-INTRO:
-
-This file contains enough software, logic (for the FPGA), and design
-documentation for the hardware that you could, at least in theory,
-do something useful with a proxmark3. It has commands to:
-
- * read any kind of 125 kHz unidirectional tag
- * simulate any kind of 125 kHz unidirectional tag
-
-(This is enough to perform all of the silly cloning attacks, like the
-ones that I did at the Capitol in Sacramento, or anything involving
-a Verichip. From a technical standpoint, these are not that exciting,
-although the `software radio' architecture of the proxmark3 makes it
-easy and fun to support new formats.)
-
-As a bonus, I include some code to use the 13.56 MHz hardware, so you can:
-
- * do anything that a (medium-range) ISO 15693 reader could
- * read an ISO 14443 tag, if you know the higher-layer protocol
- * pretend to be an ISO 14443 tag, if you know the higher-layer protocol
- * snoop on an ISO 14443 transaction
-
-I am not actively developing any of this. I have other projects that
-seem to be more useful.
-
-USING THE PACKAGE:
-
-The software tools required to build include:
-
- * cygwin or other unix-like tools for Windows
- * devkitPro (http://wiki.devkitpro.org/index.php/Getting_Started/devkitARM)
- * Xilinx's WebPack tools
- * Modelsim (for test only)
- * perl
-
-When installing devkitPro, you only need to install the compiler itself. Additional
-support libraries are not required.
-
-Documentation is minimal, but see the doc/ directory for what exists. A
-previous familiarity with the ARM, with digital signal processing,
-and with embedded programming in general is assumed.
-
-The device is used through a specialized command line interface; for
-example, to clone a Verichip, you might type:
-
- loread ; this reads the tag, and stores the
- ; raw samples in memory on the ARM
-
- losamples ; then we download the samples to
- ; the PC
-
- vchdemod clone ; demodulate the ID, and then put it
- ; back in a format that we can replay
-
- losim ; and then replay it
-
-To read an ISO 15693 tag, you might type:
-
- hiread ; read the tag; this involves sending a
- ; particular command, and then getting
- ; the response (which is stored as raw
- ; samples in memory on the ARM)
-
- hisamples ; then download those samples to the PC
-
- hi15demod ; and demod them to bits (and check the
- ; CRC etc. at the same time)
-
-Notice that in both cases the signal processing mostly happened on the PC
-side; that is of course not practical for a real reader, but it is easier
-to initially write your code and debug on the PC side than on the ARM. As
-long as you use integer math (and I do), it's trivial to port it over
-when you're done.
-
-The USB driver and bootloader are documented (and available separately
-for download, if you wish to use them in another project) at
-
- http://cq.cx/trivia.pl
-
-
-OBTAINING HARDWARE:
-
-Most of the ultra-low-volume contract assemblers that have sprung up
-(Screaming Circuits, the various cheap Asian suppliers, etc.) could put
+The iceman fork
+---------------
+
+NOTICE:
+
+The official Proxmark repository is found here: https://github.com/Proxmark/proxmark3
+
+NEWS:
+
+::THIS FORK IS HIGHLY EXPERIMENTAL::
+
+
+## Build Status Travis CI
+[![Build Status](https://travis-ci.org/iceman1001/proxmark3.svg?branch=master)](https://travis-ci.org/iceman1001/proxmark3)
+
+## Build Status Coverity Scan
+[![Coverity Scan Build Status](https://scan.coverity.com/projects/5117/badge.svg)](https://scan.coverity.com/projects/proxmark3_iceman_fork)
+
+
+Whats in this fork? I have scraped the web for different enhancements to the PM3 source code and not all of them ever found their way to the master branch.
+Among the stuff is
+
+ * Jonor's hf 14a raw timing patch
+ * Piwi's updates. (usually gets into the master)
+ * Piwi's "topaz" branch
+ * Piwi's "hardnested" branch
+ * Holiman's iclass, (usually gets into the master)
+ * Marshmellow's fixes (usually gets into the master)
+ * Midnitesnake's Ultralight, Ultralight-c enhancements
+ * Izsh's lf peak modification / iir-filtering
+ * Aspers's tips and tricks from inside the PM3-gui-tool, settings.xml and other stuff.
+ * My own desfire, Ultralight extras, LF T55xx enhancements, bugs fixes (filelength, hf mf commands ), TNP3xxx lua scripts, Awid26, skidata scripts (will come)
+ * other obscure patches like for the sammy-mode, (offline you know), tagidentifications, defaultkeys.
+ * Minor textual changes here and there.
+ * Simulation of Ultralight/Ntag.
+ * Marshmellow's and my "RevEng" addon for the client. Ref: http://reveng.sourceforge.net/
+ * Someone's alternative bruteforce Mifare changes.. (you need the two other exe to make it work)
+
+ * A Bruteforce for T55XX passwords against tag.
+ * A Bruteforce for AWID 26, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a AWID Reader.
+ * A Bruteforce for HID, starting w a facilitycode then trying all 0xFFFF cardnumbers via simulation. To be used against a HID Reader.
+ * Blaposts Crapto1 v3.3
+ * Icsom's legic script and legic enhancements
+ * Aczid's bitsliced bruteforce solver in 'hf mf hardnested'
+
+Give me a hint, and I'll see if I can't merge in the stuff you have.
+
+I don't actually know how to make small pull-request to github :( and that is the number one reason for me not pushing a lot of things back to the PM3 master.
+
+PM3 GUI:
+
+I do tend to rename and move stuff around, the official PM3-GUI from Gaucho will not work so well. *sorry*
+
+
+
+DEVELOPMENT:
+
+This fork is adjusted to compile on windows/mingw environment with Qt5.3.1 & GCC 4.9
+
+GC made updates to allow this to build easily on Ubuntu 14.04
+ - See https://github.com/Proxmark/proxmark3/wiki/Ubuntu%20Linux
+ - Generally speaking, if you're running a "later" Proxmark, installation is very easy.
+ - Run "sudo apt-get install p7zip git build-essential libreadline5 libreadline-dev libusb-0.1-4 libusb-dev libqt4-dev perl pkg-config wget libncurses5-dev
+ - Follow these instructions
+ Get devkitARM release 41 from SourceForge (choose either the 64/32 bit depending on your architecture, it is assumed you know how to check and recognize your architecture):
+ (64-bit) http://sourceforge.net/projects/devkitpro/files/devkitARM/previous/devkitARM_r41-x86_64-linux.tar.bz2/download
+ (32-bit) http://sourceforge.net/projects/devkitpro/files/devkitARM/previous/devkitARM_r41-i686-linux.tar.bz2/download
+ Extract the contents of the .tar.bz2:
+ tar jxvf devkitARM_r41-<arch>-linux.tar.bz2
+ Create a directory for the arm dev kit:
+ sudo mkdir -p /opt/devkitpro/
+ Move the ARM developer kit to the newly created directory:
+ sudo mv devkitARM /opt/devkitpro/
+ Add the appropriate environment variable:
+ export PATH=${PATH}:/opt/devkitpro/devkitARM/bin/
+ Add the environment variable to your profile:
+ echo 'PATH=${PATH}:/opt/devkitpro/devkitARM/bin/ ' >> ~/.bashrc
+ - make all
+
+Common errors linux/macOS finds
+
+Error:
+ * \client\makefile the parameter -lgdi32
+Solution:
+ * Remove parameter.
+
+Error:
+ * Using older Qt4.6 gives compilation errors.
+Solution
+ * Upgrade to Qt5.3.1
+ OR
+ * Change these two line in \client\makefile
+ CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui -I$(QTDIR)/include/QtWidgets -I/mingw/include
+ QTLDLIBS = -L$(QTDIR)/lib -lQt5Core -lQt5Gui -lQt5Widgets
+
+ TO
+
+ CXXFLAGS = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
+ QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4
+
+
+An old Qt4 version makefile is found here: http://www.icesql.se/proxmark3/code/linuxmakefile.txt but this one doesn't have all new files in it. So I don't recommend it.
+
+
+January 2015, Sweden
+iceman at host iuse.se
+
+
+The Proxmark 3 is available for purchase (assembled and tested) from the
+following locations:
+
+ * http://proxmark3.tictail.com/ (For buyers in EU, most likely in Sweden)
+
+ * http://www.elechouse.com/ (new and revised hardware package 2015, located in China)
+
+
+
+
+Most of the ultra-low-volume contract assemblers could put
something like this together with a reasonable yield. A run of around
a dozen units is probably cost-effective. The BOM includes (possibly-
outdated) component pricing, and everything is available from Digikey
Excellon drill file.
-FUTURE PLANS, ENHANCEMENTS THAT YOU COULD MAKE:
-
-At some point I should write software involving a proper real-time
-operating system for the ARM. I would then provide interrupt-driven
-drivers for many of the peripherals that are polled now (the USB,
-the data stream from the FPGA), which would make it easier to develop
-complex applications.
-
-It would not be all that hard to implement the ISO 15693 reader properly
-(with anticollision, all the commands supported, and so on)--the signal
-processing is already written, so it is all straightforward applications
-work.
-
-I have basic support for ISO 14443 as well: a sniffer, a simulated
-tag, and a reader. It won't do anything useful unless you fill in the
-high-layer protocol.
-
-Nicer (i.e., closer-to-optimal) implementations of all kinds of signal
-processing would be useful as well.
-
-A practical implementation of the learning-the-tag's-ID-from-what-the-
-reader-broadcasts-during-anticollision attacks would be relatively
-straightforward. This would involve some signal processing on the FPGA,
-but not much else after that.
-
-It would be neat to write a driver that could stream samples from the A/Ds
-over USB to the PC, using the full available bandwidth of USB. I am not
-yet sure what that would be good for, but surely something. This would
-require a kernel-mode driver under Windows, though, which is more work.
-
-
LICENSING:
This program is free software; you can redistribute it and/or modify
user jwesthues, at host cq.cx
May 2007, Cambridge MA
-