github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-22 22:23:38 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Syncing

Browse source
This commit is contained in:
Fl0-0 2017-09-26 15:44:07 +02:00
commit 3c023857e4
22 changed files with 495 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -7,6 +7,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
### Changed
- Improved backdoor detection missbehaving magic s50/1k tag (Fl0-0)
- Deleted wipe functionality from `hf mf csetuid` (Merlok)
### Fixed
@ -17,6 +18,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
- Added backdoor detection for gen1b magic s70/4k tag (Fl0-0)
- Added data fsktonrz, a fsk cleaning/demodulating routine for weak fsk signal. Note: follow this up with a `data rawdemod nr` to finish demoding your signal. (marshmellow)
- Added lf em 410xbrute, LF EM410x reader bruteforce attack by simulating UIDs from a file (Fl0-0)
- Added `hf mf cwipe` command. It wipes "magic Chinese" card. For 1a generation it uses card's "wipe" command. For gen1a and gen1b it uses a write command. (Merlok)
## [3.0.1][2017-06-08]

14
armsrc/appmain.c
View file

@ -1199,6 +1199,9 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
// Work with "magic Chinese" card
case CMD_MIFARE_CWIPE:
MifareCWipe(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
case CMD_MIFARE_CSETBLOCK:
MifareCSetBlock(c->arg[0], c->arg[1], c->arg[2], c->d.asBytes);
break;
@ -1294,6 +1297,15 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
case CMD_DOWNLOADED_SIM_SAMPLES_125K: {
// iceman; since changing fpga_bitstreams clears bigbuff, Its better to call it before.
// to be able to use this one for uploading data to device
// arg1 = 0 upload for LF usage
// 1 upload for HF usage
if (c->arg[1] == 0)
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
else
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
uint8_t *b = BigBuf_get_addr();
memcpy(b+c->arg[0], c->d.asBytes, USB_CMD_DATA_SIZE);
cmd_send(CMD_ACK,0,0,0,0,0);
@ -1304,7 +1316,7 @@ void UsbPacketReceived(uint8_t *packet, int len)
break;
case CMD_SET_LF_DIVISOR:
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, c->arg[0]);
break;

3
armsrc/apps.h
View file

@ -134,7 +134,8 @@ void MifareEMemClr(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain)
void MifareEMemSet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareEMemGet(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain); // Work with "magic Chinese" card
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCGetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
void MifareCIdent(); // is "magic chinese" card?
void MifareUSetPwd(uint8_t arg0, uint8_t *datain);

10
armsrc/lfops.c
View file

@ -387,8 +387,8 @@ void SimulateTagLowFrequency(int period, int gap, int ledcontrol)
int i;
uint8_t *tab = BigBuf_get_addr();
//note this may destroy the bigbuf so be sure this is called before now...
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
//note FpgaDownloadAndGo destroys the bigbuf so be sure this is called before now...
//FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_EDGE_DETECT);
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT | GPIO_SSC_CLK;
@ -1417,10 +1417,10 @@ void CopyIndala224toT55x7(uint32_t uid1, uint32_t uid2, uint32_t uid3, uint32_t
//Program the 7 data blocks for supplied 224bit UID
uint32_t data[] = {0, uid1, uid2, uid3, uid4, uid5, uid6, uid7};
// and the block 0 for Indala224 format
//Config for Indala (RF/32;PSK1 with RF/2;Maxblock=7)
data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK1 | (7 << T55x7_MAXBLOCK_SHIFT);
//Config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
data[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
//TODO add selection of chip for Q5 or T55x7
// data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK1 | 7 << T5555_MAXBLOCK_SHIFT;
// data[0] = (((32-2)>>1)<<T5555_BITRATE_SHIFT) | T5555_MODULATION_PSK2 | 7 << T5555_MAXBLOCK_SHIFT;
WriteT55xx(data, 0, 8);
//Alternative config for Indala (Extended mode;RF/32;PSK1 with RF/2;Maxblock=7;Inverse data)
// T5567WriteBlock(0x603E10E2,0);

146
armsrc/mifarecmd.c
View file

@ -1170,6 +1170,143 @@ void MifareECardLoad(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
// Work with "magic Chinese" card (email him: ouyangweidaxian@live.cn)
//
//-----------------------------------------------------------------------------
static bool isBlockTrailer(int blockN) {
if (blockN >= 0 && blockN < 128) {
return ((blockN & 0x03) == 0x03);
}
if (blockN >= 128 && blockN <= 256) {
return ((blockN & 0x0F) == 0x0F);
}
return FALSE;
}
void MifareCWipe(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
// var
byte_t isOK = 0;
uint32_t numBlocks = arg0;
// cmdParams:
// bit 0 - wipe gen1a
// bit 1 - fill card with default data
// bit 2 - gen1a = 0, gen1b = 1
uint8_t cmdParams = arg1;
bool needWipe = cmdParams & 0x01;
bool needFill = cmdParams & 0x02;
bool gen1b = cmdParams & 0x04;
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
uint8_t block0[16] = {0x01, 0x02, 0x03, 0x04, 0x04, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xBE, 0xAF};
uint8_t block1[16] = {0x00};
uint8_t blockK[16] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x08, 0x77, 0x8F, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
uint8_t d_block[18] = {0x00};
// card commands
uint8_t wupC1[] = { 0x40 };
uint8_t wupC2[] = { 0x43 };
uint8_t wipeC[] = { 0x41 };
// iso14443 setup
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
// tracing
clear_trace();
set_tracing(true);
while (true){
// wipe
if (needWipe){
ReaderTransmitBitsPar(wupC1,7,0, NULL);
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
break;
};
ReaderTransmit(wipeC, sizeof(wipeC), NULL);
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("wipeC error");
break;
};
if(mifare_classic_halt(NULL, 0)) {
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");
};
};
// put default data
if (needFill){
// select commands
ReaderTransmitBitsPar(wupC1, 7, 0, NULL);
// gen1b magic tag : do no issue wupC2 and don't expect 0x0a response after SELECT_UID (after getting UID from chip in 'hf mf csetuid' command)
if (!gen1b) {
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("wupC1 error");
break;
};
ReaderTransmit(wupC2, sizeof(wupC2), NULL);
if(!ReaderReceive(receivedAnswer, receivedAnswerPar) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("wupC2 error");
break;
};
}
// send blocks command
for (int blockNo = 0; blockNo < numBlocks; blockNo++) {
if ((mifare_sendcmd_short(NULL, 0, 0xA0, blockNo, receivedAnswer, receivedAnswerPar, NULL) != 1) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("write block send command error");
break;
};
// check type of block and add crc
if (!isBlockTrailer(blockNo)){
memcpy(d_block, block1, 16);
} else {
memcpy(d_block, blockK, 16);
}
if (blockNo == 0) {
memcpy(d_block, block0, 16);
}
AppendCrc14443a(d_block, 16);
// send write command
ReaderTransmit(d_block, sizeof(d_block), NULL);
if ((ReaderReceive(receivedAnswer, receivedAnswerPar) != 1) || (receivedAnswer[0] != 0x0a)) {
if (MF_DBGLEVEL >= 1) Dbprintf("write block send data error");
break;
};
}
// halt
// do no issue halt command for gen1b
if (!gen1b) {
if (mifare_classic_halt(NULL, 0)) {
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");
break;
}
}
}
break;
}
// send USB response
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,NULL,0);
LED_B_OFF();
// reset fpga
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
return;
}
void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain){
// params
@ -1214,13 +1351,14 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
if (workFlags & 0x01) {
if(!iso14443a_select_card(uid, NULL, &cuid, true, 0)) {
if (MF_DBGLEVEL >= 1) Dbprintf("Can't select card");
break;
// Continue, if we set wrong UID or wrong UID checksum or some ATQA or SAK we will can't select card. But we need to write block 0 to make card work.
//break;
};
if(mifare_classic_halt(NULL, cuid)) {
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");
// Continue, some magic tags misbehavies and send an answer to it.
// break;
// break;
};
};
@ -1239,7 +1377,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
break;
};
if(mifare_classic_halt(NULL, cuid)) {
if(mifare_classic_halt(NULL, 0)) {
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");
// Continue, some magic tags misbehavies and send an answer to it.
// break;
@ -1283,7 +1421,7 @@ void MifareCSetBlock(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datai
if (workFlags & 0x04) {
// do no issue halt command for gen1b magic tag (#db# halt error. response len: 1)
if (!(workFlags & 0x40)) {
if (mifare_classic_halt(NULL, cuid)) {
if (mifare_classic_halt(NULL, 0)) {
if (MF_DBGLEVEL > 2) Dbprintf("Halt error");
// Continue, some magic tags misbehavies and send an answer to it.
// break;

11
client/Makefile
View file

@ -184,14 +184,21 @@ MULTIARCHOBJS = $(MULTIARCHSRCS:%.c=$(OBJDIR)/%_NOSIMD.o) \
$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX.o) \
$(MULTIARCHSRCS:%.c=$(OBJDIR)/%_AVX2.o)
GCC_GTEQ_490 := $(shell expr `gcc --version | awk '/gcc/{print $$NF;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 40900)
GCC_VERSION := $(shell gcc --version | awk '/gcc/{print $$NF;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
CLANG_VERSION := $(shell gcc --version | awk '/Apple LLVM version/{print $$4;}' | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/')
ifneq ($(CLANG_VERSION), )
SUPPORTS_AVX512 := $(shell [ $(CLANG_VERSION) -ge 80000 ] && echo "True" )
endif
ifneq ($(GCC_VERSION), )
SUPPORTS_AVX512 := $(shell [ $(GCC_VERSION) -ge 40900 ] && echo "True" )
endif
HARD_SWITCH_NOSIMD = -mno-mmx -mno-sse2 -mno-avx -mno-avx2
HARD_SWITCH_MMX = -mmmx -mno-sse2 -mno-avx -mno-avx2
HARD_SWITCH_SSE2 = -mmmx -msse2 -mno-avx -mno-avx2
HARD_SWITCH_AVX = -mmmx -msse2 -mavx -mno-avx2
HARD_SWITCH_AVX2 = -mmmx -msse2 -mavx -mavx2
HARD_SWITCH_AVX512 = -mmmx -msse2 -mavx -mavx2 -mavx512f
ifeq "$(GCC_GTEQ_490)" "1"
ifeq "$(SUPPORTS_AVX512)" "True"
HARD_SWITCH_NOSIMD += -mno-avx512f
HARD_SWITCH_MMX += -mno-avx512f
HARD_SWITCH_SSE2 += -mno-avx512f

4
client/cmdhflegic.c
View file

@ -251,7 +251,7 @@ int CmdLegicLoad(const char *Cmd)
fclose(f);
return -1;
}
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 0, 0}};
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {offset, 1, 0}};
int j; for(j = 0; j < 8; j++) {
c.d.asBytes[j] = data[j];
}
@ -351,7 +351,7 @@ int CmdLegicRfFill(const char *Cmd)
}
int i;
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 0, 0}};
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {0, 1, 0}};
for(i = 0; i < 48; i++) {
c.d.asBytes[i] = cmd.arg[2];
}

163
client/cmdhfmf.c
View file

@ -1783,65 +1783,69 @@ int CmdHF14AMfEKeyPrn(const char *Cmd)
int CmdHF14AMfCSetUID(const char *Cmd)
{
uint8_t wipeCard = 0;
uint8_t uid[8] = {0x00};
uint8_t oldUid[8] = {0x00};
uint8_t atqa[2] = {0x00};
uint8_t sak[1] = {0x00};
uint8_t atqaPresent = 1;
uint8_t atqaPresent = 0;
int res;
char ctmp;
int argi=0;
if (strlen(Cmd) < 1 || param_getchar(Cmd, argi) == 'h') {
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols] [w]");
PrintAndLog("sample: hf mf csetuid 01020304");
PrintAndLog("sample: hf mf csetuid 01020304 0004 08 w");
PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");
PrintAndLog("If you also want to wipe the card then add 'w' at the end of the command line.");
return 0;
}
uint8_t needHelp = 0;
char cmdp = 1;
if (param_getchar(Cmd, argi) && param_gethex(Cmd, argi, uid, 8)) {
if (param_getchar(Cmd, 0) && param_gethex(Cmd, 0, uid, 8)) {
PrintAndLog("UID must include 8 HEX symbols");
return 1;
}
argi++;
ctmp = param_getchar(Cmd, argi);
if (ctmp == 'w' || ctmp == 'W') {
wipeCard = 1;
atqaPresent = 0;
}
if (param_getlength(Cmd, 1) > 1 && param_getlength(Cmd, 2) > 1) {
atqaPresent = 1;
cmdp = 3;
if (atqaPresent) {
if (param_getchar(Cmd, argi)) {
if (param_gethex(Cmd, argi, atqa, 4)) {
PrintAndLog("ATQA must include 4 HEX symbols");
return 1;
}
argi++;
if (!param_getchar(Cmd, argi) || param_gethex(Cmd, argi, sak, 2)) {
PrintAndLog("SAK must include 2 HEX symbols");
return 1;
}
argi++;
} else
atqaPresent = 0;
}
if (param_gethex(Cmd, 1, atqa, 4)) {
PrintAndLog("ATQA must include 4 HEX symbols");
return 1;
}
if(!wipeCard) {
ctmp = param_getchar(Cmd, argi);
if (ctmp == 'w' || ctmp == 'W') {
wipeCard = 1;
if (param_gethex(Cmd, 2, sak, 2)) {
PrintAndLog("SAK must include 2 HEX symbols");
return 1;
}
}
PrintAndLog("--wipe card:%s uid:%s", (wipeCard)?"YES":"NO", sprint_hex(uid, 4));
while(param_getchar(Cmd, cmdp) != 0x00)
{
switch(param_getchar(Cmd, cmdp))
{
case 'h':
case 'H':
needHelp = 1;
break;
default:
PrintAndLog("ERROR: Unknown parameter '%c'", param_getchar(Cmd, cmdp));
needHelp = 1;
break;
}
cmdp++;
}
res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid, wipeCard);
if (strlen(Cmd) < 1 || needHelp) {
PrintAndLog("");
PrintAndLog("Usage: hf mf csetuid <UID 8 hex symbols> [ATQA 4 hex symbols SAK 2 hex symbols]");
PrintAndLog("sample: hf mf csetuid 01020304");
PrintAndLog("sample: hf mf csetuid 01020304 0004 08");
PrintAndLog("Set UID, ATQA, and SAK for magic Chinese card (only works with such cards)");
return 0;
}
PrintAndLog("uid:%s", sprint_hex(uid, 4));
if (atqaPresent) {
PrintAndLog("--atqa:%s sak:%02x", sprint_hex(atqa, 2), sak[0]);
}
res = mfCSetUID(uid, (atqaPresent)?atqa:NULL, (atqaPresent)?sak:NULL, oldUid);
if (res) {
PrintAndLog("Can't set UID. error=%d", res);
PrintAndLog("Can't set UID. Error=%d", res);
return 1;
}
@ -1850,6 +1854,80 @@ int CmdHF14AMfCSetUID(const char *Cmd)
return 0;
}
static int ParamGetCardSize(const char c) {
int numBlocks = 16 * 4;
switch (c) {
case '0' : numBlocks = 5 * 4; break;
case '2' : numBlocks = 32 * 4; break;
case '4' : numBlocks = 32 * 4 + 8 * 16; break;
default: numBlocks = 16 * 4;
}
return numBlocks;
}
int CmdHF14AMfCWipe(const char *Cmd)
{
int res, gen = 0;
int numBlocks = 16 * 4;
bool wipeCard = false;
bool fillCard = false;
if (strlen(Cmd) < 1 || param_getchar(Cmd, 0) == 'h') {
PrintAndLog("Usage: hf mf cwipe [card size] [w] [p]");
PrintAndLog("sample: hf mf cwipe 1 w s");
PrintAndLog("[card size]: 0 = 320 bytes (Mifare Mini), 1 = 1K (default), 2 = 2K, 4 = 4K");
PrintAndLog("w - Wipe magic Chinese card (only works with gen:1a cards)");
PrintAndLog("f - Fill the card with default data and keys (works with gen:1a and gen:1b cards only)");
return 0;
}
gen = mfCIdentify();
if ((gen != 1) && (gen != 2))
return 1;
numBlocks = ParamGetCardSize(param_getchar(Cmd, 0));
char cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00){
switch(param_getchar(Cmd, cmdp)) {
case 'w':
case 'W':
wipeCard = 1;
break;
case 'f':
case 'F':
fillCard = 1;
break;
default:
break;
}
cmdp++;
}
if (!wipeCard && !fillCard)
wipeCard = true;
PrintAndLog("--blocks count:%2d wipe:%c fill:%c", numBlocks, (wipeCard)?'y':'n', (fillCard)?'y':'n');
if (gen == 2) {
/* generation 1b magic card */
if (wipeCard) {
PrintAndLog("WARNING: can't wipe magic card 1b generation");
}
res = mfCWipe(numBlocks, true, false, fillCard);
} else {
/* generation 1a magic card by default */
res = mfCWipe(numBlocks, false, wipeCard, fillCard);
}
if (res) {
PrintAndLog("Can't wipe. error=%d", res);
return 1;
}
PrintAndLog("OK");
return 0;
}
int CmdHF14AMfCSetBlk(const char *Cmd)
{
uint8_t memBlock[16] = {0x00};
@ -1866,6 +1944,8 @@ int CmdHF14AMfCSetBlk(const char *Cmd)
}
gen = mfCIdentify();
if ((gen != 1) && (gen != 2))
return 1;
blockNo = param_get8(Cmd, 0);
@ -2398,6 +2478,7 @@ static command_t CommandTable[] =
{"esave", CmdHF14AMfESave, 0, "Save to file emul dump"},
{"ecfill", CmdHF14AMfECFill, 0, "Fill simulator memory with help of keys from simulator"},
{"ekeyprn", CmdHF14AMfEKeyPrn, 0, "Print keys from simulator memory"},
{"cwipe", CmdHF14AMfCWipe, 0, "Wipe magic Chinese card"},
{"csetuid", CmdHF14AMfCSetUID, 0, "Set UID for magic Chinese card"},
{"csetblk", CmdHF14AMfCSetBlk, 0, "Write block - Magic Chinese card"},
{"cgetblk", CmdHF14AMfCGetBlk, 0, "Read block - Magic Chinese card"},

1
client/cmdhfmf.h
View file

@ -34,6 +34,7 @@ extern int CmdHF14AMfELoad(const char* cmd);
extern int CmdHF14AMfESave(const char* cmd);
extern int CmdHF14AMfECFill(const char* cmd);
extern int CmdHF14AMfEKeyPrn(const char* cmd);
extern int CmdHF14AMfCWipe(const char* cmd);
extern int CmdHF14AMfCSetUID(const char* cmd);
extern int CmdHF14AMfCSetBlk(const char* cmd);
extern int CmdHF14AMfCGetBlk(const char* cmd);

2
client/cmdhfmfhard.c
View file

@ -72,7 +72,7 @@ static float brute_force_per_second;
static void get_SIMD_instruction_set(char* instruction_set) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) strcpy(instruction_set, "AVX512F");
else if (__builtin_cpu_supports("avx2")) strcpy(instruction_set, "AVX2");

3
client/cmdlf.c
View file

@ -411,13 +411,12 @@ int CmdLFSim(const char *Cmd)
sscanf(Cmd, "%i", &gap);
// convert to bitstream if necessary
ChkBitstream(Cmd);
//can send only 512 bits at a time (1 byte sent per bit...)
printf("Sending [%d bytes]", GraphTraceLen);
for (i = 0; i < GraphTraceLen; i += USB_CMD_DATA_SIZE) {
UsbCommand c={CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
UsbCommand c = {CMD_DOWNLOADED_SIM_SAMPLES_125K, {i, 0, 0}};
for (j = 0; j < USB_CMD_DATA_SIZE; j++) {
c.d.asBytes[j] = GraphBuffer[i+j];

14
client/cmdlfindala.c
View file

@ -40,10 +40,16 @@ int CmdIndalaDecode(const char *Cmd) {
}
uint8_t invert=0;
size_t size = DemodBufferLen;
int startIdx = indala26decode(DemodBuffer, &size, &invert);
if (startIdx < 0 || size > 224) {
if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
return -1;
int startIdx = indala64decode(DemodBuffer, &size, &invert);
if (startIdx < 0 || size != 64) {
// try 224 indala
invert = 0;
size = DemodBufferLen;
startIdx = indala224decode(DemodBuffer, &size, &invert);
if (startIdx < 0 || size != 224) {
if (g_debugMode) PrintAndLog("Error2: %i",startIdx);
return -1;
}
}
setDemodBuf(DemodBuffer, size, (size_t)startIdx);
setClockGrid(g_DemodClock, g_DemodStartIdx + (startIdx*g_DemodClock));

4
client/hardnested/hardnested_bf_core.c
View file

@ -551,7 +551,7 @@ bitslice_test_nonces_t *bitslice_test_nonces_function_p = &bitslice_test_nonces_
// determine the available instruction set at runtime and call the correct function
const uint64_t crack_states_bitsliced_dispatch(uint32_t cuid, uint8_t *best_first_bytes, statelist_t *p, uint32_t *keys_found, uint64_t *num_keys_tested, uint32_t nonces_to_bruteforce, uint8_t *bf_test_nonce_2nd_byte, noncelist_t *nonces) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX512;
else if (__builtin_cpu_supports("avx2")) crack_states_bitsliced_function_p = &crack_states_bitsliced_AVX2;
@ -572,7 +572,7 @@ const uint64_t crack_states_bitsliced_dispatch(uint32_t cuid, uint8_t *best_firs
void bitslice_test_nonces_dispatch(uint32_t nonces_to_bruteforce, uint32_t *bf_test_nonce, uint8_t *bf_test_nonce_par) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX512;
else if (__builtin_cpu_supports("avx2")) bitslice_test_nonces_function_p = &bitslice_test_nonces_AVX2;

26
client/hardnested/hardnested_bitarray_core.c
View file

@ -319,7 +319,7 @@ count_bitarray_AND4_t *count_bitarray_AND4_function_p = &count_bitarray_AND4_dis
// determine the available instruction set at runtime and call the correct function
uint32_t *malloc_bitarray_dispatch(uint32_t x) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) malloc_bitarray_function_p = &malloc_bitarray_AVX512;
else if (__builtin_cpu_supports("avx2")) malloc_bitarray_function_p = &malloc_bitarray_AVX2;
@ -340,7 +340,7 @@ uint32_t *malloc_bitarray_dispatch(uint32_t x) {
void free_bitarray_dispatch(uint32_t *x) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) free_bitarray_function_p = &free_bitarray_AVX512;
else if (__builtin_cpu_supports("avx2")) free_bitarray_function_p = &free_bitarray_AVX2;
@ -361,7 +361,7 @@ void free_bitarray_dispatch(uint32_t *x) {
uint32_t bitcount_dispatch(uint32_t a) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitcount_function_p = &bitcount_AVX512;
else if (__builtin_cpu_supports("avx2")) bitcount_function_p = &bitcount_AVX2;
@ -382,7 +382,7 @@ uint32_t bitcount_dispatch(uint32_t a) {
uint32_t count_states_dispatch(uint32_t *bitarray) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_states_function_p = &count_states_AVX512;
else if (__builtin_cpu_supports("avx2")) count_states_function_p = &count_states_AVX2;
@ -403,7 +403,7 @@ uint32_t count_states_dispatch(uint32_t *bitarray) {
void bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_AND_function_p = &bitarray_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_AND_function_p = &bitarray_AND_AVX2;
@ -424,7 +424,7 @@ void bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
void bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_low20_AND_function_p = &bitarray_low20_AND_AVX2;
@ -445,7 +445,7 @@ void bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND_function_p = &count_bitarray_AND_AVX2;
@ -466,7 +466,7 @@ uint32_t count_bitarray_AND_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_low20_AND_function_p = &count_bitarray_low20_AND_AVX2;
@ -487,7 +487,7 @@ uint32_t count_bitarray_low20_AND_dispatch(uint32_t *A, uint32_t *B) {
void bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_AND4_function_p = &bitarray_AND4_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_AND4_function_p = &bitarray_AND4_AVX2;
@ -508,7 +508,7 @@ void bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D)
void bitarray_OR_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) bitarray_OR_function_p = &bitarray_OR_AVX512;
else if (__builtin_cpu_supports("avx2")) bitarray_OR_function_p = &bitarray_OR_AVX2;
@ -529,7 +529,7 @@ void bitarray_OR_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_AND2_dispatch(uint32_t *A, uint32_t *B) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND2_function_p = &count_bitarray_AND2_AVX2;
@ -550,7 +550,7 @@ uint32_t count_bitarray_AND2_dispatch(uint32_t *A, uint32_t *B) {
uint32_t count_bitarray_AND3_dispatch(uint32_t *A, uint32_t *B, uint32_t *C) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND3_function_p = &count_bitarray_AND3_AVX2;
@ -571,7 +571,7 @@ uint32_t count_bitarray_AND3_dispatch(uint32_t *A, uint32_t *B, uint32_t *C) {
uint32_t count_bitarray_AND4_dispatch(uint32_t *A, uint32_t *B, uint32_t *C, uint32_t *D) {
#if defined (__i386__) || defined (__x86_64__)
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8))
#if !defined(__APPLE__) || (defined(__APPLE__) && (__clang_major__ > 8 || __clang_major__ == 8 && __clang_minor__ >= 1))
#if (__GNUC__ >= 5) && (__GNUC__ > 5 || __GNUC_MINOR__ > 2)
if (__builtin_cpu_supports("avx512f")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX512;
else if (__builtin_cpu_supports("avx2")) count_bitarray_AND4_function_p = &count_bitarray_AND4_AVX2;

161
client/mifarehost.c
View file

@ -396,7 +396,8 @@ int mfnested(uint8_t blockNo, uint8_t keyType, uint8_t *key, uint8_t trgBlockNo,
int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount) {
UsbCommand c = {CMD_MIFARE_EML_MEMGET, {blockNum, blocksCount, 0}};
SendCommand(&c);
UsbCommand resp;
UsbCommand resp;
if (!WaitForResponseTimeout(CMD_ACK,&resp,1500)) return 1;
memcpy(data, resp.d.asBytes, blocksCount * 16);
return 0;
@ -416,6 +417,7 @@ int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params) {
UsbCommand c = {CMD_MIFARE_CGETBLOCK, {params, 0, blockNo}};
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
isOK = resp.arg[0] & 0xff;
@ -434,8 +436,9 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uin
UsbCommand c = {CMD_MIFARE_CSETBLOCK, {wantWipe, params & (0xFE | (uid == NULL ? 0:1)), blockNo}};
memcpy(c.d.asBytes, data, 16);
SendCommand(&c);
UsbCommand resp;
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
if (WaitForResponseTimeout(CMD_ACK, &resp, 1500)) {
isOK = resp.arg[0] & 0xff;
if (uid != NULL)
memcpy(uid, resp.d.asBytes, 4);
@ -445,25 +448,40 @@ int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uin
PrintAndLog("Command execute timeout");
return 1;
}
return 0;
}
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe) {
int mfCWipe(uint32_t numSectors, bool gen1b, bool wantWipe, bool wantFill) {
uint8_t isOK = 0;
uint8_t cmdParams = wantWipe + wantFill * 0x02 + gen1b * 0x04;
UsbCommand c = {CMD_MIFARE_CWIPE, {numSectors, cmdParams, 0}};
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
isOK = resp.arg[0] & 0xff;
return isOK;
}
int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID) {
uint8_t oldblock0[16] = {0x00};
uint8_t block0[16] = {0x00};
int old, gen = 0;
int gen = 0, res;
gen = mfCIdentify();
/* generation 1a magic card by default */
uint8_t cmdParams = CSETBLOCK_SINGLE_OPER;
if (gen == 2) {
/* generation 1b magic card */
old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);
} else {
/* generation 1a magic card by default */
old = mfCGetBlock(0, oldblock0, CSETBLOCK_SINGLE_OPER);
cmdParams = CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B;
}
if (old == 0) {
res = mfCGetBlock(0, oldblock0, cmdParams);
if (res == 0) {
memcpy(block0, oldblock0, 16);
PrintAndLog("old block 0: %s", sprint_hex(block0,16));
} else {
@ -474,25 +492,73 @@ int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool w
// UID
memcpy(block0, uid, 4);
// Mifare UID BCC
block0[4] = block0[0]^block0[1]^block0[2]^block0[3];
block0[4] = block0[0] ^ block0[1] ^ block0[2] ^ block0[3];
// mifare classic SAK(byte 5) and ATQA(byte 6 and 7, reversed)
if (sak!=NULL)
block0[5]=sak[0];
if (atqa!=NULL) {
block0[6]=atqa[1];
block0[7]=atqa[0];
if (sak != NULL)
block0[5] = sak[0];
if (atqa != NULL) {
block0[6] = atqa[1];
block0[7] = atqa[0];
}
PrintAndLog("new block 0: %s", sprint_hex(block0,16));
PrintAndLog("new block 0: %s", sprint_hex(block0, 16));
if (gen == 2) {
/* generation 1b magic card */
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER | CSETBLOCK_MAGIC_1B);
} else {
/* generation 1a magic card by default */
return mfCSetBlock(0, block0, oldUID, wantWipe, CSETBLOCK_SINGLE_OPER);
res = mfCSetBlock(0, block0, oldUID, false, cmdParams);
if (res) {
PrintAndLog("Can't set block 0. Error: %d", res);
return res;
}
return 0;
}
int mfCIdentify()
{
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
iso14a_card_select_t card;
memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
if(select_status != 0) {
uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT;
c.arg[1] = 2;
c.arg[2] = 0;
memcpy(c.d.asBytes, rats, 2);
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
}
c.cmd = CMD_MIFARE_CIDENT;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
uint8_t isGeneration = resp.arg[0] & 0xff;
switch( isGeneration ){
case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;
case 2: PrintAndLog("Chinese magic backdoor command (GEN 1b) detected"); break;
default: PrintAndLog("No chinese magic backdoor command detected"); break;
}
// disconnect
c.cmd = CMD_READER_ISO_14443a;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
return (int) isGeneration;
}
// SNIFFER
// constants
@ -531,7 +597,7 @@ int isBlockEmpty(int blockN) {
}
int isBlockTrailer(int blockN) {
return ((blockN & 0x03) == 0x03);
return ((blockN & 0x03) == 0x03);
}
int saveTraceCard(void) {
@ -593,6 +659,7 @@ int loadTraceCard(uint8_t *tuid) {
blockNum++;
}
fclose(f);
return 0;
}
@ -613,6 +680,7 @@ int mfTraceInit(uint8_t *tuid, uint8_t *atqa, uint8_t sak, bool wantSaveToEmlFil
uid = bytes_to_num(tuid + 3, 4);
traceState = TRACE_IDLE;
return 0;
}
@ -815,6 +883,8 @@ int mfTraceDecode(uint8_t *data_src, int len, bool wantSaveToEmlFile) {
return 0;
}
// DECODING
int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len){
/*
uint32_t nt; // tag challenge
@ -835,48 +905,3 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
return 0;
}
int mfCIdentify()
{
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
iso14a_card_select_t card;
memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
if(select_status != 0) {
uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT;
c.arg[1] = 2;
c.arg[2] = 0;
memcpy(c.d.asBytes, rats, 2);
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
}
c.cmd = CMD_MIFARE_CIDENT;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
uint8_t isGeneration = resp.arg[0] & 0xff;
switch( isGeneration ){
case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;
case 2: PrintAndLog("Chinese magic backdoor command (GEN 1b) detected"); break;
default: PrintAndLog("No chinese magic backdoor command detected"); break;
}
// disconnect
c.cmd = CMD_READER_ISO_14443a;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
return (int) isGeneration;
}

3
client/mifarehost.h
View file

@ -33,7 +33,8 @@ extern int mfCheckKeys (uint8_t blockNo, uint8_t keyType, bool clear_trace, uint
extern int mfEmlGetMem(uint8_t *data, int blockNum, int blocksCount);
extern int mfEmlSetMem(uint8_t *data, int blockNum, int blocksCount);
extern int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID, bool wantWipe);
extern int mfCWipe(uint32_t numSectors, bool gen1b, bool wantWipe, bool wantFill);
extern int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID);
extern int mfCSetBlock(uint8_t blockNo, uint8_t *data, uint8_t *uid, bool wantWipe, uint8_t params);
extern int mfCGetBlock(uint8_t blockNo, uint8_t *data, uint8_t params);

14
client/proxmark3.c
View file

@ -274,8 +274,22 @@ int main(int argc, char* argv[]) {
pthread_mutex_init(&print_lock, NULL);
#ifdef HAVE_GUI
#ifdef _WIN32
InitGraphics(argc, argv, script_cmds_file, usb_present);
MainGraphics();
#else
char* display = getenv("DISPLAY");
if (display && strlen(display) > 1)
{
InitGraphics(argc, argv, script_cmds_file, usb_present);
MainGraphics();
}
else
{
main_loop(script_cmds_file, usb_present);
}
#endif
#else
main_loop(script_cmds_file, usb_present);
#endif

11
client/util.c
View file

@ -322,7 +322,7 @@ char * printBits(size_t const size, void const * const ptr)
// -------------------------------------------------------------------------
// line - param line
// bg, en - symbol numbers in param line of beginning an ending parameter
// bg, en - symbol numbers in param line of beginning and ending parameter
// paramnum - param number (from 0)
// -------------------------------------------------------------------------
int param_getptr(const char *line, int *bg, int *en, int paramnum)
@ -355,6 +355,15 @@ int param_getptr(const char *line, int *bg, int *en, int paramnum)
}
int param_getlength(const char *line, int paramnum)
{
int bg, en;
if (param_getptr(line, &bg, &en, paramnum)) return 0;
return en - bg + 1;
}
char param_getchar(const char *line, int paramnum)
{
int bg, en;

1
client/util.h
View file

@ -51,6 +51,7 @@ extern uint32_t SwapBits(uint32_t value, int nrbits);
extern uint8_t *SwapEndian64(const uint8_t *src, const size_t len, const uint8_t blockSize);
extern void SwapEndian64ex(const uint8_t *src, const size_t len, const uint8_t blockSize, uint8_t *dest);
extern int param_getlength(const char *line, int paramnum);
extern char param_getchar(const char *line, int paramnum);
extern int param_getptr(const char *line, int *bg, int *en, int paramnum);
extern uint8_t param_get8(const char *line, int paramnum);

51
common/lfdemod.c
View file

@ -1777,22 +1777,53 @@ int IOdemodFSK(uint8_t *dest, size_t size, int *waveStartIdx) {
}
// redesigned by marshmellow adjusted from existing decode functions
// indala id decoding - only tested on 26 bit tags, but attempted to make it work for more
int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
//26 bit 40134 format (don't know other formats)
uint8_t preamble[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
uint8_t preamble_i[] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0};
// indala id decoding
int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
//standard 64 bit indala formats including 26 bit 40134 format
uint8_t preamble64[] = {1,0,1,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 1};
uint8_t preamble64_i[] = {0,1,0,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 0};
size_t startidx = 0;
if (!preambleSearch(bitStream, preamble, sizeof(preamble), size, &startidx)){
// if didn't find preamble try again inverting
if (!preambleSearch(bitStream, preamble_i, sizeof(preamble_i), size, &startidx)) return -1;
size_t found_size = *size;
bool found = preambleSearch(bitStream, preamble64, sizeof(preamble64), &found_size, &startidx);
if (!found) {
found = preambleSearch(bitStream, preamble64_i, sizeof(preamble64_i), &found_size, &startidx);
if (!found) return -1;
*invert ^= 1;
}
if (*size != 64 && *size != 224) return -2;
if (found_size != 64) return -2;
if (*invert==1)
for (size_t i = startidx; i < *size + startidx; i++)
for (size_t i = startidx; i < found_size + startidx; i++)
bitStream[i] ^= 1;
// note: don't change *size until we are sure we got it...
*size = found_size;
return (int) startidx;
}
int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert) {
//large 224 bit indala formats (different preamble too...)
uint8_t preamble224[] = {1,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,1};
uint8_t preamble224_i[] = {0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,0};
size_t startidx = 0;
size_t found_size = *size;
bool found = preambleSearch(bitStream, preamble224, sizeof(preamble224), &found_size, &startidx);
if (!found) {
found = preambleSearch(bitStream, preamble224_i, sizeof(preamble224_i), &found_size, &startidx);
if (!found) return -1;
*invert ^= 1;
}
if (found_size != 224) return -2;
if (*invert==1 && startidx > 0)
for (size_t i = startidx-1; i < found_size + startidx + 2; i++)
bitStream[i] ^= 1;
// 224 formats are typically PSK2 (afaik 2017 Marshmellow)
// note loses 1 bit at beginning of transformation...
// don't need to verify array is big enough as to get here there has to be a full preamble after all of our data
psk1TOpsk2(bitStream + (startidx-1), found_size+2);
startidx++;
*size = found_size;
return (int) startidx;
}

3
common/lfdemod.h
View file

@ -54,7 +54,8 @@ extern int FDXBdemodBI(uint8_t *dest, size_t *size);
extern int gProxII_Demod(uint8_t BitStream[], size_t *size);
extern int HIDdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
extern int IOdemodFSK(uint8_t *dest, size_t size, int *waveStartIdx);
extern int indala26decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
extern int indala64decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
extern int indala224decode(uint8_t *bitStream, size_t *size, uint8_t *invert);
extern int ParadoxdemodFSK(uint8_t *dest, size_t *size, uint32_t *hi2, uint32_t *hi, uint32_t *lo, int *waveStartIdx);
extern int PrescoDemod(uint8_t *dest, size_t *size);
extern int PyramiddemodFSK(uint8_t *dest, size_t *size, int *waveStartIdx);

1
include/usb_cmd.h
View file

@ -175,6 +175,7 @@ typedef struct{
#define CMD_MIFARE_CSETBLOCK 0x0605
#define CMD_MIFARE_CGETBLOCK 0x0606
#define CMD_MIFARE_CIDENT 0x0607
#define CMD_MIFARE_CWIPE 0x0608
#define CMD_SIMULATE_MIFARE_CARD 0x0610