github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-07-11 15:56:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge e495771602 into 6116334485

Browse source
This commit is contained in:
g3gg0.de 2021-03-30 21:07:46 -04:00 committed by GitHub
commit 39cb41eb18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 1218 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

110
armsrc/appmain.c
View file

@ -398,7 +398,7 @@ void SendStatus(void) {
LED_A_OFF();
}
#if defined(WITH_ISO14443a_StandAlone) || defined(WITH_LF_StandAlone)
#if defined(WITH_ISO14443a_StandAlone) || defined(WITH_ISO15693_StandAlone) || defined(WITH_LF_StandAlone)
#define OPTS 2
@ -778,6 +778,106 @@ void SamyRun() {
}
}
#elif WITH_ISO15693_StandAlone
void StandAloneMode15() {
StandAloneMode();
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
int mode = 0;
bool done = false;
const char *modes[] = { "Set password", "Reveal tag", "Lock password", "Stresstest", "Bruteforce", "Quit standalone" };
Dbprintf("Starting standalone mode: Menu");
LED(0x0F, 0);
/* wait for button being released before preoceeding evaluation */
while(BUTTON_PRESS()) {
WDT_HIT();
}
while(!done) {
if(usb_poll_validate_length()) {
done = true;
continue;
}
SpinDelay(50);
usb_poll();
WDT_HIT();
LEDsoff();
switch(mode) {
case 0:
LED_A_ON();
break;
case 1:
LED_B_ON();
break;
case 2:
LED_C_ON();
break;
case 3:
LED_D_ON();
break;
case 4:
LED_D_ON();
LED_A_ON();
break;
case 5:
LED_A_ON();
LED_B_ON();
LED_C_ON();
LED_D_ON();
break;
}
switch(BUTTON_HELD(1000)) {
case BUTTON_SINGLE_CLICK:
mode++;
mode %= 6;
Dbprintf(" Menu #%d: %s", mode, modes[mode]);
break;
case BUTTON_HOLD:
Dbprintf(" Execute #%d", mode);
LEDsoff();
while(BUTTON_PRESS()) {
WDT_HIT();
}
switch(mode) {
case 0:
ChangePassSlixLIso15693(4, 0, 0x7FFD6E5B);
break;
case 1:
DisablePrivacySlixLIso15693(0x7FFD6E5B);
DisablePrivacySlixLIso15693(0x0F0F0F0F);
break;
case 2:
LockPassSlixLIso15693(4, 0x7FFD6E5B);
break;
case 3:
StressSlixLIso15693(0x0F0F0F0F, 7);
break;
case 4:
BruteforceIso15693(0x40, 0xFF);
break;
case 5:
done = true;
break;
}
LEDsoff();
while(BUTTON_PRESS()) {
WDT_HIT();
}
break;
default:
SpinDelay(50);
continue;
}
}
}
#endif
/*
@ -1095,6 +1195,10 @@ void UsbPacketReceived(UsbCommand *c) {
DirectTag15693Command(c->arg[0],c->arg[1],c->arg[2],c->d.asBytes);
break;
case CMD_ISO_15693_SLIX_L_DISABLE_PRIVACY:
DisablePrivacySlixLIso15693(c->arg[0]);
break;
case CMD_ISO_15693_FIND_AFI:
BruteforceIso15693Afi(c->arg[0]);
break;
@ -1494,6 +1598,10 @@ void __attribute__((noreturn)) AppMain(void) {
#if defined(WITH_ISO14443a) && defined(WITH_ISO14443a_StandAlone)
if (BUTTON_HELD(1000) > 0)
StandAloneMode14a();
#endif
#if defined(WITH_ISO15693) && defined(WITH_ISO15693_StandAlone)
if (BUTTON_HELD(1000) > 0)
StandAloneMode15();
#endif
}
}

1058
armsrc/iso15693.c
View file

File diff suppressed because it is too large Load diff

5
armsrc/iso15693.h
View file

@ -39,5 +39,10 @@ extern void DirectTag15693Command(uint32_t datalen, uint32_t speed, uint32_t rec
extern void SetTag15693Uid(uint8_t *uid);
extern void SetDebugIso15693(uint32_t flag);
extern bool LogTrace_ISO15693(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag);
extern void BruteforceIso15693(uint32_t start_cmd, uint32_t end_cmd);
extern void StressSlixLIso15693(uint32_t password, uint32_t flags);
extern void ChangePassSlixLIso15693(uint32_t pass_id, uint32_t old_password, uint32_t password);
extern void LockPassSlixLIso15693(uint32_t pass_id, uint32_t password);
extern void DisablePrivacySlixLIso15693(uint32_t password);
#endif

43
client/cmdhf15.c
View file

@ -263,26 +263,35 @@ static int CmdHF15Reader(const char *Cmd) {
static int CmdHF15Sim(const char *Cmd) {
char cmdp = param_getchar(Cmd, 0);
uint8_t uid[8] = {0x00};
uint8_t memory[32] = {0x00};
//E0 16 24 00 00 00 00 00
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 15 sim <UID>");
PrintAndLog("Usage: hf 15 sim <UID> [<memory>]");
PrintAndLog("");
PrintAndLog(" sample: hf 15 sim E016240000000000");
PrintAndLog(" example: hf 15 sim E016240000000000");
PrintAndLog(" hf 15 sim E016240000000000 0001020304..1D1E1F");
PrintAndLog(" ");
PrintAndLog(" sniff/decode mode: (live snooping reader commands)");
PrintAndLog(" hf 15 sim 0000000000000000");
return 0;
}
if (param_gethex(Cmd, 0, uid, 16)) {
PrintAndLog("UID must include 16 HEX symbols");
PrintAndLog("UID must have 16 HEX symbols");
return 0;
}
if (param_gethex(Cmd, 1, memory, 64)) {
PrintAndLog("you should include 32 hex bytes for the tag memory");
}
PrintAndLog("Starting simulating UID %02X %02X %02X %02X %02X %02X %02X %02X",
uid[0],uid[1],uid[2],uid[3],uid[4], uid[5], uid[6], uid[7]);
PrintAndLog("Press the button to stop simulation");
UsbCommand c = {CMD_SIMTAG_ISO_15693, {0, 0, 0}};
memcpy(c.d.asBytes,uid,8);
memcpy(&c.d.asBytes[8],memory,32);
SendCommand(&c);
return 0;
@ -297,6 +306,31 @@ static int CmdHF15Afi(const char *Cmd) {
return 0;
}
static int CmdHF15SlixDisablePrivacy(const char *Cmd)
{
char cmdp = param_getchar(Cmd, 0);
uint8_t pass[4] = {0x00};
if (cmdp == 'h' || cmdp == 'H') {
PrintAndLog("Usage: hf 15 slix_disable_privacy <pass>");
PrintAndLog("");
PrintAndLog(" example: hf 15 slix_disable_privacy 0F0F0F0F");
return 0;
}
if (param_gethex(Cmd, 0, pass, 8)) {
PrintAndLog("password must have 8 HEX symbols");
return 0;
}
PrintAndLog("Disabling privacy mode using password %02X%02X%02X%02X", pass[0], pass[1], pass[2], pass[3]);
UsbCommand c = {CMD_ISO_15693_SLIX_L_DISABLE_PRIVACY, {0, 0, 0}};
memcpy(&c.arg[0],pass,4);
SendCommand(&c);
return 0;
}
// Reads all memory pages
static int CmdHF15DumpMem(const char*Cmd) {
@ -1061,6 +1095,7 @@ static command_t CommandTable15[] = {
{"reader", CmdHF15Reader, 0, "Act like an ISO15693 reader"},
{"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"},
{"cmd", CmdHF15Cmd, 0, "Send direct commands to ISO15693 tag"},
{"slix_disable_privacy", CmdHF15SlixDisablePrivacy, 0, "Disable privacy mode on SLIX ISO15693 tag"},
{"findafi", CmdHF15Afi, 0, "Brute force AFI of an ISO15693 tag"},
{"dumpmemory", CmdHF15DumpMem, 0, "Read all memory pages of an ISO15693 tag"},
{"csetuid", CmdHF15CSetUID, 0, "Set UID for magic Chinese card"},

2
common/Makefile_Enabled_Options.common
View file

@ -3,7 +3,7 @@
# All definition lines except the last must end in a \
#
#BEGIN
APP_CFLAGS += -DWITH_ISO14443a_StandAlone \
APP_CFLAGS += -DWITH_ISO15693_StandAlone \
-DWITH_LF \
-DWITH_ISO15693 \
-DWITH_ISO14443a \

18
common/protocols.h
View file

@ -197,6 +197,24 @@ NXP/Philips CUSTOM COMMANDS
#define ISO15693_GET_SYSTEM_INFO 0x2B
#define ISO15693_READ_MULTI_SECSTATUS 0x2C
// ISO15693 MANUFACTURER CODES
#define ISO15693_MANUFACTURER_NXP 0x04
// ISO15693-3 CUSTOM NXP COMMANDS
#define ISO15693_CMD_NXP_SET_EAS 0xA2
#define ISO15693_CMD_NXP_RESET_EAS 0xA3
#define ISO15693_CMD_NXP_LOCK_EAS 0xA4
#define ISO15693_CMD_NXP_EAS_ALARM 0xA5
#define ISO15693_CMD_NXP_PASSWORD_PROTECT_EAS_AFI 0xA6
#define ISO15693_CMD_NXP_WRITE_EAS_ID 0xA7
#define ISO15693_CMD_NXP_INVENTORY_PAGE_READ 0xB0
#define ISO15693_CMD_NXP_INVENTORY_PAGE_READ_FAST 0xB1
#define ISO15693_CMD_NXP_GET_RANDOM_NUMBER 0xB2
#define ISO15693_CMD_NXP_SET_PASSWORD 0xB3
#define ISO15693_CMD_NXP_WRITE_PASSWORD 0xB4
#define ISO15693_CMD_NXP_DESTROY 0xB9
#define ISO15693_CMD_NXP_ENABLE_PRIVACY 0xBA
// ISO15693 REQUEST FLAGS
#define ISO15693_REQ_SUBCARRIER_TWO (1<<0)
#define ISO15693_REQ_DATARATE_HIGH (1<<1)

1
include/usb_cmd.h
View file

@ -146,6 +146,7 @@ typedef struct {
#define CMD_ISO_15693_DEBUG 0x0316
#define CMD_LF_SNOOP_RAW_ADC_SAMPLES 0x0317
#define CMD_CSETUID_ISO_15693 0x0318
#define CMD_ISO_15693_SLIX_L_DISABLE_PRIVACY 0x0319
// For Hitag2 transponders
#define CMD_SNOOP_HITAG 0x0370