github/proxmark3
1
0
Fork 0
mirror of https://github.com/Proxmark/proxmark3.git synced 2025-08-14 02:26:59 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into fix_hfmfsim

Browse source
This commit is contained in:
pwpiwi 2017-11-02 21:37:42 +01:00
commit 82f4955245
16 changed files with 442 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -13,6 +13,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
- `hf mf nested` Check keys after they have found (Merlok)
- `hf mf chk` Move main cycle to arm (Merlok)
- Changed proxmark command line parameter `flush` to `-f` or `-flush` (Merlok)
- Changed `hf 14a reader` to just reqest-anticilission-select sequence (Merlok)
### Fixed
- Changed start sequence in Qt mode (fix: short commands hangs main Qt thread) (Merlok)
@ -32,6 +33,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
- Added to proxmark command line parameters `w` - wait 20s for serial port (Merlok)
- Added to proxmark command line parameters `c` and `l` - execute command and lua script from command line (Merlok)
- Added to proxmark ability to execute commands from stdin (pipe) (Merlok)
- Added `hf 14a info` and moved there functionality from `hf 14a reader` (Merlok)
- Added to `hf 14a info` detection of weak prng from Iceman1001 fork (Merlok)
## [3.0.1][2017-06-08]

188
appveyor.yml
View file

@ -2,7 +2,29 @@ version: 3.0.1.{build}
image: Visual Studio 2017
clone_folder: C:\ProxSpace\pm3
init:
- ps: "$psversiontable\n#Get-ChildItem Env:\n\n$releasename=\"\"\n$env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)\nif ($env:appveyor_repo_tag -match \"true\"){\n $releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT_SHORT + \"]\" \n\nWrite-Host \"repository: $env:appveyor_repo_name branch:$env:APPVEYOR_REPO_BRANCH release: $releasename\" -ForegroundColor Yellow\nAdd-AppveyorMessage -Message \"[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)\" -Category Information -Details \"repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename\"\n\niex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))"
- ps: >-
$psversiontable
#Get-ChildItem Env:
$releasename=""
$env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)
if ($env:appveyor_repo_tag -match "true"){
$releasename=$env:APPVEYOR_REPO_TAG_NAME + "/"
}
$releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT_SHORT + "]"
Write-Host "repository: $env:appveyor_repo_name branch:$env:APPVEYOR_REPO_BRANCH release: $releasename" -ForegroundColor Yellow
Add-AppveyorMessage -Message "[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)" -Category Information -Details "repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename"
iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
clone_script:
- ps: >-
Write-Host "Removing ProxSpace..." -NoNewLine
@ -61,7 +83,88 @@ install:
}
}
build_script:
- ps: "$env:Path = \"C:\\ProxSpace\\msys\\bin;$env:Path\"\n\n#make\nbash -lc -i \"pwd;make all\"\n\n#some checks\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\proxmark3.exe)){\nthrow \"Main file proxmark3.exe not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\armsrc\\obj\\fullimage.elf)){\nthrow \"ARM file fullimage.elf not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z)){\nthrow \"Files in hardnested\\tables not exists.\"\n}\n\n#copy\nWrite-Host \"Copy release files...\" -NoNewLine -ForegroundColor Yellow\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\nCopy-Item C:\\ProxSpace\\pm3\\client\\*.exe C:\\ProxSpace\\Release\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\armsrc\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\bootrom\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\scripts\nCopy-Item C:\\ProxSpace\\pm3\\client\\scripts\\*.lua C:\\ProxSpace\\Release\\scripts\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\hardnested\\tables\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\*.bin C:\\ProxSpace\\Release\\hardnested\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z C:\\ProxSpace\\Release\\hardnested\\tables\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\n#archive and push\n$releasename=\"\"\nif ($env:appveyor_repo_tag -match \"true\"){\n$releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + \"]\" \n\nWrite-Host \"Archive and publish release files ($releasename)...\" -NoNewLine -ForegroundColor Yellow\ncd C:\\ProxSpace\n7z a release.zip C:\\ProxSpace\\Release\nPush-AppveyorArtifact release.zip -DeploymentName \"$releasename\"\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\nWrite-Host \"Builded...\" -ForegroundColor Yellow"
- ps: >-
$env:Path = "C:\ProxSpace\msys\bin;$env:Path"
#make
bash -lc -i "pwd;make all"
#some checks
if(!(Test-Path C:\ProxSpace\pm3\client\proxmark3.exe)){
throw "Main file proxmark3.exe not exists."
}
if(!(Test-Path C:\ProxSpace\pm3\armsrc\obj\fullimage.elf)){
throw "ARM file fullimage.elf not exists."
}
if(!(Test-Path C:\ProxSpace\pm3\client\hardnested\tables\*.bin.z)){
throw "Files in hardnested\tables not exists."
}
#copy
Write-Host "Copy release files..." -NoNewLine -ForegroundColor Yellow
New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release
Copy-Item C:\ProxSpace\pm3\client\*.exe C:\ProxSpace\Release
New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\arm
Copy-Item C:\ProxSpace\pm3\armsrc\obj\*.elf C:\ProxSpace\Release\arm
Copy-Item C:\ProxSpace\pm3\bootrom\obj\*.elf C:\ProxSpace\Release\arm
New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\scripts
Copy-Item C:\ProxSpace\pm3\client\scripts\*.lua C:\ProxSpace\Release\scripts
New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\hardnested\tables
Copy-Item C:\ProxSpace\pm3\client\hardnested\*.bin C:\ProxSpace\Release\hardnested
Copy-Item C:\ProxSpace\pm3\client\hardnested\tables\*.bin.z C:\ProxSpace\Release\hardnested\tables
Write-Host "[ OK ]" -ForegroundColor Green
#archive and push
$releasename=""
if ($env:appveyor_repo_tag -match "true"){
$releasename=$env:APPVEYOR_REPO_TAG_NAME + "/"
}
$releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + "]"
Write-Host "Archive and publish release files ($releasename)..." -NoNewLine -ForegroundColor Yellow
cd C:\ProxSpace
7z a release.zip C:\ProxSpace\Release
Push-AppveyorArtifact release.zip -DeploymentName "$releasename"
Write-Host "[ OK ]" -ForegroundColor Green
Write-Host "Builded..." -ForegroundColor Yellow
test_script:
- ps: >-
$env:Path = "C:\ProxSpace\msys\bin;$env:Path"
@ -71,12 +174,38 @@ test_script:
$global:TestsPassed=$true
$global:TestTime=[System.Environment]::TickCount
Function ExecTest($Name, $File, $Cmd, $CheckResult) {
#--- begin Job
$Job = Start-Job -ScriptBlock {
[bool]$res=$false
$TestTime=[System.Environment]::TickCount
$env:Path = "C:\ProxSpace\msys\bin;$env:Path"
Set-Location $using:PWD
$sb=[scriptblock]::Create("$using:Cmd")
#execute scriptblock
Write-host "Test [$using:Name] job: $using:Cmd"
$Cond=&$sb
Function ExecTest($Name, $File, $Cond) {
[bool]$res=$false;
if ($Cond -eq $null){
} ElseIf($using:CheckResult -ne $null) {
[String]$searchstr=""
if ($Cond -is [Object]){
ForEach($line in $Cond){
Write-host $line -ForegroundColor Gray
$searchstr += $line
}
}else{
Write-host "$Cond" -ForegroundColor Gray
$searchstr = $Cond
}
If($searchstr -like "*$using:CheckResult*") {
$res=$true
}
$Cond="*$using:CheckResult*"
} Else {
If (!($Cond -is [bool] -or $Cond -is [byte] -or $Cond -is [int16] -or $Cond -is [int32] -or $Cond -is [int64] -or $Cond -is [float])){
if ($Cond -is "String" -and $Cond -like "*passed*"){
@ -86,17 +215,38 @@ test_script:
$res= $true
}
} Else {
$res=$Cond;
$res=$Cond
}
}
If ($res) {
Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
Write-host "Result[$using:Name]: $Cond" -ForegroundColor Green
Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)"
}Else {
Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
Write-host "Result[$using:Name]: $Cond" -ForegroundColor Red
Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" -ErrorMessage "command:$using:Cmd`nresult:$Cond"
}
return $res
}
#--- end Job
[bool]$res=$false
# Wait 40 sec timeout for Job
if(Wait-Job $Job -Timeout 40){
$Results = $Job | Receive-Job
if($Results -like "true"){
$res=$true
}
} else {
Write-host "Test [$Name] timeout" -ForegroundColor Red
Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration 40000 -ErrorMessage "timeout"
}
Remove-Job -Force $Job
if(!$res){
$global:TestsPassed=$false
}
$global:TestTime=[System.Environment]::TickCount
}
@ -105,27 +255,27 @@ test_script:
#file test
ExecTest "proxmark3 exists" "proxmark3.exe" $(Test-Path C:\ProxSpace\Release\proxmark3.exe)
ExecTest "proxmark3 exists" "proxmark3.exe" {Test-Path C:\ProxSpace\Release\proxmark3.exe}
ExecTest "arm image exists" "\arm\fullimage1.elf" $(Test-Path C:\ProxSpace\Release\arm\fullimage.elf)
ExecTest "arm image exists" "\arm\fullimage1.elf" {Test-Path C:\ProxSpace\Release\arm\fullimage.elf}
ExecTest "bootrom exists" "bootrom.elf" $(Test-Path C:\ProxSpace\Release\arm\bootrom.elf)
ExecTest "bootrom exists" "bootrom.elf" {Test-Path C:\ProxSpace\Release\arm\bootrom.elf}
ExecTest "hardnested tables exists" "hardnested" $(Test-Path C:\ProxSpace\Release\hardnested\tables\*.z)
ExecTest "hardnested tables exists" "hardnested" {Test-Path C:\ProxSpace\Release\hardnested\tables\*.z}
ExecTest "release exists" "release.zip" $(Test-Path C:\ProxSpace\release.zip)
ExecTest "release exists" "release.zip" {Test-Path C:\ProxSpace\release.zip}
#proxmark logic tests
ExecTest "proxmark help" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed')
ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed'}
ExecTest "proxmark help hardnested" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed')
ExecTest "proxmark help hardnested" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed'}
ExecTest "hf mf offline text" "hf mf" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf' | grep -q at_enc && echo Passed || echo Failed")
ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf'"} "at_enc"
ExecTest "hf mf hardnested" "hf mf hardnested" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000' | grep -q 'found:' && echo Passed || echo Failed")
ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000'"} "found:"
if ($global:TestsPassed) {
@ -139,4 +289,4 @@ on_success:
on_failure:
- ps: Write-Host "Build error." -ForegroundColor Red
on_finish:
- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))

14
armsrc/iso14443a.c
View file

@ -1702,6 +1702,13 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
int cascade_level = 0;
int len;
// init card struct
if(p_hi14a_card) {
p_hi14a_card->uidlen = 0;
memset(p_hi14a_card->uid, 0, 10);
p_hi14a_card->ats_len = 0;
}
// Broadcast for a card, WUPA (0x52) will force response from all cards in the field
ReaderTransmitBitsPar(wupa, 7, NULL, NULL);
@ -1710,8 +1717,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
if(p_hi14a_card) {
memcpy(p_hi14a_card->atqa, resp, 2);
p_hi14a_card->uidlen = 0;
memset(p_hi14a_card->uid,0,10);
}
if (anticollision) {
@ -1817,10 +1822,9 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
if(p_hi14a_card) {
p_hi14a_card->sak = sak;
p_hi14a_card->ats_len = 0;
}
// non iso14443a compliant tag
// PICC compilant with iso14443a-4 ---> (SAK & 0x20 != 0)
if( (sak & 0x20) == 0) return 2;
if (!no_rats) {
@ -1912,7 +1916,7 @@ void ReaderIso14443a(UsbCommand *c)
size_t lenbits = c->arg[1] >> 16;
uint32_t timeout = c->arg[2];
uint32_t arg0 = 0;
byte_t buf[USB_CMD_DATA_SIZE];
byte_t buf[USB_CMD_DATA_SIZE] = {0};
uint8_t par[MAX_PARITY_SIZE];
if(param & ISO14A_CONNECT) {

15
armsrc/mifarecmd.c
View file

@ -1510,6 +1510,14 @@ void MifareCIdent(){
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
LED_A_ON();
LED_B_OFF();
LED_C_OFF();
iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
clear_trace();
set_tracing(true);
ReaderTransmitBitsPar(wupC1,7,0, NULL);
if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == 0x0a)) {
@ -1523,8 +1531,13 @@ void MifareCIdent(){
// From iceman1001: removed the if, since some magic tags misbehavies and send an answer to it.
mifare_classic_halt(NULL, 0);
LED_B_ON();
cmd_send(CMD_ACK,isOK,0,0,0,0);
LED_B_OFF();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LEDsoff();
}
//

2
client/cmdhf.c
View file

@ -663,7 +663,7 @@ int CmdHFList(const char *Cmd)
int CmdHFSearch(const char *Cmd){
int ans = 0;
PrintAndLog("");
ans = CmdHF14AReader("s");
ans = CmdHF14AInfo("s");
if (ans > 0) {
PrintAndLog("\nValid ISO14443A Tag Found - Quiting Search\n");
return ans;

123
client/cmdhf14a.c
View file

@ -133,7 +133,80 @@ int CmdHF14AList(const char *Cmd)
return 0;
}
int CmdHF14AReader(const char *Cmd)
int CmdHF14AReader(const char *Cmd) {
uint32_t cm = ISO14A_CONNECT;
bool disconnectAfter = false;
int cmdp = 0;
while(param_getchar(Cmd, cmdp) != 0x00) {
switch(param_getchar(Cmd, cmdp)) {
case 'h':
case 'H':
PrintAndLog("Usage: hf 14a reader [d] [3]");
PrintAndLog(" d drop the signal field after command executed");
PrintAndLog(" x just drop the signal field");
PrintAndLog(" 3 ISO14443-3 select only (skip RATS)");
return 0;
case '3':
cm |= ISO14A_NO_RATS;
break;
case 'd':
case 'D':
disconnectAfter = true;
break;
case 'x':
case 'X':
disconnectAfter = true;
cm = cm - ISO14A_CONNECT;
break;
default:
PrintAndLog("Unknown command.");
return 1;
}
cmdp++;
}
if (!disconnectAfter)
cm |= ISO14A_NO_DISCONNECT;
UsbCommand c = {CMD_READER_ISO_14443a, {cm, 0, 0}};
SendCommand(&c);
if (ISO14A_CONNECT & cm) {
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
iso14a_card_select_t card;
memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
if(select_status == 0) {
PrintAndLog("iso14443a card select failed");
return 1;
}
if(select_status == 3) {
PrintAndLog("Card doesn't support standard iso14443-3 anticollision");
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
return 1;
}
PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
PrintAndLog(" ATS : %s", sprint_hex(card.ats, card.ats_len));
}
PrintAndLog("Card is selected. You can now start sending commands");
} else {
PrintAndLog("Field dropped.");
}
return 0;
}
int CmdHF14AInfo(const char *Cmd)
{
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
SendCommand(&c);
@ -171,8 +244,10 @@ int CmdHF14AReader(const char *Cmd)
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
bool isMifareClassic = true;
switch (card.sak) {
case 0x00:
isMifareClassic = false;
//***************************************test****************
// disconnect
@ -405,27 +480,21 @@ int CmdHF14AReader(const char *Cmd)
// try to see if card responses to "chinese magic backdoor" commands.
c.cmd = CMD_MIFARE_CIDENT;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
mfCIdentify();
uint8_t isGeneration = resp.arg[0] & 0xff;
switch( isGeneration ){
case 1: PrintAndLog("Answers to chinese magic backdoor commands (GEN 1a): YES"); break;
case 2: PrintAndLog("Answers to chinese magic backdoor commands (GEN 1b): YES"); break;
default: PrintAndLog("Answers to chinese magic backdoor commands: NO"); break;
if (isMifareClassic) {
switch(DetectClassicPrng()) {
case 0:
PrintAndLog("Prng detection: HARDEND (hardnested)");
break;
case 1:
PrintAndLog("Prng detection: WEAK");
break;
default:
PrintAndLog("Prng detection error.");
}
}
// disconnect
c.cmd = CMD_READER_ISO_14443a;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
return select_status;
}
@ -751,8 +820,17 @@ static void waitCmd(uint8_t iSelect)
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
recv = resp.d.asBytes;
uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
PrintAndLog("received %i octets", iLen);
uint8_t iLen = resp.arg[0];
if (iSelect){
iLen = resp.arg[1];
if (iLen){
PrintAndLog("Card selected. UID[%i]:", iLen);
} else {
PrintAndLog("Can't select card.");
}
} else {
PrintAndLog("received %i bytes:", iLen);
}
if(!iLen)
return;
hexout = (char *)malloc(iLen * 3 + 1);
@ -774,7 +852,8 @@ static command_t CommandTable[] =
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"},
{"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"},
{"reader", CmdHF14AReader, 0, "Start acting like an ISO14443 Type A reader"},
{"info", CmdHF14AInfo, 0, "Reads card and shows information about it"},
{"cuids", CmdHF14ACUIDs, 0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
{"sim", CmdHF14ASim, 0, "<UID> -- Simulate ISO 14443a tag"},
{"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"},

1
client/cmdhf14a.h
View file

@ -18,6 +18,7 @@ int CmdHF14A(const char *Cmd);
int CmdHF14AList(const char *Cmd);
int CmdHF14AMifare(const char *Cmd);
int CmdHF14AReader(const char *Cmd);
extern int CmdHF14AInfo(const char *Cmd);
int CmdHF14ASim(const char *Cmd);
int CmdHF14ASnoop(const char *Cmd);
char* getTagInfo(uint8_t uid);

26
client/cmdmain.c
View file

@ -8,6 +8,9 @@
// Main command parser entry point
//-----------------------------------------------------------------------------
#include "cmdmain.h"
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@ -21,7 +24,6 @@
#include "cmddata.h"
#include "cmdhw.h"
#include "cmdlf.h"
#include "cmdmain.h"
#include "util.h"
#include "util_posix.h"
#include "cmdscript.h"
@ -41,6 +43,8 @@ static UsbCommand cmdBuffer[CMD_BUFFER_SIZE];
static int cmd_head;//Starts as 0
//Points to the position of the last unread command
static int cmd_tail;//Starts as 0
// to lock cmdBuffer operations from different threads
static pthread_mutex_t cmdBufferMutex = PTHREAD_MUTEX_INITIALIZER;
static command_t CommandTable[] =
{
@ -86,7 +90,9 @@ int CmdRev(const char *Cmd)
void clearCommandBuffer()
{
//This is a very simple operation
pthread_mutex_lock(&cmdBufferMutex);
cmd_tail = cmd_head;
pthread_mutex_unlock(&cmdBufferMutex);
}
/**
@ -95,6 +101,7 @@ void clearCommandBuffer()
*/
void storeCommand(UsbCommand *command)
{
pthread_mutex_lock(&cmdBufferMutex);
if( ( cmd_head+1) % CMD_BUFFER_SIZE == cmd_tail)
{
//If these two are equal, we're about to overwrite in the
@ -106,6 +113,7 @@ void storeCommand(UsbCommand *command)
memcpy(destination, command, sizeof(UsbCommand));
cmd_head = (cmd_head +1) % CMD_BUFFER_SIZE; //increment head and wrap
pthread_mutex_unlock(&cmdBufferMutex);
}
@ -116,8 +124,10 @@ void storeCommand(UsbCommand *command)
*/
int getCommand(UsbCommand* response)
{
pthread_mutex_lock(&cmdBufferMutex);
//If head == tail, there's nothing to read, or if we just got initialized
if(cmd_head == cmd_tail){
pthread_mutex_unlock(&cmdBufferMutex);
return 0;
}
//Pick out the next unread command
@ -125,7 +135,7 @@ int getCommand(UsbCommand* response)
memcpy(response, last_unread, sizeof(UsbCommand));
//Increment tail - this is a circular buffer, so modulo buffer size
cmd_tail = (cmd_tail +1 ) % CMD_BUFFER_SIZE;
pthread_mutex_unlock(&cmdBufferMutex);
return 1;
}
@ -147,22 +157,28 @@ bool WaitForResponseTimeoutW(uint32_t cmd, UsbCommand* response, size_t ms_timeo
response = &resp;
}
uint64_t start_time = msclock();
// Wait until the command is received
for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
while (true) {
while(getCommand(response)) {
if(response->cmd == cmd){
return true;
}
}
msleep(10); // XXX ugh
if (dm_seconds == 200 && show_warning) { // Two seconds elapsed
if (msclock() - start_time > ms_timeout) {
break;
}
if (msclock() - start_time > 2000 && show_warning) {
PrintAndLog("Waiting for a response from the proxmark...");
PrintAndLog("Don't forget to cancel its operation first by pressing on the button");
break;
}
}
return false;
}
bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
return WaitForResponseTimeoutW(cmd, response, ms_timeout, true);
}

104
client/mifarehost.c
View file

@ -540,36 +540,12 @@ int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID) {
return 0;
}
int mfCIdentify()
{
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
int mfCIdentify() {
UsbCommand c = {CMD_MIFARE_CIDENT, {0, 0, 0}};
SendCommand(&c);
UsbCommand resp;
WaitForResponse(CMD_ACK,&resp);
// iso14a_card_select_t card;
// memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
// uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
// if(select_status != 0) {
// uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
// c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT;
// c.arg[1] = 2;
// c.arg[2] = 0;
// memcpy(c.d.asBytes, rats, 2);
// SendCommand(&c);
// WaitForResponse(CMD_ACK,&resp);
// }
c.cmd = CMD_MIFARE_CIDENT;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
WaitForResponse(CMD_ACK,&resp);
uint8_t isGeneration = resp.arg[0] & 0xff;
switch( isGeneration ){
case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;
@ -577,13 +553,6 @@ int mfCIdentify()
default: PrintAndLog("No chinese magic backdoor command detected"); break;
}
// disconnect
c.cmd = CMD_READER_ISO_14443a;
c.arg[0] = 0;
c.arg[1] = 0;
c.arg[2] = 0;
SendCommand(&c);
return (int) isGeneration;
}
@ -934,3 +903,72 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
return 0;
}
/** validate_prng_nonce
* Determine if nonce is deterministic. ie: Suspectable to Darkside attack.
* returns
* true = weak prng
* false = hardend prng
*/
bool validate_prng_nonce(uint32_t nonce) {
uint16_t *dist = 0;
uint16_t x, i;
dist = malloc(2 << 16);
if(!dist)
return -1;
// init prng table:
for (x = i = 1; i; ++i) {
dist[(x & 0xff) << 8 | x >> 8] = i;
x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15;
}
uint32_t res = (65535 - dist[nonce >> 16] + dist[nonce & 0xffff]) % 65535;
free(dist);
return (res == 16);
}
/* Detect Tag Prng,
* function performs a partial AUTH, where it tries to authenticate against block0, key A, but only collects tag nonce.
* the tag nonce is check to see if it has a predictable PRNG.
* @returns
* TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack)
* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
*/
int DetectClassicPrng(void){
UsbCommand resp, respA;
uint8_t cmd[] = {0x60, 0x00}; // MIFARE_AUTH_KEYA
uint32_t flags = ISO14A_CONNECT | ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_RATS;
UsbCommand c = {CMD_READER_ISO_14443a, {flags, sizeof(cmd), 0}};
memcpy(c.d.asBytes, cmd, sizeof(cmd));
clearCommandBuffer();
SendCommand(&c);
if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
PrintAndLog("PRNG UID: Reply timeout.");
return -1;
}
// if select tag failed.
if (resp.arg[0] == 0) {
PrintAndLog("PRNG error: selecting tag failed, can't detect prng.");
return -1;
}
if (!WaitForResponseTimeout(CMD_ACK, &respA, 5000)) {
PrintAndLog("PRNG data: Reply timeout.");
return -1;
}
// check respA
if (respA.arg[0] != 4) {
PrintAndLog("PRNG data error: Wrong length: %d", respA.arg[0]);
return -1;
}
uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]);
return validate_prng_nonce(nonce);
}

1
client/mifarehost.h
View file

@ -60,5 +60,6 @@ extern int saveTraceCard(void);
extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);
extern int mfCIdentify();
extern int DetectClassicPrng(void);
#endif

5
client/proxmark3.c
View file

@ -73,12 +73,11 @@ static void *uart_receiver(void *targ) {
while (arg->run) {
rxlen = 0;
if (uart_receive(sp, prx, sizeof(UsbCommand) - (prx-rx), &rxlen)) {
if (uart_receive(sp, prx, sizeof(UsbCommand) - (prx-rx), &rxlen) && rxlen) {
prx += rxlen;
if (prx-rx < sizeof(UsbCommand)) {
continue;
}
UsbCommandReceived((UsbCommand*)rx);
}
prx = rx;
@ -356,11 +355,13 @@ int main(int argc, char* argv[]) {
sp = uart_open(argv[1]);
} else {
printf("Waiting for Proxmark to appear on %s ", argv[1]);
fflush(stdout);
int openCount = 0;
do {
sp = uart_open(argv[1]);
msleep(1000);
printf(".");
fflush(stdout);
} while(++openCount < 20 && (sp == INVALID_SERIAL_PORT || sp == CLAIMED_SERIAL_PORT));
printf("\n");
}

1
common/crapto1/crapto1.c
View file

@ -426,7 +426,6 @@ int nonce_distance(uint32_t from, uint32_t to)
return (65535 + dist[to >> 16] - dist[from >> 16]) % 65535;
}
static uint32_t fastfwd[2][8] = {
{ 0, 0x4BC53, 0xECB1, 0x450E2, 0x25E29, 0x6E27A, 0x2B298, 0x60ECB},
{ 0, 0x1D962, 0x4BC53, 0x56531, 0xECB1, 0x135D3, 0x450E2, 0x58980}};

33
common/usb_cdc.c
View file

@ -44,6 +44,11 @@
#define AT91C_EP_OUT_SIZE 0x40
#define AT91C_EP_IN_SIZE 0x40
// Language must always be 0.
#define STR_LANGUAGE_CODES 0x00
#define STR_MANUFACTURER 0x01
#define STR_PRODUCT 0x02
static const char devDescriptor[] = {
/* Device descriptor */
0x12, // bLength
@ -56,8 +61,8 @@ static const char devDescriptor[] = {
0xc4,0x9a, // Vendor ID (0x9ac4 = J. Westhues)
0x8f,0x4b, // Product ID (0x4b8f = Proxmark-3 RFID Instrument)
0x01,0x00, // Device release number (0001)
0x01, // iManufacturer
0x02, // iProduct
STR_MANUFACTURER, // iManufacturer
STR_PRODUCT, // iProduct
0x00, // iSerialNumber
0x01 // bNumConfigs
};
@ -157,7 +162,9 @@ static const char StrDescLanguageCodes[] = {
0x03, // Type is string
0x09, 0x04 // supported language Code 0 = 0x0409 (English)
};
// Note: ModemManager (Linux) ignores Proxmark3 devices by matching the
// manufacturer string "proxmark.org". Don't change this.
static const char StrDescManufacturer[] = {
26, // Length
0x03, // Type is string
@ -182,20 +189,18 @@ static const char StrDescProduct[] = {
'M', 0x00,
'3', 0x00
};
static const char* const pStrings[] =
{
StrDescLanguageCodes,
StrDescManufacturer,
StrDescProduct
};
const char* getStringDescriptor(uint8_t idx)
{
if(idx >= (sizeof(pStrings) / sizeof(pStrings[0]))) {
return(NULL);
} else {
return(pStrings[idx]);
switch (idx) {
case STR_LANGUAGE_CODES:
return StrDescLanguageCodes;
case STR_MANUFACTURER:
return StrDescManufacturer;
case STR_PRODUCT:
return StrDescProduct;
default:
return NULL;
}
}

31
fpga/hi_read_rx_xcorr.v
View file

@ -34,13 +34,13 @@ always @(negedge ck_1356megb)
(* clock_signal = "yes" *) reg adc_clk; // sample frequency, always 16 * fc
always @(ck_1356megb, xcorr_is_848, xcorr_quarter_freq, fc_div)
if (xcorr_is_848 & ~xcorr_quarter_freq) // fc = 847.5 kHz
if (xcorr_is_848 & ~xcorr_quarter_freq) // fc = 847.5 kHz, standard ISO14443B
adc_clk <= ck_1356megb;
else if (~xcorr_is_848 & ~xcorr_quarter_freq) // fc = 424.25 kHz
else if (~xcorr_is_848 & ~xcorr_quarter_freq) // fc = 423.75 kHz
adc_clk <= fc_div[0];
else if (xcorr_is_848 & xcorr_quarter_freq) // fc = 212.125 kHz
else if (xcorr_is_848 & xcorr_quarter_freq) // fc = 211.875 kHz
adc_clk <= fc_div[1];
else // fc = 106.0625 kHz
else // fc = 105.9375 kHz
adc_clk <= fc_div[2];
// When we're a reader, we just need to do the BPSK demod; but when we're an
@ -69,13 +69,16 @@ begin
end
end
// Let us report a correlation every 4 subcarrier cycles, or 4*16 samples,
// Let us report a correlation every 4 subcarrier cycles, or 4*16=64 samples,
// so we need a 6-bit counter.
reg [5:0] corr_i_cnt;
// And a couple of registers in which to accumulate the correlations.
// we would add/sub at most 32 times adc_d, the signed result can be held in 14 bits.
reg signed [13:0] corr_i_accum;
reg signed [13:0] corr_q_accum;
// We would add at most 32 times the difference between unmodulated and modulated signal. It should
// be safe to assume that a tag will not be able to modulate the carrier signal by more than 25%.
// 32 * 255 * 0,25 = 2040, which can be held in 11 bits. Add 1 bit for sign.
reg signed [11:0] corr_i_accum;
reg signed [11:0] corr_q_accum;
// we will report maximum 8 significant bits
reg signed [7:0] corr_i_out;
reg signed [7:0] corr_q_out;
// clock and frame signal for communication to ARM
@ -99,16 +102,16 @@ begin
begin
if(snoop)
begin
// Send only 7 most significant bits of tag signal (signed), LSB is reader signal:
corr_i_out <= {corr_i_accum[13:7], after_hysteresis_prev_prev};
corr_q_out <= {corr_q_accum[13:7], after_hysteresis_prev};
// Send 7 most significant bits of tag signal (signed), plus 1 bit reader signal
corr_i_out <= {corr_i_accum[11:5], after_hysteresis_prev_prev};
corr_q_out <= {corr_q_accum[11:5], after_hysteresis_prev};
after_hysteresis_prev_prev <= after_hysteresis;
end
else
begin
// 8 most significant bits of tag signal
corr_i_out <= corr_i_accum[13:6];
corr_q_out <= corr_q_accum[13:6];
// 8 bits of tag signal
corr_i_out <= corr_i_accum[11:4];
corr_q_out <= corr_q_accum[11:4];
end
corr_i_accum <= adc_d;

16
fpga/hi_read_tx.v
View file

@ -24,33 +24,36 @@ module hi_read_tx(
output dbg;
input shallow_modulation;
// low frequency outputs, not relevant
assign pwr_lo = 1'b0;
assign pwr_oe2 = 1'b0;
// The high-frequency stuff. For now, for testing, just bring out the carrier,
// and allow the ARM to modulate it over the SSP.
reg pwr_hi;
reg pwr_oe1;
reg pwr_oe2;
reg pwr_oe3;
reg pwr_oe4;
always @(ck_1356megb or ssp_dout or shallow_modulation)
begin
if(shallow_modulation)
begin
pwr_hi <= ck_1356megb;
pwr_oe1 <= ~ssp_dout;
pwr_oe2 <= ~ssp_dout;
pwr_oe3 <= ~ssp_dout;
pwr_oe4 <= 1'b0;
pwr_oe1 <= 1'b0;
pwr_oe3 <= 1'b0;
pwr_oe4 <= ~ssp_dout;
end
else
begin
pwr_hi <= ck_1356megb & ssp_dout;
pwr_oe1 <= 1'b0;
pwr_oe2 <= 1'b0;
pwr_oe3 <= 1'b0;
pwr_oe4 <= 1'b0;
end
end
// Then just divide the 13.56 MHz clock down to produce appropriate clocks
// for the synchronous serial port.
@ -83,7 +86,6 @@ end
assign ssp_din = after_hysteresis;
assign pwr_lo = 1'b0;
assign dbg = ssp_din;
endmodule

8
uart/uart_win32.c
View file

@ -107,15 +107,13 @@ void uart_close(const serial_port sp) {
free(sp);
}
bool uart_receive(const serial_port sp, byte_t* pbtRx, size_t pszMaxRxLen, size_t* pszRxLen) {
ReadFile(((serial_port_windows*)sp)->hPort,pbtRx,pszMaxRxLen,(LPDWORD)pszRxLen,NULL);
return (*pszRxLen != 0);
bool uart_receive(const serial_port sp, byte_t *pbtRx, size_t pszMaxRxLen, size_t *pszRxLen) {
return ReadFile(((serial_port_windows*)sp)->hPort, pbtRx, pszMaxRxLen, (LPDWORD)pszRxLen, NULL);
}
bool uart_send(const serial_port sp, const byte_t* pbtTx, const size_t szTxLen) {
DWORD dwTxLen = 0;
return WriteFile(((serial_port_windows*)sp)->hPort,pbtTx,szTxLen,&dwTxLen,NULL);
return (dwTxLen != 0);
return WriteFile(((serial_port_windows*)sp)->hPort, pbtTx, szTxLen, &dwTxLen, NULL);
}
bool uart_set_speed(serial_port sp, const uint32_t uiPortSpeed) {