a0efcb2686
fix data crypt - output error. We have 8 bytes.
2025-10-17 08:53:54 +02:00
f0d8690e73
hf 14a raw -s: add --wait for delay between select and command
2025-10-09 22:43:39 +02:00
11fe8f783a
Add --skip to hw tearoff, to cope with more complex commands. Example provided for hf mfu wrbl
2025-10-09 22:26:52 +02:00
4aac77aaa2
support for Ultralight AES auth in hf mfu info/rdbl/wrbl/dump/ndefread/wipe/setkey
2025-10-04 02:00:23 +02:00
b097e10aa3
this commit refactors the signature checks. First we introduce a common pm3 generic private / public key pair in order to allow for users to self sign their own modded device. The verification checks now looks at both hard coded public keys. If a vendor wants to add their own public key thus allowing for a simple way for us to identify their devices they can now do so. The downside is that the firmware mismatch detection becomes a bit dodgy. mem info; mem info -v; mem info -s -p <filename.pem>; mem info -s -p <filename.pem> -w contains the changes. OBS! when -w be careful to not overwrite your genuine RDV4 signature. As always, with great power comes great responsibility
2025-09-25 19:44:36 +02:00
944a80d217
make style
2025-09-21 16:41:30 +03:00
c3e29789a9
added a --override MAD crc check parameter to NDEF read commands
2025-08-29 13:55:00 +02:00
5a627381af
hf felica: add FeliCa Lite-S authentication
2025-07-31 07:44:13 +09:00
83c54bb174
initial working for single node
2025-07-25 23:47:00 -04:00
48724e44b4
hf mf sim: add --allowover option, needed for RF08S originality check
2025-07-25 20:54:18 +02:00
a3c2d2b815
style
2025-07-08 21:15:09 +02:00
16cbb4a446
style
2025-06-30 14:28:24 +02:00
5de4dd68e5
text
2025-06-22 20:34:54 +02:00
65607fc727
added Ultralight-C simulation. hf mfu sim -t 13. Use eload first. Also added support to upload UL-C dictionaries and UL-AES to spiffs memory. A lot of textual reworked across client. Unifiy texts and a bit more color ;)
2025-06-19 17:26:20 +02:00
69a2cc1ff0
em4x70 --par deprecation: Step 4: remove client references to client->arm field that used to store this
2025-06-09 14:03:05 -07:00
31b1117a51
em4x70 --par deprecation: Step 2: arm-side always uses false
2025-06-09 12:58:50 -07:00
80e1c7f0d4
Implemented hf iclass sim -t 7
...
Implemented an iclass sim function that prevents simulated card responses after updating block 3.
Block 3 gets updated with the XOR key as if it was in personalization mode.
2025-06-07 23:12:21 +08:00
5558db3019
Update iclass_cmd.h
...
Signed-off-by: Antiklesys <syselkitna@gmail.com >
2025-06-07 02:24:45 +08:00
94794f7519
Implemented a hf iclass sim variation
...
hf iclass sim -t 3 variation that glitches specific block responses during read/write operations based on the value of the last byte of block 31.
2025-06-07 02:15:01 +08:00
e68be39a41
Updated hf iclass legrec to be able to use shorter delays
...
Added an option for hf iclass legrec to further increase speeds by using a shorter delay of 1500 vs the default of 3390.
This seems to be stable on new silicon especially now that we're keeping the field always on.
It may be more risky for the --fast operation.
2025-06-06 16:06:53 +08:00
083a9ce945
Updated hf iclass legrec with a fast option and improved AA2 selection
...
1- Added a --fast option for hf iclass legrec that further increases the speed from 4.6 key updates/second to 7.4 key updates/second. This is achieved by skipping some safety checks and is a very fast but more risky operation.
2- Automated AA2 block selection based on the values in the config block
3- Other minor code cleanups
2025-06-05 20:44:58 +08:00
804acfbefa
the device side of iclass tear off is implemented. The base was done by @antiklesys. This version differs by the concept of trying to stabilize weak bits by performing a write operation in conjuction with the detected tear. Its untested but I can replicate most of the tears we performed client side. You will need to call the proxmark3 client with -f , ./pm3 -f to force flush out text which is needed for the inplace printing. I thought this was done automatically but it wasnt. hf iclass tear --arm + all the normal params to run on device side
2025-05-30 01:37:13 +02:00
9744f8afbb
Add option to override default USART baud rate in platform settings
2025-05-09 15:53:30 +02:00
cb4a0e2333
rename struct to follow code style
2025-04-30 13:27:41 +02:00
3550f11726
Remove mag argument from commands; Add support for magsafe polling via 14a config
2025-04-20 17:55:55 +03:00
56336d9d82
Add support for polling loop annotations
2025-04-09 12:31:21 +03:00
5122039547
Refactor hitag config_page_t for better memory alignment
2025-03-22 20:54:13 +08:00
87c2e82e2f
style
2025-03-19 12:53:24 +01:00
214ded2b97
Replace all μ(greek small letter mu, UTF-8 \xce\xbc) to µ(micro sign, UTF-8 \xc2\xb5)
2025-03-19 19:21:01 +08:00
4bde83b89d
Added lf hitag htu support for Hitag µ/8265
2025-03-19 18:56:23 +08:00
3d0c8cab5c
Refactor Hitag low-level functions into hitag_common
2025-03-19 17:05:39 +08:00
e2de8c6644
Merge pull request #2781 from douniwan5788/refactor_concatbits
...
Refactor the concatbits function to support both MSB and LSB first src
2025-03-18 07:43:36 +01:00
21ad101ff5
Major update to EM4x70 support:
...
1. Rework how communications with tag occur.
a. bitstream to be sent to the tag is now fully pre-generated.
b. bits sent and received are logged with start / end times.
2. Support built-in `hw dbg` for controlling verbosity of debug output
The new bitstream generation and logging has exposed a surprising legacy behavior ... each of the command that sent additional data (beyond the command) were:
* inserting an extra RM zero bit
* force-enabling command parity is used
This was not expected. However, this PR maintains the behavior of the existing code.
TODO: Root-cause why the third RM bit is needed. Fix code to remove that hack.
TODO: change the arm/client interface to ONLY use arrays of bytes, with well-defined content endianness, to avoid this problem.
2025-03-16 01:05:55 -07:00
d13e7b0b64
Refactor the concatbits function to support both MSB and LSB first src
2025-03-15 15:21:58 +08:00
2137284a93
style\n Some improvements to trace list -t seos annotations.
2025-03-12 16:41:06 +01:00
0e2a02bdf0
Implement new command hf 15 slixprotectpage to do ISO15693_PROTECT_PAGE on slix tags
2025-03-09 11:54:51 +01:00
cef07dedf6
code style, code clean up of redundant functions, comments, its many minor fixes across the platform. Sorry for not making 20 commits
2025-02-21 15:38:33 +01:00
4c6e74c3ce
revert
2025-02-18 19:47:51 +01:00
1acc030fd4
rework simaid & rename few vars
2025-02-12 08:44:42 +01:00
8dbe1c7b06
more
2025-01-21 23:52:33 +00:00
acb7de9d8d
more cleanup noticed just now
2025-01-21 23:51:26 +00:00
3eb0238481
appears to work - using normal mifare sim init
...
working demo
works
seems to work so far
more cleanup and works
working copy
working, clean one more pass
cleanup continues
back in buisness babyyy
final cleanup before PR I hope
2025-01-21 23:39:25 +00:00
76ad5a5b51
Merge branch 'master' into cherry_pick_emv
...
Signed-off-by: Iceman <iceman@iuse.se >
2025-01-14 16:26:35 +01:00
29e0c51393
Changed hf mf info - now differentiates between full USCUID and cut down ZUID chips
2025-01-14 22:36:59 +10:00
adadfb7fad
Corrected documentation on SPI FLASH memory usage after SPIFFS area extension.
2024-12-29 22:45:50 +01:00
e3486e57b1
Extend spiffs area to full FLASH array except last two sectors (signature and reserve one for future use)
2024-12-29 22:20:49 +01:00
2ccfa187ab
Remove unused definitions related to fixed-size SPI flash, improve comments for documentation
2024-12-29 22:19:32 +01:00
b1ba5b3ea6
Merge branch 'master' into extend-spiffs-partition-last-page
2024-12-29 22:03:21 +01:00
dd17effaab
Move T55XX config to spiffs file
2024-12-26 19:46:55 +01:00
d1db0aa799
Extending SPIFFS into last page of the SPI FLASH
2024-12-26 15:04:05 +01:00
iceman1001