Commit graph

125 commits

Author SHA1 Message Date
pwpiwi
44964fd181
Code cleanup (#616)
* coverity fixes (including a real bug in cmdhftopaz.c)
* Typo fix
* replace TRUE/FALSE by stdbool true/false
2018-06-13 08:13:20 +02:00
pwpiwi
ad939de501
USB comms: part 4 towards @micolous PR #463
* make uart_communication(), storeCommand() and getCommand() static in comms.c
* move receiver thread creation and respective mutexes to comms.c
* add mutex and signal for tx buffer
* use comms.c for flasher as well
* remove comm functions from client/proxmark3.h
* this completes isolating all USB communication related functions in comms.c
* don't assume a port to be defined by a name. Change parameter in OpenProxmark() to void*
* comms.c: set sp and serial_port_name to NULL when offline
2018-06-03 14:25:20 +02:00
Oleg Moiseenko
a37725facf add nested auth decoding to hf mf sniff 2018-02-09 15:50:55 +01:00
Arnie97
32e6891a05 hf mf nested: use bitwise or instead. (#556) 2018-02-01 08:09:14 +01:00
Arnie97
7b7416bd3b hf mf nested: transfer keys to the correct block in one sector mode. 2018-01-27 01:55:38 +08:00
Arnie97
36545f0a56 hf mf eset: reuse mfEmlSetMem(). 2018-01-27 01:09:56 +08:00
Arnie97
4e002980af hf mf ecfill: Add the missing line break. 2018-01-25 14:39:27 +08:00
Oleg Moiseenko
8ec06f5ef3 hf mf sniff: small fixes 2018-01-12 22:37:55 +01:00
Iceman
932af56ea0
Merge pull request #538 from merlokk/hardnestedsetsimd
hardnested SIMD select
2018-01-06 18:54:27 +01:00
merlokk
362d203909 works 2018-01-02 22:28:13 +02:00
Iceman
e1e7a09db1
Merge pull request #533 from merlokk/chktd
fix #532. looks at length of parameters.
2017-12-30 15:23:14 +01:00
Pierre Pronchery
3ded0f97d3 Khorben/warnings (#519)
* Fix warnings and missing #include for <ctype.h>
* Avoid a warning in client/util.c
2017-12-28 17:56:18 +01:00
merlokk
55b700a0ac fix #532. looks at length of parameters. 2017-12-28 13:29:30 +02:00
ikarus
6148817a7f fix: usage and sample text of hf mf cwipe 2017-12-06 23:30:27 +01:00
pwpiwi
e537c3e894 fix memory overflow in hf mf nested (issue #479) 2017-11-12 18:08:57 +01:00
William S. Moses
874572d419 Fix memory bounds error 2017-11-11 16:15:29 -05:00
Oleg Moiseenko
0c86cb0127 Check keys in hf mf nested (issue #426)
* hf mf nested added 14a timeout for check keys
* hf mf nested added options s and ss
2017-10-18 21:44:59 +02:00
Oleg Moiseenko
275d9e61c2 Check keys in hf mf nested and hf mf chk (#414)
Improve hf mf chk and hf mf nested
* hf mf chk. added interrupt of procedure by usb
* extract mifare default keys into separate module
* arm side multisector `hf mf chk`
* hf mf nested. change key search procedure
* hf mf nested. added key check after we have found a key.
* small fix hf list f
* hf mf chk. add timeout (arm side) and some tweaks.
2017-10-15 21:19:34 +02:00
Oleg Moiseenko
adf023ffe3 hf mf nested add some functionality (#403)
* Added nested auto mode. it checks known keys and then launches nested
* Check if we allready have all keys after nested
2017-10-05 13:37:51 +02:00
Fl0-0
a2d058f3aa Fix typo and gcc-7 warnings (#401)
* Fix typo in hf mf csave help
* Fix gcc 7 warning: '~' on an expression of type bool [-Wbool-operation], use logical ! not instead of ~
* Fix gcc 7 warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
* Fix gcc 7 warning: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier]
2017-09-26 16:36:05 +02:00
merlokk
2ce43a28f7 fixed #395 2017-09-26 14:29:08 +03:00
Oleg Moiseenko
3a05a1e739 reworking magic cheneese card wipe (#365)
Implement hf mf cwipe. Remove wipe parameter from hf mf csetuid.
2017-09-22 19:40:42 +02:00
Fl0-0
7906cb41ff Improve 'Magic' Mifare tags generation detection & hf mf c* commands magic 4k compatibility (#349)
* Improve 'Magic' Mifare tags detection

* Magic Mifare tags detection and version printing

* Magic s50/1k tag halt error correction for cload and csave

* hf mf c* commands for gen1b

* Use |= for bitwise operation

* gen1b: don't issue wipe command and don't expect response from WUPC1 magic command after a SELECT_UID: old UID display works in hf mf csetuid

* hf mf cgetsc compatibility for 4k

* hf mf csave compatibility for 4k

* hf mf cload compatibility for 4k, suppress halt errors messages for debug level 2

* Revert to MF_DBG_ERROR level in mifare_classic_halt() and don't issue the halt command for gen1b

* Improve 'Magic' Mifare tags generation detection & hf mf c* commands magic 4k compatibility
2017-07-12 15:58:32 +02:00
Iceman
1e11e5d762 bug: hf mf chk - wrong size
bug:  'hf mf chk' - size of keycounter variable is too small for dictionary files larger than 256rows.
2017-06-12 15:07:00 +02:00
pwpiwi
ec9c71129f Fix compile errors with MacOS (#312)
* Fix compile errors with MacOS
- _POSIX_C_SOURCE must not be defined for num_CPU()

* separate util_posix.c require changes in tools directory as well

* remove unnecessary self-include
2017-06-07 22:35:20 +02:00
marshmellow42
e57c8b2e56 more coverity fixes
plus fix some spacing in functions i touched.
2017-06-06 12:45:00 -04:00
marshmellow42
3d542a3dfa coverity scan bug fixes
mfu keyNo buffer overflow
mf reader attack key count reduced to not overrun c.d.asBytes buffer.
2017-06-06 12:12:18 -04:00
pwpiwi
c48c4d7856 New: implementing hf mf hardnested
This implements the attack described in
	Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
	Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
	Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
2017-05-31 07:30:56 +02:00
pwpiwi
4cb4b588c2 Deduplicate mfkey32 and mfkey64
- rename client/nonce2key.[ch] to mfkey.[ch]
- leave only main() wrapper in tools/mfkey
- add mfkey32 and mfkey64 to .gitignore
2017-03-23 18:38:17 +01:00
pwpiwi
7779d73c71 Code cleanup: Refactoring nonce2key
- include nonce2key() in mifarehost.c
- remove tools/nonce2key
- simplify mifare_autopwn.lua
2017-03-20 21:16:57 +01:00
pwpiwi
acf0582d53 Provide msclock() as Milliseconds timer for performance measures (#231)
- don't use clock(). It has different functionalities in Windows and Linux
- move sleep functions to util.h
2017-03-12 15:06:27 +01:00
pwpiwi
7cb8516cb5 Client code cleanup:
- cleanup some header files and respective #includes
- rearrange functions (definition before first use)
- use SCNxxx instead of PRIxxx macros in scanf()
- use stdbool true/false instead of self defined TRUE/FALSE
2017-03-06 21:03:13 +01:00
marshmellow42
40c6a02bc9 Add a retry loop to hf mf dump
helps get the data dumped even if positioning isn't 100% perfect.

also switched em4x05 commands to WaitUS instead of SpinDelayUs, per
@pwpiwi 's suggestion.
2017-02-28 11:09:42 -05:00
pwpiwi
4c16ae80f0 Code cleanup:
- correctly using stdtypes.h printf and scanf format string macros (PRIx64 et al)
- coverity fixes to client/cmdhfmf.c
- fix linker warning re missing entry point when linking fullimage.elf
2017-02-23 18:29:03 +01:00
pwpiwi
43534cbad2 Code cleanup:
- correctly use inttypes.h scanf and printf macros (PRIx64 et al)
- fix indendation warnings
2017-02-22 22:45:00 +01:00
Michael Farrell
5b5489baf4 hf mf sim: Multiple fixes from review of PR #209.
- Don't increment the nonce when random mode is disabled (this breaks the
  standard attack).

- Don't attempt the standard attack when random mode is enabled (there's no
  point as it won't work, per comments from @pwpiwi).

- Attempt the moebius attack if the standard attack fails.
2017-01-26 20:30:13 +11:00
Michael Farrell
f9c1dcd9f6 Adds random nonce (r) option to hf mf sim.
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card.  A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).

The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.

This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
2017-01-26 18:32:25 +11:00
marshmellow42
ef3f88bca9 disable extra attack - disable stats.txt
Moebius attack didn't yield any better results in my testing so
disabling it, but allowing it to be re-enabled at will.
also disabled the auto logging of all keys with uid delimited file
stats.txt - can be uncommented when needed
2016-07-28 12:52:18 -04:00
marshmellow42
91f4d53123 couple bug fixes - clean up 2016-06-28 21:02:26 -04:00
marshmellow42
76ef5273d8 hf mf sim code cleanup - update changelog 2016-06-27 00:09:40 -04:00
marshmellow42
73ab92d14c mf 1k sim reader attack cleanup
add abort options - keyboard & button press.
2016-06-25 00:53:53 -04:00
marshmellow42
bbd118760b allow mf1k reader attack from file full of UIDs
also add UID to stats.txt collection.
2016-06-24 23:43:53 -04:00
marshmellow42
6eae192c41 fix bug in moebius nonce collection - now finishes
also cleaned up some comments
note previous update added the creation of a stats.txt file to generate
statistics of the differences between std mfkey32 and the moebius
version.
2016-06-24 16:46:11 -04:00
marshmellow42
c872d8c177 update hf mf sim x attack mode - start 10byte uid..
..support  (some from @iceman1001)
(sim reader attack currently testing std mfkey32 vs mfkey32_moebius
version...)  possibly will remove one later.
2016-06-24 01:31:27 -04:00
marshmellow42
79dcb9e090 improve hf mf sim x reader attack
can now directly extract multiple keys for multiple sectors
2016-06-22 11:03:37 -04:00
Martin Holst Swende
be6250d31b Merge pull request #140 from marshmellow42/iclass
iClass major updates
2015-10-13 09:39:04 +02:00
pwpiwi
8c6b22980c hf mf mifare: (finally) fix watchdog reset
- minor changes to sync
- try alternative strategies when debugging
2015-10-10 15:04:17 +02:00
marshmellow42
c54dff4f4a Merge remote-tracking branch 'Proxmark/master' into iclass
Conflicts:
	CHANGELOG.md
2015-10-07 09:34:47 -04:00
marshmellow42
1a5a73abae Add mifare crypto trace decryption utility
allows manual decryption of hf 14a snoop traces of a mf card.
someday we should fix hf mf sniff...
2015-10-07 00:24:55 -04:00
pwpiwi
dfb387bf0f hf mf mifare:
- gracefully exit on unsuccessful syncs instead of hard watchdog reset
2015-09-30 20:59:50 +02:00