dandri/proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2026-04-03 22:45:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,993 Commits 3 Branches 19 Tags
ba8a68f37c3dcf7ea8171e11b1ccc1ea4e155396
Commit Graph

775 Commits

Author SHA1 Message Date
Iceman
b77099e195 Merge pull request #2490 from douniwan5788/fix_exit 
fix: exit status
 2024-09-06 08:53:46 +02:00
Philippe Teuwen
46a8bea230 hf mf info: FM11RF32 detection 2024-09-05 15:32:52 +02:00
douniwan5788
9b879b0dc0 fix: exit status 2024-09-05 19:31:37 +08:00
douniwan5788
970c2d0999 refactor: remove positive error codes 2024-09-04 22:50:26 +08:00
Philippe Teuwen
c73e2ea623 Added support for collecting all fm11rf08s nT/{nT}/par_err at once 2024-09-02 23:11:36 +02:00
douniwan5788
8928883f2d refactor: move FPGA_BITSTREAM_* to fpga.h 2024-08-26 20:55:58 +08:00
Ciprian Ionescu
8d77ee5438 refactor Hitag S r/w into separate submenu; implement pretty config parsing 2024-08-25 02:30:40 +02:00
douniwan5788
ae2f41eaef refactor: move Hitag size defines to hitag.h 2024-08-24 22:32:23 +08:00
douniwan5788
75420482e4 refactor: Move Hitag 1 cmds to protocols.h 2024-08-24 02:15:28 +08:00
douniwan5788
c279f88f13 refactor: Move Hitag 2 cmds to protocols.h 2024-08-23 23:49:47 +08:00
douniwan5788
ad5a4134ec refactor: Move Hitag S cmds to protocols.h 2024-08-23 19:54:34 +08:00
Iceman
3a3deaf3cb Merge pull request #2463 from douniwan5788/hitagS_plain 
fix: Hitag S read/write in plain mode
 2024-08-22 11:37:47 +02:00
douniwan5788
fb6626d89f refactor: remove hitag_function enum value 2024-08-22 17:00:14 +08:00
douniwan5788
1efa52d704 add: Hitag S plain write 2024-08-22 02:16:10 +08:00
douniwan5788
d15537bbf1 Unified hitag naming style 2024-08-22 02:01:43 +08:00
Philippe Teuwen
116ac0c66b Added more fingerprinting to hf mf info 2024-08-16 12:09:20 +02:00
Antiklesys
c7541790f8 Update iclass_cmd.h 2024-07-19 14:54:52 +08:00
Antiklesys
1832997ccb Iclass Legacy Raw Key Recovery Function 
Based on the work described in Dismantling iClass whitepaper.
hf iclass legbrute is tested working
hf iclass legrec is partially working: logic of operations and sequence seems to be in order and was tested on simulated data to be effective. The privilege escalation part is still not successful, but the logic should be correct.
 2024-07-19 14:47:13 +08:00
iceman1001
8d1e9c1f5d adapt response struct for hitag2 so be large enough to handle 256bytes for cryptostream 2024-05-27 15:19:22 +02:00
iceman1001
05df50678c missing header 2024-04-26 16:18:10 +02:00
iceman1001
c8849af5e0 This is the major changes made to the HITAG2 commands. Its heavly based on RFIDLers implementation and its been converted to work with Proxmark3. Special thanks to @kevsecurity for his amazing implementations of the Gone in 360 Seconds paper by Roel, Flavio & Balasch. Thanks to @adamlaurie for his RFIDler project. It wouldnt been doable without it. 2024-04-22 16:20:24 +02:00
iceman1001
d340de388d textual 2024-04-22 09:23:22 +02:00
iceman1001
87c6633de1 add support for generation 2 magic command when setting UID on ISO15693 cards. ref:: https://github.com/RfidResearchGroup/proxmark3/issues/1604#issuecomment-2068444071 2024-04-22 09:04:01 +02:00
iceman1001
700d558432 move hitag2 crypto parts to the common folder in order to be able to use it on the client side. Some textual and minor adaptations across the bord 2024-03-27 09:32:00 +01:00
iceman1001
c66e781a9c annotation of the hitag2 protocol now properly identifies different parts without shifting of whole hex arrays. Took the idea from RFIdler (@adamLLaurie) where he treats it like a binary string instead. It works. Problem: We use whole bytes in our logging protocol and Hitag2 uses 5, 10, 32, 64 bits commands. START_AUTH is 11000, which as a MSB aligned byte is 0xC0. Now we shift it down to LSB centered and 11000 becomes 0x18. This reduces all issues with handing the rest of the array. \n\nTake note that our protocol uses whole bytes. I had to print out number of actually captured bits in the trace log now. Otherwise 65 or 71 bits would not look any different but will not work when used with other tools. This also means we abuse the logging protocol by using the parity byte arry to store number of "left over bits" in the par[0] position. 2024-03-26 15:04:39 +01:00
Henry Gabryjelski
cc2bae2f4d lf em 4x70 writekey --> lf em 4x70 setkey 2024-03-13 09:38:35 -07:00
Henry Gabryjelski
ba83ac065e lf em 4x70 writepin --> lf em 4x70 setpin 2024-03-13 09:25:43 -07:00
Henry Gabryjelski
0a598b254c make style changes 2024-03-11 17:28:05 -07:00
Henry Gabryjelski
160d61682b Add lf em 4x70 autorecover 
Also:
* common.h: Increase safety of some of the macros.
  Parenthesizing the macro parameters ... a best practice.
* firmware: partially-tracked source of "extra bits" messages.
  Add a TODO comment for further study.
* Improve reliability of `lf em 4x70 writekey`
  Authenticate w/new key after it is written.
  Particularly important for glass modules,
  or other tags with weaker coupling.
 2024-03-11 17:14:03 -07:00
Henry Gabryjelski
4ebd6d4bff Add id48lib and second half of key recovery. 2024-03-03 12:16:16 -08:00
francesco-scar
2ba0fbdcde Added led order parameter (for Proxmark3 Easy board) 2024-02-18 12:57:26 +01:00
iceman1001
c4c1601446 added rudimentary functions for doing AES authentication against MIFARE UL AES tags. (wip) 2024-02-15 16:20:47 +01:00
Iceman
6c726b9e21 Merge pull request #2284 from czietz/configurable_noise_level 
Configurable detection levels in ISO14443A and Legic modes
 2024-02-03 13:52:26 +01:00
iceman1001
c49a7c040b added a lf em 4x50 view command and lf em 4x50 dump now supports the nosave flag 2024-02-03 11:09:28 +01:00
Christian Zietz
dbfd8b7a6d Make detection threshold for ISO14443A configurable 
This adds a new command "hw sethfthresh" to configure the thresholds
used inside the FPGA while demodulating ISO14443A. The thresholds
need to be increased on particularly noisy hardware, such as certain
Chinese PM3 Easy clones.
 2024-02-02 20:51:05 +01:00
iceman1001
81ce1fd4ab changed magic detection to use flags. Fixes previous problems with magic ntag, also renamed defines to seperate them better. 2024-02-02 15:53:57 +01:00
iceman1001
5de626992f extended read block and read block annotation. Adapt select_card to keep antenna on when dump/info 2024-01-26 22:09:37 +01:00
iceman1001
68d9fe3232 annotate xerox reads 2024-01-26 21:10:11 +01:00
iceman1001
d5b1ff013f annotate XEROX wup 2024-01-26 20:33:08 +01:00
iceman1001
98f64a4ca5 annotate XEROX a bit better 2024-01-26 20:26:43 +01:00
iceman1001
8e2fb4a6a7 increased the number of pages in the dumps to 160. 0xA0. Its should cover 128 / 0x80 and potential larger ones 2024-01-26 14:25:39 +01:00
iceman1001
303c6b6067 style 2024-01-26 12:45:23 +01:00
nvx
e22776a7e0 style 2024-01-26 20:20:25 +10:00
nvx
49f7ae57dc Changed hf mf gdmcfg/gdmsetcfg commands to support Gen1a and GDM Alt magic wakeups 
This was implemented with a new pair of RPCs CMD_HF_MIFARE_READBL_EX and CMD_HF_MIFARE_WRITEBL_EX
these RPCs support all combinations of read/write commands, wakeup, and auth options so
in time can replace the other MFC read/write commands too reduce armsrc code size
and complexity.

Also added config parsing for the gdm cfg block when reading with hf mf gdmcfg and
explicitly with hf mf gdmparsecfg.
 2024-01-26 20:09:08 +10:00
iceman1001
ba578ee139 hf 15 sim, reverse uid and a shorter read from emul to get uid if none is user given 2024-01-25 00:34:05 +01:00
Iceman
769a0aa26b Merge pull request #2270 from martian/rename-cmdreadmem-flag 
Rename CMD_READ_MEM_DOWNLOAD flag.
 2024-01-24 17:11:15 +01:00
Martijn Plak
1d14bc38c5 Rename CMD_READ_MEM_DOWNLOAD flag. 
It got included in pm3_cmd.lua but shouldn't be because it's not a command.
Also, the bitshift in the value upsets some versions of lua.
 2024-01-24 16:36:52 +01:00
Yann GASCUEL
05912ff130 iso15sim: rename, move and PACK iso15_tag struct to be usable in client 2024-01-24 13:59:13 +01:00
Martijn Plak
e35385fde1 Adding processor flash memory reading, viewing and writing to file. 
Works when the device is running either osimage or bootloader.

- New memory reading command in osimage and bootloader.
- Extended 'hw readmem' command with length parameter, file writing and hex viewer.
- Introduced '--dumpmem' option to proxmark3 executable to support dumping from bootloader.

Simple interactive examples:
  hw readmem -f flashdump
  hw readmem -l 1024
CLI example:
  ./pm3 --dumpmem flashdump.bin

Reading from arbitrary memory ranges can be unlocked using the 'raw' option.
 2024-01-22 16:40:05 +01:00
iceman1001
14ad94e4a0 missed is 2024-01-16 15:44:42 +01:00