* Check for Credidt Keys as well
* reduce authentication tries from 6 to 3
* correct text in 'hf iclass clone' for 'l' parameter
* some reformatting and whitespace fixes
* chg: write new dump file format by @mceloff
* chg: rename 'hf mfu dump' option 'n' to 'f' to align with other commands and RRG repo
* chg: replace ISO14443A_CMD_READBLOCK by MIFARE_CMD_READBLOCK, same for WRITEBLOCK
* fix: mifare_ultra_readblock() returned 14 bytes instead of 16
* chg: param_gethex_ex() now checks maximum output buffer length
* chg: ul_comp_write() was incomplete and for magic testing only
* fix: 16bit ULC counter had been displayed as 32bit
* chg: add check for 7 Byte UID, drop check for ATQA in type identification GetHF14AMfU_Type()
* fix: send HALT instead of dropping field in order to maintain a defined state
* chg: DropField() when command ends
* chg: check for invalid page ranges in 'hf mfu dump'
* fix: print correct lock bits when page range is used
* fix: do not write (incomplete) dumpfile when page range is used
* add: use UID for filename when no filename is given (RRG repo)
* chg: don't clear trace on each ULC authentication, clear trace at beginning of each command
* fix: don't send (DESFire?) deselect command after authentication
* add PCSC interface (pcsc.c and pcsc.h)
* new command 'sc select' to choose an USB Smartcard Reader
* updated CI/.travis.yml accordingly
* remove TCK CRC check in i2c.c It is done in PrintATR() anyway
* Fix TCK CRC check in PrintATR()
* Add PCSC reader support to 'sc info'
* this should fix crashes reported in issue #497
* don't allow receiver thread to write directly into arbitrary main thread's memory
* instead use cmdBuffer[] for CMD_DOWNLOADED_RAW_ADC_SAMPLES_125K as well
* add timeout and warning options to GetFromBigBuf(), same as in WaitForResponseTimeoutW()
* move GetFromBigBuf() from data.c to comms.c
* remove data.c and data.h
* add -c (execute command from command line)
* fix: sometimes proxmark executes command twice...
* fix: start proxmark from QT was in a strange way (if we issue command very fast - it hangs)
* added -l (execute lua script)
* rework help
* small memory management bugfix
* small fix in executing command files
* enable piping from STDIN
* coverity fixes
cmdhflegic- indications are the i in calls to data_buf[i] could = 1052
and overflow the array.
cmdhfmfhard - +1 to add space for string null terminator - should we add
the 0 terminator value too?
reveng.c - memory leak
util.c - fix potential overflow of array buf[]
util_posix.c - possible integer overflow
* fix help errors
* fix sprint_hex_ascii
again
and this function is not even used anywhere... yet...
* Fix compile errors with MacOS
- _POSIX_C_SOURCE must not be defined for num_CPU()
* separate util_posix.c require changes in tools directory as well
* remove unnecessary self-include
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
add parameter for # bits to read
auto get samples after lf read/snoop (don't need to do a `data samples`
anymore)
add safe function to get DemodBuffer
add some lf demod comments and apply new lf_read function instead of
read then get samples.
fixed output bug in lf t55xx config print
fixed small bug in lf t55xx detect during ST check
fix noralsy demod bug (st should be true)
fix sprint_bin_break bug (didn't print last bit)
add a function to save/restore demodbuffer
remove redundant countFC call in PSKDemod
clean up pskclockdetect functions
fix indala26decode bug (end of data sometimes not correct)
improve PSK detection / demodulation
improve NRZ detection
improve t55xx commands & fix a few bugs
add t55xx page1 detection - added it to lf search
added experimental t55xx testmode write
* Fixed compile error in MinGW
Some versions of MinGW miss some definitions. In order to be able to
compile I redefined a function and added an explicit include. It is only
a quick workaround, as other people also seemed to have the same
problem. It should be checked whether a better solution is possible.
* Removed _ftime_s redefine, calling _ftime directly
lf viking from other users - just put my spin on it
lf awid refactored code - possible to make it not 26bit specific now
with minor chanages
lfdemod.c now supports extra debug printing if `data setdebug` = 2 when
not on device (on client not arm)
+ add xor calc to util (prep for desfire)
commented out MifareUWriteBlockCompat as it isn't used in client
currently (it is a command we could support.. but why?)
relabeled a few device side mfu functions to be clearer.
