* add a specific check function for static nonces in 'hf mf nested'
* uses a fixed nr_enc and does all the crypto operations on client
* for all possible keys calculate par_enc and ar_enc and send them to device
* CHANGELOG update
* use different data types for commands and responses
* use variable length responses
* maintain client/flasher compatibility with old format (e.g. when using old bootloader)
* maintain bootloader compatibility with old format (e.g. when using old or RRG flasher.exe)
* fix length of version string in appmain.c
* move cmd.[ch] and usb_cdc.[ch] to armsrc
* sorting out #includes
* replace byte_t by uint8_t
* some reformatting
* whitespace fixes
* (no functional changes)
* add loooong timeout for UPDATE command
* add flags FLAG_ICLASS_READER_INIT and FLAG_ICLASS_READER_CLEARTRACE
* don't overwrite trace buffer during 'hf iclass dump'
* fix long waiting time when start_time==0 in TransmitTo15693Tag()
* remove some additional debug prints
* refactoring: move helper functions from protocols.c to cmdhficlass.c
* add 'h' and '1' options to 'hf iclass reader' (from RRG repository)
* use correct key when only CreditKey is given in 'hf iclass dump'
* separate select_and_auth
* DropField() on errors
* dump last block in 'hf iclass dump'
* display correct memory size (number of blocks) in 'hf iclass reader' and dump
* more whitespace fixes
* don't do READCHECK when not trying to authenticate
* standard LED handling
* remove unused FLAG_ICLASS_READER_ONLY_ONCE and FLAG_ICLASS_READER_ONE_TRY
* sanity check for negative times in TransmitTo15693Tag()
* increase reader timeout for 'hf 15' functions to be enough for slot 7 answers to ACTALL
* add 'hf iclass permute' inspired by RRG repository
* whitespace fixes
* (PRs 233, 303, 304 by @ViRb3 on https://github.com/RfidResearchGroup/proxmark3)
* replace byte_t by uint8_t
* note that Hitag1 commands are not yet available
* whitespace fixes
* #define Hitag2 commands
* whitespace
* add EOF wait time
* add powerup wait time
* add "samples to skip" for lf config (mainly for lf snoop)
* add lf em 4x05protect command to write protection on em4x05 chips
* fix spacing
* and remove old comment git added back in..
* update changelog
* fix flags - only need 1 bit
* fix parity encryption (thanks to Eloff, http://www.proxmark.org/forum/viewtopic.php?id=6347)
* add support to simulate Mifare Mini, Mifare 2K and Mifare 4K
* change to standard LED handling (A: PM is working, B: reader is sending, C: tag is responding, D: HF field is on)
* NAK on unknown commands
* allow unencrypted HALT
* don't display messages during simulation (or we will miss next reader command)
* use DMA to receive reader command
* switch earlier from send to listen mode
* move ADC initializer to iso14443_setup
* remove remainders of incomplete Mifare 10Byte UID simulation
* show 'short' bytes (7Bits or 8Bits without parity) in 'hf list mf' and 'hf list 14a'
* whitespace
* Add raw HF signal plotting
* new fpga module hi_get_trace.v - store A/D converter output to circular buffer on FPGA
* new command 'hf plot' - pull data from FPGA and display it in Graph Window
* add PCSC interface (pcsc.c and pcsc.h)
* new command 'sc select' to choose an USB Smartcard Reader
* updated CI/.travis.yml accordingly
* remove TCK CRC check in i2c.c It is done in PrintATR() anyway
* Fix TCK CRC check in PrintATR()
* Add PCSC reader support to 'sc info'
* fixing hf 15: implement hf 15 snoop
* rename hf 15 record to hf 15 snoop
* speedup sampling / decoding:
* new FPGA mode FPGA_HF_READER_RX_XCORR_AMPLITUDE implements amplitude(ci, cq) on FPGA
* inlining the decoders in iso15693.c
* inlining memcpy/memset in LogTrace()
* giving up the moving correlator for SOF in Handle15693SamplesFromTag
* decode more of EOF in Handle15693SamplesFromTag()
* some refactoring
This involves a refactor to the arm HID code to allow for arbitrary
preambles (such as HID Proximity and Paradox).
The client also borrows from the HID code, but is not shared, so could
use a significant refactor in the future.
* support of HITAG S standard communication mode
* fixed wrong AC (Anti Collision) decoding
* support of block read mode
* fixed wrong uid send when using simulation
* support of communication mode parameter (client is backward compatible)
* support of start-page parameter (important for some weird tags) (client is backward compatible)
* also expect pages if tag memory size in con0 is 11 (we got some tags)
* corrected hitagS reader cmd help
* detect and use RDV40 higher voltage ADC channel for hw tune, hf tune, hw detectreader
* fix mode switching in hw detectreader
* detect Smartcard Slot in hw version
* i2c changes from https://github.com/RfidResearchGroup/proxmark3
* some formatting in proxmark3.h
* allow common makefile options-defines
* remove non-existing file references
* Uncomment lcd option (still) not enabled by default
use Makefile_Enabled_Options.common
to enable lcd if desired.
* Add Smartcard Functions
* add smartcard to menu + make get atr work
sc is now functioning as far as my limited knowledge takes me
* sc cleanup - add init to all sc commands...
because cmds won't work until the first init happens. (multiple inits
don't appear to affect it negatively)
* default options to exclude Smartcard
for main repo
* update changelog
* Legic: rewrite reader to use xcorrelation and precise timing
- Even tough Legic tags transmit just AM, receiving using
xcorrelation results in a significantly better signal
quality.
- Switching from bit bang to a hardware based ssc frees
up CPU time for other tasks e.g. prng and demodulation
- Having all times based on a fixed ts, results in perfect
rwd-tag synchronization without magic +/- calculations.
* hi_read_tx: remove jerry-riged hysteresis based receiver
- This feature got obsolete by a x-correlation based receiver.
* Legic: adjusted sampling to new ssp clock speed
- Sampling is 4 times faster and pipeline daly reduced to 1/4.
The new code samples each bit earyler to account for the
shorter pipeline. That introduced bit errors by leeking the
next bit into the current one.
* Legic: average 8 samples for better noise rejection.
* Update CHANGELOG.md
- Check button press when there is NOFIELD, so we can exit also without FIELD
- struct nonces_t is moved to include/mifare.h so client and arm has the same definition
This implements the attack described in
Carlo Meijer, Roel Verdult, "Ciphertext-only Cryptanalysis on Hardened
Mifare Classic Cards" in Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security, 2015
It uses precomputed tables for many bitflip properties (not only two as in the paper)
and is therefore quite efficient. To prevent failing it doesn't do
differential analysis with several nonce bytes' Sum(a8) properties (each of them
may be wrongly guessed) - instead it concentrates on one nonce byte and tries all
Sum(a8) property guesses sequentially (ordered by probability). The brute force phase
makes use of aczid's bit sliced brute forcer (https://github.com/aczid/crypto1_bs).
Includes runtime CPU-detection to leverage modern (and old) SIMD instructions
with a single executable.
This makes the PM3 generate pseudo-random nonces rather than sequential
nonces, to make it act a bit more like a "real" MFC card. A reader would
otherwise be able to detect the PM3 probing based on the predictable nonces
and throw different authentication challenges (or refuse to authenticate at
all).
The code includes an implementation of a rand-like function (prand), similar
to the one from libc, which is seeded automatically based on the time it
takes between the PM3 starting up and the first call to the RNG.
This isn't cryptographically random, but should be "good enough" to be able
to evade basic detection.
