diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b6622413..eab266b2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Added new standalone mode `hf_15SNIFF` - Same as `hf_14ASNIFF` standalone mode for RDV4 - flashmem - Added support for MIFARE DESFire application creation without authentication (@joswr1ght) - Changed drastically Hitag S ARM code to remove state machines and ease way to build new commands (@doegox) - Fixed Hitag S crypto mode with key or NrAr, fixed `lf hitag cc`, fixed pwd dump in hitagS dump with LKP (@doegox) diff --git a/armsrc/Standalone/Makefile.hal b/armsrc/Standalone/Makefile.hal index f8277da97..0d6b0527a 100644 --- a/armsrc/Standalone/Makefile.hal +++ b/armsrc/Standalone/Makefile.hal @@ -62,6 +62,9 @@ define KNOWN_STANDALONE_DEFINITIONS | HF_14ASNIFF | 14a sniff to flashmem | | (RDV4 only) | | +----------------------------------------------------------+ +| HF_15SNIFF | 15693 sniff to flashmem | +| (RDV4 only) | | ++----------------------------------------------------------+ | HF_AVEFUL | Mifare ultralight read/simulation | | | - Ave Ozkal | +----------------------------------------------------------+ @@ -107,10 +110,10 @@ define KNOWN_STANDALONE_DEFINITIONS endef STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID -STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI +STANDALONE_MODES += HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI STANDALONE_MODES_REQ_BT := HF_REBLAY STANDALONE_MODES_REQ_SMARTCARD := -STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM +STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_15SNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),) STANDALONE_PLATFORM_DEFS += -DWITH_STANDALONE_$(STANDALONE) ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES_REQ_SMARTCARD)),) diff --git a/armsrc/Standalone/Makefile.inc b/armsrc/Standalone/Makefile.inc index 021d219f4..6f8e3c994 100644 --- a/armsrc/Standalone/Makefile.inc +++ b/armsrc/Standalone/Makefile.inc @@ -57,6 +57,10 @@ endif ifneq (,$(findstring WITH_STANDALONE_HF_14ASNIFF,$(APP_CFLAGS))) SRC_STANDALONE = hf_14asniff.c endif +# WITH_STANDALONE_HF_15SNIFF +ifneq (,$(findstring WITH_STANDALONE_HF_15SNIFF,$(APP_CFLAGS))) + SRC_STANDALONE = hf_15sniff.c +endif # WITH_STANDALONE_HF_AVEFUL ifneq (,$(findstring WITH_STANDALONE_HF_AVEFUL,$(APP_CFLAGS))) SRC_STANDALONE = hf_aveful.c diff --git a/armsrc/Standalone/hf_15sniff.c b/armsrc/Standalone/hf_15sniff.c new file mode 100644 index 000000000..45d837859 --- /dev/null +++ b/armsrc/Standalone/hf_15sniff.c @@ -0,0 +1,137 @@ +//----------------------------------------------------------------------------- +// Copyright (C) Nathan Glaser, 2021 +// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// See LICENSE.txt for the text of the license. +//----------------------------------------------------------------------------- +// main code for standalone HF/iso15693 Sniff to flash +//----------------------------------------------------------------------------- + +/* + * This is 95% the same code as Michael Farrell's hf_14ASNIFF Standalone mode. + * + * `hf_15693sniff` passively sniffs ISO15693 frames, and stores them in internal + * flash. It requires RDV4 hardware (for flash and battery). + * + * On entering stand-alone mode, this module will start sniffing ISO15693 frames. + * This will be stored in the normal trace buffer (ie: in RAM -- will be lost + * at power-off). + * + * Short-pressing the button again will stop sniffing, and at _this_ point + * append trace data from RAM to a file in flash (hf_15693sniff.trace) and unmount. + * + * Once the data is saved, standalone mode will exit. + * + * LEDs: + * - LED1: sniffing + * - LED2: sniffed tag command, turns off when finished sniffing reader command + * - LED3: sniffed reader command, turns off when finished sniffing tag command + * - LED4: unmounting/sync'ing flash (normally < 100ms) + * + * To retrieve trace data from flash: + * + * 1. mem spiffs dump -s hf_15693sniff.trace -d hf_15693sniff.trace + * Copies trace data file from flash to your PC. + * + * 2. trace load hf_15693sniff.trace + * Loads trace data from a file into PC-side buffers. + * + * 3. For ISO15693: trace list -t 15 -1 + * + * Lists trace data from buffer without requesting it from PM3. + * + * This module emits debug strings during normal operation -- so try it out in + * the lab connected to PM3 client before taking it into the field. + * + * To delete the trace data from flash: + * + * Caveats / notes: + * - Trace buffer will be cleared on starting stand-alone mode. Data in flash + * will remain unless explicitly deleted. + * - This module will terminate if the trace buffer is full (and save data to + * flash). + * - Like normal sniffing mode, timestamps overflow after 5 min 16 sec. + * However, the trace buffer is sequential, so will be in the correct order. + */ + +#include "standalone.h" // standalone definitions +#include "proxmark3_arm.h" +#include "fpgaloader.h" +#include "iso15693.h" +#include "iso15.h" +#include "util.h" +#include "spiffs.h" +#include "appmain.h" +#include "dbprint.h" +#include "ticks.h" +#include "BigBuf.h" + + + + +#define HF_15693SNIFF_LOGFILE "hf_15693sniff.trace" + +static void DownloadTraceInstructions(void) { + Dbprintf(""); + Dbprintf("To get the trace from flash and display it:"); + Dbprintf("1. mem spiffs dump -s "HF_15693SNIFF_LOGFILE" -d hf_15693sniff.trace"); + Dbprintf("2. trace load -f hf_15693sniff.trace"); + Dbprintf("3. trace list -t 15 -1"); +} + +void ModInfo(void) { + DbpString(" HF 15693 SNIFF, a ISO15693 sniffer with storing in flashmem (Nathan Glaser)"); +// DownloadTraceInstructions(); +} + +void RunMod(void) { + StandAloneMode(); + + Dbprintf(_YELLOW_("HF 15693 SNIFF started")); + rdv40_spiffs_lazy_mount(); + + SniffIso15693(0, NULL); + + Dbprintf("Stopped sniffing"); + SpinDelay(200); + + // Write stuff to spiffs logfile + uint32_t trace_len = BigBuf_get_traceLen(); + if (trace_len > 0) { + Dbprintf("[!] Trace length (bytes) = %u", trace_len); + + uint8_t *trace_buffer = BigBuf_get_addr(); + if (!exists_in_spiffs(HF_15693SNIFF_LOGFILE)) { + rdv40_spiffs_write( + HF_15693SNIFF_LOGFILE, trace_buffer, trace_len, RDV40_SPIFFS_SAFETY_SAFE); + Dbprintf("[!] Wrote trace to "HF_15693SNIFF_LOGFILE); + } else { + rdv40_spiffs_append( + HF_15693SNIFF_LOGFILE, trace_buffer, trace_len, RDV40_SPIFFS_SAFETY_SAFE); + Dbprintf("[!] Appended trace to "HF_15693SNIFF_LOGFILE); + } + } else { + Dbprintf("[!] Trace buffer is empty, nothing to write!"); + } + + LED_D_ON(); + rdv40_spiffs_lazy_unmount(); + LED_D_OFF(); + + SpinErr(LED_A, 200, 5); + SpinDelay(100); + + Dbprintf("-=[ exit ]=-"); + LEDsoff(); + DownloadTraceInstructions(); +} diff --git a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md index 150ad762a..5813caf48 100644 --- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md +++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md @@ -113,6 +113,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo | LF_SKELETON | standalone mode skeleton - Iceman1001 | LF_THAREXDE | LF EM4x50 simulator/read standalone mode - tharexde | HF_14ASNIFF | 14a sniff storing to flashmem - Micolous +| HF_15SNIFF | 15693 sniff storing to flashmem - Glaser | HF_AVEFUL | MIFARE Ultralight read/simulation - Ave Ozkal | HF_BOG | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito | HF_CRAFTBYTE | UID stealer - Emulates scanned 14a UID - Anze Jensterle diff --git a/tools/build_all_firmwares.sh b/tools/build_all_firmwares.sh index 019586c65..7514a9757 100755 --- a/tools/build_all_firmwares.sh +++ b/tools/build_all_firmwares.sh @@ -31,10 +31,10 @@ mv bootrom/obj/bootrom.elf "$DEST/PM3BOOTROM.elf" # cf armsrc/Standalone/Makefile.hal STANDALONE_MODES=(LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID) -STANDALONE_MODES+=(HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI) +STANDALONE_MODES+=(HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI) STANDALONE_MODES_REQ_BT=(HF_REBLAY) STANDALONE_MODES_REQ_SMARTCARD=() -STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM) +STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_15SNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM) # PM3GENERIC 256kb, no flash, need to skip some parts to reduce size