* introduced a new communication command CMD_FLASHMEM_PAGES64K to get the number of 64k pages
* "the last page" is a special, holding the dicts and some other stuff, relocated to there
* raised timeout when wiping a mem page (W25Q16 looks a bit slower than W25X20BV)
* loop all pages in Flash_WipeMemory()
Based on the work described in Dismantling iClass whitepaper.
hf iclass legbrute is tested working
hf iclass legrec is partially working: logic of operations and sequence seems to be in order and was tested on simulated data to be effective. The privilege escalation part is still not successful, but the logic should be correct.
This adds a new command "hw sethfthresh" to configure the thresholds
used inside the FPGA while demodulating ISO14443A. The thresholds
need to be increased on particularly noisy hardware, such as certain
Chinese PM3 Easy clones.
This was implemented with a new pair of RPCs CMD_HF_MIFARE_READBL_EX and CMD_HF_MIFARE_WRITEBL_EX
these RPCs support all combinations of read/write commands, wakeup, and auth options so
in time can replace the other MFC read/write commands too reduce armsrc code size
and complexity.
Also added config parsing for the gdm cfg block when reading with hf mf gdmcfg and
explicitly with hf mf gdmparsecfg.
Works when the device is running either osimage or bootloader.
- New memory reading command in osimage and bootloader.
- Extended 'hw readmem' command with length parameter, file writing and hex viewer.
- Introduced '--dumpmem' option to proxmark3 executable to support dumping from bootloader.
Simple interactive examples:
hw readmem -f flashdump
hw readmem -l 1024
CLI example:
./pm3 --dumpmem flashdump.bin
Reading from arbitrary memory ranges can be unlocked using the 'raw' option.
No need to wait for 2.5s (1s + FPGA_LOAD_WAIT_TIME) if the real-time
sampling stops.
Make sure the LF bitstream is loaded before real-time sampling so the
response of CMD_WTX won't appear.
Rename UART_TCP_CLIENT_RX_TIMEOUT_MS to UART_NET_CLIENT_RX_TIMEOUT_MS
Add UART_UDP_LOCAL_CLIENT_RX_TIMEOUT_MS for shorter timeout
Check if the target address is local in uart_open()
