From f096167cbb1908b8ab85ed474d3ac2cb3d85d912 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 2 Nov 2020 00:47:46 +0100 Subject: [PATCH 01/53] Makefile: don't rebuild client if not needed --- client/Makefile | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/client/Makefile b/client/Makefile index b4393ad36..0fd3f195a 100644 --- a/client/Makefile +++ b/client/Makefile @@ -583,7 +583,8 @@ all: $(BINS) all-static: LDLIBS:=-static $(LDLIBS) all-static: $(BINS) -proxmark3: $(OBJS) amiibo cliparser jansson hardnested lua mbedtls reveng tinycbor whereami lualibs/pm3_cmd.lua lualibs/mfc_default_keys.lua +proxmark3: $(AMIIBOLIB) $(CLIPARSERLIB) $(JANSSONLIB) $(HARDNESTEDLIB) $(LUALIB) $(MBEDTLSLIB) $(REVENGLIB) $(TINYCBORLIB) $(WHEREAMILIB) +proxmark3: $(OBJS) lualibs/pm3_cmd.lua lualibs/mfc_default_keys.lua $(info [=] LD $@) $(Q)$(LD) $(PM3LDFLAGS) $(OBJS) $(LDLIBS) -o $@ @@ -648,44 +649,43 @@ tarbin: $(BINS) ########################### # local libraries targets # ########################### - -amiibo: +$(AMIIBOLIB): .FORCE $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(AMIIBOLIBPATH) all -cliparser: +$(CLIPARSERLIB): .FORCE $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(CLIPARSERLIBPATH) all -hardnested: +$(HARDNESTEDLIB): .FORCE $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(HARDNESTEDLIBPATH) all -jansson: +$(JANSSONLIB): .FORCE ifneq ($(JANSSON_FOUND),1) $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(JANSSONLIBPATH) all endif -lua: +$(LUALIB): .FORCE ifneq ($(LUA_FOUND),1) $(info [*] MAKE $@ for $(LUAPLATFORM)) $(Q)$(MAKE) --no-print-directory -C $(LUALIBPATH) $(LUAPLATFORM) endif -mbedtls: +$(MBEDTLSLIB): .FORCE $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(MBEDTLSLIBPATH) OBJDIR=$(ROOT_DIR)$(OBJDIR) BINDIR=$(ROOT_DIR)$(OBJDIR) all -reveng: +$(REVENGLIB): .FORCE $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(REVENGLIBPATH) all -tinycbor: +$(TINYCBORLIB): .FORCE $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(TINYCBORLIBPATH) all -whereami: +$(WHEREAMILIB): .FORCE ifneq ($(WHEREAMI_FOUND),1) $(info [*] MAKE $@) $(Q)$(MAKE) --no-print-directory -C $(WHEREAMILIBPATH) all @@ -695,7 +695,7 @@ endif # misc # ######## -.PHONY: all clean install uninstall tarbin amiibo cliparser hardnested jansson lua mbedtls reveng tinycbor whereami +.PHONY: all clean install uninstall tarbin .FORCE # version.c should be remade on every compilation src/version.c: default_version.c From a359e4fac4422d4443467643654b5356f6a665bd Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 2 Nov 2020 01:36:25 +0100 Subject: [PATCH 02/53] Make use of aid_desfire info --- client/CMakeLists.txt | 1 + client/Makefile | 3 +- client/android/CMakeLists.txt | 1 + client/resources/aid_desfire.json | 711 +++++++++++++++--------------- client/src/aiddesfire.c | 137 ++++++ client/src/aiddesfire.h | 16 + client/src/cmdhfmfdes.c | 5 + 7 files changed, 517 insertions(+), 357 deletions(-) create mode 100644 client/src/aiddesfire.c create mode 100644 client/src/aiddesfire.h diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 6d4abf82d..ed5802185 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -216,6 +216,7 @@ set (TARGET_SOURCES ${PM3_ROOT}/client/src/uart/uart_posix.c ${PM3_ROOT}/client/src/uart/uart_win32.c ${PM3_ROOT}/client/src/ui/overlays.ui + ${PM3_ROOT}/client/src/aiddesfire.c ${PM3_ROOT}/client/src/aidsearch.c ${PM3_ROOT}/client/src/cmdanalyse.c ${PM3_ROOT}/client/src/cmdcrc.c diff --git a/client/Makefile b/client/Makefile index 0fd3f195a..679926d6a 100644 --- a/client/Makefile +++ b/client/Makefile @@ -410,7 +410,8 @@ POSTCOMPILE = $(MV) -f $(OBJDIR)/$*.Td $(OBJDIR)/$*.d && $(TOUCH) $@ # enumerations # ################ -SRCS = aidsearch.c \ +SRCS = aiddesfire.c \ + aidsearch.c \ cmdanalyse.c \ cmdcrc.c \ cmddata.c \ diff --git a/client/android/CMakeLists.txt b/client/android/CMakeLists.txt index 708833696..3df923c3c 100644 --- a/client/android/CMakeLists.txt +++ b/client/android/CMakeLists.txt @@ -94,6 +94,7 @@ add_library(pm3rrg_rdv4 SHARED ${PM3_ROOT}/client/src/uart/uart_posix.c ${PM3_ROOT}/client/src/uart/uart_win32.c ${PM3_ROOT}/client/src/ui/overlays.ui + ${PM3_ROOT}/client/src/aiddesfire.c ${PM3_ROOT}/client/src/aidsearch.c ${PM3_ROOT}/client/src/cmdanalyse.c ${PM3_ROOT}/client/src/cmdcrc.c diff --git a/client/resources/aid_desfire.json b/client/resources/aid_desfire.json index 9bedab608..c9360ae6a 100644 --- a/client/resources/aid_desfire.json +++ b/client/resources/aid_desfire.json @@ -1,356 +1,355 @@ -[ - { - "AID": "EEEE10", - "Vendor": "NFC Forum", - "Country": "US", - "Name": "NFC Forum NDEF Tag", - "Description": "(FID 03: Capability Container)", - "Type": "ndef" - }, - { - "AID": "D3494F", - "Vendor": "HID", - "Country": "US", - "Name": "SIO DESFire Ev1", - "Description": "Field Encoder", - "Type": "pacs" - }, - { - "AID": "D9494F", - "Vendor": "HID", - "Country": "US", - "Name": "Access control", - "Description": "Field Encoder", - "Type": "pacs" - }, - { - "AID": "53494F", - "Vendor": "HID", - "Country": "US", - "Name": "Access control", - "Description": "HID Factory", - "Type": "pacs" - }, - { - "AID": "4F5931", - "Vendor": "Transport of London", - "Country": "UK", - "Name": "Oyster Card", - "Description": "", - "Type": "transport" - }, - { - "AID": "422201", - "Vendor": "Transport of Istanbul", - "Country": "Turkey", - "Name": "Istanbulkart", - "Description": "", - "Type": "transport" - }, - { - "AID": "F21190", - "Vendor": "Metropolitan Transportation Commission", - "Country": "US", - "Name": "Clipper Card", - "Description": "", - "Type": "transport" - }, - { - "AID": "000357", - "Vendor": "LEGIC", - "Country": "DE", - "Name": "Legic", - "Description": "(FID 02: EF-CONF)", - "Type": "" - }, - { - "AID": "578000", - "Vendor": "NORTIC", - "Country": "", - "Name": "NORTIC Card Issuer", - "Description": "(FID 0C: Card Issuer Header)", - "Type": "transport" - }, - { - "AID": "578001", - "Vendor": "NORTIC", - "Country": "", - "Name": "NORTIC Transport", - "Description": "(FIDs 01: Transport Product Retailer; 02: Transport Service Provider; 03: Transport Special Event; 04: Transport Stored Value; 05: Transport General Event Log; 06: Transport SV Reload Log; 0A: Transport Environment; 0C: Transport Card Holder", - "Type": "transport" - }, - { - "AID": "784000", - "Vendor": "NO1", - "Country": "UAE", - "Name": "Nol Card/Dubai", - "Description": "Nol Card/Dubai", - "Type": "" - }, - { - "AID": "956B19", - "Vendor": "PING PING", - "Country": "", - "Name": "PingPing Tag", - "Description": "PingPing Tag", - "Type": "" - }, - { - "AID": "DB9800", - "Vendor": "PING PING", - "Country": "", - "Name": "PingPing Tag", - "Description": "PingPing Tag", - "Type": "" - }, - { - "AID": "DB9801", - "Vendor": "PING PING", - "Country": "", - "Name": "PingPing Tag", - "Description": "PingPing Tag", - "Type": "" - }, - { - "AID": "DB9802", - "Vendor": "PING PING", - "Country": "", - "Name": "PingPing Tag", - "Description": "PingPing Tag", - "Type": "" - }, - { - "AID": "F21030", - "Vendor": "ORCA Card", - "Country": "", - "Name": "ORCA Card", - "Description": "(FIDs 02: Trip History; 04: current balance)", - "Type": "transport" - }, - { - "AID": "F21190", - "Vendor": "Clipper", - "Country": "US", - "Name": "Clipper Card/San Francisco Bay Area ", - "Description": "(FIDs 02: current balance; 04: Refill History; 08: Card Information; 0E: Trip History) -FFFFFF General Issuer Information (FIDs 00: MAD Version; 01: Card Holder; 02: Card Publisher)", - "Type": "transport" - }, - { - "AID": "F518F0", - "Vendor": "Telenot Electronic GmbH", - "Country": "DE", - "Name": "Telenot Tag", - "Description": "", - "Type": "alarm system" - }, - { - "AID": "F38091", - "Vendor": "Microtronic AG", - "Country": "CH", - "Name": "Microtronic Tag", - "Description": "", - "Type": "payment system" - }, - - { - "AID": "F88280", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "F5217D", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "F48EF1", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535501", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535502", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535503", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535504", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535505", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535506", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535507", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535508", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "535509", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "53550A", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "53550B", - "Vendor": "TU Delft", - "Country": "NL", - "Name": "Uni Delft", - "Description": "", - "Type": "student" - }, - { - "AID": "F001D0", - "Vendor": "Arabako Foru Aldundia", - "Country": "", - "Name": "BAT", - "Description": "", - "Type": "transport" - }, - { - "AID": "05845F", - "Vendor": "InterCard GmbH Kartensysteme", - "Country": "DE", - "Name": "InterCard", - "Description": "Campus Card", - "Type": "student" - }, - { - "AID": "15845F", - "Vendor": "InterCard GmbH Kartensysteme", - "Country": "DE", - "Name": "InterCard", - "Description": "Campus Card", - "Type": "student" - }, - { - "AID": "25845F", - "Vendor": "InterCard GmbH Kartensysteme", - "Country": "DE", - "Name": "InterCard", - "Description": "Campus Card", - "Type": "student" - }, - { - "AID": "35845F", - "Vendor": "InterCard GmbH Kartensysteme", - "Country": "DE", - "Name": "InterCard", - "Description": "Campus Card", - "Type": "student" - }, - { - "AID": "55845F", - "Vendor": "InterCard GmbH Kartensysteme", - "Country": "DE", - "Name": "InterCard", - "Description": "Campus Card", - "Type": "student" - }, - { - "AID": "65845F", - "Vendor": "InterCard GmbH Kartensysteme", - "Country": "DE", - "Name": "InterCard", - "Description": "Campus Card", - "Type": "student" - }, - { - "AID": "75845F", - "Vendor": "InterCard GmbH Kartensysteme", - "Country": "DE", - "Name": "InterCard", - "Description": "Campus Card", - "Type": "student" - }, - { - "AID": "C26001", - "Vendor": "CAR2GO", - "Country": "DE", - "Name": "MemberCard", - "Description": "CAR2GO - Member Card", - "Type": "carsharing" - }, - { - "AID": "2F81F4", - "Vendor": "Gallagher", - "Country": "NZ", - "Name": "Access control", - "Description": "Card Application Directory (CAD)", - "Type": "" - }, - { - "AID": "2081F4", - "Vendor": "Gallagher", - "Country": "NZ", - "Name": "Access control", - "Description": "Cardax Card Data Application", - "Type": "" - } -] +[ + { + "AID": "EEEE10", + "Vendor": "NFC Forum", + "Country": "US", + "Name": "NFC Forum NDEF Tag", + "Description": "(FID 03: Capability Container)", + "Type": "ndef" + }, + { + "AID": "D3494F", + "Vendor": "HID", + "Country": "US", + "Name": "SIO DESFire Ev1", + "Description": "Field Encoder", + "Type": "pacs" + }, + { + "AID": "D9494F", + "Vendor": "HID", + "Country": "US", + "Name": "Access control", + "Description": "Field Encoder", + "Type": "pacs" + }, + { + "AID": "53494F", + "Vendor": "HID", + "Country": "US", + "Name": "Access control", + "Description": "HID Factory", + "Type": "pacs" + }, + { + "AID": "4F5931", + "Vendor": "Transport of London", + "Country": "UK", + "Name": "Oyster Card", + "Description": "", + "Type": "transport" + }, + { + "AID": "422201", + "Vendor": "Transport of Istanbul", + "Country": "Turkey", + "Name": "Istanbulkart", + "Description": "", + "Type": "transport" + }, + { + "AID": "F21190", + "Vendor": "Metropolitan Transportation Commission", + "Country": "US", + "Name": "Clipper Card", + "Description": "", + "Type": "transport" + }, + { + "AID": "000357", + "Vendor": "LEGIC", + "Country": "DE", + "Name": "Legic", + "Description": "(FID 02: EF-CONF)", + "Type": "" + }, + { + "AID": "578000", + "Vendor": "NORTIC", + "Country": "", + "Name": "NORTIC Card Issuer", + "Description": "(FID 0C: Card Issuer Header)", + "Type": "transport" + }, + { + "AID": "578001", + "Vendor": "NORTIC", + "Country": "", + "Name": "NORTIC Transport", + "Description": "(FIDs 01: Transport Product Retailer; 02: Transport Service Provider; 03: Transport Special Event; 04: Transport Stored Value; 05: Transport General Event Log; 06: Transport SV Reload Log; 0A: Transport Environment; 0C: Transport Card Holder", + "Type": "transport" + }, + { + "AID": "784000", + "Vendor": "NO1", + "Country": "UAE", + "Name": "Nol Card/Dubai", + "Description": "Nol Card/Dubai", + "Type": "" + }, + { + "AID": "956B19", + "Vendor": "PING PING", + "Country": "", + "Name": "PingPing Tag", + "Description": "PingPing Tag", + "Type": "" + }, + { + "AID": "DB9800", + "Vendor": "PING PING", + "Country": "", + "Name": "PingPing Tag", + "Description": "PingPing Tag", + "Type": "" + }, + { + "AID": "DB9801", + "Vendor": "PING PING", + "Country": "", + "Name": "PingPing Tag", + "Description": "PingPing Tag", + "Type": "" + }, + { + "AID": "DB9802", + "Vendor": "PING PING", + "Country": "", + "Name": "PingPing Tag", + "Description": "PingPing Tag", + "Type": "" + }, + { + "AID": "F21030", + "Vendor": "ORCA Card", + "Country": "", + "Name": "ORCA Card", + "Description": "(FIDs 02: Trip History; 04: current balance)", + "Type": "transport" + }, + { + "AID": "F21190", + "Vendor": "Clipper", + "Country": "US", + "Name": "Clipper Card/San Francisco Bay Area ", + "Description": "(FIDs 02: current balance; 04: Refill History; 08: Card Information; 0E: Trip History)\\nFFFFFF General Issuer Information (FIDs 00: MAD Version; 01: Card Holder; 02: Card Publisher)", + "Type": "transport" + }, + { + "AID": "F518F0", + "Vendor": "Telenot Electronic GmbH", + "Country": "DE", + "Name": "Telenot Tag", + "Description": "", + "Type": "alarm system" + }, + { + "AID": "F38091", + "Vendor": "Microtronic AG", + "Country": "CH", + "Name": "Microtronic Tag", + "Description": "", + "Type": "payment system" + }, + + { + "AID": "F88280", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "F5217D", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "F48EF1", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535501", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535502", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535503", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535504", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535505", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535506", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535507", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535508", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "535509", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "53550A", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "53550B", + "Vendor": "TU Delft", + "Country": "NL", + "Name": "Uni Delft", + "Description": "", + "Type": "student" + }, + { + "AID": "F001D0", + "Vendor": "Arabako Foru Aldundia", + "Country": "", + "Name": "BAT", + "Description": "", + "Type": "transport" + }, + { + "AID": "05845F", + "Vendor": "InterCard GmbH Kartensysteme", + "Country": "DE", + "Name": "InterCard", + "Description": "Campus Card", + "Type": "student" + }, + { + "AID": "15845F", + "Vendor": "InterCard GmbH Kartensysteme", + "Country": "DE", + "Name": "InterCard", + "Description": "Campus Card", + "Type": "student" + }, + { + "AID": "25845F", + "Vendor": "InterCard GmbH Kartensysteme", + "Country": "DE", + "Name": "InterCard", + "Description": "Campus Card", + "Type": "student" + }, + { + "AID": "35845F", + "Vendor": "InterCard GmbH Kartensysteme", + "Country": "DE", + "Name": "InterCard", + "Description": "Campus Card", + "Type": "student" + }, + { + "AID": "55845F", + "Vendor": "InterCard GmbH Kartensysteme", + "Country": "DE", + "Name": "InterCard", + "Description": "Campus Card", + "Type": "student" + }, + { + "AID": "65845F", + "Vendor": "InterCard GmbH Kartensysteme", + "Country": "DE", + "Name": "InterCard", + "Description": "Campus Card", + "Type": "student" + }, + { + "AID": "75845F", + "Vendor": "InterCard GmbH Kartensysteme", + "Country": "DE", + "Name": "InterCard", + "Description": "Campus Card", + "Type": "student" + }, + { + "AID": "C26001", + "Vendor": "CAR2GO", + "Country": "DE", + "Name": "MemberCard", + "Description": "CAR2GO - Member Card", + "Type": "carsharing" + }, + { + "AID": "2F81F4", + "Vendor": "Gallagher", + "Country": "NZ", + "Name": "Access control", + "Description": "Card Application Directory (CAD)", + "Type": "" + }, + { + "AID": "2081F4", + "Vendor": "Gallagher", + "Country": "NZ", + "Name": "Access control", + "Description": "Cardax Card Data Application", + "Type": "" + } +] diff --git a/client/src/aiddesfire.c b/client/src/aiddesfire.c new file mode 100644 index 000000000..16910f584 --- /dev/null +++ b/client/src/aiddesfire.c @@ -0,0 +1,137 @@ +//----------------------------------------------------------------------------- +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// AID DESFire functions +//----------------------------------------------------------------------------- + +#include "aiddesfire.h" +//#include "ui.h" +//#include "commonutil.h" // ARRAYLEN +#include "pm3_cmd.h" +//#include "util.h" +#include "fileutils.h" +#include "jansson.h" + +// https://www.nxp.com/docs/en/application-note/AN10787.pdf +static json_t *df_known_aids = NULL; + +static int open_aiddf_file(json_t **root, bool verbose) { + + char *path; + int res = searchFile(&path, RESOURCES_SUBDIR, "aid_desfire", ".json", true); + if (res != PM3_SUCCESS) { + return PM3_EFILE; + } + + int retval = PM3_SUCCESS; + json_error_t error; + + *root = json_load_file(path, 0, &error); + if (!*root) { + PrintAndLogEx(ERR, "json (%s) error on line %d: %s", path, error.line, error.text); + retval = PM3_ESOFT; + goto out; + } + + if (!json_is_array(*root)) { + PrintAndLogEx(ERR, "Invalid json (%s) format. root must be an array.", path); + retval = PM3_ESOFT; + goto out; + } + + if (verbose) + PrintAndLogEx(SUCCESS, "Loaded file " _YELLOW_("`%s`") " (%s) %zu records.", path, _GREEN_("ok"), json_array_size(*root)); +out: + free(path); + return retval; +} + +static int close_aiddf_file(json_t *root) { + json_decref(root); + return PM3_SUCCESS; +} + +static const char *aiddf_json_get_str(json_t *data, const char *name) { + + json_t *jstr = json_object_get(data, name); + if (jstr == NULL) + return NULL; + + if (!json_is_string(jstr)) { + PrintAndLogEx(WARNING, _YELLOW_("`%s`") " is not a string", name); + return NULL; + } + + const char *cstr = json_string_value(jstr); + if (strlen(cstr) == 0) + return NULL; + + return cstr; +} + +static int print_aiddf_description(json_t *root, uint8_t aid[3], char *fmt, bool verbose) { + char laid[7] = {0}; + sprintf(laid, "%02x%02x%02x", aid[2], aid[1], aid[0]); // must be lowercase + + json_t *elm = NULL; + + for (uint32_t idx = 0; idx < json_array_size(root); idx++) { + json_t *data = json_array_get(root, idx); + if (!json_is_object(data)) { + PrintAndLogEx(ERR, "data [%d] is not an object\n", idx); + continue; + } + const char *faid = aiddf_json_get_str(data, "AID"); + char lfaid[strlen(faid) + 1]; + strcpy(lfaid, faid); + str_lower(lfaid); + if (strcmp(laid, lfaid) == 0) { + elm = data; + break; + } + } + + if (elm == NULL) { + PrintAndLogEx(INFO, fmt, " (unknown)"); + return PM3_ENODATA; + } + const char *vaid = aiddf_json_get_str(elm, "AID"); + const char *vendor = aiddf_json_get_str(elm, "Vendor"); + const char *country = aiddf_json_get_str(elm, "Country"); + const char *name = aiddf_json_get_str(elm, "Name"); + const char *description = aiddf_json_get_str(elm, "Description"); + const char *type = aiddf_json_get_str(elm, "Type"); + + if (name && vendor) { + char result[4 + strlen(name) + strlen(vendor)]; + sprintf(result, " %s [%s]", name, vendor); + PrintAndLogEx(INFO, fmt, result); + } + + if (verbose) { + PrintAndLogEx(SUCCESS, " AID: %s", vaid); + if (name) + PrintAndLogEx(SUCCESS, " Name: %s", name); + if (description) + PrintAndLogEx(SUCCESS, " Description: %s", description); + if (type) + PrintAndLogEx(SUCCESS, " Type: %s", type); + if (vendor) + PrintAndLogEx(SUCCESS, " Vendor: %s", vendor); + if (country) + PrintAndLogEx(SUCCESS, " Country: %s", country); + } + return PM3_SUCCESS; +} + +int AIDDFDecodeAndPrint(uint8_t aid[3]) { + open_aiddf_file(&df_known_aids, false); + + char fmt[50]; + sprintf(fmt, " DF AID Function %02X%02X%02X :" _YELLOW_("%s"), aid[2], aid[1], aid[0], "%s"); + print_aiddf_description(df_known_aids, aid, fmt, false); + close_aiddf_file(df_known_aids); + return PM3_SUCCESS; +} diff --git a/client/src/aiddesfire.h b/client/src/aiddesfire.h new file mode 100644 index 000000000..bb67dab83 --- /dev/null +++ b/client/src/aiddesfire.h @@ -0,0 +1,16 @@ +//----------------------------------------------------------------------------- +// This code is licensed to you under the terms of the GNU GPL, version 2 or, +// at your option, any later version. See the LICENSE.txt file for the text of +// the license. +//----------------------------------------------------------------------------- +// AID DESFire functions +//----------------------------------------------------------------------------- + +#ifndef _AIDDESFIRE_H_ +#define _AIDDESFIRE_H_ + +#include "common.h" + +int AIDDFDecodeAndPrint(uint8_t aid[3]); + +#endif // _AIDDESFIRE_H_ diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index ff2656c33..ae2049e83 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -34,6 +34,7 @@ #include "mifare/ndef.h" // NDEF #include "mifare/mad.h" #include "generator.h" +#include "aiddesfire.h" #define MAX_KEY_LEN 24 #define MAX_KEYS_LIST_LEN 1024 @@ -3612,6 +3613,8 @@ static int CmdHF14ADesDump(const char *Cmd) { PrintAndLogEx(SUCCESS, " AID mapped to MIFARE Classic AID (MAD): " _YELLOW_("%02X"), short_aid); PrintAndLogEx(SUCCESS, " MAD AID Cluster 0x%02X : " _YELLOW_("%s"), short_aid >> 8, cluster_to_text(short_aid >> 8)); MADDFDecodeAndPrint(short_aid); + } else { + AIDDFDecodeAndPrint(aid); } for (uint8_t m = 0; m < dfname_count; m++) { if (dfnames[m].aid[0] == aid[0] && dfnames[m].aid[1] == aid[1] && dfnames[m].aid[2] == aid[2]) { @@ -3782,6 +3785,8 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) { PrintAndLogEx(SUCCESS, " AID mapped to MIFARE Classic AID (MAD): " _YELLOW_("%02X"), short_aid); PrintAndLogEx(SUCCESS, " MAD AID Cluster 0x%02X : " _YELLOW_("%s"), short_aid >> 8, cluster_to_text(short_aid >> 8)); MADDFDecodeAndPrint(short_aid); + } else { + AIDDFDecodeAndPrint(aid); } for (uint8_t m = 0; m < dfname_count; m++) { if (dfnames[m].aid[0] == aid[0] && dfnames[m].aid[1] == aid[1] && dfnames[m].aid[2] == aid[2]) { From 7278310e27f2f8988c5e9d93db158f8a787b704e Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 2 Nov 2020 01:46:05 +0100 Subject: [PATCH 03/53] clean --- client/src/aiddesfire.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/client/src/aiddesfire.c b/client/src/aiddesfire.c index 16910f584..a25e5929f 100644 --- a/client/src/aiddesfire.c +++ b/client/src/aiddesfire.c @@ -7,14 +7,10 @@ //----------------------------------------------------------------------------- #include "aiddesfire.h" -//#include "ui.h" -//#include "commonutil.h" // ARRAYLEN #include "pm3_cmd.h" -//#include "util.h" #include "fileutils.h" #include "jansson.h" -// https://www.nxp.com/docs/en/application-note/AN10787.pdf static json_t *df_known_aids = NULL; static int open_aiddf_file(json_t **root, bool verbose) { From 777cb5a8ce7d7d68e8a660dff83fb97511e99f84 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 2 Nov 2020 01:46:47 +0100 Subject: [PATCH 04/53] make style --- armsrc/Standalone/hf_tcprst.c | 32 ++++----- armsrc/appmain.c | 6 +- armsrc/i2c.c | 8 +-- armsrc/iso14443a.c | 4 +- armsrc/iso14443b.c | 12 ++-- armsrc/mifarecmd.c | 2 +- client/android/pm3_main.c | 18 +++--- client/deps/cliparser/cliparser.c | 2 +- client/src/cmdhf.c | 6 +- client/src/cmdhf14a.c | 16 ++--- client/src/cmdhf14b.c | 36 +++++------ client/src/cmdhflto.c | 10 +-- client/src/cmdhfmf.c | 30 ++++----- client/src/cmdhfmfdes.c | 2 +- client/src/cmdhw.c | 2 +- client/src/cmdlfem4x05.c | 104 +++++++++++++++--------------- client/src/cmdlfhid.c | 2 +- client/src/cmdlfkeri.c | 14 ++-- client/src/cmdlft55xx.c | 8 +-- client/src/cmdlfvisa2000.c | 8 +-- client/src/cmdsmartcard.c | 22 +++---- client/src/wiegand_formats.c | 12 ++-- doc/commands.md | 9 ++- 23 files changed, 184 insertions(+), 181 deletions(-) diff --git a/armsrc/Standalone/hf_tcprst.c b/armsrc/Standalone/hf_tcprst.c index f5943bda2..10a19bd10 100644 --- a/armsrc/Standalone/hf_tcprst.c +++ b/armsrc/Standalone/hf_tcprst.c @@ -26,7 +26,7 @@ void ModInfo(void) { /* This standalone implements four different modes: reading, simulating, dumping, & emulating. * -* The initial mode is reading with LEDs A & D. +* The initial mode is reading with LEDs A & D. * In this mode, the Proxmark is looking for an ST25TA card like those used by the IKEA Rothult, * it will act as reader, and store the UID for simulation. * @@ -37,8 +37,8 @@ void ModInfo(void) { * Once it gets the key, it will switch to dump mode (LEDs C & D) automatically. During this mode the Proxmark * will act as a reader once again, but now we know the Read Protection key to authenticate to the card to dump * it's contents so we can achieve full emulation. -* -* Once it dumps the contents of the card, it will switch to emulation mode (LED C) automatically. +* +* Once it dumps the contents of the card, it will switch to emulation mode (LED C) automatically. * During this mode the Proxmark should function as the original ST25TA IKEA Rothult Master Key * * Keep pressing the button down will quit the standalone cycle. @@ -68,13 +68,13 @@ void RunMod(void) { // APDUs necessary to dump NDEF // ---------------------------- // Select NDEF Application - uint8_t ndef_app[13] = {0x00, 0xa4, 0x04, 0x00, 0x07, 0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01, 0x00}; + uint8_t ndef_app[13] = {0x00, 0xa4, 0x04, 0x00, 0x07, 0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01, 0x00}; // Select NDEF File - uint8_t ndef_sel[7] = {0x00, 0xa4, 0x00, 0x0c, 0x02, 0x00, 0x01}; + uint8_t ndef_sel[7] = {0x00, 0xa4, 0x00, 0x0c, 0x02, 0x00, 0x01}; // Read verification without password - uint8_t verify[5] = {0x00, 0x20, 0x00, 0x01, 0x00}; + uint8_t verify[5] = {0x00, 0x20, 0x00, 0x01, 0x00}; // Read verification with password - uint8_t verify_pwd[21] = {0x00, 0x20, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + uint8_t verify_pwd[21] = {0x00, 0x20, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; // Read NDEF file contents uint8_t ndef_read[5] = {0x00, 0xb0, 0x00, 0x00, 0x1d}; @@ -173,12 +173,12 @@ void RunMod(void) { DbpString(_YELLOW_("+") "Found ISO 14443 Type A!"); if (card_a_info.sak == SAK && card_a_info.atqa[0] == ATQA0 && card_a_info.atqa[1] == ATQA1 && card_a_info.uidlen == 7) { - DbpString(_YELLOW_("+") "Found ST25TA with UID: "); - Dbhexdump(card_a_info.uidlen, card_a_info.uid, 0); - memcpy(stuid, card_a_info.uid, card_a_info.uidlen); - state = STATE_SIM; + DbpString(_YELLOW_("+") "Found ST25TA with UID: "); + Dbhexdump(card_a_info.uidlen, card_a_info.uid, 0); + memcpy(stuid, card_a_info.uid, card_a_info.uidlen); + state = STATE_SIM; } else { - DbpString("Found non-ST25TA card, ignoring."); + DbpString("Found non-ST25TA card, ignoring."); } } FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); @@ -235,7 +235,7 @@ void RunMod(void) { p_response = &responses[ATQA]; } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT p_response = NULL; - } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP + } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP p_response = &responses[ATQA]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1) p_response = &responses[UIDC1]; @@ -337,7 +337,7 @@ void RunMod(void) { Dbhexdump(apdulen - 2, apdubuffer, false); DbpString("----"); - + if (i == 4) { if (apdubuffer[1] == 0x1b && apdubuffer[2] == 0xd1 && !gotndef) { //Get NDEF Data gotndef = true; @@ -345,7 +345,7 @@ void RunMod(void) { break; } } - + } else { DbpString(_YELLOW_("!!") "Error reading the card"); } @@ -416,7 +416,7 @@ void RunMod(void) { p_response = &responses[ATQA]; } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT p_response = NULL; - } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP + } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP p_response = &responses[ATQA]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1) p_response = &responses[UIDC1]; diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 4ee594414..51cbb2770 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1644,7 +1644,7 @@ static void PacketReceived(PacketCommandNG *packet) { struct p *payload = (struct p *)packet->data.asBytes; uint8_t *mem = BigBuf_get_addr(); memcpy(mem + payload->idx, payload->data, payload->bytes_in_packet); - + uint8_t a = 0, b = 0; compute_crc(CRC_14443_A, mem + payload->idx, payload->bytes_in_packet, &a, &b); int res = PM3_SUCCESS; @@ -1662,14 +1662,14 @@ static void PacketReceived(PacketCommandNG *packet) { } PACKED; struct p *payload = (struct p *)packet->data.asBytes; - uint8_t *fwdata = BigBuf_get_addr(); + uint8_t *fwdata = BigBuf_get_addr(); uint8_t a = 0, b = 0; compute_crc(CRC_14443_A, fwdata, payload->fw_size, &a, &b); if (payload->crc != (a << 8 | b)) { Dbprintf("CRC Failed, 0x[%04x] != 0x[%02x%02x]", payload->crc, a, b); reply_ng(CMD_SMART_UPGRADE, PM3_ESOFT, NULL, 0); - } else { + } else { SmartCardUpgrade(payload->fw_size); } fwdata = NULL; diff --git a/armsrc/i2c.c b/armsrc/i2c.c index 085f9e633..162126d76 100644 --- a/armsrc/i2c.c +++ b/armsrc/i2c.c @@ -670,7 +670,7 @@ bool GetATR(smart_card_atr_t *card_ptr, bool verbose) { // 1byte = 1ms , max frame 256bytes. Should wait 256ms atleast just in case. if (I2C_WaitForSim() == false) return false; - + // read bytes from module uint8_t len = sizeof(card_ptr->atr); if (sc_rx_bytes(card_ptr->atr, &len) == false) @@ -713,8 +713,8 @@ void SmartCardAtr(void) { set_tracing(true); I2C_Reset_EnterMainProgram(); smart_card_atr_t card; - int res = GetATR(&card, true) ? PM3_SUCCESS : PM3_ETIMEOUT; - reply_ng(CMD_SMART_ATR, res, (uint8_t*)&card, sizeof(smart_card_atr_t)); + int res = GetATR(&card, true) ? PM3_SUCCESS : PM3_ETIMEOUT; + reply_ng(CMD_SMART_ATR, res, (uint8_t *)&card, sizeof(smart_card_atr_t)); set_tracing(false); LEDsoff(); } @@ -827,7 +827,7 @@ void SmartCardUpgrade(uint64_t arg0) { length -= size; pos += size; } - + reply_ng(CMD_SMART_UPGRADE, (isOK) ? PM3_SUCCESS : PM3_ESOFT, NULL, 0); LED_C_OFF(); BigBuf_free(); diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 2926306c9..8cf4ee838 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1633,7 +1633,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { dynamic_response_info.response[0] = receivedCmd[0]; dynamic_response_info.response[1] = 0x90; dynamic_response_info.response[2] = 0x00; - dynamic_response_info.response_n = 3; + dynamic_response_info.response_n = 3; } else { dynamic_response_info.response[0] = receivedCmd[0]; dynamic_response_info.response[1] = 0x90; @@ -2337,7 +2337,7 @@ void iso14443a_antifuzz(uint32_t flags) { uint8_t *received = BigBuf_malloc(MAX_FRAME_SIZE); uint8_t *receivedPar = BigBuf_malloc(MAX_PARITY_SIZE); uint8_t *resp = BigBuf_malloc(20); - + memset(received, 0x00, MAX_FRAME_SIZE); memset(received, 0x00, MAX_PARITY_SIZE); memset(resp, 0xFF, 20); diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index eab139ea9..3445dde9b 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -1541,7 +1541,7 @@ void iso14443b_setup(void) { // I tried to be systematic and check every answer of the tag, every CRC, etc... //----------------------------------------------------------------------------- static int read_srx_block(uint8_t blocknr, uint8_t *block) { - + uint8_t cmd[] = {ISO14443B_READ_BLK, blocknr, 0x00, 0x00}; AddCrc14B(cmd, 2); @@ -1572,10 +1572,10 @@ static int read_srx_block(uint8_t blocknr, uint8_t *block) { if (DBGLEVEL >= DBG_DEBUG) { Dbprintf("Address=%02x, Contents=%08x, CRC=%04x", - blocknr, - (r_block[3] << 24) + (r_block[2] << 16) + (r_block[1] << 8) + r_block[0], - (r_block[4] << 8) + r_block[5] - ); + blocknr, + (r_block[3] << 24) + (r_block[2] << 16) + (r_block[1] << 8) + r_block[0], + (r_block[4] << 8) + r_block[5] + ); } return PM3_SUCCESS; @@ -1586,7 +1586,7 @@ void ReadSTBlock(uint8_t blocknr) { iso14b_card_select_t card; int res = iso14443b_select_srx_card(&card); // 0: OK -1 wrong len, -2: attrib fail, -3:crc fail, - switch(res) { + switch (res) { case -1: case -3: { reply_ng(CMD_HF_SRI_READ, PM3_EWRONGANSWER, NULL, 0); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 6f33e623d..75de380c4 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2283,7 +2283,7 @@ void MifareCIdent(bool is_mfc) { ReaderTransmit(rats, sizeof(rats), NULL); res = ReaderReceive(buf, par); - if (res ) { + if (res) { // test for some MFC gen2 if (memcmp(buf, "\x09\x78\x00\x91\x02\xDA\xBC\x19\x10\xF0\x05", 11) == 0) { diff --git a/client/android/pm3_main.c b/client/android/pm3_main.c index f7627658f..5fa056a44 100644 --- a/client/android/pm3_main.c +++ b/client/android/pm3_main.c @@ -86,7 +86,7 @@ jint Console(JNIEnv *env, jobject instance, jstring cmd_) { PrintAndLogEx(NORMAL, ""); - char *cmd = (char *) ((*env)->GetStringUTFChars(env, cmd_, 0)); + char *cmd = (char *)((*env)->GetStringUTFChars(env, cmd_, 0)); int ret = CommandReceived(cmd); if (ret == 99) { // exit / quit @@ -102,7 +102,7 @@ jint Console(JNIEnv *env, jobject instance, jstring cmd_) { * Is client running! * */ jboolean IsClientRunning(JNIEnv *env, jobject instance) { - return (jboolean) ((jboolean) conn.run); + return (jboolean)((jboolean) conn.run); } /* @@ -114,7 +114,7 @@ jboolean TestPm3(JNIEnv *env, jobject instance) { return false; } bool ret = (TestProxmark() == PM3_SUCCESS); - return (jboolean) (ret); + return (jboolean)(ret); } /* @@ -141,18 +141,18 @@ JNIEXPORT jint JNI_OnLoad(JavaVM *vm, void *reserved) { } jclass clz_test = (*jniEnv)->FindClass(jniEnv, "cn/rrg/devices/Proxmark3RRGRdv4"); JNINativeMethod methods[] = { - {"startExecute", "(Ljava/lang/String;)I", (void *) Console}, - {"stopExecute", "()V", (void *) ClosePm3}, - {"isExecuting", "()Z", (void *) IsClientRunning} + {"startExecute", "(Ljava/lang/String;)I", (void *) Console}, + {"stopExecute", "()V", (void *) ClosePm3}, + {"isExecuting", "()Z", (void *) IsClientRunning} }; JNINativeMethod methods1[] = { - {"testPm3", "()Z", (void *) TestPm3}, - {"closePm3", "()V", ClosePm3} + {"testPm3", "()Z", (void *) TestPm3}, + {"closePm3", "()V", ClosePm3} }; if ((*jniEnv)->RegisterNatives(jniEnv, clazz, methods, sizeof(methods) / sizeof(methods[0])) != - JNI_OK) { + JNI_OK) { return -1; } diff --git a/client/deps/cliparser/cliparser.c b/client/deps/cliparser/cliparser.c index e96f100bb..f2d9fa8fd 100644 --- a/client/deps/cliparser/cliparser.c +++ b/client/deps/cliparser/cliparser.c @@ -285,7 +285,7 @@ uint64_t arg_get_u64_hexstr_def(CLIParserContext *ctx, uint8_t paramnum, uint64_ } } else { rv = def; - } + } return rv; } diff --git a/client/src/cmdhf.c b/client/src/cmdhf.c index 8249c28af..fa100e13d 100644 --- a/client/src/cmdhf.c +++ b/client/src/cmdhf.c @@ -312,7 +312,7 @@ int CmdHFSniff(const char *Cmd) { } int handle_hf_plot(void) { - + uint8_t buf[FPGA_TRACE_SIZE]; PacketResponseNG response; @@ -355,7 +355,7 @@ int CmdHFPlot(const char *Cmd) { } static command_t CommandTable[] = { - + {"--------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("High Frequency") " -----------------------"}, {"14a", CmdHF14A, AlwaysAvailable, "{ ISO14443A RFIDs... }"}, {"14b", CmdHF14B, AlwaysAvailable, "{ ISO14443B RFIDs... }"}, @@ -375,7 +375,7 @@ static command_t CommandTable[] = { {"thinfilm", CmdHFThinfilm, AlwaysAvailable, "{ Thinfilm RFIDs... }"}, {"topaz", CmdHFTopaz, AlwaysAvailable, "{ TOPAZ (NFC Type 1) RFIDs... }"}, {"waveshare", CmdHFWaveshare, AlwaysAvailable, "{ Waveshare NFC ePaper... }"}, - {"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("General") " ---------------------"}, + {"-----------", CmdHelp, AlwaysAvailable, "--------------------- " _CYAN_("General") " ---------------------"}, {"help", CmdHelp, AlwaysAvailable, "This help"}, {"list", CmdTraceList, AlwaysAvailable, "List protocol data in trace buffer"}, {"plot", CmdHFPlot, IfPm3Hfplot, "Plot signal"}, diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 0d1a2df9f..7e9d45255 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -566,7 +566,7 @@ static int CmdHF14AReader(const char *Cmd) { } } plot: - if (continuous) { + if (continuous) { res = handle_hf_plot(); if (res != PM3_SUCCESS) { break; @@ -1442,7 +1442,7 @@ static int CmdHF14AAntiFuzz(const char *Cmd) { CLIParserFree(ctx); clearCommandBuffer(); - SendCommandNG(CMD_HF_ISO14443A_ANTIFUZZ, (uint8_t*)¶m, sizeof(param)); + SendCommandNG(CMD_HF_ISO14443A_ANTIFUZZ, (uint8_t *)¶m, sizeof(param)); return PM3_SUCCESS; } @@ -1494,9 +1494,9 @@ typedef enum { // Based on NXP AN10833 Rev 3.6 and NXP AN10834 Rev 4.1 static int detect_nxp_card(uint8_t sak, uint16_t atqa, uint64_t select_status) { int type = MTNONE; - + PrintAndLogEx(SUCCESS, "Possible types:"); - + if ((sak & 0x02) != 0x02) { if ((sak & 0x19) == 0x19) { printTag("MIFARE Classic 2K"); @@ -1515,7 +1515,7 @@ static int detect_nxp_card(uint8_t sak, uint16_t atqa, uint64_t select_status) { printTag("MIFARE Plus S 4K in SL1"); printTag("MIFARE Plus X 4K in SL1"); } - + type |= MTPLUS; } else { if ((atqa & 0x0040) == 0x0040) { @@ -1550,7 +1550,7 @@ static int detect_nxp_card(uint8_t sak, uint16_t atqa, uint64_t select_status) { printTag("MIFARE Plus X 2K in SL1"); printTag("MIFARE Plus SE 1K"); } - + type |= MTPLUS; } else { if ((atqa & 0x0040) == 0x0040) { @@ -1596,7 +1596,7 @@ static int detect_nxp_card(uint8_t sak, uint16_t atqa, uint64_t select_status) { printTag("MIFARE Plus SE 1K"); type |= MTPLUS; } - + printTag("NTAG 4xx"); type |= MTDESFIRE; } @@ -1613,7 +1613,7 @@ static int detect_nxp_card(uint8_t sak, uint16_t atqa, uint64_t select_status) { type |= MTULTRALIGHT; } } - + if (type == MTNONE) { PrintAndLogEx(WARNING, " failed to fingerprint"); } diff --git a/client/src/cmdhf14b.c b/client/src/cmdhf14b.c index 9912cd40e..3f4890581 100644 --- a/client/src/cmdhf14b.c +++ b/client/src/cmdhf14b.c @@ -977,33 +977,33 @@ static int CmdHF14BSriRdBl(const char *Cmd) { int blockno = arg_get_int_def(ctx, 1, -1); CLIParserFree(ctx); -/* - iso14b_card_select_t card; - if (get_14b_UID(&card) == false) { - PrintAndLogEx(WARNING, "no tag found"); - return PM3_SUCCESS; - } + /* + iso14b_card_select_t card; + if (get_14b_UID(&card) == false) { + PrintAndLogEx(WARNING, "no tag found"); + return PM3_SUCCESS; + } - if (card.uidlen != 8) { - PrintAndLogEx(FAILED, "current read command only work with SRI4K / SRI512 tags"); - return PM3_SUCCESS; - } + if (card.uidlen != 8) { + PrintAndLogEx(FAILED, "current read command only work with SRI4K / SRI512 tags"); + return PM3_SUCCESS; + } - // detect cardsize - // 1 = 4096 - // 2 = 512 - uint8_t cardtype = get_st_cardsize(card.uid); - uint8_t blocks = (cardtype == 1) ? 0x7F : 0x0F; -*/ + // detect cardsize + // 1 = 4096 + // 2 = 512 + uint8_t cardtype = get_st_cardsize(card.uid); + uint8_t blocks = (cardtype == 1) ? 0x7F : 0x0F; + */ struct { uint8_t blockno; } PACKED payload; - + payload.blockno = blockno; PacketResponseNG resp; clearCommandBuffer(); - SendCommandNG(CMD_HF_SRI_READ, (uint8_t*)&payload, sizeof(payload)); + SendCommandNG(CMD_HF_SRI_READ, (uint8_t *)&payload, sizeof(payload)); if (WaitForResponseTimeout(CMD_HF_SRI_READ, &resp, TIMEOUT) == false) { return PM3_ETIMEOUT; } diff --git a/client/src/cmdhflto.c b/client/src/cmdhflto.c index a4b7d1f03..c452cc0a5 100644 --- a/client/src/cmdhflto.c +++ b/client/src/cmdhflto.c @@ -26,10 +26,10 @@ iceman notes We can't dump LTO 5 or 6 tags yet since we don't have a datasheet. If you have access to datasheet, le me know! - - LTO w Type info 00 01 has 101 blocks. + + LTO w Type info 00 01 has 101 blocks. LTO w Type info 00 03 has 255 blocks. - LTO w Type info 00 xx has NN blocks. + LTO w Type info 00 xx has NN blocks. */ #define CM_MEM_MAX_SIZE 0x1FE0 // (32byte/block * 255block = 8160byte) @@ -194,8 +194,8 @@ static int CmdHfLTOInfo(const char *Cmd) { return infoLTO(true); } -static const char* lto_print_size(uint8_t ti) { - switch(ti) { +static const char *lto_print_size(uint8_t ti) { + switch (ti) { case 1: return "101 blocks / 3232 bytes"; case 3: diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index bbc74957f..b6a1592bb 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -5296,7 +5296,7 @@ static int CmdHf14AMfSuperCard(const char *Cmd) { if (reset_card) { keep_field_on = false; - uint8_t response[6]; + uint8_t response[6]; int resplen = 0; // --------------- RESET CARD ---------------- @@ -5312,7 +5312,7 @@ static int CmdHf14AMfSuperCard(const char *Cmd) { } - uint8_t responseA[22]; + uint8_t responseA[22]; uint8_t responseB[22]; int respAlen = 0; int respBlen = 0; @@ -5328,21 +5328,21 @@ static int CmdHf14AMfSuperCard(const char *Cmd) { // --------------- Second ---------------- activate_field = false; keep_field_on = false; - + uint8_t aSECOND[] = { 0x00, 0xa6, 0xb0, 0x01, 0x10 }; res = ExchangeAPDU14a(aSECOND, sizeof(aSECOND), activate_field, keep_field_on, responseB, sizeof(responseB), &respBlen); if (res) { DropField(); return res; } - -// uint8_t inA[] = { 0x72, 0xD7, 0xF4, 0x3E, 0xFD, 0xAB, 0xF2, 0x35, 0xFD, 0x49, 0xEE, 0xDC, 0x44, 0x95, 0x43, 0xC4}; + +// uint8_t inA[] = { 0x72, 0xD7, 0xF4, 0x3E, 0xFD, 0xAB, 0xF2, 0x35, 0xFD, 0x49, 0xEE, 0xDC, 0x44, 0x95, 0x43, 0xC4}; // uint8_t inB[] = { 0xF0, 0xA2, 0x67, 0x6A, 0x04, 0x6A, 0x72, 0x12, 0x76, 0xA4, 0x1D, 0x02, 0x1F, 0xEA, 0x20, 0x85}; uint8_t outA[16] = {0}; uint8_t outB[16] = {0}; - uint8_t key[] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; + uint8_t key[] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; for (uint8_t i = 0; i < 16; i += 8) { des_decrypt(outA + i, responseA + i, key); des_decrypt(outB + i, responseB + i, key); @@ -5362,12 +5362,12 @@ static int CmdHf14AMfSuperCard(const char *Cmd) { if (memcmp(outB, "\x01\x01\x01\x01\x01\x01\x01\x01", 8) == 0) { PrintAndLogEx(INFO, "Only one trace recorded"); return PM3_SUCCESS; - } + } + + nonces_t data; - nonces_t data; - // first - uint16_t NT0 = (outA[6] << 8) | outA[7]; + uint16_t NT0 = (outA[6] << 8) | outA[7]; data.cuid = bytes_to_num(outA, 4); data.nonce = prng_successor(NT0, 31); data.nr = bytes_to_num(outA + 8, 4); @@ -5394,13 +5394,13 @@ static int CmdHf14AMfSuperCard(const char *Cmd) { uint64_t key64 = -1; res = mfkey32_moebius(&data, &key64); - + if (res) { PrintAndLogEx(SUCCESS, "UID: %s Sector %02x key %c [ " _GREEN_("%12" PRIX64) " ]" - , sprint_hex_inrow(outA, 4) - , data.sector - , (data.keytype == 0x60) ? 'A' : 'B' - , key64); + , sprint_hex_inrow(outA, 4) + , data.sector + , (data.keytype == 0x60) ? 'A' : 'B' + , key64); } else { PrintAndLogEx(FAILED, "failed to recover any key"); } diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index ae2049e83..5ea303f6d 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -2122,7 +2122,7 @@ static int desfire_authenticate(int cmdAuthMode, int cmdAuthAlgo, uint8_t *aid, PrintAndLogEx(FAILED, "Crypto algo not valid for the KDF AN10922 algo."); return PM3_EINVARG; } - // KDF input arg is ignored as it'll be generated. + // KDF input arg is ignored as it'll be generated. case MFDES_KDF_ALGO_NONE: break; default: diff --git a/client/src/cmdhw.c b/client/src/cmdhw.c index 4acd6c8df..2743df820 100644 --- a/client/src/cmdhw.c +++ b/client/src/cmdhw.c @@ -681,7 +681,7 @@ static int CmdConnect(const char *Cmd) { } static command_t CommandTable[] = { - {"-------------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Hardware") " -----------------------"}, + {"-------------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("Hardware") " -----------------------"}, {"help", CmdHelp, AlwaysAvailable, "This help"}, {"connect", CmdConnect, AlwaysAvailable, "connect Proxmark3 to serial port"}, {"dbg", CmdDbg, IfPm3Present, "Set Proxmark3 debug level"}, diff --git a/client/src/cmdlfem4x05.c b/client/src/cmdlfem4x05.c index c3cf2c99b..134cbaa9f 100644 --- a/client/src/cmdlfem4x05.c +++ b/client/src/cmdlfem4x05.c @@ -223,7 +223,7 @@ static bool detectPSK(void) { // In order to hit the INVERT, we need to demod here if (DemodBufferLen < 11) { - PrintAndLogEx(INFO," demod buff len less than PREAMBLE lEN"); + PrintAndLogEx(INFO, " demod buff len less than PREAMBLE lEN"); } size_t size = (11 > DemodBufferLen) ? DemodBufferLen : 11; @@ -388,7 +388,7 @@ static bool em4x05_verify_write(uint8_t addr, uint32_t pwd, bool use_pwd, uint32 int res = em4x05_read_word_ext(addr, pwd, use_pwd, &r); if (res == PM3_SUCCESS) { return (r == data); - } + } return false; } @@ -409,7 +409,7 @@ int em4x05_clone_tag(uint32_t *blockdata, uint8_t numblocks, uint32_t pwd, bool if (i == numblocks - 1) { conn.block_after_ACK = false; } - + if (i != 0) { blockdata[i] = reflect(blockdata[i], 32); } @@ -910,7 +910,7 @@ int CmdEM4x05Wipe(const char *Cmd) { static const char *printEM4x05_known(uint32_t word) { - switch(word) { + switch (word) { // case EM4305_DEFAULT_CONFIG_BLOCK: case EM4305_PRESCO_CONFIG_BLOCK: { return "EM4305 DEFAULT / PRESCO"; @@ -1066,7 +1066,7 @@ static void printEM4x05config(em_tech_type_t card_type, uint32_t wordData) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "--- " _CYAN_("Config Information") " ------------------------"); - PrintAndLogEx(INFO, "ConfigWord: %08X ( " _YELLOW_("%s") " )", wordData, printEM4x05_known(wordData) ); + PrintAndLogEx(INFO, "ConfigWord: %08X ( " _YELLOW_("%s") " )", wordData, printEM4x05_known(wordData)); PrintAndLogEx(INFO, " Data Rate: %02u | "_YELLOW_("RF/%u"), wordData & 0x3F, datarate); PrintAndLogEx(INFO, " Encoder: %u | " _YELLOW_("%s"), encoder, enc); @@ -1820,7 +1820,7 @@ int CmdEM4x05Unlock(const char *Cmd) { return exit_code; } -static size_t em4x05_Sniff_GetNextBitStart (size_t idx, size_t sc, int *data, size_t *pulsesamples) { +static size_t em4x05_Sniff_GetNextBitStart(size_t idx, size_t sc, int *data, size_t *pulsesamples) { while ((idx < sc) && (data[idx] <= 10)) // find a going high idx++; @@ -1828,7 +1828,7 @@ static size_t em4x05_Sniff_GetNextBitStart (size_t idx, size_t sc, int *data, si idx++; (*pulsesamples) = 0; - while ((idx < sc) && ((data[idx+1] - data[idx]) < 10 )) { // find "sharp rise" + while ((idx < sc) && ((data[idx + 1] - data[idx]) < 10)) { // find "sharp rise" (*pulsesamples)++; idx++; } @@ -1836,7 +1836,7 @@ static size_t em4x05_Sniff_GetNextBitStart (size_t idx, size_t sc, int *data, si return idx; } -uint32_t static em4x05_Sniff_GetBlock (char *bits, bool fwd) { +uint32_t static em4x05_Sniff_GetBlock(char *bits, bool fwd) { uint32_t value = 0; uint8_t idx; bool parityerror = false; @@ -1882,7 +1882,7 @@ uint32_t static em4x05_Sniff_GetBlock (char *bits, bool fwd) { if (parity != (bits[35] - '0')) parityerror = true; - if (parityerror) printf ("parity error : "); + if (parityerror) printf("parity error : "); if (!fwd) { uint32_t t1 = value; @@ -1923,14 +1923,14 @@ int CmdEM4x05Sniff(const char *Cmd) { void *argtable[] = { arg_param_begin, - arg_lit0("1", "buf","Use the data in the buffer"), + arg_lit0("1", "buf", "Use the data in the buffer"), arg_lit0("r", "rev", "Reverse the bit order for data blocks"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); - sampleData = !arg_get_lit(ctx,1); - fwd = arg_get_lit(ctx,2); + sampleData = !arg_get_lit(ctx, 1); + fwd = arg_get_lit(ctx, 2); // setup and sample data from Proxmark // if not directed to existing sample/graphbuffer @@ -1955,26 +1955,26 @@ int CmdEM4x05Sniff(const char *Cmd) { haveData = false; pwd = false; - idx = em4x05_Sniff_GetNextBitStart (idx, GraphTraceLen, GraphBuffer, &pulseSamples); + idx = em4x05_Sniff_GetNextBitStart(idx, GraphTraceLen, GraphBuffer, &pulseSamples); pktOffset = idx; if (pulseSamples >= 10) { // Should be 18 so a bit less to allow for processing - + // Use first bit to get "0" bit samples as a reference ZeroWidth = idx; - idx = em4x05_Sniff_GetNextBitStart (idx, GraphTraceLen, GraphBuffer, &pulseSamples); + idx = em4x05_Sniff_GetNextBitStart(idx, GraphTraceLen, GraphBuffer, &pulseSamples); ZeroWidth = idx - ZeroWidth; if (ZeroWidth <= 50) { pktOffset -= ZeroWidth; - memset(bits,0x00,sizeof(bits)); + memset(bits, 0x00, sizeof(bits)); bitidx = 0; while ((idx < GraphTraceLen) && !eop) { CycleWidth = idx; - idx = em4x05_Sniff_GetNextBitStart (idx, GraphTraceLen, GraphBuffer, &pulseSamples); + idx = em4x05_Sniff_GetNextBitStart(idx, GraphTraceLen, GraphBuffer, &pulseSamples); CycleWidth = idx - CycleWidth; - if ((CycleWidth > 300) || (CycleWidth < (ZeroWidth-5))) { // to long or too short + if ((CycleWidth > 300) || (CycleWidth < (ZeroWidth - 5))) { // to long or too short eop = true; bits[bitidx++] = '0'; // Append last zero from the last bit find cmdText[0] = 0; @@ -1988,70 +1988,70 @@ int CmdEM4x05Sniff(const char *Cmd) { // -> disable 1010 11111111 0 11111111 0 11111111 0 11111111 0 00000000 0 // Check to see if we got the leading 0 - if (((strncmp (bits,"00011",5) == 0)&& (bitidx == 50)) || - ((strncmp (bits,"00101",5) == 0)&& (bitidx == 57)) || - ((strncmp (bits,"01001",5) == 0)&& (bitidx == 12)) || - ((strncmp (bits,"01100",5) == 0)&& (bitidx == 50)) || - ((strncmp (bits,"01010",5) == 0)&& (bitidx == 50))) { - memcpy (bits,&bits[1],bitidx-1); - bitidx--; - printf ("Trim leading 0\n"); + if (((strncmp(bits, "00011", 5) == 0) && (bitidx == 50)) || + ((strncmp(bits, "00101", 5) == 0) && (bitidx == 57)) || + ((strncmp(bits, "01001", 5) == 0) && (bitidx == 12)) || + ((strncmp(bits, "01100", 5) == 0) && (bitidx == 50)) || + ((strncmp(bits, "01010", 5) == 0) && (bitidx == 50))) { + memcpy(bits, &bits[1], bitidx - 1); + bitidx--; + printf("Trim leading 0\n"); } bits[bitidx] = 0; - // printf ("==> %s\n",bits); + // printf ("==> %s\n",bits); // logon - if ((strncmp (bits,"0011",4) == 0) && (bitidx == 49)) { + if ((strncmp(bits, "0011", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = true; - sprintf (cmdText,"Logon"); - sprintf (blkAddr," "); - tmpValue = em4x05_Sniff_GetBlock (&bits[4], fwd); - sprintf (dataText,"%08X",tmpValue); + sprintf(cmdText, "Logon"); + sprintf(blkAddr, " "); + tmpValue = em4x05_Sniff_GetBlock(&bits[4], fwd); + sprintf(dataText, "%08X", tmpValue); } // write - if ((strncmp (bits,"0101",4) == 0) && (bitidx == 56)) { + if ((strncmp(bits, "0101", 4) == 0) && (bitidx == 56)) { haveData = true; - sprintf (cmdText,"Write"); + sprintf(cmdText, "Write"); tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3); - sprintf (blkAddr,"%d",tmpValue); + sprintf(blkAddr, "%d", tmpValue); if (tmpValue == 2) pwd = true; - tmpValue = em4x05_Sniff_GetBlock (&bits[11], fwd); - sprintf (dataText,"%08X",tmpValue); + tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); + sprintf(dataText, "%08X", tmpValue); } // read - if ((strncmp (bits,"1001",4) == 0) && (bitidx == 11)) { + if ((strncmp(bits, "1001", 4) == 0) && (bitidx == 11)) { haveData = true; pwd = false; - sprintf (cmdText,"Read"); + sprintf(cmdText, "Read"); tmpValue = (bits[4] - '0') + ((bits[5] - '0') << 1) + ((bits[6] - '0') << 2) + ((bits[7] - '0') << 3); - sprintf (blkAddr,"%d",tmpValue); - sprintf (dataText," "); + sprintf(blkAddr, "%d", tmpValue); + sprintf(dataText, " "); } // protect - if ((strncmp (bits,"1100",4) == 0) && (bitidx == 49)) { + if ((strncmp(bits, "1100", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = false; - sprintf (cmdText,"Protect"); - sprintf (blkAddr," "); - tmpValue = em4x05_Sniff_GetBlock (&bits[11], fwd); - sprintf (dataText,"%08X",tmpValue); + sprintf(cmdText, "Protect"); + sprintf(blkAddr, " "); + tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); + sprintf(dataText, "%08X", tmpValue); } // disable - if ((strncmp (bits,"1010",4) == 0) && (bitidx == 49)) { + if ((strncmp(bits, "1010", 4) == 0) && (bitidx == 49)) { haveData = true; pwd = false; - sprintf (cmdText,"Disable"); - sprintf (blkAddr," "); - tmpValue = em4x05_Sniff_GetBlock (&bits[11], fwd); - sprintf (dataText,"%08X",tmpValue); + sprintf(cmdText, "Disable"); + sprintf(blkAddr, " "); + tmpValue = em4x05_Sniff_GetBlock(&bits[11], fwd); + sprintf(dataText, "%08X", tmpValue); } - // bits[bitidx] = 0; + // bits[bitidx] = 0; } else { i = (CycleWidth - ZeroWidth) / 28; bits[bitidx++] = '0'; diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 893b0fc1b..05a8c7dff 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -442,7 +442,7 @@ static int CmdHIDBrute(const char *Cmd) { } CLIParserFree(ctx); - + if (verbose) { PrintAndLogEx(INFO, "Wiegand format#.. %i", format_idx); PrintAndLogEx(INFO, "OEM#............. %u", cn_hi.OEM); diff --git a/client/src/cmdlfkeri.c b/client/src/cmdlfkeri.c index c0749976b..c482a7941 100644 --- a/client/src/cmdlfkeri.c +++ b/client/src/cmdlfkeri.c @@ -22,7 +22,7 @@ #include "protocols.h" // for T55xx config register definitions #include "lfdemod.h" // preamble test #include "cmdlft55xx.h" // verifywrite -#include "cmdlfem4x05.h" // +#include "cmdlfem4x05.h" // static int CmdHelp(const char *Cmd); typedef enum {Scramble = 0, Descramble = 1} KeriMSScramble_t; @@ -154,7 +154,7 @@ int demodKeri(bool verbose) { raw1 = bytebits_to_byte(DemodBuffer, 32); raw2 = bytebits_to_byte(DemodBuffer + 32, 32); - + CmdPrintDemodBuff("x"); } @@ -166,7 +166,7 @@ int demodKeri(bool verbose) { ID &= 0x7FFFFFFF; PrintAndLogEx(SUCCESS, "KERI - Internal ID: " _GREEN_("%u") ", Raw: %08X%08X", ID, raw1, raw2); - + // Just need to the low 32 bits without the 111 trailer CmdKeriMSScramble(Descramble, &fc, &cardid, &raw2); @@ -227,12 +227,12 @@ static int CmdKeriClone(const char *Cmd) { char cardtype[16] = {"T55x7"}; if (arg_get_lit(ctx, 1)) { blocks[0] = T5555_FIXED | T5555_MODULATION_PSK1 | T5555_SET_BITRATE(32) | T5555_PSK_RF_2 | 2 << T5555_MAXBLOCK_SHIFT; - snprintf(cardtype, sizeof(cardtype) ,"Q5/T5555"); + snprintf(cardtype, sizeof(cardtype), "Q5/T5555"); q5 = true; } if (arg_get_lit(ctx, 5)) { blocks[0] = EM4305_KERI_CONFIG_BLOCK; - snprintf(cardtype, sizeof(cardtype) ,"EM4305/4469"); + snprintf(cardtype, sizeof(cardtype), "EM4305/4469"); em = true; } @@ -242,7 +242,7 @@ static int CmdKeriClone(const char *Cmd) { fc = arg_get_int_def(ctx, 3, 0); cid = arg_get_int_def(ctx, 4, 0); CLIParserFree(ctx); - + if (q5 && em) { PrintAndLogEx(FAILED, "Can't specify both Q5 and EM4305 at the same time"); return PM3_EINVARG; @@ -278,7 +278,7 @@ static int CmdKeriClone(const char *Cmd) { } else { res = clone_t55xx_tag(blocks, ARRAYLEN(blocks)); } - + PrintAndLogEx(SUCCESS, "Done"); PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf keri read`") " to verify"); return res; diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 17c2373e0..ab1a86fbd 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -3041,8 +3041,8 @@ static int CmdT55xxChkPwds(const char *Cmd) { } if (errors) return usage_t55xx_chk(); - - if (strlen(filename) == 0){ + + if (strlen(filename) == 0) { snprintf(filename, sizeof(filename), "t55xx_default_pwds"); use_pwd_file = true; } @@ -3133,9 +3133,9 @@ static int CmdT55xxChkPwds(const char *Cmd) { return PM3_ESOFT; } - + PrintAndLogEx(INFO, "press " _YELLOW_("'enter'") " to cancel the command"); - + for (uint32_t c = 0; c < keycount; ++c) { if (!session.pm3_present) { diff --git a/client/src/cmdlfvisa2000.c b/client/src/cmdlfvisa2000.c index 5b6715ab6..7fc3f89a5 100644 --- a/client/src/cmdlfvisa2000.c +++ b/client/src/cmdlfvisa2000.c @@ -187,21 +187,21 @@ static int CmdVisa2kClone(const char *Cmd) { bool q5 = tolower(param_getchar(Cmd, 1)) == 'q'; if (q5) { blocks[0] = T5555_FIXED | T5555_MODULATION_MANCHESTER | T5555_SET_BITRATE(64) | T5555_ST_TERMINATOR | 3 << T5555_MAXBLOCK_SHIFT; - snprintf(cardtype, sizeof(cardtype) ,"Q5/T5555"); + snprintf(cardtype, sizeof(cardtype), "Q5/T5555"); } // EM4305 bool em = tolower(param_getchar(Cmd, 1)) == 'e'; if (em) { blocks[0] = EM4305_VISA2000_CONFIG_BLOCK; - snprintf(cardtype, sizeof(cardtype) ,"EM4305/4469"); + snprintf(cardtype, sizeof(cardtype), "EM4305/4469"); } - + if (q5 && em) { PrintAndLogEx(FAILED, "Can't specify both Q5 and EM4305 at the same time"); return PM3_EINVARG; } - + blocks[2] = id; blocks[3] = (visa_parity(id) << 4) | visa_chksum(id); diff --git a/client/src/cmdsmartcard.c b/client/src/cmdsmartcard.c index 9959fe49b..90bbed6e6 100644 --- a/client/src/cmdsmartcard.c +++ b/client/src/cmdsmartcard.c @@ -633,24 +633,24 @@ static int CmdSmartUpgrade(const char *Cmd) { uint32_t bytes_remaining = firmware_size; while (bytes_remaining > 0) { - + struct { uint32_t idx; uint32_t bytes_in_packet; uint16_t crc; - uint8_t data[400]; + uint8_t data[400]; } PACKED upload; - + uint32_t bytes_in_packet = MIN(sizeof(upload.data), bytes_remaining); upload.idx = index + bytes_sent; upload.bytes_in_packet = bytes_in_packet; memcpy(upload.data, firmware + bytes_sent, bytes_in_packet); - + uint8_t a = 0, b = 0; compute_crc(CRC_14443_A, upload.data, bytes_in_packet, &a, &b); upload.crc = (a << 8 | b); - + clearCommandBuffer(); SendCommandNG(CMD_SMART_UPLOAD, (uint8_t *)&upload, sizeof(upload)); if (!WaitForResponseTimeout(CMD_SMART_UPLOAD, &resp, 2000)) { @@ -658,7 +658,7 @@ static int CmdSmartUpgrade(const char *Cmd) { free(firmware); return PM3_ETIMEOUT; } - + if (resp.status != PM3_SUCCESS) { PrintAndLogEx(WARNING, "uploading to device failed"); free(firmware); @@ -671,25 +671,25 @@ static int CmdSmartUpgrade(const char *Cmd) { PrintAndLogEx(NORMAL, ""); PrintAndLogEx(SUCCESS, "Sim module firmware updating, don\'t turn off your PM3!"); - // trigger the firmware upgrade + // trigger the firmware upgrade clearCommandBuffer(); struct { uint16_t fw_size; uint16_t crc; } PACKED payload; - payload.fw_size = firmware_size; + payload.fw_size = firmware_size; uint8_t a = 0, b = 0; compute_crc(CRC_14443_A, firmware, firmware_size, &a, &b); payload.crc = (a << 8 | b); - + free(firmware); SendCommandNG(CMD_SMART_UPGRADE, (uint8_t *)&payload, sizeof(payload)); if (!WaitForResponseTimeout(CMD_SMART_UPGRADE, &resp, 2500)) { PrintAndLogEx(WARNING, "timeout while waiting for reply."); return PM3_ETIMEOUT; } - + if (resp.status == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "Sim module firmware upgrade " _GREEN_("successful")); PrintAndLogEx(HINT, "run " _YELLOW_("`hw status`") " to validate the fw version "); @@ -843,7 +843,7 @@ static int CmdSmartSetClock(const char *Cmd) { payload.new_clk = new_clk; clearCommandBuffer(); - SendCommandNG(CMD_SMART_SETCLOCK, (uint8_t*)&payload, sizeof(payload)); + SendCommandNG(CMD_SMART_SETCLOCK, (uint8_t *)&payload, sizeof(payload)); PacketResponseNG resp; if (!WaitForResponseTimeout(CMD_SMART_SETCLOCK, &resp, 2500)) { PrintAndLogEx(WARNING, "smart card select failed"); diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index c716cc57f..cd02370c0 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -618,7 +618,7 @@ static bool Pack_Optus(wiegand_card_t *card, wiegand_message_t *packed) { packed->Length = 34; // Set number of bits set_linear_field(packed, card->CardNumber, 1, 16); set_linear_field(packed, card->FacilityCode, 22, 11); - + return add_HID_header(packed); } @@ -673,14 +673,14 @@ static bool Pack_bqt(wiegand_card_t *card, wiegand_message_t *packed) { set_linear_field(packed, card->FacilityCode, 1, 8); set_linear_field(packed, card->CardNumber, 9, 24); - + set_bit_by_position(packed, evenparity32(get_linear_field(packed, 1, 16)) , 0); set_bit_by_position(packed, oddparity32(get_linear_field(packed, 17, 16)) , 33); - + return add_HID_header(packed); } @@ -691,7 +691,7 @@ static bool Unpack_bqt(wiegand_message_t *packed, wiegand_card_t *card) { card->FacilityCode = get_linear_field(packed, 1, 8); card->CardNumber = get_linear_field(packed, 9, 24); - + card->ParityValid = (get_bit_by_position(packed, 0) == evenparity32(get_linear_field(packed, 1, 16))) && (get_bit_by_position(packed, 33) == oddparity32(get_linear_field(packed, 17, 16))); @@ -707,9 +707,9 @@ static const cardformat_t FormatTable[] = { {"Kastle", Pack_Kastle, Unpack_Kastle, "Kastle 32-bit", {1, 1, 1, 0, 1}}, // from @xilni; PR #23 on RfidResearchGroup/proxmark3 {"D10202", Pack_D10202, Unpack_D10202, "HID D10202 33-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"H10306", Pack_H10306, Unpack_H10306, "HID H10306 34-bit", {1, 1, 0, 0, 1}}, // imported from old pack/unpack - {"N10002", Pack_N10002, Unpack_N10002, "HID N10002 34-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au + {"N10002", Pack_N10002, Unpack_N10002, "HID N10002 34-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au {"Optus34", Pack_Optus, Unpack_Optus, "Indala Optus 34-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au - {"Smartpass", Pack_Smartpass, Unpack_Smartpass, "Cardkey Smartpass 34-bit", {1, 1, 1, 0, 0}}, // from cardinfo.barkweb.com.au + {"Smartpass", Pack_Smartpass, Unpack_Smartpass, "Cardkey Smartpass 34-bit", {1, 1, 1, 0, 0}}, // from cardinfo.barkweb.com.au {"BQT", Pack_bqt, Unpack_bqt, "BQT 34-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"C1k35s", Pack_C1k35s, Unpack_C1k35s, "HID Corporate 1000 35-bit standard layout", {1, 1, 0, 0, 1}}, // imported from old pack/unpack {"C15001", Pack_C15001, Unpack_C15001, "HID KeyScan 36-bit", {1, 1, 0, 1, 1}}, // from Proxmark forums diff --git a/doc/commands.md b/doc/commands.md index e2ca72107..22149f373 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -160,7 +160,7 @@ Check column "offline" for their availability. |`hf 14b reader `|N |`Act as a 14443B reader to identify a tag` |`hf 14b sim `|N |`Fake ISO 14443B tag` |`hf 14b sniff `|N |`Eavesdrop ISO 14443B` -|`hf 14b sriread `|N |`Read contents of a SRI512 | SRIX4K tag` +|`hf 14b rdbl `|N |`Read SRI512/SRIX4x block` |`hf 14b sriwrite `|N |`Write data to a SRI512 | SRIX4K tag` @@ -203,7 +203,7 @@ Check column "offline" for their availability. ### hf felica - { ISO18092 / Felica RFIDs... } + { ISO18092 / FeliCa RFIDs... } |command |offline |description |------- |------- |----------- @@ -325,6 +325,7 @@ Check column "offline" for their availability. |`hf mf chk `|N |`Check keys` |`hf mf fchk `|N |`Check keys fast, targets all keys on card` |`hf mf decrypt `|Y |`[nt] [ar_enc] [at_enc] [data] - to decrypt sniff or trace` +|`hf mf supercard `|N |`Extract info from a `super card`` |`hf mf auth4 `|N |`ISO14443-4 AES authentication` |`hf mf dump `|N |`Dump MIFARE Classic tag to binary file` |`hf mf mad `|N |`Checks and prints MAD` @@ -591,10 +592,12 @@ Check column "offline" for their availability. |`lf em 4x05_read `|N |`read word data from EM4x05/EM4x69` |`lf em 4x05_write `|N |`write word data to EM4x05/EM4x69` |`lf em 4x05_unlock `|N |`execute tear off against EM4x05/EM4x69` +|`lf em 4x05_sniff `|Y |`Attempt to recover em4x05 commands from sample buffer` +|`lf em 4x05_brute `|N |`Bruteforce password` |`lf em 4x50_dump `|N |`dump EM4x50 tag` |`lf em 4x50_info `|N |`tag information EM4x50` |`lf em 4x50_write `|N |`write word data to EM4x50` -|`lf em 4x50_write_password`|N |`change passwword of EM4x50 tag` +|`lf em 4x50_write_password`|N |`change password of EM4x50 tag` |`lf em 4x50_read `|N |`read word data from EM4x50` |`lf em 4x50_wipe `|N |`wipe data from EM4x50` From 2eac5d8dd44d639d6917121598cfd43ed5cc1add Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 1 Nov 2020 19:50:09 -0500 Subject: [PATCH 05/53] Fix missing hyphens on command examples --- client/src/cmdtrace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/cmdtrace.c b/client/src/cmdtrace.c index d23a5a92a..534fbbc45 100644 --- a/client/src/cmdtrace.c +++ b/client/src/cmdtrace.c @@ -606,8 +606,8 @@ int CmdTraceList(const char *Cmd) { "trace list -t hitags -> interpret as " _YELLOW_("HitagS") " communications\n" "trace list -t lto -> interpret as " _YELLOW_("LTO-CM") " communications\n" "trace list -t cryptorf -> interpret as " _YELLOW_("CryptoRF") " communitcations\n" - "trace list -t 14a f -> show frame delay times\n" - "trace list -t 14a 1 -> use trace buffer " + "trace list -t 14a -f -> show frame delay times\n" + "trace list -t 14a -1 -> use trace buffer " ); void *argtable[] = { From 71cf7da4c2b00cfe48173039c828ed5cfa834169 Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 1 Nov 2020 20:10:13 -0500 Subject: [PATCH 06/53] hf iclass eload - now uses cliparser --- client/src/cmdhficlass.c | 69 +++++++++++++++------------------------- doc/cheatsheet.md | 4 +-- 2 files changed, 27 insertions(+), 46 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 00c0010b2..44592aca2 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -66,22 +66,12 @@ static int usage_hf_iclass_sim(void) { PrintAndLogEx(NORMAL, " -- execute loclass attack online part"); PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass sim 2")); PrintAndLogEx(NORMAL, " -- simulate full iCLASS 2k tag"); - PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass eload f hf-iclass-AA162D30F8FF12F1-dump.bin")); + PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass eload -f hf-iclass-AA162D30F8FF12F1-dump.bin")); PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass sim 3")); PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -static int usage_hf_iclass_eload(void) { - PrintAndLogEx(NORMAL, "Loads iCLASS tag dump into emulator memory on device\n"); - PrintAndLogEx(NORMAL, "Usage: hf iclass eload [h] f \n"); - PrintAndLogEx(NORMAL, "Options"); - PrintAndLogEx(NORMAL, " h : Show this help"); - PrintAndLogEx(NORMAL, " f : filename of dump"); - PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass eload f hf-iclass-AA162D30F8FF12F1-dump.bin")); - PrintAndLogEx(NORMAL, ""); - return PM3_SUCCESS; -} + static int usage_hf_iclass_esave(void) { PrintAndLogEx(NORMAL, "Save emulator memory to file."); PrintAndLogEx(NORMAL, "if not filename is supplied, CSN will be used."); @@ -884,42 +874,33 @@ static int CmdHFiClassReader(const char *Cmd) { } static int CmdHFiClassELoad(const char *Cmd) { + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf iclass eload", + "Loads iCLASS tag dump into emulator memory on device", + "hf iclass eload -f hf-iclass-AA162D30F8FF12F1-dump.bin\n"); + + void *argtable[] = { + arg_param_begin, + arg_str1("f", "file", "", "filename of dump"), + arg_lit0(NULL, "json", "print from this block (default block6)"), + arg_lit0(NULL, "eml", "end printing at this block (default 0, ALL)"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); + + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); DumpFileType_t dftype = BIN; - char filename[FILE_PATH_SIZE] = {0}; - bool errors = false; - uint8_t cmdp = 0; - while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { - switch (tolower(param_getchar(Cmd, cmdp))) { - case 'h': - return usage_hf_iclass_eload(); - case 'f': - if (param_getstr(Cmd, cmdp + 1, filename, FILE_PATH_SIZE) >= FILE_PATH_SIZE) { - PrintAndLogEx(FAILED, "Filename too long"); - errors = true; - break; - } - cmdp += 2; - break; - case 'j': - dftype = JSON; - cmdp++; - break; - case 'e': - dftype = EML; - cmdp++; - break; - default: - PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); - errors = true; - break; - } + + if (arg_get_lit(ctx, 2)) { + dftype = JSON; + } else if (arg_get_lit(ctx, 3)) { + dftype = EML; } - //Validations - if (errors || cmdp == 0) { - return usage_hf_iclass_eload(); - } + CLIParserFree(ctx); uint8_t *dump = calloc(2048, sizeof(uint8_t)); if (!dump) { diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index a239b6af4..234c39ffb 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -135,7 +135,7 @@ Options --- f : load iCLASS tag-dump filename -pm3 --> hf iclass eload f hf-iclass-db883702f8ff12e0.bin +pm3 --> hf iclass eload -f hf-iclass-db883702f8ff12e0.bin ``` Clone iCLASS Legacy Sequence @@ -160,7 +160,7 @@ pm3 --> hf iclass sim 3 Simulate iCLASS Sequence ``` pm3 --> hf iclass dump k 0 -pm3 --> hf iclass eload f hf-iclass-db883702f8ff12e0.bin +pm3 --> hf iclass eload -f hf-iclass-db883702f8ff12e0.bin pm3 --> hf iclass sim 3 ``` From 2648ed035474a59096f7a776589113c228ecb33d Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 1 Nov 2020 20:15:32 -0500 Subject: [PATCH 07/53] update eload argument text --- client/src/cmdhficlass.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 44592aca2..d2b7045a6 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -882,8 +882,8 @@ static int CmdHFiClassELoad(const char *Cmd) { void *argtable[] = { arg_param_begin, arg_str1("f", "file", "", "filename of dump"), - arg_lit0(NULL, "json", "print from this block (default block6)"), - arg_lit0(NULL, "eml", "end printing at this block (default 0, ALL)"), + arg_lit0(NULL, "json", "load JSON type dump"), + arg_lit0(NULL, "eml", "load EML type dump"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); From 9ec126a80b39cb5c4f6bbe5cbcb047212c32c745 Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 1 Nov 2020 20:58:14 -0500 Subject: [PATCH 08/53] hf iclass loclass - now uses cliparser --- client/src/cmdhficlass.c | 67 +++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index d2b7045a6..f0c4c0f43 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -262,27 +262,6 @@ static int usage_hf_iclass_managekeys(void) { PrintAndLogEx(NORMAL, ""); return PM3_SUCCESS; } -static int usage_hf_iclass_loclass(void) { - PrintAndLogEx(NORMAL, "Execute the offline part of loclass attack"); - PrintAndLogEx(NORMAL, " An iclass dumpfile is assumed to consist of an arbitrary number of"); - PrintAndLogEx(NORMAL, " malicious CSNs, and their protocol responses"); - PrintAndLogEx(NORMAL, " The binary format of the file is expected to be as follows: "); - PrintAndLogEx(NORMAL, " <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); - PrintAndLogEx(NORMAL, " <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); - PrintAndLogEx(NORMAL, " <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>"); - PrintAndLogEx(NORMAL, " ... totalling N*24 bytes\n"); - PrintAndLogEx(NORMAL, "Usage: hf iclass loclass [h] [t [l]] [f ]\n"); - PrintAndLogEx(NORMAL, "Options:"); - PrintAndLogEx(NORMAL, " h Show this help"); - PrintAndLogEx(NORMAL, " t Perform self-test"); - PrintAndLogEx(NORMAL, " t l Perform self-test, including long ones"); - PrintAndLogEx(NORMAL, " f Bruteforce iclass dumpfile"); - PrintAndLogEx(NORMAL, "Examples:"); - PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass loclass f iclass-dump.bin")); - PrintAndLogEx(NORMAL, _YELLOW_("\thf iclass loclass t")); - PrintAndLogEx(NORMAL, ""); - return PM3_SUCCESS; -} static int usage_hf_iclass_chk(void) { PrintAndLogEx(NORMAL, "Checkkeys loads a dictionary text file with 8byte hex keys to test authenticating against a iClass tag\n"); PrintAndLogEx(NORMAL, "Usage: hf iclass chk [h|e|r] [f (*.dic)]\n"); @@ -2306,26 +2285,42 @@ static int CmdHFiClass_ReadBlock(const char *Cmd) { } static int CmdHFiClass_loclass(const char *Cmd) { - char opt = tolower(param_getchar(Cmd, 0)); + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf iclass loclass", + "Execute the offline part of loclass attack\n" + " An iclass dumpfile is assumed to consist of an arbitrary number of\n" + " malicious CSNs, and their protocol responses\n" + " The binary format of the file is expected to be as follows: \n" + " <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>\n" + " <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>\n" + " <8 byte CSN><8 byte CC><4 byte NR><4 byte MAC>\n" + " ... totalling N*24 bytes", + "hf iclass loclass -f iclass-dump.bin\n" + "hf iclass loclass --test"); - if (strlen(Cmd) < 1 || opt == 'h') - return usage_hf_iclass_loclass(); + void *argtable[] = { + arg_param_begin, + arg_str0("f", "file", "", "filename of Bruteforce iclass dumpfile"), + arg_lit0(NULL, "test", "Perform self-test"), + arg_lit0(NULL, "long", "Perform self-test, including long ones"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, false); - if (opt == 'f') { - char fileName[FILE_PATH_SIZE] = {0}; - if (param_getstr(Cmd, 1, fileName, sizeof(fileName)) > 0) { - return bruteforceFileNoKeys(fileName); - } else { - PrintAndLogEx(WARNING, "You must specify a filename"); - return PM3_EFILE; - } - } else if (opt == 't') { - char opt2 = tolower(param_getchar(Cmd, 1)); + int fnlen = 0; + char filename[FILE_PATH_SIZE] = {0}; + CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); + bool test = arg_get_lit(ctx, 2); + bool longtest = arg_get_lit(ctx, 3); + + CLIParserFree(ctx); + + if (test || longtest) { int errors = testCipherUtils(); errors += testMAC(); errors += doKeyTests(); - errors += testElite(opt2 == 'l'); + errors += testElite(longtest); if (errors != PM3_SUCCESS) PrintAndLogEx(ERR, "There were errors!!!"); @@ -2333,7 +2328,7 @@ static int CmdHFiClass_loclass(const char *Cmd) { return PM3_ESOFT; } - return usage_hf_iclass_loclass(); + return bruteforceFileNoKeys(filename); } void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t endblock, size_t filesize) { From 4c333ff02f36eb4bb4fc231c144d8e741770759b Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 1 Nov 2020 21:02:51 -0500 Subject: [PATCH 09/53] Update references to hf iclass loclass --- armsrc/Standalone/hf_iceclass.c | 2 +- client/src/cmdhficlass.c | 4 ++-- doc/cheatsheet.md | 2 +- doc/loclass_notes.md | 6 +++--- tools/pm3_tests.sh | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/armsrc/Standalone/hf_iceclass.c b/armsrc/Standalone/hf_iceclass.c index 0c06bc90b..8490ea628 100644 --- a/armsrc/Standalone/hf_iceclass.c +++ b/armsrc/Standalone/hf_iceclass.c @@ -132,7 +132,7 @@ static void download_instructions(uint8_t t) { DbpString("The collected data was saved to SPIFFS. The file names below may differ"); DbpString("1. " _YELLOW_("mem spiffs tree")); DbpString("2. " _YELLOW_("mem spiffs dump o " HF_ICLASS_ATTACK_BIN " f " HF_ICLASS_ATTACK_BIN)); - DbpString("3. " _YELLOW_("hf iclass loclass f " HF_ICLASS_ATTACK_BIN)); + DbpString("3. " _YELLOW_("hf iclass loclass -f " HF_ICLASS_ATTACK_BIN)); break; } case ICE_STATE_READER: { diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index f0c4c0f43..d37baac48 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -699,7 +699,7 @@ static int CmdHFiClassSim(const char *Cmd) { saveFile("iclass_mac_attack", ".bin", dump, datalen); free(dump); - PrintAndLogEx(HINT, "Try `" _YELLOW_("hf iclass loclass h") "` to recover elite key"); + PrintAndLogEx(HINT, "Try `" _YELLOW_("hf iclass loclass -h") "` to recover elite key"); break; } case ICLASS_SIM_MODE_READER_ATTACK_KEYROLL: { @@ -765,7 +765,7 @@ static int CmdHFiClassSim(const char *Cmd) { saveFile("iclass_mac_attack_keyroll_B", ".bin", dump, datalen); free(dump); - PrintAndLogEx(HINT, "Try `" _YELLOW_("hf iclass loclass h") "` to recover elite key"); + PrintAndLogEx(HINT, "Try `" _YELLOW_("hf iclass loclass -h") "` to recover elite key"); break; } case ICLASS_SIM_MODE_CSN: diff --git a/doc/cheatsheet.md b/doc/cheatsheet.md index 234c39ffb..a3ea9c579 100644 --- a/doc/cheatsheet.md +++ b/doc/cheatsheet.md @@ -173,7 +173,7 @@ k : Access Key as 16 hex symbols or 1 hex to select key from memory e : If 'e' is specified, elite computations applied to key pm3 --> hf iclass sim 2 -pm3 --> hf iclass loclass f iclass_mac_attack.bin +pm3 --> hf iclass loclass -f iclass_mac_attack.bin pm3 --> hf iclass managekeys n 7 k pm3 --> hf iclass dump k 7 e ``` diff --git a/doc/loclass_notes.md b/doc/loclass_notes.md index 643e0d84e..f9280119b 100644 --- a/doc/loclass_notes.md +++ b/doc/loclass_notes.md @@ -8,15 +8,15 @@ LOCLASS, is a two part attack. First is the online part where you gather needed The second part is offline, where the information gathered from the first step is used in a series of DES operations to figure out the used masterkey. - run `hf iclass loclass f abc.bin` + run `hf iclass loclass -f abc.bin` If you don't have access to a iClass SE reader configured in Elite mode there is a test file which you can use. - `hf iclass loclass f iclass_dump.bin` + `hf iclass loclass -f iclass_dump.bin` # Unit testing In order to verify that loclass is actually working, there is a "unit" test mode. -run `hf iclass loclass t`. +run `hf iclass loclass --test`. This test mode uses two files. diff --git a/tools/pm3_tests.sh b/tools/pm3_tests.sh index 41ebe1951..d4aa7d89a 100755 --- a/tools/pm3_tests.sh +++ b/tools/pm3_tests.sh @@ -450,10 +450,10 @@ while true; do echo -e "\n${C_BLUE}Testing HF:${C_NC}" if ! CheckExecute "hf mf offline text" "$CLIENTBIN -c 'hf mf'" "at_enc"; then break; fi if ! CheckExecute slow retry ignore "hf mf hardnested long test" "$CLIENTBIN -c 'hf mf hardnested t 1 000000000000'" "found:"; then break; fi - if ! CheckExecute slow "hf iclass long test" "$CLIENTBIN -c 'hf iclass loclass t l'" "verified ok"; then break; fi + if ! CheckExecute slow "hf iclass long test" "$CLIENTBIN -c 'hf iclass loclass --long'" "verified ok"; then break; fi if ! CheckExecute slow "emv long test" "$CLIENTBIN -c 'emv test -l'" "Test(s) \[ ok"; then break; fi if ! $SLOWTESTS; then - if ! CheckExecute "hf iclass test" "$CLIENTBIN -c 'hf iclass loclass t'" "key diversification (ok)"; then break; fi + if ! CheckExecute "hf iclass test" "$CLIENTBIN -c 'hf iclass loclass --test'" "key diversification (ok)"; then break; fi if ! CheckExecute "emv test" "$CLIENTBIN -c 'emv test'" "Test(s) \[ ok"; then break; fi fi fi From 959feee3cedb6ff27d47fbda899ead6f81e8e965 Mon Sep 17 00:00:00 2001 From: tcprst Date: Sun, 1 Nov 2020 21:14:10 -0500 Subject: [PATCH 10/53] update doc for new standalone --- doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md index 4b7b665e7..403210684 100644 --- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md +++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md @@ -96,6 +96,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo | HF_LEGIC | HF Legic Prime standalone - uhei | HF_MATTYRUN | Mifare sniff/clone - Matías A. Ré Medina | HF_MSDSAL (def)| EMV Read and emulation - Salvador Mendoza +| HF_TCPRST | IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation - Nick Draffen | HF_YOUNG | Mifare sniff/simulation - Craig Young By default `STANDALONE=HF_MSDSAL`. From 7884c4bcb46bad2e469a827578ea840bcee46ce3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 2 Nov 2020 07:50:07 +0100 Subject: [PATCH 11/53] zero out uid --- armsrc/mifarecmd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 75de380c4..1b0e55bef 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2376,6 +2376,9 @@ void MifareHasStaticNonce(void) { int retval = PM3_SUCCESS; uint32_t nt = 0; uint8_t *uid = BigBuf_malloc(10); + + memset(uid, 0x00, 10); + uint8_t data[1] = { NONCE_FAIL }; struct Crypto1State mpcs = {0, 0}; struct Crypto1State *pcs; @@ -2392,7 +2395,7 @@ void MifareHasStaticNonce(void) { goto OUT; } - uint8_t rec[1] = {0x00}; + uint8_t rec[4] = {0x00}; uint8_t recpar[1] = {0x00}; // Transmit MIFARE_CLASSIC_AUTH 0x60, block 0 int len = mifare_sendcmd_short(pcs, false, MIFARE_AUTH_KEYA, 0, rec, recpar, NULL); @@ -2412,6 +2415,8 @@ void MifareHasStaticNonce(void) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); CHK_TIMEOUT(); + + memset(rec, 0x00, sizeof(rec)); } if (counter) { From e83c5853336e9e853861766cb75588d248a3de9a Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Mon, 2 Nov 2020 15:56:14 +0100 Subject: [PATCH 12/53] Fix Makefile --- client/Makefile | 61 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 21 deletions(-) diff --git a/client/Makefile b/client/Makefile index 679926d6a..dcfadb340 100644 --- a/client/Makefile +++ b/client/Makefile @@ -29,26 +29,31 @@ endif AMIIBOLIBPATH = ./deps/amiitool AMIIBOLIBINC = -I$(AMIIBOLIBPATH) AMIIBOLIB = $(AMIIBOLIBPATH)/libamiibo.a +AMIIBOLIBLD = ## Cliparser / Argtable3 CLIPARSERLIBPATH = ./deps/cliparser CLIPARSERLIBINC = -I$(CLIPARSERLIBPATH) CLIPARSERLIB = $(CLIPARSERLIBPATH)/libcliparser.a +CLIPARSERLIBLD = ## Hardnested HARDNESTEDLIBPATH = ./deps/hardnested HARDNESTEDLIBINC = -I$(HARDNESTEDLIBPATH) HARDNESTEDLIB = $(HARDNESTEDLIBPATH)/libhardnested.a +HARDNESTEDLIBLD = ## Jansson JANSSONLIBPATH = ./deps/jansson JANSSONLIBINC = -I$(JANSSONLIBPATH) JANSSONLIB = $(JANSSONLIBPATH)/libjansson.a +JANSSONLIBLD = ## Lua LUALIBPATH = ./deps/liblua LUALIBINC = -I$(LUALIBPATH) LUALIB = $(LUALIBPATH)/liblua.a +LUALIBLD = LUAPLATFORM = generic ifneq (,$(findstring MINGW,$(platform))) LUAPLATFORM = mingw @@ -56,7 +61,7 @@ else ifeq ($(platform),Darwin) LUAPLATFORM = macosx else - LUALIB += -ldl + LUALIBLD += -ldl LUAPLATFORM = linux endif endif @@ -65,16 +70,19 @@ endif REVENGLIBPATH = ./deps/reveng REVENGLIBINC = -I$(REVENGLIBPATH) REVENGLIB = $(REVENGLIBPATH)/libreveng.a +REVENGLIBLD = ## Tinycbor TINYCBORLIBPATH = ./deps/tinycbor TINYCBORLIBINC = -I$(TINYCBORLIBPATH) TINYCBORLIB = $(TINYCBORLIBPATH)/tinycbor.a +TINYCBORLIBLD = ## Whereami WHEREAMILIBPATH = ./deps/whereami WHEREAMILIBINC = -I$(WHEREAMILIBPATH) WHEREAMILIB = $(WHEREAMILIBPATH)/libwhereami.a +WHEREAMILIBLD = ########################## # common local libraries # @@ -91,17 +99,20 @@ MBEDTLSLIB = $(OBJDIR)/libmbedtls.a ## Amiibo # not distributed as system library -LDLIBS += $(AMIIBOLIB) +STATICLIBS += $(AMIIBOLIB) +LDLIBS += $(AMIIBOLIBLD) INCLUDES += $(AMIIBOLIBINC) ## Cliparser / Argtable3 # not distributed as system library -LDLIBS += $(CLIPARSERLIB) +STATICLIBS += $(CLIPARSERLIB) +LDLIBS += $(CLIPARSERLIBLD) INCLUDES += $(CLIPARSERLIBINC) ## Hardnested # not distributed as system library -LDLIBS += $(HARDNESTEDLIB) +STATICLIBS += $(HARDNESTEDLIB) +LDLIBS +=$(HARDNESTEDLIBLD) INCLUDES += $(HARDNESTEDLIBINC) ## Jansson @@ -109,12 +120,14 @@ ifneq ($(SKIPJANSSONSYSTEM),1) JANSSONINCLUDES = $(shell $(PKG_CONFIG_ENV) pkg-config --cflags jansson 2>/dev/null) JANSSONLDLIBS = $(shell $(PKG_CONFIG_ENV) pkg-config --libs jansson 2>/dev/null) ifneq ($(JANSSONLDLIBS),) - JANSSONLIB = $(JANSSONLDLIBS) + JANSSONLIB = + JANSSONLIBLD = $(JANSSONLDLIBS) JANSSONLIBINC = $(JANSSONINCLUDES) JANSSON_FOUND = 1 endif endif -LDLIBS += $(JANSSONLIB) +STATICLIBS += $(JANSSONLIB) +LDLIBS += $(JANSSONLIBLD) INCLUDES += $(JANSSONLIBINC) ## Lua @@ -122,38 +135,45 @@ ifneq ($(SKIPLUASYSTEM),1) LUAINCLUDES = $(shell $(PKG_CONFIG_ENV) pkg-config --cflags lua5.2 2>/dev/null) LUALDLIBS = $(shell $(PKG_CONFIG_ENV) pkg-config --libs lua5.2 2>/dev/null) ifneq ($(LUALDLIBS),) - LUALIB = $(LUALDLIBS) + LUALIB = + LUALIBLD = $(LUALDLIBS) LUALIBINC = $(LUAINCLUDES) LUA_FOUND = 1 endif endif -LDLIBS += $(LUALIB) +STATICLIBS += $(LUALIB) +LDLIBS += $(LUALIBLD) INCLUDES += $(LUALIBINC) ## mbed TLS # system library cannot be used because it is compiled by default without CMAC support -LDLIBS +=$(MBEDTLSLIB) +STATICLIBS += $(MBEDTLSLIB) +LDLIBS += $(MBEDTLSLIBLD) INCLUDES += $(MBEDTLSLIBINC) ## Reveng # not distributed as system library -LDLIBS += $(REVENGLIB) +STATICLIBS += $(REVENGLIB) +LDLIBS += $(REVENGLIBLD) INCLUDES += $(REVENGLIBINC) ## Tinycbor # not distributed as system library -LDLIBS += $(TINYCBORLIB) +STATICLIBS += $(TINYCBORLIB) +LDLIBS += $(TINYCBORLIBLD) INCLUDES += $(TINYCBORLIBINC) ## Whereami ifneq ($(SKIPWHEREAMISYSTEM),1) ifneq (,$(wildcard /usr/include/whereami.h)) - WHEREAMILIB = -lwhereami + WHEREAMILIB = + WHEREAMILIBLD = -lwhereami WHEREAMILIBINC = WHEREAMI_FOUND = 1 endif endif -LDLIBS += $(WHEREAMILIB) +STATICLIBS += $(WHEREAMILIB) +LDLIBS += $(WHEREAMILIBLD) INCLUDES += $(WHEREAMILIBINC) #################### @@ -176,12 +196,12 @@ ifneq ($(SKIPBT),1) BTINCLUDES = $(shell $(PKG_CONFIG_ENV) pkg-config --cflags bluez 2>/dev/null) BTLDLIBS = $(shell $(PKG_CONFIG_ENV) pkg-config --libs bluez 2>/dev/null) ifneq ($(BTLDLIBS),) - BTLIB = $(BTLDLIBS) + BTLIBLD = $(BTLDLIBS) BTLIBINC = $(BTINCLUDES) BT_FOUND = 1 endif endif -LDLIBS += $(BTLIB) +LDLIBS += $(BTLIBLD) INCLUDES += $(BTLIBINC) ## Math @@ -198,7 +218,7 @@ ifneq ($(SKIPPYTHON),1) PYTHONINCLUDES = $(shell $(PKG_CONFIG_ENV) pkg-config --cflags python3 2>/dev/null) PYTHONLDLIBS = $(shell $(PKG_CONFIG_ENV) pkg-config --libs python3 2>/dev/null) ifneq ($(PYTHONLDLIBS),) - PYTHONLIB = $(PYTHONLDLIBS) + PYTHONLIBLD = $(PYTHONLDLIBS) PYTHONLIBINC = $(PYTHONINCLUDES) PYTHON_FOUND = 1 else @@ -206,13 +226,13 @@ ifneq ($(SKIPPYTHON),1) PYTHONINCLUDES = $(shell $(PKG_CONFIG_ENV) pkg-config --cflags python3-embed 2>/dev/null) PYTHONLDLIBS = $(shell $(PKG_CONFIG_ENV) pkg-config --libs python3-embed 2>/dev/null) ifneq ($(PYTHONLDLIBS),) - PYTHONLIB = $(PYTHONLDLIBS) + PYTHONLIBLD = $(PYTHONLDLIBS) PYTHONLIBINC = $(PYTHONINCLUDES) PYTHON_FOUND = 1 endif endif endif -LDLIBS += $(PYTHONLIB) +LDLIBS += $(PYTHONLIBLD) INCLUDES += $(PYTHONLIBINC) ## QT5 (or QT4 fallback) (optional) @@ -584,10 +604,9 @@ all: $(BINS) all-static: LDLIBS:=-static $(LDLIBS) all-static: $(BINS) -proxmark3: $(AMIIBOLIB) $(CLIPARSERLIB) $(JANSSONLIB) $(HARDNESTEDLIB) $(LUALIB) $(MBEDTLSLIB) $(REVENGLIB) $(TINYCBORLIB) $(WHEREAMILIB) -proxmark3: $(OBJS) lualibs/pm3_cmd.lua lualibs/mfc_default_keys.lua +proxmark3: $(OBJS) $(STATICLIBS) lualibs/pm3_cmd.lua lualibs/mfc_default_keys.lua $(info [=] LD $@) - $(Q)$(LD) $(PM3LDFLAGS) $(OBJS) $(LDLIBS) -o $@ + $(Q)$(LD) $(PM3LDFLAGS) $(OBJS) $(STATICLIBS) $(LDLIBS) -o $@ src/proxgui.cpp: src/ui/ui_overlays.h From 89e731748948c2d30858d52eb5819b6cc3528708 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 2 Nov 2020 17:25:09 +0100 Subject: [PATCH 13/53] fix, part coverity, part bad user input combo --- client/src/cmdhficlass.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index d37baac48..13d7139f0 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -871,23 +871,35 @@ static int CmdHFiClassELoad(const char *Cmd) { char filename[FILE_PATH_SIZE] = {0}; CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); - DumpFileType_t dftype = BIN; + if (strlen(filename) == 0) { + PrintAndLogEx(ERR, "Error: Please specify a filename"); + return PM3_EINVARG; + } - if (arg_get_lit(ctx, 2)) { + DumpFileType_t dftype = BIN; + + bool use_json = arg_get_lit(ctx, 2); + bool use_eml = arg_get_lit(ctx, 3); + CLIParserFree(ctx); + + if (use_json && use_eml) { + PrintAndLogEx(ERR, "Error: can't specify both JSON & EML"); + return PM3_EINVARG; + } + + if (use_json) { dftype = JSON; - } else if (arg_get_lit(ctx, 3)) { + } else if (use_eml) { dftype = EML; } - CLIParserFree(ctx); - + size_t bytes_read = 2048; uint8_t *dump = calloc(2048, sizeof(uint8_t)); if (!dump) { PrintAndLogEx(ERR, "error, cannot allocate memory "); return PM3_EMALLOC; } - size_t bytes_read = 2048; int res = 0; switch (dftype) { @@ -903,10 +915,10 @@ static int CmdHFiClassELoad(const char *Cmd) { res = loadFileJSON(filename, dump, 2048, &bytes_read, NULL); break; } - case DICTIONARY: - PrintAndLogEx(ERR, "No dictionary loaded"); - free(dump); - return PM3_ESOFT; + case DICTIONARY: { + PrintAndLogEx(ERR, "Error: Only BIN/JSON/EML formats allowed"); + return PM3_EINVARG; + } } if (res != PM3_SUCCESS) { From e91c46616af5e2c26a0ec90b44aec93539a3c04e Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 2 Nov 2020 17:27:39 +0100 Subject: [PATCH 14/53] fix, coverity 303794 --- client/src/cmdhfmfdes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 5ea303f6d..8a16be64e 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -2116,19 +2116,20 @@ static int desfire_authenticate(int cmdAuthMode, int cmdAuthAlgo, uint8_t *aid, PrintAndLogEx(FAILED, "KDF AN10922 algo requires an input of length 1-31 bytes."); return PM3_EINVARG; } + break; case MFDES_KDF_ALGO_GALLAGHER: // TODO: 2TDEA and 3TDEA keys use an input length of 1-15 bytes if (cmdAuthAlgo != MFDES_ALGO_AES) { PrintAndLogEx(FAILED, "Crypto algo not valid for the KDF AN10922 algo."); return PM3_EINVARG; } + break; // KDF input arg is ignored as it'll be generated. case MFDES_KDF_ALGO_NONE: break; default: PrintAndLogEx(WARNING, "KDF algo %d is not supported.", cmdKdfAlgo); return PM3_EINVARG; - break; } // KEY From feddfe7f43e34d5c1b30b74a5bc022b17754ac7c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 2 Nov 2020 17:55:48 +0100 Subject: [PATCH 15/53] fix coverity 303441, 303442, 303486, 286660 --- client/src/cmdhfmfdes.c | 2 +- client/src/cmdlfem4x05.c | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 8a16be64e..3ecb516ef 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -4476,7 +4476,7 @@ static int CmdHF14aDesChk(const char *Cmd) { PrintAndLogEx(INFO, "Loaded " _YELLOW_("%"PRIu32) " k3kdes keys", k3kkeyListLen); } - if (!verbose) + if (verbose == false) PrintAndLogEx(INFO, "Search keys:"); bool result = false; diff --git a/client/src/cmdlfem4x05.c b/client/src/cmdlfem4x05.c index 134cbaa9f..e1f8e10ad 100644 --- a/client/src/cmdlfem4x05.c +++ b/client/src/cmdlfem4x05.c @@ -1932,10 +1932,12 @@ int CmdEM4x05Sniff(const char *Cmd) { sampleData = !arg_get_lit(ctx, 1); fwd = arg_get_lit(ctx, 2); + CLIParserFree(ctx); + // setup and sample data from Proxmark // if not directed to existing sample/graphbuffer if (sampleData) { - if (!IfPm3Lf()) { + if (IfPm3Lf() == false) { PrintAndLogEx(WARNING, "Only offline mode is available"); return PM3_EINVARG; } @@ -1993,7 +1995,7 @@ int CmdEM4x05Sniff(const char *Cmd) { ((strncmp(bits, "01001", 5) == 0) && (bitidx == 12)) || ((strncmp(bits, "01100", 5) == 0) && (bitidx == 50)) || ((strncmp(bits, "01010", 5) == 0) && (bitidx == 50))) { - memcpy(bits, &bits[1], bitidx - 1); + memmove(bits, &bits[1], bitidx - 1); bitidx--; printf("Trim leading 0\n"); } @@ -2066,9 +2068,9 @@ int CmdEM4x05Sniff(const char *Cmd) { // Print results if (haveData) { //&& (minWidth > 1) && (maxWidth > minWidth)){ if (pwd) - PrintAndLogEx(SUCCESS, "%6llu | %-10s | "_YELLOW_("%8s")" | "_YELLOW_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits); + PrintAndLogEx(SUCCESS, "%6zu | %-10s | "_YELLOW_("%8s")" | "_YELLOW_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits); else - PrintAndLogEx(SUCCESS, "%6llu | %-10s | "_GREEN_("%8s")" | "_GREEN_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits); + PrintAndLogEx(SUCCESS, "%6zu | %-10s | "_GREEN_("%8s")" | "_GREEN_("%3s")" | %s", pktOffset, cmdText, dataText, blkAddr, bits); } } From 786accc48727677f44b62a4bbb999933a6c78c1d Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 2 Nov 2020 17:59:30 +0100 Subject: [PATCH 16/53] fix coverity 286660 --- client/src/cmdhfmfdes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 3ecb516ef..a44a99749 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -4526,7 +4526,7 @@ static int CmdHF14aDesChk(const char *Cmd) { continue; } - if (dict_filenamelen && endFilePosition) { + if (dict_filenamelen) { if (verbose == false) PrintAndLogEx(NORMAL, "d" NOLF); From 0e5640a63104b558788a1d7a693d958eb971d25a Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 2 Nov 2020 18:28:15 +0100 Subject: [PATCH 17/53] fix coverity 303814 --- client/src/cmdhficlass.c | 1 + 1 file changed, 1 insertion(+) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 13d7139f0..ba4fe4f24 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -873,6 +873,7 @@ static int CmdHFiClassELoad(const char *Cmd) { if (strlen(filename) == 0) { PrintAndLogEx(ERR, "Error: Please specify a filename"); + CLIParserFree(ctx); return PM3_EINVARG; } From cd20b208d0317ae25ecc864c321f0488301ac4c8 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 2 Nov 2020 19:07:03 +0100 Subject: [PATCH 18/53] bigbuf calloc ftc where the memory is set to zero before --- armsrc/BigBuf.c | 10 ++++++++++ armsrc/BigBuf.h | 3 +-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/armsrc/BigBuf.c b/armsrc/BigBuf.c index c7c370047..80104156d 100644 --- a/armsrc/BigBuf.c +++ b/armsrc/BigBuf.c @@ -129,6 +129,16 @@ uint8_t *BigBuf_malloc(uint16_t chunksize) { return (uint8_t *)BigBuf + s_bigbuf_hi; } +// allocate a chunk of memory from BigBuf, and returns a pointer to it. +// sets the memory to zero +uint8_t *BigBuf_calloc(uint16_t chunksize) { + uint8_t *mem = BigBuf_malloc(chunksize); + if (mem != NULL) { + memset(mem, 0x00, chunksize); + } + return mem; +} + // free ALL allocated chunks. The whole BigBuf is available for traces or samples again. void BigBuf_free(void) { s_bigbuf_hi = s_bigbuf_size; diff --git a/armsrc/BigBuf.h b/armsrc/BigBuf.h index bf6600e1e..ff444f3c8 100644 --- a/armsrc/BigBuf.h +++ b/armsrc/BigBuf.h @@ -34,6 +34,7 @@ void BigBuf_Clear_ext(bool verbose); void BigBuf_Clear_keep_EM(void); void BigBuf_Clear_EM(void); uint8_t *BigBuf_malloc(uint16_t); +uint8_t *BigBuf_calloc(uint16_t); void BigBuf_free(void); void BigBuf_free_keep_EM(void); void BigBuf_print_status(void); @@ -46,10 +47,8 @@ bool get_tracing(void); bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); bool LogTrace_ISO15693(const uint8_t *bytes, uint16_t len, uint32_t ts_start, uint32_t ts_end, uint8_t *parity, bool reader2tag); - uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length); - typedef struct { int max; int bit; From c03daf233ce50858be28f007a5e0a3d1be2ff3dc Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Tue, 3 Nov 2020 01:57:12 +0100 Subject: [PATCH 19/53] Add support for 10b UID in hf 14a sim --- CHANGELOG.md | 3 +- armsrc/Standalone/hf_tcprst.c | 13 ++-- armsrc/iso14443a.c | 129 ++++++++++++++++++++++------------ client/src/cmdhf14a.c | 12 ++-- 4 files changed, 100 insertions(+), 57 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d2483b6c1..e63bead6f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ## [unreleased][unreleased] - Change many commands to cliparser (@iceman1001, @tcprst, @mwalker33,...) - ... - - Added `HF_TCPRST` standalone mode which read and emulate IKEA Rothult cards (@tcprst) + - Added support for 10b UID in `hf 14a sim` (@doegox) + - Added `HF_TCPRST` standalone mode which read and emulate IKEA Rothult cards (@tcprst) - Add Gallagher key checking/KDF on MIFARE Desfire (@NZSmartie) - Add dictionaries with common words of proper size (@will-caruana) - Add `hf mf supercard` (@iceman1001) diff --git a/armsrc/Standalone/hf_tcprst.c b/armsrc/Standalone/hf_tcprst.c index 10a19bd10..f4394a7e6 100644 --- a/armsrc/Standalone/hf_tcprst.c +++ b/armsrc/Standalone/hf_tcprst.c @@ -94,11 +94,14 @@ void RunMod(void) { #define ATQA 0 #define UIDC1 1 #define UIDC2 2 -#define SAKC1 3 -#define SAKC2 4 -#define RATS 5 -#define SIGNATURE 7 -#define PPS 8 +#define UIDC3 3 +#define SAKC1 4 +#define SAKC2 5 +#define SAKC3 6 +#define RATS 7 +#define VERSION 8 +#define SIGNATURE 9 +#define PPS 10 //ST25TA Rothult values #define SAK 0x20 diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 8cf4ee838..5fbd5b0ac 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1005,10 +1005,14 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i static uint8_t rUIDc1[5] = { 0x00 }; // For UID size 7, static uint8_t rUIDc2[5] = { 0x00 }; - // Prepare the mandatory SAK (for 4 and 7 byte UID) + // For UID size 10, + static uint8_t rUIDc3[5] = { 0x00 }; + // Prepare the mandatory SAK (for 4, 7 and 10 byte UID) static uint8_t rSAKc1[3] = { 0x00 }; - // Prepare the optional second SAK (for 7 byte UID), drop the cascade bit + // Prepare the optional second SAK (for 7 and 10 byte UID), drop the cascade bit for 7b static uint8_t rSAKc2[3] = { 0x00 }; + // Prepare the optional third SAK (for 10 byte UID), drop the cascade bit + static uint8_t rSAKc3[3] = { 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS // static uint8_t rRATS[] = { 0x04, 0x58, 0x80, 0x02, 0x00, 0x00 }; static uint8_t rRATS[] = { 0x05, 0x75, 0x80, 0x60, 0x02, 0x00, 0x00 }; @@ -1017,7 +1021,7 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i static uint8_t rVERSION[10] = { 0x00 }; // READ_SIG response for EV1/NTAG static uint8_t rSIGN[34] = { 0x00 }; - // PPS respoonse + // PPS response static uint8_t rPPS[3] = { 0xD0 }; switch (tagType) { @@ -1101,7 +1105,7 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i case 10: { // ST25TA IKEA Rothult rATQA[0] = 0x42; rATQA[1] = 0x00; - sak = 0x00; + sak = 0x20; } break; @@ -1127,11 +1131,25 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i } } - if ((flags & FLAG_7B_UID_IN_DATA) == FLAG_7B_UID_IN_DATA) { + if ((flags & FLAG_4B_UID_IN_DATA) == FLAG_4B_UID_IN_DATA) { + rUIDc1[0] = data[0]; + rUIDc1[1] = data[1]; + rUIDc1[2] = data[2]; + rUIDc1[3] = data[3]; + rUIDc1[4] = rUIDc1[0] ^ rUIDc1[1] ^ rUIDc1[2] ^ rUIDc1[3]; + + // Configure the ATQA and SAK accordingly + rATQA[0] &= 0xBF; + rSAKc1[0] = sak & 0xFB; + AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2); + + *cuid = bytes_to_num(data, 4); + } else if ((flags & FLAG_7B_UID_IN_DATA) == FLAG_7B_UID_IN_DATA) { rUIDc1[0] = 0x88; // Cascade Tag marker rUIDc1[1] = data[0]; rUIDc1[2] = data[1]; rUIDc1[3] = data[2]; + rUIDc1[4] = rUIDc1[0] ^ rUIDc1[1] ^ rUIDc1[2] ^ rUIDc1[3]; rUIDc2[0] = data[3]; rUIDc2[1] = data[4]; @@ -1140,37 +1158,49 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i rUIDc2[4] = rUIDc2[0] ^ rUIDc2[1] ^ rUIDc2[2] ^ rUIDc2[3]; // Configure the ATQA and SAK accordingly + rATQA[0] &= 0xBF; rATQA[0] |= 0x40; - sak |= 0x04; + rSAKc1[0] = 0x04; + rSAKc2[0] = sak & 0xFB; + AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2); + AddCrc14A(rSAKc2, sizeof(rSAKc2) - 2); *cuid = bytes_to_num(data + 3, 4); - } else if ((flags & FLAG_4B_UID_IN_DATA) == FLAG_4B_UID_IN_DATA) { - memcpy(rUIDc1, data, 4); + } else if ((flags & FLAG_10B_UID_IN_DATA) == FLAG_10B_UID_IN_DATA) { + rUIDc1[0] = 0x88; // Cascade Tag marker + rUIDc1[1] = data[0]; + rUIDc1[2] = data[1]; + rUIDc1[3] = data[2]; + rUIDc1[4] = rUIDc1[0] ^ rUIDc1[1] ^ rUIDc1[2] ^ rUIDc1[3]; + + rUIDc2[0] = 0x88; // Cascade Tag marker + rUIDc2[1] = data[3]; + rUIDc2[2] = data[4]; + rUIDc2[3] = data[5]; + rUIDc2[4] = rUIDc2[0] ^ rUIDc2[1] ^ rUIDc2[2] ^ rUIDc2[3]; + + rUIDc3[0] = data[6]; + rUIDc3[1] = data[7]; + rUIDc3[2] = data[8]; + rUIDc3[3] = data[9]; + rUIDc3[4] = rUIDc3[0] ^ rUIDc3[1] ^ rUIDc3[2] ^ rUIDc3[3]; + // Configure the ATQA and SAK accordingly rATQA[0] &= 0xBF; - sak &= 0xFB; - *cuid = bytes_to_num(data, 4); + rATQA[0] |= 0x80; + rSAKc1[0] = 0x04; + rSAKc2[0] = 0x04; + rSAKc3[0] = sak & 0xFB; + AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2); + AddCrc14A(rSAKc2, sizeof(rSAKc2) - 2); + AddCrc14A(rSAKc3, sizeof(rSAKc3) - 2); + + *cuid = bytes_to_num(data + 3 + 3, 4); } else { if (DBGLEVEL >= DBG_ERROR) Dbprintf("[-] ERROR: UID size not defined"); return false; } - // Calculate BCC for the first 4 bytes of the UID. - rUIDc1[4] = rUIDc1[0] ^ rUIDc1[1] ^ rUIDc1[2] ^ rUIDc1[3]; - - - if (tagType == 10) { - rSAKc1[0] = 0x04; - rSAKc2[0] = 0x20; - } else { - rSAKc1[0] = sak; - rSAKc2[0] = sak & 0xFB; - } - - // crc - AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2); - AddCrc14A(rSAKc2, sizeof(rSAKc2) - 2); - // Format byte = 0x58: FSCI=0x08 (FSC=256), TA(1) and TC(1) present, // TA(1) = 0x80: different divisors not supported, DR = 1, DS = 1 // TB(1) = not present. Defaults: FWI = 4 (FWT = 256 * 16 * 2^4 * 1/fc = 4833us), SFGI = 0 (SFG = 256 * 16 * 2^0 * 1/fc = 302us) @@ -1179,24 +1209,25 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i AddCrc14A(rPPS, sizeof(rPPS) - 2); -#define TAG_RESPONSE_COUNT 9 - static tag_response_info_t responses_init[TAG_RESPONSE_COUNT] = { + static tag_response_info_t responses_init[] = { { .response = rATQA, .response_n = sizeof(rATQA) }, // Answer to request - respond with card type { .response = rUIDc1, .response_n = sizeof(rUIDc1) }, // Anticollision cascade1 - respond with uid { .response = rUIDc2, .response_n = sizeof(rUIDc2) }, // Anticollision cascade2 - respond with 2nd half of uid if asked + { .response = rUIDc3, .response_n = sizeof(rUIDc3) }, // Anticollision cascade3 - respond with 3rd half of uid if asked { .response = rSAKc1, .response_n = sizeof(rSAKc1) }, // Acknowledge select - cascade 1 { .response = rSAKc2, .response_n = sizeof(rSAKc2) }, // Acknowledge select - cascade 2 + { .response = rSAKc3, .response_n = sizeof(rSAKc3) }, // Acknowledge select - cascade 3 { .response = rRATS, .response_n = sizeof(rRATS) }, // dummy ATS (pseudo-ATR), answer to RATS { .response = rVERSION, .response_n = sizeof(rVERSION) }, // EV1/NTAG GET_VERSION response { .response = rSIGN, .response_n = sizeof(rSIGN) }, // EV1/NTAG READ_SIG response { .response = rPPS, .response_n = sizeof(rPPS) } // PPS response }; - // "precompile" responses. There are 9 predefined responses with a total of 72 bytes data to transmit. + // "precompile" responses. There are 11 predefined responses with a total of 80 bytes data to transmit. // Coded responses need one byte per bit to transfer (data, parity, start, stop, correction) - // 72 * 8 data bits, 72 * 1 parity bits, 9 start bits, 9 stop bits, 9 correction bits -- 677 bytes buffer -#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 675 -// 576 + 72 + 9 + 9 + 9 == 675 + // 80 * 8 data bits, 80 * 1 parity bits, 11 start bits, 11 stop bits, 11 correction bits + // 80 * 8 + 80 + 11 + 11 + 11 == 753 +#define ALLOCATED_TAG_MODULATION_BUFFER_SIZE 753 uint8_t *free_buffer = BigBuf_malloc(ALLOCATED_TAG_MODULATION_BUFFER_SIZE); // modulation buffer pointer and current buffer free space size @@ -1205,7 +1236,7 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i // Prepare the responses of the anticollision phase // there will be not enough time to do this at the moment the reader sends it REQA - for (size_t i = 0; i < TAG_RESPONSE_COUNT; i++) { + for (size_t i = 0; i < ARRAYLEN(responses_init); i++) { if (prepare_allocated_tag_modulation(&responses_init[i], &free_buffer_pointer, &free_buffer_size) == false) { BigBuf_free_keep_EM(); if (DBGLEVEL >= DBG_ERROR) Dbprintf("Not enough modulation buffer size, exit after %d elements", i); @@ -1219,12 +1250,14 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i #define ATQA 0 #define UIDC1 1 #define UIDC2 2 -#define SAKC1 3 -#define SAKC2 4 -#define RATS 5 -#define VERSION 6 -#define SIGNATURE 7 -#define PPS 8 +#define UIDC3 3 +#define SAKC1 4 +#define SAKC2 5 +#define SAKC3 6 +#define RATS 7 +#define VERSION 8 +#define SIGNATURE 9 +#define PPS 10 return true; } @@ -1289,16 +1322,18 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { // To control where we are in the protocol #define ORDER_NONE 0 -#define ORDER_REQA 1 -#define ORDER_SELECT_ALL_CL1 2 -#define ORDER_SELECT_CL1 3 +//#define ORDER_REQA 1 +//#define ORDER_SELECT_ALL_CL1 2 +//#define ORDER_SELECT_CL1 3 #define ORDER_HALTED 5 #define ORDER_WUPA 6 #define ORDER_AUTH 7 -#define ORDER_SELECT_ALL_CL2 20 -#define ORDER_SELECT_CL2 30 +//#define ORDER_SELECT_ALL_CL2 20 +//#define ORDER_SELECT_CL2 25 +//#define ORDER_SELECT_ALL_CL3 30 +//#define ORDER_SELECT_CL3 35 #define ORDER_EV1_COMP_WRITE 40 -#define ORDER_RATS 70 +//#define ORDER_RATS 70 uint8_t order = ORDER_NONE; int retval = PM3_SUCCESS; @@ -1423,10 +1458,14 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { p_response = &responses[UIDC1]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2) p_response = &responses[UIDC2]; + } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 2) { // Received request for UID (cascade 3) + p_response = &responses[UIDC3]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1) p_response = &responses[SAKC1]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2) p_response = &responses[SAKC2]; + } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 9) { // Received a SELECT (cascade 3) + p_response = &responses[SAKC3]; } else if (receivedCmd[0] == ISO14443A_CMD_PPS) { p_response = &responses[PPS]; } else if (receivedCmd[0] == ISO14443A_CMD_READBLOCK && len == 4) { // Received a (plain) READ diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 7e9d45255..be6b21605 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -210,8 +210,7 @@ static int usage_hf_14a_config(void) { } static int usage_hf_14a_sim(void) { -// PrintAndLogEx(NORMAL, "\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n"); - PrintAndLogEx(NORMAL, "\n Emulating ISO/IEC 14443 type A tag with 4,7 byte UID\n"); + PrintAndLogEx(NORMAL, "\n Emulating ISO/IEC 14443 type A tag with 4,7 or 10 byte UID\n"); PrintAndLogEx(NORMAL, "Usage: hf 14a sim [h] t u [x] [e] [v]"); PrintAndLogEx(NORMAL, "Options:"); PrintAndLogEx(NORMAL, " h : This help"); @@ -225,8 +224,7 @@ static int usage_hf_14a_sim(void) { PrintAndLogEx(NORMAL, " 8 = MIFARE Classic 4k"); PrintAndLogEx(NORMAL, " 9 = FM11RF005SH Shanghai Metro"); PrintAndLogEx(NORMAL, " 10 = JCOP 31/41 Rothult"); -// PrintAndLogEx(NORMAL, " u : 4, 7 or 10 byte UID"); - PrintAndLogEx(NORMAL, " u : 4, 7 byte UID"); + PrintAndLogEx(NORMAL, " u : 4, 7 or 10 byte UID"); PrintAndLogEx(NORMAL, " x : (Optional) Performs the 'reader attack', nr/ar attack against a reader"); PrintAndLogEx(NORMAL, " e : (Optional) Fill simulator keys from found keys"); PrintAndLogEx(NORMAL, " v : (Optional) Verbose"); @@ -234,7 +232,7 @@ static int usage_hf_14a_sim(void) { PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344 x")); PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344")); PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 11223344556677")); -// PrintAndLogEx(NORMAL, " hf 14a sim t 1 u 11223445566778899AA\n"); + PrintAndLogEx(NORMAL, _YELLOW_(" hf 14a sim t 1 u 112233445566778899AA")); return PM3_SUCCESS; } static int usage_hf_14a_sniff(void) { @@ -689,7 +687,9 @@ int CmdHF14ASim(const char *Cmd) { param_gethex_ex(Cmd, cmdp + 1, uid, &uidlen); uidlen >>= 1; switch (uidlen) { - //case 10: flags |= FLAG_10B_UID_IN_DATA; break; + case 10: + flags |= FLAG_10B_UID_IN_DATA; + break; case 7: flags |= FLAG_7B_UID_IN_DATA; break; From f9452ee19aa7b9ba70933cab1e72d35e9d380087 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Tue, 3 Nov 2020 02:16:31 +0100 Subject: [PATCH 20/53] Group 14a sim response indexes in header --- armsrc/Standalone/hf_tcprst.c | 44 +++++++++++++---------------------- armsrc/iso14443a.c | 38 +++++++++++------------------- armsrc/iso14443a.h | 15 ++++++++++++ 3 files changed, 44 insertions(+), 53 deletions(-) diff --git a/armsrc/Standalone/hf_tcprst.c b/armsrc/Standalone/hf_tcprst.c index f4394a7e6..11b2b1935 100644 --- a/armsrc/Standalone/hf_tcprst.c +++ b/armsrc/Standalone/hf_tcprst.c @@ -90,18 +90,6 @@ void RunMod(void) { // Did we get the NDEF file contents from the card bool gotndef = false; -//For emulation steps -#define ATQA 0 -#define UIDC1 1 -#define UIDC2 2 -#define UIDC3 3 -#define SAKC1 4 -#define SAKC2 5 -#define SAKC3 6 -#define RATS 7 -#define VERSION 8 -#define SIGNATURE 9 -#define PPS 10 //ST25TA Rothult values #define SAK 0x20 @@ -235,23 +223,23 @@ void RunMod(void) { if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { // Received a REQUEST odd_reply = !odd_reply; if (odd_reply) - p_response = &responses[ATQA]; + p_response = &responses[RESP_INDEX_ATQA]; } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT p_response = NULL; } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP - p_response = &responses[ATQA]; + p_response = &responses[RESP_INDEX_ATQA]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1) - p_response = &responses[UIDC1]; + p_response = &responses[RESP_INDEX_UIDC1]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2) - p_response = &responses[UIDC2]; + p_response = &responses[RESP_INDEX_UIDC2]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1) - p_response = &responses[SAKC1]; + p_response = &responses[RESP_INDEX_SAKC1]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2) - p_response = &responses[SAKC2]; + p_response = &responses[RESP_INDEX_SAKC2]; } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { // Received a RATS request - p_response = &responses[RATS]; + p_response = &responses[RESP_INDEX_RATS]; } else if (receivedCmd[0] == ISO14443A_CMD_PPS) { - p_response = &responses[PPS]; + p_response = &responses[RESP_INDEX_PPS]; } else { DbpString(_YELLOW_("[ ") "Card reader command" _YELLOW_(" ]")); Dbhexdump(len, receivedCmd, false); @@ -416,23 +404,23 @@ void RunMod(void) { if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { // Received a REQUEST odd_reply = !odd_reply; if (odd_reply) - p_response = &responses[ATQA]; + p_response = &responses[RESP_INDEX_ATQA]; } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT p_response = NULL; } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP - p_response = &responses[ATQA]; + p_response = &responses[RESP_INDEX_ATQA]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1) - p_response = &responses[UIDC1]; + p_response = &responses[RESP_INDEX_UIDC1]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2) - p_response = &responses[UIDC2]; + p_response = &responses[RESP_INDEX_UIDC2]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1) - p_response = &responses[SAKC1]; + p_response = &responses[RESP_INDEX_SAKC1]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2) - p_response = &responses[SAKC2]; + p_response = &responses[RESP_INDEX_SAKC2]; } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { // Received a RATS request - p_response = &responses[RATS]; + p_response = &responses[RESP_INDEX_RATS]; } else if (receivedCmd[0] == ISO14443A_CMD_PPS) { - p_response = &responses[PPS]; + p_response = &responses[RESP_INDEX_PPS]; } else { DbpString(_YELLOW_("[ ") "Card reader command" _YELLOW_(" ]")); Dbhexdump(len, receivedCmd, false); diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 5fbd5b0ac..8d91e9742 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1246,18 +1246,6 @@ bool SimulateIso14443aInit(int tagType, int flags, uint8_t *data, tag_response_i *responses = responses_init; - // indices into responses array: -#define ATQA 0 -#define UIDC1 1 -#define UIDC2 2 -#define UIDC3 3 -#define SAKC1 4 -#define SAKC2 5 -#define SAKC3 6 -#define RATS 7 -#define VERSION 8 -#define SIGNATURE 9 -#define PPS 10 return true; } @@ -1451,23 +1439,23 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { } else if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { // Received a REQUEST, but in HALTED, skip odd_reply = !odd_reply; if (odd_reply) - p_response = &responses[ATQA]; + p_response = &responses[RESP_INDEX_ATQA]; } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP - p_response = &responses[ATQA]; + p_response = &responses[RESP_INDEX_ATQA]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1) - p_response = &responses[UIDC1]; + p_response = &responses[RESP_INDEX_UIDC1]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2) - p_response = &responses[UIDC2]; + p_response = &responses[RESP_INDEX_UIDC2]; } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 2) { // Received request for UID (cascade 3) - p_response = &responses[UIDC3]; + p_response = &responses[RESP_INDEX_UIDC3]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1) - p_response = &responses[SAKC1]; + p_response = &responses[RESP_INDEX_SAKC1]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2) - p_response = &responses[SAKC2]; + p_response = &responses[RESP_INDEX_SAKC2]; } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_3 && len == 9) { // Received a SELECT (cascade 3) - p_response = &responses[SAKC3]; + p_response = &responses[RESP_INDEX_SAKC3]; } else if (receivedCmd[0] == ISO14443A_CMD_PPS) { - p_response = &responses[PPS]; + p_response = &responses[RESP_INDEX_PPS]; } else if (receivedCmd[0] == ISO14443A_CMD_READBLOCK && len == 4) { // Received a (plain) READ uint8_t block = receivedCmd[1]; // if Ultralight or NTAG (4 byte blocks) @@ -1489,7 +1477,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { // FM11005SH. 16blocks, 4bytes / block. // block0 = 2byte Customer ID (CID), 2byte Manufacture ID (MID) // block1 = 4byte UID. - p_response = &responses[UIDC1]; + p_response = &responses[RESP_INDEX_UIDC1]; } else { // all other tags (16 byte block tags) uint8_t emdata[MAX_MIFARE_FRAME_SIZE]; emlGetMemBt(emdata, block, 16); @@ -1551,7 +1539,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { } p_response = NULL; } else if (receivedCmd[0] == MIFARE_ULEV1_READSIG && len == 4 && tagType == 7) { // Received a READ SIGNATURE -- - p_response = &responses[SIGNATURE]; + p_response = &responses[RESP_INDEX_SIGNATURE]; } else if (receivedCmd[0] == MIFARE_ULEV1_READ_CNT && len == 4 && tagType == 7) { // Received a READ COUNTER -- uint8_t index = receivedCmd[1]; if (index > 2) { @@ -1600,7 +1588,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { p_response = NULL; order = ORDER_HALTED; } else if (receivedCmd[0] == MIFARE_ULEV1_VERSION && len == 3 && (tagType == 2 || tagType == 7)) { - p_response = &responses[VERSION]; + p_response = &responses[RESP_INDEX_VERSION]; } else if ((receivedCmd[0] == MIFARE_AUTH_KEYA || receivedCmd[0] == MIFARE_AUTH_KEYB) && len == 4 && tagType != 2 && tagType != 7) { // Received an authentication request cardAUTHKEY = receivedCmd[0] - 0x60; cardAUTHSC = receivedCmd[1] / 4; // received block num @@ -1618,7 +1606,7 @@ void SimulateIso14443aTag(uint8_t tagType, uint8_t flags, uint8_t *data) { EmSend4bit(CARD_NACK_NA); p_response = NULL; } else { - p_response = &responses[RATS]; + p_response = &responses[RESP_INDEX_RATS]; } } else if (receivedCmd[0] == MIFARE_ULC_AUTH_1) { // ULC authentication, or Desfire Authentication LogTrace(receivedCmd, Uart.len, Uart.startTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.endTime * 16 - DELAY_AIR2ARM_AS_TAG, Uart.parity, true); diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index d1df5534c..200653764 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -84,6 +84,21 @@ typedef struct { uint8_t *parity; } tUart14a; +// indices into responses array: +typedef enum { + RESP_INDEX_ATQA, + RESP_INDEX_UIDC1, + RESP_INDEX_UIDC2, + RESP_INDEX_UIDC3, + RESP_INDEX_SAKC1, + RESP_INDEX_SAKC2, + RESP_INDEX_SAKC3, + RESP_INDEX_RATS, + RESP_INDEX_VERSION, + RESP_INDEX_SIGNATURE, + RESP_INDEX_PPS +} resp_index_t; + #ifndef AddCrc14A # define AddCrc14A(data, len) compute_crc(CRC_14443_A, (data), (len), (data)+(len), (data)+(len)+1) #endif From 877d9bd4551bb22f53917ddcfbfbb61cc9175662 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 3 Nov 2020 17:29:29 +0100 Subject: [PATCH 21/53] hf 14a info - ATS part got some love --- client/src/cmdhf14a.c | 122 +++++++++++++++++++++++--------------- client/src/cmdsmartcard.c | 2 +- 2 files changed, 74 insertions(+), 50 deletions(-) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index be6b21605..481de8f87 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -29,6 +29,7 @@ #include "aidsearch.h" #include "cmdhf.h" // handle HF plot #include "protocols.h" // MAGIC_GEN_1A +#include "emv/dump.h" // dump_buffer bool APDUInFramingEnable = true; @@ -1838,34 +1839,38 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } if (card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes + + PrintAndLogEx(INFO, "-------------------------- " _CYAN_("ATS") " --------------------------"); bool ta1 = 0, tb1 = 0, tc1 = 0; - int pos; if (select_status == 2) { - PrintAndLogEx(INFO, "SAK incorrectly claims that card doesn't support RATS"); + PrintAndLogEx(INFO, "--> SAK incorrectly claims that card doesn't support RATS <--"); } - PrintAndLogEx(SUCCESS, " ATS: %s", sprint_hex(card.ats, card.ats_len)); - PrintAndLogEx(SUCCESS, " - TL : length is %d bytes", card.ats[0]); + if (card.ats[0] != card.ats_len - 2) { - PrintAndLogEx(SUCCESS, "ATS may be corrupted. Length of ATS (%d bytes incl. 2 Bytes CRC) doesn't match TL", card.ats_len); + PrintAndLogEx(WARNING, "ATS may be corrupted. Length of ATS (%d bytes incl. 2 Bytes CRC) doesn't match TL", card.ats_len); } + PrintAndLogEx(SUCCESS, "ATS: " _YELLOW_("%s")"[ %02x %02x ]", sprint_hex(card.ats, card.ats_len - 2), card.ats[card.ats_len - 1], card.ats[card.ats_len] ); + PrintAndLogEx(INFO, " " _YELLOW_("%02x") "............... TL length is " _GREEN_("%d") " bytes", card.ats[0], card.ats[0]); + if (card.ats[0] > 1) { // there is a format byte (T0) ta1 = (card.ats[1] & 0x10) == 0x10; tb1 = (card.ats[1] & 0x20) == 0x20; tc1 = (card.ats[1] & 0x40) == 0x40; int16_t fsci = card.ats[1] & 0x0f; - PrintAndLogEx(SUCCESS, " - T0 : TA1 is%s present, TB1 is%s present, " + PrintAndLogEx(INFO, " " _YELLOW_("%02X") "............ T0 TA1 is%s present, TB1 is%s present, " "TC1 is%s present, FSCI is %d (FSC = %d)", - (ta1 ? "" : " NOT"), - (tb1 ? "" : " NOT"), - (tc1 ? "" : " NOT"), + card.ats[1], + (ta1 ? "" : _RED_(" NOT")), + (tb1 ? "" : _RED_(" NOT")), + (tc1 ? "" : _RED_(" NOT")), fsci, fsci < ARRAYLEN(atsFSC) ? atsFSC[fsci] : -1 ); } - pos = 2; + int pos = 2; if (ta1) { char dr[16], ds[16]; dr[0] = ds[0] = '\0'; @@ -1877,19 +1882,23 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { if (card.ats[pos] & 0x04) strcat(dr, "8, "); if (strlen(ds) != 0) ds[strlen(ds) - 2] = '\0'; if (strlen(dr) != 0) dr[strlen(dr) - 2] = '\0'; - PrintAndLogEx(SUCCESS, " - TA1 : different divisors are%s supported, " + PrintAndLogEx(INFO, " " _YELLOW_("%02X") "......... TA1 different divisors are%s supported, " "DR: [%s], DS: [%s]", - ((card.ats[pos] & 0x80) ? " NOT" : ""), + card.ats[pos], + ((card.ats[pos] & 0x80) ? _RED_(" NOT") : ""), dr, ds ); pos++; } + if (tb1) { uint32_t sfgi = card.ats[pos] & 0x0F; uint32_t fwi = card.ats[pos] >> 4; - PrintAndLogEx(SUCCESS, " - TB1 : SFGI = %d (SFGT = %s%d/fc), FWI = %d (FWT = %d/fc)", + + PrintAndLogEx(INFO, " " _YELLOW_("%02X") "...... TB1 SFGI = %d (SFGT = %s%d/fc), FWI = " _YELLOW_("%d") " (FWT = %d/fc)", + card.ats[pos], (sfgi), sfgi ? "" : "(not needed) ", sfgi ? (1 << 12) << sfgi : 0, @@ -1900,31 +1909,39 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } if (tc1) { - PrintAndLogEx(SUCCESS, " - TC1 : NAD is%s supported, CID is%s supported", - (card.ats[pos] & 0x01) ? "" : " NOT", - (card.ats[pos] & 0x02) ? "" : " NOT"); + PrintAndLogEx(INFO, " " _YELLOW_("%02X") "... TC1 NAD is%s supported, CID is%s supported", + card.ats[pos], + (card.ats[pos] & 0x01) ? "" : _RED_(" NOT"), + (card.ats[pos] & 0x02) ? "" : _RED_(" NOT") + ); pos++; } - if (card.ats[0] > pos && card.ats[0] < card.ats_len - 2) { - const char *tip = ""; + // ATS - Historial bytes and identify based on it + if (card.ats[0] > pos && card.ats[0] <= card.ats_len - 2) { + char tip[60]; + tip[0] = '\0'; if (card.ats[0] - pos >= 7) { + snprintf(tip, sizeof(tip)," "); + if ((card.sak & 0x70) == 0x40) { // and no GetVersion().. if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) { - tip = "-> MIFARE Plus X 2K/4K (SL3)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus X 2K/4K (SL3)"); + } else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) { if ((card.atqa[0] & 0x02) == 0x02) - tip = "-> MIFARE Plus S 2K (SL3)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus S 2K (SL3)"); else if ((card.atqa[0] & 0x04) == 0x04) - tip = "-> MIFARE Plus S 4K (SL3)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus S 4K (SL3)"); } else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x00\xF6\xD1", 7) == 0) { - tip = "-> MIFARE Plus SE 1K (17pF)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus SE 1K (17pF)"); + } else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x10\xF6\xD1", 7) == 0) { - tip = "-> MIFARE Plus SE 1K (70pF)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus SE 1K (70pF)"); } } else { //SAK B4,5,6 @@ -1933,37 +1950,41 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) { - tip = "-> MIFARE Plus X 2K (SL1)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus X 2K (SL1)"); } else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) { - tip = "-> MIFARE Plus S 2K (SL1)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus S 2K (SL1)"); } else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x00\xF6\xD1", 7) == 0) { - tip = "-> MIFARE Plus SE 1K (17pF)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus SE 1K (17pF)"); } else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x10\xF6\xD1", 7) == 0) { - tip = "-> MIFARE Plus SE 1K (70pF)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus SE 1K (70pF)"); } } else { if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) { - tip = "-> MIFARE Plus X 4K (SL1)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus X 4K (SL1)"); } else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) { - tip = "-> MIFARE Plus S 4K (SL1)"; + snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus S 4K (SL1)"); } } } - } - PrintAndLogEx(SUCCESS, " - HB : %s%s", sprint_hex(card.ats + pos, card.ats[0] - pos), tip); + + uint8_t calen = card.ats[0] - pos; + PrintAndLogEx(NORMAL, ""); + PrintAndLogEx(INFO, "-------------------- " _CYAN_("Historical bytes") " --------------------"); + if (card.ats[pos] == 0xC1) { - PrintAndLogEx(SUCCESS, " c1 -> Mifare or (multiple) virtual cards of various type"); - PrintAndLogEx(SUCCESS, " %02x -> Length is %d bytes", card.ats[pos + 1], card.ats[pos + 1]); + PrintAndLogEx(INFO, " %s%s", sprint_hex(card.ats + pos, calen), tip); + PrintAndLogEx(SUCCESS, " C1..................... Mifare or (multiple) virtual cards of various type"); + PrintAndLogEx(SUCCESS, " %02x.................. length is " _YELLOW_("%d") " bytes", card.ats[pos + 1], card.ats[pos + 1]); switch (card.ats[pos + 2] & 0xf0) { case 0x10: - PrintAndLogEx(SUCCESS, " 1x -> MIFARE DESFire"); + PrintAndLogEx(SUCCESS, " 1x............... MIFARE DESFire"); isMifareDESFire = true; isMifareClassic = false; isMifarePlus = false; break; case 0x20: - PrintAndLogEx(SUCCESS, " 2x -> MIFARE Plus"); + PrintAndLogEx(SUCCESS, " 2x............... MIFARE Plus"); isMifarePlus = true; isMifareDESFire = false; isMifareClassic = false; @@ -1971,51 +1992,53 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } switch (card.ats[pos + 2] & 0x0f) { case 0x00: - PrintAndLogEx(SUCCESS, " x0 -> <1 kByte"); + PrintAndLogEx(SUCCESS, " x0............... < 1 kByte"); break; case 0x01: - PrintAndLogEx(SUCCESS, " x1 -> 1 kByte"); + PrintAndLogEx(SUCCESS, " x1............... 1 kByte"); break; case 0x02: - PrintAndLogEx(SUCCESS, " x2 -> 2 kByte"); + PrintAndLogEx(SUCCESS, " x2............... 2 kByte"); break; case 0x03: - PrintAndLogEx(SUCCESS, " x3 -> 4 kByte"); + PrintAndLogEx(SUCCESS, " x3............... 4 kByte"); break; case 0x04: - PrintAndLogEx(SUCCESS, " x4 -> 8 kByte"); + PrintAndLogEx(SUCCESS, " x4............... 8 kByte"); break; } switch (card.ats[pos + 3] & 0xf0) { case 0x00: - PrintAndLogEx(SUCCESS, " 0x -> Engineering sample"); + PrintAndLogEx(SUCCESS, " 0x............ Engineering sample"); break; case 0x20: - PrintAndLogEx(SUCCESS, " 2x -> Released"); + PrintAndLogEx(SUCCESS, " 2x............ Released"); break; } switch (card.ats[pos + 3] & 0x0f) { case 0x00: - PrintAndLogEx(SUCCESS, " x0 -> Generation 1"); + PrintAndLogEx(SUCCESS, " x0............ Generation 1"); break; case 0x01: - PrintAndLogEx(SUCCESS, " x1 -> Generation 2"); + PrintAndLogEx(SUCCESS, " x1............ Generation 2"); break; case 0x02: - PrintAndLogEx(SUCCESS, " x2 -> Generation 3"); + PrintAndLogEx(SUCCESS, " x2............ Generation 3"); break; } switch (card.ats[pos + 4] & 0x0f) { case 0x00: - PrintAndLogEx(SUCCESS, " x0 -> Only VCSL supported"); + PrintAndLogEx(SUCCESS, " x0......... Only VCSL supported"); break; case 0x01: - PrintAndLogEx(SUCCESS, " x1 -> VCS, VCSL, and SVC supported"); + PrintAndLogEx(SUCCESS, " x1......... VCS, VCSL, and SVC supported"); break; case 0x0E: - PrintAndLogEx(SUCCESS, " xE -> no VCS command supported"); + PrintAndLogEx(SUCCESS, " xE......... no VCS command supported"); break; } + } else { + dump_buffer(&card.ats[pos], calen, NULL, 1); } } @@ -2087,7 +2110,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } else { PrintAndLogEx(INFO, "proprietary non iso14443-4 card found, RATS not supported"); if ((card.sak & 0x20) == 0x20) { - PrintAndLogEx(INFO, "SAK incorrectly claims that card supports RATS"); + PrintAndLogEx(INFO, "--> SAK incorrectly claims that card supports RATS <--"); } } @@ -2134,6 +2157,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { if (isST) PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`hf st info`")); + PrintAndLogEx(NORMAL, ""); DropField(); return select_status; } diff --git a/client/src/cmdsmartcard.c b/client/src/cmdsmartcard.c index 90bbed6e6..ae9d018d4 100644 --- a/client/src/cmdsmartcard.c +++ b/client/src/cmdsmartcard.c @@ -312,7 +312,7 @@ static void PrintATR(uint8_t *atr, size_t atrlen) { PrintAndLogEx(WARNING, "Invalid ATR length. len: %zu, T1len: %d, TD1len: %d, TDilen: %d, K: %d", atrlen, T1len, TD1len, TDilen, K); if (K > 0) - PrintAndLogEx(INFO, "Historical bytes | len 0x%02d | format %02x", K, atr[2 + T1len + TD1len + TDilen]); + PrintAndLogEx(INFO, "Historical bytes | len %02d | format %02x", K, atr[2 + T1len + TD1len + TDilen]); if (K > 1) { PrintAndLogEx(INFO, "\tHistorical bytes"); From 59a68dc4ecf5489986fea2d1978fbe5399b63481 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 3 Nov 2020 20:47:47 +0100 Subject: [PATCH 22/53] added 32bit, 37bit formats from cardinfo --- client/src/wiegand_formats.c | 136 ++++++++++++++++++++++++++++++++--- 1 file changed, 126 insertions(+), 10 deletions(-) diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index cd02370c0..a447b6472 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -189,6 +189,31 @@ static bool Unpack_Kastle(wiegand_message_t *packed, wiegand_card_t *card) { return true; } +static bool Pack_Kantech(wiegand_card_t *card, wiegand_message_t *packed) { + memset(packed, 0, sizeof(wiegand_message_t)); + + if (card->FacilityCode > 0xFF) return false; // Can't encode FC. + if (card->CardNumber > 0xFFFF) return false; // Can't encode CN. + if (card->IssueLevel > 0) return false; // Not used in this format + if (card->OEM > 0) return false; // Not used in this format + + packed->Length = 32; + set_linear_field(packed, card->FacilityCode, 7, 8); + set_linear_field(packed, card->CardNumber, 15, 16); + return add_HID_header(packed); +} + +static bool Unpack_Kantech(wiegand_message_t *packed, wiegand_card_t *card) { + memset(card, 0, sizeof(wiegand_card_t)); + + if (packed->Length != 32) return false; // Wrong length? Stop here. + card->FacilityCode = get_linear_field(packed, 7, 8); + card->CardNumber = get_linear_field(packed, 15, 16); + return true; +} + + + static bool Pack_D10202(wiegand_card_t *card, wiegand_message_t *packed) { memset(packed, 0, sizeof(wiegand_message_t)); @@ -489,11 +514,12 @@ static bool Pack_H10304(wiegand_card_t *card, wiegand_message_t *packed) { if (card->OEM > 0) return false; // Not used in this format packed->Length = 37; // Set number of bits - packed->Bot |= (card->CardNumber & 0x0007FFFF) << 1; - packed->Bot |= (card->FacilityCode & 0x00000FFF) << 20; - packed->Mid |= (card->FacilityCode & 0x0000F000) >> 12; - packed->Mid |= (evenparity32((packed->Mid & 0x0000000F) ^ (packed->Bot & 0xFFFC0000)) & 1) << 4; - packed->Bot |= (oddparity32(packed->Bot & 0x0007FFFE) & 1); + + set_linear_field(packed, card->FacilityCode, 1, 16); + set_linear_field(packed, card->CardNumber, 17, 19); + + set_bit_by_position(packed, evenparity32(get_linear_field(packed, 1, 18)), 0); + set_bit_by_position(packed, oddparity32(get_linear_field(packed, 18, 18)), 36); return add_HID_header(packed); } @@ -502,11 +528,97 @@ static bool Unpack_H10304(wiegand_message_t *packed, wiegand_card_t *card) { if (packed->Length != 37) return false; // Wrong length? Stop here. - card->CardNumber = (packed->Bot >> 1) & 0x0007FFFF; - card->FacilityCode = ((packed->Mid & 0xF) << 12) | ((packed->Bot >> 20)); + card->FacilityCode = get_linear_field(packed, 1, 16); + card->CardNumber = get_linear_field(packed, 17, 19); card->ParityValid = - (evenparity32((packed->Mid & 0x0000000F) ^ (packed->Bot & 0xFFFC0000)) == ((packed->Mid >> 4) & 1)) && - (oddparity32(packed->Bot & 0x0007FFFE) == (packed->Bot & 1)); + (get_bit_by_position(packed, 0) == evenparity32(get_linear_field(packed, 1, 18))) && + (get_bit_by_position(packed, 36) == oddparity32(get_linear_field(packed, 18, 18))); + return true; +} + +static bool Pack_HGeneric37(wiegand_card_t *card, wiegand_message_t *packed) { + memset(packed, 0, sizeof(wiegand_message_t)); + + if (card->FacilityCode > 0) return false; // Not used in this format + if (card->CardNumber > 0x0007FFFF) return false; // Can't encode CN. + if (card->IssueLevel > 0) return false; // Not used in this format + if (card->OEM > 0) return false; // Not used in this format + + packed->Length = 37; // Set number of bits + + set_linear_field(packed, card->CardNumber, 4, 32); + + set_bit_by_position(packed, 1, 36); // Always 1 + + // even1 + set_bit_by_position(packed, + evenparity32( + get_nonlinear_field(packed, 8, (uint8_t[]) {4, 8, 12, 16, 20, 24, 28, 32}) + ) + , 0 + ); + // odd1 + set_bit_by_position(packed, + oddparity32( + get_nonlinear_field(packed, 8, (uint8_t[]) {6, 10, 14, 18, 22, 26, 30, 34}) + ) + , 2 + ); + // even2 + set_bit_by_position(packed, + evenparity32( + get_nonlinear_field(packed, 8, (uint8_t[]) {7, 11, 15, 19, 23, 27, 31, 35}) + ) + , 3 + ); + return add_HID_header(packed); +} + +static bool Unpack_HGeneric37(wiegand_message_t *packed, wiegand_card_t *card) { + memset(card, 0, sizeof(wiegand_card_t)); + + if (packed->Length != 37) return false; // Wrong length? Stop here. + if (get_bit_by_position(packed, 36) != 1) return false; // Always 1 in this format + + card->CardNumber = get_linear_field(packed, 4, 32); + card->ParityValid = + (get_bit_by_position(packed, 0) == evenparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {4, 8, 12, 16, 20, 24, 28, 32}))) && + (get_bit_by_position(packed, 2) == oddparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {6, 10, 14, 18, 22, 28, 30, 34}))) && + (get_bit_by_position(packed, 3) == evenparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {7, 11, 15, 19, 23, 27, 31, 35}))) + ; + return true; +} + +static bool Pack_MDI37(wiegand_card_t *card, wiegand_message_t *packed) { + memset(packed, 0, sizeof(wiegand_message_t)); + + if (card->FacilityCode > 0x0000F) return false; // Can't encode FC. + if (card->CardNumber > 0x1FFFFFFF) return false; // Can't encode CN. + if (card->IssueLevel > 0) return false; // Not used in this format + if (card->OEM > 0) return false; // Not used in this format + + packed->Length = 37; // Set number of bits + + set_linear_field(packed, card->FacilityCode, 3, 4); + set_linear_field(packed, card->CardNumber, 7, 29); + + set_bit_by_position(packed, evenparity32(get_linear_field(packed, 1, 18)), 0); + set_bit_by_position(packed, oddparity32(get_linear_field(packed, 18, 18)), 36); + return add_HID_header(packed); +} + +static bool Unpack_MDI37(wiegand_message_t *packed, wiegand_card_t *card) { + memset(card, 0, sizeof(wiegand_card_t)); + + if (packed->Length != 37) return false; // Wrong length? Stop here. + + card->FacilityCode = get_linear_field(packed, 3, 4);; + card->CardNumber = get_linear_field(packed, 7, 29); + + card->ParityValid = + (get_bit_by_position(packed, 0) == evenparity32(get_linear_field(packed, 1, 18))) && + (get_bit_by_position(packed, 36) == oddparity32(get_linear_field(packed, 18, 18))) + ; return true; } @@ -705,6 +817,8 @@ static const cardformat_t FormatTable[] = { {"ATSW30", Pack_ATSW30, Unpack_ATSW30, "ATS Wiegand 30-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"ADT31", Pack_ADT31, Unpack_ADT31, "HID ADT 31-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au {"Kastle", Pack_Kastle, Unpack_Kastle, "Kastle 32-bit", {1, 1, 1, 0, 1}}, // from @xilni; PR #23 on RfidResearchGroup/proxmark3 + {"Kantech", Pack_Kantech, Unpack_Kantech, "Indala/Kantech KFS 32-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au + {"D10202", Pack_D10202, Unpack_D10202, "HID D10202 33-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"H10306", Pack_H10306, Unpack_H10306, "HID H10306 34-bit", {1, 1, 0, 0, 1}}, // imported from old pack/unpack {"N10002", Pack_N10002, Unpack_N10002, "HID N10002 34-bit", {1, 1, 0, 0, 0}}, // from cardinfo.barkweb.com.au @@ -717,7 +831,9 @@ static const cardformat_t FormatTable[] = { {"Sie36", Pack_Sie36, Unpack_Sie36, "HID 36-bit Siemens", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"H10320", Pack_H10320, Unpack_H10320, "HID H10320 36-bit BCD", {1, 0, 0, 0, 1}}, // from Proxmark forums {"H10302", Pack_H10302, Unpack_H10302, "HID H10302 37-bit huge ID", {1, 0, 0, 0, 1}}, // from Proxmark forums - {"H10304", Pack_H10304, Unpack_H10304, "HID H10304 37-bit", {1, 1, 0, 0, 1}}, // imported from old pack/unpack + {"H10304", Pack_H10304, Unpack_H10304, "HID H10304 37-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au + {"HGeneric37", Pack_HGeneric37, Unpack_HGeneric37, "HID Generic 37-bit", {1, 0, 0, 0, 1}}, // from cardinfo.barkweb.com.au + {"MDI37", Pack_MDI37, Unpack_MDI37, "PointGuard MDI 37-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"P10001", Pack_P10001, Unpack_P10001, "HID P10001 Honeywell 40-bit", {1, 1, 0, 1, 0}}, // from cardinfo.barkweb.com.au {"Casi40", Pack_CasiRusco40, Unpack_CasiRusco40, "Casi-Rusco 40-bit", {1, 0, 0, 0, 0}}, // from cardinfo.barkweb.com.au {"C1k48s", Pack_C1k48s, Unpack_C1k48s, "HID Corporate 1000 48-bit standard layout", {1, 1, 0, 0, 1}}, // imported from old pack/unpack From 5f9abb0263ef4f3b4eb4ac920d27d7b9c06436f0 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 4 Nov 2020 08:24:17 +0100 Subject: [PATCH 23/53] fix #1048 - add LTO dump type 0002 --- client/src/cmdhflto.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/client/src/cmdhflto.c b/client/src/cmdhflto.c index c452cc0a5..ab79423a4 100644 --- a/client/src/cmdhflto.c +++ b/client/src/cmdhflto.c @@ -198,10 +198,12 @@ static const char *lto_print_size(uint8_t ti) { switch (ti) { case 1: return "101 blocks / 3232 bytes"; + case 2: + return "95 blocks / 3040 bytes"; case 3: return "255 blocks / 8160 bytes"; default : - return ""; + return "unknown"; } } @@ -222,6 +224,9 @@ int infoLTO(bool verbose) { PrintAndLogEx(SUCCESS, "UID......... " _YELLOW_("%s"), sprint_hex_inrow(serial_number, sizeof(serial_number))); PrintAndLogEx(SUCCESS, "Type info... " _YELLOW_("%s"), sprint_hex_inrow(type_info, sizeof(type_info))); PrintAndLogEx(SUCCESS, "Memory...... " _YELLOW_("%s"), lto_print_size(type_info[1])); + if (type_info[1] > 3) { + PrintAndLogEx(INFO, "Unknown LTO tag, report to @iceman!"); + } } return ret_val; @@ -464,10 +469,13 @@ int dumpLTO(uint8_t *dump, bool verbose) { return ret_val; } // 0003 == 255 blocks x 32 = 8160 bytes + // 0002 == 95 blocks x 32 = 3040 bytes // 0001 == 101 blocks x 32 = 3232 bytes uint8_t blocks = 0xFF; if (type_info[1] == 0x01) { blocks = 0x65; + } else if (type_info[1] == 0x02) { + blocks = 0x5F; } PrintAndLogEx(SUCCESS, "Found LTO tag w " _YELLOW_("%s") " memory", lto_print_size(type_info[1])); From d8b2f962e571bc256ab43a5fb5a4934cb0b3d04c Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 4 Nov 2020 08:24:44 +0100 Subject: [PATCH 24/53] text --- client/src/wiegand_formats.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index a447b6472..2e629cbb9 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -212,8 +212,6 @@ static bool Unpack_Kantech(wiegand_message_t *packed, wiegand_card_t *card) { return true; } - - static bool Pack_D10202(wiegand_card_t *card, wiegand_message_t *packed) { memset(packed, 0, sizeof(wiegand_message_t)); From 0a0155fea7f88ebf16791414b59486bf0ca7a651 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 4 Nov 2020 19:19:38 +0100 Subject: [PATCH 25/53] refactore printDemodbuff fct. --- client/src/cmddata.c | 129 ++++++++++++++++++++------------------ client/src/cmddata.h | 3 +- client/src/cmdlfawid.c | 6 +- client/src/cmdlfem4x.c | 5 +- client/src/cmdlfhid.c | 6 +- client/src/cmdlfindala.c | 2 +- client/src/cmdlfio.c | 3 +- client/src/cmdlfparadox.c | 5 +- client/src/cmdlfpyramid.c | 5 +- 9 files changed, 90 insertions(+), 74 deletions(-) diff --git a/client/src/cmddata.c b/client/src/cmddata.c index 40a8ea5a3..9724f6dd9 100644 --- a/client/src/cmddata.c +++ b/client/src/cmddata.c @@ -398,19 +398,64 @@ static int CmdSetDebugMode(const char *Cmd) { //by marshmellow // max output to 512 bits if we have more // doesn't take inconsideration where the demod offset or bitlen found. -void printDemodBuff(void) { - int len = DemodBufferLen; - if (len < 1) { - PrintAndLogEx(INFO, "(printDemodBuff) no bits found in demod buffer"); - return; +int printDemodBuff(uint8_t offset, bool strip_leading, bool invert, bool print_hex) { + size_t len = DemodBufferLen; + if (len == 0) { + PrintAndLogEx(WARNING, "Demodbuffer is empty"); + return PM3_EINVARG; } - if (len > 512) len = 512; - PrintAndLogEx(NORMAL, "%s", sprint_bin_break(DemodBuffer, len, 32)); + uint8_t *buf = NULL; + + if (strip_leading) { + buf = (DemodBuffer + offset); + + if (len > (DemodBufferLen - offset)) + len = (DemodBufferLen - offset); + + size_t i; + for (i = 0; i < len; i++) { + if (buf[i] == 1) break; + } + offset += i; + } + + if (len > (DemodBufferLen - offset)) { + len = (DemodBufferLen - offset); + } + + if (len > 512) { + len = 512; + } + + if (invert) { + buf = (DemodBuffer + offset); + for (size_t i = 0; i < len; i++) { + if (buf[i] == 1) + buf[i] = 0; + else { + if (buf[i] == 0) + buf[i] = 1; + } + } + } + + if (print_hex) { + buf = (DemodBuffer + offset); + char hex[512] = {0x00}; + int num_bits = binarraytohex(hex, sizeof(hex), (char*)buf, len); + if (num_bits == 0) { + return PM3_ESOFT; + } + PrintAndLogEx(SUCCESS, "DemodBuffer: %s", hex); + } else { + PrintAndLogEx(SUCCESS, "DemodBuffer:\n%s", sprint_bin_break(DemodBuffer + offset, len, 32)); + } + return PM3_SUCCESS; } int CmdPrintDemodBuff(const char *Cmd) { - bool hexMode = false; + bool print_hex = false; bool errors = false; bool lstrip = false; bool invert = false; @@ -422,7 +467,7 @@ int CmdPrintDemodBuff(const char *Cmd) { case 'h': return usage_data_printdemodbuf(); case 'x': - hexMode = true; + print_hex = true; cmdp++; break; case 'o': @@ -452,45 +497,7 @@ int CmdPrintDemodBuff(const char *Cmd) { //Validations if (errors) return usage_data_printdemodbuf(); - if (DemodBufferLen == 0) { - PrintAndLogEx(WARNING, "Demodbuffer is empty"); - return PM3_ESOFT; - } - if (lstrip) { - char *buf = (char *)(DemodBuffer + offset); - length = (length > (DemodBufferLen - offset)) ? DemodBufferLen - offset : length; - uint32_t i; - for (i = 0; i < length; i++) { - if (buf[i] == 1) break; - } - offset += i; - } - length = (length > (DemodBufferLen - offset)) ? DemodBufferLen - offset : length; - - if (invert) { - char *buf = (char *)(DemodBuffer + offset); - for (uint32_t i = 0; i < length; i++) { - if (buf[i] == 1) - buf[i] = 0; - else { - if (buf[i] == 0) - buf[i] = 1; - } - } - } - - if (hexMode) { - char *buf = (char *)(DemodBuffer + offset); - char hex[512] = {0x00}; - int numBits = binarraytohex(hex, sizeof(hex), buf, length); - if (numBits == 0) { - return PM3_ESOFT; - } - PrintAndLogEx(SUCCESS, "DemodBuffer: %s", hex); - } else { - PrintAndLogEx(SUCCESS, "DemodBuffer:\n%s", sprint_bin_break(DemodBuffer + offset, length, 32)); - } - return PM3_SUCCESS; + return printDemodBuff(offset, lstrip, invert, print_hex); } //by marshmellow @@ -596,7 +603,7 @@ int ASKDemod_ext(int clk, int invert, int maxErr, size_t maxLen, bool amplify, b else PrintAndLogEx(DEBUG, "ASK/Raw - Clock: %d - Decoded bitstream:", clk); - printDemodBuff(); + printDemodBuff(0, false, false, false); } uint64_t lo = 0; uint32_t hi = 0; @@ -792,7 +799,7 @@ int ASKbiphaseDemod(int offset, int clk, int invert, int maxErr, bool verbose) { setClockGrid(clk, startIdx + clk * offset / 2); if (g_debugMode || verbose) { PrintAndLogEx(DEBUG, "Biphase Decoded using offset %d | clock %d | #errors %d | start index %d\ndata\n", offset, clk, errCnt, (startIdx + clk * offset / 2)); - printDemodBuff(); + printDemodBuff(offset, false, false, false); } return PM3_SUCCESS; } @@ -1204,7 +1211,7 @@ int FSKrawDemod(uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow, bo if (verbose || g_debugMode) { PrintAndLogEx(DEBUG, "DEBUG: (FSKrawDemod) Using Clock:%u, invert:%u, fchigh:%u, fclow:%u", rfLen, invert, fchigh, fclow); PrintAndLogEx(NORMAL, "%s decoded bitstream:", GetFSKType(fchigh, fclow, invert)); - printDemodBuff(); + printDemodBuff(0, false, invert, false); } goto out; } else { @@ -1327,7 +1334,7 @@ int NRZrawDemod(int clk, int invert, int maxErr, bool verbose) { if (verbose || g_debugMode) { PrintAndLogEx(NORMAL, "NRZ demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits - printDemodBuff(); + printDemodBuff(0, false, invert, false); } free(bits); @@ -1352,14 +1359,14 @@ static int CmdNRZrawDemod(const char *Cmd) { } // by marshmellow -// takes 3 arguments - clock, invert, maxErr as integers +// takes 3 arguments - clock, invert, max_err as integers // attempts to demodulate psk only // prints binary found and saves in demodbuffer for further commands int CmdPSK1rawDemod(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); if (strlen(Cmd) > 16 || cmdp == 'h') return usage_data_rawdemod_p1(); - int clk = 0, invert = 0, maxErr = 100; - sscanf(Cmd, "%i %i %i", &clk, &invert, &maxErr); + int clk = 0, invert = 0, max_err = 100; + sscanf(Cmd, "%i %i %i", &clk, &invert, &max_err); if (clk == 1) { invert = 1; clk = 0; @@ -1368,7 +1375,7 @@ int CmdPSK1rawDemod(const char *Cmd) { PrintAndLogEx(WARNING, "Invalid value for invert: %i", invert); return PM3_EINVARG; } - int ans = PSKDemod(clk, invert, maxErr, true); + int ans = PSKDemod(clk, invert, max_err, true); //output if (ans != PM3_SUCCESS) { if (g_debugMode) PrintAndLogEx(ERR, "Error demoding: %d", ans); @@ -1376,7 +1383,7 @@ int CmdPSK1rawDemod(const char *Cmd) { } PrintAndLogEx(NORMAL, "PSK1 demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits - printDemodBuff(); + printDemodBuff(0, false, invert, false); return PM3_SUCCESS; } @@ -1385,8 +1392,8 @@ int CmdPSK1rawDemod(const char *Cmd) { static int CmdPSK2rawDemod(const char *Cmd) { char cmdp = tolower(param_getchar(Cmd, 0)); if (strlen(Cmd) > 16 || cmdp == 'h') return usage_data_rawdemod_p2(); - int clk = 0, invert = 0, maxErr = 100; - sscanf(Cmd, "%i %i %i", &clk, &invert, &maxErr); + int clk = 0, invert = 0, max_err = 100; + sscanf(Cmd, "%i %i %i", &clk, &invert, &max_err); if (clk == 1) { invert = 1; clk = 0; @@ -1395,7 +1402,7 @@ static int CmdPSK2rawDemod(const char *Cmd) { PrintAndLogEx(WARNING, "Invalid value for invert: %i", invert); return PM3_EINVARG; } - int ans = PSKDemod(clk, invert, maxErr, true); + int ans = PSKDemod(clk, invert, max_err, true); if (ans != PM3_SUCCESS) { if (g_debugMode) PrintAndLogEx(ERR, "Error demoding: %d", ans); return PM3_ESOFT; @@ -1403,7 +1410,7 @@ static int CmdPSK2rawDemod(const char *Cmd) { psk1TOpsk2(DemodBuffer, DemodBufferLen); PrintAndLogEx(NORMAL, "PSK2 demoded bitstream:"); // Now output the bitstream to the scrollback by line of 16 bits - printDemodBuff(); + printDemodBuff(0, false, invert, false); return PM3_SUCCESS; } diff --git a/client/src/cmddata.h b/client/src/cmddata.h index 785e88b49..6ae362933 100644 --- a/client/src/cmddata.h +++ b/client/src/cmddata.h @@ -68,7 +68,8 @@ int PSKDemod(int clk, int invert, int maxErr, bool verbose); int NRZrawDemod(int clk, int invert, int maxErr, bool verbose); // used by cmd lf pac, lf t55xx -void printDemodBuff(void); +int printDemodBuff(uint8_t offset, bool strip_leading, bool invert, bool print_hex); + void setDemodBuff(uint8_t *buff, size_t size, size_t start_idx); bool getDemodBuff(uint8_t *buff, size_t *size); void save_restoreDB(uint8_t saveOpt);// option '1' to save DemodBuffer any other to restore diff --git a/client/src/cmdlfawid.c b/client/src/cmdlfawid.c index b22d0adb0..1616c63fe 100644 --- a/client/src/cmdlfawid.c +++ b/client/src/cmdlfawid.c @@ -330,8 +330,10 @@ int demodAWID(bool verbose) { free(bits); PrintAndLogEx(DEBUG, "DEBUG: AWID idx: %d, Len: %zu Printing Demod Buffer:", idx, size); - if (g_debugMode) - printDemodBuff(); + if (g_debugMode) { + printDemodBuff(0, false, false, true); + printDemodBuff(0, false, false, false); + } return PM3_SUCCESS; } diff --git a/client/src/cmdlfem4x.c b/client/src/cmdlfem4x.c index 1956bc4d1..9c1c7e0a6 100644 --- a/client/src/cmdlfem4x.c +++ b/client/src/cmdlfem4x.c @@ -318,8 +318,9 @@ int AskEm410xDecode(bool verbose, uint32_t *hi, uint64_t *lo) { setClockGrid(g_DemodClock, g_DemodStartIdx + ((idx + 1)*g_DemodClock)); PrintAndLogEx(DEBUG, "DEBUG: Em410x idx: %zu, Len: %zu, Printing Demod Buffer:", idx, size); - if (g_debugMode) - printDemodBuff(); + if (g_debugMode) { + printDemodBuff(0, false, false, true); + } if (verbose) printEM410x(*hi, *lo); diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 05a8c7dff..c4443e688 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -140,8 +140,10 @@ int demodHID(bool verbose) { HIDTryUnpack(&packed, false); PrintAndLogEx(DEBUG, "DEBUG: HID idx: %d, Len: %zu, Printing Demod Buffer: ", idx, size); - if (g_debugMode) - printDemodBuff(); + if (g_debugMode) { + printDemodBuff(0, false, false, true); + printDemodBuff(0, false, false, false); + } return PM3_SUCCESS; } diff --git a/client/src/cmdlfindala.c b/client/src/cmdlfindala.c index a5c81114a..b9a811fd7 100644 --- a/client/src/cmdlfindala.c +++ b/client/src/cmdlfindala.c @@ -268,7 +268,7 @@ int demodIndalaEx(int clk, int invert, int maxErr, bool verbose) { if (g_debugMode) { PrintAndLogEx(DEBUG, "DEBUG: Indala - printing demodbuffer"); - printDemodBuff(); + printDemodBuff(0, false, false, false); } return PM3_SUCCESS; } diff --git a/client/src/cmdlfio.c b/client/src/cmdlfio.c index 729970246..f0f76e61d 100644 --- a/client/src/cmdlfio.c +++ b/client/src/cmdlfio.c @@ -185,7 +185,8 @@ int demodIOProx(bool verbose) { PrintAndLogEx(DEBUG, "DEBUG: Error - IO prox crc failed"); PrintAndLogEx(DEBUG, "DEBUG: IO prox idx: %d, Len: %zu, Printing demod buffer:", idx, size); - printDemodBuff(); + printDemodBuff(0, false, false, true); + printDemodBuff(0, false, false, false); } return retval; } diff --git a/client/src/cmdlfparadox.c b/client/src/cmdlfparadox.c index 8fc3751c8..1b0aae510 100644 --- a/client/src/cmdlfparadox.c +++ b/client/src/cmdlfparadox.c @@ -192,8 +192,9 @@ int demodParadox(bool verbose) { ); PrintAndLogEx(DEBUG, "DEBUG: Paradox idx: %d, len: %zu, Printing Demod Buffer:", idx, size); - if (g_debugMode) - printDemodBuff(); + if (g_debugMode) { + printDemodBuff(0, false, false, false); + } return PM3_SUCCESS; } diff --git a/client/src/cmdlfpyramid.c b/client/src/cmdlfpyramid.c index cd5cb84a2..aba305b5d 100644 --- a/client/src/cmdlfpyramid.c +++ b/client/src/cmdlfpyramid.c @@ -203,8 +203,9 @@ int demodPyramid(bool verbose) { ); PrintAndLogEx(DEBUG, "DEBUG: Pyramid: idx: %d, Len: %d, Printing Demod Buffer:", idx, 128); - if (g_debugMode) - printDemodBuff(); + if (g_debugMode) { + printDemodBuff(0, false, false, false); + } return PM3_SUCCESS; } From e149dc4ad21d714b791f6c07b711ac0190475f40 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Wed, 4 Nov 2020 19:21:44 +0100 Subject: [PATCH 26/53] lf hid demod - print hex values of demod if unpacking of wiegand failed --- client/src/cmdlfhid.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index c4443e688..5eed3a426 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -137,11 +137,12 @@ int demodHID(bool verbose) { } wiegand_message_t packed = initialize_message_object(hi2, hi, lo); - HIDTryUnpack(&packed, false); + if ( HIDTryUnpack(&packed, false) == false) { + printDemodBuff(0, false, false, true); + } PrintAndLogEx(DEBUG, "DEBUG: HID idx: %d, Len: %zu, Printing Demod Buffer: ", idx, size); if (g_debugMode) { - printDemodBuff(0, false, false, true); printDemodBuff(0, false, false, false); } From e750481d12717305a17165d36f97c888b5a31085 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 5 Nov 2020 00:59:32 +0100 Subject: [PATCH 27/53] Fix multiple issues with reported flash memory usage: - Remove unused next_free_memory=BigBuf_get_addr() - Fix size retrieval of compressed data section by chance the corrupted value was > than correct value so decompression was taking place, but was returning an error instead of the decompressed size - Fix reporting of compressed size into common_area returned value of LZ4_decompress_safe is the decompressed size while we needed to report the compressed size - Fix common_area late initialization common_area was initialized (and zeroed) after uncompress_data_section() had reported the compressed size in common_area, so compressed size was erased Compressed size is used in the computation of the used and available flash memory, which is now correct (it was wrongly telling about 6kb were free while they weren't). --- armsrc/appmain.c | 8 -------- armsrc/start.c | 15 +++++++++++---- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 51cbb2770..c870a7dba 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2299,14 +2299,6 @@ void __attribute__((noreturn)) AppMain(void) { *p = 0xdeadbeef; } - if (common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) { - /* Initialize common area */ - memset(&common_area, 0, sizeof(common_area)); - common_area.magic = COMMON_AREA_MAGIC; - common_area.version = 1; - } - common_area.flags.osimage_present = 1; - LEDsoff(); // The FPGA gets its clock from us from PCK0 output, so set that up. diff --git a/armsrc/start.c b/armsrc/start.c index e2904f6e1..70eee5063 100644 --- a/armsrc/start.c +++ b/armsrc/start.c @@ -18,14 +18,13 @@ #include "BigBuf.h" #include "string.h" -static uint8_t *next_free_memory; extern struct common_area common_area; extern char __data_src_start__, __data_start__, __data_end__, __bss_start__, __bss_end__; + static void uncompress_data_section(void) { - next_free_memory = BigBuf_get_addr(); int avail_in; - memcpy(&avail_in, &__data_start__, sizeof(int)); + memcpy(&avail_in, &__data_src_start__, sizeof(int)); int avail_out = &__data_end__ - &__data_start__; // uncompressed size. Correct. // uncompress data segment to RAM uintptr_t p = (uintptr_t)&__data_src_start__; @@ -34,13 +33,21 @@ static void uncompress_data_section(void) { if (res < 0) return; // save the size of the compressed data section - common_area.arg1 = res; + common_area.arg1 = avail_in; } void __attribute__((section(".startos"))) Vector(void); void Vector(void) { /* Stack should have been set up by the bootloader */ + if (common_area.magic != COMMON_AREA_MAGIC || common_area.version != 1) { + /* Initialize common area */ + memset(&common_area, 0, sizeof(common_area)); + common_area.magic = COMMON_AREA_MAGIC; + common_area.version = 1; + } + common_area.flags.osimage_present = 1; + uncompress_data_section(); /* Set up (that is: clear) BSS. */ From d500d1d6e9da3df5e00801089869c8f5b985d5eb Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 5 Nov 2020 01:09:29 +0100 Subject: [PATCH 28/53] flasher: textual --- client/src/flash.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/client/src/flash.c b/client/src/flash.c index 249f7d826..95fc4b7aa 100644 --- a/client/src/flash.c +++ b/client/src/flash.c @@ -122,6 +122,9 @@ static int build_segs_from_phdrs(flash_file_t *ctx, FILE *fd, Elf32_Phdr *phdrs, } if (paddr < FLASH_START || (paddr + filesz) > flash_end) { PrintAndLogEx(ERR, "Error: PHDR is not contained in Flash"); + if ((paddr + filesz) > flash_end) { + PrintAndLogEx(ERR, "Firmware probably too big for your device"); + } return PM3_EFILE; } if (vaddr >= FLASH_START && vaddr < flash_end && (flags & PF_W)) { From c549478ca58dbcbde1c1f8b5c3c6dcaafcafadae Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 5 Nov 2020 02:32:41 +0100 Subject: [PATCH 29/53] Allow to specify 256k platforms --- common_arm/Makefile.hal | 6 ++++++ recovery/Makefile | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/common_arm/Makefile.hal b/common_arm/Makefile.hal index 5b327a951..3855360b4 100644 --- a/common_arm/Makefile.hal +++ b/common_arm/Makefile.hal @@ -133,6 +133,10 @@ ifeq (,$(PLATFORM_DEFS_INFO_STANDALONE)) PLATFORM_DEFS_INFO_STANDALONE = No standalone mode selected endif +ifeq ($(PLATFORM_SIZE),) + PLATFORM_SIZE=512 +endif + PLATFORM_CHANGED=false ifneq ($(PLATFORM), $(CACHED_PLATFORM)) PLATFORM_CHANGED=true @@ -145,6 +149,7 @@ endif export PLATFORM export PLATFORM_EXTRAS export PLATFORM_EXTRAS_INFO +export PLATFORM_SIZE export PLTNAME export PLATFORM_DEFS export PLATFORM_DEFS_INFO @@ -154,6 +159,7 @@ export PLATFORM_CHANGED $(info ===================================================================) $(info Platform name: $(PLTNAME)) $(info PLATFORM: $(PLATFORM)) +$(info PLATFORM_SIZE: $(PLATFORM_SIZE)) $(info Platform extras: $(PLATFORM_EXTRAS_INFO)) $(info Included options: $(PLATFORM_DEFS_INFO)) $(info Standalone mode: $(PLATFORM_DEFS_INFO_STANDALONE)) diff --git a/recovery/Makefile b/recovery/Makefile index 2bfd1475f..1ef142eda 100644 --- a/recovery/Makefile +++ b/recovery/Makefile @@ -6,10 +6,18 @@ ifneq (,$(FWTAG)) else INSTALLFWTAG = $(notdir $(INSTALLFW)) endif +FWMAXSIZE = $(shell echo $$(($(PLATFORM_SIZE)*1024))) BINS = bootrom.bin fullimage.bin $(INSTALLFW) all: $(BINS) + @FWSIZE=$$(stat -c "%s" $(INSTALLFW));\ + if [ $$FWSIZE -gt $(FWMAXSIZE) ]; then \ + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; \ + echo "ERROR: Firmware image too large for your platform! $$FWSIZE > $(FWMAXSIZE)"; \ + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; \ + exit 1; \ + fi bootrom.bin: ../bootrom/obj/bootrom.elf $(info [=] GEN $@) From b72c8dc3d714b3141138f5e996542dd26389ad64 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 5 Nov 2020 02:33:01 +0100 Subject: [PATCH 30/53] Allow to skip parts from Makefile.platform --- common_arm/Makefile.hal | 66 +++++++++++++++++++++++++++++++++-------- 1 file changed, 53 insertions(+), 13 deletions(-) diff --git a/common_arm/Makefile.hal b/common_arm/Makefile.hal index 3855360b4..c7625b4aa 100644 --- a/common_arm/Makefile.hal +++ b/common_arm/Makefile.hal @@ -45,6 +45,23 @@ PLATFORM_EXTRAS=BTADDON Default standalone mode is $(DEFAULT_STANDALONE). To disable standalone modes, set explicitly an empty STANDALONE: STANDALONE= + +For Proxmarks with only 256k, you can define +PLATFORM_SIZE=256 +to be warned if the image is too big for your device +and you can specify which parts to skip in order to reduce the size: +SKIP_LF=1 +SKIP_HITAG=1 +SKIP_EM4x50=1 +SKIP_ISO15693=1 +SKIP_LEGICRF=1 +SKIP_ISO14443b=1 +SKIP_ISO14443a=1 +SKIP_ICLASS=1 +SKIP_FELICA=1 +SKIP_NFCBARCODE=1 +SKIP_HFSNIFF=1 +SKIP_HFPLOT=1 endef define KNOWN_DEFINITIONS @@ -79,21 +96,44 @@ ifneq (,$(PLATFORM_EXTRAS_TMP)) endif # common LF support -PLATFORM_DEFS += -DWITH_LF -PLATFORM_DEFS += -DWITH_HITAG -PLATFORM_DEFS += -DWITH_EM4x50 +ifneq ($(SKIP_LF),1) + PLATFORM_DEFS += -DWITH_LF +endif +ifneq ($(SKIP_HITAG),1) + PLATFORM_DEFS += -DWITH_HITAG +endif +ifneq ($(SKIP_EM4x50),1) + PLATFORM_DEFS += -DWITH_EM4x50 +endif # common HF support -PLATFORM_DEFS += -DWITH_ISO15693 -PLATFORM_DEFS += -DWITH_LEGICRF -PLATFORM_DEFS += -DWITH_ISO14443b -PLATFORM_DEFS += -DWITH_ISO14443a -PLATFORM_DEFS += -DWITH_ICLASS -PLATFORM_DEFS += -DWITH_FELICA -PLATFORM_DEFS += -DWITH_NFCBARCODE -PLATFORM_DEFS += -DWITH_HFSNIFF -PLATFORM_DEFS += -DWITH_HFPLOT - +ifneq ($(SKIP_ISO15693),1) + PLATFORM_DEFS += -DWITH_ISO15693 +endif +ifneq ($(SKIP_LEGICRF),1) + PLATFORM_DEFS += -DWITH_LEGICRF +endif +ifneq ($(SKIP_ISO14443b),1) + PLATFORM_DEFS += -DWITH_ISO14443b +endif +ifneq ($(SKIP_ISO14443a),1) + PLATFORM_DEFS += -DWITH_ISO14443a +endif +ifneq ($(SKIP_ICLASS),1) + PLATFORM_DEFS += -DWITH_ICLASS +endif +ifneq ($(SKIP_FELICA),1) + PLATFORM_DEFS += -DWITH_FELICA +endif +ifneq ($(SKIP_NFCBARCODE),1) + PLATFORM_DEFS += -DWITH_NFCBARCODE +endif +ifneq ($(SKIP_HFSNIFF),1) + PLATFORM_DEFS += -DWITH_HFSNIFF +endif +ifneq ($(SKIP_HFPLOT),1) + PLATFORM_DEFS += -DWITH_HFPLOT +endif # Standalone mode ifneq ($(strip $(filter $(PLATFORM_DEFS),$(STANDALONE_REQ_DEFS))),$(strip $(STANDALONE_REQ_DEFS))) From 7f6e3a7cfccea432b3f86d386a2a5c3c3f777619 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 5 Nov 2020 12:02:54 +0100 Subject: [PATCH 31/53] textual --- armsrc/iso14443a.c | 2 +- client/src/cmdlfhid.c | 3 +++ client/src/wiegand_formats.c | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 8d91e9742..0ca42c9ee 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -161,7 +161,7 @@ void printHf14aConfig(void) { ); Dbprintf(" [r] RATS override.......%i %s%s%s", hf14aconfig.forcerats, - (hf14aconfig.forcerats == 0) ? "( " _GREEN_("No") " q follow standard " : "", + (hf14aconfig.forcerats == 0) ? "( " _GREEN_("No") " ) follow standard " : "", (hf14aconfig.forcerats == 1) ? "( " _RED_("Yes") " ) always do RATS" : "", (hf14aconfig.forcerats == 2) ? "( " _RED_("Yes") " ) always skip RATS" : "" ); diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 5eed3a426..5757c7775 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -138,11 +138,14 @@ int demodHID(bool verbose) { wiegand_message_t packed = initialize_message_object(hi2, hi, lo); if ( HIDTryUnpack(&packed, false) == false) { + PrintAndLogEx(INFO, "raw: " _GREEN_("%08x%08x%08x"), hi2, hi, lo); printDemodBuff(0, false, false, true); } PrintAndLogEx(DEBUG, "DEBUG: HID idx: %d, Len: %zu, Printing Demod Buffer: ", idx, size); if (g_debugMode) { + PrintAndLogEx(DEBUG, "raw: " _GREEN_("%08x%08x%08x"), hi2, hi, lo); + printDemodBuff(0, false, false, false); } diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index 2e629cbb9..4e00bbfcd 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -945,7 +945,8 @@ bool HIDTryUnpack(wiegand_message_t *packed, bool ignore_parity) { ++i; } if (result == false && packed->Length) { - PrintAndLogEx(SUCCESS, "Unknown. Bit len %d", packed->Length); + PrintAndLogEx(SUCCESS, "(wiegand unpack) unknown bit len %d", packed->Length); + PrintAndLogEx(HINT, "Try 0xFFFF's http://cardinfo.barkweb.com.au/"); } return result; From 928a4f789e1af44d4128feef3466711dbe4bf863 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 5 Nov 2020 12:06:12 +0100 Subject: [PATCH 32/53] fiddling with mfu --- armsrc/appmain.c | 3 ++- armsrc/mifarecmd.c | 29 ++++++++++++++++++++--------- armsrc/mifarecmd.h | 2 +- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index c870a7dba..c12f49196 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -1503,9 +1503,10 @@ static void PacketReceived(PacketCommandNG *packet) { struct p { uint8_t counter; uint32_t tearoff_time; + uint8_t value[4]; } PACKED; struct p *payload = (struct p *) packet->data.asBytes; - MifareU_Counter_Tearoff(payload->counter, payload->tearoff_time); + MifareU_Counter_Tearoff(payload->counter, payload->tearoff_time, payload->value); break; } case CMD_HF_MIFARE_STATIC_NONCE: { diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 1b0e55bef..07806929e 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -450,7 +450,7 @@ void MifareWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) { // 2 = use 0x1B authentication. // datain : 4 first bytes is data to be written. // : 4/16 next bytes is authentication key. -void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) { +static void MifareUWriteBlockEx(uint8_t arg0, uint8_t arg1, uint8_t *datain, bool reply) { uint8_t blockNo = arg0; bool useKey = (arg1 == 1); //UL_C bool usePwd = (arg1 == 2); //UL_EV1/NTAG @@ -507,12 +507,17 @@ void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) { if (DBGLEVEL >= 2) DbpString("WRITE BLOCK FINISHED"); - reply_mix(CMD_ACK, 1, 0, 0, 0, 0); + if (reply) + reply_mix(CMD_ACK, 1, 0, 0, 0, 0); FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); set_tracing(false); } +void MifareUWriteBlock(uint8_t arg0, uint8_t arg1, uint8_t *datain) { + MifareUWriteBlockEx(arg0, arg1, datain, true); +} + // Arg0 : Block to write to. // Arg1 : 0 = use no authentication. // 1 = use 0x1A authentication. @@ -2720,7 +2725,8 @@ void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t tearoff_time, uint8_t *datain) { if (tearoff_time > 43000) tearoff_time = 43000; - MifareUWriteBlock(blockNo, 0, data_fullwrite); + MifareUWriteBlockEx(blockNo, 0, data_fullwrite, false); + LEDsoff(); iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN); @@ -2729,13 +2735,18 @@ void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t tearoff_time, uint8_t *datain) { // write cmd to send, include CRC // 1b write, 1b block, 4b data, 2 crc - uint8_t cmd[] = {MIFARE_ULC_WRITE, blockNo, data_testwrite[0], data_testwrite[1], data_testwrite[2], data_testwrite[3], 0, 0}; + uint8_t cmd[] = { + MIFARE_ULC_WRITE, blockNo, + data_testwrite[0], data_testwrite[1], data_testwrite[2], data_testwrite[3], + 0, 0 + }; AddCrc14A(cmd, sizeof(cmd) - 2); // anticollision / select card if (!iso14443a_select_card(NULL, NULL, NULL, true, 0, true)) { if (DBGLEVEL >= DBG_ERROR) Dbprintf("Can't select card"); OnError(1); + reply_ng(CMD_HF_MFU_OTP_TEAROFF, PM3_EFAILED, NULL, 0); return; }; // send @@ -2753,7 +2764,7 @@ void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t tearoff_time, uint8_t *datain) { // // Tear-off attack against MFU counter -void MifareU_Counter_Tearoff(uint8_t counter, uint32_t tearoff_time) { +void MifareU_Counter_Tearoff(uint8_t counter, uint32_t tearoff_time, uint8_t *datain) { if (tearoff_time > 43000) tearoff_time = 43000; @@ -2767,10 +2778,10 @@ void MifareU_Counter_Tearoff(uint8_t counter, uint32_t tearoff_time) { uint8_t cmd[] = { MIFARE_ULEV1_INCR_CNT, counter, - 0, // lsb - 0, - 0, // msb - 0, // rfu + datain[0], // lsb + datain[1], + datain[2], // msb + datain[3], // rfu 0, 0, }; diff --git a/armsrc/mifarecmd.h b/armsrc/mifarecmd.h index f83f119e2..92defcaf5 100644 --- a/armsrc/mifarecmd.h +++ b/armsrc/mifarecmd.h @@ -64,5 +64,5 @@ void Mifare_DES_Auth2(uint32_t arg0, uint8_t *datain); // Tear-off test for MFU void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t arg1, uint8_t *datain); -void MifareU_Counter_Tearoff(uint8_t counter, uint32_t tearoff_time); +void MifareU_Counter_Tearoff(uint8_t counter, uint32_t tearoff_time, uint8_t *datain); #endif From 60aed2c865617d34b71e076db2582ee10bb651b9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 5 Nov 2020 12:14:09 +0100 Subject: [PATCH 33/53] for a gentle kiwi --- armsrc/iso14443b.c | 205 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index 3445dde9b..c3701dbfe 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -717,6 +717,211 @@ void SimulateIso14443bTag(uint8_t *pupi) { switch_off(); //simulate } +/* +void Simulate_iso14443b_srx_tag(uint8_t *uid) { + + LED_A_ON(); + / SRI512 + + > initiate 06 00 ISO14443B_INITIATE + < xx crc crc + > select 0e xx ISO14443B_SELECT + < xx nn nn + + > readblock 08 blck_no ISO14443B_READ_BLK + < d0 d1 d2 d3 2byte crc + + > get uid ISO14443B_GET_UID + < 81 93 99 20 92 11 02 (8byte UID in MSB D002 199220 999381) + +#define ISO14443B_REQB 0x05 +#define ISO14443B_ATTRIB 0x1D +#define ISO14443B_HALT 0x50 +#define ISO14443B_INITIATE 0x06 +#define ISO14443B_SELECT 0x0E +#define ISO14443B_GET_UID 0x0B +#define ISO14443B_READ_BLK 0x08 +#define ISO14443B_WRITE_BLK 0x09 +#define ISO14443B_RESET 0x0C +#define ISO14443B_COMPLETION 0x0F +#define ISO14443B_AUTHENTICATE 0x0A +#define ISO14443B_PING 0xBA +#define ISO14443B_PONG 0xAB + + + static const uint8_t resp_init_srx[] = { 0x73, 0x64, 0xb1 }; + uint8_t resp_select_srx[] = { 0x73, 0x64, 0xb1 }; + + // a default uid, or user supplied + uint8_t resp_getuid_srx[10] = { + 0x81, 0x93, 0x99, 0x20, 0x92, 0x11, 0x02, 0xD0, 0x00, 0x00 + }; + + // ...UID supplied from user. Adjust ATQB response accordingly + if (memcmp("\x00\x00\x00\x00\x00\x00\x00\x00", uid, 8) != 0) { + memcpy(resp_getuid_srx, uid, 8); + AddCrc14B(resp_getuid_srx, 8); + } + + // response to HLTB and ATTRIB + static const uint8_t respOK[] = {0x00, 0x78, 0xF0}; + + // setup device. + FpgaDownloadAndGo(FPGA_BITSTREAM_HF); + + // connect Demodulated Signal to ADC: + SetAdcMuxFor(GPIO_MUXSEL_HIPKD); + + // Set up the synchronous serial port + FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SIMULATOR); + + // allocate command receive buffer + BigBuf_free(); + BigBuf_Clear_ext(false); + clear_trace(); + set_tracing(true); + + uint16_t len, cmdsReceived = 0; + int cardSTATE = SIM_NOFIELD; + int vHf = 0; // in mV + + tosend_t *ts = get_tosend(); + + uint8_t *receivedCmd = BigBuf_malloc(MAX_FRAME_SIZE); + + // prepare "ATQB" tag answer (encoded): + CodeIso14443bAsTag(respATQB, sizeof(respATQB)); + uint8_t *encodedATQB = BigBuf_malloc(ts->max); + uint16_t encodedATQBLen = ts->max; + memcpy(encodedATQB, ts->buf, ts->max); + + + // prepare "OK" tag answer (encoded): + CodeIso14443bAsTag(respOK, sizeof(respOK)); + uint8_t *encodedOK = BigBuf_malloc(ts->max); + uint16_t encodedOKLen = ts->max; + memcpy(encodedOK, ts->buf, ts->max); + + // Simulation loop + while (BUTTON_PRESS() == false) { + WDT_HIT(); + + //iceman: limit with 2000 times.. + if (data_available()) { + break; + } + + // find reader field + if (cardSTATE == SIM_NOFIELD) { + +#if defined RDV4 + vHf = (MAX_ADC_HF_VOLTAGE_RDV40 * SumAdc(ADC_CHAN_HF_RDV40, 32)) >> 15; +#else + vHf = (MAX_ADC_HF_VOLTAGE * SumAdc(ADC_CHAN_HF, 32)) >> 15; +#endif + if (vHf > MF_MINFIELDV) { + cardSTATE = SIM_IDLE; + LED_A_ON(); + } + } + if (cardSTATE == SIM_NOFIELD) continue; + + // Get reader command + if (!GetIso14443bCommandFromReader(receivedCmd, &len)) { + Dbprintf("button pressed, received %d commands", cmdsReceived); + break; + } + + // ISO14443-B protocol states: + // REQ or WUP request in ANY state + // WUP in HALTED state + if (len == 5) { + if ((receivedCmd[0] == ISO14443B_REQB && (receivedCmd[2] & 0x8) == 0x8 && cardSTATE == SIM_HALTED) || + receivedCmd[0] == ISO14443B_REQB) { + LogTrace(receivedCmd, len, 0, 0, NULL, true); + cardSTATE = SIM_SELECTING; + } + } + + / + * How should this flow go? + * REQB or WUPB + * send response ( waiting for Attrib) + * ATTRIB + * send response ( waiting for commands 7816) + * HALT + send halt response ( waiting for wupb ) + / + + switch (cardSTATE) { + //case SIM_NOFIELD: + case SIM_HALTED: + case SIM_IDLE: { + LogTrace(receivedCmd, len, 0, 0, NULL, true); + break; + } + case SIM_SELECTING: { + TransmitFor14443b_AsTag(encodedATQB, encodedATQBLen); + LogTrace(respATQB, sizeof(respATQB), 0, 0, NULL, false); + cardSTATE = SIM_WORK; + break; + } + case SIM_HALTING: { + TransmitFor14443b_AsTag(encodedOK, encodedOKLen); + LogTrace(respOK, sizeof(respOK), 0, 0, NULL, false); + cardSTATE = SIM_HALTED; + break; + } + case SIM_ACKNOWLEDGE: { + TransmitFor14443b_AsTag(encodedOK, encodedOKLen); + LogTrace(respOK, sizeof(respOK), 0, 0, NULL, false); + cardSTATE = SIM_IDLE; + break; + } + case SIM_WORK: { + if (len == 7 && receivedCmd[0] == ISO14443B_HALT) { + cardSTATE = SIM_HALTED; + } else if (len == 11 && receivedCmd[0] == ISO14443B_ATTRIB) { + cardSTATE = SIM_ACKNOWLEDGE; + } else { + // Todo: + // - SLOT MARKER + // - ISO7816 + // - emulate with a memory dump + if (DBGLEVEL >= DBG_DEBUG) + Dbprintf("new cmd from reader: len=%d, cmdsRecvd=%d", len, cmdsReceived); + + // CRC Check + if (len >= 3) { // if crc exists + + if (!check_crc(CRC_14443_B, receivedCmd, len)) { + if (DBGLEVEL >= DBG_DEBUG) { + DbpString("CRC fail"); + } + } + } else { + if (DBGLEVEL >= DBG_DEBUG) { + DbpString("CRC passed"); + } + } + cardSTATE = SIM_IDLE; + } + break; + } + default: + break; + } + + ++cmdsReceived; + } + + if (DBGLEVEL >= DBG_DEBUG) + Dbprintf("Emulator stopped. Trace length: %d ", BigBuf_get_traceLen()); + + switch_off(); //simulate +} +*/ + //============================================================================= // An ISO 14443 Type B reader. We take layer two commands, code them // appropriately, and then send them to the tag. We then listen for the From 2cc5fb383c7ca659015fbc6bf80331cfd2a8ad85 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 5 Nov 2020 12:50:51 +0100 Subject: [PATCH 34/53] reorder command table --- client/src/cmdhfmfdes.c | 57 ++++++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 12 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index a44a99749..75f4fa18f 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -4625,6 +4625,8 @@ static int CmdHF14aDesNDEF(const char *Cmd) { CLIGetHexWithReturn(ctx, 3, key, &keylen); bool keyB = arg_get_lit(ctx, 4); + CLIParserFree(ctx); + uint16_t ndefAID = 0xe103; if (aidlen == 2) ndefAID = (aid[0] << 8) + aid[1]; @@ -4694,6 +4696,33 @@ static int CmdHF14aDesNDEF(const char *Cmd) { } */ +/* +static int CmdHF14aDesMAD(const char *Cmd) { + DropField(); + + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfdes mad", + "Prints MIFARE Application directory (MAD)", + "hf mfdes mad -> shows MAD data\n" + "hf mfdes mad -v -> shows MAD parsed and raw data\n" + "hf mfdes mad -a e103 -k d3f7d3f7d3f7d3f7d3f7d3f7d3f7d3f7 -> shows MAD data with custom AID and key"); + + void *argtable[] = { + arg_param_begin, + arg_litn("v", "verbose", 0, 2, "show technical data"), + arg_str0("", "aid", "", "replace default aid for MAD"), + arg_str0("k", "key", "", "replace default key for MAD"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + + CLIParserFree(ctx); + + PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mfdes mad -v`") " for more details"); + return PM3_SUCCESS; +} +*/ + /*static int CmdTest(const char *Cmd) { (void)Cmd; // Cmd is not used so far uint8_t IV[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; @@ -4720,28 +4749,32 @@ static int CmdHF14aDesNDEF(const char *Cmd) { static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, + {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("general") " -----------------------"}, + {"auth", CmdHF14ADesAuth, IfPm3Iso14443a, "Tries a MIFARE DesFire Authentication"}, + {"changekey", CmdHF14ADesChangeKey, IfPm3Iso14443a, "Change Key"}, + {"chk", CmdHF14aDesChk, IfPm3Iso14443a, "Check keys"}, + {"enum", CmdHF14ADesEnumApplications, IfPm3Iso14443a, "Tries enumerate all applications"}, + {"formatpicc", CmdHF14ADesFormatPICC, IfPm3Iso14443a, "Format PICC"}, + {"getuid", CmdHF14ADesGetUID, IfPm3Iso14443a, "Get random uid"}, {"info", CmdHF14ADesInfo, IfPm3Iso14443a, "Tag information"}, {"list", CmdHF14ADesList, AlwaysAvailable, "List DESFire (ISO 14443A) history"}, - {"enum", CmdHF14ADesEnumApplications, IfPm3Iso14443a, "Tries enumerate all applications"}, - {"auth", CmdHF14ADesAuth, IfPm3Iso14443a, "Tries a MIFARE DesFire Authentication"}, - {"getuid", CmdHF14ADesGetUID, IfPm3Iso14443a, "Get random uid"}, - {"selectaid", CmdHF14ADesSelectApp, IfPm3Iso14443a, "Select Application ID"}, +// {"ndef", CmdHF14aDesNDEF, IfPm3Iso14443a, "Prints NDEF records from card"}, +// {"mad", CmdHF14aDesMAD, IfPm3Iso14443a, "Prints MAD records from card"}, + {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("AID") " -----------------------"}, {"createaid", CmdHF14ADesCreateApp, IfPm3Iso14443a, "Create Application ID"}, {"deleteaid", CmdHF14ADesDeleteApp, IfPm3Iso14443a, "Delete Application ID"}, + {"selectaid", CmdHF14ADesSelectApp, IfPm3Iso14443a, "Select Application ID"}, + {"-----------", CmdHelp, IfPm3Iso14443a, "----------------------- " _CYAN_("Files") " -----------------------"}, + {"changevalue", CmdHF14ADesChangeValue, IfPm3Iso14443a, "Write value of a value file (credit/debit/clear)"}, + {"clearfile", CmdHF14ADesClearRecordFile, IfPm3Iso14443a, "Clear record File"}, {"createfile", CmdHF14ADesCreateFile, IfPm3Iso14443a, "Create Standard/Backup File"}, {"createvaluefile", CmdHF14ADesCreateValueFile, IfPm3Iso14443a, "Create Value File"}, {"createrecordfile", CmdHF14ADesCreateRecordFile, IfPm3Iso14443a, "Create Linear/Cyclic Record File"}, {"deletefile", CmdHF14ADesDeleteFile, IfPm3Iso14443a, "Create Delete File"}, - {"clearfile", CmdHF14ADesClearRecordFile, IfPm3Iso14443a, "Clear record File"}, + {"dump", CmdHF14ADesDump, IfPm3Iso14443a, "Dump all files"}, + {"getvalue", CmdHF14ADesGetValueData, IfPm3Iso14443a, "Get value of file"}, {"readdata", CmdHF14ADesReadData, IfPm3Iso14443a, "Read data from standard/backup/record file"}, {"writedata", CmdHF14ADesWriteData, IfPm3Iso14443a, "Write data to standard/backup/record file"}, - {"getvalue", CmdHF14ADesGetValueData, IfPm3Iso14443a, "Get value of file"}, - {"changevalue", CmdHF14ADesChangeValue, IfPm3Iso14443a, "Write value of a value file (credit/debit/clear)"}, - {"changekey", CmdHF14ADesChangeKey, IfPm3Iso14443a, "Change Key"}, - {"formatpicc", CmdHF14ADesFormatPICC, IfPm3Iso14443a, "Format PICC"}, - {"dump", CmdHF14ADesDump, IfPm3Iso14443a, "Dump all files"}, - {"chk", CmdHF14aDesChk, IfPm3Iso14443a, "Check keys"}, -// {"ndef", CmdHF14aDesNDEF, IfPm3Iso14443a, "Prints NDEF records from card"}, {NULL, NULL, NULL, NULL} }; From b2bc2a499dfa14cf42b29b627ea61ab1efe62648 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 5 Nov 2020 19:23:20 +0100 Subject: [PATCH 35/53] doc for pm3 256k --- .../4_Advanced-compilation-parameters.md | 46 +++++++++++++++++-- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md index 403210684..a61fcaf10 100644 --- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md +++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md @@ -32,9 +32,7 @@ make SKIPBT=1 By default, the firmware is of course tuned for the Proxmark3 Rdv4.0 device, which has built-in support for 256kb onboard flash SPI memory, Sim module (smart card support), FPC connector. These features make it very different from all other devices, there is non other like this one. -**Recommendation**: if you don't have a RDV4, we strongly recommend your device to have at least a 512kb arm chip, since this repo is on the very edge of 256kb limit. - -A firmware built for the RDV4 can still run on the other platforms as it will auto-detect during boot that external SPI and Sim are not present, still it will boot faster if it's tuned to the platform, which solves USB enumeration issues on some OSes. +**Recommendation**: if you don't have a RDV4, we strongly recommend your device to have at least a 512kb arm chip, since this repo is crossing 256kb limit. There is still a way to skip parts to make it fit on a 256kb device, see below. If you need to tune things and save the configuration, create a file `Makefile.platform` in the root directory of the repository, see `Makefile.platform.sample`. For an up-to-date exhaustive list of options, you can run `make PLATFORM=`. @@ -101,6 +99,48 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo By default `STANDALONE=HF_MSDSAL`. +## 256kb versions + +If you own a Proxmark3 Easy with only 256kb, you can use a few definitions to help you getting a smaller firmware. + +First thing is of course to use the `PLATFORM=PM3OTHER`. +Adding `PLATFORM_SIZE=256` will provoke an error during compilation of the recovery image if your image is too big, so you can detect the problem before trying to flash the Proxmark3, e.g. +``` +[=] GEN proxmark3_recovery.bin +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +ERROR: Firmware image too large for your platform! 262768 > 262144 +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +``` + +You can skip the standalone support by indicating `STANDALONE=` and +a series of `SKIP_*` allow to skip some of the functionalities and to get a smaller image. + +| Definitions | Rough estimation of the saved space | +|---------------------|-------------------------------------| +|STANDALONE= | 3.6kb +|SKIP_LF=1 | 25.8kb +|SKIP_HITAG=1 | 24.2kb +|SKIP_EM4x50=1 | 2.9kb +|SKIP_ISO15693=1 | 3.2kb +|SKIP_LEGICRF=1 | 3.9kb +|SKIP_ISO14443b=1 | 3.7kb +|SKIP_ISO14443a=1 | 63.0kb +|SKIP_ICLASS=1 | 10.5kb +|SKIP_FELICA=1 | 4.0kb +|SKIP_NFCBARCODE=1 | 1.4kb +|SKIP_HFSNIFF=1 | 0.5kb +|SKIP_HFPLOT=1 | 0.3kb + +So for example, at the time of writing, this is a valid `Makefile.platform` compiling an image for 256k: +``` +PLATFORM=PM3OTHER +PLATFORM_SIZE=256 +STANDALONE= +SKIP_LEGICRF=1 +SKIP_FELICA=1 +``` +Situation might change when the firmware is growing of course, requiring to skip more elements. + ## Next step See [Compilation instructions](/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md) From 951bbb95ee6c464e4614f6392efd86c2e5d850b3 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Thu, 5 Nov 2020 19:56:03 +0100 Subject: [PATCH 36/53] adapt to new output --- tools/pm3_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/pm3_tests.sh b/tools/pm3_tests.sh index d4aa7d89a..de3a50c5e 100755 --- a/tools/pm3_tests.sh +++ b/tools/pm3_tests.sh @@ -412,7 +412,7 @@ while true; do "Motorola - fmt: 26 FC: 258 Card: 2, Raw: A0000000A0002021"; then break; fi if ! CheckExecute slow "lf T55 nedap test" "$CLIENTBIN -c 'data load -f traces/lf_ATA5577_nedap.pm3; lf search 1'" "NEDAP ID found"; then break; fi if ! CheckExecute slow "lf T55 nedap test2" "$CLIENTBIN -c 'data load -f traces/lf_ATA5577_nedap.pm3; lf nedap demod'" \ - "NEDAP - Card: 12345 subtype: 1 customer code: 123, Raw: FF 82 24 65 08 20 99 53"; then break; fi + "NEDAP - Card: 12345 subtype: 1 customer code: 123, Raw: FF82246508209953"; then break; fi if ! CheckExecute slow "lf T55 nexwatch test" "$CLIENTBIN -c 'data load -f traces/lf_ATA5577_nexwatch.pm3; lf search 1'" "NexWatch ID found"; then break; fi if ! CheckExecute slow "lf T55 nexwatch test2" "$CLIENTBIN -c 'data load -f traces/lf_ATA5577_nexwatch.pm3; lf nexwatch demod'" \ "Raw : 56000000213C9F8F150C00"; then break; fi From bae2f5f04e52844a8e3dffb86497e15889c62fff Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 5 Nov 2020 22:26:47 +0100 Subject: [PATCH 37/53] disable more code with SKIP_ISO14443* --- armsrc/epa.c | 33 ++++++++++++++++--- .../4_Advanced-compilation-parameters.md | 2 ++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/armsrc/epa.c b/armsrc/epa.c index 2a0025610..b2a1b5ec5 100644 --- a/armsrc/epa.c +++ b/armsrc/epa.c @@ -22,10 +22,12 @@ #include "commonutil.h" #include "ticks.h" +#ifdef WITH_ISO14443a // Protocol and Parameter Selection Request for ISO 14443 type A cards // use regular (1x) speed in both directions // CRC is already included static const uint8_t pps[] = {0xD0, 0x11, 0x00, 0x52, 0xA6}; +#endif // APDUs for communication with German Identification Card @@ -116,9 +118,25 @@ static char iso_type = 0; static int EPA_APDU(uint8_t *apdu, size_t length, uint8_t *response, uint16_t respmaxlen) { switch (iso_type) { case 'a': +#ifdef WITH_ISO14443a return iso14_apdu(apdu, (uint16_t) length, false, response, NULL); +#else + (void) apdu; + (void) length; + (void) response; + (void) respmaxlen; + return PM3_ENOTIMPL; +#endif case 'b': +#ifdef WITH_ISO14443b return iso14443b_apdu(apdu, length, false, response, respmaxlen, NULL); +#else + (void) apdu; + (void) length; + (void) response; + (void) respmaxlen; + return PM3_ENOTIMPL; +#endif default: return 0; } @@ -522,7 +540,10 @@ void EPA_PACE_Replay(PacketCommandNG *c) { //----------------------------------------------------------------------------- int EPA_Setup(void) { +#ifdef WITH_ISO14443a +{ // first, look for type A cards + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // power up the field iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); iso14a_card_select_t card_a_info; @@ -541,20 +562,24 @@ int EPA_Setup(void) { iso_type = 'a'; return 0; } - - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - +} +#endif +#ifdef WITH_ISO14443b +{ // if we're here, there is no type A card, so we look for type B + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); // power up the field iso14443b_setup(); iso14b_card_select_t card_b_info; - return_code = iso14443b_select_card(&card_b_info); + int return_code = iso14443b_select_card(&card_b_info); if (return_code == 0) { Dbprintf("ISO 14443 Type B"); iso_type = 'b'; return 0; } +} +#endif Dbprintf("No card found"); return 1; } diff --git a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md index a61fcaf10..7b4ae12d4 100644 --- a/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md +++ b/doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md @@ -141,6 +141,8 @@ SKIP_FELICA=1 ``` Situation might change when the firmware is growing of course, requiring to skip more elements. +Last note: if you skip a tech, be careful not to use a standalone mode which requires that same tech, else the firmware size reduction won't be much. + ## Next step See [Compilation instructions](/doc/md/Use_of_Proxmark/0_Compilation-Instructions.md) From a8b92f48a7867fb99fd460e069c99a5b259678e0 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Thu, 5 Nov 2020 23:05:52 +0100 Subject: [PATCH 38/53] reorganize few global vars & fcts --- armsrc/appmain.c | 9 +++++++++ armsrc/appmain.h | 4 ++-- armsrc/hitagS.c | 2 -- armsrc/iso14443a.c | 19 +++++-------------- armsrc/iso14443a.h | 1 - armsrc/iso14443b.c | 1 + armsrc/mifareutil.c | 2 -- 7 files changed, 17 insertions(+), 21 deletions(-) diff --git a/armsrc/appmain.c b/armsrc/appmain.c index c12f49196..69b628d7a 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -65,6 +65,9 @@ #include "spiffs.h" #endif +int DBGLEVEL = DBG_ERROR; +uint8_t g_trigger = 0; +bool g_hf_field_active = false; extern uint32_t _stack_start, _stack_end; struct common_area common_area __attribute__((section(".commonarea"))); static int button_status = BUTTON_NO_CLICK; @@ -88,6 +91,12 @@ int tearoff_hook(void) { } } +void hf_field_off(void) { + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + LEDsoff(); + g_hf_field_active = false; +} + void send_wtx(uint16_t wtx) { if (allow_send_wtx) { reply_ng(CMD_WTX, PM3_SUCCESS, (uint8_t *)&wtx, sizeof(wtx)); diff --git a/armsrc/appmain.h b/armsrc/appmain.h index 092e88d0e..1a12f2858 100644 --- a/armsrc/appmain.h +++ b/armsrc/appmain.h @@ -13,9 +13,9 @@ #include "common.h" -extern int g_rsamples; // = 0; extern uint8_t g_trigger; - +extern bool g_hf_field_active; +void hf_field_off(void); int tearoff_hook(void); // ADC Vref = 3300mV, and an (10M+1M):1M voltage divider on the HF input can measure voltages up to 36300 mV diff --git a/armsrc/hitagS.c b/armsrc/hitagS.c index 7a49d65cd..022730075 100644 --- a/armsrc/hitagS.c +++ b/armsrc/hitagS.c @@ -103,8 +103,6 @@ static bool end = false; #define HITAG_T_TAG_CAPTURE_THREE_HALF 41 #define HITAG_T_TAG_CAPTURE_FOUR_HALF 57 -#define DBGLEVEL 0 - /* * Implementation of the crc8 calculation from Hitag S * from http://www.proxmark.org/files/Documents/125%20kHz%20-%20Hitag/HitagS.V11.pdf diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index 0ca42c9ee..a70b9b953 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -28,12 +28,9 @@ #define MAX_ISO14A_TIMEOUT 524288 static uint32_t iso14a_timeout; -// if iso14443a not active - transmit/receive dont try to execute -static bool hf_field_active = false; static uint8_t colpos = 0; -int g_rsamples = 0; -uint8_t g_trigger = 0; + // the block number for the ISO14443-4 PCB static uint8_t iso14_pcb_blocknum = 0; @@ -1814,7 +1811,7 @@ static void PrepareDelayedTransfer(uint16_t delay) { //------------------------------------------------------------------------------------- static void TransmitFor14443a(const uint8_t *cmd, uint16_t len, uint32_t *timing) { - if (!hf_field_active) { + if (!g_hf_field_active) { Dbprintf("Warning: HF field is off, ignoring TransmitFor14443a command"); return; } @@ -2214,7 +2211,7 @@ bool EmLogTrace(uint8_t *reader_data, uint16_t reader_len, uint32_t reader_Start //----------------------------------------------------------------------------- bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint8_t *received_len) { - if (!hf_field_active) { + if (!g_hf_field_active) { Dbprintf("Warning: HF field is off, ignoring GetIso14443aAnswerFromTag_Thinfilm command"); return false; } @@ -2264,7 +2261,7 @@ bool GetIso14443aAnswerFromTag_Thinfilm(uint8_t *receivedResponse, uint8_t *rec static int GetIso14443aAnswerFromTag(uint8_t *receivedResponse, uint8_t *receivedResponsePar, uint16_t offset) { uint32_t c = 0; - if (!hf_field_active) + if (!g_hf_field_active) return false; // Set FPGA mode to "reader listen mode", no modulation (listen @@ -2758,13 +2755,7 @@ void iso14443a_setup(uint8_t fpga_minor_mode) { NextTransferTime = 2 * DELAY_ARM2AIR_AS_READER; iso14a_set_timeout(1060); // 106 * 10ms default - hf_field_active = true; -} - -void hf_field_off(void) { - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - LEDsoff(); - hf_field_active = false; + g_hf_field_active = true; } /* Peter Fillmore 2015 diff --git a/armsrc/iso14443a.h b/armsrc/iso14443a.h index 200653764..49317628b 100644 --- a/armsrc/iso14443a.h +++ b/armsrc/iso14443a.h @@ -144,7 +144,6 @@ int iso14_apdu(uint8_t *cmd, uint16_t cmd_len, bool send_chaining, void *data, u int iso14443a_select_card(uint8_t *uid_ptr, iso14a_card_select_t *p_card, uint32_t *cuid_ptr, bool anticollision, uint8_t num_cascades, bool no_rats); int iso14443a_fast_select_card(uint8_t *uid_ptr, uint8_t num_cascades); void iso14a_set_trigger(bool enable); -void hf_field_off(void); int EmSendCmd14443aRaw(uint8_t *resp, uint16_t respLen); int EmSend4bit(uint8_t resp); diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index c3701dbfe..9d29e4cda 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -1365,6 +1365,7 @@ static void CodeAndTransmit14443bAsReader(const uint8_t *cmd, int len, uint32_t tosend_t *ts = get_tosend(); CodeIso14443bAsReader(cmd, len); TransmitFor14443b_AsReader(start_time); + if (g_trigger) LED_A_ON(); *eof_time = *start_time + (10 * ts->max) + 10 + 2 + 10; LogTrace(cmd, len, *start_time, *eof_time, NULL, true); } diff --git a/armsrc/mifareutil.c b/armsrc/mifareutil.c index 5d8989ef8..07cf7b098 100644 --- a/armsrc/mifareutil.c +++ b/armsrc/mifareutil.c @@ -20,8 +20,6 @@ #include "protocols.h" #include "desfire_crypto.h" -int DBGLEVEL = DBG_ERROR; - // crypto1 helpers void mf_crypto1_decryptEx(struct Crypto1State *pcs, uint8_t *data_in, int len, uint8_t *data_out) { if (len != 1) { From 54527d03bf804da6a216e995976f4ceb3bb10574 Mon Sep 17 00:00:00 2001 From: Andrei Date: Sat, 7 Nov 2020 00:34:30 +0200 Subject: [PATCH 39/53] Fix capitalization for command descriptions --- client/src/cmdmain.c | 8 +- doc/commands.md | 222 +++++++++++++++++++++---------------------- 2 files changed, 115 insertions(+), 115 deletions(-) diff --git a/client/src/cmdmain.c b/client/src/cmdmain.c index f66e5016c..1cf3a6776 100644 --- a/client/src/cmdmain.c +++ b/client/src/cmdmain.c @@ -262,16 +262,16 @@ static command_t CommandTable[] = { {"hf", CmdHF, AlwaysAvailable, "{ High frequency commands... }"}, {"hw", CmdHW, AlwaysAvailable, "{ Hardware commands... }"}, {"lf", CmdLF, AlwaysAvailable, "{ Low frequency commands... }"}, - {"mem", CmdFlashMem, IfPm3Flash, "{ Flash Memory manipulation... }"}, - {"reveng", CmdRev, AlwaysAvailable, "{ CRC calculations from RevEng software }"}, + {"mem", CmdFlashMem, IfPm3Flash, "{ Flash memory manipulation... }"}, + {"reveng", CmdRev, AlwaysAvailable, "{ CRC calculations from RevEng software... }"}, {"smart", CmdSmartcard, AlwaysAvailable, "{ Smart card ISO-7816 commands... }"}, - {"script", CmdScript, AlwaysAvailable, "{ Scripting commands }"}, + {"script", CmdScript, AlwaysAvailable, "{ Scripting commands... }"}, {"trace", CmdTrace, AlwaysAvailable, "{ Trace manipulation... }"}, {"usart", CmdUsart, IfPm3FpcUsartFromUsb, "{ USART commands... }"}, {"wiegand", CmdWiegand, AlwaysAvailable, "{ Wiegand format manipulation... }"}, {"--------", CmdHelp, AlwaysAvailable, "----------------------- " _CYAN_("General") " -----------------------"}, {"auto", CmdAuto, IfPm3Present, "Automated detection process for unknown tags"}, - {"clear", CmdClear, AlwaysAvailable, "clear screen"}, + {"clear", CmdClear, AlwaysAvailable, "Clear screen"}, {"help", CmdHelp, AlwaysAvailable, "This help. Use " _YELLOW_("' help'") " for details of a particular command."}, {"hints", CmdHints, AlwaysAvailable, "Turn hints on / off"}, {"msleep", CmdMsleep, AlwaysAvailable, "Add a pause in milliseconds"}, diff --git a/doc/commands.md b/doc/commands.md index 22149f373..7782e19b1 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -11,7 +11,7 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`auto `|N |`Automated detection process for unknown tags` -|`clear `|Y |`clear screen` +|`clear `|Y |`Clear screen` |`help `|Y |`This help. Use ' help' for details of a particular command.` |`hints `|Y |`Turn hints on / off` |`msleep `|Y |`Add a pause in milliseconds` @@ -34,8 +34,8 @@ Check column "offline" for their availability. |`analyse dates `|Y |`Look for datestamps in a given array of bytes` |`analyse tea `|Y |`Crypto TEA test` |`analyse lfsr `|Y |`LFSR tests` -|`analyse a `|Y |`num bits test` -|`analyse nuid `|Y |`create NUID from 7byte UID` +|`analyse a `|Y |`Num bits test` +|`analyse nuid `|Y |`Create NUID from 7byte UID` |`analyse demodbuff `|Y |`Load binary string to demodbuffer` |`analyse freq `|Y |`Calc wave lengths` @@ -60,7 +60,7 @@ Check column "offline" for their availability. |`data undecimate `|Y |`Un-decimate samples` |`data hide `|Y |`Hide graph window` |`data hpf `|Y |`Remove DC offset from trace` -|`data iir `|Y |`apply IIR buttersworth filter on plotdata` +|`data iir `|Y |`Apply IIR buttersworth filter on plotdata` |`data grid `|Y |` -- overlay grid on graph window, use zero value to turn off either` |`data ltrim `|Y |` -- Trim samples from left of trace` |`data mtrim `|Y |` -- Trim out samples from the specified start to the specified stop` @@ -81,7 +81,7 @@ Check column "offline" for their availability. |`data hex2bin `|Y |`Converts hexadecimal to binary` |`data load `|Y |`Load contents of file into graph window` |`data ndef `|Y |`Decode NDEF records` -|`data print `|Y |`print the data in the DemodBuffer` +|`data print `|Y |`Print the data in the DemodBuffer` |`data samples `|N |`[512 - 40000] -- Get raw samples for graph window (GraphBuffer)` |`data save `|Y |`Save signal trace data (from graph window)` |`data setdebugmode `|Y |`<0|1|2> -- Set Debugging Level on client side` @@ -136,7 +136,7 @@ Check column "offline" for their availability. |`hf 14a reader `|N |`Act like an ISO14443-a reader` |`hf 14a cuids `|N |` Collect n>0 ISO14443-a UIDs in one go` |`hf 14a sim `|N |` -- Simulate ISO 14443-a tag` -|`hf 14a sniff `|N |`sniff ISO 14443-a traffic` +|`hf 14a sniff `|N |`Sniff ISO 14443-a traffic` |`hf 14a apdu `|N |`Send ISO 14443-4 APDU to tag` |`hf 14a chaining `|N |`Control ISO 14443-4 input chaining` |`hf 14a raw `|N |`Send raw hex data to tag` @@ -212,16 +212,16 @@ Check column "offline" for their availability. |`hf felica reader `|N |`Act like an ISO18092/FeliCa reader` |`hf felica sniff `|N |`Sniff ISO 18092/FeliCa traffic` |`hf felica raw `|N |`Send raw hex data to tag` -|`hf felica rdunencrypted`|N |`read Block Data from authentication-not-required Service.` -|`hf felica wrunencrypted`|N |`write Block Data to an authentication-not-required Service.` -|`hf felica rqservice `|N |`verify the existence of Area and Service, and to acquire Key Version.` -|`hf felica rqresponse `|N |`verify the existence of a card and its Mode.` -|`hf felica scsvcode `|N |`acquire Area Code and Service Code.` -|`hf felica rqsyscode `|N |`acquire System Code registered to the card.` -|`hf felica auth1 `|N |`authenticate a card. Start mutual authentication with Auth1` -|`hf felica auth2 `|N |`allow a card to authenticate a Reader/Writer. Complete mutual authentication` -|`hf felica rqspecver `|N |`acquire the version of card OS.` -|`hf felica resetmode `|N |`reset Mode to Mode 0.` +|`hf felica rdunencrypted`|N |`Read Block Data from authentication-not-required Service.` +|`hf felica wrunencrypted`|N |`Write Block Data to an authentication-not-required Service.` +|`hf felica rqservice `|N |`Verify the existence of Area and Service, and to acquire Key Version.` +|`hf felica rqresponse `|N |`Verify the existence of a card and its Mode.` +|`hf felica scsvcode `|N |`Acquire Area Code and Service Code.` +|`hf felica rqsyscode `|N |`Acquire System Code registered to the card.` +|`hf felica auth1 `|N |`Authenticate a card. Start mutual authentication with Auth1` +|`hf felica auth2 `|N |`Allow a card to authenticate a Reader/Writer. Complete mutual authentication` +|`hf felica rqspecver `|N |`Acquire the version of card OS.` +|`hf felica resetmode `|N |`Reset Mode to Mode 0.` |`hf felica litesim `|N |` - only reply to poll request` |`hf felica litedump `|N |`Wait for and try dumping FelicaLite` @@ -352,12 +352,12 @@ Check column "offline" for their availability. |`hf mf csave `|N |`Save dump from card into file or emulator` |`hf mf csetblk `|N |`Write block` |`hf mf csetuid `|N |`Set UID` -|`hf mf cview `|N |`view card` +|`hf mf cview `|N |`View card` |`hf mf cwipe `|N |`Wipe card to default UID/Sectors/Keys` |`hf mf gen3uid `|N |`Set UID without manufacturer block` |`hf mf gen3blk `|N |`Overwrite full manufacturer block` |`hf mf gen3freeze `|N |`Perma lock further UID changes` -|`hf mf ice `|N |`collect MIFARE Classic nonces to file` +|`hf mf ice `|N |`Collect MIFARE Classic nonces to file` ### hf mfp @@ -390,7 +390,7 @@ Check column "offline" for their availability. |`hf mfu info `|N |`Tag information` |`hf mfu dump `|N |`Dump Ultralight / Ultralight-C / NTAG tag to binary file` |`hf mfu restore `|N |`Restore a dump onto a MFU MAGIC tag` -|`hf mfu eload `|N |`load Ultralight .eml dump file into emulator memory` +|`hf mfu eload `|N |`Load Ultralight .eml dump file into emulator memory` |`hf mfu rdbl `|N |`Read block` |`hf mfu wrbl `|N |`Write block` |`hf mfu cauth `|N |`Authentication - Ultralight C` @@ -442,9 +442,9 @@ Check column "offline" for their availability. |`hf st help `|Y |`This help` |`hf st info `|N |`Tag information` |`hf st list `|Y |`List ISO 14443A/7816 history` -|`hf st ndef `|Y |`read NDEF file on tag` -|`hf st protect `|N |`change protection on tag` -|`hf st pwd `|N |`change password on tag` +|`hf st ndef `|Y |`Read NDEF file on tag` +|`hf st protect `|N |`Change protection on tag` +|`hf st pwd `|N |`Change password on tag` |`hf st sim `|N |`Fake ISO 14443A/ST tag` @@ -492,7 +492,7 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`hw help `|Y |`This help` -|`hw connect `|Y |`connect Proxmark3 to serial port` +|`hw connect `|Y |`Connect Proxmark3 to serial port` |`hw dbg `|N |`Set Proxmark3 debug level` |`hw detectreader `|N |`['l'|'h'] -- Detect external reader field (option 'l' or 'h' to limit to LF or HF)` |`hw fpgaoff `|N |`Set FPGA off` @@ -537,13 +537,13 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- -|`lf awid help `|Y |`this help` -|`lf awid demod `|Y |`demodulate an AWID FSK tag from the GraphBuffer` -|`lf awid read `|N |`attempt to read and extract tag data` -|`lf awid clone `|N |`clone AWID tag to T55x7 or Q5/T5555` -|`lf awid sim `|N |`simulate AWID tag` +|`lf awid help `|Y |`This help` +|`lf awid demod `|Y |`Demodulate an AWID FSK tag from the GraphBuffer` +|`lf awid read `|N |`Attempt to read and extract tag data` +|`lf awid clone `|N |`Clone AWID tag to T55x7 or Q5/T5555` +|`lf awid sim `|N |`Simulate AWID tag` |`lf awid brute `|N |`Bruteforce card number against reader` -|`lf awid watch `|N |`continuously watch for cards. Reader mode` +|`lf awid watch `|N |`Continuously watch for cards. Reader mode` ### lf cotag @@ -577,29 +577,29 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`lf em help `|Y |`This help` -|`lf em 410x_demod `|Y |`demodulate a EM410x tag from the GraphBuffer` -|`lf em 410x_read `|N |`attempt to read and extract tag data` -|`lf em 410x_sim `|N |`simulate EM410x tag` -|`lf em 410x_brute `|N |`reader bruteforce attack by simulating EM410x tags` -|`lf em 410x_watch `|N |`watches for EM410x 125/134 kHz tags (option 'h' for 134)` -|`lf em 410x_spoof `|N |`watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)` -|`lf em 410x_clone `|N |`write EM410x UID to T55x7 or Q5/T5555 tag` +|`lf em 410x_demod `|Y |`Demodulate a EM410x tag from the GraphBuffer` +|`lf em 410x_read `|N |`Attempt to read and extract tag data` +|`lf em 410x_sim `|N |`Simulate EM410x tag` +|`lf em 410x_brute `|N |`Reader bruteforce attack by simulating EM410x tags` +|`lf em 410x_watch `|N |`Watches for EM410x 125/134 kHz tags (option 'h' for 134)` +|`lf em 410x_spoof `|N |`Watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)` +|`lf em 410x_clone `|N |`Write EM410x UID to T55x7 or Q5/T5555 tag` |`lf em 4x05_chk `|N |`Check passwords from dictionary` -|`lf em 4x05_demod `|Y |`demodulate a EM4x05/EM4x69 tag from the GraphBuffer` -|`lf em 4x05_dump `|N |`dump EM4x05/EM4x69 tag` -|`lf em 4x05_wipe `|N |`wipe EM4x05/EM4x69 tag` -|`lf em 4x05_info `|N |`tag information EM4x05/EM4x69` -|`lf em 4x05_read `|N |`read word data from EM4x05/EM4x69` -|`lf em 4x05_write `|N |`write word data to EM4x05/EM4x69` -|`lf em 4x05_unlock `|N |`execute tear off against EM4x05/EM4x69` +|`lf em 4x05_demod `|Y |`Demodulate a EM4x05/EM4x69 tag from the GraphBuffer` +|`lf em 4x05_dump `|N |`Dump EM4x05/EM4x69 tag` +|`lf em 4x05_wipe `|N |`Wipe EM4x05/EM4x69 tag` +|`lf em 4x05_info `|N |`Tag information EM4x05/EM4x69` +|`lf em 4x05_read `|N |`Read word data from EM4x05/EM4x69` +|`lf em 4x05_write `|N |`Write word data to EM4x05/EM4x69` +|`lf em 4x05_unlock `|N |`Execute tear off against EM4x05/EM4x69` |`lf em 4x05_sniff `|Y |`Attempt to recover em4x05 commands from sample buffer` |`lf em 4x05_brute `|N |`Bruteforce password` -|`lf em 4x50_dump `|N |`dump EM4x50 tag` -|`lf em 4x50_info `|N |`tag information EM4x50` -|`lf em 4x50_write `|N |`write word data to EM4x50` -|`lf em 4x50_write_password`|N |`change password of EM4x50 tag` -|`lf em 4x50_read `|N |`read word data from EM4x50` -|`lf em 4x50_wipe `|N |`wipe data from EM4x50` +|`lf em 4x50_dump `|N |`Dump EM4x50 tag` +|`lf em 4x50_info `|N |`Tag information EM4x50` +|`lf em 4x50_write `|N |`Write word data to EM4x50` +|`lf em 4x50_write_password`|N |`Change password of EM4x50 tag` +|`lf em 4x50_read `|N |`Read word data from EM4x50` +|`lf em 4x50_wipe `|N |`Wipe data from EM4x50` ### lf fdxb @@ -608,11 +608,11 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- -|`lf fdxb help `|Y |`this help` -|`lf fdxb demod `|Y |`demodulate a FDX-B ISO11784/85 tag from the GraphBuffer` -|`lf fdxb read `|N |`attempt to read at 134kHz and extract tag data` -|`lf fdxb clone `|N |`clone animal ID tag to T55x7 or Q5/T5555` -|`lf fdxb sim `|N |`simulate Animal ID tag` +|`lf fdxb help `|Y |`This help` +|`lf fdxb demod `|Y |`Demodulate a FDX-B ISO11784/85 tag from the GraphBuffer` +|`lf fdxb read `|N |`Attempt to read at 134kHz and extract tag data` +|`lf fdxb clone `|N |`Clone animal ID tag to T55x7 or Q5/T5555` +|`lf fdxb sim `|N |`Simulate Animal ID tag` ### lf gallagher @@ -624,8 +624,8 @@ Check column "offline" for their availability. |`lf gallagher help `|Y |`This help` |`lf gallagher demod `|Y |`Demodulate an GALLAGHER tag from the GraphBuffer` |`lf gallagher read `|N |`Attempt to read and extract tag data from the antenna` -|`lf gallagher clone `|N |`clone GALLAGHER tag to T55x7` -|`lf gallagher sim `|N |`simulate GALLAGHER tag` +|`lf gallagher clone `|N |`Clone GALLAGHER tag to T55x7` +|`lf gallagher sim `|N |`Simulate GALLAGHER tag` ### lf gproxii @@ -634,11 +634,11 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- -|`lf gproxii help `|Y |`this help` -|`lf gproxii demod `|Y |`demodulate a G Prox II tag from the GraphBuffer` -|`lf gproxii read `|N |`attempt to read and extract tag data from the antenna` -|`lf gproxii clone `|N |`clone Guardall tag to T55x7 or Q5/T5555` -|`lf gproxii sim `|N |`simulate Guardall tag` +|`lf gproxii help `|Y |`This help` +|`lf gproxii demod `|Y |`Demodulate a G Prox II tag from the GraphBuffer` +|`lf gproxii read `|N |`Attempt to read and extract tag data from the antenna` +|`lf gproxii clone `|N |`Clone Guardall tag to T55x7 or Q5/T5555` +|`lf gproxii sim `|N |`Simulate Guardall tag` ### lf hid @@ -647,13 +647,13 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- -|`lf hid help `|Y |`this help` -|`lf hid demod `|Y |`demodulate HID Prox tag from the GraphBuffer` -|`lf hid read `|N |`attempt to read and extract tag data` -|`lf hid clone `|N |`clone HID tag to T55x7` -|`lf hid sim `|N |`simulate HID tag` -|`lf hid brute `|N |`bruteforce card number against reader` -|`lf hid watch `|N |`continuously watch for cards. Reader mode` +|`lf hid help `|Y |`This help` +|`lf hid demod `|Y |`Demodulate HID Prox tag from the GraphBuffer` +|`lf hid read `|N |`Attempt to read and extract tag data` +|`lf hid clone `|N |`Clone HID tag to T55x7` +|`lf hid sim `|N |`Simulate HID tag` +|`lf hid brute `|N |`Bruteforce card number against reader` +|`lf hid watch `|N |`Continuously watch for cards. Reader mode` ### lf hitag @@ -690,12 +690,12 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- -|`lf indala help `|Y |`this help` -|`lf indala demod `|Y |`demodulate an indala tag (PSK1) from GraphBuffer` -|`lf indala altdemod `|Y |`alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)` -|`lf indala read `|N |`read an Indala Prox tag from the antenna` -|`lf indala clone `|N |`clone Indala tag to T55x7 or Q5/T5555` -|`lf indala sim `|N |`simulate Indala tag` +|`lf indala help `|Y |`This help` +|`lf indala demod `|Y |`Demodulate an indala tag (PSK1) from GraphBuffer` +|`lf indala altdemod `|Y |`Alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)` +|`lf indala read `|N |`Read an Indala Prox tag from the antenna` +|`lf indala clone `|N |`Clone Indala tag to T55x7 or Q5/T5555` +|`lf indala sim `|N |`Simulate Indala tag` ### lf io @@ -704,12 +704,12 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- -|`lf io help `|Y |`this help` -|`lf io demod `|Y |`demodulate an IOProx tag from the GraphBuffer` -|`lf io read `|N |`attempt to read and extract tag data` -|`lf io clone `|N |`clone IOProx tag to T55x7 or Q5/T5555` -|`lf io sim `|N |`simulate IOProx tag` -|`lf io watch `|N |`continuously watch for cards. Reader mode` +|`lf io help `|Y |`This help` +|`lf io demod `|Y |`Demodulate an IOProx tag from the GraphBuffer` +|`lf io read `|N |`Attempt to read and extract tag data` +|`lf io clone `|N |`Clone IOProx tag to T55x7 or Q5/T5555` +|`lf io sim `|N |`Simulate IOProx tag` +|`lf io watch `|N |`Continuously watch for cards. Reader mode` ### lf jablotron @@ -721,8 +721,8 @@ Check column "offline" for their availability. |`lf jablotron help `|Y |`This help` |`lf jablotron demod `|Y |`Demodulate an Jablotron tag from the GraphBuffer` |`lf jablotron read `|N |`Attempt to read and extract tag data from the antenna` -|`lf jablotron clone `|N |`clone jablotron tag to T55x7 or Q5/T5555` -|`lf jablotron sim `|N |`simulate jablotron tag` +|`lf jablotron clone `|N |`Clone jablotron tag to T55x7 or Q5/T5555` +|`lf jablotron sim `|N |`Simulate jablotron tag` ### lf keri @@ -734,8 +734,8 @@ Check column "offline" for their availability. |`lf keri help `|Y |`This help` |`lf keri demod `|Y |`Demodulate an KERI tag from the GraphBuffer` |`lf keri read `|N |`Attempt to read and extract tag data from the antenna` -|`lf keri clone `|N |`clone KERI tag to T55x7 or Q5/T5555` -|`lf keri sim `|N |`simulate KERI tag` +|`lf keri clone `|N |`Clone KERI tag to T55x7 or Q5/T5555` +|`lf keri sim `|N |`Simulate KERI tag` ### lf motorola @@ -747,8 +747,8 @@ Check column "offline" for their availability. |`lf motorola help `|Y |`This help` |`lf motorola demod `|Y |`Demodulate an MOTOROLA tag from the GraphBuffer` |`lf motorola read `|N |`Attempt to read and extract tag data from the antenna` -|`lf motorola clone `|N |`clone MOTOROLA tag to T55x7` -|`lf motorola sim `|N |`simulate MOTOROLA tag` +|`lf motorola clone `|N |`Clone MOTOROLA tag to T55x7` +|`lf motorola sim `|N |`Simulate MOTOROLA tag` ### lf nedap @@ -774,8 +774,8 @@ Check column "offline" for their availability. |`lf nexwatch help `|Y |`This help` |`lf nexwatch demod `|Y |`Demodulate a NexWatch tag (nexkey, quadrakey) from the GraphBuffer` |`lf nexwatch read `|N |`Attempt to Read and Extract tag data from the antenna` -|`lf nexwatch clone `|N |`clone NexWatch tag to T55x7` -|`lf nexwatch sim `|N |`simulate NexWatch tag` +|`lf nexwatch clone `|N |`Clone NexWatch tag to T55x7` +|`lf nexwatch sim `|N |`Simulate NexWatch tag` ### lf noralsy @@ -787,8 +787,8 @@ Check column "offline" for their availability. |`lf noralsy help `|Y |`This help` |`lf noralsy demod `|Y |`Demodulate an Noralsy tag from the GraphBuffer` |`lf noralsy read `|N |`Attempt to read and extract tag data from the antenna` -|`lf noralsy clone `|N |`clone Noralsy tag to T55x7 or Q5/T5555` -|`lf noralsy sim `|N |`simulate Noralsy tag` +|`lf noralsy clone `|N |`Clone Noralsy tag to T55x7 or Q5/T5555` +|`lf noralsy sim `|N |`Simulate Noralsy tag` ### lf pac @@ -800,8 +800,8 @@ Check column "offline" for their availability. |`lf pac help `|Y |`This help` |`lf pac demod `|Y |`Demodulate a PAC tag from the GraphBuffer` |`lf pac read `|N |`Attempt to read and extract tag data from the antenna` -|`lf pac clone `|N |`clone PAC tag to T55x7` -|`lf pac sim `|N |`simulate PAC tag` +|`lf pac clone `|N |`Clone PAC tag to T55x7` +|`lf pac sim `|N |`Simulate PAC tag` ### lf paradox @@ -813,8 +813,8 @@ Check column "offline" for their availability. |`lf paradox help `|Y |`This help` |`lf paradox demod `|Y |`Demodulate a Paradox FSK tag from the GraphBuffer` |`lf paradox read `|N |`Attempt to read and Extract tag data from the antenna` -|`lf paradox clone `|N |`clone paradox tag to T55x7` -|`lf paradox sim `|N |`simulate paradox tag` +|`lf paradox clone `|N |`Clone paradox tag to T55x7` +|`lf paradox sim `|N |`Simulate paradox tag` ### lf pcf7931 @@ -836,10 +836,10 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`lf presco help `|Y |`This help` -|`lf presco demod `|Y |`demodulate Presco tag from the GraphBuffer` +|`lf presco demod `|Y |`Demodulate Presco tag from the GraphBuffer` |`lf presco read `|N |`Attempt to read and Extract tag data` -|`lf presco clone `|N |`clone presco tag to T55x7 or Q5/T5555` -|`lf presco sim `|N |`simulate presco tag` +|`lf presco clone `|N |`Clone presco tag to T55x7 or Q5/T5555` +|`lf presco sim `|N |`Simulate presco tag` ### lf pyramid @@ -848,11 +848,11 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- -|`lf pyramid help `|Y |`this help` -|`lf pyramid demod `|Y |`demodulate a Pyramid FSK tag from the GraphBuffer` -|`lf pyramid read `|N |`attempt to read and extract tag data` -|`lf pyramid clone `|N |`clone pyramid tag to T55x7 or Q5/T5555` -|`lf pyramid sim `|N |`simulate pyramid tag` +|`lf pyramid help `|Y |`This help` +|`lf pyramid demod `|Y |`Demodulate a Pyramid FSK tag from the GraphBuffer` +|`lf pyramid read `|N |`Attempt to read and extract tag data` +|`lf pyramid clone `|N |`Clone pyramid tag to T55x7 or Q5/T5555` +|`lf pyramid sim `|N |`Simulate pyramid tag` ### lf securakey @@ -864,8 +864,8 @@ Check column "offline" for their availability. |`lf securakey help `|Y |`This help` |`lf securakey demod `|Y |`Demodulate an Securakey tag from the GraphBuffer` |`lf securakey read `|N |`Attempt to read and extract tag data from the antenna` -|`lf securakey clone `|N |`clone Securakey tag to T55x7` -|`lf securakey sim `|N |`simulate Securakey tag` +|`lf securakey clone `|N |`Clone Securakey tag to T55x7` +|`lf securakey sim `|N |`Simulate Securakey tag` ### lf ti @@ -919,8 +919,8 @@ Check column "offline" for their availability. |`lf viking help `|Y |`This help` |`lf viking demod `|Y |`Demodulate a Viking tag from the GraphBuffer` |`lf viking read `|N |`Attempt to read and Extract tag data from the antenna` -|`lf viking clone `|N |`clone Viking tag to T55x7 or Q5/T5555` -|`lf viking sim `|N |`simulate Viking tag` +|`lf viking clone `|N |`Clone Viking tag to T55x7 or Q5/T5555` +|`lf viking sim `|N |`Simulate Viking tag` ### lf visa2000 @@ -930,15 +930,15 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`lf visa2000 help `|Y |`This help` -|`lf visa2000 demod `|Y |`demodulate an VISA2000 tag from the GraphBuffer` -|`lf visa2000 read `|N |`attempt to read and extract tag data from the antenna` -|`lf visa2000 clone `|N |`clone Visa2000 tag to T55x7 or Q5/T5555` -|`lf visa2000 sim `|N |`simulate Visa2000 tag` +|`lf visa2000 demod `|Y |`Demodulate an VISA2000 tag from the GraphBuffer` +|`lf visa2000 read `|N |`Attempt to read and extract tag data from the antenna` +|`lf visa2000 clone `|N |`Clone Visa2000 tag to T55x7 or Q5/T5555` +|`lf visa2000 sim `|N |`Simulate Visa2000 tag` ### mem - { Flash Memory manipulation... } + { Flash memory manipulation... } |command |offline |description |------- |------- |----------- From ac9d33c35f5cc59bc73fbf706355e88736f688d4 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 6 Nov 2020 23:50:31 +0100 Subject: [PATCH 40/53] sAPDU printing.. these different apdu structs will need to be unified --- client/src/emv/apduinfo.c | 18 ++++++++++++++++++ client/src/emv/apduinfo.h | 1 + 2 files changed, 19 insertions(+) diff --git a/client/src/emv/apduinfo.c b/client/src/emv/apduinfo.c index 2b319cbe8..440ad0e6b 100644 --- a/client/src/emv/apduinfo.c +++ b/client/src/emv/apduinfo.c @@ -517,3 +517,21 @@ void APDUPrintEx(APDUStruct apdu, size_t maxdatalen) { if (maxdatalen > 0) PrintAndLogEx(INFO, "data: %s%s", sprint_hex(apdu.data, MIN(apdu.lc, maxdatalen)), apdu.lc > maxdatalen ? "..." : ""); } + +void SAPDUPrint(sAPDU apdu, size_t maxdatalen) { + PrintAndLogEx(INFO, "APDU: CLA 0x%02x, INS 0x%02x, P1 0x%02x, P2 0x%02x, Lc 0x%02x(%d)", + apdu.CLA, + apdu.INS, + apdu.P1, + apdu.P2, + apdu.Lc, + apdu.Lc + ); + + size_t len = apdu.Lc; + if (maxdatalen > 0) + len = MIN(apdu.Lc, maxdatalen); + + PrintAndLogEx(INFO, "data { %s%s }", sprint_hex(apdu.data, len), apdu.Lc > len ? "..." : ""); +} + diff --git a/client/src/emv/apduinfo.h b/client/src/emv/apduinfo.h index d319b4e43..a1528801a 100644 --- a/client/src/emv/apduinfo.h +++ b/client/src/emv/apduinfo.h @@ -63,4 +63,5 @@ extern int APDUEncodeS(sAPDU *sapdu, bool extended, uint16_t le, uint8_t *data, extern void APDUPrint(APDUStruct apdu); extern void APDUPrintEx(APDUStruct apdu, size_t maxdatalen); +void SAPDUPrint(sAPDU apdu, size_t maxdatalen); #endif From 427e7c02e8ffa6c3a82c1674aacac8a908e555b2 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Fri, 6 Nov 2020 23:52:11 +0100 Subject: [PATCH 41/53] hf mfdes auth - textual --- client/src/cmdhfmfdes.c | 46 +++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 75f4fa18f..a497a7281 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -348,6 +348,20 @@ typedef struct { static int CmdHelp(const char *Cmd); +static const char *getEncryptionAlgoStr(uint8_t algo) { + switch(algo) { + case MFDES_ALGO_AES : + return "AES"; + case MFDES_ALGO_3DES : + return "3DES"; + case MFDES_ALGO_DES : + return "DES"; + case MFDES_ALGO_3K3DES : + return "3K3DES"; + default : + return ""; + } +} /* The 7 MSBits (= n) code the storage size itself based on 2^n, the LSBit is set to '0' if the size is exactly 2^n @@ -1114,6 +1128,12 @@ static int handler_desfire_freemem(uint32_t *free_mem) { } static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t new_algo, uint8_t *old_key, uint8_t old_algo, uint8_t aes_version) { + + if (new_key == NULL || old_key == NULL) { + return PM3_EINVARG; + } + + // AID == 000000 6bits LSB needs to be 0 key_no &= 0x0F; /* @@ -1121,24 +1141,34 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n * changing the card master key to one of them require a key_no tweak. */ if (0x000000 == tag->selected_application) { + + // PICC master key, 6bits LSB needs to be 0 + key_no = 0x00; + + // PICC master key, keyalgo specific 2bit MSB switch (new_algo) { case MFDES_ALGO_DES: - break; + case MFDES_ALGO_3DES: + break; // 00xx xxx case MFDES_ALGO_3K3DES: - key_no |= 0x40; + key_no |= 0x40; // 01xx xxx break; case MFDES_ALGO_AES: - key_no |= 0x80; + key_no |= 0x80; // 10xx xxx break; } } - uint8_t data[24 * 4] = {key_no}; + // Variable length ciphered key data 26-42 bytes plus padding.. + uint8_t data[64] = {key_no}; sAPDU apdu = {0x90, MFDES_CHANGE_KEY, 0x00, 0x00, 0x01, data}; // 0xC4 uint8_t new_key_length = 16; switch (new_algo) { case MFDES_ALGO_DES: + new_key_length = 8; + break; + case MFDES_ALGO_3DES: case MFDES_ALGO_AES: new_key_length = 16; break; @@ -1223,7 +1253,7 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n tag->session_key = NULL; } - return 0; + return PM3_SUCCESS; } // --- GET SIGNATURE @@ -3908,7 +3938,11 @@ static int CmdHF14ADesChangeKey(const char *Cmd) { PrintAndLogEx(WARNING, "New key must include %d HEX symbols", keylength); return PM3_EINVARG; } - + + PrintAndLogEx(INFO, "changing key number 0x%02x", cmdKeyNo); + PrintAndLogEx(INFO, "old key: %s (%s)", sprint_hex_inrow(key, keylen), getEncryptionAlgoStr(cmdAuthAlgo)); + PrintAndLogEx(INFO, "new key: %s (%s)", sprint_hex_inrow(newkey, newkeylen), getEncryptionAlgoStr(newcmdAuthAlgo)); + int error = mifare_desfire_change_key(cmdKeyNo, newkey, newcmdAuthAlgo, key, cmdAuthAlgo, aesversion); if (error == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, " Successfully changed key."); From 36b4301e01e006b895d63941c06e32a949d95713 Mon Sep 17 00:00:00 2001 From: Andrei Stefan Date: Sat, 7 Nov 2020 01:21:05 +0200 Subject: [PATCH 42/53] Delete commands.md --- doc/commands.md | 1027 ----------------------------------------------- 1 file changed, 1027 deletions(-) delete mode 100644 doc/commands.md diff --git a/doc/commands.md b/doc/commands.md deleted file mode 100644 index 7782e19b1..000000000 --- a/doc/commands.md +++ /dev/null @@ -1,1027 +0,0 @@ - -# Proxmark3 command dump - - -Some commands are available only if a Proxmark3 is actually connected. - -Check column "offline" for their availability. - - - -|command |offline |description -|------- |------- |----------- -|`auto `|N |`Automated detection process for unknown tags` -|`clear `|Y |`Clear screen` -|`help `|Y |`This help. Use ' help' for details of a particular command.` -|`hints `|Y |`Turn hints on / off` -|`msleep `|Y |`Add a pause in milliseconds` -|`pref `|Y |`Edit preferences` -|`rem `|Y |`Add a text line in log file` -|`quit `|Y |`` -|`exit `|Y |`Exit program` - - -### analyse - - { Analyse utils... } - -|command |offline |description -|------- |------- |----------- -|`analyse help `|Y |`This help` -|`analyse lcr `|Y |`Generate final byte for XOR LRC` -|`analyse crc `|Y |`Stub method for CRC evaluations` -|`analyse chksum `|Y |`Checksum with adding, masking and one's complement` -|`analyse dates `|Y |`Look for datestamps in a given array of bytes` -|`analyse tea `|Y |`Crypto TEA test` -|`analyse lfsr `|Y |`LFSR tests` -|`analyse a `|Y |`Num bits test` -|`analyse nuid `|Y |`Create NUID from 7byte UID` -|`analyse demodbuff `|Y |`Load binary string to demodbuffer` -|`analyse freq `|Y |`Calc wave lengths` - - -### data - - { Plot window / data buffer manipulation... } - -|command |offline |description -|------- |------- |----------- -|`data help `|Y |`This help` -|`data biphaserawdecode `|Y |`Biphase decode bin stream in DemodBuffer` -|`data detectclock `|Y |`Detect ASK, FSK, NRZ, PSK clock rate of wave in GraphBuffer` -|`data fsktonrz `|Y |`Convert fsk2 to nrz wave for alternate fsk demodulating (for weak fsk)` -|`data manrawdecode `|Y |`Manchester decode binary stream in DemodBuffer` -|`data modulation `|Y |`Identify LF signal for clock and modulation` -|`data rawdemod `|Y |`Demodulate the data in the GraphBuffer and output binary` -|`data askedgedetect `|Y |`[threshold] Adjust Graph for manual ASK demod using the length of sample differences to detect the edge of a wave (use 20-45, def:25)` -|`data autocorr `|Y |`Autocorrelation over window` -|`data dirthreshold `|Y |` -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev.` -|`data decimate `|Y |`Decimate samples` -|`data undecimate `|Y |`Un-decimate samples` -|`data hide `|Y |`Hide graph window` -|`data hpf `|Y |`Remove DC offset from trace` -|`data iir `|Y |`Apply IIR buttersworth filter on plotdata` -|`data grid `|Y |` -- overlay grid on graph window, use zero value to turn off either` -|`data ltrim `|Y |` -- Trim samples from left of trace` -|`data mtrim `|Y |` -- Trim out samples from the specified start to the specified stop` -|`data norm `|Y |`Normalize max/min to +/-128` -|`data plot `|Y |`Show graph window (hit 'h' in window for keystroke help)` -|`data rtrim `|Y |` -- Trim samples from right of trace` -|`data setgraphmarkers `|Y |`[orange_marker] [blue_marker] (in graph window)` -|`data shiftgraphzero `|Y |` -- Shift 0 for Graphed wave + or - shift value` -|`data timescale `|Y |`Set a timescale to get a differential reading between the yellow and purple markers as time duration -` -|`data zerocrossings `|Y |`Count time between zero-crossings` -|`data convertbitstream `|Y |`Convert GraphBuffer's 0/1 values to 127 / -127` -|`data getbitstream `|Y |`Convert GraphBuffer's >=1 values to 1 and <1 to 0` -|`data bin2hex `|Y |`Converts binary to hexadecimal` -|`data bitsamples `|N |`Get raw samples as bitstring` -|`data clear `|Y |`Clears bigbuf on deviceside and graph window` -|`data hexsamples `|N |` [] -- Dump big buffer as hex bytes` -|`data hex2bin `|Y |`Converts hexadecimal to binary` -|`data load `|Y |`Load contents of file into graph window` -|`data ndef `|Y |`Decode NDEF records` -|`data print `|Y |`Print the data in the DemodBuffer` -|`data samples `|N |`[512 - 40000] -- Get raw samples for graph window (GraphBuffer)` -|`data save `|Y |`Save signal trace data (from graph window)` -|`data setdebugmode `|Y |`<0|1|2> -- Set Debugging Level on client side` -|`data tune `|N |`Measure tuning of device antenna. Results shown in graph window` - - -### emv - - { EMV ISO-14443 / ISO-7816... } - -|command |offline |description -|------- |------- |----------- -|`emv help `|Y |`This help` -|`emv exec `|N |`Executes EMV contactless transaction.` -|`emv pse `|N |`Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory.` -|`emv search `|N |`Try to select all applets from applets list and print installed applets.` -|`emv select `|N |`Select applet.` -|`emv gpo `|N |`Execute GetProcessingOptions.` -|`emv readrec `|N |`Read files from card.` -|`emv genac `|N |`Generate ApplicationCryptogram.` -|`emv challenge `|N |`Generate challenge.` -|`emv intauth `|N |`Internal authentication.` -|`emv scan `|N |`Scan EMV card and save it contents to json file for emulator.` -|`emv test `|Y |`Crypto logic test.` -|`emv list `|Y |`List ISO7816 history` -|`emv roca `|N |`Extract public keys and run ROCA test` - - -### hf - - { High frequency commands... } - -|command |offline |description -|------- |------- |----------- -|`hf help `|Y |`This help` -|`hf list `|Y |`List protocol data in trace buffer` -|`hf plot `|N |`Plot signal` -|`hf tune `|N |`Continuously measure HF antenna tuning` -|`hf search `|Y |`Search for known HF tags` -|`hf sniff `|N |` Generic HF Sniff` - - -### hf 14a - - { ISO14443A RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf 14a help `|Y |`This help` -|`hf 14a list `|Y |`List ISO 14443-a history` -|`hf 14a info `|N |`Tag information` -|`hf 14a reader `|N |`Act like an ISO14443-a reader` -|`hf 14a cuids `|N |` Collect n>0 ISO14443-a UIDs in one go` -|`hf 14a sim `|N |` -- Simulate ISO 14443-a tag` -|`hf 14a sniff `|N |`Sniff ISO 14443-a traffic` -|`hf 14a apdu `|N |`Send ISO 14443-4 APDU to tag` -|`hf 14a chaining `|N |`Control ISO 14443-4 input chaining` -|`hf 14a raw `|N |`Send raw hex data to tag` -|`hf 14a antifuzz `|N |`Fuzzing the anticollision phase. Warning! Readers may react strange` -|`hf 14a config `|N |`Configure 14a settings (use with caution)` - - -### hf 14b - - { ISO14443B RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf 14b help `|Y |`This help` -|`hf 14b apdu `|N |`Send ISO 14443-4 APDU to tag` -|`hf 14b dump `|N |`Read all memory pages of an ISO14443-B tag, save to file` -|`hf 14b info `|N |`Tag information` -|`hf 14b list `|Y |`List ISO 14443B history` -|`hf 14b ndef `|N |`Read NDEF file on tag` -|`hf 14b raw `|N |`Send raw hex data to tag` -|`hf 14b reader `|N |`Act as a 14443B reader to identify a tag` -|`hf 14b sim `|N |`Fake ISO 14443B tag` -|`hf 14b sniff `|N |`Eavesdrop ISO 14443B` -|`hf 14b rdbl `|N |`Read SRI512/SRIX4x block` -|`hf 14b sriwrite `|N |`Write data to a SRI512 | SRIX4K tag` - - -### hf 15 - - { ISO15693 RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf 15 help `|Y |`This help` -|`hf 15 list `|Y |`List ISO15693 history` -|`hf 15 demod `|Y |`Demodulate ISO15693 from tag` -|`hf 15 dump `|N |`Read all memory pages of an ISO15693 tag, save to file` -|`hf 15 info `|N |`Tag information` -|`hf 15 sniff `|N |`Sniff ISO15693 traffic` -|`hf 15 raw `|N |`Send raw hex data to tag` -|`hf 15 rdbl `|N |`Read a block` -|`hf 15 reader `|N |`Act like an ISO15693 reader` -|`hf 15 readmulti `|N |`Reads multiple Blocks` -|`hf 15 restore `|N |`Restore from file to all memory pages of an ISO15693 tag` -|`hf 15 samples `|N |`Acquire Samples as Reader (enables carrier, sends inquiry)` -|`hf 15 sim `|N |`Fake an ISO15693 tag` -|`hf 15 wrbl `|N |`Write a block` -|`hf 15 findafi `|N |`Brute force AFI of an ISO15693 tag` -|`hf 15 writeafi `|N |`Writes the AFI on an ISO15693 tag` -|`hf 15 writedsfid `|N |`Writes the DSFID on an ISO15693 tag` -|`hf 15 csetuid `|N |`Set UID for magic Chinese card` - - -### hf epa - - { German Identification Card... } - -|command |offline |description -|------- |------- |----------- -|`hf epa help `|Y |`This help` -|`hf epa cnonces `|N |` Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses` -|`hf epa preplay `|N |` Perform PACE protocol by replaying given APDUs` - - -### hf felica - - { ISO18092 / FeliCa RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf felica help `|Y |`This help` -|`hf felica list `|Y |`List ISO 18092/FeliCa history` -|`hf felica reader `|N |`Act like an ISO18092/FeliCa reader` -|`hf felica sniff `|N |`Sniff ISO 18092/FeliCa traffic` -|`hf felica raw `|N |`Send raw hex data to tag` -|`hf felica rdunencrypted`|N |`Read Block Data from authentication-not-required Service.` -|`hf felica wrunencrypted`|N |`Write Block Data to an authentication-not-required Service.` -|`hf felica rqservice `|N |`Verify the existence of Area and Service, and to acquire Key Version.` -|`hf felica rqresponse `|N |`Verify the existence of a card and its Mode.` -|`hf felica scsvcode `|N |`Acquire Area Code and Service Code.` -|`hf felica rqsyscode `|N |`Acquire System Code registered to the card.` -|`hf felica auth1 `|N |`Authenticate a card. Start mutual authentication with Auth1` -|`hf felica auth2 `|N |`Allow a card to authenticate a Reader/Writer. Complete mutual authentication` -|`hf felica rqspecver `|N |`Acquire the version of card OS.` -|`hf felica resetmode `|N |`Reset Mode to Mode 0.` -|`hf felica litesim `|N |` - only reply to poll request` -|`hf felica litedump `|N |`Wait for and try dumping FelicaLite` - - -### hf fido - - { FIDO and FIDO2 authenticators... } - -|command |offline |description -|------- |------- |----------- -|`hf fido help `|Y |`This help.` -|`hf fido list `|N |`List ISO 14443A history` -|`hf fido info `|N |`Info about FIDO tag.` -|`hf fido reg `|N |`FIDO U2F Registration Message.` -|`hf fido auth `|N |`FIDO U2F Authentication Message.` -|`hf fido make `|N |`FIDO2 MakeCredential command.` -|`hf fido assert `|N |`FIDO2 GetAssertion command.` - - -### hf iclass - - { ICLASS RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf iclass help `|Y |`This help` -|`hf iclass dump `|N |`[options..] Dump Picopass / iCLASS tag to file` -|`hf iclass info `|Y |` Tag information` -|`hf iclass list `|Y |` List iclass history` -|`hf iclass rdbl `|N |`[options..] Read Picopass / iCLASS block` -|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader` -|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag` -|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication` -|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block` -|`hf iclass autopwn `|N |`[options..] Automatic key recovery tool for iCLASS` -|`hf iclass chk `|N |`[options..] Check keys` -|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack` -|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file` -|`hf iclass sim `|N |`[options..] Simulate iCLASS tag` -|`hf iclass eload `|N |`[f ] Load Picopass / iCLASS dump file into emulator memory` -|`hf iclass esave `|N |`[f ] Save emulator memory to file` -|`hf iclass eview `|N |`[options..] View emulator memory` -|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys` -|`hf iclass encrypt `|Y |`[options..] Encrypt given block data` -|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file` -|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iclass commands` -|`hf iclass permute `|N |` Permute function from 'heart of darkness' paper` -|`hf iclass view `|Y |`[options..] Display content from tag dump file` - - -### hf legic - - { LEGIC RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf legic help `|Y |`This help` -|`hf legic list `|Y |`List LEGIC history` -|`hf legic reader `|N |`LEGIC Prime Reader UID and tag info` -|`hf legic info `|N |`Display deobfuscated and decoded LEGIC Prime tag data` -|`hf legic dump `|N |`Dump LEGIC Prime tag to binary file` -|`hf legic restore `|N |`Restore a dump file onto a LEGIC Prime tag` -|`hf legic rdbl `|N |`Read bytes from a LEGIC Prime tag` -|`hf legic sim `|N |`Start tag simulator` -|`hf legic wrbl `|N |`Write data to a LEGIC Prime tag` -|`hf legic crc `|Y |`Calculate Legic CRC over given bytes` -|`hf legic eload `|Y |`Load binary dump to emulator memory` -|`hf legic esave `|Y |`Save emulator memory to binary file` -|`hf legic wipe `|N |`Wipe a LEGIC Prime tag` - - -### hf lto - - { LTO Cartridge Memory RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf lto help `|Y |`This help` -|`hf lto dump `|N |`Dump LTO-CM tag to file` -|`hf lto restore `|N |`Restore dump file to LTO-CM tag` -|`hf lto info `|N |`Tag information` -|`hf lto rdbl `|N |`Read block` -|`hf lto wrbl `|N |`Write block` -|`hf lto list `|Y |`List LTO-CM history` - - -### hf mf - - { MIFARE RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf mf help `|Y |`This help` -|`hf mf list `|Y |`List MIFARE history` -|`hf mf darkside `|N |`Darkside attack` -|`hf mf nested `|N |`Nested attack` -|`hf mf hardnested `|Y |`Nested attack for hardened MIFARE Classic cards` -|`hf mf staticnested `|N |`Nested attack against static nonce MIFARE Classic cards` -|`hf mf autopwn `|N |`Automatic key recovery tool for MIFARE Classic` -|`hf mf nack `|N |`Test for MIFARE NACK bug` -|`hf mf chk `|N |`Check keys` -|`hf mf fchk `|N |`Check keys fast, targets all keys on card` -|`hf mf decrypt `|Y |`[nt] [ar_enc] [at_enc] [data] - to decrypt sniff or trace` -|`hf mf supercard `|N |`Extract info from a `super card`` -|`hf mf auth4 `|N |`ISO14443-4 AES authentication` -|`hf mf dump `|N |`Dump MIFARE Classic tag to binary file` -|`hf mf mad `|N |`Checks and prints MAD` -|`hf mf ndef `|N |`Prints NDEF records from card` -|`hf mf personalize `|N |`Personalize UID (MIFARE Classic EV1 only)` -|`hf mf rdbl `|N |`Read MIFARE Classic block` -|`hf mf rdsc `|N |`Read MIFARE Classic sector` -|`hf mf restore `|N |`Restore MIFARE Classic binary file to BLANK tag` -|`hf mf setmod `|N |`Set MIFARE Classic EV1 load modulation strength` -|`hf mf wrbl `|N |`Write MIFARE Classic block` -|`hf mf sim `|N |`Simulate MIFARE card` -|`hf mf ecfill `|N |`Fill simulator memory with help of keys from simulator` -|`hf mf eclr `|N |`Clear simulator memory` -|`hf mf egetblk `|N |`Get simulator memory block` -|`hf mf egetsc `|N |`Get simulator memory sector` -|`hf mf ekeyprn `|N |`Print keys from simulator memory` -|`hf mf eload `|N |`Load from file emul dump` -|`hf mf esave `|N |`Save to file emul dump` -|`hf mf eset `|N |`Set simulator memory block` -|`hf mf eview `|N |`View emul memory` -|`hf mf cgetblk `|N |`Read block` -|`hf mf cgetsc `|N |`Read sector` -|`hf mf cload `|N |`Load dump` -|`hf mf csave `|N |`Save dump from card into file or emulator` -|`hf mf csetblk `|N |`Write block` -|`hf mf csetuid `|N |`Set UID` -|`hf mf cview `|N |`View card` -|`hf mf cwipe `|N |`Wipe card to default UID/Sectors/Keys` -|`hf mf gen3uid `|N |`Set UID without manufacturer block` -|`hf mf gen3blk `|N |`Overwrite full manufacturer block` -|`hf mf gen3freeze `|N |`Perma lock further UID changes` -|`hf mf ice `|N |`Collect MIFARE Classic nonces to file` - - -### hf mfp - - { MIFARE Plus RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf mfp help `|Y |`This help` -|`hf mfp info `|N |`Info about Mifare Plus tag` -|`hf mfp wrp `|N |`Write Perso command` -|`hf mfp initp `|N |`Fills all the card's keys` -|`hf mfp commitp `|N |`Move card to SL1 or SL3 mode` -|`hf mfp auth `|N |`Authentication` -|`hf mfp rdbl `|N |`Read blocks` -|`hf mfp rdsc `|N |`Read sectors` -|`hf mfp wrbl `|N |`Write blocks` -|`hf mfp chk `|N |`Check keys` -|`hf mfp mad `|N |`Checks and prints MAD` -|`hf mfp ndef `|N |`Prints NDEF records from card` - - -### hf mfu - - { MIFARE Ultralight RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf mfu help `|Y |`This help` -|`hf mfu info `|N |`Tag information` -|`hf mfu dump `|N |`Dump Ultralight / Ultralight-C / NTAG tag to binary file` -|`hf mfu restore `|N |`Restore a dump onto a MFU MAGIC tag` -|`hf mfu eload `|N |`Load Ultralight .eml dump file into emulator memory` -|`hf mfu rdbl `|N |`Read block` -|`hf mfu wrbl `|N |`Write block` -|`hf mfu cauth `|N |`Authentication - Ultralight C` -|`hf mfu setpwd `|N |`Set 3des password - Ultralight-C` -|`hf mfu setuid `|N |`Set UID - MAGIC tags only` -|`hf mfu sim `|N |`Simulate Ultralight from emulator memory` -|`hf mfu gen `|Y |`Generate 3des mifare diversified keys` -|`hf mfu pwdgen `|Y |`Generate pwd from known algos` -|`hf mfu otptear `|N |`Tear-off test on OTP bits` -|`hf mfu ndef `|N |`Prints NDEF records from card` - - -### hf mfdes - - { MIFARE Desfire RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf mfdes help `|Y |`This help` -|`hf mfdes info `|N |`Tag information` -|`hf mfdes list `|Y |`List DESFire (ISO 14443A) history` -|`hf mfdes enum `|N |`Tries enumerate all applications` -|`hf mfdes auth `|N |`Tries a MIFARE DesFire Authentication` -|`hf mfdes getuid `|N |`Get random uid` -|`hf mfdes selectaid `|N |`Select Application ID` -|`hf mfdes createaid `|N |`Create Application ID` -|`hf mfdes deleteaid `|N |`Delete Application ID` -|`hf mfdes createfile `|N |`Create Standard/Backup File` -|`hf mfdes createvaluefile`|N |`Create Value File` -|`hf mfdes createrecordfile`|N |`Create Linear/Cyclic Record File` -|`hf mfdes deletefile `|N |`Create Delete File` -|`hf mfdes clearfile `|N |`Clear record File` -|`hf mfdes readdata `|N |`Read data from standard/backup/record file` -|`hf mfdes writedata `|N |`Write data to standard/backup/record file` -|`hf mfdes getvalue `|N |`Get value of file` -|`hf mfdes changevalue `|N |`Write value of a value file (credit/debit/clear)` -|`hf mfdes changekey `|N |`Change Key` -|`hf mfdes formatpicc `|N |`Format PICC` -|`hf mfdes dump `|N |`Dump all files` -|`hf mfdes chk `|N |`Check keys` - - -### hf st - - { ST Rothult RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf st help `|Y |`This help` -|`hf st info `|N |`Tag information` -|`hf st list `|Y |`List ISO 14443A/7816 history` -|`hf st ndef `|Y |`Read NDEF file on tag` -|`hf st protect `|N |`Change protection on tag` -|`hf st pwd `|N |`Change password on tag` -|`hf st sim `|N |`Fake ISO 14443A/ST tag` - - -### hf thinfilm - - { Thinfilm RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf thinfilm help `|Y |`This help` -|`hf thinfilm info `|N |`Tag information` -|`hf thinfilm list `|Y |`List NFC Barcode / Thinfilm history - not correct` -|`hf thinfilm sim `|N |`Fake Thinfilm tag` - - -### hf topaz - - { TOPAZ (NFC Type 1) RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`hf topaz help `|Y |`This help` -|`hf topaz list `|Y |`List Topaz history` -|`hf topaz info `|N |`Tag information` -|`hf topaz reader `|N |`Act like a Topaz reader` -|`hf topaz sim `|N |` -- Simulate Topaz tag` -|`hf topaz sniff `|N |`Sniff Topaz reader-tag communication` -|`hf topaz raw `|N |`Send raw hex data to tag` - - -### hf waveshare - - { Waveshare NFC ePaper... } - -|command |offline |description -|------- |------- |----------- -|`hf waveshare help `|Y |`This help` -|`hf waveshare loadbmp `|N |`Load BMP file to Waveshare NFC ePaper` - - -### hw - - { Hardware commands... } - -|command |offline |description -|------- |------- |----------- -|`hw help `|Y |`This help` -|`hw connect `|Y |`Connect Proxmark3 to serial port` -|`hw dbg `|N |`Set Proxmark3 debug level` -|`hw detectreader `|N |`['l'|'h'] -- Detect external reader field (option 'l' or 'h' to limit to LF or HF)` -|`hw fpgaoff `|N |`Set FPGA off` -|`hw lcd `|N |` -- Send command/data to LCD` -|`hw lcdreset `|N |`Hardware reset LCD` -|`hw ping `|N |`Test if the Proxmark3 is responsive` -|`hw readmem `|N |`[address] -- Read memory at decimal address from flash` -|`hw reset `|N |`Reset the Proxmark3` -|`hw setlfdivisor `|N |`<19 - 255> -- Drive LF antenna at 12MHz/(divisor+1)` -|`hw setmux `|N |`Set the ADC mux to a specific value` -|`hw standalone `|N |`Jump to the standalone mode` -|`hw status `|N |`Show runtime status information about the connected Proxmark3` -|`hw tearoff `|N |`Program a tearoff hook for the next command supporting tearoff` -|`hw tia `|N |`Trigger a Timing Interval Acquisition to re-adjust the RealTimeCounter divider` -|`hw tune `|N |`Measure antenna tuning` -|`hw version `|N |`Show version information about the connected Proxmark3` - - -### lf - - { Low frequency commands... } - -|command |offline |description -|------- |------- |----------- -|`lf help `|Y |`This help` -|`lf config `|N |`Get/Set config for LF sampling, bit/sample, decimation, frequency` -|`lf cmdread `|N |`Modulate LF reader field to send command before read (all periods in microseconds)` -|`lf read `|N |`Read LF tag` -|`lf search `|Y |`Read and Search for valid known tag (in offline mode it you can load first then search)` -|`lf sim `|N |`Simulate LF tag from buffer with optional GAP (in microseconds)` -|`lf simask `|N |`Simulate LF ASK tag from demodbuffer or input` -|`lf simfsk `|N |`Simulate LF FSK tag from demodbuffer or input` -|`lf simpsk `|N |`Simulate LF PSK tag from demodbuffer or input` -|`lf simbidir `|N |`Simulate LF tag (with bidirectional data transmission between reader and tag)` -|`lf sniff `|N |`Sniff LF traffic between reader and tag` -|`lf tune `|N |`Continuously measure LF antenna tuning` - - -### lf awid - - { AWID RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf awid help `|Y |`This help` -|`lf awid demod `|Y |`Demodulate an AWID FSK tag from the GraphBuffer` -|`lf awid read `|N |`Attempt to read and extract tag data` -|`lf awid clone `|N |`Clone AWID tag to T55x7 or Q5/T5555` -|`lf awid sim `|N |`Simulate AWID tag` -|`lf awid brute `|N |`Bruteforce card number against reader` -|`lf awid watch `|N |`Continuously watch for cards. Reader mode` - - -### lf cotag - - { COTAG CHIPs... } - -|command |offline |description -|------- |------- |----------- -|`lf cotag help `|Y |`This help` -|`lf cotag demod `|Y |`Tries to decode a COTAG signal` -|`lf cotag read `|N |`Attempt to read and extract tag data` - - -### lf destron - - { FDX-A Destron RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf destron help `|Y |`This help` -|`lf destron demod `|Y |`Demodulate an Destron tag from the GraphBuffer` -|`lf destron read `|N |`Attempt to read and extract tag data from the antenna` -|`lf destron clone `|N |`Clone Destron tag to T55x7` -|`lf destron sim `|N |`Simulate Destron tag` - - -### lf em - - { EM4X CHIPs & RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf em help `|Y |`This help` -|`lf em 410x_demod `|Y |`Demodulate a EM410x tag from the GraphBuffer` -|`lf em 410x_read `|N |`Attempt to read and extract tag data` -|`lf em 410x_sim `|N |`Simulate EM410x tag` -|`lf em 410x_brute `|N |`Reader bruteforce attack by simulating EM410x tags` -|`lf em 410x_watch `|N |`Watches for EM410x 125/134 kHz tags (option 'h' for 134)` -|`lf em 410x_spoof `|N |`Watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)` -|`lf em 410x_clone `|N |`Write EM410x UID to T55x7 or Q5/T5555 tag` -|`lf em 4x05_chk `|N |`Check passwords from dictionary` -|`lf em 4x05_demod `|Y |`Demodulate a EM4x05/EM4x69 tag from the GraphBuffer` -|`lf em 4x05_dump `|N |`Dump EM4x05/EM4x69 tag` -|`lf em 4x05_wipe `|N |`Wipe EM4x05/EM4x69 tag` -|`lf em 4x05_info `|N |`Tag information EM4x05/EM4x69` -|`lf em 4x05_read `|N |`Read word data from EM4x05/EM4x69` -|`lf em 4x05_write `|N |`Write word data to EM4x05/EM4x69` -|`lf em 4x05_unlock `|N |`Execute tear off against EM4x05/EM4x69` -|`lf em 4x05_sniff `|Y |`Attempt to recover em4x05 commands from sample buffer` -|`lf em 4x05_brute `|N |`Bruteforce password` -|`lf em 4x50_dump `|N |`Dump EM4x50 tag` -|`lf em 4x50_info `|N |`Tag information EM4x50` -|`lf em 4x50_write `|N |`Write word data to EM4x50` -|`lf em 4x50_write_password`|N |`Change password of EM4x50 tag` -|`lf em 4x50_read `|N |`Read word data from EM4x50` -|`lf em 4x50_wipe `|N |`Wipe data from EM4x50` - - -### lf fdxb - - { FDX-B RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf fdxb help `|Y |`This help` -|`lf fdxb demod `|Y |`Demodulate a FDX-B ISO11784/85 tag from the GraphBuffer` -|`lf fdxb read `|N |`Attempt to read at 134kHz and extract tag data` -|`lf fdxb clone `|N |`Clone animal ID tag to T55x7 or Q5/T5555` -|`lf fdxb sim `|N |`Simulate Animal ID tag` - - -### lf gallagher - - { GALLAGHER RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf gallagher help `|Y |`This help` -|`lf gallagher demod `|Y |`Demodulate an GALLAGHER tag from the GraphBuffer` -|`lf gallagher read `|N |`Attempt to read and extract tag data from the antenna` -|`lf gallagher clone `|N |`Clone GALLAGHER tag to T55x7` -|`lf gallagher sim `|N |`Simulate GALLAGHER tag` - - -### lf gproxii - - { Guardall Prox II RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf gproxii help `|Y |`This help` -|`lf gproxii demod `|Y |`Demodulate a G Prox II tag from the GraphBuffer` -|`lf gproxii read `|N |`Attempt to read and extract tag data from the antenna` -|`lf gproxii clone `|N |`Clone Guardall tag to T55x7 or Q5/T5555` -|`lf gproxii sim `|N |`Simulate Guardall tag` - - -### lf hid - - { HID Prox RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf hid help `|Y |`This help` -|`lf hid demod `|Y |`Demodulate HID Prox tag from the GraphBuffer` -|`lf hid read `|N |`Attempt to read and extract tag data` -|`lf hid clone `|N |`Clone HID tag to T55x7` -|`lf hid sim `|N |`Simulate HID tag` -|`lf hid brute `|N |`Bruteforce card number against reader` -|`lf hid watch `|N |`Continuously watch for cards. Reader mode` - - -### lf hitag - - { Hitag CHIPs... } - -|command |offline |description -|------- |------- |----------- -|`lf hitag help `|Y |`This help` -|`lf hitag list `|N |`List Hitag trace history` -|`lf hitag info `|N |`Tag information` -|`lf hitag reader `|N |`Act like a Hitag Reader` -|`lf hitag sim `|N |`Simulate Hitag transponder` -|`lf hitag sniff `|N |`Eavesdrop Hitag communication` -|`lf hitag writer `|N |`Act like a Hitag Writer` -|`lf hitag dump `|N |`Dump Hitag2 tag` -|`lf hitag cc `|N |`Test all challenges` - - -### lf idteck - - { Idteck RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf idteck help `|Y |`This help` -|`lf idteck demod `|Y |`Demodulate an Idteck tag from the GraphBuffer` -|`lf idteck read `|N |`Attempt to read and Extract tag data from the antenna` - - -### lf indala - - { Indala RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf indala help `|Y |`This help` -|`lf indala demod `|Y |`Demodulate an indala tag (PSK1) from GraphBuffer` -|`lf indala altdemod `|Y |`Alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)` -|`lf indala read `|N |`Read an Indala Prox tag from the antenna` -|`lf indala clone `|N |`Clone Indala tag to T55x7 or Q5/T5555` -|`lf indala sim `|N |`Simulate Indala tag` - - -### lf io - - { ioProx RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf io help `|Y |`This help` -|`lf io demod `|Y |`Demodulate an IOProx tag from the GraphBuffer` -|`lf io read `|N |`Attempt to read and extract tag data` -|`lf io clone `|N |`Clone IOProx tag to T55x7 or Q5/T5555` -|`lf io sim `|N |`Simulate IOProx tag` -|`lf io watch `|N |`Continuously watch for cards. Reader mode` - - -### lf jablotron - - { Jablotron RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf jablotron help `|Y |`This help` -|`lf jablotron demod `|Y |`Demodulate an Jablotron tag from the GraphBuffer` -|`lf jablotron read `|N |`Attempt to read and extract tag data from the antenna` -|`lf jablotron clone `|N |`Clone jablotron tag to T55x7 or Q5/T5555` -|`lf jablotron sim `|N |`Simulate jablotron tag` - - -### lf keri - - { KERI RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf keri help `|Y |`This help` -|`lf keri demod `|Y |`Demodulate an KERI tag from the GraphBuffer` -|`lf keri read `|N |`Attempt to read and extract tag data from the antenna` -|`lf keri clone `|N |`Clone KERI tag to T55x7 or Q5/T5555` -|`lf keri sim `|N |`Simulate KERI tag` - - -### lf motorola - - { Motorola RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf motorola help `|Y |`This help` -|`lf motorola demod `|Y |`Demodulate an MOTOROLA tag from the GraphBuffer` -|`lf motorola read `|N |`Attempt to read and extract tag data from the antenna` -|`lf motorola clone `|N |`Clone MOTOROLA tag to T55x7` -|`lf motorola sim `|N |`Simulate MOTOROLA tag` - - -### lf nedap - - { Nedap RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf nedap help `|Y |`This help` -|`lf nedap demod `|Y |`Demodulate Nedap tag from the GraphBuffer` -|`lf nedap generate `|Y |`Generate Nedap bitstream in DemodBuffer` -|`lf nedap read `|N |`Attempt to read and extract tag data from the antenna` -|`lf nedap clone `|N |`Clone Nedap tag to T55x7 or Q5/T5555` -|`lf nedap sim `|N |`Simulate Nedap tag` - - -### lf nexwatch - - { NexWatch RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf nexwatch help `|Y |`This help` -|`lf nexwatch demod `|Y |`Demodulate a NexWatch tag (nexkey, quadrakey) from the GraphBuffer` -|`lf nexwatch read `|N |`Attempt to Read and Extract tag data from the antenna` -|`lf nexwatch clone `|N |`Clone NexWatch tag to T55x7` -|`lf nexwatch sim `|N |`Simulate NexWatch tag` - - -### lf noralsy - - { Noralsy RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf noralsy help `|Y |`This help` -|`lf noralsy demod `|Y |`Demodulate an Noralsy tag from the GraphBuffer` -|`lf noralsy read `|N |`Attempt to read and extract tag data from the antenna` -|`lf noralsy clone `|N |`Clone Noralsy tag to T55x7 or Q5/T5555` -|`lf noralsy sim `|N |`Simulate Noralsy tag` - - -### lf pac - - { PAC/Stanley RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf pac help `|Y |`This help` -|`lf pac demod `|Y |`Demodulate a PAC tag from the GraphBuffer` -|`lf pac read `|N |`Attempt to read and extract tag data from the antenna` -|`lf pac clone `|N |`Clone PAC tag to T55x7` -|`lf pac sim `|N |`Simulate PAC tag` - - -### lf paradox - - { Paradox RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf paradox help `|Y |`This help` -|`lf paradox demod `|Y |`Demodulate a Paradox FSK tag from the GraphBuffer` -|`lf paradox read `|N |`Attempt to read and Extract tag data from the antenna` -|`lf paradox clone `|N |`Clone paradox tag to T55x7` -|`lf paradox sim `|N |`Simulate paradox tag` - - -### lf pcf7931 - - { PCF7931 CHIPs... } - -|command |offline |description -|------- |------- |----------- -|`lf pcf7931 help `|Y |`This help` -|`lf pcf7931 read `|N |`Read content of a PCF7931 transponder` -|`lf pcf7931 write `|N |`Write data on a PCF7931 transponder.` -|`lf pcf7931 config `|Y |`Configure the password, the tags initialization delay and time offsets (optional)` - - -### lf presco - - { Presco RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf presco help `|Y |`This help` -|`lf presco demod `|Y |`Demodulate Presco tag from the GraphBuffer` -|`lf presco read `|N |`Attempt to read and Extract tag data` -|`lf presco clone `|N |`Clone presco tag to T55x7 or Q5/T5555` -|`lf presco sim `|N |`Simulate presco tag` - - -### lf pyramid - - { Farpointe/Pyramid RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf pyramid help `|Y |`This help` -|`lf pyramid demod `|Y |`Demodulate a Pyramid FSK tag from the GraphBuffer` -|`lf pyramid read `|N |`Attempt to read and extract tag data` -|`lf pyramid clone `|N |`Clone pyramid tag to T55x7 or Q5/T5555` -|`lf pyramid sim `|N |`Simulate pyramid tag` - - -### lf securakey - - { Securakey RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf securakey help `|Y |`This help` -|`lf securakey demod `|Y |`Demodulate an Securakey tag from the GraphBuffer` -|`lf securakey read `|N |`Attempt to read and extract tag data from the antenna` -|`lf securakey clone `|N |`Clone Securakey tag to T55x7` -|`lf securakey sim `|N |`Simulate Securakey tag` - - -### lf ti - - { TI CHIPs... } - -|command |offline |description -|------- |------- |----------- -|`lf ti help `|Y |`This help` -|`lf ti demod `|Y |`Demodulate raw bits for TI-type LF tag from the GraphBuffer` -|`lf ti read `|N |`Read and decode a TI 134 kHz tag` -|`lf ti write `|N |`Write new data to a r/w TI 134 kHz tag` - - -### lf t55xx - - { T55xx CHIPs... } - -|command |offline |description -|------- |------- |----------- -|`lf t55xx help `|Y |`This help` -|`lf t55xx clonehelp `|N |`Shows the available clone commands` -|`lf t55xx config `|Y |`Set/Get T55XX configuration (modulation, inverted, offset, rate)` -|`lf t55xx dangerraw `|N |`Sends raw bitstream. Dangerous, do not use!! b t ` -|`lf t55xx detect `|Y |`[1] Try detecting the tag modulation from reading the configuration block.` -|`lf t55xx deviceconfig `|N |`Set/Get T55XX device configuration (startgap, writegap, write0, write1, readgap` -|`lf t55xx dump `|N |`[password] [o] Dump T55xx card Page 0 block 0-7. Optional [password], [override]` -|`lf t55xx info `|Y |`[1] Show T55x7 configuration data (page 0/ blk 0)` -|`lf t55xx p1detect `|N |`[1] Try detecting if this is a t55xx tag by reading page 1` -|`lf t55xx read `|N |`b p [password] [o] [1] -- Read T55xx block data. Optional [p password], [override], [page1]` -|`lf t55xx resetread `|N |`Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)` -|`lf t55xx restore `|N |`f [p ] Restore T55xx card Page 0 / Page 1 blocks` -|`lf t55xx trace `|Y |`[1] Show T55x7 traceability data (page 1/ blk 0-1)` -|`lf t55xx wakeup `|N |`Send AOR wakeup command` -|`lf t55xx write `|N |`b d p [password] [1] -- Write T55xx block data. Optional [p password], [page1]` -|`lf t55xx bruteforce `|N |` Simple bruteforce attack to find password` -|`lf t55xx chk `|N |`Check passwords from dictionary/flash` -|`lf t55xx protect `|N |`Password protect tag` -|`lf t55xx recoverpw `|N |`[password] Try to recover from bad password write from a cloner. Only use on PW protected chips!` -|`lf t55xx sniff `|Y |`Attempt to recover T55xx commands from sample buffer` -|`lf t55xx special `|N |`Show block changes with 64 different offsets` -|`lf t55xx wipe `|N |`[q] Wipe a T55xx tag and set defaults (will destroy any data on tag)` - - -### lf viking - - { Viking RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf viking help `|Y |`This help` -|`lf viking demod `|Y |`Demodulate a Viking tag from the GraphBuffer` -|`lf viking read `|N |`Attempt to read and Extract tag data from the antenna` -|`lf viking clone `|N |`Clone Viking tag to T55x7 or Q5/T5555` -|`lf viking sim `|N |`Simulate Viking tag` - - -### lf visa2000 - - { Visa2000 RFIDs... } - -|command |offline |description -|------- |------- |----------- -|`lf visa2000 help `|Y |`This help` -|`lf visa2000 demod `|Y |`Demodulate an VISA2000 tag from the GraphBuffer` -|`lf visa2000 read `|N |`Attempt to read and extract tag data from the antenna` -|`lf visa2000 clone `|N |`Clone Visa2000 tag to T55x7 or Q5/T5555` -|`lf visa2000 sim `|N |`Simulate Visa2000 tag` - - -### mem - - { Flash memory manipulation... } - -|command |offline |description -|------- |------- |----------- -|`mem help `|Y |`This help` -|`mem baudrate `|N |`Set Flash memory Spi baudrate` -|`mem spiffs `|N |`High level SPI FileSystem Flash manipulation` -|`mem info `|N |`Flash memory information` -|`mem load `|N |`Load data into flash memory` -|`mem dump `|N |`Dump data from flash memory` -|`mem wipe `|N |`Wipe data from flash memory` - - -### reveng - - { CRC calculations from RevEng software } - -[=] reveng: no mode switch specified. Use reveng -h for help. - -### smart - - { Smart card ISO-7816 commands... } - -|command |offline |description -|------- |------- |----------- -|`smart help `|Y |`This help` -|`smart list `|N |`List ISO 7816 history` -|`smart info `|N |`Tag information` -|`smart reader `|N |`Act like an IS07816 reader` -|`smart raw `|N |`Send raw hex data to tag` -|`smart upgrade `|Y |`Upgrade sim module firmware` -|`smart setclock `|N |`Set clock speed` -|`smart brute `|N |`Bruteforce SFI` - - -### script - - { Scripting commands } - -|command |offline |description -|------- |------- |----------- -|`script help `|Y |`Usage info` -|`script list `|Y |`List available scripts` -|`script run `|Y |` -- execute a script` - - -### trace - - { Trace manipulation... } - -|command |offline |description -|------- |------- |----------- -|`trace help `|Y |`This help` -|`trace list `|Y |`List protocol data in trace buffer` -|`trace load `|Y |`Load trace from file` -|`trace save `|Y |`Save trace buffer to file` - - -### usart - - { USART commands... } - -|command |offline |description -|------- |------- |----------- -|`usart help `|Y |`This help` -|`usart btpin `|N |`Change BT add-on PIN` -|`usart btfactory `|N |`Reset BT add-on to factory settings` -|`usart tx `|N |`Send string over USART` -|`usart rx `|N |`Receive string over USART` -|`usart txrx `|N |`Send string over USART and wait for response` -|`usart txhex `|N |`Send bytes over USART` -|`usart rxhex `|N |`Receive bytes over USART` -|`usart config `|N |`Configure USART` - - -### wiegand - - { Wiegand format manipulation... } - -|command |offline |description -|------- |------- |----------- -|`wiegand help `|Y |`This help` -|`wiegand list `|Y |`List available wiegand formats` -|`wiegand encode `|Y |`Encode to wiegand raw hex` -|`wiegand decode `|Y |`Convert raw hex to decoded wiegand format` - - From 9e9ee9d90c6cf5561ea61fefea170f6c20c400c8 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 7 Nov 2020 01:30:52 +0100 Subject: [PATCH 43/53] restore commands.md --- doc/commands.md | 1027 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1027 insertions(+) create mode 100644 doc/commands.md diff --git a/doc/commands.md b/doc/commands.md new file mode 100644 index 000000000..22149f373 --- /dev/null +++ b/doc/commands.md @@ -0,0 +1,1027 @@ + +# Proxmark3 command dump + + +Some commands are available only if a Proxmark3 is actually connected. + +Check column "offline" for their availability. + + + +|command |offline |description +|------- |------- |----------- +|`auto `|N |`Automated detection process for unknown tags` +|`clear `|Y |`clear screen` +|`help `|Y |`This help. Use ' help' for details of a particular command.` +|`hints `|Y |`Turn hints on / off` +|`msleep `|Y |`Add a pause in milliseconds` +|`pref `|Y |`Edit preferences` +|`rem `|Y |`Add a text line in log file` +|`quit `|Y |`` +|`exit `|Y |`Exit program` + + +### analyse + + { Analyse utils... } + +|command |offline |description +|------- |------- |----------- +|`analyse help `|Y |`This help` +|`analyse lcr `|Y |`Generate final byte for XOR LRC` +|`analyse crc `|Y |`Stub method for CRC evaluations` +|`analyse chksum `|Y |`Checksum with adding, masking and one's complement` +|`analyse dates `|Y |`Look for datestamps in a given array of bytes` +|`analyse tea `|Y |`Crypto TEA test` +|`analyse lfsr `|Y |`LFSR tests` +|`analyse a `|Y |`num bits test` +|`analyse nuid `|Y |`create NUID from 7byte UID` +|`analyse demodbuff `|Y |`Load binary string to demodbuffer` +|`analyse freq `|Y |`Calc wave lengths` + + +### data + + { Plot window / data buffer manipulation... } + +|command |offline |description +|------- |------- |----------- +|`data help `|Y |`This help` +|`data biphaserawdecode `|Y |`Biphase decode bin stream in DemodBuffer` +|`data detectclock `|Y |`Detect ASK, FSK, NRZ, PSK clock rate of wave in GraphBuffer` +|`data fsktonrz `|Y |`Convert fsk2 to nrz wave for alternate fsk demodulating (for weak fsk)` +|`data manrawdecode `|Y |`Manchester decode binary stream in DemodBuffer` +|`data modulation `|Y |`Identify LF signal for clock and modulation` +|`data rawdemod `|Y |`Demodulate the data in the GraphBuffer and output binary` +|`data askedgedetect `|Y |`[threshold] Adjust Graph for manual ASK demod using the length of sample differences to detect the edge of a wave (use 20-45, def:25)` +|`data autocorr `|Y |`Autocorrelation over window` +|`data dirthreshold `|Y |` -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev.` +|`data decimate `|Y |`Decimate samples` +|`data undecimate `|Y |`Un-decimate samples` +|`data hide `|Y |`Hide graph window` +|`data hpf `|Y |`Remove DC offset from trace` +|`data iir `|Y |`apply IIR buttersworth filter on plotdata` +|`data grid `|Y |` -- overlay grid on graph window, use zero value to turn off either` +|`data ltrim `|Y |` -- Trim samples from left of trace` +|`data mtrim `|Y |` -- Trim out samples from the specified start to the specified stop` +|`data norm `|Y |`Normalize max/min to +/-128` +|`data plot `|Y |`Show graph window (hit 'h' in window for keystroke help)` +|`data rtrim `|Y |` -- Trim samples from right of trace` +|`data setgraphmarkers `|Y |`[orange_marker] [blue_marker] (in graph window)` +|`data shiftgraphzero `|Y |` -- Shift 0 for Graphed wave + or - shift value` +|`data timescale `|Y |`Set a timescale to get a differential reading between the yellow and purple markers as time duration +` +|`data zerocrossings `|Y |`Count time between zero-crossings` +|`data convertbitstream `|Y |`Convert GraphBuffer's 0/1 values to 127 / -127` +|`data getbitstream `|Y |`Convert GraphBuffer's >=1 values to 1 and <1 to 0` +|`data bin2hex `|Y |`Converts binary to hexadecimal` +|`data bitsamples `|N |`Get raw samples as bitstring` +|`data clear `|Y |`Clears bigbuf on deviceside and graph window` +|`data hexsamples `|N |` [] -- Dump big buffer as hex bytes` +|`data hex2bin `|Y |`Converts hexadecimal to binary` +|`data load `|Y |`Load contents of file into graph window` +|`data ndef `|Y |`Decode NDEF records` +|`data print `|Y |`print the data in the DemodBuffer` +|`data samples `|N |`[512 - 40000] -- Get raw samples for graph window (GraphBuffer)` +|`data save `|Y |`Save signal trace data (from graph window)` +|`data setdebugmode `|Y |`<0|1|2> -- Set Debugging Level on client side` +|`data tune `|N |`Measure tuning of device antenna. Results shown in graph window` + + +### emv + + { EMV ISO-14443 / ISO-7816... } + +|command |offline |description +|------- |------- |----------- +|`emv help `|Y |`This help` +|`emv exec `|N |`Executes EMV contactless transaction.` +|`emv pse `|N |`Execute PPSE. It selects 2PAY.SYS.DDF01 or 1PAY.SYS.DDF01 directory.` +|`emv search `|N |`Try to select all applets from applets list and print installed applets.` +|`emv select `|N |`Select applet.` +|`emv gpo `|N |`Execute GetProcessingOptions.` +|`emv readrec `|N |`Read files from card.` +|`emv genac `|N |`Generate ApplicationCryptogram.` +|`emv challenge `|N |`Generate challenge.` +|`emv intauth `|N |`Internal authentication.` +|`emv scan `|N |`Scan EMV card and save it contents to json file for emulator.` +|`emv test `|Y |`Crypto logic test.` +|`emv list `|Y |`List ISO7816 history` +|`emv roca `|N |`Extract public keys and run ROCA test` + + +### hf + + { High frequency commands... } + +|command |offline |description +|------- |------- |----------- +|`hf help `|Y |`This help` +|`hf list `|Y |`List protocol data in trace buffer` +|`hf plot `|N |`Plot signal` +|`hf tune `|N |`Continuously measure HF antenna tuning` +|`hf search `|Y |`Search for known HF tags` +|`hf sniff `|N |` Generic HF Sniff` + + +### hf 14a + + { ISO14443A RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf 14a help `|Y |`This help` +|`hf 14a list `|Y |`List ISO 14443-a history` +|`hf 14a info `|N |`Tag information` +|`hf 14a reader `|N |`Act like an ISO14443-a reader` +|`hf 14a cuids `|N |` Collect n>0 ISO14443-a UIDs in one go` +|`hf 14a sim `|N |` -- Simulate ISO 14443-a tag` +|`hf 14a sniff `|N |`sniff ISO 14443-a traffic` +|`hf 14a apdu `|N |`Send ISO 14443-4 APDU to tag` +|`hf 14a chaining `|N |`Control ISO 14443-4 input chaining` +|`hf 14a raw `|N |`Send raw hex data to tag` +|`hf 14a antifuzz `|N |`Fuzzing the anticollision phase. Warning! Readers may react strange` +|`hf 14a config `|N |`Configure 14a settings (use with caution)` + + +### hf 14b + + { ISO14443B RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf 14b help `|Y |`This help` +|`hf 14b apdu `|N |`Send ISO 14443-4 APDU to tag` +|`hf 14b dump `|N |`Read all memory pages of an ISO14443-B tag, save to file` +|`hf 14b info `|N |`Tag information` +|`hf 14b list `|Y |`List ISO 14443B history` +|`hf 14b ndef `|N |`Read NDEF file on tag` +|`hf 14b raw `|N |`Send raw hex data to tag` +|`hf 14b reader `|N |`Act as a 14443B reader to identify a tag` +|`hf 14b sim `|N |`Fake ISO 14443B tag` +|`hf 14b sniff `|N |`Eavesdrop ISO 14443B` +|`hf 14b rdbl `|N |`Read SRI512/SRIX4x block` +|`hf 14b sriwrite `|N |`Write data to a SRI512 | SRIX4K tag` + + +### hf 15 + + { ISO15693 RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf 15 help `|Y |`This help` +|`hf 15 list `|Y |`List ISO15693 history` +|`hf 15 demod `|Y |`Demodulate ISO15693 from tag` +|`hf 15 dump `|N |`Read all memory pages of an ISO15693 tag, save to file` +|`hf 15 info `|N |`Tag information` +|`hf 15 sniff `|N |`Sniff ISO15693 traffic` +|`hf 15 raw `|N |`Send raw hex data to tag` +|`hf 15 rdbl `|N |`Read a block` +|`hf 15 reader `|N |`Act like an ISO15693 reader` +|`hf 15 readmulti `|N |`Reads multiple Blocks` +|`hf 15 restore `|N |`Restore from file to all memory pages of an ISO15693 tag` +|`hf 15 samples `|N |`Acquire Samples as Reader (enables carrier, sends inquiry)` +|`hf 15 sim `|N |`Fake an ISO15693 tag` +|`hf 15 wrbl `|N |`Write a block` +|`hf 15 findafi `|N |`Brute force AFI of an ISO15693 tag` +|`hf 15 writeafi `|N |`Writes the AFI on an ISO15693 tag` +|`hf 15 writedsfid `|N |`Writes the DSFID on an ISO15693 tag` +|`hf 15 csetuid `|N |`Set UID for magic Chinese card` + + +### hf epa + + { German Identification Card... } + +|command |offline |description +|------- |------- |----------- +|`hf epa help `|Y |`This help` +|`hf epa cnonces `|N |` Acquire n>0 encrypted PACE nonces of size m>0 with d sec pauses` +|`hf epa preplay `|N |` Perform PACE protocol by replaying given APDUs` + + +### hf felica + + { ISO18092 / FeliCa RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf felica help `|Y |`This help` +|`hf felica list `|Y |`List ISO 18092/FeliCa history` +|`hf felica reader `|N |`Act like an ISO18092/FeliCa reader` +|`hf felica sniff `|N |`Sniff ISO 18092/FeliCa traffic` +|`hf felica raw `|N |`Send raw hex data to tag` +|`hf felica rdunencrypted`|N |`read Block Data from authentication-not-required Service.` +|`hf felica wrunencrypted`|N |`write Block Data to an authentication-not-required Service.` +|`hf felica rqservice `|N |`verify the existence of Area and Service, and to acquire Key Version.` +|`hf felica rqresponse `|N |`verify the existence of a card and its Mode.` +|`hf felica scsvcode `|N |`acquire Area Code and Service Code.` +|`hf felica rqsyscode `|N |`acquire System Code registered to the card.` +|`hf felica auth1 `|N |`authenticate a card. Start mutual authentication with Auth1` +|`hf felica auth2 `|N |`allow a card to authenticate a Reader/Writer. Complete mutual authentication` +|`hf felica rqspecver `|N |`acquire the version of card OS.` +|`hf felica resetmode `|N |`reset Mode to Mode 0.` +|`hf felica litesim `|N |` - only reply to poll request` +|`hf felica litedump `|N |`Wait for and try dumping FelicaLite` + + +### hf fido + + { FIDO and FIDO2 authenticators... } + +|command |offline |description +|------- |------- |----------- +|`hf fido help `|Y |`This help.` +|`hf fido list `|N |`List ISO 14443A history` +|`hf fido info `|N |`Info about FIDO tag.` +|`hf fido reg `|N |`FIDO U2F Registration Message.` +|`hf fido auth `|N |`FIDO U2F Authentication Message.` +|`hf fido make `|N |`FIDO2 MakeCredential command.` +|`hf fido assert `|N |`FIDO2 GetAssertion command.` + + +### hf iclass + + { ICLASS RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf iclass help `|Y |`This help` +|`hf iclass dump `|N |`[options..] Dump Picopass / iCLASS tag to file` +|`hf iclass info `|Y |` Tag information` +|`hf iclass list `|Y |` List iclass history` +|`hf iclass rdbl `|N |`[options..] Read Picopass / iCLASS block` +|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader` +|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag` +|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication` +|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block` +|`hf iclass autopwn `|N |`[options..] Automatic key recovery tool for iCLASS` +|`hf iclass chk `|N |`[options..] Check keys` +|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack` +|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file` +|`hf iclass sim `|N |`[options..] Simulate iCLASS tag` +|`hf iclass eload `|N |`[f ] Load Picopass / iCLASS dump file into emulator memory` +|`hf iclass esave `|N |`[f ] Save emulator memory to file` +|`hf iclass eview `|N |`[options..] View emulator memory` +|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys` +|`hf iclass encrypt `|Y |`[options..] Encrypt given block data` +|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file` +|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iclass commands` +|`hf iclass permute `|N |` Permute function from 'heart of darkness' paper` +|`hf iclass view `|Y |`[options..] Display content from tag dump file` + + +### hf legic + + { LEGIC RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf legic help `|Y |`This help` +|`hf legic list `|Y |`List LEGIC history` +|`hf legic reader `|N |`LEGIC Prime Reader UID and tag info` +|`hf legic info `|N |`Display deobfuscated and decoded LEGIC Prime tag data` +|`hf legic dump `|N |`Dump LEGIC Prime tag to binary file` +|`hf legic restore `|N |`Restore a dump file onto a LEGIC Prime tag` +|`hf legic rdbl `|N |`Read bytes from a LEGIC Prime tag` +|`hf legic sim `|N |`Start tag simulator` +|`hf legic wrbl `|N |`Write data to a LEGIC Prime tag` +|`hf legic crc `|Y |`Calculate Legic CRC over given bytes` +|`hf legic eload `|Y |`Load binary dump to emulator memory` +|`hf legic esave `|Y |`Save emulator memory to binary file` +|`hf legic wipe `|N |`Wipe a LEGIC Prime tag` + + +### hf lto + + { LTO Cartridge Memory RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf lto help `|Y |`This help` +|`hf lto dump `|N |`Dump LTO-CM tag to file` +|`hf lto restore `|N |`Restore dump file to LTO-CM tag` +|`hf lto info `|N |`Tag information` +|`hf lto rdbl `|N |`Read block` +|`hf lto wrbl `|N |`Write block` +|`hf lto list `|Y |`List LTO-CM history` + + +### hf mf + + { MIFARE RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf mf help `|Y |`This help` +|`hf mf list `|Y |`List MIFARE history` +|`hf mf darkside `|N |`Darkside attack` +|`hf mf nested `|N |`Nested attack` +|`hf mf hardnested `|Y |`Nested attack for hardened MIFARE Classic cards` +|`hf mf staticnested `|N |`Nested attack against static nonce MIFARE Classic cards` +|`hf mf autopwn `|N |`Automatic key recovery tool for MIFARE Classic` +|`hf mf nack `|N |`Test for MIFARE NACK bug` +|`hf mf chk `|N |`Check keys` +|`hf mf fchk `|N |`Check keys fast, targets all keys on card` +|`hf mf decrypt `|Y |`[nt] [ar_enc] [at_enc] [data] - to decrypt sniff or trace` +|`hf mf supercard `|N |`Extract info from a `super card`` +|`hf mf auth4 `|N |`ISO14443-4 AES authentication` +|`hf mf dump `|N |`Dump MIFARE Classic tag to binary file` +|`hf mf mad `|N |`Checks and prints MAD` +|`hf mf ndef `|N |`Prints NDEF records from card` +|`hf mf personalize `|N |`Personalize UID (MIFARE Classic EV1 only)` +|`hf mf rdbl `|N |`Read MIFARE Classic block` +|`hf mf rdsc `|N |`Read MIFARE Classic sector` +|`hf mf restore `|N |`Restore MIFARE Classic binary file to BLANK tag` +|`hf mf setmod `|N |`Set MIFARE Classic EV1 load modulation strength` +|`hf mf wrbl `|N |`Write MIFARE Classic block` +|`hf mf sim `|N |`Simulate MIFARE card` +|`hf mf ecfill `|N |`Fill simulator memory with help of keys from simulator` +|`hf mf eclr `|N |`Clear simulator memory` +|`hf mf egetblk `|N |`Get simulator memory block` +|`hf mf egetsc `|N |`Get simulator memory sector` +|`hf mf ekeyprn `|N |`Print keys from simulator memory` +|`hf mf eload `|N |`Load from file emul dump` +|`hf mf esave `|N |`Save to file emul dump` +|`hf mf eset `|N |`Set simulator memory block` +|`hf mf eview `|N |`View emul memory` +|`hf mf cgetblk `|N |`Read block` +|`hf mf cgetsc `|N |`Read sector` +|`hf mf cload `|N |`Load dump` +|`hf mf csave `|N |`Save dump from card into file or emulator` +|`hf mf csetblk `|N |`Write block` +|`hf mf csetuid `|N |`Set UID` +|`hf mf cview `|N |`view card` +|`hf mf cwipe `|N |`Wipe card to default UID/Sectors/Keys` +|`hf mf gen3uid `|N |`Set UID without manufacturer block` +|`hf mf gen3blk `|N |`Overwrite full manufacturer block` +|`hf mf gen3freeze `|N |`Perma lock further UID changes` +|`hf mf ice `|N |`collect MIFARE Classic nonces to file` + + +### hf mfp + + { MIFARE Plus RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf mfp help `|Y |`This help` +|`hf mfp info `|N |`Info about Mifare Plus tag` +|`hf mfp wrp `|N |`Write Perso command` +|`hf mfp initp `|N |`Fills all the card's keys` +|`hf mfp commitp `|N |`Move card to SL1 or SL3 mode` +|`hf mfp auth `|N |`Authentication` +|`hf mfp rdbl `|N |`Read blocks` +|`hf mfp rdsc `|N |`Read sectors` +|`hf mfp wrbl `|N |`Write blocks` +|`hf mfp chk `|N |`Check keys` +|`hf mfp mad `|N |`Checks and prints MAD` +|`hf mfp ndef `|N |`Prints NDEF records from card` + + +### hf mfu + + { MIFARE Ultralight RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf mfu help `|Y |`This help` +|`hf mfu info `|N |`Tag information` +|`hf mfu dump `|N |`Dump Ultralight / Ultralight-C / NTAG tag to binary file` +|`hf mfu restore `|N |`Restore a dump onto a MFU MAGIC tag` +|`hf mfu eload `|N |`load Ultralight .eml dump file into emulator memory` +|`hf mfu rdbl `|N |`Read block` +|`hf mfu wrbl `|N |`Write block` +|`hf mfu cauth `|N |`Authentication - Ultralight C` +|`hf mfu setpwd `|N |`Set 3des password - Ultralight-C` +|`hf mfu setuid `|N |`Set UID - MAGIC tags only` +|`hf mfu sim `|N |`Simulate Ultralight from emulator memory` +|`hf mfu gen `|Y |`Generate 3des mifare diversified keys` +|`hf mfu pwdgen `|Y |`Generate pwd from known algos` +|`hf mfu otptear `|N |`Tear-off test on OTP bits` +|`hf mfu ndef `|N |`Prints NDEF records from card` + + +### hf mfdes + + { MIFARE Desfire RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf mfdes help `|Y |`This help` +|`hf mfdes info `|N |`Tag information` +|`hf mfdes list `|Y |`List DESFire (ISO 14443A) history` +|`hf mfdes enum `|N |`Tries enumerate all applications` +|`hf mfdes auth `|N |`Tries a MIFARE DesFire Authentication` +|`hf mfdes getuid `|N |`Get random uid` +|`hf mfdes selectaid `|N |`Select Application ID` +|`hf mfdes createaid `|N |`Create Application ID` +|`hf mfdes deleteaid `|N |`Delete Application ID` +|`hf mfdes createfile `|N |`Create Standard/Backup File` +|`hf mfdes createvaluefile`|N |`Create Value File` +|`hf mfdes createrecordfile`|N |`Create Linear/Cyclic Record File` +|`hf mfdes deletefile `|N |`Create Delete File` +|`hf mfdes clearfile `|N |`Clear record File` +|`hf mfdes readdata `|N |`Read data from standard/backup/record file` +|`hf mfdes writedata `|N |`Write data to standard/backup/record file` +|`hf mfdes getvalue `|N |`Get value of file` +|`hf mfdes changevalue `|N |`Write value of a value file (credit/debit/clear)` +|`hf mfdes changekey `|N |`Change Key` +|`hf mfdes formatpicc `|N |`Format PICC` +|`hf mfdes dump `|N |`Dump all files` +|`hf mfdes chk `|N |`Check keys` + + +### hf st + + { ST Rothult RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf st help `|Y |`This help` +|`hf st info `|N |`Tag information` +|`hf st list `|Y |`List ISO 14443A/7816 history` +|`hf st ndef `|Y |`read NDEF file on tag` +|`hf st protect `|N |`change protection on tag` +|`hf st pwd `|N |`change password on tag` +|`hf st sim `|N |`Fake ISO 14443A/ST tag` + + +### hf thinfilm + + { Thinfilm RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf thinfilm help `|Y |`This help` +|`hf thinfilm info `|N |`Tag information` +|`hf thinfilm list `|Y |`List NFC Barcode / Thinfilm history - not correct` +|`hf thinfilm sim `|N |`Fake Thinfilm tag` + + +### hf topaz + + { TOPAZ (NFC Type 1) RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`hf topaz help `|Y |`This help` +|`hf topaz list `|Y |`List Topaz history` +|`hf topaz info `|N |`Tag information` +|`hf topaz reader `|N |`Act like a Topaz reader` +|`hf topaz sim `|N |` -- Simulate Topaz tag` +|`hf topaz sniff `|N |`Sniff Topaz reader-tag communication` +|`hf topaz raw `|N |`Send raw hex data to tag` + + +### hf waveshare + + { Waveshare NFC ePaper... } + +|command |offline |description +|------- |------- |----------- +|`hf waveshare help `|Y |`This help` +|`hf waveshare loadbmp `|N |`Load BMP file to Waveshare NFC ePaper` + + +### hw + + { Hardware commands... } + +|command |offline |description +|------- |------- |----------- +|`hw help `|Y |`This help` +|`hw connect `|Y |`connect Proxmark3 to serial port` +|`hw dbg `|N |`Set Proxmark3 debug level` +|`hw detectreader `|N |`['l'|'h'] -- Detect external reader field (option 'l' or 'h' to limit to LF or HF)` +|`hw fpgaoff `|N |`Set FPGA off` +|`hw lcd `|N |` -- Send command/data to LCD` +|`hw lcdreset `|N |`Hardware reset LCD` +|`hw ping `|N |`Test if the Proxmark3 is responsive` +|`hw readmem `|N |`[address] -- Read memory at decimal address from flash` +|`hw reset `|N |`Reset the Proxmark3` +|`hw setlfdivisor `|N |`<19 - 255> -- Drive LF antenna at 12MHz/(divisor+1)` +|`hw setmux `|N |`Set the ADC mux to a specific value` +|`hw standalone `|N |`Jump to the standalone mode` +|`hw status `|N |`Show runtime status information about the connected Proxmark3` +|`hw tearoff `|N |`Program a tearoff hook for the next command supporting tearoff` +|`hw tia `|N |`Trigger a Timing Interval Acquisition to re-adjust the RealTimeCounter divider` +|`hw tune `|N |`Measure antenna tuning` +|`hw version `|N |`Show version information about the connected Proxmark3` + + +### lf + + { Low frequency commands... } + +|command |offline |description +|------- |------- |----------- +|`lf help `|Y |`This help` +|`lf config `|N |`Get/Set config for LF sampling, bit/sample, decimation, frequency` +|`lf cmdread `|N |`Modulate LF reader field to send command before read (all periods in microseconds)` +|`lf read `|N |`Read LF tag` +|`lf search `|Y |`Read and Search for valid known tag (in offline mode it you can load first then search)` +|`lf sim `|N |`Simulate LF tag from buffer with optional GAP (in microseconds)` +|`lf simask `|N |`Simulate LF ASK tag from demodbuffer or input` +|`lf simfsk `|N |`Simulate LF FSK tag from demodbuffer or input` +|`lf simpsk `|N |`Simulate LF PSK tag from demodbuffer or input` +|`lf simbidir `|N |`Simulate LF tag (with bidirectional data transmission between reader and tag)` +|`lf sniff `|N |`Sniff LF traffic between reader and tag` +|`lf tune `|N |`Continuously measure LF antenna tuning` + + +### lf awid + + { AWID RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf awid help `|Y |`this help` +|`lf awid demod `|Y |`demodulate an AWID FSK tag from the GraphBuffer` +|`lf awid read `|N |`attempt to read and extract tag data` +|`lf awid clone `|N |`clone AWID tag to T55x7 or Q5/T5555` +|`lf awid sim `|N |`simulate AWID tag` +|`lf awid brute `|N |`Bruteforce card number against reader` +|`lf awid watch `|N |`continuously watch for cards. Reader mode` + + +### lf cotag + + { COTAG CHIPs... } + +|command |offline |description +|------- |------- |----------- +|`lf cotag help `|Y |`This help` +|`lf cotag demod `|Y |`Tries to decode a COTAG signal` +|`lf cotag read `|N |`Attempt to read and extract tag data` + + +### lf destron + + { FDX-A Destron RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf destron help `|Y |`This help` +|`lf destron demod `|Y |`Demodulate an Destron tag from the GraphBuffer` +|`lf destron read `|N |`Attempt to read and extract tag data from the antenna` +|`lf destron clone `|N |`Clone Destron tag to T55x7` +|`lf destron sim `|N |`Simulate Destron tag` + + +### lf em + + { EM4X CHIPs & RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf em help `|Y |`This help` +|`lf em 410x_demod `|Y |`demodulate a EM410x tag from the GraphBuffer` +|`lf em 410x_read `|N |`attempt to read and extract tag data` +|`lf em 410x_sim `|N |`simulate EM410x tag` +|`lf em 410x_brute `|N |`reader bruteforce attack by simulating EM410x tags` +|`lf em 410x_watch `|N |`watches for EM410x 125/134 kHz tags (option 'h' for 134)` +|`lf em 410x_spoof `|N |`watches for EM410x 125/134 kHz tags, and replays them. (option 'h' for 134)` +|`lf em 410x_clone `|N |`write EM410x UID to T55x7 or Q5/T5555 tag` +|`lf em 4x05_chk `|N |`Check passwords from dictionary` +|`lf em 4x05_demod `|Y |`demodulate a EM4x05/EM4x69 tag from the GraphBuffer` +|`lf em 4x05_dump `|N |`dump EM4x05/EM4x69 tag` +|`lf em 4x05_wipe `|N |`wipe EM4x05/EM4x69 tag` +|`lf em 4x05_info `|N |`tag information EM4x05/EM4x69` +|`lf em 4x05_read `|N |`read word data from EM4x05/EM4x69` +|`lf em 4x05_write `|N |`write word data to EM4x05/EM4x69` +|`lf em 4x05_unlock `|N |`execute tear off against EM4x05/EM4x69` +|`lf em 4x05_sniff `|Y |`Attempt to recover em4x05 commands from sample buffer` +|`lf em 4x05_brute `|N |`Bruteforce password` +|`lf em 4x50_dump `|N |`dump EM4x50 tag` +|`lf em 4x50_info `|N |`tag information EM4x50` +|`lf em 4x50_write `|N |`write word data to EM4x50` +|`lf em 4x50_write_password`|N |`change password of EM4x50 tag` +|`lf em 4x50_read `|N |`read word data from EM4x50` +|`lf em 4x50_wipe `|N |`wipe data from EM4x50` + + +### lf fdxb + + { FDX-B RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf fdxb help `|Y |`this help` +|`lf fdxb demod `|Y |`demodulate a FDX-B ISO11784/85 tag from the GraphBuffer` +|`lf fdxb read `|N |`attempt to read at 134kHz and extract tag data` +|`lf fdxb clone `|N |`clone animal ID tag to T55x7 or Q5/T5555` +|`lf fdxb sim `|N |`simulate Animal ID tag` + + +### lf gallagher + + { GALLAGHER RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf gallagher help `|Y |`This help` +|`lf gallagher demod `|Y |`Demodulate an GALLAGHER tag from the GraphBuffer` +|`lf gallagher read `|N |`Attempt to read and extract tag data from the antenna` +|`lf gallagher clone `|N |`clone GALLAGHER tag to T55x7` +|`lf gallagher sim `|N |`simulate GALLAGHER tag` + + +### lf gproxii + + { Guardall Prox II RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf gproxii help `|Y |`this help` +|`lf gproxii demod `|Y |`demodulate a G Prox II tag from the GraphBuffer` +|`lf gproxii read `|N |`attempt to read and extract tag data from the antenna` +|`lf gproxii clone `|N |`clone Guardall tag to T55x7 or Q5/T5555` +|`lf gproxii sim `|N |`simulate Guardall tag` + + +### lf hid + + { HID Prox RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf hid help `|Y |`this help` +|`lf hid demod `|Y |`demodulate HID Prox tag from the GraphBuffer` +|`lf hid read `|N |`attempt to read and extract tag data` +|`lf hid clone `|N |`clone HID tag to T55x7` +|`lf hid sim `|N |`simulate HID tag` +|`lf hid brute `|N |`bruteforce card number against reader` +|`lf hid watch `|N |`continuously watch for cards. Reader mode` + + +### lf hitag + + { Hitag CHIPs... } + +|command |offline |description +|------- |------- |----------- +|`lf hitag help `|Y |`This help` +|`lf hitag list `|N |`List Hitag trace history` +|`lf hitag info `|N |`Tag information` +|`lf hitag reader `|N |`Act like a Hitag Reader` +|`lf hitag sim `|N |`Simulate Hitag transponder` +|`lf hitag sniff `|N |`Eavesdrop Hitag communication` +|`lf hitag writer `|N |`Act like a Hitag Writer` +|`lf hitag dump `|N |`Dump Hitag2 tag` +|`lf hitag cc `|N |`Test all challenges` + + +### lf idteck + + { Idteck RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf idteck help `|Y |`This help` +|`lf idteck demod `|Y |`Demodulate an Idteck tag from the GraphBuffer` +|`lf idteck read `|N |`Attempt to read and Extract tag data from the antenna` + + +### lf indala + + { Indala RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf indala help `|Y |`this help` +|`lf indala demod `|Y |`demodulate an indala tag (PSK1) from GraphBuffer` +|`lf indala altdemod `|Y |`alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)` +|`lf indala read `|N |`read an Indala Prox tag from the antenna` +|`lf indala clone `|N |`clone Indala tag to T55x7 or Q5/T5555` +|`lf indala sim `|N |`simulate Indala tag` + + +### lf io + + { ioProx RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf io help `|Y |`this help` +|`lf io demod `|Y |`demodulate an IOProx tag from the GraphBuffer` +|`lf io read `|N |`attempt to read and extract tag data` +|`lf io clone `|N |`clone IOProx tag to T55x7 or Q5/T5555` +|`lf io sim `|N |`simulate IOProx tag` +|`lf io watch `|N |`continuously watch for cards. Reader mode` + + +### lf jablotron + + { Jablotron RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf jablotron help `|Y |`This help` +|`lf jablotron demod `|Y |`Demodulate an Jablotron tag from the GraphBuffer` +|`lf jablotron read `|N |`Attempt to read and extract tag data from the antenna` +|`lf jablotron clone `|N |`clone jablotron tag to T55x7 or Q5/T5555` +|`lf jablotron sim `|N |`simulate jablotron tag` + + +### lf keri + + { KERI RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf keri help `|Y |`This help` +|`lf keri demod `|Y |`Demodulate an KERI tag from the GraphBuffer` +|`lf keri read `|N |`Attempt to read and extract tag data from the antenna` +|`lf keri clone `|N |`clone KERI tag to T55x7 or Q5/T5555` +|`lf keri sim `|N |`simulate KERI tag` + + +### lf motorola + + { Motorola RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf motorola help `|Y |`This help` +|`lf motorola demod `|Y |`Demodulate an MOTOROLA tag from the GraphBuffer` +|`lf motorola read `|N |`Attempt to read and extract tag data from the antenna` +|`lf motorola clone `|N |`clone MOTOROLA tag to T55x7` +|`lf motorola sim `|N |`simulate MOTOROLA tag` + + +### lf nedap + + { Nedap RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf nedap help `|Y |`This help` +|`lf nedap demod `|Y |`Demodulate Nedap tag from the GraphBuffer` +|`lf nedap generate `|Y |`Generate Nedap bitstream in DemodBuffer` +|`lf nedap read `|N |`Attempt to read and extract tag data from the antenna` +|`lf nedap clone `|N |`Clone Nedap tag to T55x7 or Q5/T5555` +|`lf nedap sim `|N |`Simulate Nedap tag` + + +### lf nexwatch + + { NexWatch RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf nexwatch help `|Y |`This help` +|`lf nexwatch demod `|Y |`Demodulate a NexWatch tag (nexkey, quadrakey) from the GraphBuffer` +|`lf nexwatch read `|N |`Attempt to Read and Extract tag data from the antenna` +|`lf nexwatch clone `|N |`clone NexWatch tag to T55x7` +|`lf nexwatch sim `|N |`simulate NexWatch tag` + + +### lf noralsy + + { Noralsy RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf noralsy help `|Y |`This help` +|`lf noralsy demod `|Y |`Demodulate an Noralsy tag from the GraphBuffer` +|`lf noralsy read `|N |`Attempt to read and extract tag data from the antenna` +|`lf noralsy clone `|N |`clone Noralsy tag to T55x7 or Q5/T5555` +|`lf noralsy sim `|N |`simulate Noralsy tag` + + +### lf pac + + { PAC/Stanley RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf pac help `|Y |`This help` +|`lf pac demod `|Y |`Demodulate a PAC tag from the GraphBuffer` +|`lf pac read `|N |`Attempt to read and extract tag data from the antenna` +|`lf pac clone `|N |`clone PAC tag to T55x7` +|`lf pac sim `|N |`simulate PAC tag` + + +### lf paradox + + { Paradox RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf paradox help `|Y |`This help` +|`lf paradox demod `|Y |`Demodulate a Paradox FSK tag from the GraphBuffer` +|`lf paradox read `|N |`Attempt to read and Extract tag data from the antenna` +|`lf paradox clone `|N |`clone paradox tag to T55x7` +|`lf paradox sim `|N |`simulate paradox tag` + + +### lf pcf7931 + + { PCF7931 CHIPs... } + +|command |offline |description +|------- |------- |----------- +|`lf pcf7931 help `|Y |`This help` +|`lf pcf7931 read `|N |`Read content of a PCF7931 transponder` +|`lf pcf7931 write `|N |`Write data on a PCF7931 transponder.` +|`lf pcf7931 config `|Y |`Configure the password, the tags initialization delay and time offsets (optional)` + + +### lf presco + + { Presco RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf presco help `|Y |`This help` +|`lf presco demod `|Y |`demodulate Presco tag from the GraphBuffer` +|`lf presco read `|N |`Attempt to read and Extract tag data` +|`lf presco clone `|N |`clone presco tag to T55x7 or Q5/T5555` +|`lf presco sim `|N |`simulate presco tag` + + +### lf pyramid + + { Farpointe/Pyramid RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf pyramid help `|Y |`this help` +|`lf pyramid demod `|Y |`demodulate a Pyramid FSK tag from the GraphBuffer` +|`lf pyramid read `|N |`attempt to read and extract tag data` +|`lf pyramid clone `|N |`clone pyramid tag to T55x7 or Q5/T5555` +|`lf pyramid sim `|N |`simulate pyramid tag` + + +### lf securakey + + { Securakey RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf securakey help `|Y |`This help` +|`lf securakey demod `|Y |`Demodulate an Securakey tag from the GraphBuffer` +|`lf securakey read `|N |`Attempt to read and extract tag data from the antenna` +|`lf securakey clone `|N |`clone Securakey tag to T55x7` +|`lf securakey sim `|N |`simulate Securakey tag` + + +### lf ti + + { TI CHIPs... } + +|command |offline |description +|------- |------- |----------- +|`lf ti help `|Y |`This help` +|`lf ti demod `|Y |`Demodulate raw bits for TI-type LF tag from the GraphBuffer` +|`lf ti read `|N |`Read and decode a TI 134 kHz tag` +|`lf ti write `|N |`Write new data to a r/w TI 134 kHz tag` + + +### lf t55xx + + { T55xx CHIPs... } + +|command |offline |description +|------- |------- |----------- +|`lf t55xx help `|Y |`This help` +|`lf t55xx clonehelp `|N |`Shows the available clone commands` +|`lf t55xx config `|Y |`Set/Get T55XX configuration (modulation, inverted, offset, rate)` +|`lf t55xx dangerraw `|N |`Sends raw bitstream. Dangerous, do not use!! b t ` +|`lf t55xx detect `|Y |`[1] Try detecting the tag modulation from reading the configuration block.` +|`lf t55xx deviceconfig `|N |`Set/Get T55XX device configuration (startgap, writegap, write0, write1, readgap` +|`lf t55xx dump `|N |`[password] [o] Dump T55xx card Page 0 block 0-7. Optional [password], [override]` +|`lf t55xx info `|Y |`[1] Show T55x7 configuration data (page 0/ blk 0)` +|`lf t55xx p1detect `|N |`[1] Try detecting if this is a t55xx tag by reading page 1` +|`lf t55xx read `|N |`b p [password] [o] [1] -- Read T55xx block data. Optional [p password], [override], [page1]` +|`lf t55xx resetread `|N |`Send Reset Cmd then lf read the stream to attempt to identify the start of it (needs a demod and/or plot after)` +|`lf t55xx restore `|N |`f [p ] Restore T55xx card Page 0 / Page 1 blocks` +|`lf t55xx trace `|Y |`[1] Show T55x7 traceability data (page 1/ blk 0-1)` +|`lf t55xx wakeup `|N |`Send AOR wakeup command` +|`lf t55xx write `|N |`b d p [password] [1] -- Write T55xx block data. Optional [p password], [page1]` +|`lf t55xx bruteforce `|N |` Simple bruteforce attack to find password` +|`lf t55xx chk `|N |`Check passwords from dictionary/flash` +|`lf t55xx protect `|N |`Password protect tag` +|`lf t55xx recoverpw `|N |`[password] Try to recover from bad password write from a cloner. Only use on PW protected chips!` +|`lf t55xx sniff `|Y |`Attempt to recover T55xx commands from sample buffer` +|`lf t55xx special `|N |`Show block changes with 64 different offsets` +|`lf t55xx wipe `|N |`[q] Wipe a T55xx tag and set defaults (will destroy any data on tag)` + + +### lf viking + + { Viking RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf viking help `|Y |`This help` +|`lf viking demod `|Y |`Demodulate a Viking tag from the GraphBuffer` +|`lf viking read `|N |`Attempt to read and Extract tag data from the antenna` +|`lf viking clone `|N |`clone Viking tag to T55x7 or Q5/T5555` +|`lf viking sim `|N |`simulate Viking tag` + + +### lf visa2000 + + { Visa2000 RFIDs... } + +|command |offline |description +|------- |------- |----------- +|`lf visa2000 help `|Y |`This help` +|`lf visa2000 demod `|Y |`demodulate an VISA2000 tag from the GraphBuffer` +|`lf visa2000 read `|N |`attempt to read and extract tag data from the antenna` +|`lf visa2000 clone `|N |`clone Visa2000 tag to T55x7 or Q5/T5555` +|`lf visa2000 sim `|N |`simulate Visa2000 tag` + + +### mem + + { Flash Memory manipulation... } + +|command |offline |description +|------- |------- |----------- +|`mem help `|Y |`This help` +|`mem baudrate `|N |`Set Flash memory Spi baudrate` +|`mem spiffs `|N |`High level SPI FileSystem Flash manipulation` +|`mem info `|N |`Flash memory information` +|`mem load `|N |`Load data into flash memory` +|`mem dump `|N |`Dump data from flash memory` +|`mem wipe `|N |`Wipe data from flash memory` + + +### reveng + + { CRC calculations from RevEng software } + +[=] reveng: no mode switch specified. Use reveng -h for help. + +### smart + + { Smart card ISO-7816 commands... } + +|command |offline |description +|------- |------- |----------- +|`smart help `|Y |`This help` +|`smart list `|N |`List ISO 7816 history` +|`smart info `|N |`Tag information` +|`smart reader `|N |`Act like an IS07816 reader` +|`smart raw `|N |`Send raw hex data to tag` +|`smart upgrade `|Y |`Upgrade sim module firmware` +|`smart setclock `|N |`Set clock speed` +|`smart brute `|N |`Bruteforce SFI` + + +### script + + { Scripting commands } + +|command |offline |description +|------- |------- |----------- +|`script help `|Y |`Usage info` +|`script list `|Y |`List available scripts` +|`script run `|Y |` -- execute a script` + + +### trace + + { Trace manipulation... } + +|command |offline |description +|------- |------- |----------- +|`trace help `|Y |`This help` +|`trace list `|Y |`List protocol data in trace buffer` +|`trace load `|Y |`Load trace from file` +|`trace save `|Y |`Save trace buffer to file` + + +### usart + + { USART commands... } + +|command |offline |description +|------- |------- |----------- +|`usart help `|Y |`This help` +|`usart btpin `|N |`Change BT add-on PIN` +|`usart btfactory `|N |`Reset BT add-on to factory settings` +|`usart tx `|N |`Send string over USART` +|`usart rx `|N |`Receive string over USART` +|`usart txrx `|N |`Send string over USART and wait for response` +|`usart txhex `|N |`Send bytes over USART` +|`usart rxhex `|N |`Receive bytes over USART` +|`usart config `|N |`Configure USART` + + +### wiegand + + { Wiegand format manipulation... } + +|command |offline |description +|------- |------- |----------- +|`wiegand help `|Y |`This help` +|`wiegand list `|Y |`List available wiegand formats` +|`wiegand encode `|Y |`Encode to wiegand raw hex` +|`wiegand decode `|Y |`Convert raw hex to decoded wiegand format` + + From f63cf021788ab390594374e5cc7463df24cc8e03 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 7 Nov 2020 01:32:43 +0100 Subject: [PATCH 44/53] make style --- armsrc/BigBuf.c | 4 +-- armsrc/epa.c | 62 ++++++++++++++++++------------------ armsrc/iso14443b.c | 6 ++-- armsrc/mifarecmd.c | 18 +++++------ client/src/cmddata.c | 8 ++--- client/src/cmdhf14a.c | 14 ++++---- client/src/cmdhficlass.c | 8 ++--- client/src/cmdhfmfdes.c | 16 +++++----- client/src/cmdlfhid.c | 4 +-- client/src/emv/apduinfo.c | 4 +-- client/src/wiegand_formats.c | 52 +++++++++++++++--------------- doc/commands.md | 22 ++++++------- 12 files changed, 109 insertions(+), 109 deletions(-) diff --git a/armsrc/BigBuf.c b/armsrc/BigBuf.c index 80104156d..95a19dbb7 100644 --- a/armsrc/BigBuf.c +++ b/armsrc/BigBuf.c @@ -129,14 +129,14 @@ uint8_t *BigBuf_malloc(uint16_t chunksize) { return (uint8_t *)BigBuf + s_bigbuf_hi; } -// allocate a chunk of memory from BigBuf, and returns a pointer to it. +// allocate a chunk of memory from BigBuf, and returns a pointer to it. // sets the memory to zero uint8_t *BigBuf_calloc(uint16_t chunksize) { uint8_t *mem = BigBuf_malloc(chunksize); if (mem != NULL) { memset(mem, 0x00, chunksize); } - return mem; + return mem; } // free ALL allocated chunks. The whole BigBuf is available for traces or samples again. diff --git a/armsrc/epa.c b/armsrc/epa.c index b2a1b5ec5..d1f411a7e 100644 --- a/armsrc/epa.c +++ b/armsrc/epa.c @@ -541,44 +541,44 @@ void EPA_PACE_Replay(PacketCommandNG *c) { int EPA_Setup(void) { #ifdef WITH_ISO14443a -{ - // first, look for type A cards - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - // power up the field - iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); - iso14a_card_select_t card_a_info; - int return_code = iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false); + { + // first, look for type A cards + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + // power up the field + iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD); + iso14a_card_select_t card_a_info; + int return_code = iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false); - if (return_code == 1) { - uint8_t pps_response[3]; - uint8_t pps_response_par[1]; - // send the PPS request - ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL); - return_code = ReaderReceive(pps_response, pps_response_par); - if (return_code != 3 || pps_response[0] != 0xD0) { - return return_code == 0 ? 2 : return_code; + if (return_code == 1) { + uint8_t pps_response[3]; + uint8_t pps_response_par[1]; + // send the PPS request + ReaderTransmit((uint8_t *)pps, sizeof(pps), NULL); + return_code = ReaderReceive(pps_response, pps_response_par); + if (return_code != 3 || pps_response[0] != 0xD0) { + return return_code == 0 ? 2 : return_code; + } + Dbprintf("ISO 14443 Type A"); + iso_type = 'a'; + return 0; } - Dbprintf("ISO 14443 Type A"); - iso_type = 'a'; - return 0; } -} #endif #ifdef WITH_ISO14443b -{ - // if we're here, there is no type A card, so we look for type B - FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); - // power up the field - iso14443b_setup(); - iso14b_card_select_t card_b_info; - int return_code = iso14443b_select_card(&card_b_info); + { + // if we're here, there is no type A card, so we look for type B + FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); + // power up the field + iso14443b_setup(); + iso14b_card_select_t card_b_info; + int return_code = iso14443b_select_card(&card_b_info); - if (return_code == 0) { - Dbprintf("ISO 14443 Type B"); - iso_type = 'b'; - return 0; + if (return_code == 0) { + Dbprintf("ISO 14443 Type B"); + iso_type = 'b'; + return 0; + } } -} #endif Dbprintf("No card found"); return 1; diff --git a/armsrc/iso14443b.c b/armsrc/iso14443b.c index 9d29e4cda..f170be153 100644 --- a/armsrc/iso14443b.c +++ b/armsrc/iso14443b.c @@ -722,15 +722,15 @@ void Simulate_iso14443b_srx_tag(uint8_t *uid) { LED_A_ON(); / SRI512 - + > initiate 06 00 ISO14443B_INITIATE < xx crc crc > select 0e xx ISO14443B_SELECT < xx nn nn - + > readblock 08 blck_no ISO14443B_READ_BLK < d0 d1 d2 d3 2byte crc - + > get uid ISO14443B_GET_UID < 81 93 99 20 92 11 02 (8byte UID in MSB D002 199220 999381) diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 07806929e..36fb7455c 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -2420,7 +2420,7 @@ void MifareHasStaticNonce(void) { FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF); LEDsoff(); CHK_TIMEOUT(); - + memset(rec, 0x00, sizeof(rec)); } @@ -2736,10 +2736,10 @@ void MifareU_Otp_Tearoff(uint8_t arg0, uint32_t tearoff_time, uint8_t *datain) { // write cmd to send, include CRC // 1b write, 1b block, 4b data, 2 crc uint8_t cmd[] = { - MIFARE_ULC_WRITE, blockNo, - data_testwrite[0], data_testwrite[1], data_testwrite[2], data_testwrite[3], - 0, 0 - }; + MIFARE_ULC_WRITE, blockNo, + data_testwrite[0], data_testwrite[1], data_testwrite[2], data_testwrite[3], + 0, 0 + }; AddCrc14A(cmd, sizeof(cmd) - 2); // anticollision / select card @@ -2778,10 +2778,10 @@ void MifareU_Counter_Tearoff(uint8_t counter, uint32_t tearoff_time, uint8_t *da uint8_t cmd[] = { MIFARE_ULEV1_INCR_CNT, counter, - datain[0], // lsb - datain[1], - datain[2], // msb - datain[3], // rfu + datain[0], // lsb + datain[1], + datain[2], // msb + datain[3], // rfu 0, 0, }; diff --git a/client/src/cmddata.c b/client/src/cmddata.c index 9724f6dd9..6f70ca2cc 100644 --- a/client/src/cmddata.c +++ b/client/src/cmddata.c @@ -406,7 +406,7 @@ int printDemodBuff(uint8_t offset, bool strip_leading, bool invert, bool print_h } uint8_t *buf = NULL; - + if (strip_leading) { buf = (DemodBuffer + offset); @@ -427,7 +427,7 @@ int printDemodBuff(uint8_t offset, bool strip_leading, bool invert, bool print_h if (len > 512) { len = 512; } - + if (invert) { buf = (DemodBuffer + offset); for (size_t i = 0; i < len; i++) { @@ -439,11 +439,11 @@ int printDemodBuff(uint8_t offset, bool strip_leading, bool invert, bool print_h } } } - + if (print_hex) { buf = (DemodBuffer + offset); char hex[512] = {0x00}; - int num_bits = binarraytohex(hex, sizeof(hex), (char*)buf, len); + int num_bits = binarraytohex(hex, sizeof(hex), (char *)buf, len); if (num_bits == 0) { return PM3_ESOFT; } diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index 481de8f87..e402cb48e 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -1839,7 +1839,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } if (card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes - + PrintAndLogEx(INFO, "-------------------------- " _CYAN_("ATS") " --------------------------"); bool ta1 = 0, tb1 = 0, tc1 = 0; @@ -1851,7 +1851,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { PrintAndLogEx(WARNING, "ATS may be corrupted. Length of ATS (%d bytes incl. 2 Bytes CRC) doesn't match TL", card.ats_len); } - PrintAndLogEx(SUCCESS, "ATS: " _YELLOW_("%s")"[ %02x %02x ]", sprint_hex(card.ats, card.ats_len - 2), card.ats[card.ats_len - 1], card.ats[card.ats_len] ); + PrintAndLogEx(SUCCESS, "ATS: " _YELLOW_("%s")"[ %02x %02x ]", sprint_hex(card.ats, card.ats_len - 2), card.ats[card.ats_len - 1], card.ats[card.ats_len]); PrintAndLogEx(INFO, " " _YELLOW_("%02x") "............... TL length is " _GREEN_("%d") " bytes", card.ats[0], card.ats[0]); if (card.ats[0] > 1) { // there is a format byte (T0) @@ -1913,7 +1913,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { card.ats[pos], (card.ats[pos] & 0x01) ? "" : _RED_(" NOT"), (card.ats[pos] & 0x02) ? "" : _RED_(" NOT") - ); + ); pos++; } @@ -1923,13 +1923,13 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { tip[0] = '\0'; if (card.ats[0] - pos >= 7) { - snprintf(tip, sizeof(tip)," "); + snprintf(tip, sizeof(tip), " "); if ((card.sak & 0x70) == 0x40) { // and no GetVersion().. if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x01\xBC\xD6", 7) == 0) { snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus X 2K/4K (SL3)"); - + } else if (memcmp(card.ats + pos, "\xC1\x05\x2F\x2F\x00\x35\xC7", 7) == 0) { if ((card.atqa[0] & 0x02) == 0x02) @@ -1939,7 +1939,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { } else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x00\xF6\xD1", 7) == 0) { snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus SE 1K (17pF)"); - + } else if (memcmp(card.ats + pos, "\xC1\x05\x21\x30\x10\xF6\xD1", 7) == 0) { snprintf(tip + strlen(tip), sizeof(tip) - strlen(tip), _GREEN_("%s"), "MIFARE Plus SE 1K (70pF)"); } @@ -1973,7 +1973,7 @@ int infoHF14A(bool verbose, bool do_nack_test, bool do_aid_search) { PrintAndLogEx(INFO, "-------------------- " _CYAN_("Historical bytes") " --------------------"); if (card.ats[pos] == 0xC1) { - PrintAndLogEx(INFO, " %s%s", sprint_hex(card.ats + pos, calen), tip); + PrintAndLogEx(INFO, " %s%s", sprint_hex(card.ats + pos, calen), tip); PrintAndLogEx(SUCCESS, " C1..................... Mifare or (multiple) virtual cards of various type"); PrintAndLogEx(SUCCESS, " %02x.................. length is " _YELLOW_("%d") " bytes", card.ats[pos + 1], card.ats[pos + 1]); switch (card.ats[pos + 2] & 0xf0) { diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index ba4fe4f24..38a313186 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -878,16 +878,16 @@ static int CmdHFiClassELoad(const char *Cmd) { } DumpFileType_t dftype = BIN; - + bool use_json = arg_get_lit(ctx, 2); bool use_eml = arg_get_lit(ctx, 3); CLIParserFree(ctx); - + if (use_json && use_eml) { PrintAndLogEx(ERR, "Error: can't specify both JSON & EML"); return PM3_EINVARG; } - + if (use_json) { dftype = JSON; } else if (use_eml) { @@ -2325,7 +2325,7 @@ static int CmdHFiClass_loclass(const char *Cmd) { CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen); bool test = arg_get_lit(ctx, 2); - bool longtest = arg_get_lit(ctx, 3); + bool longtest = arg_get_lit(ctx, 3); CLIParserFree(ctx); diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index a497a7281..135798737 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -349,7 +349,7 @@ typedef struct { static int CmdHelp(const char *Cmd); static const char *getEncryptionAlgoStr(uint8_t algo) { - switch(algo) { + switch (algo) { case MFDES_ALGO_AES : return "AES"; case MFDES_ALGO_3DES : @@ -1133,7 +1133,7 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n return PM3_EINVARG; } - // AID == 000000 6bits LSB needs to be 0 + // AID == 000000 6bits LSB needs to be 0 key_no &= 0x0F; /* @@ -1141,10 +1141,10 @@ static int mifare_desfire_change_key(uint8_t key_no, uint8_t *new_key, uint8_t n * changing the card master key to one of them require a key_no tweak. */ if (0x000000 == tag->selected_application) { - + // PICC master key, 6bits LSB needs to be 0 key_no = 0x00; - + // PICC master key, keyalgo specific 2bit MSB switch (new_algo) { case MFDES_ALGO_DES: @@ -3938,11 +3938,11 @@ static int CmdHF14ADesChangeKey(const char *Cmd) { PrintAndLogEx(WARNING, "New key must include %d HEX symbols", keylength); return PM3_EINVARG; } - + PrintAndLogEx(INFO, "changing key number 0x%02x", cmdKeyNo); PrintAndLogEx(INFO, "old key: %s (%s)", sprint_hex_inrow(key, keylen), getEncryptionAlgoStr(cmdAuthAlgo)); PrintAndLogEx(INFO, "new key: %s (%s)", sprint_hex_inrow(newkey, newkeylen), getEncryptionAlgoStr(newcmdAuthAlgo)); - + int error = mifare_desfire_change_key(cmdKeyNo, newkey, newcmdAuthAlgo, key, cmdAuthAlgo, aesversion); if (error == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, " Successfully changed key."); @@ -4660,7 +4660,7 @@ static int CmdHF14aDesNDEF(const char *Cmd) { bool keyB = arg_get_lit(ctx, 4); CLIParserFree(ctx); - + uint16_t ndefAID = 0xe103; if (aidlen == 2) ndefAID = (aid[0] << 8) + aid[1]; @@ -4752,7 +4752,7 @@ static int CmdHF14aDesMAD(const char *Cmd) { CLIParserFree(ctx); - PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mfdes mad -v`") " for more details"); + PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mfdes mad -v`") " for more details"); return PM3_SUCCESS; } */ diff --git a/client/src/cmdlfhid.c b/client/src/cmdlfhid.c index 5757c7775..9bfbbaf3f 100644 --- a/client/src/cmdlfhid.c +++ b/client/src/cmdlfhid.c @@ -137,7 +137,7 @@ int demodHID(bool verbose) { } wiegand_message_t packed = initialize_message_object(hi2, hi, lo); - if ( HIDTryUnpack(&packed, false) == false) { + if (HIDTryUnpack(&packed, false) == false) { PrintAndLogEx(INFO, "raw: " _GREEN_("%08x%08x%08x"), hi2, hi, lo); printDemodBuff(0, false, false, true); } @@ -145,7 +145,7 @@ int demodHID(bool verbose) { PrintAndLogEx(DEBUG, "DEBUG: HID idx: %d, Len: %zu, Printing Demod Buffer: ", idx, size); if (g_debugMode) { PrintAndLogEx(DEBUG, "raw: " _GREEN_("%08x%08x%08x"), hi2, hi, lo); - + printDemodBuff(0, false, false, false); } diff --git a/client/src/emv/apduinfo.c b/client/src/emv/apduinfo.c index 440ad0e6b..f9edc5f92 100644 --- a/client/src/emv/apduinfo.c +++ b/client/src/emv/apduinfo.c @@ -527,11 +527,11 @@ void SAPDUPrint(sAPDU apdu, size_t maxdatalen) { apdu.Lc, apdu.Lc ); - + size_t len = apdu.Lc; if (maxdatalen > 0) len = MIN(apdu.Lc, maxdatalen); - + PrintAndLogEx(INFO, "data { %s%s }", sprint_hex(apdu.data, len), apdu.Lc > len ? "..." : ""); } diff --git a/client/src/wiegand_formats.c b/client/src/wiegand_formats.c index 4e00bbfcd..78d0bf828 100644 --- a/client/src/wiegand_formats.c +++ b/client/src/wiegand_formats.c @@ -515,7 +515,7 @@ static bool Pack_H10304(wiegand_card_t *card, wiegand_message_t *packed) { set_linear_field(packed, card->FacilityCode, 1, 16); set_linear_field(packed, card->CardNumber, 17, 19); - + set_bit_by_position(packed, evenparity32(get_linear_field(packed, 1, 18)), 0); set_bit_by_position(packed, oddparity32(get_linear_field(packed, 18, 18)), 36); return add_HID_header(packed); @@ -545,30 +545,30 @@ static bool Pack_HGeneric37(wiegand_card_t *card, wiegand_message_t *packed) { packed->Length = 37; // Set number of bits set_linear_field(packed, card->CardNumber, 4, 32); - + set_bit_by_position(packed, 1, 36); // Always 1 - + // even1 set_bit_by_position(packed, - evenparity32( - get_nonlinear_field(packed, 8, (uint8_t[]) {4, 8, 12, 16, 20, 24, 28, 32}) - ) - , 0 - ); + evenparity32( + get_nonlinear_field(packed, 8, (uint8_t[]) {4, 8, 12, 16, 20, 24, 28, 32}) + ) + , 0 + ); // odd1 set_bit_by_position(packed, - oddparity32( - get_nonlinear_field(packed, 8, (uint8_t[]) {6, 10, 14, 18, 22, 26, 30, 34}) - ) - , 2 - ); + oddparity32( + get_nonlinear_field(packed, 8, (uint8_t[]) {6, 10, 14, 18, 22, 26, 30, 34}) + ) + , 2 + ); // even2 - set_bit_by_position(packed, - evenparity32( - get_nonlinear_field(packed, 8, (uint8_t[]) {7, 11, 15, 19, 23, 27, 31, 35}) - ) - , 3 - ); + set_bit_by_position(packed, + evenparity32( + get_nonlinear_field(packed, 8, (uint8_t[]) {7, 11, 15, 19, 23, 27, 31, 35}) + ) + , 3 + ); return add_HID_header(packed); } @@ -580,10 +580,10 @@ static bool Unpack_HGeneric37(wiegand_message_t *packed, wiegand_card_t *card) { card->CardNumber = get_linear_field(packed, 4, 32); card->ParityValid = - (get_bit_by_position(packed, 0) == evenparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {4, 8, 12, 16, 20, 24, 28, 32}))) && - (get_bit_by_position(packed, 2) == oddparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {6, 10, 14, 18, 22, 28, 30, 34}))) && - (get_bit_by_position(packed, 3) == evenparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {7, 11, 15, 19, 23, 27, 31, 35}))) - ; + (get_bit_by_position(packed, 0) == evenparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {4, 8, 12, 16, 20, 24, 28, 32}))) && + (get_bit_by_position(packed, 2) == oddparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {6, 10, 14, 18, 22, 28, 30, 34}))) && + (get_bit_by_position(packed, 3) == evenparity32(get_nonlinear_field(packed, 8, (uint8_t[]) {7, 11, 15, 19, 23, 27, 31, 35}))) + ; return true; } @@ -599,7 +599,7 @@ static bool Pack_MDI37(wiegand_card_t *card, wiegand_message_t *packed) { set_linear_field(packed, card->FacilityCode, 3, 4); set_linear_field(packed, card->CardNumber, 7, 29); - + set_bit_by_position(packed, evenparity32(get_linear_field(packed, 1, 18)), 0); set_bit_by_position(packed, oddparity32(get_linear_field(packed, 18, 18)), 36); return add_HID_header(packed); @@ -612,7 +612,7 @@ static bool Unpack_MDI37(wiegand_message_t *packed, wiegand_card_t *card) { card->FacilityCode = get_linear_field(packed, 3, 4);; card->CardNumber = get_linear_field(packed, 7, 29); - + card->ParityValid = (get_bit_by_position(packed, 0) == evenparity32(get_linear_field(packed, 1, 18))) && (get_bit_by_position(packed, 36) == oddparity32(get_linear_field(packed, 18, 18))) @@ -830,7 +830,7 @@ static const cardformat_t FormatTable[] = { {"H10320", Pack_H10320, Unpack_H10320, "HID H10320 36-bit BCD", {1, 0, 0, 0, 1}}, // from Proxmark forums {"H10302", Pack_H10302, Unpack_H10302, "HID H10302 37-bit huge ID", {1, 0, 0, 0, 1}}, // from Proxmark forums {"H10304", Pack_H10304, Unpack_H10304, "HID H10304 37-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au - {"HGeneric37", Pack_HGeneric37, Unpack_HGeneric37, "HID Generic 37-bit", {1, 0, 0, 0, 1}}, // from cardinfo.barkweb.com.au + {"HGeneric37", Pack_HGeneric37, Unpack_HGeneric37, "HID Generic 37-bit", {1, 0, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"MDI37", Pack_MDI37, Unpack_MDI37, "PointGuard MDI 37-bit", {1, 1, 0, 0, 1}}, // from cardinfo.barkweb.com.au {"P10001", Pack_P10001, Unpack_P10001, "HID P10001 Honeywell 40-bit", {1, 1, 0, 1, 0}}, // from cardinfo.barkweb.com.au {"Casi40", Pack_CasiRusco40, Unpack_CasiRusco40, "Casi-Rusco 40-bit", {1, 0, 0, 0, 0}}, // from cardinfo.barkweb.com.au diff --git a/doc/commands.md b/doc/commands.md index 22149f373..e52c2361d 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -410,27 +410,27 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`hf mfdes help `|Y |`This help` +|`hf mfdes auth `|N |`Tries a MIFARE DesFire Authentication` +|`hf mfdes changekey `|N |`Change Key` +|`hf mfdes chk `|N |`Check keys` +|`hf mfdes enum `|N |`Tries enumerate all applications` +|`hf mfdes formatpicc `|N |`Format PICC` +|`hf mfdes getuid `|N |`Get random uid` |`hf mfdes info `|N |`Tag information` |`hf mfdes list `|Y |`List DESFire (ISO 14443A) history` -|`hf mfdes enum `|N |`Tries enumerate all applications` -|`hf mfdes auth `|N |`Tries a MIFARE DesFire Authentication` -|`hf mfdes getuid `|N |`Get random uid` -|`hf mfdes selectaid `|N |`Select Application ID` |`hf mfdes createaid `|N |`Create Application ID` |`hf mfdes deleteaid `|N |`Delete Application ID` +|`hf mfdes selectaid `|N |`Select Application ID` +|`hf mfdes changevalue `|N |`Write value of a value file (credit/debit/clear)` +|`hf mfdes clearfile `|N |`Clear record File` |`hf mfdes createfile `|N |`Create Standard/Backup File` |`hf mfdes createvaluefile`|N |`Create Value File` |`hf mfdes createrecordfile`|N |`Create Linear/Cyclic Record File` |`hf mfdes deletefile `|N |`Create Delete File` -|`hf mfdes clearfile `|N |`Clear record File` +|`hf mfdes dump `|N |`Dump all files` +|`hf mfdes getvalue `|N |`Get value of file` |`hf mfdes readdata `|N |`Read data from standard/backup/record file` |`hf mfdes writedata `|N |`Write data to standard/backup/record file` -|`hf mfdes getvalue `|N |`Get value of file` -|`hf mfdes changevalue `|N |`Write value of a value file (credit/debit/clear)` -|`hf mfdes changekey `|N |`Change Key` -|`hf mfdes formatpicc `|N |`Format PICC` -|`hf mfdes dump `|N |`Dump all files` -|`hf mfdes chk `|N |`Check keys` ### hf st From 928d787970d62bdb1f460e7b5f02b819f8b19b15 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 7 Nov 2020 23:21:06 +0100 Subject: [PATCH 45/53] print uid in 14a reader @ mode --- client/src/cmdhf14a.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/cmdhf14a.c b/client/src/cmdhf14a.c index e402cb48e..d6cbcd2de 100644 --- a/client/src/cmdhf14a.c +++ b/client/src/cmdhf14a.c @@ -551,8 +551,8 @@ static int CmdHF14AReader(const char *Cmd) { res = PM3_ESOFT; goto plot; } + PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen)); if (!(silent && continuous)) { - PrintAndLogEx(SUCCESS, " UID: " _GREEN_("%s"), sprint_hex(card.uid, card.uidlen)); PrintAndLogEx(SUCCESS, "ATQA: " _GREEN_("%02x %02x"), card.atqa[1], card.atqa[0]); PrintAndLogEx(SUCCESS, " SAK: " _GREEN_("%02x [%" PRIu64 "]"), card.sak, resp.oldarg[0]); From 358ecbd0f4f7c698d4337ec93681c079de68103c Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sat, 7 Nov 2020 23:23:45 +0100 Subject: [PATCH 46/53] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e63bead6f..53aab0422 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac ## [unreleased][unreleased] - Change many commands to cliparser (@iceman1001, @tcprst, @mwalker33,...) - ... + - Added compilation options for 256k Proxmark versions, see doc (@doegox) - Added support for 10b UID in `hf 14a sim` (@doegox) - Added `HF_TCPRST` standalone mode which read and emulate IKEA Rothult cards (@tcprst) - Add Gallagher key checking/KDF on MIFARE Desfire (@NZSmartie) From 983c3a3a637a1d493d69ffa1b93d3eedf4a4b077 Mon Sep 17 00:00:00 2001 From: mwalker33 <51802811+mwalker33@users.noreply.github.com> Date: Sun, 8 Nov 2020 21:03:33 +1100 Subject: [PATCH 47/53] Detect with wakeup Detect with wake option to address init deley or AOR set. --- client/src/cmdlft55xx.c | 88 ++++++++++++++++++++++++++++++----------- 1 file changed, 65 insertions(+), 23 deletions(-) diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index ab1a86fbd..e34d14718 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -1024,6 +1024,9 @@ static void T55xx_Print_DownlinkMode(uint8_t downlink_mode) { PrintAndLogEx(NORMAL, msg); } +// Define prototype to call from within detect. +static int CmdT55xxWakeUp (const char *Cmd); + static int CmdT55xxDetect(const char *Cmd) { bool errors = false; @@ -1032,9 +1035,16 @@ static int CmdT55xxDetect(const char *Cmd) { bool try_with_pwd = false; bool try_all_dl_modes = true; bool found = false; + bool usewake = false; uint64_t password = -1; uint8_t cmdp = 0; uint8_t downlink_mode = 0; + char wakecmd[20] = { 0x00 }; + struct timespec sleepperiod; + + // Setup the 90ms time value to sleep for after the wake, to allow delay init to complete (~70ms) + sleepperiod.tv_sec = 0; + sleepperiod.tv_nsec = 90000000; while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { @@ -1042,6 +1052,7 @@ static int CmdT55xxDetect(const char *Cmd) { return usage_t55xx_detect(); case 'p': password = param_get32ex(Cmd, cmdp + 1, 0, 16); + sprintf (wakecmd,"p %08x q",(uint32_t)(password & 0xFFFFFFFF)); usepwd = true; cmdp += 2; break; @@ -1064,6 +1075,7 @@ static int CmdT55xxDetect(const char *Cmd) { } if (errors) return usage_t55xx_detect(); + // detect called so clear data blocks T55x7_ClearAllBlockData(); @@ -1072,38 +1084,61 @@ static int CmdT55xxDetect(const char *Cmd) { return PM3_ESOFT; if (useGB == false) { - // do ... while to check without password then loop back if password supplied + // do ... while not found and not yet tried with wake (for AOR or Init Delay) do { + // do ... while to check without password then loop back if password supplied + do { - if (try_all_dl_modes) { - for (uint8_t m = downlink_mode; m < 4; m++) { + if (try_all_dl_modes) { + for (uint8_t m = downlink_mode; m < 4; m++) { + if (usewake) { + // call wake + if (try_with_pwd) + CmdT55xxWakeUp (wakecmd); + else + CmdT55xxWakeUp ("q"); + // sleep 90 ms + nanosleep (&sleepperiod, &sleepperiod); + } - if (AcquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, (try_with_pwd && usepwd), password, m) == false) - continue; + if (AcquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, (try_with_pwd && usepwd), password, m) == false) + continue; - if (t55xxTryDetectModulationEx(m, T55XX_PrintConfig, 0, (try_with_pwd && usepwd) ? password : -1) == false) - continue; + if (t55xxTryDetectModulationEx(m, T55XX_PrintConfig, 0, (try_with_pwd && usepwd) ? password : -1) == false) + continue; - found = true; + found = true; - break; + break; + } + } else { + if (usewake) { + // call wake + if (try_with_pwd) + CmdT55xxWakeUp (wakecmd); + else + CmdT55xxWakeUp ("q"); + // sleep 90 ms + nanosleep (&sleepperiod, &sleepperiod); + } + + if (AcquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode)) { + found = t55xxTryDetectModulationEx(downlink_mode, T55XX_PrintConfig, 0, (usepwd) ? password : -1); + } } - } else { - if (AcquireData(T55x7_PAGE0, T55x7_CONFIGURATION_BLOCK, usepwd, password, downlink_mode)) { - found = t55xxTryDetectModulationEx(downlink_mode, T55XX_PrintConfig, 0, (usepwd) ? password : -1); - } - } - // toggle so we loop back if not found and try with pwd - if (!found && usepwd) - try_with_pwd = !try_with_pwd; + // toggle so we loop back if not found and try with pwd + if (!found && usepwd) + try_with_pwd = !try_with_pwd; - // force exit as detect block has been found - if (found) - try_with_pwd = false; - - } while (try_with_pwd); + // force exit as detect block has been found + if (found) + try_with_pwd = false; + } while (try_with_pwd); + // Toggle so we loop back and try with wakeup. + usewake = !usewake; + } while (!found && usewake); } else { found = t55xxTryDetectModulation(downlink_mode, T55XX_PrintConfig); } @@ -1619,6 +1654,7 @@ static int CmdT55xxWakeUp(const char *Cmd) { uint8_t cmdp = 0; bool errors = false; uint8_t downlink_mode = config.downlink_mode; + bool quiet = false; while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { @@ -1635,6 +1671,10 @@ static int CmdT55xxWakeUp(const char *Cmd) { cmdp += 2; break; + case 'q': + quiet = true; + cmdp++; + break; default: PrintAndLogEx(WARNING, "Unknown parameter '%c'", param_getchar(Cmd, cmdp)); errors = true; @@ -1659,7 +1699,9 @@ static int CmdT55xxWakeUp(const char *Cmd) { return PM3_ETIMEOUT; } - PrintAndLogEx(SUCCESS, "Wake up command sent. Try read now"); + if (!quiet) + PrintAndLogEx(SUCCESS, "Wake up command sent. Try read now"); + return PM3_SUCCESS; } From f894560325b2d81381fb341d1ac50f01c80168be Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Sun, 8 Nov 2020 18:59:36 +0100 Subject: [PATCH 48/53] hf mfdes fixes --- client/src/cmdhfmfdes.c | 91 ++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 37 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 135798737..9a74aa2ca 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -1278,7 +1278,7 @@ static int desfire_print_signature(uint8_t *uid, uint8_t uidlen, uint8_t *signat {"DESFire EV3", "041DB46C145D0A36539C6544BD6D9B0AA62FF91EC48CBC6ABAE36E0089A46F0D08C8A715EA40A63313B92E90DDC1730230E0458A33276FB743"}, {"NTAG424DNA, NTAG424DNATT, DESFire Light EV2", "04B304DC4C615F5326FE9383DDEC9AA892DF3A57FA7FFB3276192BC0EAA252ED45A865E3B093A3D0DCE5BE29E92F1392CE7DE321E3E5C52B3B"}, {"DESFire Light", "040E98E117AAA36457F43173DC920A8757267F44CE4EC5ADD3C54075571AEBBF7B942A9774A1D94AD02572427E5AE0A2DD36591B1FB34FCF3D"}, - {"Mifare Plus EV1", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"} + {"MIFARE Plus EV1", "044409ADC42F91A8394066BA83D872FB1D16803734E911170412DDF8BAD1A4DADFD0416291AFE1C748253925DA39A5F39A1C557FFACD34C62E"} }; @@ -1654,9 +1654,7 @@ static int handler_desfire_createapp(aidhdr_t *aidhdr, bool usename, bool usefid if (res != PM3_SUCCESS) { PrintAndLogEx(WARNING, _RED_(" Can't create aid -> %s"), GetErrorString(res, &sw)); DropField(); - return res; } - return res; } @@ -1669,7 +1667,6 @@ static int handler_desfire_deleteapp(const uint8_t *aid) { if (res != PM3_SUCCESS) { PrintAndLogEx(WARNING, _RED_(" Can't delete aid -> %s"), GetErrorString(res, &sw)); DropField(); - return res; } return res; } @@ -2230,12 +2227,12 @@ static int CmdHF14ADesSelectApp(const char *Cmd) { } int res = handler_desfire_select_application(aid); + DropField(); if (res != PM3_SUCCESS) { - DropField(); PrintAndLogEx(ERR, "Error on selecting aid."); - return res; + } else { + PrintAndLogEx(SUCCESS, "Successfully selected aid."); } - PrintAndLogEx(SUCCESS, "Successfully selected aid."); return res; } @@ -2363,7 +2360,9 @@ static int CmdHF14ADesCreateApp(const char *Cmd) { res = handler_desfire_createapp(&aidhdr, usename, usefid); DropField(); - PrintAndLogEx(SUCCESS, "Successfully created aid."); + if (res == PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, "Successfully created aid."); + } return res; } @@ -2399,9 +2398,11 @@ static int CmdHF14ADesDeleteApp(const char *Cmd) { uint8_t rootaid[3] = {0x00, 0x00, 0x00}; int res = handler_desfire_select_application(rootaid); if (res != PM3_SUCCESS) { DropField(); return res;} - res = handler_desfire_deleteapp(aid); + res = handler_desfire_deleteapp(aid); DropField(); - PrintAndLogEx(SUCCESS, "Successfully deleted aid."); + if (res == PM3_SUCCESS) { + PrintAndLogEx(SUCCESS, "Successfully deleted aid."); + } return res; } @@ -3603,6 +3604,20 @@ static int DecodeFileSettings(uint8_t *src, int src_len, int maclen) { } static int CmdHF14ADesDump(const char *Cmd) { + + CLIParserContext *ctx; + CLIParserInit(&ctx, "hf mfdes dump", + "Tries to dump all files on a DESFire tag", + "hf mfdes dump"); + + void *argtable[] = { + arg_param_begin, +// arg_strx0("a", "aid", "", "Use specific AID (3 hex bytes, big endian)"), + arg_param_end + }; + CLIExecWithReturn(ctx, Cmd, argtable, true); + CLIParserFree(ctx); + (void)Cmd; // Cmd is not used so far DropField(); @@ -3629,7 +3644,7 @@ static int CmdHF14ADesDump(const char *Cmd) { } PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "-- Mifare DESFire Dump ----------------------"); + PrintAndLogEx(INFO, "-- " _CYAN_("MIFARE DESFire Dump") " ----------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------"); for (uint32_t i = 0; i < app_ids_len; i += 3) { @@ -3791,7 +3806,7 @@ static int CmdHF14ADesEnumApplications(const char *Cmd) { } PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "-- Mifare DESFire Enumerate applications --------------------"); + PrintAndLogEx(INFO, "-- MIFARE DESFire Enumerate applications --------------------"); PrintAndLogEx(INFO, "-------------------------------------------------------------"); PrintAndLogEx(SUCCESS, " Tag report " _GREEN_("%d") " application%c", app_ids_len / 3, (app_ids_len == 3) ? ' ' : 's'); @@ -3868,7 +3883,7 @@ static int CmdHF14ADesChangeKey(const char *Cmd) { uint8_t newkeylength = 8; CLIParserContext *ctx; CLIParserInit(&ctx, "hf mfdes changekey", - "Changes Mifare DESFire Key\n" + "Changes MIFARE DESFire Key\n" "Make sure to select aid or authenticate aid before running this command.", "hf mfdes changekey -n 0 -t 1 -k 0000000000000000 -u 1 -j 0102030405060708 -> DES,keynumber 0" ); @@ -3969,7 +3984,7 @@ static int CmdHF14ADesAuth(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf mfdes auth", - "Authenticates Mifare DESFire using Key", + "Authenticates MIFARE DESFire using Key", "hf mfdes auth -m 3 -t 4 -a 808301 -n 0 -k 00000000000000000000000000000000 -> AES,keynumber 0, aid 0x803201\n" "hf mfdes auth -m 2 -t 2 -a 000000 -n 1 -k 00000000000000000000000000000000 -> 3DES,keynumber 1, aid 0x000000\n" "hf mfdes auth -m 1 -t 1 -a 000000 -n 2 -k 0000000000000000 -> DES,keynumber 2, aid 0x000000\n" @@ -4348,7 +4363,7 @@ static int CmdHF14aDesChk(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf mfdes chk", - "Checks keys with Mifare Desfire card.", + "Checks keys with MIFARE DESFire card.", "hf mfdes chk -a 123456 -k 000102030405060708090a0b0c0d0e0f -> check key on aid 0x123456\n" "hf mfdes chk -d mfdes_default_keys -> check keys from dictionary against all existing aid on card\n" "hf mfdes chk -d mfdes_default_keys -a 123456 -> check keys from dictionary against aid 0x123456\n" @@ -4587,7 +4602,7 @@ static int CmdHF14aDesChk(const char *Cmd) { // save keys to json if ((jsonnamelen > 0) && result) { - // Mifare Desfire info + // MIFARE DESFire info SendCommandMIX(CMD_HF_ISO14443A_READER, ISO14A_CONNECT, 0, 0, NULL, 0); PacketResponseNG resp; @@ -4644,7 +4659,6 @@ static int CmdHF14aDesNDEF(const char *Cmd) { arg_litn("v", "verbose", 0, 2, "show technical data"), arg_str0("", "aid", "", "replace default aid for NDEF"), arg_str0("k", "key", "", "replace default key for NDEF"), - arg_lit0("b", "keyb", "use key B for access sectors (by default: key A)"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); @@ -4657,22 +4671,24 @@ static int CmdHF14aDesNDEF(const char *Cmd) { uint8_t key[16] = {0}; int keylen; CLIGetHexWithReturn(ctx, 3, key, &keylen); - bool keyB = arg_get_lit(ctx, 4); CLIParserFree(ctx); - uint16_t ndefAID = 0xe103; - if (aidlen == 2) - ndefAID = (aid[0] << 8) + aid[1]; + uint32_t ndefAID = 0xEEEE10; + if (aidlen == 2) { + ndefAID = (aid[0] << 16) | (aid[1] << 8) | aid[2]; + } + // set default NDEF key uint8_t ndefkey[16] = {0}; memcpy(ndefkey, g_mifarep_ndef_key, 16); + + // user supplied key if (keylen == 16) { memcpy(ndefkey, key, 16); } - uint8_t data[4096] = {0}; - int datalen = 0; + int file_ids_len = 0; for (int j = (int)file_ids_len - 1; j >= 0; j--) { PrintAndLogEx(SUCCESS, "\n\n Fileid %d (0x%02x)", file_ids[j], file_ids[j]); @@ -4680,7 +4696,7 @@ static int CmdHF14aDesNDEF(const char *Cmd) { uint8_t filesettings[20] = {0}; uint32_t fileset_len = 0; - res = handler_desfire_filesettings(file_ids[j], filesettings, &fileset_len); + int res = handler_desfire_filesettings(file_ids[j], filesettings, &fileset_len); if (res != PM3_SUCCESS) continue; int maclen = 0; // To be implemented @@ -4698,19 +4714,20 @@ static int CmdHF14aDesNDEF(const char *Cmd) { return PM3_EMALLOC; } - fdata.data = data; - int res = handler_desfire_readdata(&fdata, MFDES_DATA_FILE, filesettings[1]); - if (res == PM3_SUCCESS) { - uint32_t len = le24toh(fdata.length); - NDEFDecodeAndPrint(data, datalen, verbose); + fdata.data = data; + res = handler_desfire_readdata(&fdata, MFDES_DATA_FILE, filesettings[1]); + if (res == PM3_SUCCESS) { + uint32_t len = le24toh(fdata.length); + NDEFDecodeAndPrint(data, datalen, verbose); - } else { - PrintAndLogEx(ERR, "Couldn't read value. Error %d", res); - res = handler_desfire_select_application(aid); - if (res != PM3_SUCCESS) continue; + } else { + PrintAndLogEx(ERR, "Couldn't read value. Error %d", res); + res = handler_desfire_select_application(aid); + if (res != PM3_SUCCESS) continue; + } + + free(data); } - - free(data); } // PrintAndLogEx(INFO, "reading data from tag"); @@ -4722,14 +4739,14 @@ static int CmdHF14aDesNDEF(const char *Cmd) { if (verbose2) { PrintAndLogEx(NORMAL, ""); - PrintAndLogEx(INFO, "--- " _CYAN_("DESfire NDEF raw") " ----------------"); + PrintAndLogEx(INFO, "--- " _CYAN_("DESFire NDEF raw") " ----------------"); dump_buffer(data, datalen, stdout, 1); } + PrintAndLogEx(HINT, "Try " _YELLOW_("`hf mfdes ndef -vv`") " for more details"); return PM3_SUCCESS; } */ - /* static int CmdHF14aDesMAD(const char *Cmd) { DropField(); From a41e71d03dbe80880b46a89259324af7158904a9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 9 Nov 2020 09:36:27 +0100 Subject: [PATCH 49/53] fix #946, unsecured card use crc16, secured MAC --- armsrc/iclass.c | 74 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 26 deletions(-) diff --git a/armsrc/iclass.c b/armsrc/iclass.c index 03f7dcbba..803972e05 100644 --- a/armsrc/iclass.c +++ b/armsrc/iclass.c @@ -1776,13 +1776,19 @@ void iClass_Dump(uint8_t *msg) { BigBuf_free(); } -static bool iclass_writeblock_ext(uint8_t blockno, uint8_t *data, uint8_t *mac) { +static bool iclass_writeblock_ext(uint8_t blockno, uint8_t *data, uint8_t *mac, bool use_mac) { // write command: cmd, 1 blockno, 8 data, 4 mac - uint8_t write[16] = { 0x80 | ICLASS_CMD_UPDATE, blockno }; + uint8_t write[14] = { 0x80 | ICLASS_CMD_UPDATE, blockno }; + uint8_t write_len = 14; memcpy(write + 2, data, 8); - memcpy(write + 10, mac, 4); - AddCrc(write + 1, 13); + + if (use_mac) { + memcpy(write + 10, mac, 4); + } else { + AddCrc(write + 1, 9); + write_len -= 2; + } uint8_t resp[10] = {0}; uint32_t eof_time = 0, start_time = 0; @@ -1819,7 +1825,8 @@ void iClass_WriteBlock(uint8_t *msg) { iclass_writeblock_req_t *payload = (iclass_writeblock_req_t *)msg; - uint8_t write[16] = { 0x80 | ICLASS_CMD_UPDATE, payload->req.blockno }; + uint8_t write[14] = { 0x80 | ICLASS_CMD_UPDATE, payload->req.blockno }; + uint8_t write_len = 14; Iso15693InitReader(); @@ -1844,23 +1851,30 @@ void iClass_WriteBlock(uint8_t *msg) { } } - // calc new mac for write - uint8_t wb[9]; - wb[0] = payload->req.blockno; - memcpy(wb + 1, payload->data, 8); - - if (payload->req.use_replay) { - doMAC_N(wb, sizeof(wb), payload->req.key + 4, mac); + // new block data + memcpy(write + 2, payload->data, 8); + + uint8_t pagemap = get_pagemap(&hdr); + if (pagemap == PICOPASS_NON_SECURE_PAGEMODE) { + // Unsecured tags uses CRC16, but don't include the UPDATE operation code + // byte0 = update op + // byte1 = block no + // byte2..9 = new block data + AddCrc(write + 1, 9); + write_len -= 2; } else { + // Secure tags uses MAC + uint8_t wb[9]; + wb[0] = payload->req.blockno; + memcpy(wb + 1, payload->data, 8); + if (payload->req.use_credit_key) doMAC_N(wb, sizeof(wb), hdr.key_c, mac); else doMAC_N(wb, sizeof(wb), hdr.key_d, mac); - } - memcpy(write + 2, payload->data, 8); // data - memcpy(write + 10, mac, sizeof(mac)); // mac - AddCrc(write + 1, 13); + memcpy(write + 10, mac, sizeof(mac)); + } start_time = eof_time + DELAY_ICLASS_VICC_TO_VCD_READER; @@ -1869,7 +1883,7 @@ void iClass_WriteBlock(uint8_t *msg) { uint8_t tries = 3; while (tries-- > 0) { - iclass_send_as_reader(write, sizeof(write), &start_time, &eof_time); + iclass_send_as_reader(write, write_len, &start_time, &eof_time); if (tearoff_hook() == PM3_ETEAROFF) { // tearoff occured res = false; @@ -1961,22 +1975,30 @@ void iClass_Restore(iclass_restore_req_t *msg) { } // main loop + bool use_mac; for (uint8_t i = 0; i < msg->item_cnt; i++) { iclass_restore_item_t item = msg->blocks[i]; - // calc new mac for data, using 1b blockno, 8b data, - uint8_t wb[9] = {0}; - wb[0] = item.blockno; - memcpy(wb + 1, item.data, 8); + uint8_t pagemap = get_pagemap(&hdr); + if (pagemap == PICOPASS_NON_SECURE_PAGEMODE) { + // Unsecured tags uses CRC16 + use_mac = false; + } else { + // Secure tags uses MAC + use_mac = true; + uint8_t wb[9] = {0}; + wb[0] = item.blockno; + memcpy(wb + 1, item.data, 8); - if (msg->req.use_credit_key) - doMAC_N(wb, sizeof(wb), hdr.key_c, mac); - else - doMAC_N(wb, sizeof(wb), hdr.key_d, mac); + if (msg->req.use_credit_key) + doMAC_N(wb, sizeof(wb), hdr.key_c, mac); + else + doMAC_N(wb, sizeof(wb), hdr.key_d, mac); + } // data + mac - if (iclass_writeblock_ext(item.blockno, item.data, mac)) { + if (iclass_writeblock_ext(item.blockno, item.data, mac, use_mac)) { Dbprintf("Write block [%02x] " _GREEN_("successful"), item.blockno); written++; } else { From 3cd2c0b47bc4738e2953978aa373e53126ba0238 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 9 Nov 2020 09:58:30 +0100 Subject: [PATCH 50/53] allow to write tags in unsecured pagemode --- client/src/cmdhficlass.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/client/src/cmdhficlass.c b/client/src/cmdhficlass.c index 38a313186..82bdbf5d0 100644 --- a/client/src/cmdhficlass.c +++ b/client/src/cmdhficlass.c @@ -1760,7 +1760,7 @@ write_dump: return PM3_SUCCESS; } -static int iclass_write_block(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool replay, bool verbose) { +static int iclass_write_block(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bool use_credit_key, bool elite, bool rawkey, bool replay, bool verbose, bool use_secure_pagemode) { iclass_writeblock_req_t payload = { .req.use_raw = rawkey, @@ -1769,7 +1769,7 @@ static int iclass_write_block(uint8_t blockno, uint8_t *bldata, uint8_t *KEY, bo .req.use_replay = replay, .req.blockno = blockno, .req.send_reply = true, - .req.do_auth = true, + .req.do_auth = use_secure_pagemode, }; memcpy(payload.req.key, KEY, 8); memcpy(payload.data, bldata, sizeof(payload.data)); @@ -1804,6 +1804,7 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) { bool use_replay = false; bool errors = false; bool verbose = false; + bool use_secure_pagemode = false; uint8_t cmdp = 0; while (param_getchar(Cmd, cmdp) != 0x00 && !errors) { switch (tolower(param_getchar(Cmd, cmdp))) { @@ -1848,6 +1849,7 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) { PrintAndLogEx(WARNING, "\nERROR: Credit Key is incorrect length\n"); errors = true; } + use_secure_pagemode = true; cmdp += 2; break; case 'r': @@ -1880,9 +1882,9 @@ static int CmdHFiClass_WriteBlock(const char *Cmd) { errors = true; } - if (errors || cmdp < 6) return usage_hf_iclass_writeblock(); + if (errors || cmdp < 4) return usage_hf_iclass_writeblock(); - int isok = iclass_write_block(blockno, bldata, KEY, use_credit_key, elite, rawkey, use_replay, verbose); + int isok = iclass_write_block(blockno, bldata, KEY, use_credit_key, elite, rawkey, use_replay, verbose, use_secure_pagemode); switch (isok) { case PM3_SUCCESS: PrintAndLogEx(SUCCESS, "Wrote block %02X successful", blockno); @@ -3565,10 +3567,11 @@ int info_iclass(void) { PrintAndLogEx(INFO, "------------------------ " _CYAN_("Fingerprint") " -----------------------"); uint8_t aia[8]; - if (pagemap == PICOPASS_NON_SECURE_PAGEMODE) + if (pagemap == PICOPASS_NON_SECURE_PAGEMODE) { memcpy(aia, ns_hdr->app_issuer_area, sizeof(aia)); - else + } else { memcpy(aia, hdr->app_issuer_area, sizeof(aia)); + } // if CSN ends with FF12E0, it's inside HID CSN range. bool isHidRange = (memcmp(hdr->csn + 5, "\xFF\x12\xE0", 3) == 0); @@ -3583,11 +3586,13 @@ int info_iclass(void) { if (se_enabled) PrintAndLogEx(SUCCESS, " Credential... " _GREEN_("iCLASS SE")); } else { - PrintAndLogEx(SUCCESS, " CSN..-....... " _YELLOW_("outside HID range")); + PrintAndLogEx(SUCCESS, " CSN.......... " _YELLOW_("outside HID range")); } uint8_t cardtype = get_mem_config(hdr); PrintAndLogEx(SUCCESS, " Card type.... " _GREEN_("%s"), card_types[cardtype]); + + } DropField(); From 7cae4e969bf0546038ab3ec0b4fbf2f9ca0f338b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 9 Nov 2020 10:02:47 +0100 Subject: [PATCH 51/53] text --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53aab0422..e9bb8d98f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file. This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... ## [unreleased][unreleased] + - Fix 'hf iclass wrbl' - dealing with tags in unsecured vs secured pagemode now is correct (@iceman1001) - Change many commands to cliparser (@iceman1001, @tcprst, @mwalker33,...) - ... - Added compilation options for 256k Proxmark versions, see doc (@doegox) From eec3bc595bcfc74da6e92190573eb1c7e972c44b Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 9 Nov 2020 10:48:37 +0100 Subject: [PATCH 52/53] coverity warning --- common/lz4/lz4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/lz4/lz4.c b/common/lz4/lz4.c index da5bbf1e2..0b7df1fb0 100644 --- a/common/lz4/lz4.c +++ b/common/lz4/lz4.c @@ -1586,7 +1586,7 @@ int LZ4_compress_fast_continue(LZ4_stream_t *LZ4_stream, * cost to copy the dictionary's tables into the active context, * so that the compression loop is only looking into one table. */ - LZ4_memcpy(streamPtr, streamPtr->dictCtx, sizeof(LZ4_stream_t)); + LZ4_memcpy(streamPtr, streamPtr->dictCtx, sizeof(*streamPtr)); result = LZ4_compress_generic(streamPtr, source, dest, inputSize, NULL, maxOutputSize, limitedOutput, tableType, usingExtDict, noDictIssue, acceleration); } else { result = LZ4_compress_generic(streamPtr, source, dest, inputSize, NULL, maxOutputSize, limitedOutput, tableType, usingDictCtx, noDictIssue, acceleration); From 089ae507be1c5caeac98b6a9d19cead8536bace9 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Mon, 9 Nov 2020 15:24:19 +0100 Subject: [PATCH 53/53] structs needs to be PACKED --- client/src/cmdhfmfdes.c | 87 +++++++++++++++++++++++++++-------------- 1 file changed, 58 insertions(+), 29 deletions(-) diff --git a/client/src/cmdhfmfdes.c b/client/src/cmdhfmfdes.c index 9a74aa2ca..871c9d115 100644 --- a/client/src/cmdhfmfdes.c +++ b/client/src/cmdhfmfdes.c @@ -60,7 +60,7 @@ uint8_t k3kdefaultkeys[1][24] = {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 struct desfire_tag mf_state = {.session_key = NULL, .authentication_scheme = AS_LEGACY, .authenticated_key_no = NOT_YET_AUTHENTICATED, .crypto_buffer = NULL, .crypto_buffer_size = 0, .selected_application = 0}; static desfiretag_t tag = &mf_state; -typedef struct { +typedef struct mfdes_authinput { uint8_t mode; uint8_t algo; uint8_t keyno; @@ -94,7 +94,6 @@ typedef struct { uint8_t details[14]; } PACKED mfdes_info_res_t; - typedef struct mfdes_value { uint8_t fileno; //01 uint8_t value[16]; @@ -340,11 +339,19 @@ typedef enum { NTAG413DNA, } nxp_cardtype_t; -typedef struct { +typedef struct dfname { uint8_t aid[3]; uint8_t fid[2]; uint8_t name[16]; -} dfname_t; +} PACKED dfname_t; + +typedef struct aidhdr { + uint8_t aid[3]; + uint8_t keysetting1; + uint8_t keysetting2; + uint8_t fid[2]; + uint8_t name[16]; +} PACKED aidhdr_t; static int CmdHelp(const char *Cmd); @@ -1544,9 +1551,14 @@ static int handler_desfire_dfnames(dfname_t *dest, uint8_t *dfname_count) { static int handler_desfire_select_application(uint8_t *aid) { if (g_debugMode > 1) { - if (aid == NULL) PrintAndLogEx(ERR, "AID=NULL"); + if (aid == NULL) { + PrintAndLogEx(ERR, "AID=NULL"); + } } - if (aid == NULL) return PM3_EINVARG; + if (aid == NULL) { + return PM3_EINVARG; + } + sAPDU apdu = {0x90, MFDES_SELECT_APPLICATION, 0x00, 0x00, 0x03, aid}; //0x5a uint32_t recv_len = 0; uint16_t sw = 0; @@ -1620,37 +1632,38 @@ static int handler_desfire_filesettings(uint8_t file_id, uint8_t *dest, uint32_t return res; } -typedef struct { - uint8_t aid[3]; - uint8_t keysetting1; - uint8_t keysetting2; - uint8_t fid[2]; - uint8_t name[16]; -} aidhdr_t; - static int handler_desfire_createapp(aidhdr_t *aidhdr, bool usename, bool usefid) { if (aidhdr == NULL) return PM3_EINVARG; sAPDU apdu = {0x90, MFDES_CREATE_APPLICATION, 0x00, 0x00, sizeof(aidhdr_t), (uint8_t *)aidhdr}; // 0xCA - if (!usename) { - apdu.Lc = apdu.Lc - 16; + if (usename == false) { + apdu.Lc = apdu.Lc - sizeof(aidhdr->name); } - if (!usefid) { - apdu.Lc = apdu.Lc - 2; + if (usefid == false) { + apdu.Lc = apdu.Lc - sizeof(aidhdr->fid); } uint8_t *data = NULL; - if (!usefid && usename) { - data = (uint8_t *)malloc(apdu.Lc); + + // skip over FID if not used. + if (usefid == false && usename) { + data = calloc(apdu.Lc, sizeof(uint8_t)); apdu.data = data; - memcpy(data, aidhdr, apdu.Lc); - memcpy(&data[3 + 1 + 1], aidhdr->name, 16); + + memcpy(data, aidhdr->aid, sizeof(aidhdr->aid)); + data[3] = aidhdr->keysetting1; + data[4] = aidhdr->keysetting2; + memcpy(data + 5, aidhdr->name, sizeof(aidhdr->name)); + + PrintAndLogEx(INFO, "new data: %s", sprint_hex_inrow(data, apdu.Lc)); } uint16_t sw = 0; uint32_t recvlen = 0; int res = send_desfire_cmd(&apdu, false, NULL, &recvlen, &sw, 0, true); - if (data != NULL) free(data); + if (data != NULL) { + free(data); + } if (res != PM3_SUCCESS) { PrintAndLogEx(WARNING, _RED_(" Can't create aid -> %s"), GetErrorString(res, &sw)); DropField(); @@ -1659,7 +1672,9 @@ static int handler_desfire_createapp(aidhdr_t *aidhdr, bool usename, bool usefid } static int handler_desfire_deleteapp(const uint8_t *aid) { - if (aid == NULL) return PM3_EINVARG; + if (aid == NULL) { + return PM3_EINVARG; + } sAPDU apdu = {0x90, MFDES_DELETE_APPLICATION, 0x00, 0x00, 3, (uint8_t *)aid}; // 0xDA uint16_t sw = 0; uint32_t recvlen = 0; @@ -2240,7 +2255,7 @@ static int CmdHF14ADesCreateApp(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "hf mfdes createaid", "Create Application ID", - "hf mfdes createaid -a 123456 -f 1111 -k 0E -l 2E -n Test" + "hf mfdes createaid -a 123456 -f 1111 -k 0E -l 2E --name Test" ); void *argtable[] = { @@ -2249,7 +2264,7 @@ static int CmdHF14ADesCreateApp(const char *Cmd) { arg_strx0("f", "fid", "", "File ID to create (optional)"), arg_strx0("k", "ks1", "", "Key Setting 1 (Application Master Key Settings)"), arg_strx0("l", "ks2", "", "Key Setting 2"), - arg_str0("n", "name", "", "App ISO-4 Name (optional)"), + arg_str0(NULL, "name", "", "App ISO-4 Name (optional)"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -2347,9 +2362,20 @@ static int CmdHF14ADesCreateApp(const char *Cmd) { aidhdr.keysetting1 = keysetting1[0]; aidhdr.keysetting2 = keysetting2[0]; - if (usefid) memcpy(aidhdr.fid, fid, sizeof(fid)); + if (usefid) + memcpy(aidhdr.fid, fid, sizeof(aidhdr.fid)); - if (usename) memcpy(aidhdr.name, name, sizeof(name)); + if (usename) + memcpy(aidhdr.name, name, sizeof(aidhdr.name)); + + PrintAndLogEx(INFO, "Creating AID using:"); + PrintAndLogEx(INFO, "AID %s", sprint_hex_inrow(aidhdr.aid, sizeof(aidhdr.aid))); + PrintAndLogEx(INFO, "Key set1 0x%02X", aidhdr.keysetting1); + PrintAndLogEx(INFO, "Key Set2 0x%02X", aidhdr.keysetting2); + if (usefid) + PrintAndLogEx(INFO, "FID %s", sprint_hex_inrow(aidhdr.fid, sizeof(aidhdr.fid))); + if (usename) + PrintAndLogEx(INFO, "DF Name %s", aidhdr.name); uint8_t rootaid[3] = {0x00, 0x00, 0x00}; int res = handler_desfire_select_application(rootaid); @@ -2397,7 +2423,10 @@ static int CmdHF14ADesDeleteApp(const char *Cmd) { uint8_t rootaid[3] = {0x00, 0x00, 0x00}; int res = handler_desfire_select_application(rootaid); - if (res != PM3_SUCCESS) { DropField(); return res;} + if (res != PM3_SUCCESS) { + DropField(); + return res; + } res = handler_desfire_deleteapp(aid); DropField(); if (res == PM3_SUCCESS) {