diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d8885d30..21c43c33c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -70,7 +70,9 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac - Updated documentation for installation on macOS with MacPorts (@linuxgemini) - Added possible Paxton id to hitag2 tag info output - Changed `hf mf sim` - reduce 50ms threshold to 6ms for reset to idle #1974 (@net147) - - Updated `amiibo_tools.lua` with new identifiers and create a python script `update_amiibo_tools_lua.py` to automate the process in the future. (@CorySolovewicz) + - Update `amiibo_tools.lua` with new identifiers and create a python script `update_amiibo_tools_lua.py` to automate the process in the future. (@CorySolovewicz) + - Added `lf paradox sim --fc --cn` - Simulates Paradox fob from facility code and card number (jerji) + ## [Nitride.4.16191][2023-01-29] - Changed `build_all_firmwares.sh` to fit GENERIC 256kb firmware images (@doegox) diff --git a/armsrc/Standalone/hf_msdsal.c b/armsrc/Standalone/hf_msdsal.c index b0d81ff79..f97a2e57f 100644 --- a/armsrc/Standalone/hf_msdsal.c +++ b/armsrc/Standalone/hf_msdsal.c @@ -376,7 +376,7 @@ void RunMod(void) { // dynamic_response_info will be in charge of responses dynamic_response_info.response_n = 0; - + //Dbprintf("receivedCmd: %02x\n", receivedCmd); // received a REQUEST if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { @@ -399,12 +399,12 @@ void RunMod(void) { // received request for UID (cascade 1) } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { //DbpString(_YELLOW_("+") "Request for UID C1"); - p_response = &responses[RESP_INDEX_UIDC1]; + p_response = &responses[RESP_INDEX_UIDC1]; // received a SELECT (cascade 1) } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { //DbpString(_YELLOW_("+") "Request for SELECT S1"); - p_response = &responses[RESP_INDEX_SAKC1]; + p_response = &responses[RESP_INDEX_SAKC1]; // received a RATS request } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { @@ -412,7 +412,7 @@ void RunMod(void) { prevCmd = 0; //p_response = &responses[RESP_INDEX_RATS]; - static uint8_t rRATS[] = { 0x13, 0x78, 0x80, 0x72, 0x02, 0x80, 0x31, 0x80, 0x66, 0xb1, 0x84, 0x0c, 0x01, 0x6e, 0x01, 0x83, 0x00, 0x90, 0x00 }; + static uint8_t rRATS[] = { 0x13, 0x78, 0x80, 0x72, 0x02, 0x80, 0x31, 0x80, 0x66, 0xb1, 0x84, 0x0c, 0x01, 0x6e, 0x01, 0x83, 0x00, 0x90, 0x00 }; memcpy(&dynamic_response_info.response[0], rRATS, sizeof(rRATS)); dynamic_response_info.response_n = sizeof(rRATS); diff --git a/armsrc/appmain.c b/armsrc/appmain.c index 38c680050..184307042 100644 --- a/armsrc/appmain.c +++ b/armsrc/appmain.c @@ -2045,7 +2045,7 @@ static void PacketReceived(PacketCommandNG *packet) { reply_ng(CMD_USART_RX, PM3_ENODATA, NULL, 0); } - StopTicks(); + StopTicks(); BigBuf_free(); LED_B_OFF(); break; diff --git a/armsrc/iso14443a.c b/armsrc/iso14443a.c index b4730b62d..01eed12c1 100644 --- a/armsrc/iso14443a.c +++ b/armsrc/iso14443a.c @@ -1189,12 +1189,12 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r // Configure the ATQA and SAK accordingly rATQA[0] &= 0xBF; - if(tagType == 11){ - rSAKc1[0] = sak & 0xFC & 0X70; - }else{ - rSAKc1[0] = sak & 0xFB; + if (tagType == 11) { + rSAKc1[0] = sak & 0xFC & 0X70; + } else { + rSAKc1[0] = sak & 0xFB; } - + AddCrc14A(rSAKc1, sizeof(rSAKc1) - 2); *cuid = bytes_to_num(data, 4); diff --git a/armsrc/mifarecmd.c b/armsrc/mifarecmd.c index 30558541d..5dd5dfcf6 100644 --- a/armsrc/mifarecmd.c +++ b/armsrc/mifarecmd.c @@ -1300,7 +1300,7 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8 break; } */ - + uint32_t nttmp = prng_successor(nt1, 100); //NXP Mifare is typical around 840,but for some unlicensed/compatible mifare card this can be 160 for (i = 101; i < 1200; i++) { nttmp = prng_successor(nttmp, 1); @@ -1354,7 +1354,7 @@ void MifareNested(uint8_t blockNo, uint8_t keyType, uint8_t targetBlockNo, uint8 LED_C_ON(); // get crypted nonces for target sector - for (i = 0; ((i < 2) && (isOK == PM3_SUCCESS)); i++) { + for (i = 0; ((i < 2) && (isOK == PM3_SUCCESS)); i++) { // look for exactly two different nonces diff --git a/client/luascripts/hf_mf_ultimatecard.lua b/client/luascripts/hf_mf_ultimatecard.lua index 09b53937f..4bb6034ee 100644 --- a/client/luascripts/hf_mf_ultimatecard.lua +++ b/client/luascripts/hf_mf_ultimatecard.lua @@ -50,20 +50,20 @@ arguments = [[ -c read magic configuration -u UID (8-20 hexsymbols), set UID on tag -t tag type to impersonate - 1 = Mifare Mini S20 4-byte + 1 = Mifare Mini S20 4-byte 2 = Mifare Mini S20 7-byte 15 = NTAG 210 3 = Mifare Mini S20 10-byte 16 = NTAG 212 4 = Mifare 1k S50 4-byte 17 = NTAG 213 5 = Mifare 1k S50 7-byte 18 = NTAG 215 - 6 = Mifare 1k S50 10-byte 19 = NTAG 216 + 6 = Mifare 1k S50 10-byte 19 = NTAG 216 7 = Mifare 4k S70 4-byte 20 = NTAG I2C 1K 8 = Mifare 4k S70 7-byte 21 = NTAG I2C 2K 9 = Mifare 4k S70 10-byte 22 = NTAG I2C 1K PLUS *** 10 = UL - NOT WORKING FULLY 23 = NTAG I2C 2K PLUS *** 11 = UL-C - NOT WORKING FULLY 24 = NTAG 213F 12 = UL EV1 48b 25 = NTAG 216F - 13 = UL EV1 128b - *** 14 = UL Plus - NOT WORKING YET + 13 = UL EV1 128b + *** 14 = UL Plus - NOT WORKING YET -p NTAG password (8 hexsymbols), set NTAG password on tag. -a NTAG pack ( 4 hexsymbols), set NTAG pack on tag. @@ -297,7 +297,7 @@ return true, 'Ok' end --- -- calculate block0 -local function calculate_block0(useruid) +local function calculate_block0(useruid) local uidbytes = utils.ConvertHexToBytes(useruid) local i = 1 local bcc = bxor(uidbytes[i], uidbytes[i+1]); diff --git a/client/src/cmdhfmf.c b/client/src/cmdhfmf.c index afadc9e78..3dee09d3b 100644 --- a/client/src/cmdhfmf.c +++ b/client/src/cmdhfmf.c @@ -349,13 +349,13 @@ static int mf_save_keys_from_arr(uint16_t n, uint8_t *d) { uint8_t sector = 0; for (uint16_t i = 0; i < n; i++) { if (mfIsSectorTrailer(i)) { - // key A offset in ST block - memcpy(keys + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE), MIFARE_KEY_SIZE); + // key A offset in ST block + memcpy(keys + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE), MIFARE_KEY_SIZE); - // key B offset in ST block - memcpy(keys + (MIFARE_KEY_SIZE * sectors) + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE) + 10, MIFARE_KEY_SIZE); + // key B offset in ST block + memcpy(keys + (MIFARE_KEY_SIZE * sectors) + (MIFARE_KEY_SIZE * sector), d + (i * MFBLOCK_SIZE) + 10, MIFARE_KEY_SIZE); - sector++; + sector++; } } @@ -484,7 +484,7 @@ static int mf_analyse_st_block(uint8_t blockno, uint8_t *block, bool force) { * @param numSectors: size of the card * @param keyFileName: filename containing keys or NULL. */ -static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t numSectors, char *keyfn){ +static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t numSectors, char *keyfn) { // Select card to get UID/UIDLEN/ATQA/SAK information clearCommandBuffer(); @@ -517,7 +517,7 @@ static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t n size_t alen = 0, blen = 0; uint8_t *keyA, *keyB; - if (loadFileBinaryKey(keyfn, "", (void**)&keyA, (void**)&keyB, &alen, &blen) != PM3_SUCCESS) { + if (loadFileBinaryKey(keyfn, "", (void **)&keyA, (void **)&keyB, &alen, &blen) != PM3_SUCCESS) { if (keyA) { free(keyA); } @@ -607,7 +607,7 @@ static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t n received = WaitForResponseTimeout(CMD_HF_MIFARE_READBL, &resp, 1500); } else { // data block. Check if it can be read with key A or key B - if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { + if ((rights[sectorNo][data_area] == 0x03) || (rights[sectorNo][data_area] == 0x05)) { // only key B would work payload.blockno = mfFirstBlockOfSector(sectorNo) + blockNo; payload.keytype = MF_KEY_B; @@ -617,7 +617,7 @@ static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t n SendCommandNG(CMD_HF_MIFARE_READBL, (uint8_t *)&payload, sizeof(mf_readblock_t)); received = WaitForResponseTimeout(CMD_HF_MIFARE_READBL, &resp, 1500); } else { - // key A would work + // key A would work payload.blockno = mfFirstBlockOfSector(sectorNo) + blockNo; payload.keytype = current_key; memcpy(payload.key, (current_key == MF_KEY_A) ? keyA + (sectorNo * MIFARE_KEY_SIZE) : keyB + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); @@ -649,9 +649,9 @@ static int mfc_read_tag(iso14a_card_select_t *card, uint8_t *carddata, uint8_t n uint8_t *data = resp.data.asBytes; - if (mfIsSectorTrailer(blockNo)) { + if (mfIsSectorTrailer(blockNo)) { // sector trailer. Fill in the keys. - memcpy(data , keyA + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); + memcpy(data, keyA + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); memcpy(data + 10, keyB + (sectorNo * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); } @@ -1096,7 +1096,7 @@ static int CmdHF14AMfDump(const char *Cmd) { } else if (m2) { numSectors = MIFARE_2K_MAXSECTOR; bytes = MIFARE_2K_MAX_BYTES; - } else if (m4) { + } else if (m4) { numSectors = MIFARE_4K_MAXSECTOR; bytes = MIFARE_4K_MAX_BYTES; } else { @@ -1259,7 +1259,7 @@ static int CmdHF14AMfRestore(const char *Cmd) { // size_t alen = 0, blen = 0; uint8_t *keyA, *keyB; - if (loadFileBinaryKey(keyfilename, "", (void**)&keyA, (void**)&keyB, &alen, &blen) != PM3_SUCCESS) { + if (loadFileBinaryKey(keyfilename, "", (void **)&keyA, (void **)&keyB, &alen, &blen) != PM3_SUCCESS) { if (keyA) { free(keyA); } @@ -1354,7 +1354,7 @@ static int CmdHF14AMfRestore(const char *Cmd) { if (kt == MF_KEY_A) memcpy(wdata, keyA + (s * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); else - memcpy(wdata, keyB+ (s * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); + memcpy(wdata, keyB + (s * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); } else { // use default key to authenticate for the write command memcpy(wdata, default_key, MIFARE_KEY_SIZE); @@ -2518,16 +2518,16 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { sectorno = i; keytype = j; PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ] (used for nested / hardnested attack)", - i, - (j == MF_KEY_B) ? 'B' : 'A', - sprint_hex_inrow(key, sizeof(key)) - ); + i, + (j == MF_KEY_B) ? 'B' : 'A', + sprint_hex_inrow(key, sizeof(key)) + ); } else { PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ]", - i, - (j == MF_KEY_B) ? 'B' : 'A', - sprint_hex_inrow(key, sizeof(key)) - ); + i, + (j == MF_KEY_B) ? 'B' : 'A', + sprint_hex_inrow(key, sizeof(key)) + ); } ++num_found_keys; } @@ -2645,16 +2645,16 @@ static int CmdHF14AMfAutoPWN(const char *Cmd) { sectorno = i; keytype = j; PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ] (used for nested / hardnested attack)", - i, - (j == MF_KEY_B) ? 'B' : 'A', - sprint_hex_inrow(tmp_key, sizeof(tmp_key)) - ); + i, + (j == MF_KEY_B) ? 'B' : 'A', + sprint_hex_inrow(tmp_key, sizeof(tmp_key)) + ); } else { PrintAndLogEx(SUCCESS, "target sector %3u key type %c -- found valid key [ " _GREEN_("%s") " ]", - i, - (j == MF_KEY_B) ? 'B' : 'A', - sprint_hex_inrow(tmp_key, sizeof(tmp_key)) - ); + i, + (j == MF_KEY_B) ? 'B' : 'A', + sprint_hex_inrow(tmp_key, sizeof(tmp_key)) + ); } } } @@ -3839,7 +3839,7 @@ static int CmdHF14AMfSim(const char *Cmd) { if ((flags & FLAG_NR_AR_ATTACK) != FLAG_NR_AR_ATTACK) break; - + if ((resp.oldarg[0] & 0xffff) != CMD_HF_MIFARE_SIMULATE) break; @@ -3949,11 +3949,11 @@ void printKeyTableEx(size_t sectorscnt, sector_t *e_sector, uint8_t start_sector } PrintAndLogEx(SUCCESS, " " _YELLOW_("%03d") " | %03d | %s | %s | %s | %s" - , s - , mfSectorTrailerOfSector(s) - , strA, resA - , strB, resB - ); + , s + , mfSectorTrailerOfSector(s) + , strA, resA + , strB, resB + ); } PrintAndLogEx(SUCCESS, "-----+-----+--------------+---+--------------+----"); @@ -4424,7 +4424,7 @@ static int CmdHF14AMfEView(const char *Cmd) { arg_lit0(NULL, "2k", "MIFARE Classic/Plus 2k"), arg_lit0(NULL, "4k", "MIFARE Classic 4k / S70"), arg_lit0("v", "verbose", "verbose output"), - arg_lit0(NULL, "sk", "Save extracted keys to file"), + arg_lit0(NULL, "sk", "Save extracted keys to file"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); @@ -5901,7 +5901,7 @@ int CmdHFMFNDEFRead(const char *Cmd) { CLIParserFree(ctx); uint16_t ndef_aid = NDEF_MFC_AID; - if (aidlen == 2){ + if (aidlen == 2) { ndef_aid = (aid[0] << 8) + aid[1]; } @@ -6123,7 +6123,7 @@ int CmdHFMFNDEFFormat(const char *Cmd) { // size_t alen = 0, blen = 0; uint8_t *tmpA, *tmpB; - if (loadFileBinaryKey(keyFilename, "", (void**)&tmpA, (void**)&tmpB, &alen, &blen) != PM3_SUCCESS) { + if (loadFileBinaryKey(keyFilename, "", (void **)&tmpA, (void **)&tmpB, &alen, &blen) != PM3_SUCCESS) { if (tmpA) { free(tmpA); } @@ -6131,13 +6131,13 @@ int CmdHFMFNDEFFormat(const char *Cmd) { } PrintAndLogEx(INFO, "Using `" _YELLOW_("%s") "`", keyFilename); - - for (int i=0; i < numSectors; i++) { - memcpy(keyA[i], tmpA + (i *MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); - memcpy(keyB[i], tmpB + (i *MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); + + for (int i = 0; i < numSectors; i++) { + memcpy(keyA[i], tmpA + (i * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); + memcpy(keyB[i], tmpB + (i * MIFARE_KEY_SIZE), MIFARE_KEY_SIZE); } free(tmpA); - free(tmpB); + free(tmpB); } skipfile: @@ -6680,7 +6680,7 @@ static int CmdHf14AMfSuperCard(const char *Cmd) { return PM3_EINVARG; } - #define SUPER_MAX_TRACES 7 +#define SUPER_MAX_TRACES 7 uint8_t trace = 0; uint8_t traces[SUPER_MAX_TRACES][16]; @@ -7056,7 +7056,7 @@ static int CmdHF14AMfView(const char *Cmd) { arg_param_begin, arg_str1("f", "file", "", "filename of dump"), arg_lit0("v", "verbose", "verbose output"), - arg_lit0(NULL, "sk", "Save extracted keys to file"), + arg_lit0(NULL, "sk", "Save extracted keys to file"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -7964,24 +7964,24 @@ static int CmdHF14AMfValue(const char *Cmd) { "hf mf value --blk 16 -k FFFFFFFFFFFF -b --get\n" "hf mf value --blk 16 -k FFFFFFFFFFFF --res --transfer 30 --tk FFFFFFFFFFFF --> transfer block 16 value to block 30 (even if block can't be incremented by ACL)\n" "hf mf value --get -d 87D612007829EDFF87D6120011EE11EE\n" - ); + ); void *argtable[] = { - arg_param_begin, - arg_str0("k", "key", "", "key, 6 hex bytes"), - arg_lit0("a", NULL, "input key type is key A (def)"), - arg_lit0("b", NULL, "input key type is key B"), - arg_u64_0(NULL, "inc", "", "Increment value by X (0 - 2147483647)"), - arg_u64_0(NULL, "dec", "", "Decrement value by X (0 - 2147483647)"), - arg_u64_0(NULL, "set", "", "Set value to X (-2147483647 - 2147483647)"), - arg_u64_0(NULL, "transfer", "", "Transfer value to other block (after inc/dec/restore)"), - arg_str0(NULL, "tkey", "", "transfer key, 6 hex bytes (if transfer is preformed to other sector)"), - arg_lit0(NULL, "ta", "transfer key type is key A (def)"), - arg_lit0(NULL, "tb", "transfer key type is key B"), - arg_lit0(NULL, "get", "Get value from block"), - arg_lit0(NULL, "res", "Restore (copy value to card buffer, should be used with --transfer)"), - arg_int0(NULL, "blk", "", "block number"), - arg_str0("d", "data", "", "block data to extract values from (16 hex bytes)"), - arg_param_end + arg_param_begin, + arg_str0("k", "key", "", "key, 6 hex bytes"), + arg_lit0("a", NULL, "input key type is key A (def)"), + arg_lit0("b", NULL, "input key type is key B"), + arg_u64_0(NULL, "inc", "", "Increment value by X (0 - 2147483647)"), + arg_u64_0(NULL, "dec", "", "Decrement value by X (0 - 2147483647)"), + arg_u64_0(NULL, "set", "", "Set value to X (-2147483647 - 2147483647)"), + arg_u64_0(NULL, "transfer", "", "Transfer value to other block (after inc/dec/restore)"), + arg_str0(NULL, "tkey", "", "transfer key, 6 hex bytes (if transfer is preformed to other sector)"), + arg_lit0(NULL, "ta", "transfer key type is key A (def)"), + arg_lit0(NULL, "tb", "transfer key type is key B"), + arg_lit0(NULL, "get", "Get value from block"), + arg_lit0(NULL, "res", "Restore (copy value to card buffer, should be used with --transfer)"), + arg_int0(NULL, "blk", "", "block number"), + arg_str0("d", "data", "", "block data to extract values from (16 hex bytes)"), + arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -8038,7 +8038,7 @@ static int CmdHF14AMfValue(const char *Cmd) { // Action: 0 Increment, 1 - Decrement, 2 - Restore, 3 - Set, 4 - Get, 5 - Decode from data // iceman: TODO - should be enum - uint8_t action = 4; + uint8_t action = 4; uint32_t value = 0; // Need to check we only have 1 of inc/dec/set and get the value from the selected option @@ -8109,10 +8109,10 @@ static int CmdHF14AMfValue(const char *Cmd) { } // don't want to write value data and break something - if ((blockno == 0) || - (mfIsSectorTrailer(blockno)) || - (trnval == 0) || - (trnval != -1 && mfIsSectorTrailer(trnval))) { + if ((blockno == 0) || + (mfIsSectorTrailer(blockno)) || + (trnval == 0) || + (trnval != -1 && mfIsSectorTrailer(trnval))) { PrintAndLogEx(WARNING, "invalid block number, should be a data block"); return PM3_EINVARG; } @@ -8130,7 +8130,7 @@ static int CmdHF14AMfValue(const char *Cmd) { memcpy(block, (uint8_t *)&value, 4); uint8_t cmddata[34]; - memcpy(cmddata, key, sizeof(key)); + memcpy(cmddata, key, sizeof(key)); // Key == 6 data went to 10, so lets offset 9 for inc/dec if (action == 0) { @@ -8141,13 +8141,13 @@ static int CmdHF14AMfValue(const char *Cmd) { } // 00 if increment, 01 if decrement, 02 if restore - cmddata[9] = action; - + cmddata[9] = action; + if (trnval != -1) { // transfer to block - cmddata[10] = trnval; - + cmddata[10] = trnval; + memcpy(cmddata + 27, transferkey, sizeof(transferkey)); if (mfSectorNum(trnval) != mfSectorNum(blockno)) { cmddata[33] = 1; // should send nested auth @@ -8200,7 +8200,7 @@ static int CmdHF14AMfValue(const char *Cmd) { if (isok) { PrintAndLogEx(SUCCESS, "Update ... : " _GREEN_("success")); - getval = true; + getval = true; // all ok so set flag to read current value } else { PrintAndLogEx(FAILED, "Update ... : " _RED_("failed")); diff --git a/client/src/cmdhfmfhard.c b/client/src/cmdhfmfhard.c index acbf32ea5..c885e41c9 100644 --- a/client/src/cmdhfmfhard.c +++ b/client/src/cmdhfmfhard.c @@ -510,7 +510,7 @@ static char failstr[250] = ""; #endif // the probability that a random nonce has a Sum Property K -static const float p_K0[NUM_SUMS] = { +static const float p_K0[NUM_SUMS] = { 0.0290, 0.0083, 0.0006, 0.0339, 0.0048, 0.0934, 0.0119, 0.0489, 0.0602, 0.4180, 0.0602, 0.0489, 0.0119, 0.0934, 0.0048, 0.0339, 0.0006, 0.0083, 0.0290 diff --git a/client/src/cmdhfmfp.c b/client/src/cmdhfmfp.c index b079e15c1..4f956d3af 100644 --- a/client/src/cmdhfmfp.c +++ b/client/src/cmdhfmfp.c @@ -1006,7 +1006,7 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA for (uint8_t keyAB = startKeyAB; keyAB <= endKeyAB; keyAB++) { // main cycle with key check for (int i = 0; i < keyListLen; i++) { - + // allow client abort every iteration if (kbd_enter_pressed()) { PrintAndLogEx(WARNING, "\naborted via keyboard!\n"); @@ -1052,14 +1052,14 @@ static int MFPKeyCheck(uint8_t startSector, uint8_t endSector, uint8_t startKeyA selectCard = true; msleep(50); - // break out from keylist check loop, + // break out from keylist check loop, break; } if (verbose) PrintAndLogEx(WARNING, "\nsector %02d key %d [%s] res: %d", sector, keyAB, sprint_hex_inrow(keyList[i], 16), res); - // RES can be: + // RES can be: // PM3_ERFTRANS -7 // PM3_EWRONGANSWER -16 if (res == PM3_ERFTRANS) { diff --git a/client/src/cmdlf.c b/client/src/cmdlf.c index 848f6cab0..e6585d334 100644 --- a/client/src/cmdlf.c +++ b/client/src/cmdlf.c @@ -1680,7 +1680,7 @@ int CmdLFfind(const char *Cmd) { goto out; } } - if (demodParadox(true) == PM3_SUCCESS) { + if (demodParadox(true, false) == PM3_SUCCESS) { PrintAndLogEx(SUCCESS, "\nValid " _GREEN_("Paradox ID") " found!"); if (search_cont) { found++; diff --git a/client/src/cmdlfhitag.c b/client/src/cmdlfhitag.c index 23b8ac235..8cd28b842 100644 --- a/client/src/cmdlfhitag.c +++ b/client/src/cmdlfhitag.c @@ -338,7 +338,7 @@ static void printHitag2PaxtonDowngrade(const uint8_t *data) { bytes = (bytes * 0x100) + data[i]; } - for (int j = 0; j< 8; j++) { + for (int j = 0; j < 8; j++) { num = bytes & mask; skip -= 5; mask = mask >> 5; diff --git a/client/src/cmdlfparadox.c b/client/src/cmdlfparadox.c index a2fa50f11..d750efa51 100644 --- a/client/src/cmdlfparadox.c +++ b/client/src/cmdlfparadox.c @@ -20,7 +20,6 @@ #include #include #include -#include #include "commonutil.h" // ARRAYLEN #include "cmdparser.h" // command_t #include "comms.h" @@ -53,7 +52,55 @@ static const uint8_t paradox_lut[] = { // Paradox Prox demod - FSK2a RF/50 with preamble of 00001111 (then manchester encoded) // print full Paradox Prox ID and some bit format details if found -int demodParadox(bool verbose) { +// This function will calculate the bitstream for a paradox card and place the result in bs. +// It returns the calculated CRC from the fc and cn. +// CRC calculation by mwalker33 +static uint8_t GetParadoxBits(const uint32_t fc, const uint32_t cn, unsigned int *bs) { + + uint8_t manchester[13] = { 0x00 }; // check size needed + uint32_t t1; + + manchester[0] = 0x0F; // preamble + manchester[1] = 0x05; // Leading zeros - Note: from this byte on, is part of the CRC calculation + manchester[2] = 0x55; // Leading zeros its 4 bits out for the CRC, so we need to move + manchester[3] = 0x55; // Leading zeros back 4 bits once we have the crc (done below) + + // add FC + t1 = manchesterEncode2Bytes(fc); + manchester[4] = (t1 >> 8) & 0xFF; + manchester[5] = t1 & 0xFF; + + // add cn + t1 = manchesterEncode2Bytes(cn); + manchester[6] = (t1 >> 24) & 0xFF; + manchester[7] = (t1 >> 16) & 0xFF; + manchester[8] = (t1 >> 8) & 0xFF; + manchester[9] = t1 & 0xFF; + + uint8_t crc = (CRC8Maxim(manchester + 1, 9) ^ 0x6) & 0xFF; + + // add crc + t1 = manchesterEncode2Bytes(crc); + manchester[10] = (t1 >> 8) & 0xFF; + manchester[11] = t1 & 0xFF; + + // move left 4 bits left 4 bits - Now that we have the CRC we need to re-align the data. + for (int i = 1; i < 12; i++) + manchester[i] = (manchester[i] << 4) + (manchester[i + 1] >> 4); + + // Add trailing 1010 (11) + manchester[11] |= (1 << 3); + manchester[11] |= (1 << 1); + + // move into tag blocks + + for (int i = 0; i < 12; i++) + bs[1 + (i / 4)] += (manchester[i] << (8 * (3 - i % 4))); + + return crc; +} + +int demodParadox(bool verbose, bool oldChksum) { (void) verbose; // unused so far //raw fsk demod no manchester decoding no start bit finding just get binary from wave uint8_t bits[MAX_GRAPH_TRACE_LEN] = {0}; @@ -134,34 +181,39 @@ int demodParadox(bool verbose) { uint32_t fc = ((hi & 0x3) << 6) | (lo >> 26); uint32_t cardnum = (lo >> 10) & 0xFFFF; uint8_t chksum = (lo >> 2) & 0xFF; + if (oldChksum) { + // Calc CRC & Checksum + // 000088f0b - FC: 8 - Card: 36619 - Checksum: 05 - RAW: 0f55555559595aa559a5566a + // checksum? + uint8_t calc_chksum = 0x47; + uint8_t pos = 0; + for (uint8_t i = 0; i < 8; i++) { + uint8_t ice = rawhex[i + 1]; + for (uint8_t j = 0x80; j > 0; j >>= 2) { - // Calc CRC & Checksum - // 000088f0b - FC: 8 - Card: 36619 - Checksum: 05 - RAW: 0f55555559595aa559a5566a - // checksum? - uint8_t calc_chksum = 0x47; - uint8_t pos = 0; - for (uint8_t i = 0; i < 8; i++) { - - uint8_t ice = rawhex[i + 1]; - for (uint8_t j = 0x80; j > 0; j >>= 2) { - - if (ice & j) { - calc_chksum ^= paradox_lut[pos]; + if (ice & j) { + calc_chksum ^= paradox_lut[pos]; + } + pos++; } - pos++; } + uint32_t crc = CRC8Maxim(rawhex + 1, 8); + PrintAndLogEx(INFO, " FSK/MAN raw : %s", sprint_hex(rawhex, sizeof(rawhex))); + PrintAndLogEx(INFO, " raw : %s = (maxim crc8) %02x == %02x", sprint_hex(rawhex + 1, 8), crc, + calc_chksum); + // PrintAndLogEx(DEBUG, " OTHER sample CRC-8/MAXIM : 55 55 69 A5 55 6A 59 5A = FC"); } - - uint32_t crc = CRC8Maxim(rawhex + 1, 8); - PrintAndLogEx(DEBUG, " FSK/MAN raw : %s", sprint_hex(rawhex, sizeof(rawhex))); - PrintAndLogEx(DEBUG, " raw : %s = (maxim crc8) %02x == %02x", sprint_hex(rawhex + 1, 8), crc, calc_chksum); -// PrintAndLogEx(DEBUG, " OTHER sample CRC-8/MAXIM : 55 55 69 A5 55 6A 59 5A = FC"); - uint32_t rawLo = bytebits_to_byte(bits + idx + 64, 32); uint32_t rawHi = bytebits_to_byte(bits + idx + 32, 32); uint32_t rawHi2 = bytebits_to_byte(bits + idx, 32); + uint32_t blocks[4] = {0}; + uint8_t crc = GetParadoxBits(fc, cardnum, blocks); + if (chksum != crc) + PrintAndLogEx(ERR, "CRC Error! Calculated CRC is " _GREEN_("%d") " but card CRC is " _RED_("%d") ".", crc, chksum); + + PrintAndLogEx(INFO, "Paradox - ID: " _GREEN_("%x%08x") " FC: " _GREEN_("%d") " Card: " _GREEN_("%d") ", Checksum: %02x, Raw: %08x%08x%08x", hi >> 10, (hi & 0x3) << 26 | (lo >> 10), @@ -185,32 +237,37 @@ static int CmdParadoxDemod(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf paradox demod", "Try to find Paradox preamble, if found decode / descramble data", - "lf paradox demod" + "lf paradox demod --old -> Display previous checksum version" ); void *argtable[] = { arg_param_begin, + arg_lit0(NULL, "old", "optional - Display previous checksum version"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); + bool old = arg_get_lit(ctx, 1); CLIParserFree(ctx); - return demodParadox(true); + return demodParadox(true, old); } static int CmdParadoxReader(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf paradox reader", "read a Paradox tag", - "lf Paradox reader -@ -> continuous reader mode" + "lf paradox reader -@ -> continuous reader mode\n" + "lf paradox reader --old -> Display previous checksum version" ); void *argtable[] = { arg_param_begin, arg_lit0("@", NULL, "optional - continuous reader mode"), + arg_lit0(NULL, "old", "optional - Display previous checksum version"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, true); bool cm = arg_get_lit(ctx, 1); + bool old = arg_get_lit(ctx, 2); CLIParserFree(ctx); if (cm) { @@ -219,7 +276,7 @@ static int CmdParadoxReader(const char *Cmd) { do { lf_read(false, 10000); - demodParadox(!cm); + demodParadox(!cm, old); } while (cm && !kbd_enter_pressed()); return PM3_SUCCESS; @@ -230,7 +287,7 @@ static int CmdParadoxClone(const char *Cmd) { CLIParserContext *ctx; CLIParserInit(&ctx, "lf paradox clone", "clone a paradox tag to a T55x7, Q5/T5555 or EM4305/4469 tag.", - "lf paradox clone --fc 96 --cn 40426 -> encode for T55x7 tag with fc and cn\n" + "lf paradox clone --fc 96 --cn 40426 -> encode for T55x7 tag with fc and cn\n" "lf paradox clone --raw 0f55555695596a6a9999a59a -> encode for T55x7 tag\n" "lf paradox clone --raw 0f55555695596a6a9999a59a --q5 -> encode for Q5/T5555 tag\n" "lf paradox clone --raw 0f55555695596a6a9999a59a --em -> encode for EM4305/4469" @@ -263,6 +320,16 @@ static int CmdParadoxClone(const char *Cmd) { return PM3_EINVARG; } + if ((fc || cn) && raw_len != 0) { + PrintAndLogEx(FAILED, "Can't specify both FC/CN and RAW at the same time"); + return PM3_EINVARG; + } + + if (fc > 999 || cn > 99999) { + PrintAndLogEx(FAILED, "FC has a max value of 999 and CN has a max value of 99999"); + return PM3_EINVARG; + } + uint32_t blocks[4] = {0}; if (raw_len != 0) { @@ -275,44 +342,8 @@ static int CmdParadoxClone(const char *Cmd) { blocks[i] = bytes_to_num(raw + ((i - 1) * 4), sizeof(uint32_t)); } } else { - uint8_t manchester[13] = { 0x00 }; // check size needed - uint32_t t1; - - manchester[0] = 0x0F; // preamble - manchester[1] = 0x05; // Leading zeros - Note: from this byte on, is part of the CRC calculation - manchester[2] = 0x55; // Leading zeros its 4 bits out for the CRC, so we need too move - manchester[3] = 0x55; // Leading zeros back 4 bits once we have the crc (done below) - - // add FC - t1 = manchesterEncode2Bytes(fc); - manchester[4] = (t1 >> 8) & 0xFF; - manchester[5] = t1 & 0xFF; - - // add cn - t1 = manchesterEncode2Bytes(cn); - manchester[6] = (t1 >> 24) & 0xFF; - manchester[7] = (t1 >> 16) & 0xFF; - manchester[8] = (t1 >> 8) & 0xFF; - manchester[9] = t1 & 0xFF; - - uint8_t crc = (CRC8Maxim(manchester + 1, 9) ^ 0x6) & 0xFF; - - // add crc - t1 = manchesterEncode2Bytes(crc); - manchester[10] = (t1 >> 8) & 0xFF; - manchester[11] = t1 & 0xFF; - - // move left 4 bits left 4 bits - Now that we have the CRC we need to re-align the data. - for (int i = 1; i < 12; i++) - manchester[i] = (manchester[i] << 4) + (manchester[i + 1] >> 4); - - // Add trailing 1010 (11) - manchester[11] |= (1 << 3); - manchester[11] |= (1 << 1); - - // move into tag blocks - for (int i = 0; i < 12; i++) - blocks[1 + (i / 4)] += (manchester[i] << (8 * (3 - i % 4))); + //This function generates the bitstream and puts it in blocks. it returns the crc, but we don't need it here + GetParadoxBits(fc, cn, blocks); } // Paradox - FSK2a, data rate 50, 3 data blocks @@ -355,12 +386,15 @@ static int CmdParadoxSim(const char *Cmd) { CLIParserInit(&ctx, "lf paradox sim", "Enables simulation of paradox card with specified card number.\n" "Simulation runs until the button is pressed or another USB command is issued.", - "lf paradox sim --raw 0f55555695596a6a9999a59a" + "lf paradox sim --raw 0f55555695596a6a9999a59a -> simulate tag\n" + "lf paradox sim --fc 96 --cn 40426 -> simulate tag with fc and cn\n" ); void *argtable[] = { arg_param_begin, - arg_str0("r", "raw", "", " raw hex data. 12 bytes"), + arg_str0("r", "raw", "", "raw hex data. 12 bytes"), + arg_u64_0(NULL, "fc", "", "facility code"), + arg_u64_0(NULL, "cn", "", "card number"), arg_param_end }; CLIExecWithReturn(ctx, Cmd, argtable, false); @@ -369,13 +403,32 @@ static int CmdParadoxSim(const char *Cmd) { // skip first block, 3*4 = 12 bytes left uint8_t raw[12] = {0}; CLIGetHexWithReturn(ctx, 1, raw, &raw_len); + + uint32_t fc = arg_get_u32_def(ctx, 2, 0); + uint32_t cn = arg_get_u32_def(ctx, 3, 0); CLIParserFree(ctx); - if (raw_len != 12) { - PrintAndLogEx(ERR, "Data must be 12 bytes (24 HEX characters) %d", raw_len); + if ((fc || cn) && raw_len != 0) { + PrintAndLogEx(FAILED, "Can't specify both FC/CN and RAW at the same time"); return PM3_EINVARG; } + if (fc > 999 || cn > 99999) { + PrintAndLogEx(FAILED, "FC has a max value of 999 and CN has a max value of 99999"); + return PM3_EINVARG; + } + if (raw_len != 0) { + if (raw_len != 12) { + PrintAndLogEx(ERR, "Data must be 12 bytes (24 HEX characters) %d", raw_len); + return PM3_EINVARG; + } + } else { + uint32_t blocks[4] = {0}; + GetParadoxBits(fc, cn, blocks); + for (uint8_t i = 1; i < ARRAYLEN(blocks); i++) { + num_to_bytes(blocks[i], sizeof(uint32_t), raw + ((i - 1) * 4)); + } + } PrintAndLogEx(SUCCESS, "Simulating Paradox - raw " _YELLOW_("%s"), sprint_hex_inrow(raw, sizeof(raw))); uint8_t bs[sizeof(raw) * 8]; @@ -404,21 +457,8 @@ static int CmdParadoxSim(const char *Cmd) { return PM3_SUCCESS; } -/* - if (sscanf(Cmd, "%u %u", &fc, &cn) != 2) return usage_lf_paradox_sim(); - facilitycode = (fc & 0x000000FF); - cardnumber = (cn & 0x0000FFFF); - - // if ( GetParadoxBits(facilitycode, cardnumber, bs) != PM3_SUCCESS) { - // PrintAndLogEx(ERR, "Error with tag bitstream generation."); - // return 1; - // } - - PrintAndLogEx(NORMAL, "Simulating Paradox - Facility Code: %u, CardNumber: %u", facilitycode, cardnumber); - -*/ static command_t CommandTable[] = { {"help", CmdHelp, AlwaysAvailable, "This help"}, {"demod", CmdParadoxDemod, AlwaysAvailable, "demodulate a Paradox FSK tag from the GraphBuffer"}, diff --git a/client/src/cmdlfparadox.h b/client/src/cmdlfparadox.h index 010f08301..142ee19a7 100644 --- a/client/src/cmdlfparadox.h +++ b/client/src/cmdlfparadox.h @@ -22,6 +22,6 @@ int CmdLFParadox(const char *Cmd); -int demodParadox(bool verbose); +int demodParadox(bool verbose, bool oldChksum); int detectParadox(uint8_t *dest, size_t *size, int *wave_start_idx); #endif diff --git a/client/src/cmdlft55xx.c b/client/src/cmdlft55xx.c index 554658c9f..ffb90513b 100644 --- a/client/src/cmdlft55xx.c +++ b/client/src/cmdlft55xx.c @@ -4028,7 +4028,7 @@ static int CmdT55xxSniff(const char *Cmd) { if (use_graphbuf == false) { // make loop to call sniff with skip samples.. - // then build it up by adding + // then build it up by adding CmdLFSniff(""); } diff --git a/client/src/fileutils.c b/client/src/fileutils.c index d26470ed5..8fd06456e 100644 --- a/client/src/fileutils.c +++ b/client/src/fileutils.c @@ -316,9 +316,9 @@ int saveFileJSON(const char *preferredName, JSONFileType ftype, uint8_t *data, s int saveFileJSONex(const char *preferredName, JSONFileType ftype, uint8_t *data, size_t datalen, bool verbose, void (*callback)(json_t *), savePaths_t e_save_path) { if (ftype != jsfCustom) { - if (data == NULL || datalen == 0) { - return PM3_EINVARG; - } + if (data == NULL || datalen == 0) { + return PM3_EINVARG; + } } char *fileName = newfilenamemcopyEx(preferredName, ".json", e_save_path); @@ -2032,8 +2032,8 @@ int searchFile(char **foundpath, const char *pm3dir, const char *searchname, con PrintAndLogEx(FAILED, "Error - can't find `" _YELLOW_("%s") "`", filename); } } - free(filename); - return res; + free(filename); + return res; } int pm3_load_dump(const char *fn, void **pdump, size_t *dumplen, size_t maxdumplen) { @@ -2067,7 +2067,7 @@ int pm3_load_dump(const char *fn, void **pdump, size_t *dumplen, size_t maxdumpl } case MCT: { res = loadFileMCT_safe(fn, pdump, dumplen); - break; + break; } } diff --git a/client/src/mifare/mad.c b/client/src/mifare/mad.c index 49d3de065..328c2e63c 100644 --- a/client/src/mifare/mad.c +++ b/client/src/mifare/mad.c @@ -424,8 +424,8 @@ int DetectHID(uint8_t *d, uint16_t manufacture) { int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen) { - if (in == NULL || out == NULL || ilen == 0 ) { - return PM3_EINVARG; + if (in == NULL || out == NULL || ilen == 0) { + return PM3_EINVARG; } // MAD detection @@ -464,8 +464,8 @@ int convert_mad_to_arr(uint8_t *in, uint16_t ilen, uint8_t *out, uint16_t *olen) // copy to out (skip ST) memcpy(out, tmp, sizeof(tmp) - MFBLOCK_SIZE); out += sizeof(tmp) - MFBLOCK_SIZE; - *olen += sizeof(tmp) -MFBLOCK_SIZE; + *olen += sizeof(tmp) - MFBLOCK_SIZE; } } return PM3_SUCCESS; -} \ No newline at end of file +} diff --git a/client/src/nfc/ndef.c b/client/src/nfc/ndef.c index 311615c2a..09ff31945 100644 --- a/client/src/nfc/ndef.c +++ b/client/src/nfc/ndef.c @@ -313,7 +313,7 @@ static int ndefDecodeSig1(uint8_t *sig, size_t siglen) { if (sigType == stECDSA_P256) { slen = 32; } - + PrintAndLogEx(SUCCESS, "\tSignature [%u]...", intsiglen); print_hex_noascii_break(&sig[indx], intsiglen, 32); @@ -508,7 +508,7 @@ static int ndefDecodePayloadHandoverRequest(uint8_t *payload, size_t len) { PrintAndLogEx(INFO, _CYAN_("Handover Request")); uint8_t *p = payload; uint8_t major = (*(p) >> 4) & 0x0F; - uint8_t minor = *(p) & 0x0F; + uint8_t minor = *(p) & 0x0F; p++; PrintAndLogEx(INFO, "Version....... " _YELLOW_("%u.%u"), major, minor); @@ -866,7 +866,7 @@ static int ndefDecodeMime_bt(NDEFHeader_t *ndef) { uint8_t rev[6] = {0}; reverse_array_copy(ndef->Payload + 2, 6, rev); PrintAndLogEx(INFO, "BT MAC.......... " _YELLOW_("%s"), sprint_hex(rev, sizeof(rev))); - + // Let's check payload[8]. Tells us a bit about the UUID's. If 0x07 then it tells us a service UUID is 128bit switch (ndef->Payload[8]) { case 0x02: @@ -903,29 +903,29 @@ static int ndefDecodeMime_bt(NDEFHeader_t *ndef) { return PM3_SUCCESS; } -// https://raw.githubusercontent.com/haldean/ndef/master/docs/NFCForum-TS-RTD_1.0.pdf +// https://raw.githubusercontent.com/haldean/ndef/master/docs/NFCForum-TS-RTD_1.0.pdf static int ndefDecodeExternal_record(NDEFHeader_t *ndef) { - + if (ndef->TypeLen == 0) { PrintAndLogEx(INFO, "no type"); return PM3_SUCCESS; } - + if (ndef->PayloadLen == 0) { PrintAndLogEx(INFO, "no payload"); return PM3_SUCCESS; } PrintAndLogEx(INFO - , " URN... " _GREEN_("urn:nfc:ext:%.*s") - , (int)ndef->TypeLen - , ndef->Type - ); + , " URN... " _GREEN_("urn:nfc:ext:%.*s") + , (int)ndef->TypeLen + , ndef->Type + ); PrintAndLogEx(NORMAL, ""); PrintAndLogEx(INFO, "Payload [%zu]...", ndef->PayloadLen); print_hex_noascii_break(ndef->Payload, ndef->PayloadLen, 32); - + // do a character check? if (!strncmp((char *)ndef->Type, "pilet.ee:ekaart:2", ndef->TypeLen)) { PrintAndLogEx(NORMAL, ""); diff --git a/client/src/pm3line_vocabulory.h b/client/src/pm3line_vocabulory.h index e6d6dc438..ffe9c66ff 100644 --- a/client/src/pm3line_vocabulory.h +++ b/client/src/pm3line_vocabulory.h @@ -360,7 +360,8 @@ const static vocabulory_t vocabulory[] = { { 0, "hf mf gsave" }, { 0, "hf mf gsetblk" }, { 0, "hf mf gview" }, - { 0, "hf mf gdmconfig" }, + { 0, "hf mf gdmcfg" }, + { 0, "hf mf gdmsetcfg" }, { 0, "hf mf gdmsetblk" }, { 0, "hf mf ndefformat" }, { 0, "hf mf ndefread" }, diff --git a/client/update_amiibo_tools_lua.py b/client/update_amiibo_tools_lua.py index 873a6e18d..8a31b9d60 100644 --- a/client/update_amiibo_tools_lua.py +++ b/client/update_amiibo_tools_lua.py @@ -8,15 +8,15 @@ Author: Cory Solovewicz Description: This is a python script to automate what the updating of the amiibo_tools.lua -file which holds a lua table of all known amiibos. Previously updating the +file which holds a lua table of all known amiibos. Previously updating the amiibo_tools.lua was a very manual process. -This script automates the following original command: +This script automates the following original command: curl https://raw.githubusercontent.com/N3evin/AmiiboAPI/master/database/amiibo.json | jq 'del(.amiibos[].release)' | jq 'del(.characters)' | pbcopy --> transform to table -And outputs the formatted file as amiibo_tools.lua -If everything goes well, this should be an updated copy of amiibo_tools.lua -which can then be placed in the /lualibs/ directory. -The temporary amiibo.json file is then deleted +And outputs the formatted file as amiibo_tools.lua +If everything goes well, this should be an updated copy of amiibo_tools.lua +which can then be placed in the /lualibs/ directory. +The temporary amiibo.json file is then deleted Dependencies: python3 -m pip install jq @@ -25,7 +25,7 @@ How to run: python update_amiibo_tools_lua.py The script will create the file amiibo_tools.lua -After running, manually backup the original /lualibs/amiibo_tools.lua and move the +After running, manually backup the original /lualibs/amiibo_tools.lua and move the updated amiibo_tools.lua to the /lualibs/ directory. ----------------------------------------------------------------------------- """ diff --git a/doc/commands.json b/doc/commands.json index f8712fc47..efb03edd2 100644 --- a/doc/commands.json +++ b/doc/commands.json @@ -1354,9 +1354,10 @@ "offline": false, "options": [ "-h, --help This help", - "-f, --file (optional) filename, if no UID will be used as filename" + "-f, --file (optional) filename, if no UID will be used as filename", + "--ns no save to file" ], - "usage": "hf 14b dump [-h] [-f ]" + "usage": "hf 14b dump [-h] [-f ] [--ns]" }, "hf 14b help": { "command": "hf 14b help", @@ -4218,9 +4219,10 @@ "--mini MIFARE Classic Mini / S20", "--1k MIFARE Classic 1k / S50 (def)", "--2k MIFARE Classic/Plus 2k", - "--4k MIFARE Classic 4k / S70" + "--4k MIFARE Classic 4k / S70", + "--ns no save to file" ], - "usage": "hf mf dump [-h] [-f ] [-k ] [--mini] [--1k] [--2k] [--4k]" + "usage": "hf mf dump [-h] [-f ] [-k ] [--mini] [--1k] [--2k] [--4k] [--ns]" }, "hf mf ecfill": { "command": "hf mf ecfill", @@ -4368,9 +4370,10 @@ "--1k MIFARE Classic 1k / S50 (def)", "--2k MIFARE Classic/Plus 2k", "--4k MIFARE Classic 4k / S70", - "-v, --verbose verbose output" + "-v, --verbose verbose output", + "--sk Save extracted keys to file" ], - "usage": "hf mf eview [-hv] [--mini] [--1k] [--2k] [--4k]" + "usage": "hf mf eview [-hv] [--mini] [--1k] [--2k] [--4k] [--sk]" }, "hf mf fchk": { "command": "hf mf fchk", @@ -4400,18 +4403,18 @@ ], "usage": "hf mf fchk [-h] [-k ]... [--mini] [--1k] [--2k] [--4k] [--emu] [--dump] [--mem] [-f ]" }, - "hf mf gdmconfig": { - "command": "hf mf gdmconfig", + "hf mf gdmcfg": { + "command": "hf mf gdmcfg", "description": "Get configuration data from magic gen4 GDM card.", "notes": [ - "hf mf gdmconfig" + "hf mf gdmcfg" ], "offline": false, "options": [ "-h, --help This help", "-k, --key key 6 bytes" ], - "usage": "hf mf gdmconfig [-h] [-k ]" + "usage": "hf mf gdmcfg [-h] [-k ]" }, "hf mf gdmsetblk": { "command": "hf mf gdmsetblk", @@ -4431,6 +4434,19 @@ ], "usage": "hf mf gdmsetblk [-hab] --blk [-d ] [-k ] [--force]" }, + "hf mf gdmsetcfg": { + "command": "hf mf gdmsetcfg", + "description": "Set configuration data on a magic gen4 GDM card", + "notes": [ + "hf mf gdmsetcfg -d 850000000000000000005A5A00000008" + ], + "offline": false, + "options": [ + "-h, --help This help", + "-d, --data bytes to write, 16 hex bytes" + ], + "usage": "hf mf gdmsetcfg [-h] -d " + }, "hf mf gen3blk": { "command": "hf mf gen3blk", "description": "Overwrite full manufacturer block for magic Gen3 card - You can specify part of manufacturer block as 4/7-bytes for UID change only", @@ -4902,6 +4918,7 @@ "hf mf value --blk 16 -k FFFFFFFFFFFF --inc 10", "hf mf value --blk 16 -k FFFFFFFFFFFF -b --dec 10", "hf mf value --blk 16 -k FFFFFFFFFFFF -b --get", + "hf mf value --blk 16 -k FFFFFFFFFFFF --res --transfer 30 --tk FFFFFFFFFFFF -> transfer block 16 value to block 30 (even if block can't be incremented by ACL)", "hf mf value --get -d 87D612007829EDFF87D6120011EE11EE" ], "offline": true, @@ -4910,14 +4927,19 @@ "-k, --key key, 6 hex bytes", "-a input key type is key A (def)", "-b input key type is key B", - "--inc Incremenet value by X (0 - 2147483647)", - "--dec Dcrement value by X (0 - 2147483647)", + "--inc Increment value by X (0 - 2147483647)", + "--dec Decrement value by X (0 - 2147483647)", "--set Set value to X (-2147483647 - 2147483647)", + "--transfer Transfer value to other block (after inc/dec/restore)", + "--tkey transfer key, 6 hex bytes (if transfer is preformed to other sector)", + "--ta transfer key type is key A (def)", + "--tb transfer key type is key B", "--get Get value from block", + "--res Restore (copy value to card buffer, should be used with --transfer)", "--blk block number", "-d, --data block data to extract values from (16 hex bytes)" ], - "usage": "hf mf value [-hab] [-k ] [--inc ] [--dec ] [--set ] [--get] [--blk ] [-d ]" + "usage": "hf mf value [-hab] [-k ] [--inc ] [--dec ] [--set ] [--transfer ] [--tkey ] [--ta] [--tb] [--get] [--res] [--blk ] [-d ]" }, "hf mf view": { "command": "hf mf view", @@ -4929,9 +4951,10 @@ "options": [ "-h, --help This help", "-f, --file filename of dump", - "-v, --verbose verbose output" + "-v, --verbose verbose output", + "--sk Save extracted keys to file" ], - "usage": "hf mf view [-hv] -f " + "usage": "hf mf view [-hv] -f [--sk]" }, "hf mf wipe": { "command": "hf mf wipe", @@ -6146,7 +6169,7 @@ }, "hf mfp commitp": { "command": "hf mfp commitp", - "description": "Executes Commit Perso command. Can be used in SL0 mode only.", + "description": "Executes Commit Perso command. Can be used in SL0 mode only. OBS! This command will not be executed if CardConfigKey, CardMasterKey and L3SwitchKey AES keys are not written.", "notes": [ "hf mfp commitp" ], @@ -6246,9 +6269,9 @@ "-b, --keyb Use key B (def: keyA)", "-p, --plain Plain communication mode between reader and card", "--blk <0..255> Block number", - "--key Key, 16 hex bytes" + "-k, --key Key, 16 hex bytes" ], - "usage": "hf mfp rdbl [-hvbp] [-n ] --blk <0..255> [--key ]" + "usage": "hf mfp rdbl [-hvbp] [-n ] --blk <0..255> [-k ]" }, "hf mfp rdsc": { "command": "hf mfp rdsc", @@ -6335,9 +6358,10 @@ "-k, --key Key for authentication (UL-C 16 bytes, EV1/NTAG 4 bytes)", "-l Swap entered key's endianness", "-p, --page Manually set start page number to start from", - "-q, --qty Manually set number of pages to dump" + "-q, --qty Manually set number of pages to dump", + "--ns no save to file" ], - "usage": "hf mfu dump [-hl] [-f ] [-k ] [-p ] [-q ]" + "usage": "hf mfu dump [-hl] [-f ] [-k ] [-p ] [-q ] [--ns]" }, "hf mfu eload": { "command": "hf mfu eload", @@ -6565,7 +6589,7 @@ }, "hf mfu tamper": { "command": "hf mfu tamper", - "description": "Set the congiguration of the NTAG 213TT tamper feature Supports: NTAG 213TT", + "description": "Set the configuration of the NTAG 213TT tamper feature Supports: NTAG 213TT", "notes": [ "hf mfu tamper -e -> enable tamper feature", "hf mfu tamper -d -> disable tamper feature", @@ -8039,15 +8063,19 @@ "command": "lf em 4x50 brute", "description": "Tries to bruteforce the password of a EM4x50 card. Function can be stopped by pressing pm3 button.", "notes": [ - "lf em 4x50 brute --first 12330000 --last 12340000 -> tries pwds from 0x12330000 to 0x1234000000" + "lf em 4x50 brute --mode range --begin 12330000 --end 12340000 -> tries pwds from 0x12330000 to 0x12340000", + "lf em 4x50 brute --mode charset --digits --uppercase -> tries all combinations of ASCII codes for digits and uppercase letters" ], "offline": false, "options": [ "-h, --help This help", - "--first first password (start), 4 bytes, lsb", - "--last last password (stop), 4 bytes, lsb" + "--mode Bruteforce mode (range|charset)", + "--begin Range mode - start of the key range", + "--end Range mode - end of the key range", + "--digits Charset mode - include ASCII codes for digits", + "--uppercase Charset mode - include ASCII codes for uppercase letters" ], - "usage": "lf em 4x50 brute [-h] --first --last " + "usage": "lf em 4x50 brute [-h] --mode [--begin ] [--end ] [--digits] [--uppercase]" }, "lf em 4x50 chk": { "command": "lf em 4x50 chk", @@ -9630,13 +9658,14 @@ "command": "lf paradox demod", "description": "Try to find Paradox preamble, if found decode / descramble data", "notes": [ - "lf paradox demod" + "lf paradox demod --old -> Display previous checksum version" ], "offline": true, "options": [ - "-h, --help This help" + "-h, --help This help", + "--old optional - Display previous checksum version" ], - "usage": "lf paradox demod [-h]" + "usage": "lf paradox demod [-h] [--old]" }, "lf paradox help": { "command": "lf paradox help", @@ -9650,27 +9679,32 @@ "command": "lf paradox reader", "description": "read a Paradox tag", "notes": [ - "lf Paradox reader -@ -> continuous reader mode" + "lf paradox reader -@ -> continuous reader mode", + "lf paradox reader --old -> Display previous checksum version" ], "offline": false, "options": [ "-h, --help This help", - "-@ optional - continuous reader mode" + "-@ optional - continuous reader mode", + "--old optional - Display previous checksum version" ], - "usage": "lf paradox reader [-h@]" + "usage": "lf paradox reader [-h@] [--old]" }, "lf paradox sim": { "command": "lf paradox sim", "description": "Enables simulation of paradox card with specified card number. Simulation runs until the button is pressed or another USB command is issued.", "notes": [ - "lf paradox sim --raw 0f55555695596a6a9999a59a" + "lf paradox sim --raw 0f55555695596a6a9999a59a -> simulate tag", + "lf paradox sim --fc 96 --cn 40426 -> simulate tag with fc and cn" ], "offline": false, "options": [ "-h, --help This help", - "-r, --raw raw hex data. 12 bytes" + "-r, --raw raw hex data. 12 bytes", + "--fc facility code", + "--cn card number" ], - "usage": "lf paradox sim [-h] [-r ]" + "usage": "lf paradox sim [-h] [-r ] [--fc ] [--cn ]" }, "lf pcf7931 config": { "command": "lf pcf7931 config", @@ -10199,12 +10233,13 @@ "-f, --file filename (default is generated on blk 0)", "-o, --override override, force pwd read despite danger to card", "-p, --pwd password (4 hex bytes)", + "--ns no save", "--r0 downlink - fixed bit length", "--r1 downlink - long leading reference", "--r2 downlink - leading zero", "--r3 downlink - 1 of 4 coding reference" ], - "usage": "lf t55xx dump [-ho] [-f ] [-p ] [--r0] [--r1] [--r2] [--r3]" + "usage": "lf t55xx dump [-ho] [-f ] [-p ] [--ns] [--r0] [--r1] [--r2] [--r3]" }, "lf t55xx help": { "command": "lf t55xx help", @@ -10867,7 +10902,7 @@ "options": [ "-h, --help This help", "-f, --file SPIFFS file to view", - "-c, --cols column breaks (def 32)" + "-c, --cols column breaks (def 16)" ], "usage": "mem spiffs view [-h] -f [-c ]" }, @@ -11592,7 +11627,7 @@ }, "script help": { "command": "script help", - "description": "This is a feature to run Lua/Cmd/Python scripts. You can place scripts within the luascripts/cmdscripts/pyscripts folders. --------------------------------------------------------------------------------------- script list available offline: yes", + "description": "This is a feature to run Lua/Cmd scripts. You can place scripts within the luascripts/cmdscripts folders. --------------------------------------------------------------------------------------- script list available offline: yes", "notes": [], "offline": true, "options": [], @@ -11987,8 +12022,9 @@ } }, "metadata": { - "commands_extracted": 754, + "commands_extracted": 755, "extracted_by": "PM3Help2JSON v1.00", - "extracted_on": "2023-03-26T15:04:49" + "extracted_on": "2023-06-04T15:36:56" + } -} +} \ No newline at end of file diff --git a/doc/commands.md b/doc/commands.md index 487cea0c9..938413fa8 100644 --- a/doc/commands.md +++ b/doc/commands.md @@ -523,7 +523,8 @@ Check column "offline" for their availability. |`hf mf gsave `|N |`Save dump from card into file or emulator` |`hf mf gsetblk `|N |`Write block to card` |`hf mf gview `|N |`View card` -|`hf mf gdmconfig `|N |`Read config block from card` +|`hf mf gdmcfg `|N |`Read config block from card` +|`hf mf gdmsetcfg `|N |`Write config block to card` |`hf mf gdmsetblk `|N |`Write block to card` |`hf mf ndefformat `|N |`Format MIFARE Classic Tag as NFC Tag` |`hf mf ndefread `|N |`Read and print NDEF records from card` @@ -568,7 +569,7 @@ Check column "offline" for their availability. |`hf mfu restore `|N |`Restore a dump onto a MFU MAGIC tag` |`hf mfu view `|Y |`Display content from tag dump file` |`hf mfu wrbl `|N |`Write block` -|`hf mfu tamper `|N |`Cofigure the tamper feature on an NTAG 213TT` +|`hf mfu tamper `|N |`Configure the tamper feature on an NTAG 213TT` |`hf mfu eload `|N |`Load Ultralight dump file into emulator memory` |`hf mfu esave `|N |`Save Ultralight dump file from emulator memory` |`hf mfu eview `|N |`View emulator memory` @@ -874,7 +875,7 @@ Check column "offline" for their availability. |command |offline |description |------- |------- |----------- |`lf em 4x50 help `|Y |`This help` -|`lf em 4x50 brute `|N |`Simple bruteforce attack to find password` +|`lf em 4x50 brute `|N |`Bruteforce attack to find password` |`lf em 4x50 chk `|N |`Check passwords from dictionary` |`lf em 4x50 dump `|N |`Dump EM4x50 tag` |`lf em 4x50 info `|N |`Tag information`