From 26e6f1a58444be030255609ff8fa13a5722947ea Mon Sep 17 00:00:00 2001
From: Jacopo Jannone <git@jacopo.io>
Date: Sun, 3 Apr 2022 02:19:56 +0200
Subject: [PATCH] Implement 14b sniff standalone mode

---
 CHANGELOG.md                    |  1 +
 armsrc/Standalone/Makefile.hal  |  4 ++-
 armsrc/Standalone/Makefile.inc  |  4 +++
 armsrc/Standalone/hf_14bsniff.c | 51 +++++++++++++++++++++++++++++++++
 4 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100755 armsrc/Standalone/hf_14bsniff.c

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ab167c103..8d10c75f6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+ - Added standalone mode for sniffing 14b (@jacopo-j)
  - Fixed `hf 14a apdu` - now don't skip first P2 iteration (@iceman1001)
  - Added `hf ntag424` - skeleton with SDM (@iceman1001)
  - Updated hf_14a_i2crevive.lua - fixed broken apdus (@Equipter)
diff --git a/armsrc/Standalone/Makefile.hal b/armsrc/Standalone/Makefile.hal
index 70c802922..c9debeef8 100644
--- a/armsrc/Standalone/Makefile.hal
+++ b/armsrc/Standalone/Makefile.hal
@@ -65,6 +65,8 @@ define KNOWN_STANDALONE_DEFINITIONS
 | HF_14ASNIFF     | 14a sniff to flashmem                  |
 | (RDV4 only)     |                                        |
 +----------------------------------------------------------+
+| HF_14BSNIFF     | 14b sniff                              |
++----------------------------------------------------------+
 | HF_15SNIFF      | 15693 sniff to flashmem (rdv4) or ram  |
 |                 |                                        |
 +----------------------------------------------------------+
@@ -116,7 +118,7 @@ define KNOWN_STANDALONE_DEFINITIONS
 endef
 
 STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID
-STANDALONE_MODES += HF_14ASNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI
+STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI
 STANDALONE_MODES_REQ_BT := HF_REBLAY
 STANDALONE_MODES_REQ_SMARTCARD :=
 STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_14ASNIFF HF_BOG HF_COLIN HF_ICECLASS HF_MFCSIM HF_LEGICSIM
diff --git a/armsrc/Standalone/Makefile.inc b/armsrc/Standalone/Makefile.inc
index ca052b576..05a63f1dd 100644
--- a/armsrc/Standalone/Makefile.inc
+++ b/armsrc/Standalone/Makefile.inc
@@ -57,6 +57,10 @@ endif
 ifneq (,$(findstring WITH_STANDALONE_HF_14ASNIFF,$(APP_CFLAGS)))
     SRC_STANDALONE = hf_14asniff.c
 endif
+# WITH_STANDALONE_HF_14BSNIFF
+ifneq (,$(findstring WITH_STANDALONE_HF_14BSNIFF,$(APP_CFLAGS)))
+    SRC_STANDALONE = hf_14bsniff.c
+endif
 # WITH_STANDALONE_HF_15SNIFF
 ifneq (,$(findstring WITH_STANDALONE_HF_15SNIFF,$(APP_CFLAGS)))
     SRC_STANDALONE = hf_15sniff.c
diff --git a/armsrc/Standalone/hf_14bsniff.c b/armsrc/Standalone/hf_14bsniff.c
new file mode 100755
index 000000000..22a0c1ee8
--- /dev/null
+++ b/armsrc/Standalone/hf_14bsniff.c
@@ -0,0 +1,51 @@
+/*
+ * `hf_14bsniff` passively sniffs ISO14b frames.
+ * *
+ * On entering stand-alone mode, this module will start sniffing ISO14b frames.
+ * This will be stored in the normal trace buffer (ie: in RAM -- will be lost
+ * at power-off).
+ *
+ * Short-pressing the button again will stop sniffing and standalone mode will
+ * exit.
+ *
+ * LEDs:
+ * - LED1: sniffing
+ * - LED2: sniffed tag command, turns off when finished sniffing reader command
+ * - LED3: sniffed reader command, turns off when finished sniffing tag command
+ *
+ * This module emits debug strings during normal operation -- so try it out in
+ * the lab connected to PM3 client before taking it into the field.
+ *
+ * Caveats / notes:
+ * - Trace buffer will be cleared on starting stand-alone mode.
+ * - This module will terminate if the trace buffer is full.
+ * - Like normal sniffing mode, timestamps overflow after 5 min 16 sec.
+ *   However, the trace buffer is sequential, so will be in the correct order.
+ */
+
+#include "standalone.h" // standalone definitions
+#include "proxmark3_arm.h"
+#include "iso14443b.h"
+#include "util.h"
+#include "appmain.h"
+#include "dbprint.h"
+#include "ticks.h"
+#include "BigBuf.h"
+
+void ModInfo(void) {
+    DbpString(" HF 14B SNIFF,  a ISO14443b sniffer");
+}
+
+void RunMod(void) {
+    StandAloneMode();
+
+    Dbprintf(_YELLOW_("HF 14B SNIFF started"));
+
+    SniffIso14443b();
+
+    Dbprintf("Stopped sniffing");
+    SpinDelay(200);
+
+    Dbprintf("-=[ exit ]=-");
+    LEDsoff();
+}