dandri/ChameleonUltra
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/ChameleonUltra.git synced 2026-06-07 04:31:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,015 Commits 6 Branches 4 Tags
efa2ea2c7bf1d619d42d1efd2dbf6b9ac1eb982e
Commit Graph

234 Commits

Author SHA1 Message Date
Niel Nielsen efa2ea2c7b protocol ISO 14443-4 and emv scan, loading json file from PM3rdv4 2026-04-07 10:23:58 +02:00
GameTec-live 93c1e150ab Merge pull request #361 from azuwis/esave
Deploy wiki to GitHub Pages with Jekyll / build (push) Failing after 56s
Details
Deploy wiki to GitHub Pages with Jekyll / deploy (push) Has been skipped
Details
Push handler / Build Firmware (push) Failing after 47s
Details
Push handler / Create dev pre-release with artifacts (push) Has been skipped
Details
Push handler / Create tagged release with artifacts (push) Has been skipped
Details 
Fix `param error` of `hf mf esave`
 2026-04-06 18:30:30 +02:00
Kevin Yuan eddbb31c05 Merge branch 'main' into pac-emulation 2026-04-06 16:43:41 +01:00
GameTec-live b77af1e779 Merge pull request #389 from Crazycurly/main
Deploy wiki to GitHub Pages with Jekyll / build (push) Failing after 1m7s
Details
Deploy wiki to GitHub Pages with Jekyll / deploy (push) Has been skipped
Details
Push handler / Build Firmware (push) Failing after 1m2s
Details
Push handler / Create dev pre-release with artifacts (push) Has been skipped
Details
Push handler / Create tagged release with artifacts (push) Has been skipped
Details 
feat(cli): integrate HardNested attack into autopwn
 2026-04-04 20:12:31 +02:00
Kevin Yuan 3924ad134b Merge branch 'main' into pac-emulation 2026-04-02 14:17:42 +01:00
Niel Nielsen ce932d2e8a feat(data): add LF capture analysis commands 2026-04-02 07:43:16 +02:00
Sam 6f4722a964 feat(cli): integrate hardnested attack into autopwn for HardNested vulnerable cards 
When autopwn detects a HardNested vulnerable card (nt_level=2) with some known keys,
it now automatically attempts to recover remaining keys using the hardnested attack,
instead of only printing an advisory message. The implementation:

- Iterates over each missing key slot, picking a known key before each attempt
  (allows newly recovered keys to be reused for subsequent targets)
- Invokes hardnested.recover_key() with standard parameters (200 max runs, 3 max attempts)
- After each found key, checks if it is reusable for other sectors
- Falls back to senested attack if hardnested does not recover all keys

This matches the existing behavior for nested and static-encrypted-nested attacks.
 2026-03-25 16:30:48 +08:00
Kevin Yuan f5d721bbfd PAC/Stanley CLI: replace --id with --cn/--raw (PM3 parity) 
Split the single --id argument into --cn (8 ASCII chars) and --raw
(32 hex char T55XX bitstream, directly compatible with PM3 raw output).
Add Python-side PAC bitstream encoder/decoder for raw format support.
Output now shows CN and Raw labels matching PM3's format.

Add NRF_LOG module registration to pac.c for debug logging,
consistent with other protocol implementations.

Reassign PAC command IDs (3014/3015) to avoid collision with ioProx
(3010/3011) after rebase onto upstream/main.
 2026-03-24 15:04:41 +00:00
Kevin Yuan 69327ded7d Clean up PAC/Stanley CLI: remove debug command, accept ASCII IDs, handle unknown tag types gracefully 
- Remove lf pac debug command (development-only)
- Accept both 16-hex and 8-ASCII card ID formats with 7-bit validation
- Add T55xx write command under lf pac write
- Handle unknown TagSpecificType values in slot list without crashing
- Auto-initialize slot data when setting tag type
- Simplify pac_write_to_t55xx by removing unused key parameters
 2026-03-24 14:41:22 +00:00
Kevin Yuan 2fd1a260cf Add PAC/Stanley LF tag emulation support 
Implements NRZ/Direct modulation at RF/32 for PAC/Stanley tag emulation.
The modulator encodes 8-byte ASCII card IDs into 128-bit NRZ frames
(0xFF sync + 12 UART frames) and generates PWM waveforms using constant
output levels (compare=counter_top for HIGH, compare=0 for LOW).

Firmware: modulator in pac.c, load/save/factory callbacks in lf_tag_em,
tag_emulation registration, SET/GET_EMU_ID commands (5006/5007).
CLI: pac_set/get_emu_id methods, 'lf pac econfig' command, hw slot list
display for PAC tags.
 2026-03-24 14:38:46 +00:00
Kevin Yuan c494a2cc81 Add PAC/Stanley LF tag reading support 
Implements NRZ/Direct modulation decoder for PAC/Stanley 125kHz cards
using SAADC ADC sampling with spike-aware threshold calibration.
The LC antenna produces brief high-amplitude transients at NRZ transitions
which are clipped before the moving-average filter to isolate the actual
data levels.
 2026-03-24 14:37:25 +00:00
Jozef Bernadic 1b6701661d feat(cli): add ioProx commands 2026-03-03 16:24:26 +01:00
Luu dbc8ce0526 autopwn command added 2026-02-18 22:40:38 +01:00
Zhong Jianxin 9d483cdc5e Fix param error of hf mf esave 
Step to reproduce:

```
[USB] chameleon --> hf mf esave -f test.bin
API request fail, param error
```

Commit d95112f821 change
NETDATA_MAX_DATA_LENGTH from 512 to 4096, this increase max block count
to 256, while [cmd_processor_mf1_read_emu_block_data][1] hardcode max
block count to 32

[1]: https://github.com/RfidResearchGroup/ChameleonUltra/blob/b108c84af9b473c840ddcae6f769502adb6c5aa5/firmware/application/src/app_cmd.c#L1088
 2026-02-17 09:52:59 +08:00
Benjamin Moeller 5ee9254012 Delete invalid escape charater in message 2026-02-07 22:58:44 +01:00
GameTec-live 4d3479943f Merge branch 'main' into enh-clone 2026-02-07 20:43:59 +01:00
GameTec-live 38e3567add Merge pull request #306 from merlokk/lf_read_adc 
Adds generic ADC read functionality
 2026-02-07 20:42:25 +01:00
GameTec-live 2c7c3eeb4d Merge pull request #352 from suut/fix_bad_missing_tools_warning 
Fix bad missing tools warning
 2026-02-06 23:58:07 +01:00
suut 688bb452aa Fix bad missing tools warning 2026-02-06 21:39:19 +01:00
GameTec-live 9ae0755d80 Merge pull request #332 from RickConsole/fix-hidprox-cli-args 
fix hidprox UnboundLocalError cli arg error + hidprox slot set warning
 2026-02-06 11:19:48 +01:00
GameTec-live 3755bc24ce Merge pull request #307 from azuwis/hf-14a-config 
Add `hf 14a config` to deal with badly configured cards
 2026-02-06 11:19:23 +01:00
GameTec-live 41937c52a3 Merge pull request #338 from naaraxi/main 
Add Electra intercom tag support with slot auto switch
 2026-02-03 22:45:19 +01:00
Alexandru Mazâlu 35192d9fc1 Merge branch 'RfidResearchGroup:main' into main 2026-02-03 12:49:45 +02:00
yuyangzhang eaa366b453 fix cli arg parser for FIELD_OFF_DO_RESET 2026-02-03 12:16:51 +10:00
Rick Console 997f6bcaab Merge branch 'main' into fix-hidprox-cli-args 2026-02-02 15:58:42 -05:00
Zhong Jianxin b967bdcd98 Add hf 14a config to deal with badly configured cards 2026-02-02 20:48:03 +08:00
Konstantin Ilchenko 613987b4f4 Shortened set_field_off_do_reset to field_off_do_reset CLI flags 2026-02-02 12:21:39 +02:00
Konstantin Ilchenko c1b9df0e5d Added FIELD_OFF_DO_RESET support to cli hf mf econfig 2026-02-02 12:18:26 +02:00
GameTec-live d303ddb9c7 Merge pull request #316 from brewt/hidprox-hw-slot-list-formatting 
Fix HIDProx formatting with `hw slot list`
 2026-02-01 15:05:53 +01:00
GameTec-live ef76f794d0 Merge pull request #341 from MusicLeecher/main 
Fix typo in hid prox econfig and add ACTProx HID card type
 2026-02-01 15:04:37 +01:00
Alexandru Mazâlu d1ad03a567 Merge branch 'RfidResearchGroup:main' into main 2026-01-30 23:57:30 +02:00
Gabriel Cardoso 8ed2677ba2 - added ACT Prox HID format 2026-01-26 19:06:34 +00:00
Gabriel Cardoso 71e45a3194 - fix typo in hidprox econfig set/get function 2026-01-26 18:34:06 +00:00
Alexandru Mazalu c1c2b66882 Add Electra intercom tag support with slot auto switch 2026-01-24 14:45:15 +02:00
suut 8f0a9240ba Fix linter errors 2026-01-24 02:09:48 +01:00
GameTec-live 00de9663f3 Merge pull request #315 from brewt/color-string-em-read-fix 
Fix error in `lf em 410x read` from color_string()
 2026-01-21 22:56:47 +01:00
noproto 1ee7da63b1 Add initial ULCG/USCUID-UL support 2026-01-19 23:29:05 +01:00
Rick Console b272682546 fix hidprox UnboundLocalError cli arg error 2026-01-19 00:09:33 -05:00
Adrian Yee efbf79e497 Fix HIDProx formatting with hw slot list 
Fix HIDProx formatting to match the formatting of all other card types.
 2025-10-30 16:53:33 -07:00
Adrian Yee 7efde79235 Fix error in lf em 410x read from color_string() 
Fix bug in color_string() usage introduced by 35d2f40 (bug #295).
 2025-10-30 16:41:12 -07:00
Oleg Moiseenko f5bed3c5b1 Adjusts LF ADC raw data processing 
Adjusts the bit shift for ADC raw data conversion to refine the value range.
 2025-10-09 09:42:43 +03:00
Oleg Moiseenko e2c6bfc9e1 Adds generic ADC read functionality 
This introduces a new command to sample the ADC values from the LF antenna and returns them to the user.
 2025-10-09 00:32:07 +03:00
Jeremy Brown d440d98d12 Cleaned up follow-up issues 2025-09-19 01:11:46 -04:00
Jeremy Brown 35d2f40ff5 Switched to function for color stings 2025-09-11 11:52:05 -04:00
Derek Jamison 8c670f8554 Add LF Viking support 2025-08-29 11:00:02 -04:00
GameTec-live 09870c3fc5 Merge pull request #276 from Foxushka/ultralight-key-log 
Mifare Ultralight key logger from reader
 2025-08-19 19:59:39 +02:00
GameTec-live 13432c9080 Merge pull request #266 from azuwis/hardnested-execute-tool 
Use execute_tool to simplify running hardnested tool
 2025-08-19 11:42:35 +02:00
GameTec-live 4c1096d1b6 Merge pull request #239 from taichunmin/mfkey32 
`hf mf elog --decrypt` skip records with found keys
 2025-08-14 11:07:50 +02:00
GameTec-live 039c54a62f Merge pull request #279 from TeCHiScy/hidcopy 
feat: offline HIDProx tag copy
 2025-08-14 07:25:30 +02:00
GameTec-live 27e7d504c6 Merge pull request #275 from unkernet/python_39 
Restore Python 3.9 compatibility for Chameleon CLI
 2025-08-13 21:59:32 +02:00