iceman1001 [Tue, 17 Jan 2017 21:07:40 +0000 (22:07 +0100)]
ADD: 'lf t55xx detect' - added a search for known config blocks, if found it will select it. Usually when indala (psk) configured tags generates serveral possible configblocks. The found config block is set, not need to manually set it anymore. :)
iceman1001 [Mon, 16 Jan 2017 20:06:51 +0000 (21:06 +0100)]
CHG: lowered the number of bytes collected for T55xxReadBlock. Was 12000 -> 7679
CHG: added some documentation about what arguments does.
CHG: 'data tune' - added flush after printf.
iceman1001 [Mon, 16 Jan 2017 13:46:42 +0000 (14:46 +0100)]
CHG: 'lf t55xx' the no-time limit waiting for the device to ACK when transfering data from device to client, is changed to 8 seconds.
CHG: 'lf t55xx dump' - added ASCII printing of dumped data blocks.
iceman1001 [Wed, 11 Jan 2017 21:00:17 +0000 (22:00 +0100)]
FIX: 'hf 14a reader' - when card SAK was 0x00, it calls GetHF14AMfU_Type() to try to identify if it is a UL/NTAG etc. The bug is that it ignored the return value.
when return_value == UL_ERROR, it shall not print the mfu tagtype annotation.
iceman1001 [Tue, 10 Jan 2017 21:21:16 +0000 (22:21 +0100)]
CHG: 'hf iclass replay' added help text.
CHG: 'hf iclass snoop' added help text.
CHG: 'hf iclass reader' added help text.
ADD: 'hf iclass reader' added the possibility to read only one tag instead of looping.
CHG: 'sprint_hex_ascii' function now replaces unprintable chars with '.', added this call to printIclassDumpInfo
iceman1001 [Tue, 10 Jan 2017 17:23:05 +0000 (18:23 +0100)]
CHG: 'hf iclass decrypt' - adjusted the loops, to only decrypt Application 1. However I've noticed not all blocks in Application 1 is encrypted. :/ Still needs to be adjusted.
CHG: 'hf iclass reader' - added some output accessrights from the CopyReader source code.
And ofcourse, moved around stuff, like the usages in cmdhficlass.c
iceman1001 [Thu, 5 Jan 2017 14:55:19 +0000 (15:55 +0100)]
CHG: some indala output is now only in debug mode
CHG: added 34|37 bits AWID format. I'm guessing 37bit is wrong since the parity is still there. Which it shouldn't
iceman1001 [Mon, 19 Dec 2016 13:55:58 +0000 (14:55 +0100)]
CHG: 'lf awid brute' - extra check if device gotten offline
CHG: 'lf t55x7 brute' - extra check if device gotten offline
CHG: 'lf nedap' - Nedap is supposed to be Diphase.
iceman1001 [Fri, 16 Dec 2016 11:47:49 +0000 (12:47 +0100)]
ADD: 'LF VISA2000' added one checksum test when demod / clone / sim
CHG: 'LF NORALSY' when chksum fails, return 0, to indicate for LF SEARCH that it failed.
iceman1001 [Wed, 14 Dec 2016 22:23:16 +0000 (23:23 +0100)]
ADD: 'lf visa2000' commands. (SIM/CLONE/READ) almost finished.
CHG: 'lf xxxxx' reduced number of samples from 30000 -> 20000 in "lf xxxxxx read" commands.
CHG: 'data samples' - didn't honor the silent parameter. It now output less for the 'lf xxxxxx read' commands.
iceman1001 [Mon, 21 Nov 2016 15:08:12 +0000 (16:08 +0100)]
ADD: added the 'hf mf hardnested' to be called within LUA scripts.
ADD: 'script run hard' - a first try for a lua script to run the hardnested attack on a complete tag.
iceman1001 [Thu, 17 Nov 2016 17:20:44 +0000 (18:20 +0100)]
ADD: "analyse hid" - new function that implements the 'heart of darkness' hid/iclass permute function. Its converted from the php-solution found in the paper to C. Ref: https://github.com/akw0088/HID-Card-Copy/blob/master/key-permutation/permute.php
iceman1001 [Wed, 16 Nov 2016 17:16:14 +0000 (18:16 +0100)]
CHG: "hf mf hardnested" - fixes and additions.
- freeing candidate lists after generate_candidates calls.
- longer timeout when waiting for responses (it takes a while to collect 58 nonces per call) From 3sec to 6sec
- if best_first_byte[0] (best guess) has been the same for 3 nonces calls in a row, it enters the generate_candidates test.
- when total_added_nonces increases but does not enter generate_candidates tests, it now increases the threshold_index variable. Make the output look better
Known bugs still.
- TestIfKeyExists sometimes crashes the client, still after the null check.
- proxmark3 device doesn't answer calls after entering brute_force call and fails finding a key, where it should start collecting nonces again. This bug doesn't make sense.
iceman1001 [Tue, 15 Nov 2016 11:49:13 +0000 (12:49 +0100)]
CHG: "hf mf hardnested"
- latest clean up from @matrix
- the device still doesnt answer when brute_force call fails. I've been trying to get the device to init after the brute_force call.
iceman1001 [Mon, 14 Nov 2016 20:41:18 +0000 (21:41 +0100)]
FIX: 'LF PYRAMID' the crc8_MAXIM and crc16_DNP was calling the wrong crc method. (update2 is the older and correct version). This solves the pyrmid issue with wrong checksums calculated.
Thanks to @rookieatall @marshmellow42 for pointing out the bug. ref: http://www.proxmark.org/forum/viewtopic.php?id=4006
iceman1001 [Sat, 5 Nov 2016 13:54:25 +0000 (14:54 +0100)]
FIX: @matrix https://github.com/matrix/proxmark3/commit/869a03c2c6267db16cd1418b9e5f2b9049b9a015
it still counts down the good bytes,
and I fixed the elapsed time.