Michael Farrell [Wed, 5 Jul 2017 18:22:02 +0000 (04:22 +1000)]
Refactoring uart interface (#341)
* uart: Major cleanups
- Adds documentation to the uart API.
- Fixes a buffer overflow issue in `uart_receive`, where the maximum parameter was ignored.
- Splits the maximum length and bytes recieved variables in `uart_receive`.
- Downsizes the receive buffer to the minimum required, saving 16MiB of RAM at runtime.
- Refactors the POSIX and Win32 implementations of uart into separate files.
- Removes the unused `uart_{get,set}_parity` functions, which were not implemented on Win32.
endless loop in reader if no tag was found
button press on pm3 did not cancel.
led_b was left on in some cases
also moved 14b detection to last in hf search to help speed up the
command for the other tags. 14b is slow (does multiple tests)
Thanks to @Fl0-0 and @pwpiwi for their idenfication of some of the
issues.
EM410x bruteforcing changes: Load the whole file at once, pause delay as parameter, stop the execution on key press and EM410x conversion to signal function.
pwpiwi [Tue, 27 Jun 2017 05:56:43 +0000 (07:56 +0200)]
hardnested: reduce disk space for tables (by > 700MBytes) and other minor changes
- compress tables
- minor changes to progress reporting
- free memory on aborts (@iceman1001)
marshmellow42 [Wed, 21 Jun 2017 20:51:22 +0000 (16:51 -0400)]
iclass - updates
clean up output
allow readblock without authenticating (can read blocks 0, 1, 2, 5
without authenticating.)
add Application Issuer Area to reader output and use it to attempt to
identify legacy vs NOT legacy.
marshmellow42 [Tue, 20 Jun 2017 22:25:08 +0000 (18:25 -0400)]
some coverity fixes plus fix fdx help (#328)
* coverity fixes
cmdhflegic- indications are the i in calls to data_buf[i] could = 1052
and overflow the array.
cmdhfmfhard - +1 to add space for string null terminator - should we add
the 0 terminator value too?
reveng.c - memory leak
util.c - fix potential overflow of array buf[]
util_posix.c - possible integer overflow
* fix help errors
* fix sprint_hex_ascii
again
and this function is not even used anywhere... yet...
marshmellow42 [Thu, 8 Jun 2017 21:07:14 +0000 (17:07 -0400)]
fix compile issues on OS X 10.11
OSX 10.11 does not have clock_gettime()
clang <= 8.0.0 has a bug in __builtin_cpu_supports() and it doesn't
function.
see https://llvm.org/bugs/show_bug.cgi?id=25510
pwpiwi [Tue, 6 Jun 2017 16:38:07 +0000 (18:38 +0200)]
fix compile errors on non-Intel CPUs:
- client/Makefile: don't compile for different SIMD instruction sets if non-Intel
- hardnested cores: provide non-SIMD versions of core functions
pwpiwi [Mon, 29 May 2017 08:56:37 +0000 (10:56 +0200)]
New: implementing hf mf hardnested
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
fix USB descriptors
- indicate compliance with USB release 2.0
- set correct vendor and product IDs
- indicate power consumption (500mA)
- add String Descriptor 0 indicating supported languages
- add String Descriptors for Manufacturer and Product
to ui_overlays.h
add ui_overlays.h to .gitignore
should now compile to whatever qt version you have. (as long as it is
compatible with the overlays.ui file...)
Submitting a well documented Lua script whose purpose is to do
bulk, repeated, sequential programming of RFID tags. Could be useful
for users of the ACCX Open Access 4.0 or other simple RFID systems.
Tags programmed with this would potentially be vulnerabile to bisection
attacks, etc... But honestly, they likely would have been anyway.
To use run from within the proxmark3 client:
```
proxmark3> script run lf_bulk_program.lua -b 1000 -c 5 -f 23
--- Executing: lf_bulk_program.lua, args '-b 1000 -c 5 -f 23'
Press enter to program card 1000:23 (hex: 0020042e07d1)
also fixed a save_restore issue with grid alignments
now save_restoreGB() saves/restores offset values
added macro enumeration of SAVE vs RESTORE for save_restore commands.