The iceman fork
----------------
+===============
+[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3) [![Coverity Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/projects/proxmark3_iceman_fork) [![Latest release] (https://img.shields.io/github/release/iceman1001/proxmark3.svg)] (https://github.com/iceman1001/proxmark3/releases/latest)
-NOTICE:
+##This fork is HIGHLY experimental
-::THIS FORK IS HIGHLY EXPERIMENTAL::
+##Notice
+There is so much in this fork, with all fixes and additions its basically the most enhanced fork to this day for the Proxmark3 device.
+##Offical
The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3
-NEWS:
-
-## Build Status Travis CI
-[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)
-
-## Build Status Coverity Scan
-[![Coverity Scan Build Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/projects/proxmark3-iceman-fork)
-
-
-## Coverity Scan Config && Run
-
+##Coverity Scan Config & Run
Download the Coverity Scan Self-buld and install it.
You will need to configure ARM-NON-EABI- Compiler for it to use:
:: Configure
-cov-configure --comptype gcc --compiler /opt/devkitpro/devkitARM/bin/arm-none-eabi-gcc
+`cov-configure --comptype gcc --compiler /opt/devkitpro/devkitARM/bin/arm-none-eabi-gcc`
::run it (I'm running on Ubuntu)
-cov-build --dir cov-int make all
+`cov-build --dir cov-int make all`
:: make a tarball
-tar czvf proxmark3.tgz cov-int
+`tar czvf proxmark3.tgz cov-int`
:: upload it to coverity.com
-## Whats changed?
-
-Whats in this fork? I have scraped the web for different enhancements to the PM3 source code and not all of them ever found their way to the master branch.
+##Whats changed?
+Whats so special with this fork? I have scraped the web for different enhancements to the PM3 source code and not all of them ever found their way to the master branch.
Among the stuff is
* Jonor's hf 14a raw timing patch
* other obscure patches like for the sammy-mode, (offline you know), tagidentifications, defaultkeys.
* Minor textual changes here and there.
* Simulation of Ultralight/Ntag.
- * Marshmellow's and my "RevEng" addon for the client. Ref: http://reveng.sourceforge.net/
- * Someone's alternative bruteforce Mifare changes.. (you need the two other exe to make it work)
-
+ * Marshmellow's and my "RevEng" addon for the client. Ref: http://reveng.sourceforge.net/ Now using reveng1.31
+ * J-Run alternative bruteforce Mifare nested auths.. (you need one other exe to make it work)
* A Bruteforce for T55XX passwords against tag.
* A Bruteforce for AWID 26, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a AWID Reader.
* A Bruteforce for HID, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a HID Reader.
* Blaposts Crapto1 v3.3
+ * Icsom's legic script and legic enhancements
+ * Aczid's bitsliced bruteforce solver in 'hf mf hardnested'
+
+##Straight from the CHANGELOG
+=============================
+ - Added `hf mf key_brute` - adds J-Runs 2nd phase bruteforce ref: https://github.com/J-Run/mf_key_brute (iceman)
+ - Added `lf jablotron` - adds demod/clone/sim of Jablotron LF tags. (iceman)
+ - Added `lf t55xx recoverpw` - adds a new password recovery using bitflips and partial flips if password write went bad. (alexgrin)
+ - `hf legic` - added improved legic data mapping. (jason)
+ - `hf mf mifare` - added possibility to target key A|B (douniwan5788)
+ - Added `analyse lcr` - added a new main command group, to help analysing bytes & bits & nibbles. (iceman)
+ - Added `lf nedap` - added identification of a NEDAP tag. (iceman)
+ - `lf viking clone` - fixed a bug. (iceman)
+ - Added bitsliced bruteforce solver in `hf mf hardnested` (Aczid)
+ - `hf mf chk` speedup (iceman)
+ - `hf 14a/mf sim x` attack mode, now uses also moebius version of mfkey32 to try finding the key. (iceman)
+ - `hf 14a sim` Added emulation of Mifare cards with 10byte UID length. (iceman)
+ - `hf mf sim` Added emulation of Mifare cards with 10byte UID length. (iceman)
+ - Added `lf guard clone/sim` (iceman)
+ - Added `lf pyramd clone/sim` (iceman)
+ - trying to fix `hf 14b` command to be able to read CALYPSO card. (iceman)
+ - `hf legic load`, it now loads faster and a casting bug is gone. (iceman)
+ - Added `hf legic calccrc8` added a method to calculate the legic crc-8 value (iceman)
+ - `hf legic decode` fixed the output overflow bugs, better printing (iceman)
+ - Coverity Scan fixes a lot of resource leaks, etc (iceman)
+ - Added `lf presco *` commands started (iceman)
+ - Added `lf hid wiegand` added a method to calculate WIEGAND in different formats, (iceman)
+ - `hf mf chkkeys` better printing, same table output as nested, faster execution and added Adam Lauries "try to read Key B if Key A is found" (iceman)
+ - `hf mf nested` better printing and added Adam Lauries "try to read Key B if Key A is found" (iceman)
+ - `hf mf mifare` fixing the zero parity path, which doesn't got called. (iceman)
+ - Updated the @blapost's Crapto1 implementation to v3.3 (blapost)
+ - `hf mf c*` updated the calling structure and refactored of the chinese magic commands (iceman, marshmellow)
+ - Started to add Peter Fillmore's EMV fork into Iceman fork. ref: https://github.com/peterfillmore/proxmark3 (peter fillmore, iceman)
+ - Added Travis-CI automatic build integration with GitHub fork. (iceman)
+ - Updated the Reveng 1.30 sourcecode to 1.31 from Reveng project homepage (iceman)
+ - Updated the Reveng 1.31 sourcecode to 1.40 from Reveng project homepage (iceman)
+
+ - Added possibility to write direct to a Legic Prime Tag (MIM256/1024) without using values from the 'BigBuffer' -> 'hf legic writeRaw <addr> <value>' (icsom)
+ - Added possibility to decrease DCF values at address 0x05 & 0x06 on a Legic Prime Tag
+ DCF-value will be pulled from the BigBuffer (address 0x05 & 0x06) so you have to
+ load the data into the BigBuffer before with 'hf legic load <path/to/legic.dump>' & then
+ write the DCF-Values (both at once) with 'hf legic write 0x05 0x02' (icsom)
+ - Added script `legic.lua` for display and edit Data of Legic-Prime Tags (icsom)
+ - Added the experimental HITAG_S support (spenneb)
+ - Added topaz detection to `hf search` (iceman)
+ - Fixed the silent mode for 14b to be used inside `hf search` (iceman)
-
+---
Give me a hint, and I'll see if I can't merge in the stuff you have.
I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master.
-PM3 GUI:
---------
+##PM3 GUI
I do tend to rename and move stuff around, the official PM3-GUI from Gaucho will not work so well. *sorry*
-
-
-DEVELOPMENT:
-------------
+##Development
This fork now compiles just fine on
- windows/mingw environment with Qt5.3.1 & GCC 4.8
- Ubuntuu 1404, 1510
- Mac OS X
-
-SETUP AND BUILD FOR UBUNTU
---------------------------
+ - Windows/mingw environment with Qt5.3.1 & GCC 4.8
+ - Ubuntuu 1404, 1510
+ - Mac OS X (or before the hardnested BF solver at least)
+##Setup and build for UBUNTU
GC made updates to allow this to build easily on Ubuntu 14.04.2 LTS or 15.10
See https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux
Run
- -> sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget
-
+ `sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev`
+
Follow these instructions
Get devkitARM release 41 from SourceForge (choose either the 64/32 bit depending on your architecture, it is assumed you know how to check and recognize your architecture):
(32-bit) http://sourceforge.net/projects/devkitpro/files/devkitARM/previous/devkitARM_r41-i686-linux.tar.bz2/download
Extract the contents of the .tar.bz2:
- -> tar jxvf devkitARM_r41-<arch>-linux.tar.bz2
+ `tar jxvf devkitARM_r41-<arch>-linux.tar.bz2`
Create a directory for the arm dev kit:
- -> sudo mkdir -p /opt/devkitpro/
+ `sudo mkdir -p /opt/devkitpro/`
Move the ARM developer kit to the newly created directory:
- -> sudo mv devkitARM /opt/devkitpro/
+ `sudo mv devkitARM /opt/devkitpro/`
Add the appropriate environment variable:
- -> export PATH=${PATH}:/opt/devkitpro/devkitARM/bin/
+ `export PATH=${PATH}:/opt/devkitpro/devkitARM/bin/`
Add the environment variable to your profile:
- -> echo 'PATH=${PATH}:/opt/devkitpro/devkitARM/bin/ ' >> ~/.bashrc
+ `echo 'PATH=${PATH}:/opt/devkitpro/devkitARM/bin/ ' >> ~/.bashrc`
Clone iceman fork
- -> git clone https://github.com/iceman1001/proxmark3.git
+ `git clone https://github.com/iceman1001/proxmark3.git`
Get the latest commits
- -> git pull
+ `git pull`
CLEAN COMPILE
- -> make clean && make all
+ `make clean && make all`
Flash the BOOTROM
- -> client/flasher -b /dev/ttyACM0 bootrom/obj/bootrom.elf
+ `client/flasher /dev/ttyACM0 -b bootrom/obj/bootrom.elf`
Flash the FULLIMAGE
- -> client/flasher /dev/ttyACM0 armsrc/obj/fullimage.elf
+ `client/flasher /dev/ttyACM0 armsrc/obj/fullimage.elf`
Change into the client folder.
- -> cd client
+ `cd client`
Run the client
- -> ./proxmark3 /dev/ttyACM0
+ `./proxmark3 /dev/ttyACM0`
+##Homebrew (Mac OS X)
+These instructions comes from @Chrisfu, where I got the proxmark3.rb scriptfile from.
+Further questions about Mac & Homebrew, contact @Chrisfu (https://github.com/chrisfu/)
-January 2015, Sweden
-iceman at host iuse.se
+1. Install homebrew if you haven't yet already done so: http://brew.sh/
+
+2. Tap this repo: `brew tap iceman1001/proxmark3`
+
+3. Install Proxmark3: `brew install proxmark3` for stable release or `brew install --HEAD proxmark3` for latest non-stable from GitHub.
+
+##Docker container
+I recently added a docker container on Docker HUB. You find it here: https://hub.docker.com/r/iceman1001/proxmark3/
+Follow those instructions to get it up and running. No need for the old proxspace-environment anymore.
+
+[1.6.0] How to start: https://www.youtube.com/watch?v=b5Zta89Cf6Q
+[1.6.0] How to connect: https://youtu.be/0ZS2t5C-caI
+[1.6.1] How to flash: https://www.youtube.com/watch?v=WXouhuGYEiw
+
+Recommendations:
+Use only container tag [1.6.4]
-BUYING A PROXMARK 3
--------------------
+##Buying a proxmark3
The Proxmark 3 device is available for purchase (assembled and tested) from the following locations:
- * http://www.elechouse.com (new and revised hardware package 2015)
+ * http://proxmark3.tictail.com/ (For buyers in EU, most likely in Sweden)
+
+ * http://www.elechouse.com/ (new and revised hardware package 2015, located in China)
+
+
+##Enjoy
+
+January 2015, Sweden
+iceman at host iuse.se
+
- I recommend you to buy this version.
---------------------------------------------------------------------------
+##Note from Jonathan Westhues
Most of the ultra-low-volume contract assemblers could put
something like this together with a reasonable yield. A run of around
a dozen units is probably cost-effective. The BOM includes (possibly-