marshmellow42 [Tue, 8 Aug 2017 19:08:59 +0000 (15:08 -0400)]
adjust lf simulation - fix one bug + attempt... (#369)
... to speed up the loops waiting for carrier signal to go high or low
by only checking for a halt (button press or usbpol) every 1000th loop
iteration.
some users were experiencing modulating reactions to be too slow.
add fsk cleaning / demod tool fsktonrz
- used old fskdemod for HID and adjusted it to build the tone tables for any fsk model detected or given. using the tone tables we are able to convert the fsk to clear strong NRZ/ASK even with very weak fsk waves.
- also fixed a small textual bug in `lf search u` output
- also added more graph clearing code to help ensure the demod overlay doesn't show when it shouldn't...
- and improved strong NRZ clock detection.
- fixed bugs in places it used old static values instead of dynamic read values. and removed redundant items.
Michael Farrell [Wed, 5 Jul 2017 18:22:02 +0000 (04:22 +1000)]
Refactoring uart interface (#341)
* uart: Major cleanups
- Adds documentation to the uart API.
- Fixes a buffer overflow issue in `uart_receive`, where the maximum parameter was ignored.
- Splits the maximum length and bytes recieved variables in `uart_receive`.
- Downsizes the receive buffer to the minimum required, saving 16MiB of RAM at runtime.
- Refactors the POSIX and Win32 implementations of uart into separate files.
- Removes the unused `uart_{get,set}_parity` functions, which were not implemented on Win32.
endless loop in reader if no tag was found
button press on pm3 did not cancel.
led_b was left on in some cases
also moved 14b detection to last in hf search to help speed up the
command for the other tags. 14b is slow (does multiple tests)
Thanks to @Fl0-0 and @pwpiwi for their idenfication of some of the
issues.
EM410x bruteforcing changes: Load the whole file at once, pause delay as parameter, stop the execution on key press and EM410x conversion to signal function.
pwpiwi [Tue, 27 Jun 2017 05:56:43 +0000 (07:56 +0200)]
hardnested: reduce disk space for tables (by > 700MBytes) and other minor changes
- compress tables
- minor changes to progress reporting
- free memory on aborts (@iceman1001)
marshmellow42 [Wed, 21 Jun 2017 20:51:22 +0000 (16:51 -0400)]
iclass - updates
clean up output
allow readblock without authenticating (can read blocks 0, 1, 2, 5
without authenticating.)
add Application Issuer Area to reader output and use it to attempt to
identify legacy vs NOT legacy.
marshmellow42 [Tue, 20 Jun 2017 22:25:08 +0000 (18:25 -0400)]
some coverity fixes plus fix fdx help (#328)
* coverity fixes
cmdhflegic- indications are the i in calls to data_buf[i] could = 1052
and overflow the array.
cmdhfmfhard - +1 to add space for string null terminator - should we add
the 0 terminator value too?
reveng.c - memory leak
util.c - fix potential overflow of array buf[]
util_posix.c - possible integer overflow
* fix help errors
* fix sprint_hex_ascii
again
and this function is not even used anywhere... yet...
marshmellow42 [Thu, 8 Jun 2017 21:07:14 +0000 (17:07 -0400)]
fix compile issues on OS X 10.11
OSX 10.11 does not have clock_gettime()
clang <= 8.0.0 has a bug in __builtin_cpu_supports() and it doesn't
function.
see https://llvm.org/bugs/show_bug.cgi?id=25510
pwpiwi [Tue, 6 Jun 2017 16:38:07 +0000 (18:38 +0200)]
fix compile errors on non-Intel CPUs:
- client/Makefile: don't compile for different SIMD instruction sets if non-Intel
- hardnested cores: provide non-SIMD versions of core functions
pwpiwi [Mon, 29 May 2017 08:56:37 +0000 (10:56 +0200)]
New: implementing hf mf hardnested
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.