sim --1k -i;"); + PrintAndLogEx(NORMAL, ""); + + PrintAndLogEx(INFO, "Downgrade to " _YELLOW_("MIFARE Classic 1K")); + PrintAndLogEx(SUCCESS, " hf mf encodehid --bin %s", binstr); + PrintAndLogEx(NORMAL, ""); + } + free(binstr); + return PM3_SUCCESS; +} diff --git a/client/src/wiegand_formats.h b/client/src/wiegand_formats.h index 51606b763..1063c2859 100644 --- a/client/src/wiegand_formats.h +++ b/client/src/wiegand_formats.h @@ -36,15 +36,12 @@ typedef struct { bool hasIssueLevel; bool hasOEMCode; bool hasParity; + uint32_t MaxFC; // max Facility Code + uint64_t MaxCN; // max CardNumber + uint32_t MaxIL; // max IssueLevel + uint32_t MaxOEM;// max OEM } cardformatdescriptor_t; -typedef struct { - uint32_t FacilityCode; - uint64_t CardNumber; - uint32_t IssueLevel; - uint32_t OEM; -} cardformatlimit_t; - // Structure for defined Wiegand card formats available for packing/unpacking typedef struct { const char *Name; @@ -52,7 +49,6 @@ typedef struct { bool (*Unpack)(wiegand_message_t *packed, wiegand_card_t *card); const char *Descrp; cardformatdescriptor_t Fields; - cardformatlimit_t FieldLimits; } cardformat_t; void HIDListFormats(void); @@ -62,7 +58,7 @@ bool HIDPack(int format_idx, wiegand_card_t *card, wiegand_message_t *packed, bo bool HIDTryUnpack(wiegand_message_t *packed); void HIDPackTryAll(wiegand_card_t *card, bool preamble); void HIDUnpack(int idx, wiegand_message_t *packed); +int HIDDumpPACSBits(const uint8_t *const data, const uint8_t length, bool verbose); void print_wiegand_code(wiegand_message_t *packed); void print_desc_wiegand(cardformat_t *fmt, wiegand_message_t *packed); -cardformatlimit_t get_card_format_limit(int format_idx); #endif From 53a1d5be015012a1912052588c058955140bc351 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 3 Feb 2025 16:14:28 +0100 Subject: [PATCH 11/11] better fix, thanks @iceman --- client/src/cmdhfseos.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/cmdhfseos.c b/client/src/cmdhfseos.c index 479906aff..3160c1c84 100644 --- a/client/src/cmdhfseos.c +++ b/client/src/cmdhfseos.c @@ -999,8 +999,8 @@ static int seos_pacs_adf_select(char *oid, int oid_len, uint8_t *get_data, int g snprintf(selectedOID, sizeof(selectedOID), "%s", oid); uint16_t selectedOIDLen = strlen(selectedOID); - char selectedOIDLenHex[5]; - snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen) / 2); + char selectedOIDLenHex[3]; + snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen >> 1) & 0xFF); char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; snprintf(selectedADF, sizeof(selectedADF), "%s%s%s", ADFprefix, selectedOIDLenHex, selectedOID); @@ -1113,8 +1113,8 @@ static int seos_adf_select(char *oid, int oid_len, int key_index) { char selectedOID[100]; snprintf(selectedOID, sizeof(selectedOID), "%s", oid); uint16_t selectedOIDLen = strlen(selectedOID); - char selectedOIDLenHex[5]; - snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen) / 2); + char selectedOIDLenHex[3]; + snprintf(selectedOIDLenHex, sizeof(selectedOIDLenHex), "%02X", (selectedOIDLen >> 1) & 0xFF); char selectedADF[strlen(ADFprefix) + strlen(selectedOIDLenHex) + selectedOIDLen + 1]; snprintf(selectedADF, sizeof(selectedADF), "%s%s%s", ADFprefix, selectedOIDLenHex, selectedOID);