Merge branch 'master' into fix_hfmfsim

2025-08-19 04:49:38 -07:00 · 2017-11-02 21:37:42 +01:00 · 2017-11-02 21:37:42 +01:00 · 82f4955245
commit 82f4955245
parent b35e04a7c6 75e42ef5df
16 changed files with 442 additions and 129 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 - `hf mf nested` Check keys after they have found (Merlok)
 - `hf mf chk` Move main cycle to arm (Merlok)
 - Changed proxmark command line parameter `flush` to `-f` or `-flush` (Merlok)
 - Changed `hf 14a reader` to just reqest-anticilission-select sequence (Merlok)
 ### Fixed
 - Changed start sequence in Qt mode (fix: short commands hangs main Qt thread) (Merlok)
@ -32,6 +33,8 @@ This project uses the changelog in accordance with [keepchangelog](http://keepac
 - Added to proxmark command line parameters `w` - wait 20s for serial port (Merlok)
 - Added to proxmark command line parameters `c` and `l` - execute command and lua script from command line (Merlok)
 - Added to proxmark ability to execute commands from stdin (pipe) (Merlok)
 - Added `hf 14a info` and moved there functionality from `hf 14a reader` (Merlok)
 - Added to `hf 14a info` detection of weak prng from Iceman1001 fork (Merlok)
 ## [3.0.1][2017-06-08]
--- a/appveyor.yml
+++ b/appveyor.yml
@ -2,7 +2,29 @@ version: 3.0.1.{build}
 image: Visual Studio 2017
 clone_folder: C:\ProxSpace\pm3
 init:
- ps: "$psversiontable\n#Get-ChildItem Env:\n\n$releasename=\"\"\n$env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)\nif ($env:appveyor_repo_tag -match \"true\"){\n  $releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT_SHORT + \"]\" \n\nWrite-Host \"repository: $env:appveyor_repo_name branch:$env:APPVEYOR_REPO_BRANCH release: $releasename\" -ForegroundColor Yellow\nAdd-AppveyorMessage -Message \"[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)\" -Category Information -Details \"repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename\"\n\niex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))"
+- ps: >-
    $psversiontable
    #Get-ChildItem Env:
    $releasename=""
    $env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)
    if ($env:appveyor_repo_tag -match "true"){
      $releasename=$env:APPVEYOR_REPO_TAG_NAME + "/"
    }
    $releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT_SHORT + "]"
    Write-Host "repository: $env:appveyor_repo_name branch:$env:APPVEYOR_REPO_BRANCH release: $releasename" -ForegroundColor Yellow
    Add-AppveyorMessage -Message "[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)" -Category Information -Details "repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename"
    iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
 clone_script:
 - ps: >-
    Write-Host "Removing ProxSpace..." -NoNewLine
@ -61,7 +83,88 @@ install:
              }
            }
 build_script:
- ps: "$env:Path = \"C:\\ProxSpace\\msys\\bin;$env:Path\"\n\n#make\nbash -lc -i \"pwd;make all\"\n\n#some checks\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\proxmark3.exe)){\nthrow \"Main file proxmark3.exe not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\armsrc\\obj\\fullimage.elf)){\nthrow \"ARM file fullimage.elf not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z)){\nthrow \"Files in hardnested\\tables not exists.\"\n}\n\n#copy\nWrite-Host \"Copy release files...\" -NoNewLine -ForegroundColor Yellow\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\nCopy-Item C:\\ProxSpace\\pm3\\client\\*.exe C:\\ProxSpace\\Release\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\armsrc\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\bootrom\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\scripts\nCopy-Item C:\\ProxSpace\\pm3\\client\\scripts\\*.lua C:\\ProxSpace\\Release\\scripts\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\hardnested\\tables\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\*.bin C:\\ProxSpace\\Release\\hardnested\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z C:\\ProxSpace\\Release\\hardnested\\tables\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\n#archive and push\n$releasename=\"\"\nif ($env:appveyor_repo_tag -match \"true\"){\n$releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + \"]\" \n\nWrite-Host \"Archive and publish release files ($releasename)...\" -NoNewLine -ForegroundColor Yellow\ncd C:\\ProxSpace\n7z a release.zip C:\\ProxSpace\\Release\nPush-AppveyorArtifact release.zip -DeploymentName \"$releasename\"\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\nWrite-Host \"Builded...\" -ForegroundColor Yellow"
+- ps: >-
    $env:Path = "C:\ProxSpace\msys\bin;$env:Path"
    #make
    bash -lc -i "pwd;make all"
    #some checks
    if(!(Test-Path C:\ProxSpace\pm3\client\proxmark3.exe)){
    throw "Main file proxmark3.exe not exists."
    }
    if(!(Test-Path C:\ProxSpace\pm3\armsrc\obj\fullimage.elf)){
    throw "ARM file fullimage.elf not exists."
    }
    if(!(Test-Path C:\ProxSpace\pm3\client\hardnested\tables\*.bin.z)){
    throw "Files in hardnested\tables not exists."
    }
    #copy
    Write-Host "Copy release files..." -NoNewLine -ForegroundColor Yellow
    New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release
    Copy-Item C:\ProxSpace\pm3\client\*.exe C:\ProxSpace\Release
    New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\arm
    Copy-Item C:\ProxSpace\pm3\armsrc\obj\*.elf C:\ProxSpace\Release\arm
    Copy-Item C:\ProxSpace\pm3\bootrom\obj\*.elf C:\ProxSpace\Release\arm
    New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\scripts
    Copy-Item C:\ProxSpace\pm3\client\scripts\*.lua C:\ProxSpace\Release\scripts
    New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\hardnested\tables
    Copy-Item C:\ProxSpace\pm3\client\hardnested\*.bin C:\ProxSpace\Release\hardnested
    Copy-Item C:\ProxSpace\pm3\client\hardnested\tables\*.bin.z C:\ProxSpace\Release\hardnested\tables
    Write-Host "[ OK ]" -ForegroundColor Green
    #archive and push
    $releasename=""
    if ($env:appveyor_repo_tag -match "true"){
    $releasename=$env:APPVEYOR_REPO_TAG_NAME + "/"
    }
    $releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + "]"
    Write-Host "Archive and publish release files ($releasename)..." -NoNewLine -ForegroundColor Yellow
    cd C:\ProxSpace
    7z a release.zip C:\ProxSpace\Release
    Push-AppveyorArtifact release.zip -DeploymentName "$releasename"
    Write-Host "[ OK ]" -ForegroundColor Green
    Write-Host "Builded..." -ForegroundColor Yellow
 test_script:
 - ps: >-
    $env:Path = "C:\ProxSpace\msys\bin;$env:Path"
@ -71,12 +174,38 @@ test_script:
    $global:TestsPassed=$true
    $global:TestTime=[System.Environment]::TickCount
    Function ExecTest($Name, $File, $Cmd, $CheckResult) {
    #--- begin Job
    $Job = Start-Job -ScriptBlock {
      [bool]$res=$false
      $TestTime=[System.Environment]::TickCount
      $env:Path = "C:\ProxSpace\msys\bin;$env:Path"
      Set-Location $using:PWD
      $sb=[scriptblock]::Create("$using:Cmd")
      #execute scriptblock
      Write-host "Test [$using:Name] job: $using:Cmd"
      $Cond=&$sb
    Function ExecTest($Name, $File, $Cond) {
      [bool]$res=$false;
      if ($Cond -eq $null){
      } ElseIf($using:CheckResult -ne $null) {
        [String]$searchstr=""
        if ($Cond -is [Object]){
          ForEach($line in $Cond){
            Write-host $line -ForegroundColor Gray
            $searchstr += $line
          }
        }else{
          Write-host "$Cond" -ForegroundColor Gray
          $searchstr = $Cond
        }
        If($searchstr -like "*$using:CheckResult*") {
          $res=$true
        }
        $Cond="*$using:CheckResult*"
      } Else {
        If (!($Cond -is [bool] -or $Cond -is [byte] -or $Cond -is [int16] -or $Cond -is [int32] -or $Cond -is [int64] -or $Cond -is [float])){
            if ($Cond -is "String" -and $Cond -like "*passed*"){
@ -86,17 +215,38 @@ test_script:
              $res= $true
            }
        } Else {
-          $res=$Cond;
+          $res=$Cond
        }
      }
      If ($res) {
-        Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
+        Write-host "Result[$using:Name]: $Cond" -ForegroundColor Green
        Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)"
      }Else {
-        Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
+        Write-host "Result[$using:Name]: $Cond" -ForegroundColor Red
        Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" -ErrorMessage "command:$using:Cmd`nresult:$Cond"
      }
        return $res
    }
    #--- end Job
      [bool]$res=$false
      # Wait 40 sec timeout for Job
      if(Wait-Job $Job -Timeout 40){
        $Results = $Job | Receive-Job
        if($Results -like "true"){
          $res=$true
        }
      } else {
        Write-host "Test [$Name] timeout" -ForegroundColor Red
        Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration 40000 -ErrorMessage "timeout"
      }
      Remove-Job -Force $Job
      if(!$res){
        $global:TestsPassed=$false
      }
      $global:TestTime=[System.Environment]::TickCount
    }
@ -105,27 +255,27 @@ test_script:
    #file test
-    ExecTest "proxmark3 exists" "proxmark3.exe" $(Test-Path C:\ProxSpace\Release\proxmark3.exe)
+    ExecTest "proxmark3 exists" "proxmark3.exe" {Test-Path C:\ProxSpace\Release\proxmark3.exe}
-    ExecTest "arm image exists" "\arm\fullimage1.elf" $(Test-Path C:\ProxSpace\Release\arm\fullimage.elf)
+    ExecTest "arm image exists" "\arm\fullimage1.elf" {Test-Path C:\ProxSpace\Release\arm\fullimage.elf}
-    ExecTest "bootrom exists" "bootrom.elf" $(Test-Path C:\ProxSpace\Release\arm\bootrom.elf)
+    ExecTest "bootrom exists" "bootrom.elf" {Test-Path C:\ProxSpace\Release\arm\bootrom.elf}
-    ExecTest "hardnested tables exists" "hardnested" $(Test-Path C:\ProxSpace\Release\hardnested\tables\*.z)
+    ExecTest "hardnested tables exists" "hardnested" {Test-Path C:\ProxSpace\Release\hardnested\tables\*.z}
-    ExecTest "release exists" "release.zip" $(Test-Path C:\ProxSpace\release.zip)
+    ExecTest "release exists" "release.zip" {Test-Path C:\ProxSpace\release.zip}
    #proxmark logic tests
-    ExecTest "proxmark help" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed')
+    ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed'}
-    ExecTest "proxmark help hardnested" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed')
+    ExecTest "proxmark help hardnested" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed'}
-    ExecTest "hf mf offline text" "hf mf" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf' | grep -q at_enc && echo Passed || echo Failed")
+    ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf'"} "at_enc"
-    ExecTest "hf mf hardnested" "hf mf hardnested" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000' | grep -q 'found:' && echo Passed || echo Failed")
+    ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000'"} "found:"
    if ($global:TestsPassed) {
@ -139,4 +289,4 @@ on_success:
 on_failure:
 - ps: Write-Host "Build error." -ForegroundColor Red
 on_finish:
- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
+- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
--- a/armsrc/iso14443a.c
+++ b/armsrc/iso14443a.c
@ -1702,6 +1702,13 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 	int cascade_level = 0;
 	int len;
 	// init card struct
 	if(p_hi14a_card) {
 		p_hi14a_card->uidlen = 0;
 		memset(p_hi14a_card->uid, 0, 10);
 		p_hi14a_card->ats_len = 0;
 	}
 	// Broadcast for a card, WUPA (0x52) will force response from all cards in the field
    ReaderTransmitBitsPar(wupa, 7, NULL, NULL);
@ -1710,8 +1717,6 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 	if(p_hi14a_card) {
 		memcpy(p_hi14a_card->atqa, resp, 2);
 		p_hi14a_card->uidlen = 0;
 		memset(p_hi14a_card->uid,0,10);
 	}
 	if (anticollision) {
@ -1817,10 +1822,9 @@ int iso14443a_select_card(byte_t *uid_ptr, iso14a_card_select_t *p_hi14a_card, u
 	if(p_hi14a_card) {
 		p_hi14a_card->sak = sak;
 		p_hi14a_card->ats_len = 0;
 	}
-	// non iso14443a compliant tag
+	// PICC compilant with iso14443a-4 ---> (SAK & 0x20 != 0)
 	if( (sak & 0x20) == 0) return 2; 
 	if (!no_rats) {
@ -1912,7 +1916,7 @@ void ReaderIso14443a(UsbCommand *c)
 	size_t lenbits = c->arg[1] >> 16;
 	uint32_t timeout = c->arg[2];
 	uint32_t arg0 = 0;
-	byte_t buf[USB_CMD_DATA_SIZE];
+	byte_t buf[USB_CMD_DATA_SIZE] = {0};
 	uint8_t par[MAX_PARITY_SIZE];
 	if(param & ISO14A_CONNECT) {
--- a/armsrc/mifarecmd.c
+++ b/armsrc/mifarecmd.c
@ -1510,6 +1510,14 @@ void MifareCIdent(){
 	uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];
 	uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];
 	LED_A_ON();
 	LED_B_OFF();
 	LED_C_OFF();
 	iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);
 	clear_trace();
 	set_tracing(true);	
 	ReaderTransmitBitsPar(wupC1,7,0, NULL);
 	if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == 0x0a)) {
@ -1523,8 +1531,13 @@ void MifareCIdent(){
 	// From iceman1001: removed the if,  since some magic tags misbehavies and send an answer to it.
 	mifare_classic_halt(NULL, 0);
-
+	
 	LED_B_ON();
 	cmd_send(CMD_ACK,isOK,0,0,0,0);
 	LED_B_OFF();
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
 	LEDsoff();	
 }
 //
--- a/client/cmdhf.c
+++ b/client/cmdhf.c
@ -663,7 +663,7 @@ int CmdHFList(const char *Cmd)
 int CmdHFSearch(const char *Cmd){
 	int ans = 0;
 	PrintAndLog("");
-	ans = CmdHF14AReader("s");
+	ans = CmdHF14AInfo("s");
 	if (ans > 0) {
 		PrintAndLog("\nValid ISO14443A Tag Found - Quiting Search\n");
 		return ans;
--- a/client/cmdhf14a.c
+++ b/client/cmdhf14a.c
@ -133,7 +133,80 @@ int CmdHF14AList(const char *Cmd)
 	return 0;
 }
-int CmdHF14AReader(const char *Cmd)
+int CmdHF14AReader(const char *Cmd) {
 	uint32_t cm = ISO14A_CONNECT;
 	bool disconnectAfter = false;
 	int cmdp = 0;
 	while(param_getchar(Cmd, cmdp) != 0x00) {
 		switch(param_getchar(Cmd, cmdp)) {
 		case 'h':
 		case 'H':
 			PrintAndLog("Usage: hf 14a reader [d] [3]");
 			PrintAndLog("       d    drop the signal field after command executed");
 			PrintAndLog("       x    just drop the signal field");
 			PrintAndLog("       3    ISO14443-3 select only (skip RATS)");
 			return 0;
 		case '3':
 			cm |= ISO14A_NO_RATS; 
 			break;
 		case 'd':
 		case 'D':
 			disconnectAfter = true;
 			break;
 		case 'x':
 		case 'X':
 			disconnectAfter = true;
 			cm = cm - ISO14A_CONNECT;
 			break;
 		default:
 			PrintAndLog("Unknown command.");
 			return 1;
 		}	
 		cmdp++;
 	}
 	if (!disconnectAfter)
 		cm |= ISO14A_NO_DISCONNECT; 
 	UsbCommand c = {CMD_READER_ISO_14443a, {cm, 0, 0}};
 	SendCommand(&c);
 	if (ISO14A_CONNECT & cm) {
 		UsbCommand resp;
 		WaitForResponse(CMD_ACK,&resp);
 		iso14a_card_select_t card;
 		memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
 		uint64_t select_status = resp.arg[0];		// 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
 		if(select_status == 0) {
 			PrintAndLog("iso14443a card select failed");
 			return 1;
 		}
 		if(select_status == 3) {
 			PrintAndLog("Card doesn't support standard iso14443-3 anticollision");
 			PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
 			return 1;
 		}
 		PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
 		PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
 		PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
 		if(card.ats_len >= 3) {			// a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
 			PrintAndLog(" ATS : %s", sprint_hex(card.ats, card.ats_len));
 		}
 		PrintAndLog("Card is selected. You can now start sending commands");
 	} else {
 		PrintAndLog("Field dropped.");
 	}
 	return 0;
 }
 int CmdHF14AInfo(const char *Cmd)
 {
 	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
 	SendCommand(&c);
@ -171,8 +244,10 @@ int CmdHF14AReader(const char *Cmd)
 	PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
 	PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
 	bool isMifareClassic = true;
 	switch (card.sak) {
 		case 0x00: 
 			isMifareClassic = false;
 			//***************************************test****************
 			// disconnect
@ -405,27 +480,21 @@ int CmdHF14AReader(const char *Cmd)
 	// try to see if card responses to "chinese magic backdoor" commands.
-	c.cmd = CMD_MIFARE_CIDENT;
+	mfCIdentify();
 	c.arg[0] = 0;
 	c.arg[1] = 0;
 	c.arg[2] = 0;	
 	SendCommand(&c);
 	WaitForResponse(CMD_ACK,&resp);
-	uint8_t isGeneration = resp.arg[0] & 0xff;
+	if (isMifareClassic) {		
-	switch( isGeneration ){
+		switch(DetectClassicPrng()) {
-		case 1: PrintAndLog("Answers to chinese magic backdoor commands (GEN 1a): YES"); break;
+		case 0:
-		case 2: PrintAndLog("Answers to chinese magic backdoor commands (GEN 1b): YES"); break;
+			PrintAndLog("Prng detection: HARDEND (hardnested)");		
-		default: PrintAndLog("Answers to chinese magic backdoor commands: NO"); break;
+			break;
 		case 1:
 			PrintAndLog("Prng detection: WEAK");
 			break;
 		default:
 			PrintAndLog("Prng detection error.");		
 		}
 	}
 	// disconnect
 	c.cmd = CMD_READER_ISO_14443a;
 	c.arg[0] = 0;
 	c.arg[1] = 0;
 	c.arg[2] = 0;
 	SendCommand(&c);
 	return select_status;
 }
@ -751,8 +820,17 @@ static void waitCmd(uint8_t iSelect)
    if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
        recv = resp.d.asBytes;
-        uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
+        uint8_t iLen = resp.arg[0];
-        PrintAndLog("received %i octets", iLen);
+		if (iSelect){
 			iLen = resp.arg[1];
 			if (iLen){
 				PrintAndLog("Card selected. UID[%i]:", iLen);
 			} else {
 				PrintAndLog("Can't select card.");
 			}
 		} else {
 			PrintAndLog("received %i bytes:", iLen);
 		}
        if(!iLen)
            return;
        hexout = (char *)malloc(iLen * 3 + 1);
@ -774,7 +852,8 @@ static command_t CommandTable[] =
 {
  {"help",   CmdHelp,              1, "This help"},
  {"list",   CmdHF14AList,         0, "[Deprecated] List ISO 14443a history"},
-  {"reader", CmdHF14AReader,       0, "Act like an ISO14443 Type A reader"},
+  {"reader", CmdHF14AReader,       0, "Start acting like an ISO14443 Type A reader"},
  {"info",   CmdHF14AInfo,         0, "Reads card and shows information about it"},
  {"cuids",  CmdHF14ACUIDs,        0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
  {"sim",    CmdHF14ASim,          0, "<UID> -- Simulate ISO 14443a tag"},
  {"snoop",  CmdHF14ASnoop,        0, "Eavesdrop ISO 14443 Type A"},
--- a/client/cmdhf14a.h
+++ b/client/cmdhf14a.h
@ -18,6 +18,7 @@ int CmdHF14A(const char *Cmd);
 int CmdHF14AList(const char *Cmd);
 int CmdHF14AMifare(const char *Cmd);
 int CmdHF14AReader(const char *Cmd);
 extern int CmdHF14AInfo(const char *Cmd);
 int CmdHF14ASim(const char *Cmd);
 int CmdHF14ASnoop(const char *Cmd);
 char* getTagInfo(uint8_t uid);
--- a/client/cmdmain.c
+++ b/client/cmdmain.c
@ -8,6 +8,9 @@
 // Main command parser entry point
 //-----------------------------------------------------------------------------
 #include "cmdmain.h"
 #include <pthread.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@ -21,7 +24,6 @@
 #include "cmddata.h"
 #include "cmdhw.h"
 #include "cmdlf.h"
 #include "cmdmain.h"
 #include "util.h"
 #include "util_posix.h"
 #include "cmdscript.h"
@ -41,6 +43,8 @@ static UsbCommand cmdBuffer[CMD_BUFFER_SIZE];
 static int cmd_head;//Starts as 0
 //Points to the position of the last unread command
 static int cmd_tail;//Starts as 0
 // to lock cmdBuffer operations from different threads
 static pthread_mutex_t cmdBufferMutex = PTHREAD_MUTEX_INITIALIZER;
 static command_t CommandTable[] = 
 {
@ -86,7 +90,9 @@ int CmdRev(const char *Cmd)
 void clearCommandBuffer()
 {
    //This is a very simple operation
 	pthread_mutex_lock(&cmdBufferMutex);
    cmd_tail = cmd_head;
 	pthread_mutex_unlock(&cmdBufferMutex);
 }
 /**
@ -95,6 +101,7 @@ void clearCommandBuffer()
 */
 void storeCommand(UsbCommand *command)
 {
 	pthread_mutex_lock(&cmdBufferMutex);
    if( ( cmd_head+1) % CMD_BUFFER_SIZE == cmd_tail)
    {
        //If these two are equal, we're about to overwrite in the
@ -106,6 +113,7 @@ void storeCommand(UsbCommand *command)
    memcpy(destination, command, sizeof(UsbCommand));
    cmd_head = (cmd_head +1) % CMD_BUFFER_SIZE; //increment head and wrap
 	pthread_mutex_unlock(&cmdBufferMutex);
 }
@ -116,8 +124,10 @@ void storeCommand(UsbCommand *command)
 */
 int getCommand(UsbCommand* response)
 {
 	pthread_mutex_lock(&cmdBufferMutex);
    //If head == tail, there's nothing to read, or if we just got initialized
    if(cmd_head == cmd_tail){
 		pthread_mutex_unlock(&cmdBufferMutex);
        return 0;
    }
    //Pick out the next unread command
@ -125,7 +135,7 @@ int getCommand(UsbCommand* response)
    memcpy(response, last_unread, sizeof(UsbCommand));
    //Increment tail - this is a circular buffer, so modulo buffer size
    cmd_tail = (cmd_tail +1 ) % CMD_BUFFER_SIZE;
-
+	pthread_mutex_unlock(&cmdBufferMutex);
    return 1;
 }
@ -147,22 +157,28 @@ bool WaitForResponseTimeoutW(uint32_t cmd, UsbCommand* response, size_t ms_timeo
 		response = &resp;
 	}
 	uint64_t start_time = msclock();
 	// Wait until the command is received
-	for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
+	while (true) {
 		while(getCommand(response)) {
 			if(response->cmd == cmd){
 				return true;
 			}
 		}
-		msleep(10); // XXX ugh
+		if (msclock() - start_time > ms_timeout) {
-		if (dm_seconds == 200 && show_warning) { // Two seconds elapsed
+			break;
 		}
 		if (msclock() - start_time > 2000 && show_warning) {
 			PrintAndLog("Waiting for a response from the proxmark...");
 			PrintAndLog("Don't forget to cancel its operation first by pressing on the button");
 			break;
 		}
 	}
 	return false;
 }
 bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
 	return WaitForResponseTimeoutW(cmd, response, ms_timeout, true);
 }
--- a/client/mifarehost.c
+++ b/client/mifarehost.c
@ -540,36 +540,12 @@ int mfCSetUID(uint8_t *uid, uint8_t *atqa, uint8_t *sak, uint8_t *oldUID) {
 	return 0;
 }
-int mfCIdentify()
+int mfCIdentify() {
-{
+	UsbCommand c = {CMD_MIFARE_CIDENT, {0, 0, 0}};
 	UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
 	SendCommand(&c);
 	UsbCommand resp;
 	WaitForResponse(CMD_ACK,&resp);
 	// iso14a_card_select_t card;
 	// memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
 	// uint64_t select_status = resp.arg[0];		// 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
 	// if(select_status != 0) {
 		// uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0
 		// c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT;
 		// c.arg[1] = 2;
 		// c.arg[2] = 0;
 		// memcpy(c.d.asBytes, rats, 2);
 		// SendCommand(&c);
 		// WaitForResponse(CMD_ACK,&resp);
 	// }
 	c.cmd = CMD_MIFARE_CIDENT;
 	c.arg[0] = 0;
 	c.arg[1] = 0;
 	c.arg[2] = 0;
 	SendCommand(&c);
 	WaitForResponse(CMD_ACK,&resp);
 	uint8_t isGeneration = resp.arg[0] & 0xff;
 	switch( isGeneration ){
 		case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;
@ -577,13 +553,6 @@ int mfCIdentify()
 		default: PrintAndLog("No chinese magic backdoor command detected"); break;
 	}
 	// disconnect
 	c.cmd = CMD_READER_ISO_14443a;
 	c.arg[0] = 0;
 	c.arg[1] = 0;
 	c.arg[2] = 0;
 	SendCommand(&c);
 	return (int) isGeneration;
 }
@ -934,3 +903,72 @@ int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data,
 	return 0;
 }
 /** validate_prng_nonce
 * Determine if nonce is deterministic. ie: Suspectable to Darkside attack.
 * returns
 *   true = weak prng
 *   false = hardend prng
 */
 bool validate_prng_nonce(uint32_t nonce) {
 	uint16_t *dist = 0;
 	uint16_t x, i;
 	dist = malloc(2 << 16);
 	if(!dist)
 		return -1;
 	// init prng table:
 	for (x = i = 1; i; ++i) {
 		dist[(x & 0xff) << 8 | x >> 8] = i;
 		x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15;
 	}
 	uint32_t res = (65535 - dist[nonce >> 16] + dist[nonce & 0xffff]) % 65535;
 	free(dist);	
 	return (res == 16);
 }
 /* Detect Tag Prng, 
 * function performs a partial AUTH,  where it tries to authenticate against block0, key A, but only collects tag nonce.
 * the tag nonce is check to see if it has a predictable PRNG.
 * @returns 
 *	TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack)
 *   FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)
 */
 int DetectClassicPrng(void){
 	UsbCommand resp, respA;	
 	uint8_t cmd[] = {0x60, 0x00}; // MIFARE_AUTH_KEYA
 	uint32_t flags = ISO14A_CONNECT | ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_RATS;
 	UsbCommand c = {CMD_READER_ISO_14443a, {flags, sizeof(cmd), 0}};
 	memcpy(c.d.asBytes, cmd, sizeof(cmd));
 	clearCommandBuffer();
 	SendCommand(&c);
 	if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
        PrintAndLog("PRNG UID: Reply timeout.");
 		return -1;
 	}
 	// if select tag failed.
 	if (resp.arg[0] == 0) {
 		PrintAndLog("PRNG error: selecting tag failed, can't detect prng.");
 		return -1;
 	}
 	if (!WaitForResponseTimeout(CMD_ACK, &respA, 5000)) {
        PrintAndLog("PRNG data: Reply timeout.");
 		return -1;
 	}
 	// check respA
 	if (respA.arg[0] != 4) {
 		PrintAndLog("PRNG data error: Wrong length: %d", respA.arg[0]);
 		return -1;
 	}
 	uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]);
 	return validate_prng_nonce(nonce);
 }
--- a/client/mifarehost.h
+++ b/client/mifarehost.h
@ -60,5 +60,6 @@ extern int saveTraceCard(void);
 extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);
 extern int mfCIdentify();
 extern int DetectClassicPrng(void);
 #endif
--- a/client/proxmark3.c
+++ b/client/proxmark3.c
@ -73,12 +73,11 @@ static void *uart_receiver(void *targ) {
 	while (arg->run) {
 		rxlen = 0;
-		if (uart_receive(sp, prx, sizeof(UsbCommand) - (prx-rx), &rxlen)) {
+		if (uart_receive(sp, prx, sizeof(UsbCommand) - (prx-rx), &rxlen) && rxlen) {
 			prx += rxlen;
 			if (prx-rx < sizeof(UsbCommand)) {
 				continue;
 			}
 			UsbCommandReceived((UsbCommand*)rx);
 		}
 		prx = rx;
@ -356,11 +355,13 @@ int main(int argc, char* argv[]) {
 		sp = uart_open(argv[1]);
 	} else {
 		printf("Waiting for Proxmark to appear on %s ", argv[1]);
 		fflush(stdout);
 		int openCount = 0;
 		do {
 			sp = uart_open(argv[1]);
 			msleep(1000);
 			printf(".");
 			fflush(stdout);
 		} while(++openCount < 20 && (sp == INVALID_SERIAL_PORT || sp == CLAIMED_SERIAL_PORT));
 		printf("\n");
 	}
--- a/common/crapto1/crapto1.c
+++ b/common/crapto1/crapto1.c
@ -426,7 +426,6 @@ int nonce_distance(uint32_t from, uint32_t to)
 	return (65535 + dist[to >> 16] - dist[from >> 16]) % 65535;
 }
 static uint32_t fastfwd[2][8] = {
 	{ 0, 0x4BC53, 0xECB1, 0x450E2, 0x25E29, 0x6E27A, 0x2B298, 0x60ECB},
 	{ 0, 0x1D962, 0x4BC53, 0x56531, 0xECB1, 0x135D3, 0x450E2, 0x58980}};
--- a/common/usb_cdc.c
+++ b/common/usb_cdc.c
@ -44,6 +44,11 @@
 #define AT91C_EP_OUT_SIZE 0x40
 #define AT91C_EP_IN_SIZE  0x40
 // Language must always be 0.
 #define STR_LANGUAGE_CODES 0x00
 #define STR_MANUFACTURER   0x01
 #define STR_PRODUCT        0x02
 static const char devDescriptor[] = {
 	/* Device descriptor */
 	0x12,      // bLength
@ -56,8 +61,8 @@ static const char devDescriptor[] = {
 	0xc4,0x9a, // Vendor ID (0x9ac4 = J. Westhues)
 	0x8f,0x4b, // Product ID (0x4b8f = Proxmark-3 RFID Instrument)
 	0x01,0x00, // Device release number (0001)
-	0x01,      // iManufacturer
+	STR_MANUFACTURER,  // iManufacturer
-	0x02,      // iProduct
+	STR_PRODUCT,       // iProduct
 	0x00,      // iSerialNumber
 	0x01       // bNumConfigs
 };
@ -157,7 +162,9 @@ static const char StrDescLanguageCodes[] = {
  0x03,			// Type is string
  0x09, 0x04	// supported language Code 0 = 0x0409 (English)
 };
-	
+
 // Note: ModemManager (Linux) ignores Proxmark3 devices by matching the
 // manufacturer string "proxmark.org". Don't change this.
 static const char StrDescManufacturer[] = {
  26,			// Length
  0x03,			// Type is string
@ -182,20 +189,18 @@ static const char StrDescProduct[] = {
  'M', 0x00,
  '3', 0x00
 };
 static const char* const pStrings[] =
 {
    StrDescLanguageCodes,
    StrDescManufacturer,
 	StrDescProduct
 };
 const char* getStringDescriptor(uint8_t idx)
 {
-    if(idx >= (sizeof(pStrings) / sizeof(pStrings[0]))) {
+	switch (idx) {
-        return(NULL);
+		case STR_LANGUAGE_CODES:
-	} else {
+			return StrDescLanguageCodes;
-		return(pStrings[idx]);
+		case STR_MANUFACTURER:
 			return StrDescManufacturer;
 		case STR_PRODUCT:
 			return StrDescProduct;
 		default:
 			return NULL;
 	}
 }
--- a/fpga/hi_read_rx_xcorr.v
+++ b/fpga/hi_read_rx_xcorr.v
@ -34,13 +34,13 @@ always @(negedge ck_1356megb)
 (* clock_signal = "yes" *) reg adc_clk;				// sample frequency, always 16 * fc
 always @(ck_1356megb, xcorr_is_848, xcorr_quarter_freq, fc_div)
-	if (xcorr_is_848 & ~xcorr_quarter_freq)			// fc = 847.5 kHz
+	if (xcorr_is_848 & ~xcorr_quarter_freq)			// fc = 847.5 kHz, standard ISO14443B
 		adc_clk <= ck_1356megb;
-	else if (~xcorr_is_848 & ~xcorr_quarter_freq)	// fc = 424.25 kHz 
+	else if (~xcorr_is_848 & ~xcorr_quarter_freq)	// fc = 423.75 kHz 
 		adc_clk <= fc_div[0];
-	else if (xcorr_is_848 & xcorr_quarter_freq)		// fc = 212.125 kHz
+	else if (xcorr_is_848 & xcorr_quarter_freq)		// fc = 211.875 kHz
 		adc_clk <= fc_div[1];
-	else 											// fc = 106.0625 kHz
+	else 											// fc = 105.9375 kHz
 		adc_clk <= fc_div[2];
 // When we're a reader, we just need to do the BPSK demod; but when we're an
@ -69,13 +69,16 @@ begin
    end
 end
-// Let us report a correlation every 4 subcarrier cycles, or 4*16 samples,
+// Let us report a correlation every 4 subcarrier cycles, or 4*16=64 samples,
 // so we need a 6-bit counter.
 reg [5:0] corr_i_cnt;
 // And a couple of registers in which to accumulate the correlations.
-// we would add/sub at most 32 times adc_d, the signed result can be held in 14 bits. 
+// We would add at most 32 times the difference between unmodulated and modulated signal. It should
-reg signed [13:0] corr_i_accum;
+// be safe to assume that a tag will not be able to modulate the carrier signal by more than 25%.
-reg signed [13:0] corr_q_accum;
+// 32 * 255 * 0,25 = 2040, which can be held in 11 bits. Add 1 bit for sign.
 reg signed [11:0] corr_i_accum;
 reg signed [11:0] corr_q_accum;
 // we will report maximum 8 significant bits
 reg signed [7:0] corr_i_out;
 reg signed [7:0] corr_q_out;
 // clock and frame signal for communication to ARM
@ -99,16 +102,16 @@ begin
    begin
        if(snoop)
        begin
-			// Send only 7 most significant bits of tag signal (signed), LSB is reader signal:
+			// Send 7 most significant bits of tag signal (signed), plus 1 bit reader signal
-            corr_i_out <= {corr_i_accum[13:7], after_hysteresis_prev_prev};
+            corr_i_out <= {corr_i_accum[11:5], after_hysteresis_prev_prev};
-            corr_q_out <= {corr_q_accum[13:7], after_hysteresis_prev};
+            corr_q_out <= {corr_q_accum[11:5], after_hysteresis_prev};
 			after_hysteresis_prev_prev <= after_hysteresis;
        end
        else
        begin
-            // 8 most significant bits of tag signal
+            // 8 bits of tag signal
-            corr_i_out <= corr_i_accum[13:6];
+            corr_i_out <= corr_i_accum[11:4];
-            corr_q_out <= corr_q_accum[13:6];
+            corr_q_out <= corr_q_accum[11:4];
        end
        corr_i_accum <= adc_d;
--- a/fpga/hi_read_tx.v
+++ b/fpga/hi_read_tx.v
@ -24,33 +24,36 @@ module hi_read_tx(
    output dbg;
    input shallow_modulation;
 // low frequency outputs, not relevant
 assign pwr_lo = 1'b0;
 assign pwr_oe2 = 1'b0;
 // The high-frequency stuff. For now, for testing, just bring out the carrier,
 // and allow the ARM to modulate it over the SSP.
 reg pwr_hi;
 reg pwr_oe1;
 reg pwr_oe2;
 reg pwr_oe3;
 reg pwr_oe4;
 always @(ck_1356megb or ssp_dout or shallow_modulation)
 begin
    if(shallow_modulation)
    begin
        pwr_hi <= ck_1356megb;
-        pwr_oe1 <= ~ssp_dout;
+        pwr_oe1 <= 1'b0;
-        pwr_oe2 <= ~ssp_dout;
+        pwr_oe3 <= 1'b0;
-        pwr_oe3 <= ~ssp_dout;
+        pwr_oe4 <= ~ssp_dout;
        pwr_oe4 <= 1'b0;
    end
    else
    begin
        pwr_hi <= ck_1356megb & ssp_dout;
        pwr_oe1 <= 1'b0;
        pwr_oe2 <= 1'b0;
        pwr_oe3 <= 1'b0;
        pwr_oe4 <= 1'b0;
    end
 end
 // Then just divide the 13.56 MHz clock down to produce appropriate clocks
 // for the synchronous serial port.
@ -83,7 +86,6 @@ end
 assign ssp_din = after_hysteresis;
 assign pwr_lo = 1'b0;
 assign dbg = ssp_din;
 endmodule
--- a/uart/uart_win32.c
+++ b/uart/uart_win32.c
@ -107,15 +107,13 @@ void uart_close(const serial_port sp) {
  free(sp);
 }
-bool uart_receive(const serial_port sp, byte_t* pbtRx, size_t pszMaxRxLen, size_t* pszRxLen) {
+bool uart_receive(const serial_port sp, byte_t *pbtRx, size_t pszMaxRxLen, size_t *pszRxLen) {
-  ReadFile(((serial_port_windows*)sp)->hPort,pbtRx,pszMaxRxLen,(LPDWORD)pszRxLen,NULL);
+  return ReadFile(((serial_port_windows*)sp)->hPort, pbtRx, pszMaxRxLen, (LPDWORD)pszRxLen, NULL);
  return (*pszRxLen != 0);
 }
 bool uart_send(const serial_port sp, const byte_t* pbtTx, const size_t szTxLen) {
  DWORD dwTxLen = 0;
-  return WriteFile(((serial_port_windows*)sp)->hPort,pbtTx,szTxLen,&dwTxLen,NULL);
+  return WriteFile(((serial_port_windows*)sp)->hPort, pbtTx, szTxLen, &dwTxLen, NULL);
  return (dwTxLen != 0);
 }
 bool uart_set_speed(serial_port sp, const uint32_t uiPortSpeed) {