- `hf mf nested` Check keys after they have found (Merlok)
- `hf mf chk` Move main cycle to arm (Merlok)
- Changed proxmark command line parameter `flush` to `-f` or `-flush` (Merlok)
+- Changed `hf 14a reader` to just reqest-anticilission-select sequence (Merlok)
### Fixed
- Changed start sequence in Qt mode (fix: short commands hangs main Qt thread) (Merlok)
- Added to proxmark command line parameters `w` - wait 20s for serial port (Merlok)
- Added to proxmark command line parameters `c` and `l` - execute command and lua script from command line (Merlok)
- Added to proxmark ability to execute commands from stdin (pipe) (Merlok)
+- Added `hf 14a info` and moved there functionality from `hf 14a reader` (Merlok)
+- Added to `hf 14a info` detection of weak prng from Iceman1001 fork (Merlok)
## [3.0.1][2017-06-08]
image: Visual Studio 2017
clone_folder: C:\ProxSpace\pm3
init:
-- ps: "$psversiontable\n#Get-ChildItem Env:\n\n$releasename=\"\"\n$env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)\nif ($env:appveyor_repo_tag -match \"true\"){\n $releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT_SHORT + \"]\" \n\nWrite-Host \"repository: $env:appveyor_repo_name branch:$env:APPVEYOR_REPO_BRANCH release: $releasename\" -ForegroundColor Yellow\nAdd-AppveyorMessage -Message \"[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)\" -Category Information -Details \"repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename\"\n\niex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))"
+- ps: >-
+ $psversiontable
+
+ #Get-ChildItem Env:
+
+
+ $releasename=""
+
+ $env:APPVEYOR_REPO_COMMIT_SHORT = $env:APPVEYOR_REPO_COMMIT.Substring(0, 8)
+
+ if ($env:appveyor_repo_tag -match "true"){
+ $releasename=$env:APPVEYOR_REPO_TAG_NAME + "/"
+ }
+
+ $releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT_SHORT + "]"
+
+
+ Write-Host "repository: $env:appveyor_repo_name branch:$env:APPVEYOR_REPO_BRANCH release: $releasename" -ForegroundColor Yellow
+
+ Add-AppveyorMessage -Message "[$env:APPVEYOR_REPO_COMMIT_SHORT]$env:appveyor_repo_name($env:APPVEYOR_REPO_BRANCH)" -Category Information -Details "repository: $env:appveyor_repo_name branch: $env:APPVEYOR_REPO_BRANCH release: $releasename"
+
+
+ iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
clone_script:
- ps: >-
Write-Host "Removing ProxSpace..." -NoNewLine
}
}
build_script:
-- ps: "$env:Path = \"C:\\ProxSpace\\msys\\bin;$env:Path\"\n\n#make\nbash -lc -i \"pwd;make all\"\n\n#some checks\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\proxmark3.exe)){\nthrow \"Main file proxmark3.exe not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\armsrc\\obj\\fullimage.elf)){\nthrow \"ARM file fullimage.elf not exists.\"\n}\nif(!(Test-Path C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z)){\nthrow \"Files in hardnested\\tables not exists.\"\n}\n\n#copy\nWrite-Host \"Copy release files...\" -NoNewLine -ForegroundColor Yellow\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\nCopy-Item C:\\ProxSpace\\pm3\\client\\*.exe C:\\ProxSpace\\Release\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\armsrc\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nCopy-Item C:\\ProxSpace\\pm3\\bootrom\\obj\\*.elf C:\\ProxSpace\\Release\\arm\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\scripts\nCopy-Item C:\\ProxSpace\\pm3\\client\\scripts\\*.lua C:\\ProxSpace\\Release\\scripts\nNew-Item -ItemType Directory -Force -Path C:\\ProxSpace\\Release\\hardnested\\tables\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\*.bin C:\\ProxSpace\\Release\\hardnested\nCopy-Item C:\\ProxSpace\\pm3\\client\\hardnested\\tables\\*.bin.z C:\\ProxSpace\\Release\\hardnested\\tables\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\n#archive and push\n$releasename=\"\"\nif ($env:appveyor_repo_tag -match \"true\"){\n$releasename=$env:APPVEYOR_REPO_TAG_NAME + \"/\"\n}\n$releasename+=$env:APPVEYOR_BUILD_VERSION + \" [\" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + \"]\" \n\nWrite-Host \"Archive and publish release files ($releasename)...\" -NoNewLine -ForegroundColor Yellow\ncd C:\\ProxSpace\n7z a release.zip C:\\ProxSpace\\Release\nPush-AppveyorArtifact release.zip -DeploymentName \"$releasename\"\nWrite-Host \"[ OK ]\" -ForegroundColor Green\n\nWrite-Host \"Builded...\" -ForegroundColor Yellow"
+- ps: >-
+ $env:Path = "C:\ProxSpace\msys\bin;$env:Path"
+
+
+ #make
+
+ bash -lc -i "pwd;make all"
+
+
+ #some checks
+
+ if(!(Test-Path C:\ProxSpace\pm3\client\proxmark3.exe)){
+
+ throw "Main file proxmark3.exe not exists."
+
+ }
+
+ if(!(Test-Path C:\ProxSpace\pm3\armsrc\obj\fullimage.elf)){
+
+ throw "ARM file fullimage.elf not exists."
+
+ }
+
+ if(!(Test-Path C:\ProxSpace\pm3\client\hardnested\tables\*.bin.z)){
+
+ throw "Files in hardnested\tables not exists."
+
+ }
+
+
+ #copy
+
+ Write-Host "Copy release files..." -NoNewLine -ForegroundColor Yellow
+
+ New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release
+
+ Copy-Item C:\ProxSpace\pm3\client\*.exe C:\ProxSpace\Release
+
+ New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\arm
+
+ Copy-Item C:\ProxSpace\pm3\armsrc\obj\*.elf C:\ProxSpace\Release\arm
+
+ Copy-Item C:\ProxSpace\pm3\bootrom\obj\*.elf C:\ProxSpace\Release\arm
+
+ New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\scripts
+
+ Copy-Item C:\ProxSpace\pm3\client\scripts\*.lua C:\ProxSpace\Release\scripts
+
+ New-Item -ItemType Directory -Force -Path C:\ProxSpace\Release\hardnested\tables
+
+ Copy-Item C:\ProxSpace\pm3\client\hardnested\*.bin C:\ProxSpace\Release\hardnested
+
+ Copy-Item C:\ProxSpace\pm3\client\hardnested\tables\*.bin.z C:\ProxSpace\Release\hardnested\tables
+
+ Write-Host "[ OK ]" -ForegroundColor Green
+
+
+ #archive and push
+
+ $releasename=""
+
+ if ($env:appveyor_repo_tag -match "true"){
+
+ $releasename=$env:APPVEYOR_REPO_TAG_NAME + "/"
+
+ }
+
+ $releasename+=$env:APPVEYOR_BUILD_VERSION + " [" + $env:APPVEYOR_REPO_COMMIT.Substring(0, 7) + "]"
+
+
+ Write-Host "Archive and publish release files ($releasename)..." -NoNewLine -ForegroundColor Yellow
+
+ cd C:\ProxSpace
+
+ 7z a release.zip C:\ProxSpace\Release
+
+ Push-AppveyorArtifact release.zip -DeploymentName "$releasename"
+
+ Write-Host "[ OK ]" -ForegroundColor Green
+
+
+ Write-Host "Builded..." -ForegroundColor Yellow
test_script:
- ps: >-
$env:Path = "C:\ProxSpace\msys\bin;$env:Path"
$global:TestsPassed=$true
- $global:TestTime=[System.Environment]::TickCount
+ Function ExecTest($Name, $File, $Cmd, $CheckResult) {
+
+ #--- begin Job
+
+ $Job = Start-Job -ScriptBlock {
+ [bool]$res=$false
+ $TestTime=[System.Environment]::TickCount
+ $env:Path = "C:\ProxSpace\msys\bin;$env:Path"
+ Set-Location $using:PWD
+
+ $sb=[scriptblock]::Create("$using:Cmd")
+ #execute scriptblock
+ Write-host "Test [$using:Name] job: $using:Cmd"
+ $Cond=&$sb
- Function ExecTest($Name, $File, $Cond) {
- [bool]$res=$false;
if ($Cond -eq $null){
+ } ElseIf($using:CheckResult -ne $null) {
+ [String]$searchstr=""
+ if ($Cond -is [Object]){
+ ForEach($line in $Cond){
+ Write-host $line -ForegroundColor Gray
+ $searchstr += $line
+ }
+ }else{
+ Write-host "$Cond" -ForegroundColor Gray
+ $searchstr = $Cond
+ }
+ If($searchstr -like "*$using:CheckResult*") {
+ $res=$true
+ }
+ $Cond="*$using:CheckResult*"
} Else {
If (!($Cond -is [bool] -or $Cond -is [byte] -or $Cond -is [int16] -or $Cond -is [int32] -or $Cond -is [int64] -or $Cond -is [float])){
if ($Cond -is "String" -and $Cond -like "*passed*"){
$res= $true
}
} Else {
- $res=$Cond;
+ $res=$Cond
}
}
If ($res) {
- Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
+ Write-host "Result[$using:Name]: $Cond" -ForegroundColor Green
+ Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Passed -Duration "$([System.Environment]::TickCount-$TestTime)"
}Else {
- Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$global:TestTime)"
+ Write-host "Result[$using:Name]: $Cond" -ForegroundColor Red
+ Add-AppveyorTest -Name "$using:Name" -Framework NUnit -Filename "$using:File" -Outcome Failed -Duration "$([System.Environment]::TickCount-$TestTime)" -ErrorMessage "command:$using:Cmd`nresult:$Cond"
+ }
+ return $res
+ }
+
+ #--- end Job
+
+ [bool]$res=$false
+ # Wait 40 sec timeout for Job
+ if(Wait-Job $Job -Timeout 40){
+ $Results = $Job | Receive-Job
+ if($Results -like "true"){
+ $res=$true
+ }
+ } else {
+ Write-host "Test [$Name] timeout" -ForegroundColor Red
+ Add-AppveyorTest -Name "$Name" -Framework NUnit -Filename "$File" -Outcome Failed -Duration 40000 -ErrorMessage "timeout"
+ }
+ Remove-Job -Force $Job
+
+ if(!$res){
$global:TestsPassed=$false
}
- $global:TestTime=[System.Environment]::TickCount
}
#file test
- ExecTest "proxmark3 exists" "proxmark3.exe" $(Test-Path C:\ProxSpace\Release\proxmark3.exe)
+ ExecTest "proxmark3 exists" "proxmark3.exe" {Test-Path C:\ProxSpace\Release\proxmark3.exe}
- ExecTest "arm image exists" "\arm\fullimage1.elf" $(Test-Path C:\ProxSpace\Release\arm\fullimage.elf)
+ ExecTest "arm image exists" "\arm\fullimage1.elf" {Test-Path C:\ProxSpace\Release\arm\fullimage.elf}
- ExecTest "bootrom exists" "bootrom.elf" $(Test-Path C:\ProxSpace\Release\arm\bootrom.elf)
+ ExecTest "bootrom exists" "bootrom.elf" {Test-Path C:\ProxSpace\Release\arm\bootrom.elf}
- ExecTest "hardnested tables exists" "hardnested" $(Test-Path C:\ProxSpace\Release\hardnested\tables\*.z)
+ ExecTest "hardnested tables exists" "hardnested" {Test-Path C:\ProxSpace\Release\hardnested\tables\*.z}
- ExecTest "release exists" "release.zip" $(Test-Path C:\ProxSpace\release.zip)
+ ExecTest "release exists" "release.zip" {Test-Path C:\ProxSpace\release.zip}
#proxmark logic tests
- ExecTest "proxmark help" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed')
+ ExecTest "proxmark help" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q Execute && echo Passed || echo Failed'}
- ExecTest "proxmark help hardnested" "proxmark3 -h" $(bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed')
+ ExecTest "proxmark help hardnested" "proxmark3 -h" {bash -lc 'cd ~/client;proxmark3 -h | grep -q hardnested && echo Passed || echo Failed'}
- ExecTest "hf mf offline text" "hf mf" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf' | grep -q at_enc && echo Passed || echo Failed")
+ ExecTest "hf mf offline text" "hf mf" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf'"} "at_enc"
- ExecTest "hf mf hardnested" "hf mf hardnested" $(bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000' | grep -q 'found:' && echo Passed || echo Failed")
+ ExecTest "hf mf hardnested" "hf mf hardnested" {bash -lc "cd ~/client;proxmark3 comx -c 'hf mf hardnested t 1 000000000000'"} "found:"
if ($global:TestsPassed) {
on_failure:
- ps: Write-Host "Build error." -ForegroundColor Red
on_finish:
-- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
\ No newline at end of file
+- ps: $blockRdp = $false; iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
int cascade_level = 0;
int len;
+ // init card struct
+ if(p_hi14a_card) {
+ p_hi14a_card->uidlen = 0;
+ memset(p_hi14a_card->uid, 0, 10);
+ p_hi14a_card->ats_len = 0;
+ }
+
// Broadcast for a card, WUPA (0x52) will force response from all cards in the field
ReaderTransmitBitsPar(wupa, 7, NULL, NULL);
if(p_hi14a_card) {
memcpy(p_hi14a_card->atqa, resp, 2);
- p_hi14a_card->uidlen = 0;
- memset(p_hi14a_card->uid,0,10);
}
if (anticollision) {
if(p_hi14a_card) {
p_hi14a_card->sak = sak;
- p_hi14a_card->ats_len = 0;
}
- // non iso14443a compliant tag
+ // PICC compilant with iso14443a-4 ---> (SAK & 0x20 != 0)
if( (sak & 0x20) == 0) return 2;
if (!no_rats) {
size_t lenbits = c->arg[1] >> 16;
uint32_t timeout = c->arg[2];
uint32_t arg0 = 0;
- byte_t buf[USB_CMD_DATA_SIZE];
+ byte_t buf[USB_CMD_DATA_SIZE] = {0};
uint8_t par[MAX_PARITY_SIZE];
if(param & ISO14A_CONNECT) {
\r
uint8_t receivedAnswer[MAX_MIFARE_FRAME_SIZE];\r
uint8_t receivedAnswerPar[MAX_MIFARE_PARITY_SIZE];\r
+ \r
+ LED_A_ON();\r
+ LED_B_OFF();\r
+ LED_C_OFF();\r
+ iso14443a_setup(FPGA_HF_ISO14443A_READER_LISTEN);\r
+\r
+ clear_trace();\r
+ set_tracing(true); \r
\r
ReaderTransmitBitsPar(wupC1,7,0, NULL);\r
if(ReaderReceive(receivedAnswer, receivedAnswerPar) && (receivedAnswer[0] == 0x0a)) {\r
\r
// From iceman1001: removed the if, since some magic tags misbehavies and send an answer to it.\r
mifare_classic_halt(NULL, 0);\r
-\r
+ \r
+ LED_B_ON();\r
cmd_send(CMD_ACK,isOK,0,0,0,0);\r
+ LED_B_OFF();\r
+\r
+ FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);\r
+ LEDsoff(); \r
}\r
\r
//\r
int CmdHFSearch(const char *Cmd){
int ans = 0;
PrintAndLog("");
- ans = CmdHF14AReader("s");
+ ans = CmdHF14AInfo("s");
if (ans > 0) {
PrintAndLog("\nValid ISO14443A Tag Found - Quiting Search\n");
return ans;
return 0;
}
-int CmdHF14AReader(const char *Cmd)
+int CmdHF14AReader(const char *Cmd) {
+ uint32_t cm = ISO14A_CONNECT;
+ bool disconnectAfter = false;
+
+ int cmdp = 0;
+ while(param_getchar(Cmd, cmdp) != 0x00) {
+ switch(param_getchar(Cmd, cmdp)) {
+ case 'h':
+ case 'H':
+ PrintAndLog("Usage: hf 14a reader [d] [3]");
+ PrintAndLog(" d drop the signal field after command executed");
+ PrintAndLog(" x just drop the signal field");
+ PrintAndLog(" 3 ISO14443-3 select only (skip RATS)");
+ return 0;
+ case '3':
+ cm |= ISO14A_NO_RATS;
+ break;
+ case 'd':
+ case 'D':
+ disconnectAfter = true;
+ break;
+ case 'x':
+ case 'X':
+ disconnectAfter = true;
+ cm = cm - ISO14A_CONNECT;
+ break;
+ default:
+ PrintAndLog("Unknown command.");
+ return 1;
+ }
+
+ cmdp++;
+ }
+
+ if (!disconnectAfter)
+ cm |= ISO14A_NO_DISCONNECT;
+
+ UsbCommand c = {CMD_READER_ISO_14443a, {cm, 0, 0}};
+ SendCommand(&c);
+
+ if (ISO14A_CONNECT & cm) {
+ UsbCommand resp;
+ WaitForResponse(CMD_ACK,&resp);
+
+ iso14a_card_select_t card;
+ memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));
+
+ uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision
+
+ if(select_status == 0) {
+ PrintAndLog("iso14443a card select failed");
+ return 1;
+ }
+
+ if(select_status == 3) {
+ PrintAndLog("Card doesn't support standard iso14443-3 anticollision");
+ PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
+ return 1;
+ }
+
+ PrintAndLog(" UID : %s", sprint_hex(card.uid, card.uidlen));
+ PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
+ PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
+ if(card.ats_len >= 3) { // a valid ATS consists of at least the length byte (TL) and 2 CRC bytes
+ PrintAndLog(" ATS : %s", sprint_hex(card.ats, card.ats_len));
+ }
+ PrintAndLog("Card is selected. You can now start sending commands");
+ } else {
+ PrintAndLog("Field dropped.");
+ }
+ return 0;
+}
+
+int CmdHF14AInfo(const char *Cmd)
{
UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};
SendCommand(&c);
PrintAndLog("ATQA : %02x %02x", card.atqa[1], card.atqa[0]);
PrintAndLog(" SAK : %02x [%d]", card.sak, resp.arg[0]);
+ bool isMifareClassic = true;
switch (card.sak) {
case 0x00:
+ isMifareClassic = false;
//***************************************test****************
// disconnect
// try to see if card responses to "chinese magic backdoor" commands.
- c.cmd = CMD_MIFARE_CIDENT;
- c.arg[0] = 0;
- c.arg[1] = 0;
- c.arg[2] = 0;
- SendCommand(&c);
- WaitForResponse(CMD_ACK,&resp);
+ mfCIdentify();
- uint8_t isGeneration = resp.arg[0] & 0xff;
- switch( isGeneration ){
- case 1: PrintAndLog("Answers to chinese magic backdoor commands (GEN 1a): YES"); break;
- case 2: PrintAndLog("Answers to chinese magic backdoor commands (GEN 1b): YES"); break;
- default: PrintAndLog("Answers to chinese magic backdoor commands: NO"); break;
+ if (isMifareClassic) {
+ switch(DetectClassicPrng()) {
+ case 0:
+ PrintAndLog("Prng detection: HARDEND (hardnested)");
+ break;
+ case 1:
+ PrintAndLog("Prng detection: WEAK");
+ break;
+ default:
+ PrintAndLog("Prng detection error.");
+ }
}
- // disconnect
- c.cmd = CMD_READER_ISO_14443a;
- c.arg[0] = 0;
- c.arg[1] = 0;
- c.arg[2] = 0;
- SendCommand(&c);
-
return select_status;
}
if (WaitForResponseTimeout(CMD_ACK,&resp,1500)) {
recv = resp.d.asBytes;
- uint8_t iLen = iSelect ? resp.arg[1] : resp.arg[0];
- PrintAndLog("received %i octets", iLen);
+ uint8_t iLen = resp.arg[0];
+ if (iSelect){
+ iLen = resp.arg[1];
+ if (iLen){
+ PrintAndLog("Card selected. UID[%i]:", iLen);
+ } else {
+ PrintAndLog("Can't select card.");
+ }
+ } else {
+ PrintAndLog("received %i bytes:", iLen);
+ }
if(!iLen)
return;
hexout = (char *)malloc(iLen * 3 + 1);
{
{"help", CmdHelp, 1, "This help"},
{"list", CmdHF14AList, 0, "[Deprecated] List ISO 14443a history"},
- {"reader", CmdHF14AReader, 0, "Act like an ISO14443 Type A reader"},
+ {"reader", CmdHF14AReader, 0, "Start acting like an ISO14443 Type A reader"},
+ {"info", CmdHF14AInfo, 0, "Reads card and shows information about it"},
{"cuids", CmdHF14ACUIDs, 0, "<n> Collect n>0 ISO14443 Type A UIDs in one go"},
{"sim", CmdHF14ASim, 0, "<UID> -- Simulate ISO 14443a tag"},
{"snoop", CmdHF14ASnoop, 0, "Eavesdrop ISO 14443 Type A"},
int CmdHF14AList(const char *Cmd);
int CmdHF14AMifare(const char *Cmd);
int CmdHF14AReader(const char *Cmd);
+extern int CmdHF14AInfo(const char *Cmd);
int CmdHF14ASim(const char *Cmd);
int CmdHF14ASnoop(const char *Cmd);
char* getTagInfo(uint8_t uid);
// Main command parser entry point
//-----------------------------------------------------------------------------
+#include "cmdmain.h"
+
+#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include "cmddata.h"
#include "cmdhw.h"
#include "cmdlf.h"
-#include "cmdmain.h"
#include "util.h"
#include "util_posix.h"
#include "cmdscript.h"
static int cmd_head;//Starts as 0
//Points to the position of the last unread command
static int cmd_tail;//Starts as 0
+// to lock cmdBuffer operations from different threads
+static pthread_mutex_t cmdBufferMutex = PTHREAD_MUTEX_INITIALIZER;
static command_t CommandTable[] =
{
void clearCommandBuffer()
{
//This is a very simple operation
+ pthread_mutex_lock(&cmdBufferMutex);
cmd_tail = cmd_head;
+ pthread_mutex_unlock(&cmdBufferMutex);
}
/**
*/
void storeCommand(UsbCommand *command)
{
+ pthread_mutex_lock(&cmdBufferMutex);
if( ( cmd_head+1) % CMD_BUFFER_SIZE == cmd_tail)
{
//If these two are equal, we're about to overwrite in the
memcpy(destination, command, sizeof(UsbCommand));
cmd_head = (cmd_head +1) % CMD_BUFFER_SIZE; //increment head and wrap
+ pthread_mutex_unlock(&cmdBufferMutex);
}
*/
int getCommand(UsbCommand* response)
{
+ pthread_mutex_lock(&cmdBufferMutex);
//If head == tail, there's nothing to read, or if we just got initialized
if(cmd_head == cmd_tail){
+ pthread_mutex_unlock(&cmdBufferMutex);
return 0;
}
//Pick out the next unread command
memcpy(response, last_unread, sizeof(UsbCommand));
//Increment tail - this is a circular buffer, so modulo buffer size
cmd_tail = (cmd_tail +1 ) % CMD_BUFFER_SIZE;
-
+ pthread_mutex_unlock(&cmdBufferMutex);
return 1;
}
response = &resp;
}
+ uint64_t start_time = msclock();
+
// Wait until the command is received
- for(size_t dm_seconds=0; dm_seconds < ms_timeout/10; dm_seconds++) {
+ while (true) {
while(getCommand(response)) {
if(response->cmd == cmd){
return true;
}
}
- msleep(10); // XXX ugh
- if (dm_seconds == 200 && show_warning) { // Two seconds elapsed
+ if (msclock() - start_time > ms_timeout) {
+ break;
+ }
+ if (msclock() - start_time > 2000 && show_warning) {
PrintAndLog("Waiting for a response from the proxmark...");
PrintAndLog("Don't forget to cancel its operation first by pressing on the button");
+ break;
}
}
return false;
}
+
bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout) {
return WaitForResponseTimeoutW(cmd, response, ms_timeout, true);
}
return 0;\r
}\r
\r
-int mfCIdentify()\r
-{\r
- UsbCommand c = {CMD_READER_ISO_14443a, {ISO14A_CONNECT | ISO14A_NO_DISCONNECT, 0, 0}};\r
+int mfCIdentify() {\r
+ UsbCommand c = {CMD_MIFARE_CIDENT, {0, 0, 0}};\r
SendCommand(&c);\r
-\r
UsbCommand resp;\r
WaitForResponse(CMD_ACK,&resp);\r
\r
- // iso14a_card_select_t card;\r
- // memcpy(&card, (iso14a_card_select_t *)resp.d.asBytes, sizeof(iso14a_card_select_t));\r
-\r
- // uint64_t select_status = resp.arg[0]; // 0: couldn't read, 1: OK, with ATS, 2: OK, no ATS, 3: proprietary Anticollision\r
-\r
- // if(select_status != 0) {\r
- // uint8_t rats[] = { 0xE0, 0x80 }; // FSDI=8 (FSD=256), CID=0\r
- // c.arg[0] = ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_DISCONNECT;\r
- // c.arg[1] = 2;\r
- // c.arg[2] = 0;\r
- // memcpy(c.d.asBytes, rats, 2);\r
- // SendCommand(&c);\r
- // WaitForResponse(CMD_ACK,&resp);\r
- // }\r
-\r
- c.cmd = CMD_MIFARE_CIDENT;\r
- c.arg[0] = 0;\r
- c.arg[1] = 0;\r
- c.arg[2] = 0;\r
- SendCommand(&c);\r
- WaitForResponse(CMD_ACK,&resp);\r
-\r
uint8_t isGeneration = resp.arg[0] & 0xff;\r
switch( isGeneration ){\r
case 1: PrintAndLog("Chinese magic backdoor commands (GEN 1a) detected"); break;\r
default: PrintAndLog("No chinese magic backdoor command detected"); break;\r
}\r
\r
- // disconnect\r
- c.cmd = CMD_READER_ISO_14443a;\r
- c.arg[0] = 0;\r
- c.arg[1] = 0;\r
- c.arg[2] = 0;\r
- SendCommand(&c);\r
-\r
return (int) isGeneration;\r
}\r
\r
return 0;\r
}\r
\r
+/** validate_prng_nonce\r
+ * Determine if nonce is deterministic. ie: Suspectable to Darkside attack.\r
+ * returns\r
+ * true = weak prng\r
+ * false = hardend prng\r
+ */\r
+bool validate_prng_nonce(uint32_t nonce) {\r
+ uint16_t *dist = 0;\r
+ uint16_t x, i;\r
+\r
+ dist = malloc(2 << 16);\r
+ if(!dist)\r
+ return -1;\r
+\r
+ // init prng table:\r
+ for (x = i = 1; i; ++i) {\r
+ dist[(x & 0xff) << 8 | x >> 8] = i;\r
+ x = x >> 1 | (x ^ x >> 2 ^ x >> 3 ^ x >> 5) << 15;\r
+ }\r
+ \r
+ uint32_t res = (65535 - dist[nonce >> 16] + dist[nonce & 0xffff]) % 65535;\r
+ \r
+ free(dist); \r
+ return (res == 16);\r
+}\r
+\r
+/* Detect Tag Prng, \r
+* function performs a partial AUTH, where it tries to authenticate against block0, key A, but only collects tag nonce.\r
+* the tag nonce is check to see if it has a predictable PRNG.\r
+* @returns \r
+* TRUE if tag uses WEAK prng (ie Now the NACK bug also needs to be present for Darkside attack)\r
+* FALSE is tag uses HARDEND prng (ie hardnested attack possible, with known key)\r
+*/\r
+int DetectClassicPrng(void){\r
+\r
+ UsbCommand resp, respA; \r
+ uint8_t cmd[] = {0x60, 0x00}; // MIFARE_AUTH_KEYA\r
+ uint32_t flags = ISO14A_CONNECT | ISO14A_RAW | ISO14A_APPEND_CRC | ISO14A_NO_RATS;\r
+ \r
+ UsbCommand c = {CMD_READER_ISO_14443a, {flags, sizeof(cmd), 0}};\r
+ memcpy(c.d.asBytes, cmd, sizeof(cmd));\r
+\r
+ clearCommandBuffer();\r
+ SendCommand(&c);\r
+ if (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {\r
+ PrintAndLog("PRNG UID: Reply timeout.");\r
+ return -1;\r
+ }\r
+ \r
+ // if select tag failed.\r
+ if (resp.arg[0] == 0) {\r
+ PrintAndLog("PRNG error: selecting tag failed, can't detect prng.");\r
+ return -1;\r
+ }\r
+ \r
+ if (!WaitForResponseTimeout(CMD_ACK, &respA, 5000)) {\r
+ PrintAndLog("PRNG data: Reply timeout.");\r
+ return -1;\r
+ }\r
+\r
+ // check respA\r
+ if (respA.arg[0] != 4) {\r
+ PrintAndLog("PRNG data error: Wrong length: %d", respA.arg[0]);\r
+ return -1;\r
+ }\r
+\r
+ uint32_t nonce = bytes_to_num(respA.d.asBytes, respA.arg[0]);\r
+ return validate_prng_nonce(nonce);\r
+}\r
extern int tryDecryptWord(uint32_t nt, uint32_t ar_enc, uint32_t at_enc, uint8_t *data, int len);\r
\r
extern int mfCIdentify();\r
+extern int DetectClassicPrng(void);\r
\r
#endif\r
while (arg->run) {
rxlen = 0;
- if (uart_receive(sp, prx, sizeof(UsbCommand) - (prx-rx), &rxlen)) {
+ if (uart_receive(sp, prx, sizeof(UsbCommand) - (prx-rx), &rxlen) && rxlen) {
prx += rxlen;
if (prx-rx < sizeof(UsbCommand)) {
continue;
}
-
UsbCommandReceived((UsbCommand*)rx);
}
prx = rx;
sp = uart_open(argv[1]);
} else {
printf("Waiting for Proxmark to appear on %s ", argv[1]);
+ fflush(stdout);
int openCount = 0;
do {
sp = uart_open(argv[1]);
msleep(1000);
printf(".");
+ fflush(stdout);
} while(++openCount < 20 && (sp == INVALID_SERIAL_PORT || sp == CLAIMED_SERIAL_PORT));
printf("\n");
}
return (65535 + dist[to >> 16] - dist[from >> 16]) % 65535;
}
-
static uint32_t fastfwd[2][8] = {
{ 0, 0x4BC53, 0xECB1, 0x450E2, 0x25E29, 0x6E27A, 0x2B298, 0x60ECB},
{ 0, 0x1D962, 0x4BC53, 0x56531, 0xECB1, 0x135D3, 0x450E2, 0x58980}};
#define AT91C_EP_OUT_SIZE 0x40\r
#define AT91C_EP_IN_SIZE 0x40\r
\r
+// Language must always be 0.\r
+#define STR_LANGUAGE_CODES 0x00\r
+#define STR_MANUFACTURER 0x01\r
+#define STR_PRODUCT 0x02\r
+\r
static const char devDescriptor[] = {\r
/* Device descriptor */\r
0x12, // bLength\r
0xc4,0x9a, // Vendor ID (0x9ac4 = J. Westhues)\r
0x8f,0x4b, // Product ID (0x4b8f = Proxmark-3 RFID Instrument)\r
0x01,0x00, // Device release number (0001)\r
- 0x01, // iManufacturer\r
- 0x02, // iProduct\r
+ STR_MANUFACTURER, // iManufacturer\r
+ STR_PRODUCT, // iProduct\r
0x00, // iSerialNumber\r
0x01 // bNumConfigs\r
};\r
0x03, // Type is string\r
0x09, 0x04 // supported language Code 0 = 0x0409 (English)\r
};\r
- \r
+\r
+// Note: ModemManager (Linux) ignores Proxmark3 devices by matching the\r
+// manufacturer string "proxmark.org". Don't change this.\r
static const char StrDescManufacturer[] = {\r
26, // Length\r
0x03, // Type is string\r
'M', 0x00,\r
'3', 0x00\r
};\r
- \r
-static const char* const pStrings[] =\r
-{\r
- StrDescLanguageCodes,\r
- StrDescManufacturer,\r
- StrDescProduct\r
-};\r
\r
const char* getStringDescriptor(uint8_t idx)\r
{\r
- if(idx >= (sizeof(pStrings) / sizeof(pStrings[0]))) {\r
- return(NULL);\r
- } else {\r
- return(pStrings[idx]);\r
+ switch (idx) {\r
+ case STR_LANGUAGE_CODES:\r
+ return StrDescLanguageCodes;\r
+ case STR_MANUFACTURER:\r
+ return StrDescManufacturer;\r
+ case STR_PRODUCT:\r
+ return StrDescProduct;\r
+ default:\r
+ return NULL;\r
}\r
}\r
\r
(* clock_signal = "yes" *) reg adc_clk; // sample frequency, always 16 * fc
always @(ck_1356megb, xcorr_is_848, xcorr_quarter_freq, fc_div)
- if (xcorr_is_848 & ~xcorr_quarter_freq) // fc = 847.5 kHz
+ if (xcorr_is_848 & ~xcorr_quarter_freq) // fc = 847.5 kHz, standard ISO14443B
adc_clk <= ck_1356megb;
- else if (~xcorr_is_848 & ~xcorr_quarter_freq) // fc = 424.25 kHz
+ else if (~xcorr_is_848 & ~xcorr_quarter_freq) // fc = 423.75 kHz
adc_clk <= fc_div[0];
- else if (xcorr_is_848 & xcorr_quarter_freq) // fc = 212.125 kHz
+ else if (xcorr_is_848 & xcorr_quarter_freq) // fc = 211.875 kHz
adc_clk <= fc_div[1];
- else // fc = 106.0625 kHz
+ else // fc = 105.9375 kHz
adc_clk <= fc_div[2];
// When we're a reader, we just need to do the BPSK demod; but when we're an
end
end
-// Let us report a correlation every 4 subcarrier cycles, or 4*16 samples,
+// Let us report a correlation every 4 subcarrier cycles, or 4*16=64 samples,
// so we need a 6-bit counter.
reg [5:0] corr_i_cnt;
// And a couple of registers in which to accumulate the correlations.
-// we would add/sub at most 32 times adc_d, the signed result can be held in 14 bits.
-reg signed [13:0] corr_i_accum;
-reg signed [13:0] corr_q_accum;
+// We would add at most 32 times the difference between unmodulated and modulated signal. It should
+// be safe to assume that a tag will not be able to modulate the carrier signal by more than 25%.
+// 32 * 255 * 0,25 = 2040, which can be held in 11 bits. Add 1 bit for sign.
+reg signed [11:0] corr_i_accum;
+reg signed [11:0] corr_q_accum;
+// we will report maximum 8 significant bits
reg signed [7:0] corr_i_out;
reg signed [7:0] corr_q_out;
// clock and frame signal for communication to ARM
begin
if(snoop)
begin
- // Send only 7 most significant bits of tag signal (signed), LSB is reader signal:
- corr_i_out <= {corr_i_accum[13:7], after_hysteresis_prev_prev};
- corr_q_out <= {corr_q_accum[13:7], after_hysteresis_prev};
+ // Send 7 most significant bits of tag signal (signed), plus 1 bit reader signal
+ corr_i_out <= {corr_i_accum[11:5], after_hysteresis_prev_prev};
+ corr_q_out <= {corr_q_accum[11:5], after_hysteresis_prev};
after_hysteresis_prev_prev <= after_hysteresis;
end
else
begin
- // 8 most significant bits of tag signal
- corr_i_out <= corr_i_accum[13:6];
- corr_q_out <= corr_q_accum[13:6];
+ // 8 bits of tag signal
+ corr_i_out <= corr_i_accum[11:4];
+ corr_q_out <= corr_q_accum[11:4];
end
corr_i_accum <= adc_d;
output dbg;
input shallow_modulation;
+// low frequency outputs, not relevant
+assign pwr_lo = 1'b0;
+assign pwr_oe2 = 1'b0;
+
// The high-frequency stuff. For now, for testing, just bring out the carrier,
// and allow the ARM to modulate it over the SSP.
reg pwr_hi;
reg pwr_oe1;
-reg pwr_oe2;
reg pwr_oe3;
reg pwr_oe4;
+
always @(ck_1356megb or ssp_dout or shallow_modulation)
begin
if(shallow_modulation)
begin
pwr_hi <= ck_1356megb;
- pwr_oe1 <= ~ssp_dout;
- pwr_oe2 <= ~ssp_dout;
- pwr_oe3 <= ~ssp_dout;
- pwr_oe4 <= 1'b0;
+ pwr_oe1 <= 1'b0;
+ pwr_oe3 <= 1'b0;
+ pwr_oe4 <= ~ssp_dout;
end
else
begin
pwr_hi <= ck_1356megb & ssp_dout;
pwr_oe1 <= 1'b0;
- pwr_oe2 <= 1'b0;
pwr_oe3 <= 1'b0;
pwr_oe4 <= 1'b0;
end
end
+
// Then just divide the 13.56 MHz clock down to produce appropriate clocks
// for the synchronous serial port.
assign ssp_din = after_hysteresis;
-assign pwr_lo = 1'b0;
assign dbg = ssp_din;
endmodule
free(sp);
}
-bool uart_receive(const serial_port sp, byte_t* pbtRx, size_t pszMaxRxLen, size_t* pszRxLen) {
- ReadFile(((serial_port_windows*)sp)->hPort,pbtRx,pszMaxRxLen,(LPDWORD)pszRxLen,NULL);
- return (*pszRxLen != 0);
+bool uart_receive(const serial_port sp, byte_t *pbtRx, size_t pszMaxRxLen, size_t *pszRxLen) {
+ return ReadFile(((serial_port_windows*)sp)->hPort, pbtRx, pszMaxRxLen, (LPDWORD)pszRxLen, NULL);
}
bool uart_send(const serial_port sp, const byte_t* pbtTx, const size_t szTxLen) {
DWORD dwTxLen = 0;
- return WriteFile(((serial_port_windows*)sp)->hPort,pbtTx,szTxLen,&dwTxLen,NULL);
- return (dwTxLen != 0);
+ return WriteFile(((serial_port_windows*)sp)->hPort, pbtTx, szTxLen, &dwTxLen, NULL);
}
bool uart_set_speed(serial_port sp, const uint32_t uiPortSpeed) {
projects / proxmark3-svn / commitdiff