dandri/proxmark3
1
0
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2026-04-25 23:02:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
21,605 Commits 3 Branches 20 Tags
ea10002efceff66f43418f810ecf8cb533bdcf02
Commit Graph

901 Commits

Author SHA1 Message Date
Iceman
fc3dbe56bd Merge pull request #3208 from R4H33M/iclass-page-support 
Add --page flag to hf iclass dump
 2026-04-13 08:18:07 +07:00
kormax
b8c2e2531f Annotate more FeliCa commands with 'hf felica list' 2026-04-12 12:40:20 +03:00
kormax
3eecb97a88 Add system code annotation for 'hf felica info' and 'hf felica rqsyscode' 2026-04-10 20:36:50 +03:00
Raheem Idowu
22dae554c7 hf iclass dump --page support 2026-04-04 17:15:13 -04:00
Antiklesys
51c44843c9 Removed --credit from hf iclass legrec 
Option wasn't working and caused unnecessary complexity in the workflow.
 2026-04-04 01:07:47 +08:00
kormax
b443fc7723 Add 'hf.field.timeout' to prefs 2026-03-31 12:02:23 +03:00
Antiklesys
128e4006bf SE Conf Card Sim Base 
Added `hf secc` to build a base for simulating basic function of iclass SE config cards
 2026-03-30 22:58:52 +08:00
kormax
396032c2db Remove unused ISO14A_COMMAND flags 2026-03-26 17:16:44 +02:00
kormax
fa08075ded Add ISO14A_CLEARTRACE param to explicitly clear 14a trace 2026-03-24 23:24:22 +02:00
iceman1001
d0d7a047eb use a define for iclass key size, even if it is same a block size. 2026-03-23 11:43:18 +07:00
Christian Zanon
b9ddb038b7 Merge branch 'master' into hf-14b-tearoff 
Signed-off-by: Christian Zanon <105173223+xNovyz@users.noreply.github.com>
 2026-03-13 11:39:06 +01:00
xNovyz
286df8f4eb feat(14b): add interactive hf 14b tearoff command 
Add an interactive command for performing tear-off attacks on ST25TB/SRx
monotonic counter blocks. This exploits EEPROM tearing to increment
counters that normally can only be decremented, based on the
near-field-chaos project by SecLabz.

The command sweeps tear-off timing from --start downward in --adj
microsecond steps, automatically consolidates partial writes, verifies
stability across multiple reads, and reports progress in real-time with
color-coded output.

Performance optimizations:
- One-time full iso14443b_setup() at start; subsequent field cycles use
  lightweight tearoff_field_on()/tearoff_field_off() that skip FPGA
  bitstream reload and buffer reallocation
- Periodic CMD_WTX keepalives to prevent USB timeouts during long attacks
- Calls FpgaResetBitstream() on exit to ensure clean FPGA state

Usage: hf 14b tearoff -b <block> -d <target> [--start <us>] [--adj <us>]
 2026-03-11 21:43:37 +01:00
kormax
6629db3659 Add universal node discovery for FeliCa 2026-03-09 18:58:08 +02:00
Iceman
a54e88ee94 Merge pull request #3111 from Antiklesys/master 
Added --credit option for hf iclass legrec
 2026-03-06 08:56:21 +01:00
kormax
10a3fa7e6d Add request specification version to 'hf felica info' 2026-03-05 20:30:30 +02:00
kormax
ec25ea77a4 Extract more information with 'hf felica info' 2026-03-05 17:11:30 +02:00
Antiklesys
0d2741d757 Unused variables code cleanup 
Code cleanup of unused payload variables for iclass legrec
 2026-03-05 21:38:16 +08:00
Antiklesys
5041fbffa7 Added --creidit option for hf iclass legrec 
Added --creidit option for hf iclass legrec
 2026-03-05 19:32:52 +08:00
kormax
2e4290c5fe Refactor helpers for 'hf felica' commands; add retries 2026-03-04 18:50:21 +02:00
Philippe Teuwen
e2b11e937f 2026-03-02 12:50:34 +01:00
Philippe Teuwen
b8a5e7b656 hf mf cauth/aesauth/cchk/aeschk: make fast READ0 optional 2026-02-24 16:46:00 +01:00
Philippe Teuwen
118652bd90 CMD_HF_DECAY: factor with structs, remove cast align warning 2026-02-21 23:54:51 +01:00
Philippe Teuwen
b62658f5ac make style 2026-02-21 12:43:25 +01:00
michael
3eb594ce29 Cleaned up verbiage in user feedback 2026-02-18 20:44:08 -08:00
michael
fe878be492 Added a new command (hw decay [which monitors the decay rate of the hf antenna cap]) and updated hw tune to detect booster boards and if the pm3 easy is on a metal surface 2026-02-18 15:51:08 -08:00
kormax
c6675018b3 felica: use NG frames for commands 2026-02-15 19:04:22 +02:00
Philippe Teuwen
d6f74b342e Make sure RAMFUNC is not inlined, else it won't be in RAM.
Some checks failed
Ubuntu Build and Test / ubuntu-make (push) Successful in 5m35s
Ubuntu Build and Test / ubuntu-make-btaddon (push) Successful in 5m11s
Ubuntu Build and Test / ubuntu-cmake (push) Failing after 4m33s
Windows Build and Test / proxspace (push) Has been cancelled
Windows Build and Test / wsl (push) Has been cancelled
MacOS Build and Test / macos-make (push) Has been cancelled
MacOS Build and Test / macos-make-btaddon (push) Has been cancelled
MacOS Build and Test / macos-cmake (push) Has been cancelled
CodeQL / Analyze (python) (push) Failing after 2m7s
CodeQL / Analyze (cpp) (push) Failing after 9m27s
Some static RAMFUNC got inlined which means they weren't relocated in RAM.
By forcing noinline on RAMFUNC, the following functions move to RAM:

F .data 00000034 optimizedSniff
F .data 00000148 skipSniff
F .data 000002c8 ManchesterDecoding_Thinfilm

But ManchesterDecoding_Thinfilm worked fine without being in RAM,
so we remove its RAMFUNC attribute and it works as previously,
and avoid eating some RAM bytes.

In summary, impacted command is only:

hf sniff
 2026-02-11 14:19:05 +01:00
Philippe Teuwen
9f70011fee hf mfu setkey: supports ulc/ulaes auth and ulaes schann 2026-02-09 01:08:23 +01:00
Aaron Tulino
d62e3cff15 Promote MFUL readblock bytelen 
Resolves #3087
 2026-02-07 00:51:18 +01:00
Philippe Teuwen
c00e4801b7 make style 2026-02-06 13:43:41 +01:00
Philippe Teuwen
a26892a891 Add hf mfu cchk/aeschk and options to hf mf cauth/aesauth 2026-01-19 21:47:49 +01:00
Aaron Tulino (Aaronjamt)
c0e82539f2 [hf seos] Simulate support 2025-12-21 04:26:44 -07:00
Aaron Tulino (Aaronjamt)
2197d9fc9f Fix ROTR conflict 2025-12-21 03:49:45 -07:00
kormax
34f18a0002 Add polling loop annotation support for iso14443b 2025-12-19 09:29:31 +02:00
kormax
53ee5d68e8 Improve output format of hf felica rdbl; fix wrong response struct format 2025-11-29 18:26:03 +02:00
iceman1001
a0efcb2686 fix data crypt - output error. We have 8 bytes. 2025-10-17 08:53:54 +02:00
Philippe Teuwen
f0d8690e73 hf 14a raw -s: add --wait for delay between select and command 2025-10-09 22:43:39 +02:00
Philippe Teuwen
11fe8f783a Add --skip to hw tearoff, to cope with more complex commands. Example provided for hf mfu wrbl 2025-10-09 22:26:52 +02:00
Philippe Teuwen
4aac77aaa2 support for Ultralight AES auth in hf mfu info/rdbl/wrbl/dump/ndefread/wipe/setkey 2025-10-04 02:00:23 +02:00
iceman1001
b097e10aa3 this commit refactors the signature checks. First we introduce a common pm3 generic private / public key pair in order to allow for users to self sign their own modded device. The verification checks now looks at both hard coded public keys. If a vendor wants to add their own public key thus allowing for a simple way for us to identify their devices they can now do so. The downside is that the firmware mismatch detection becomes a bit dodgy. mem info; mem info -v; mem info -s -p <filename.pem>; mem info -s -p <filename.pem> -w contains the changes. OBS! when -w be careful to not overwrite your genuine RDV4 signature. As always, with great power comes great responsibility 2025-09-25 19:44:36 +02:00
Oleg Moiseenko
944a80d217 make style 2025-09-21 16:41:30 +03:00
iceman1001
c3e29789a9 added a --override MAD crc check parameter to NDEF read commands 2025-08-29 13:55:00 +02:00
q0jt
5a627381af hf felica: add FeliCa Lite-S authentication 2025-07-31 07:44:13 +09:00
zinongli
83c54bb174 initial working for single node 2025-07-25 23:47:00 -04:00
Philippe Teuwen
48724e44b4 hf mf sim: add --allowover option, needed for RF08S originality check 2025-07-25 20:54:18 +02:00
iceman1001
a3c2d2b815 style 2025-07-08 21:15:09 +02:00
iceman1001
16cbb4a446 style 2025-06-30 14:28:24 +02:00
iceman1001
5de4dd68e5 text 2025-06-22 20:34:54 +02:00
iceman1001
65607fc727 added Ultralight-C simulation. hf mfu sim -t 13. Use eload first. Also added support to upload UL-C dictionaries and UL-AES to spiffs memory. A lot of textual reworked across client. Unifiy texts and a bit more color ;) 2025-06-19 17:26:20 +02:00
Henry Gabryjelski
69a2cc1ff0 em4x70 --par deprecation: Step 4: remove client references to client->arm field that used to store this 2025-06-09 14:03:05 -07:00