]>
Commit | Line | Data |
---|---|---|
1 | The iceman fork | |
2 | --------------- | |
3 | ##::THIS FORK IS HIGHLY EXPERIMENTAL:: | |
4 | ||
5 | ##NOTICE: | |
6 | ||
7 | There is so much in this fork, with all fixes and additions its basically the most enhanced fork to this day for the Proxmark3 device. | |
8 | ||
9 | ||
10 | ##OFFICAL | |
11 | The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3 | |
12 | ||
13 | ##NEWS: | |
14 | ||
15 | ## Build Status Travis CI | |
16 | [![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3) | |
17 | ||
18 | ## Build Status Coverity Scan | |
19 | [![Coverity Scan Build Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/projects/proxmark3-iceman-fork) | |
20 | ||
21 | ||
22 | ## Coverity Scan Config && Run | |
23 | ||
24 | Download the Coverity Scan Self-buld and install it. | |
25 | You will need to configure ARM-NON-EABI- Compiler for it to use: | |
26 | ||
27 | :: Configure | |
28 | cov-configure --comptype gcc --compiler /opt/devkitpro/devkitARM/bin/arm-none-eabi-gcc | |
29 | ||
30 | ::run it (I'm running on Ubuntu) | |
31 | cov-build --dir cov-int make all | |
32 | ||
33 | :: make a tarball | |
34 | tar czvf proxmark3.tgz cov-int | |
35 | ||
36 | :: upload it to coverity.com | |
37 | ||
38 | ## Whats changed? | |
39 | ||
40 | Whats so special with this fork? I have scraped the web for different enhancements to the PM3 source code and not all of them ever found their way to the master branch. | |
41 | Among the stuff is | |
42 | ||
43 | * Jonor's hf 14a raw timing patch | |
44 | * Piwi's updates. (usually gets into the master) | |
45 | * Piwi's "topaz" branch | |
46 | * Piwi's "hardnested" branch | |
47 | * Holiman's iclass, (usually gets into the master) | |
48 | * Marshmellow's fixes (usually gets into the master) | |
49 | * Midnitesnake's Ultralight, Ultralight-c enhancements | |
50 | * Izsh's lf peak modification / iir-filtering | |
51 | * Aspers's tips and tricks from inside the PM3-gui-tool, settings.xml and other stuff. | |
52 | * My own desfire, Ultralight extras, LF T55xx enhancements, bugs fixes (filelength, hf mf commands ), TNP3xxx lua scripts, Awid26, skidata scripts (will come) | |
53 | * other obscure patches like for the sammy-mode, (offline you know), tagidentifications, defaultkeys. | |
54 | * Minor textual changes here and there. | |
55 | * Simulation of Ultralight/Ntag. | |
56 | * Marshmellow's and my "RevEng" addon for the client. Ref: http://reveng.sourceforge.net/ Now using reveng1.31 | |
57 | * Someone's alternative bruteforce Mifare changes.. (you need the two other exe to make it work) | |
58 | ||
59 | * A Bruteforce for T55XX passwords against tag. | |
60 | * A Bruteforce for AWID 26, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a AWID Reader. | |
61 | * A Bruteforce for HID, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a HID Reader. | |
62 | * Blaposts Crapto1 v3.3 | |
63 | * Icsom's legic script and legic enhancements | |
64 | * Azcid's bitsliced bruteforce solver in 'hf mf hardnested' | |
65 | ||
66 | ||
67 | --- | |
68 | Straight from the CHANGELOG | |
69 | --- | |
70 | - 'hf mf chk' speedup (iceman) | |
71 | - 'hf 14a/mf sim x" attack mode, now uses also moebius version of mfkey32 to try finding the key. (iceman) | |
72 | - 'hf 14a sim' Added emulation of Mifare cards with 10byte UID length. (iceman) | |
73 | - 'hf mf sim' Added emulation of Mifare cards with 10byte UID length. (iceman) | |
74 | - Added bitsliced bruteforce solver in 'hf mf hardnested' (azcid) | |
75 | - Added `lf guard clone/sim` (iceman) | |
76 | - Added `lf pyramd clone/sim` (iceman) | |
77 | - trying to fix "hf 14b" command to be able to read CALYPSO card. (iceman) | |
78 | - `hf legic load`, it now loads faster and a casting bug is gone. (iceman) | |
79 | - Added `hf legic calccrc8` added a method to calculate the legic crc-8 value (iceman) | |
80 | - `hf legic decode` fixed the output overflow bugs, better printing (iceman) | |
81 | - Coverity Scan fixes a lot of resource leaks, etc (iceman) | |
82 | - Added `lf presco *` commands started (iceman) | |
83 | - Added `lf hid wiegand` added a method to calculate WIEGAND in different formats, (iceman) | |
84 | - `hf mf chkkeys` better printing, same table output as nested, faster execution and added Adam Lauries "try to read Key B if Key A is found" (iceman) | |
85 | - `hf mf nested` better printing and added Adam Lauries "try to read Key B if Key A is found" (iceman) | |
86 | - `hf mf mifare` fixing the zero parity path, which doesn't got called. (iceman) | |
87 | - Updated the @blapost's Crapto1 implementation to v3.3 (blapost) | |
88 | - `hf mf c*` updated the calling structure and refactored of the chinese magic commands (iceman, marshmellow) | |
89 | - Started to add Peter Fillmore's EMV fork into Iceman fork. ref: https://github.com/peterfillmore/proxmark3 (peter fillmore, iceman) | |
90 | - Added Travis-CI automatic build integration with GitHub fork. (iceman) | |
91 | - Updated the Reveng 1.30 sourcecode to 1.31 from Reveng projecthomepage (iceman) | |
92 | ||
93 | - Added possibility to write direct to a Legic Prime Tag (MIM256/1024) without using values from the 'BigBuffer' -> 'hf legic writeRaw <addr> <value>' (icsom) | |
94 | - Added possibility to decrease DCF values at address 0x05 & 0x06 on a Legic Prime Tag | |
95 | DCF-value will be pulled from the BigBuffer (address 0x05 & 0x06) so you have to | |
96 | load the data into the BigBuffer before with 'hf legic load <path/to/legic.dump>' & then | |
97 | write the DCF-Values (both at once) with 'hf legic write 0x05 0x02' (icsom) | |
98 | - Added script `legic.lua` for display and edit Data of Legic-Prime Tags (icsom) | |
99 | - Added the experimental HITAG_S support (spenneb) | |
100 | - Added topaz detection to `hf search` (iceman) | |
101 | - Fixed the silent mode for 14b to be used inside 'hf search' (iceman) | |
102 | ||
103 | --- | |
104 | ||
105 | Give me a hint, and I'll see if I can't merge in the stuff you have. | |
106 | ||
107 | I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master. | |
108 | ||
109 | PM3 GUI: | |
110 | -------- | |
111 | I do tend to rename and move stuff around, the official PM3-GUI from Gaucho will not work so well. *sorry* | |
112 | ||
113 | ||
114 | ||
115 | DEVELOPMENT: | |
116 | ------------ | |
117 | This fork now compiles just fine on | |
118 | windows/mingw environment with Qt5.3.1 & GCC 4.8 | |
119 | Ubuntuu 1404, 1510 | |
120 | Mac OS X | |
121 | ||
122 | SETUP AND BUILD FOR UBUNTU | |
123 | -------------------------- | |
124 | ||
125 | GC made updates to allow this to build easily on Ubuntu 14.04.2 LTS or 15.10 | |
126 | See https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux | |
127 | ||
128 | Run | |
129 | -> sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget | |
130 | ||
131 | Follow these instructions | |
132 | Get devkitARM release 41 from SourceForge (choose either the 64/32 bit depending on your architecture, it is assumed you know how to check and recognize your architecture): | |
133 | ||
134 | (64-bit) http://sourceforge.net/projects/devkitpro/files/devkitARM/previous/devkitARM_r41-x86_64-linux.tar.bz2/download | |
135 | (32-bit) http://sourceforge.net/projects/devkitpro/files/devkitARM/previous/devkitARM_r41-i686-linux.tar.bz2/download | |
136 | ||
137 | Extract the contents of the .tar.bz2: | |
138 | -> tar jxvf devkitARM_r41-<arch>-linux.tar.bz2 | |
139 | ||
140 | Create a directory for the arm dev kit: | |
141 | -> sudo mkdir -p /opt/devkitpro/ | |
142 | ||
143 | Move the ARM developer kit to the newly created directory: | |
144 | -> sudo mv devkitARM /opt/devkitpro/ | |
145 | ||
146 | Add the appropriate environment variable: | |
147 | -> export PATH=${PATH}:/opt/devkitpro/devkitARM/bin/ | |
148 | ||
149 | Add the environment variable to your profile: | |
150 | -> echo 'PATH=${PATH}:/opt/devkitpro/devkitARM/bin/ ' >> ~/.bashrc | |
151 | ||
152 | Clone iceman fork | |
153 | -> git clone https://github.com/iceman1001/proxmark3.git | |
154 | ||
155 | Get the latest commits | |
156 | -> git pull | |
157 | ||
158 | CLEAN COMPILE | |
159 | -> make clean && make all | |
160 | ||
161 | Flash the BOOTROM | |
162 | -> client/flasher -b /dev/ttyACM0 bootrom/obj/bootrom.elf | |
163 | ||
164 | Flash the FULLIMAGE | |
165 | -> client/flasher /dev/ttyACM0 armsrc/obj/fullimage.elf | |
166 | ||
167 | Change into the client folder. | |
168 | -> cd client | |
169 | ||
170 | Run the client | |
171 | -> ./proxmark3 /dev/ttyACM0 | |
172 | ||
173 | ||
174 | January 2015, Sweden | |
175 | iceman at host iuse.se | |
176 | ||
177 | BUYING A PROXMARK 3 | |
178 | ------------------- | |
179 | ||
180 | The Proxmark 3 device is available for purchase (assembled and tested) from the following locations: | |
181 | ||
182 | * http://www.elechouse.com (new and revised hardware package 2015) | |
183 | ||
184 | I recommend you to buy this version. | |
185 | ||
186 | -------------------------------------------------------------------------- | |
187 | ||
188 | Most of the ultra-low-volume contract assemblers could put | |
189 | something like this together with a reasonable yield. A run of around | |
190 | a dozen units is probably cost-effective. The BOM includes (possibly- | |
191 | outdated) component pricing, and everything is available from Digikey | |
192 | and the usual distributors. | |
193 | ||
194 | If you've never assembled a modern circuit board by hand, then this is | |
195 | not a good place to start. Some of the components (e.g. the crystals) | |
196 | must not be assembled with a soldering iron, and require hot air. | |
197 | ||
198 | The schematics are included; the component values given are not | |
199 | necessarily correct for all situations, but it should be possible to do | |
200 | nearly anything you would want with appropriate population options. | |
201 | ||
202 | The printed circuit board artwork is also available, as Gerbers and an | |
203 | Excellon drill file. | |
204 | ||
205 | ||
206 | LICENSING: | |
207 | ||
208 | This program is free software; you can redistribute it and/or modify | |
209 | it under the terms of the GNU General Public License as published by | |
210 | the Free Software Foundation; either version 2 of the License, or | |
211 | (at your option) any later version. | |
212 | ||
213 | This program is distributed in the hope that it will be useful, | |
214 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
215 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
216 | GNU General Public License for more details. | |
217 | ||
218 | You should have received a copy of the GNU General Public License | |
219 | along with this program; if not, write to the Free Software | |
220 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
221 | ||
222 | ||
223 | Jonathan Westhues | |
224 | user jwesthues, at host cq.cx | |
225 | ||
226 | May 2007, Cambridge MA |