github/RRG-Proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-08-21 05:43:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch 'pm3generic-flash' of https://github.com/Alejandro12120/proxmark3 into pm3generic-flash

Browse source
This commit is contained in:
Alejandro 2023-01-27 15:04:23 +01:00
commit f3d8a95e77
No known key found for this signature in database
GPG key ID: CDA13895591AAB58
21 changed files with 370 additions and 204 deletions
Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
## [unreleased][unreleased] ## [unreleased][unreleased]
- Added new magic gen4 cards command in docs (@McEloff)
- Added `hf tesla info` - intital information command to read TESLA cards (@iceman1001) - Added `hf tesla info` - intital information command to read TESLA cards (@iceman1001)
- Changed `hf emrtd info` - looking for lower case .bin extensions (@iceman1001) - Changed `hf emrtd info` - looking for lower case .bin extensions (@iceman1001)
- Changed `hf emrtd dump` - looking for lower case .bin extensions (@iceman1001) - Changed `hf emrtd dump` - looking for lower case .bin extensions (@iceman1001)
@ -1367,3 +1368,5 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
### Added ### Added
- iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers do not seem to enforce update. (@holiman). - iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers do not seem to enforce update. (@holiman).
- iClass decryption. Proxmark can now decrypt data on an iclass tag, but requires you to have the HID decryption key locally on your computer, as this is not bundled with the sourcecode. - iClass decryption. Proxmark can now decrypt data on an iclass tag, but requires you to have the HID decryption key locally on your computer, as this is not bundled with the sourcecode.
- `hf 15 info` can detect NTAG 5 tags
- `hf 15 info` include an EAS status check on more of the icode tags which support EAS (SLI, SLIX, SLIX-L, and SLIX-S)

12
armsrc/Standalone/Makefile.hal
View file

@ -50,12 +50,12 @@ define KNOWN_STANDALONE_DEFINITIONS
| LF_ICEHID | LF HID collector to flashmem | | LF_ICEHID | LF HID collector to flashmem |
| (RDV4 only) | | | (RDV4 only) | |
+----------------------------------------------------------+ +----------------------------------------------------------+
| LF_NEXID | LF Nexwatch collector to flashmem |
| (RDV4 only) | |
+----------------------------------------------------------+
| LF_NEDAP_SIM | LF Nedap ID simple simulator | | LF_NEDAP_SIM | LF Nedap ID simple simulator |
| | | | | |
+----------------------------------------------------------+ +----------------------------------------------------------+
| LF_NEXID | LF Nexwatch collector to flashmem |
| (RDV4 only) | |
+----------------------------------------------------------+
| LF_PROXBRUTE | HID ProxII bruteforce | | LF_PROXBRUTE | HID ProxII bruteforce |
| | - Brad Antoniewicz | | | - Brad Antoniewicz |
+----------------------------------------------------------+ +----------------------------------------------------------+
@ -125,8 +125,10 @@ define KNOWN_STANDALONE_DEFINITIONS
endef endef
STANDALONE_MODES := LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID LF_NEDAP_SIM STANDALONE_MODES := LF_SKELETON
STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI STANDALONE_MODES += LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_NEDAP_SIM LF_NEXID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE
STANDALONE_MODES += HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_TCPRST HF_TMUDFORD HF_YOUNG
STANDALONE_MODES += DANKARMULTI
STANDALONE_MODES_REQ_BT := HF_REBLAY STANDALONE_MODES_REQ_BT := HF_REBLAY
STANDALONE_MODES_REQ_SMARTCARD := STANDALONE_MODES_REQ_SMARTCARD :=
STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM STANDALONE_MODES_REQ_FLASH := LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM

136
armsrc/Standalone/Makefile.inc
View file

@ -21,6 +21,42 @@ SRC_STANDALONE = placeholder.c
ifneq (,$(findstring WITH_STANDALONE_LF_SKELETON,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_LF_SKELETON,$(APP_CFLAGS)))
SRC_STANDALONE = lf_skeleton.c SRC_STANDALONE = lf_skeleton.c
endif endif
# WITH_STANDALONE_LF_EM4100EMUL
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMUL,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100emul.c
endif
# WITH_STANDALONE_LF_EM4100RSWB
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWB,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100rswb.c
endif
# WITH_STANDALONE_LF_EM4100RSWW
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWW,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100rsww.c
endif
# WITH_STANDALONE_LF_EM4100RWC
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RWC,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100rwc.c
endif
# WITH_STANDALONE_LF_HIDBRUTE
ifneq (,$(findstring WITH_STANDALONE_LF_HIDBRUTE,$(APP_CFLAGS)))
SRC_STANDALONE = lf_hidbrute.c
endif
# WITH_STANDALONE_LF_HIDFCBRUTE
ifneq (,$(findstring WITH_STANDALONE_LF_HIDFCBRUTE,$(APP_CFLAGS)))
SRC_STANDALONE = lf_hidfcbrute.c
endif
# WITH_STANDALONE_LF_ICEHID
ifneq (,$(findstring WITH_STANDALONE_LF_ICEHID,$(APP_CFLAGS)))
SRC_STANDALONE = lf_icehid.c
endif
# WITH_STANDALONE_LF_NEDAP_SIM
ifneq (,$(findstring WITH_STANDALONE_LF_NEDAP_SIM,$(APP_CFLAGS)))
SRC_STANDALONE = lf_nedap_sim.c
endif
# WITH_STANDALONE_LF_NEXID
ifneq (,$(findstring WITH_STANDALONE_LF_NEXID,$(APP_CFLAGS)))
SRC_STANDALONE = lf_nexid.c
endif
# WITH_STANDALONE_LF_SAMYRUN # WITH_STANDALONE_LF_SAMYRUN
ifneq (,$(findstring WITH_STANDALONE_LF_SAMYRUN,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_LF_SAMYRUN,$(APP_CFLAGS)))
SRC_STANDALONE = lf_samyrun.c SRC_STANDALONE = lf_samyrun.c
@ -33,29 +69,9 @@ endif
ifneq (,$(findstring WITH_STANDALONE_LF_PROX2BRUTE,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_LF_PROX2BRUTE,$(APP_CFLAGS)))
SRC_STANDALONE = lf_prox2brute.c SRC_STANDALONE = lf_prox2brute.c
endif endif
# WITH_STANDALONE_LF_HIDBRUTE # WITH_STANDALONE_LF_THAREXDE
ifneq (,$(findstring WITH_STANDALONE_LF_HIDBRUTE,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_LF_THAREXDE,$(APP_CFLAGS)))
SRC_STANDALONE = lf_hidbrute.c SRC_STANDALONE = lf_tharexde.c
endif
# WITH_STANDALONE_LF_HIDFCBRUTE
ifneq (,$(findstring WITH_STANDALONE_LF_HIDFCBRUTE,$(APP_CFLAGS)))
SRC_STANDALONE = lf_hidfcbrute.c
endif
# WITH_STANDALONE_HF_YOUNG
ifneq (,$(findstring WITH_STANDALONE_HF_YOUNG,$(APP_CFLAGS)))
SRC_STANDALONE = hf_young.c
endif
# WITH_STANDALONE_HF_MATTYRUN
ifneq (,$(findstring WITH_STANDALONE_HF_MATTYRUN,$(APP_CFLAGS)))
SRC_STANDALONE = hf_mattyrun.c
endif
# WITH_STANDALONE_HF_COLIN
ifneq (,$(findstring WITH_STANDALONE_HF_COLIN,$(APP_CFLAGS)))
SRC_STANDALONE = vtsend.c hf_colin.c frozen.c nprintf.c
endif
# WITH_STANDALONE_HF_BOG
ifneq (,$(findstring WITH_STANDALONE_HF_BOG,$(APP_CFLAGS)))
SRC_STANDALONE = hf_bog.c
endif endif
# WITH_STANDALONE_HF_14ASNIFF # WITH_STANDALONE_HF_14ASNIFF
ifneq (,$(findstring WITH_STANDALONE_HF_14ASNIFF,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_14ASNIFF,$(APP_CFLAGS)))
@ -73,33 +89,21 @@ endif
ifneq (,$(findstring WITH_STANDALONE_HF_AVEFUL,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_AVEFUL,$(APP_CFLAGS)))
SRC_STANDALONE = hf_aveful.c SRC_STANDALONE = hf_aveful.c
endif endif
# WITH_STANDALONE_HF_TCPRST # WITH_STANDALONE_HF_BOG
ifneq (,$(findstring WITH_STANDALONE_HF_TCPRST,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_BOG,$(APP_CFLAGS)))
SRC_STANDALONE = hf_tcprst.c SRC_STANDALONE = hf_bog.c
endif endif
# WITH_STANDALONE_LF_ICEHID # WITH_STANDALONE_HF_COLIN
ifneq (,$(findstring WITH_STANDALONE_LF_ICEHID,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_COLIN,$(APP_CFLAGS)))
SRC_STANDALONE = lf_icehid.c SRC_STANDALONE = vtsend.c hf_colin.c frozen.c nprintf.c
endif endif
# WITH_STANDALONE_LF_NEXID # WITH_STANDALONE_HF_CRAFTBYTE
ifneq (,$(findstring WITH_STANDALONE_LF_NEXID,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_CRAFTBYTE,$(APP_CFLAGS)))
SRC_STANDALONE = lf_nexid.c SRC_STANDALONE = hf_craftbyte.c
endif endif
# WITH_STANDALONE_LF_EM4100EMUL # WITH_STANDALONE_HF_ICECLASS
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100EMUL,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_ICECLASS,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100emul.c SRC_STANDALONE = hf_iceclass.c
endif
# WITH_STANDALONE_LF_EM4100RSWB
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWB,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100rswb.c
endif
# WITH_STANDALONE_LF_EM4100RSWW
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RSWW,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100rsww.c
endif
# WITH_STANDALONE_LF_EM4100RWC
ifneq (,$(findstring WITH_STANDALONE_LF_EM4100RWC,$(APP_CFLAGS)))
SRC_STANDALONE = lf_em4100rwc.c
endif endif
# WITH_STANDALONE_HF_LEGIC # WITH_STANDALONE_HF_LEGIC
ifneq (,$(findstring WITH_STANDALONE_HF_LEGIC,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_LEGIC,$(APP_CFLAGS)))
@ -109,37 +113,33 @@ endif
ifneq (,$(findstring WITH_STANDALONE_HF_LEGICSIM,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_LEGICSIM,$(APP_CFLAGS)))
SRC_STANDALONE = hf_legicsim.c SRC_STANDALONE = hf_legicsim.c
endif endif
# WITH_STANDALONE_HF_MATTYRUN
ifneq (,$(findstring WITH_STANDALONE_HF_MATTYRUN,$(APP_CFLAGS)))
SRC_STANDALONE = hf_mattyrun.c
endif
# WITH_STANDALONE_HF_MFCSIM
ifneq (,$(findstring WITH_STANDALONE_HF_MFCSIM,$(APP_CFLAGS)))
SRC_STANDALONE = hf_mfcsim.c
endif
# WITH_STANDALONE_HF_MSDSAL # WITH_STANDALONE_HF_MSDSAL
ifneq (,$(findstring WITH_STANDALONE_HF_MSDSAL,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_MSDSAL,$(APP_CFLAGS)))
SRC_STANDALONE = hf_msdsal.c SRC_STANDALONE = hf_msdsal.c
endif endif
# WITH_STANDALONE_HF_ICECLASS # WITH_STANDALONE_HF_REBLAY
ifneq (,$(findstring WITH_STANDALONE_HF_ICECLASS,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_REBLAY,$(APP_CFLAGS)))
SRC_STANDALONE = hf_iceclass.c SRC_STANDALONE = hf_reblay.c
endif endif
# WITH_STANDALONE_LF_THAREXDE # WITH_STANDALONE_HF_TCPRST
ifneq (,$(findstring WITH_STANDALONE_LF_THAREXDE,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_TCPRST,$(APP_CFLAGS)))
SRC_STANDALONE = lf_tharexde.c SRC_STANDALONE = hf_tcprst.c
endif
# WITH_STANDALONE_HF_CRAFTBYTE
ifneq (,$(findstring WITH_STANDALONE_HF_CRAFTBYTE,$(APP_CFLAGS)))
SRC_STANDALONE = hf_craftbyte.c
endif endif
# WITH_STANDALONE_HF_TMUDFORD # WITH_STANDALONE_HF_TMUDFORD
ifneq (,$(findstring WITH_STANDALONE_HF_TMUDFORD,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_TMUDFORD,$(APP_CFLAGS)))
SRC_STANDALONE = hf_tmudford.c SRC_STANDALONE = hf_tmudford.c
endif endif
# WITH_STANDALONE_HF_REBLAY # WITH_STANDALONE_HF_YOUNG
ifneq (,$(findstring WITH_STANDALONE_HF_REBLAY,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_HF_YOUNG,$(APP_CFLAGS)))
SRC_STANDALONE = hf_reblay.c SRC_STANDALONE = hf_young.c
endif
# WITH_STANDALONE_HF_MFCSIM
ifneq (,$(findstring WITH_STANDALONE_HF_MFCSIM,$(APP_CFLAGS)))
SRC_STANDALONE = hf_mfcsim.c
endif
# WITH_STANDALONE_LF_NEDAP_SIM
ifneq (,$(findstring WITH_STANDALONE_LF_NEDAP_SIM,$(APP_CFLAGS)))
SRC_STANDALONE = lf_nedap_sim.c
endif endif
ifneq (,$(findstring WITH_STANDALONE_DANKARMULTI,$(APP_CFLAGS))) ifneq (,$(findstring WITH_STANDALONE_DANKARMULTI,$(APP_CFLAGS)))

10
armsrc/Standalone/lf_prox2brute.c
View file

@ -1,5 +1,5 @@
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
// Copyright (C) Brad Antoniewicz 2011 // Copyright (C) Yann Gascuel 2023
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details. // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
// //
// This program is free software: you can redistribute it and/or modify // This program is free software: you can redistribute it and/or modify
@ -57,7 +57,7 @@ void RunMod(void) {
WDT_HIT(); WDT_HIT();
// exit from SamyRun, send a usbcommand. // exit from SamyRun, send a usbcommand.
if (data_available()) { // early exit if (data_available()) { // early exit
DbpString("[=] You can take the shell back :) ..."); DbpString("[=] You can take the shell back :) ...");
LEDsoff(); LEDsoff();
return; return;
} }
@ -92,11 +92,11 @@ void RunMod(void) {
// switch leds to be able to know (aproximatly) which card number worked (64 tries loop) // switch leds to be able to know (aproximatly) which card number worked (64 tries loop)
LED_A_INV(); // switch led A every try LED_A_INV(); // switch led A every try
if ((cardnum-CARDNUM_START) % 8 == 7) // switch led B every 8 tries if ((cardnum - CARDNUM_START) % 8 == 7) // switch led B every 8 tries
LED_B_INV(); LED_B_INV();
if ((cardnum-CARDNUM_START) % 16 == 15) // switch led C every 16 tries if ((cardnum - CARDNUM_START) % 16 == 15) // switch led C every 16 tries
LED_C_INV(); LED_C_INV();
if ((cardnum-CARDNUM_START) % 32 == 31) // switch led D every 32 tries if ((cardnum - CARDNUM_START) % 32 == 31) // switch led D every 32 tries
LED_D_INV(); LED_D_INV();
} }

10
armsrc/Standalone/readme.md
View file

@ -100,6 +100,8 @@ STANDALONE_MODES_REQ_FLASH :=
STANDALONE_MODES_REQ_BT := STANDALONE_MODES_REQ_BT :=
``` ```
Please respect alphabetic order!
## Update MAKEFILE.INC ## Update MAKEFILE.INC
^[Top](#top) ^[Top](#top)
@ -117,6 +119,8 @@ ifneq (,$(findstring WITH_STANDALONE_LF_FOO,$(APP_CFLAGS)))
endif endif
``` ```
Please respect alphabetic order!
## Adding identification string of your mode ## Adding identification string of your mode
^[Top](#top) ^[Top](#top)
@ -174,9 +178,11 @@ Once you're ready to share your mode, please
* add a line in CHANGELOG.md * add a line in CHANGELOG.md
* add your mode in the modes table in `doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md` * add your mode in the modes table in `doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md`
* add your mode in `tools/build_all_firmwares.sh` * add your mode in `tools/build_all_firmwares.sh` such that it reflects `armsrc/Standalone/Makefile.hal` list of firmwares to build.
and submit your PR. Please respect alphabetic order of standalone modes everywhere!
Then submit your PR.
Once approved, add also your mode in https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode Once approved, add also your mode in https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode

11
armsrc/iso14443a.c
View file

@ -1229,6 +1229,17 @@ bool SimulateIso14443aInit(uint8_t tagType, uint16_t flags, uint8_t *data, tag_r
AddCrc14A(rPPS, sizeof(rPPS) - 2); AddCrc14A(rPPS, sizeof(rPPS) - 2);
if (tagType == 7) {
uint8_t pwd[4];
uint8_t gen_pwd[4];
uint16_t start = (*pages - 1) * 4 + MFU_DUMP_PREFIX_LENGTH;
emlGetMemBt(pwd, start, sizeof(pwd));
Uint4byteToMemBe(gen_pwd, ul_ev1_pwdgenB(data));
if (memcmp(pwd, gen_pwd, sizeof(pwd)) == 0) {
rPACK[0] = 0x80;
rPACK[1] = 0x80;
}
}
AddCrc14A(rPACK, sizeof(rPACK) - 2); AddCrc14A(rPACK, sizeof(rPACK) - 2);
static tag_response_info_t responses_init[] = { static tag_response_info_t responses_init[] = {

1
client/experimental_lib/CMakeLists.txt
View file

@ -294,6 +294,7 @@ set (TARGET_SOURCES
${PM3_ROOT}/client/src/cmdhfseos.c ${PM3_ROOT}/client/src/cmdhfseos.c
${PM3_ROOT}/client/src/cmdhfst.c ${PM3_ROOT}/client/src/cmdhfst.c
${PM3_ROOT}/client/src/cmdhfst25ta.c ${PM3_ROOT}/client/src/cmdhfst25ta.c
${PM3_ROOT}/client/src/cmdhftesla.c
${PM3_ROOT}/client/src/cmdhftexkom.c ${PM3_ROOT}/client/src/cmdhftexkom.c
${PM3_ROOT}/client/src/cmdhfthinfilm.c ${PM3_ROOT}/client/src/cmdhfthinfilm.c
${PM3_ROOT}/client/src/cmdhftopaz.c ${PM3_ROOT}/client/src/cmdhftopaz.c

10
client/luascripts/hf_mfu_amiibo_sim.lua
View file

@ -139,14 +139,10 @@ local function main(args)
-- force lock bytes, otherwise the Amiibo won't be recognized -- force lock bytes, otherwise the Amiibo won't be recognized
blocks[16] = blocks[16]:sub(1, 4)..'0FE0' blocks[16] = blocks[16]:sub(1, 4)..'0FE0'
-- add PWD and PACK if necessary -- add PWD and PACK
local uid = blocks[14]:sub(1, 6)..blocks[15]:sub(1, 8) local uid = blocks[14]:sub(1, 6)..blocks[15]:sub(1, 8)
if blocks[147] == nil or blocks[147] == '00000000' then blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55))
blocks[147] = ("%08x"):format(bxor(bxor(tonumber(sub(uid, 2, 10), 16), tonumber(sub(uid, 6, 14), 16)), 0xaa55aa55)) blocks[148] = "80800000"
end
if blocks[148] == nil or blocks[148] == '00000000' then
blocks[148] = "80800000"
end
err = LoadEmulator(uid, blocks) err = LoadEmulator(uid, blocks)
if err then return oops(err) end if err then return oops(err) end

2
client/src/cmddata.c
View file

@ -1230,7 +1230,7 @@ int FSKrawDemod(uint8_t rfLen, uint8_t invert, uint8_t fchigh, uint8_t fclow, bo
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(SUCCESS, _YELLOW_("%s") " decoded bitstream", GetFSKType(fchigh, fclow, invert)); PrintAndLogEx(SUCCESS, _YELLOW_("%s") " decoded bitstream", GetFSKType(fchigh, fclow, invert));
PrintAndLogEx(INFO, "-----------------------"); PrintAndLogEx(INFO, "-----------------------");
printDemodBuff(0, false, invert, false); printDemodBuff(0, false, false, false);
} }
goto out; goto out;
} else { } else {

165
client/src/cmdhf15.c
View file

@ -99,6 +99,7 @@ static const productName_t uidmapping[] = {
//I-Code SLIX-L [IC id = 03 + bit36 set to 1] //I-Code SLIX-L [IC id = 03 + bit36 set to 1]
{ 0xE004000000000000LL, 16, "NXP Semiconductors Germany (Philips)" }, { 0xE004000000000000LL, 16, "NXP Semiconductors Germany (Philips)" },
{ 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX) ICS2602(SLIX2)" }, { 0xE004010000000000LL, 24, "NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX) ICS2602(SLIX2)" },
{ 0xE004011800000000LL, 0xFFFFFF1800000000LL, "NXP(Philips); IC NTP53x2/NTP5210/NTA5332(NTAG 5)" },
{ 0xE004010000000000LL, 0xFFFFFF1800000000LL, "NXP(Philips); IC SL2 ICS20/ICS21(SLI)" }, { 0xE004010000000000LL, 0xFFFFFF1800000000LL, "NXP(Philips); IC SL2 ICS20/ICS21(SLI)" },
{ 0xE004011000000000LL, 0xFFFFFF1800000000LL, "NXP(Philips); IC SL2 ICS2002/ICS2102(SLIX)" }, { 0xE004011000000000LL, 0xFFFFFF1800000000LL, "NXP(Philips); IC SL2 ICS2002/ICS2102(SLIX)" },
{ 0xE004010800000000LL, 0xFFFFFF1800000000LL, "NXP(Philips); IC SL2 ICS2602(SLIX2)" }, { 0xE004010800000000LL, 0xFFFFFF1800000000LL, "NXP(Philips); IC SL2 ICS2602(SLIX2)" },
@ -651,6 +652,94 @@ static int CmdHF15Samples(const char *Cmd) {
return PM3_SUCCESS; return PM3_SUCCESS;
} }
static int NxpTestEAS(uint8_t *uid) {
uint8_t fast = 1;
uint8_t reply = 1;
PacketResponseNG resp;
uint16_t reqlen = 0;
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_EAS_ALARM;
req[reqlen++] = 0x04; // IC manufacturer code
memcpy(req + 3, uid, 8); // add UID
reqlen += 8;
AddCrc15(req, reqlen);
reqlen += 2;
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "iso15693 timeout");
} else {
PrintAndLogEx(NORMAL, "");
if (resp.length < 2) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active");
} else {
uint8_t *recv = resp.data.asBytes;
if (!(recv[0] & ISO15_RES_ERROR)) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active.");
PrintAndLogEx(INFO, " EAS sequence: %s", sprint_hex(recv + 1, 32));
}
}
}
return PM3_SUCCESS;
}
static int NxpCheckSig(uint8_t *uid) {
uint8_t fast = 1;
uint8_t reply = 1;
PacketResponseNG resp;
uint16_t reqlen = 0;
uint8_t req[PM3_CMD_DATA_SIZE] = {0};
// Check if we can also read the signature
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_READ_SIGNATURE;
req[reqlen++] = 0x04; // IC manufacturer code
memcpy(req + 3, uid, 8); // add UID
reqlen += 8;
AddCrc15(req, reqlen);
reqlen += 2;
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "iso15693 timeout");
DropField();
return PM3_ETIMEOUT;
}
DropField();
if (resp.length < 2) {
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
return PM3_EWRONGANSWER;
}
uint8_t *recv = resp.data.asBytes;
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
return PM3_EWRONGANSWER;
}
uint8_t signature[32] = {0x00};
memcpy(signature, recv + 1, 32);
nxp_15693_print_signature(uid, signature);
return PM3_SUCCESS;
}
// Get NXP system information from SLIX2 tag/VICC // Get NXP system information from SLIX2 tag/VICC
static int NxpSysInfo(uint8_t *uid) { static int NxpSysInfo(uint8_t *uid) {
@ -732,77 +821,11 @@ static int NxpSysInfo(uint8_t *uid) {
PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not")); PrintAndLogEx(INFO, " * Additional 32 bits feature flags are%s transmitted", ((recv[5] & 0x80) ? "" : " not"));
if (support_easmode) { if (support_easmode) {
reqlen = 0; NxpTestEAS(uid);
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_EAS_ALARM;
req[reqlen++] = 0x04; // IC manufacturer code
memcpy(req + 3, uid, 8); // add UID
reqlen += 8;
AddCrc15(req, reqlen);
reqlen += 2;
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "iso15693 timeout");
} else {
PrintAndLogEx(NORMAL, "");
if (resp.length < 2) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is not active");
} else {
recv = resp.data.asBytes;
if (!(recv[0] & ISO15_RES_ERROR)) {
PrintAndLogEx(INFO, " EAS (Electronic Article Surveillance) is active.");
PrintAndLogEx(INFO, " EAS sequence: %s", sprint_hex(recv + 1, 32));
}
}
}
} }
if (support_signature) { if (support_signature) {
// Check if we can also read the signature NxpCheckSig(uid);
reqlen = 0;
req[reqlen++] |= ISO15_REQ_SUBCARRIER_SINGLE | ISO15_REQ_DATARATE_HIGH | ISO15_REQ_NONINVENTORY | ISO15_REQ_ADDRESS;
req[reqlen++] = ISO15693_READ_SIGNATURE;
req[reqlen++] = 0x04; // IC manufacturer code
memcpy(req + 3, uid, 8); // add UID
reqlen += 8;
AddCrc15(req, reqlen);
reqlen += 2;
clearCommandBuffer();
SendCommandMIX(CMD_HF_ISO15693_COMMAND, reqlen, fast, reply, req, reqlen);
if (WaitForResponseTimeout(CMD_HF_ISO15693_COMMAND, &resp, 2000) == false) {
PrintAndLogEx(WARNING, "iso15693 timeout");
DropField();
return PM3_ETIMEOUT;
}
DropField();
if (resp.length < 2) {
PrintAndLogEx(WARNING, "iso15693 card doesn't answer to READ SIGNATURE command");
return PM3_EWRONGANSWER;
}
recv = resp.data.asBytes;
if ((recv[0] & ISO15_RES_ERROR) == ISO15_RES_ERROR) {
PrintAndLogEx(ERR, "iso15693 card returned error %i: %s", recv[0], TagErrorStr(recv[0]));
return PM3_EWRONGANSWER;
}
uint8_t signature[32] = {0x00};
memcpy(signature, recv + 1, 32);
nxp_15693_print_signature(uid, signature);
} }
return PM3_SUCCESS; return PM3_SUCCESS;
@ -944,6 +967,12 @@ static int CmdHF15Info(const char *Cmd) {
if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) { if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x08) {
PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info"); PrintAndLogEx(DEBUG, "SLIX2 Detected, getting NXP System Info");
return NxpSysInfo(uid); return NxpSysInfo(uid);
} else if (data[8] == 0x04 && data[7] == 0x01 && nxp_version == 0x18) { //If it is an NTAG 5
PrintAndLogEx(DEBUG, "NTAG 5 Detected, getting NXP System Info");
return NxpSysInfo(uid);
} else if (data[8] == 0x04 && (data[7] == 0x01 || data[7] == 0x02 || data[7] == 0x03)) { //If SLI, SLIX, SLIX-l, or SLIX-S check EAS status
PrintAndLogEx(DEBUG, "SLI, SLIX, SLIX-L, or SLIX-S Detected checking EAS status");
return NxpTestEAS(uid);
} }
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");

2
client/src/cmdhflist.c
View file

@ -318,7 +318,7 @@ int applyIso14443a(char *exp, size_t size, uint8_t *cmd, uint8_t cmdsize, bool i
snprintf(exp, size, "AUTH-B(%d)", cmd[1]); snprintf(exp, size, "AUTH-B(%d)", cmd[1]);
break; break;
} }
case MIFARE_MAGIC_GDM_AUTH_KEYA:{ case MIFARE_MAGIC_GDM_AUTH_KEYA: {
if (cmdsize > 3) { if (cmdsize > 3) {
snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]); snprintf(exp, size, "MAGIC AUTH-A(%d)", cmd[1]);
MifareAuthState = masNt; MifareAuthState = masNt;

4
client/src/cmdhftesla.c
View file

@ -198,12 +198,12 @@ static int info_hf_tesla(void) {
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------"); PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
PrintAndLogEx(NORMAL, ""); PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "PUBLIC KEY"); PrintAndLogEx(INFO, "PUBLIC KEY");
for (int i=0; i < 3; i++) { for (int i = 0; i < 3; i++) {
PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65)); PrintAndLogEx(INFO, "%d - %s", i, sprint_hex_inrow(pk[i], 65));
} }
if (form_factor[1] == 1) { if (form_factor[1] == 1) {
PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor))); PrintAndLogEx(INFO, "Form factor... %s (card)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
} else if (form_factor[1] == 2){ } else if (form_factor[1] == 2) {
PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor))); PrintAndLogEx(INFO, "Form factor... %s (phone app)", sprint_hex_inrow(form_factor, sizeof(form_factor)));
} }

9
client/src/pm3line_vocabulory.h
View file

@ -438,6 +438,12 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf st25ta protect" }, { 0, "hf st25ta protect" },
{ 0, "hf st25ta pwd" }, { 0, "hf st25ta pwd" },
{ 0, "hf st25ta sim" }, { 0, "hf st25ta sim" },
{ 1, "hf tesla help" },
{ 0, "hf tesla info" },
{ 1, "hf tesla list" },
{ 1, "hf texkom help" },
{ 0, "hf texkom reader" },
{ 0, "hf texkom sim" },
{ 1, "hf thinfilm help" }, { 1, "hf thinfilm help" },
{ 0, "hf thinfilm info" }, { 0, "hf thinfilm info" },
{ 1, "hf thinfilm list" }, { 1, "hf thinfilm list" },
@ -453,9 +459,6 @@ const static vocabulory_t vocabulory[] = {
{ 0, "hf topaz rdbl" }, { 0, "hf topaz rdbl" },
{ 1, "hf topaz view" }, { 1, "hf topaz view" },
{ 0, "hf topaz wrbl" }, { 0, "hf topaz wrbl" },
{ 1, "hf texkom help" },
{ 0, "hf texkom reader" },
{ 0, "hf texkom sim" },
{ 1, "hf xerox help" }, { 1, "hf xerox help" },
{ 0, "hf xerox info" }, { 0, "hf xerox info" },
{ 0, "hf xerox reader" }, { 0, "hf xerox reader" },

8
client/src/util.c
View file

@ -266,7 +266,7 @@ void print_hex_break(const uint8_t *data, const size_t len, uint8_t breaks) {
uint8_t mod = len % breaks; uint8_t mod = len % breaks;
if (mod) { if (mod) {
char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true); hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 1, true);
// add the spaces... // add the spaces...
@ -291,7 +291,7 @@ void print_hex_noascii_break(const uint8_t *data, const size_t len, uint8_t brea
uint8_t mod = len % breaks; uint8_t mod = len % breaks;
if (mod) { if (mod) {
char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 0, true); hex_to_buffer((uint8_t *)buf, data + i, mod, (sizeof(buf) - 1), 0, 0, true);
// add the spaces... // add the spaces...
@ -307,7 +307,7 @@ static void print_buffer_ex(const uint8_t *data, const size_t len, int level, ui
if ((data == NULL) || (len < 1)) if ((data == NULL) || (len < 1))
return; return;
char buf[UTIL_BUFFER_SIZE_SPRINT + 3]; char buf[UTIL_BUFFER_SIZE_SPRINT + 3] = {0};
int i; int i;
for (i = 0; i < len; i += breaks) { for (i = 0; i < len; i += breaks) {
@ -614,7 +614,7 @@ void bytes_to_bytebits(const void *src, const size_t srclen, void *dest) {
// hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii // hh,gg,ff,ee,dd,cc,bb,aa, pp,oo,nn,mm,ll,kk,jj,ii
// up to 64 bytes or 512 bits // up to 64 bytes or 512 bits
uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize) { uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize) {
static uint8_t buf[64]; static uint8_t buf[64] = {0};
memset(buf, 0x00, 64); memset(buf, 0x00, 64);
uint8_t *tmp = buf; uint8_t *tmp = buf;
for (uint8_t block = 0; block < (uint8_t)(len / blockSize); block++) { for (uint8_t block = 0; block < (uint8_t)(len / blockSize); block++) {

55
doc/commands.json
View file

@ -1101,14 +1101,16 @@
"command": "hf 14a chaining", "command": "hf 14a chaining",
"description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.", "description": "Enable/Disable ISO14443a input chaining. Maximum input length goes from ATS.",
"notes": [ "notes": [
"hf 14a chaining disable -> disable chaining", "hf 14a chaining --off -> disable chaining",
"hf 14a chaining -> show chaining enable/disable state" "hf 14a chaining -> show chaining enable/disable state"
], ],
"offline": false, "offline": false,
"options": [ "options": [
"-h, --help This help" "-h, --help This help",
"-1, --on enabled chaining",
"-0, --off disable chaining"
], ],
"usage": "hf 14a chaining [-h] [<enable/disable or 0/1>]" "usage": "hf 14a chaining [-h10]"
}, },
"hf 14a config": { "hf 14a config": {
"command": "hf 14a config", "command": "hf 14a config",
@ -2881,7 +2883,7 @@
}, },
"hf help": { "hf help": {
"command": "hf help", "command": "hf help",
"description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } texkom { Texkom RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags", "description": "-------- ----------------------- High Frequency ----------------------- 14a { ISO14443A RFIDs... } 14b { ISO14443B RFIDs... } 15 { ISO15693 RFIDs... } cipurse { Cipurse transport Cards... } epa { German Identification Card... } emrtd { Machine Readable Travel Document... } felica { ISO18092 / FeliCa RFIDs... } fido { FIDO and FIDO2 authenticators... } fudan { Fudan RFIDs... } gallagher { Gallagher DESFire RFIDs... } ksx6924 { KS X 6924 (T-Money, Snapper+) RFIDs } jooki { Jooki RFIDs... } iclass { ICLASS RFIDs... } legic { LEGIC RFIDs... } lto { LTO Cartridge Memory RFIDs... } mf { MIFARE RFIDs... } mfp { MIFARE Plus RFIDs... } mfu { MIFARE Ultralight RFIDs... } mfdes { MIFARE Desfire RFIDs... } ntag424 { NXP NTAG 4242 DNA RFIDs... } seos { SEOS RFIDs... } st25ta { ST25TA RFIDs... } tesla { TESLA Cards... } texkom { Texkom RFIDs... } thinfilm { Thinfilm RFIDs... } topaz { TOPAZ (NFC Type 1) RFIDs... } xerox { Fuji/Xerox cartridge RFIDs... } waveshare { Waveshare NFC ePaper... } ----------- --------------------- General --------------------- help This help list List protocol data in trace buffer search Search for known HF tags",
"notes": [], "notes": [],
"offline": true, "offline": true,
"options": [], "options": [],
@ -6684,6 +6686,47 @@
], ],
"usage": "hf st25ta sim [-h] -u <hex>" "usage": "hf st25ta sim [-h] -u <hex>"
}, },
"hf tesla help": {
"command": "hf tesla help",
"description": "help This help list List ISO 14443A/7816 history",
"notes": [],
"offline": true,
"options": [],
"usage": ""
},
"hf tesla info": {
"command": "hf tesla info",
"description": "Get info about TESLA Key tag",
"notes": [
"hf tesla info"
],
"offline": false,
"options": [
"-h, --help This help"
],
"usage": "hf telsa info [-h]"
},
"hf tesla list": {
"command": "hf tesla list",
"description": "Alias of `trace list -t 7816` with selected protocol data to annotate trace buffer You can load a trace from file (see `trace load -h`) or it be downloaded from device by default It accepts all other arguments of `trace list`. Note that some might not be relevant for this specific protocol",
"notes": [
"hf tesla list --frame -> show frame delay times",
"hf tesla list -1 -> use trace buffer"
],
"offline": true,
"options": [
"-h, --help This help",
"-1, --buffer use data from trace buffer",
"--frame show frame delay times",
"-c mark CRC bytes",
"-r show relative times (gap and duration)",
"-u display times in microseconds instead of clock cycles",
"-x show hexdump to convert to pcap(ng)",
"or to import into Wireshark using encapsulation type \"ISO 14443\"",
"-f, --file <fn> filename of dictionary"
],
"usage": "hf tesla list [-h1crux] [--frame] [-f <fn>]"
},
"hf texkom help": { "hf texkom help": {
"command": "hf texkom help", "command": "hf texkom help",
"description": "help This help", "description": "help This help",
@ -11760,8 +11803,8 @@
} }
}, },
"metadata": { "metadata": {
"commands_extracted": 739, "commands_extracted": 742,
"extracted_by": "PM3Help2JSON v1.00", "extracted_by": "PM3Help2JSON v1.00",
"extracted_on": "2023-01-15T01:24:39" "extracted_on": "2023-01-27T01:57:37"
} }
} }

33
doc/commands.md
View file

@ -651,6 +651,28 @@ Check column "offline" for their availability.
|`hf st25ta sim `|N |`Fake ISO 14443A/ST tag` |`hf st25ta sim `|N |`Fake ISO 14443A/ST tag`
### hf tesla
{ TESLA Cards... }
|command |offline |description
|------- |------- |-----------
|`hf tesla help `|Y |`This help`
|`hf tesla info `|N |`Tag information`
|`hf tesla list `|Y |`List ISO 14443A/7816 history`
### hf texkom
{ Texkom RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf texkom help `|Y |`This help`
|`hf texkom reader `|N |`Act like a Texkom reader`
|`hf texkom sim `|N |`Simulate a Texkom tag`
### hf thinfilm ### hf thinfilm
{ Thinfilm RFIDs... } { Thinfilm RFIDs... }
@ -682,17 +704,6 @@ Check column "offline" for their availability.
|`hf topaz wrbl `|N |`Write block` |`hf topaz wrbl `|N |`Write block`
### hf texkom
{ Texkom RFIDs... }
|command |offline |description
|------- |------- |-----------
|`hf texkom help `|Y |`This help`
|`hf texkom reader `|N |`Act like a Texkom reader`
|`hf texkom sim `|N |`Simulate a Texkom tag`
### hf xerox ### hf xerox
{ Fuji/Xerox cartridge RFIDs... } { Fuji/Xerox cartridge RFIDs... }

35
doc/magic_cards_notes.md
View file

@ -1086,10 +1086,12 @@ CF <passwd> 35 <2b ATQA><1b SAK> // Configure ATQA/SAK (swap ATQ
CF <passwd> 68 <00-02> // Configure UID length CF <passwd> 68 <00-02> // Configure UID length
CF <passwd> 69 <00-01> // (De)Activate Ultralight mode CF <passwd> 69 <00-01> // (De)Activate Ultralight mode
CF <passwd> 6A <00-03> // Select Ultralight mode CF <passwd> 6A <00-03> // Select Ultralight mode
CF <passwd> 6B <1b> // Set Ultralight and M1 maximum read/write sectors
CF <passwd> C6 // Dump configuration CF <passwd> C6 // Dump configuration
CF <passwd> CC // Factory test, returns 6666 CF <passwd> CC // Factory test, returns 6666
CF <passwd> CD <1b block number><16b block data> // Backdoor write 16b block CF <passwd> CD <1b block number><16b block data> // Backdoor write 16b block
CF <passwd> CE <1b block number> // Backdoor read 16b block CF <passwd> CE <1b block number> // Backdoor read 16b block
CF <passwd> CF <1b param> // Unknown
CF <passwd> F0 <30b configuration data> // Configure all params in one cmd CF <passwd> F0 <30b configuration data> // Configure all params in one cmd
CF <passwd> F1 <30b configuration data> // Configure all params in one cmd and fuse the configuration permanently CF <passwd> F1 <30b configuration data> // Configure all params in one cmd and fuse the configuration permanently
CF <passwd> FE <4b new_password> // change password CF <passwd> FE <4b new_password> // change password
@ -1304,6 +1306,19 @@ script run hf_mf_ultimatecard -m 02
``` ```
Now the card supports the 3DES UL-C authentication. Now the card supports the 3DES UL-C authentication.
### Set Ultralight and M1 maximum read/write sectors
^[Top](#top) ^^[Gen4](#g4top)
```
hf 14a raw -s -c -t 1000 CF<passwd>6B<1b blocks>
```
Hexadecimal, maximum sector data, default 0xFF, range 0x00-0xFF
Example: set maximum 63 blocks read/write for Mifare Classic 1K
```
hf 14a raw -s -c -t 1000 CF000000006B3F
```
### Set shadow mode (GTU) ### Set shadow mode (GTU)
^[Top](#top) ^^[Gen4](#g4top) ^[Top](#top) ^^[Gen4](#g4top)
@ -1365,6 +1380,20 @@ Example: write block0 with factory data, default pwd
hf 14a raw -s -c -t 1000 CF00000000CD00112233441C000011778185BA18000000 hf 14a raw -s -c -t 1000 CF00000000CD00112233441C000011778185BA18000000
``` ```
### Unknown command
^[Top](#top) ^^[Gen4](#g4top)
This command modifies one byte in configuration dump, but purpose one is unknown.
```
hf 14a raw -s -c -t 1000 CF<passwd>CF<1b param>
```
* `<param>`
* `??`: ???
Example:
hf 14a raw -s -c -t 1000 CF00000000CF02
### Change backdoor password ### Change backdoor password
^[Top](#top) ^^[Gen4](#g4top) ^[Top](#top) ^^[Gen4](#g4top)
@ -1391,8 +1420,10 @@ hf 14a raw -s -c -t 1000 CF<passwd>C6
``` ```
Default configuration: Default configuration:
``` ```
00000000000002000978009102DABC191010111213141516040008004F6B 00000000000002000978009102DABC191010111213141516040008006B024F6B
^^^^ ?? ^^^^ ??
^^ cf cmd cf: ?? this byte set by cmd cf<pwd>cf<param>, factory value 0x02
^^ cf cmd 6b: maximum read/write sectors, factory value 0x6b
^^ cf cmd 6a: UL mode ^^ cf cmd 6a: UL mode
^^^^^^ cf cmd 35: ATQA/SAK ^^^^^^ cf cmd 35: ATQA/SAK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cf cmd 34: ATS length & content ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cf cmd 34: ATS length & content

3
doc/md/Use_of_Proxmark/4_Advanced-compilation-parameters.md
View file

@ -111,6 +111,7 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
| LF_NEDAP_SIM | LF Nedap ID simulator | LF_NEDAP_SIM | LF Nedap ID simulator
| LF_NEXID | Nexwatch credentials detection mode - jrjgjk & Zolorah | LF_NEXID | Nexwatch credentials detection mode - jrjgjk & Zolorah
| LF_PROXBRUTE | HID ProxII bruteforce - Brad Antoniewicz | LF_PROXBRUTE | HID ProxII bruteforce - Brad Antoniewicz
| LF_PROX2BRUTE | HID ProxII bruteforce v2 - Yann Gascuel
| LF_SAMYRUN (def)| HID26 read/clone/sim - Samy Kamkar | LF_SAMYRUN (def)| HID26 read/clone/sim - Samy Kamkar
| LF_SKELETON | standalone mode skeleton - Iceman1001 | LF_SKELETON | standalone mode skeleton - Iceman1001
| LF_THAREXDE | LF EM4x50 simulator/read standalone mode - tharexde | LF_THAREXDE | LF EM4x50 simulator/read standalone mode - tharexde
@ -119,8 +120,8 @@ Here are the supported values you can assign to `STANDALONE` in `Makefile.platfo
| HF_15SNIFF | 15693 sniff storing to flashmem - Glaser | HF_15SNIFF | 15693 sniff storing to flashmem - Glaser
| HF_AVEFUL | MIFARE Ultralight read/simulation - Ave Ozkal | HF_AVEFUL | MIFARE Ultralight read/simulation - Ave Ozkal
| HF_BOG | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito | HF_BOG | 14a sniff with ULC/ULEV1/NTAG auth storing in flashmem - Bogito
| HF_CRAFTBYTE | UID stealer - Emulates scanned 14a UID - Anze Jensterle
| HF_COLIN | Mifare ultra fast sniff/sim/clone - Colin Brigato | HF_COLIN | Mifare ultra fast sniff/sim/clone - Colin Brigato
| HF_CRAFTBYTE | UID stealer - Emulates scanned 14a UID - Anze Jensterle
| HF_ICECLASS | iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem - Iceman1001 | HF_ICECLASS | iCLASS 4-1 mode sim/read & dump/loclass/glitch & config to flashmem - Iceman1001
| HF_LEGIC | HF Legic Prime Read/Store/Sim standalone - uhei | HF_LEGIC | HF Legic Prime Read/Store/Sim standalone - uhei
| HF_LEGICSIM | HF Legic Prime Simulate standalone - uhei | HF_LEGICSIM | HF Legic Prime Simulate standalone - uhei

43
include/ansi.h
View file

@ -21,18 +21,45 @@
#define AEND "\x1b[0m" #define AEND "\x1b[0m"
#define _BLUE_(s) "\x1b[34m" s AEND #define _BLACK_(s) "\x1b[30m" s AEND
#define _RED_(s) "\x1b[31m" s AEND #define _RED_(s) "\x1b[31m" s AEND
#define _GREEN_(s) "\x1b[32m" s AEND #define _GREEN_(s) "\x1b[32m" s AEND
#define _YELLOW_(s) "\x1b[33m" s AEND #define _YELLOW_(s) "\x1b[33m" s AEND
#define _MAGENTA_(s) "\x1b[35m" s AEND #define _BLUE_(s) "\x1b[34m" s AEND
#define _CYAN_(s) "\x1b[36m" s AEND #define _MAGENTA_(s) "\x1b[35m" s AEND
#define _WHITE_(s) "\x1b[37m" s AEND #define _CYAN_(s) "\x1b[36m" s AEND
#define _WHITE_(s) "\x1b[37m" s AEND
#define _BRIGHT_BLACK_(s) "\x1b[30;1m" s AEND
#define _BRIGHT_RED_(s) "\x1b[31;1m" s AEND
#define _BRIGHT_GREEN_(s) "\x1b[32;1m" s AEND
#define _BRIGHT_YELLOW_(s) "\x1b[33;1m" s AEND
#define _BRIGHT_BLUE_(s) "\x1b[34;1m" s AEND
#define _BRIGHT_MAGENTA_(s) "\x1b[35;1m" s AEND
#define _BRIGHT_CYAN_(s) "\x1b[36;1m" s AEND
#define _BRIGHT_WHITE_(s) "\x1b[37;1m" s AEND
#define _BACK_BLACK_(s) "\x1b[40m" s AEND
#define _BACK_RED_(s) "\x1b[41m" s AEND
#define _BACK_GREEN_(s) "\x1b[42m" s AEND
#define _BACK_YELLOW_(s) "\x1b[43m" s AEND
#define _BACK_BLUE_(s) "\x1b[44m" s AEND
#define _BACK_MAGENTA_(s) "\x1b[45m" s AEND
#define _BACK_CYAN_(s) "\x1b[46m" s AEND
#define _BACK_WHITE_(s) "\x1b[47m" s AEND
#define _BACK_BRIGHT_BLACK_(s) "\x1b[40;1m" s AEND
#define _BACK_BRIGHT_RED_(s) "\x1b[41;1m" s AEND
#define _BACK_BRIGHT_GREEN_(s) "\x1b[42;1m" s AEND
#define _BACK_BRIGHT_YELLOW_(s) "\x1b[43;1m" s AEND
#define _BACK_BRIGHT_BLUE_(s) "\x1b[44;1m" s AEND
#define _BACK_BRIGHT_MAGENTA_(s) "\x1b[45;1m" s AEND
#define _BACK_BRIGHT_CYAN_(s) "\x1b[46;1m" s AEND
#define _BACK_BRIGHT_WHITE_(s) "\x1b[47;1m" s AEND
#define _CLEAR_ "\x1b[2J" #define _CLEAR_ "\x1b[2J"
#define _TOP_ "\x1b[1;1f" #define _TOP_ "\x1b[1;1f"
#if defined(HAVE_READLINE) #if defined(HAVE_READLINE)
// https://wiki.hackzine.org/development/misc/readline-color-prompt.html // https://wiki.hackzine.org/development/misc/readline-color-prompt.html
// Applications may indicate that the prompt contains // Applications may indicate that the prompt contains

6
tools/build_all_firmwares.sh
View file

@ -30,8 +30,10 @@ mkdir -p "$DEST"
mv bootrom/obj/bootrom.elf "$DEST/PM3BOOTROM.elf" mv bootrom/obj/bootrom.elf "$DEST/PM3BOOTROM.elf"
# cf armsrc/Standalone/Makefile.hal # cf armsrc/Standalone/Makefile.hal
STANDALONE_MODES=(LF_SKELETON LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_PROXBRUTE LF_SAMYRUN LF_THAREXDE LF_NEXID LF_NEDAP_SIM) STANDALONE_MODES=(LF_SKELETON)
STANDALONE_MODES+=(HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_TCPRST HF_TMUDFORD HF_YOUNG HF_REBLAY DANKARMULTI) STANDALONE_MODES+=(LF_EM4100EMUL LF_EM4100RSWB LF_EM4100RSWW LF_EM4100RWC LF_HIDBRUTE LF_HIDFCBRUTE LF_ICEHID LF_NEDAP_SIM LF_NEXID LF_PROXBRUTE LF_PROX2BRUTE LF_SAMYRUN LF_THAREXDE)
STANDALONE_MODES+=(HF_14ASNIFF HF_14BSNIFF HF_15SNIFF HF_AVEFUL HF_BOG HF_COLIN HF_CRAFTBYTE HF_ICECLASS HF_LEGIC HF_LEGICSIM HF_MATTYRUN HF_MFCSIM HF_MSDSAL HF_REBLAY HF_TCPRST HF_TMUDFORD HF_YOUNG)
STANDALONE_MODES+=(DANKARMULTI)
STANDALONE_MODES_REQ_BT=(HF_REBLAY) STANDALONE_MODES_REQ_BT=(HF_REBLAY)
STANDALONE_MODES_REQ_SMARTCARD=() STANDALONE_MODES_REQ_SMARTCARD=()
STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM) STANDALONE_MODES_REQ_FLASH=(LF_HIDFCBRUTE LF_ICEHID LF_NEXID LF_THAREXDE HF_BOG HF_COLIN HF_ICECLASS HF_LEGICSIM HF_MFCSIM)