Merge pull request #1554 from startrk1995/15693-sniff-rdv4-flashmem

15693 sniff rdv4 flashmem

CHANGELOG.md

@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Added new standalone mode `hf_15SNIFF` - Same as `hf_14ASNIFF` standalone mode for RDV4 - flashmem
  - Added support for MIFARE DESFire application creation without authentication (@joswr1ght)
  - Changed drastically Hitag S ARM code to remove state machines and ease way to build new commands (@doegox)
  - Fixed Hitag S crypto mode with key or NrAr, fixed `lf hitag cc`, fixed pwd dump in hitagS dump with LKP (@doegox)

armsrc/Standalone/Makefile.hal

@@ -62,6 +62,9 @@ define KNOWN_STANDALONE_DEFINITIONS
 | HF_14ASNIFF     | 14a sniff to flashmem                  |
 | (RDV4 only)     |                                        |
 +----------------------------------------------------------+
+| HF_15SNIFF      | 15693 sniff to flashmem                |
+| (RDV4 only)     |                                        |
++----------------------------------------------------------+
 | HF_AVEFUL       | Mifare ultralight read/simulation      |
 |                 | - Ave Ozkal                            |
 +----------------------------------------------------------+
@@ -107,10 +110,10 @@ define KNOWN_STANDALONE_DEFINITIONS
 endef
 
 STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID
-STANDALONE_MODES += HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI
+STANDALONE_MODES += HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI
 STANDALONE_MODES_REQ_BT := HF_REBLAY
 STANDALONE_MODES_REQ_SMARTCARD :=
-STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM
+STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_15SNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM
 ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES)),)
     STANDALONE_PLATFORM_DEFS += -DWITH_STANDALONE_$(STANDALONE)
     ifneq ($(filter $(STANDALONE),$(STANDALONE_MODES_REQ_SMARTCARD)),)

armsrc/Standalone/Makefile.inc

@@ -57,6 +57,10 @@ endif
 ifneq (,$(findstring WITH_STANDALONE_HF_14ASNIFF,$(APP_CFLAGS)))
     SRC_STANDALONE = hf_14asniff.c
 endif
+# WITH_STANDALONE_HF_15SNIFF
+ifneq (,$(findstring WITH_STANDALONE_HF_15SNIFF,$(APP_CFLAGS)))
+    SRC_STANDALONE = hf_15sniff.c
+endif
 # WITH_STANDALONE_HF_AVEFUL
 ifneq (,$(findstring WITH_STANDALONE_HF_AVEFUL,$(APP_CFLAGS)))
     SRC_STANDALONE = hf_aveful.c

armsrc/Standalone/hf_15sniff.c

@@ -0,0 +1,137 @@
+//-----------------------------------------------------------------------------
+// Copyright (C) Nathan Glaser, 2021
+// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// See LICENSE.txt for the text of the license.
+//-----------------------------------------------------------------------------
+// main code for standalone HF/iso15693 Sniff to flash
+//-----------------------------------------------------------------------------
+
+/*
+ * This is 95% the same code as Michael Farrell's hf_14ASNIFF Standalone mode.
+ *
+ * `hf_15693sniff` passively sniffs ISO15693 frames, and stores them in internal
+ * flash. It requires RDV4 hardware (for flash and battery).
+ *
+ * On entering stand-alone mode, this module will start sniffing ISO15693 frames.
+ * This will be stored in the normal trace buffer (ie: in RAM -- will be lost
+ * at power-off).
+ *
+ * Short-pressing the button again will stop sniffing, and at _this_ point
+ * append trace data from RAM to a file in flash (hf_15693sniff.trace) and unmount.
+ *
+ * Once the data is saved, standalone mode will exit.
+ *
+ * LEDs:
+ * - LED1: sniffing
+ * - LED2: sniffed tag command, turns off when finished sniffing reader command
+ * - LED3: sniffed reader command, turns off when finished sniffing tag command
+ * - LED4: unmounting/sync'ing flash (normally < 100ms)
+ *
+ * To retrieve trace data from flash:
+ *
+ * 1. mem spiffs dump -s hf_15693sniff.trace -d hf_15693sniff.trace
+ *    Copies trace data file from flash to your PC.
+ *
+ * 2. trace load hf_15693sniff.trace
+ *    Loads trace data from a file into PC-side buffers.
+ *
+ * 3. For ISO15693: trace list -t 15 -1
+ *
+ *    Lists trace data from buffer without requesting it from PM3.
+ *
+ * This module emits debug strings during normal operation -- so try it out in
+ * the lab connected to PM3 client before taking it into the field.
+ *
+ * To delete the trace data from flash:
+ *
+ * Caveats / notes:
+ * - Trace buffer will be cleared on starting stand-alone mode. Data in flash
+ *   will remain unless explicitly deleted.
+ * - This module will terminate if the trace buffer is full (and save data to
+ *   flash).
+ * - Like normal sniffing mode, timestamps overflow after 5 min 16 sec.
+ *   However, the trace buffer is sequential, so will be in the correct order.
+ */
+
+#include "standalone.h" // standalone definitions
+#include "proxmark3_arm.h"
+#include "fpgaloader.h"
+#include "iso15693.h"
+#include "iso15.h"
+#include "util.h"
+#include "spiffs.h"
+#include "appmain.h"
+#include "dbprint.h"
+#include "ticks.h"
+#include "BigBuf.h"
+
+
+
+
+#define HF_15693SNIFF_LOGFILE "hf_15693sniff.trace"
+
+static void DownloadTraceInstructions(void) {
+    Dbprintf("");
+    Dbprintf("To get the trace from flash and display it:");
+    Dbprintf("1. mem spiffs dump -s "HF_15693SNIFF_LOGFILE" -d hf_15693sniff.trace");
+    Dbprintf("2. trace load -f hf_15693sniff.trace");
+    Dbprintf("3. trace list -t 15 -1");
+}
+
+void ModInfo(void) {
+    DbpString(" HF 15693 SNIFF,  a ISO15693 sniffer with storing in flashmem (Nathan Glaser)");
+//    DownloadTraceInstructions();
+}
+
+void RunMod(void) {
+    StandAloneMode();
+
+    Dbprintf(_YELLOW_("HF 15693 SNIFF started"));
+    rdv40_spiffs_lazy_mount();
+
+    SniffIso15693(0, NULL);
+
+    Dbprintf("Stopped sniffing");
+    SpinDelay(200);
+
+    // Write stuff to spiffs logfile
+    uint32_t trace_len = BigBuf_get_traceLen();
+    if (trace_len > 0) {
+        Dbprintf("[!] Trace length (bytes) = %u", trace_len);
+
+        uint8_t *trace_buffer = BigBuf_get_addr();
+        if (!exists_in_spiffs(HF_15693SNIFF_LOGFILE)) {
+            rdv40_spiffs_write(
+                HF_15693SNIFF_LOGFILE, trace_buffer, trace_len, RDV40_SPIFFS_SAFETY_SAFE);
+            Dbprintf("[!] Wrote trace to "HF_15693SNIFF_LOGFILE);
+        } else {
+            rdv40_spiffs_append(
+                HF_15693SNIFF_LOGFILE, trace_buffer, trace_len, RDV40_SPIFFS_SAFETY_SAFE);
+            Dbprintf("[!] Appended trace to "HF_15693SNIFF_LOGFILE);
+        }
+    } else {
+        Dbprintf("[!] Trace buffer is empty, nothing to write!");
+    }
+
+    LED_D_ON();
+    rdv40_spiffs_lazy_unmount();
+    LED_D_OFF();
+
+    SpinErr(LED_A, 200, 5);
+    SpinDelay(100);
+
+    Dbprintf("-=[ exit ]=-");
+    LEDsoff();
+    DownloadTraceInstructions();
+}

doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md

@@ -113,6 +113,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
 | LF_SKELETON     | standalone mode skeleton - Iceman1001
 | LF_THAREXDE     | LF EM4x50 simulator/read standalone mode - tharexde
 | HF_14ASNIFF     | 14a sniff storing to flashmem - Micolous
+| HF_15SNIFF      | 15693 sniff storing to flashmem - Glaser
 | HF_AVEFUL       | MIFARE Ultralight read/simulation - Ave Ozkal
 | HF_BOG          | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito
 | HF_CRAFTBYTE    | UID stealer - Emulates scanned 14a UID - Anze Jensterle

tools/build_all_firmwares.sh

@@ -31,10 +31,10 @@ mv bootrom/obj/bootrom.elf "$DEST/PM3BOOTROM.elf"
 
 # cf armsrc/Standalone/Makefile.hal
 STANDALONE_MODES=(LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID)
-STANDALONE_MODES+=(HF_14ASNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI)
+STANDALONE_MODES+=(HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI)
 STANDALONE_MODES_REQ_BT=(HF_REBLAY)
 STANDALONE_MODES_REQ_SMARTCARD=()
-STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM)
+STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_15SNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM)
 
 # PM3GENERIC 256kb, no flash, need to skip some parts to reduce size