├── armsrc ├── obj │ └── .dummy ├── pcf7931.c ├── fonts.h ├── pcf7931.h ├── legicrf.h ├── iso14443b.h ├── mifarecmd.h ├── aes.h ├── printf.h ├── stdint.h ├── string.h ├── epa.h ├── mifaresniff.h ├── ldscript ├── optimized_cipher.h ├── util.h └── BigBuf.h ├── bootrom ├── obj │ └── .dummy ├── ram-reset.s ├── flash-reset.s └── ldscript-flash ├── client ├── obj │ ├── .dummy │ ├── loclass │ │ └── .dummy │ └── nonce2key │ │ └── .dummy ├── hid-flasher │ ├── obj │ │ └── .dummy │ ├── proxmark3.h │ ├── sleep.h │ ├── flash.h │ ├── proxusb.h │ ├── proxendian.h │ ├── Info.plist │ ├── Makefile │ └── elf.h ├── hitag2.ht2 ├── loclass │ ├── loclass_main.h │ ├── iclass_dump.bin │ └── cipher.h ├── scripts │ ├── tnp3sim.lua │ ├── test.lua │ ├── cmdline.lua │ ├── hf_read.lua │ ├── remagic.lua │ ├── parameters.lua │ ├── emul2dump.lua │ ├── htmldump.lua │ └── emul2html.lua ├── pm3_binlib.h ├── pm3_bitlib.h ├── pm3_bit_limits.h ├── cmdlfio.h ├── .history ├── unbind-proxmark ├── cmdhftopaz.h ├── cmdscript.h ├── cmdhf.h ├── cmdlfviking.h ├── cmdhfepa.h ├── cmdlfti.h ├── cmdlfpyramid.h ├── pm3_eml2mfd.py ├── cmdlfhid.h ├── cmdlfhitag.h ├── data.h ├── scripting.h ├── eml2UPPER.sh ├── eml2lower.sh ├── pm3_mfd2eml.py ├── cmdhf14a.h ├── data.c ├── guidummy.c ├── proxmark3.h ├── cmdhflegic.h ├── sleep.h ├── cmdlfpresco.h ├── ui.h ├── cmdhf14b.h ├── cmdmain.h ├── sleep.c ├── cmdlfawid.h ├── cmdhw.h ├── cmdhf15.h ├── gen_pm3mfsim_script.sh ├── cmdparser.h ├── flash.h ├── proxgui.h ├── cmdlf.h ├── cmdlfem4x.h ├── cmdlfpcf7931.h ├── default_pwd.dic ├── snooper.c ├── cmdhfmfu.h ├── proxendian.h ├── proxgui.cpp ├── nonce2key │ └── nonce2key.h ├── graph.h ├── cli.c ├── cmdhficlass.h ├── elf.h ├── proxguiqt.h ├── pm3_eml_mfd_test.py └── cmdhfmf.h ├── traces ├── modulation-data.dat └── README.txt ├── zlib ├── ChangeLog └── inffast.h ├── fpga ├── fpga_hf.bit ├── fpga_lf.bit ├── tests │ ├── tb_data │ │ ├── pcf7931_read_1MSA_data.in │ │ ├── pcf7931_read_1MSA_data.time │ │ ├── pcf7931_read_1MSA_data.high.gold │ │ ├── pcf7931_read_1MSA_data.low.gold │ │ ├── pcf7931_read_1MSA_data.lowz.gold │ │ ├── pcf7931_read_1MSA_data.max.gold │ │ ├── pcf7931_read_1MSA_data.min.gold │ │ ├── pcf7931_write1byte_1MSA_data.in │ │ ├── pcf7931_read_1MSA_data.highz.gold │ │ ├── pcf7931_write1byte_1MSA_data.time │ │ ├── pcf7931_read_1MSA_data.filtered.gold │ │ ├── pcf7931_write1byte_1MSA_data.low.gold │ │ ├── pcf7931_write1byte_1MSA_data.max.gold │ │ ├── pcf7931_write1byte_1MSA_data.min.gold │ │ ├── pcf7931_write1byte_1MSA_data.high.gold │ │ ├── pcf7931_write1byte_1MSA_data.highz.gold │ │ ├── pcf7931_write1byte_1MSA_data.lowz.gold │ │ └── pcf7931_write1byte_1MSA_data.filtered.gold │ ├── tb_lp20khz_1MSa_iir_filter.v │ ├── plot_edgedetect.py │ └── tb_min_max_tracker.v ├── xst_hf.scr ├── xst_lf.scr ├── util.v ├── clk_divider.v ├── lo_passthru.v ├── sim.tcl ├── testbed_fpga.v ├── Makefile ├── go.bat ├── hi_sniffer.v └── fpga.ucf ├── doc ├── proxmark3.brd ├── proxmark3.pdf ├── proxmark3.sch ├── proxmark3.xls ├── proxmark3_schema.pdf ├── RFID_Antenna-Basic-Form.stl ├── Proxmark III - Ubuntu GSG v1.pdf ├── Proxmark III - Windows 7 GSG v1.pdf ├── RFID_Antenna-With-Lanyard-Hook.stl ├── Proxmark III - Windows XP SP3 GSG v1.pdf └── Compiling Proxmark source and firmware upgrading v1.pdf ├── StandAloneModeDiagram.png ├── .gitattributes ├── pcb ├── lf-antenna │ ├── CAD │ │ └── lf-antenna.brd │ ├── MFG │ │ ├── lf-antenna_bot.pdf │ │ ├── lf-antenna_cam.zip │ │ └── lf-antenna_top.pdf │ ├── README.md │ └── CAM │ │ ├── lf-antenna.TXT │ │ ├── lf-antenna.dri │ │ └── lf-antenna.gpi ├── proxmark3_fix │ ├── BOT_layer_preview.png │ ├── IN1_layer_preview.png │ ├── IN2_layer_preview.png │ ├── MFG │ │ ├── proxmark3_IN1.pdf │ │ ├── proxmark3_IN2.pdf │ │ ├── proxmark3_bot.pdf │ │ ├── proxmark3_cam.zip │ │ ├── proxmark3_sch.pdf │ │ └── proxmark3_top.pdf │ ├── TOP_layer_preview.png │ ├── README.md │ ├── CAM │ │ ├── README.txt │ │ └── proxmark3.dri │ └── CAD │ │ └── change_log.txt └── proxmark3_original_cad_cam_zip_files │ ├── proxmark3-eagle.zip │ ├── proxmark3-mfgr-data.zip │ └── README.md ├── liblua ├── lua.hpp ├── lapi.h ├── lundump.h ├── lfunc.h ├── ldebug.h ├── lualib.h ├── ltm.h ├── ltable.h ├── lstring.h ├── lvm.h ├── ldo.h ├── lzio.h ├── lzio.c ├── linit.c └── lmem.h ├── tools ├── mfkey │ └── Makefile ├── nonce2key │ ├── Makefile │ └── nonce2key.c ├── srecswap.pl ├── at91sam7s256-jtagkey.cfg ├── at91sam7s256-armusbocd.cfg ├── at91sam7s256-wiggler.cfg ├── at91sam7s256-armusbocd-flash-program.cfg ├── mkversion.pl ├── at91sam7s512-jtagkey.cfg ├── xorcheck.py └── findbits_test.py ├── common ├── default_version.c ├── crc64.h ├── crc32.h ├── crc16.h ├── crc32.c ├── legic_prng.c ├── iso14443crc.h ├── ldscript.common ├── crc.c ├── iso14443crc.c ├── crc.h ├── crc16.c └── cmd.h ├── .gitignore ├── recovery └── Makefile ├── driver ├── 77-mm-usb-device-blacklist.rules └── proxmark3.inf ├── include ├── legic_prng.h ├── common.h ├── mifare.h ├── hitag2.h ├── config_gpio.h └── hitagS.h ├── CHANGELOG.md └── Makefile /armsrc/obj/.dummy: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /bootrom/obj/.dummy: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /client/obj/.dummy: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /client/obj/loclass/.dummy: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /client/obj/nonce2key/.dummy: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /client/hid-flasher/obj/.dummy: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /traces/modulation-data.dat: -------------------------------------------------------------------------------- 1 |  2 | -------------------------------------------------------------------------------- /zlib/ChangeLog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/zlib/ChangeLog -------------------------------------------------------------------------------- /armsrc/pcf7931.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/armsrc/pcf7931.c -------------------------------------------------------------------------------- /fpga/fpga_hf.bit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/fpga_hf.bit -------------------------------------------------------------------------------- /fpga/fpga_lf.bit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/fpga_lf.bit -------------------------------------------------------------------------------- /client/hitag2.ht2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/client/hitag2.ht2 -------------------------------------------------------------------------------- /doc/proxmark3.brd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/proxmark3.brd -------------------------------------------------------------------------------- /doc/proxmark3.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/proxmark3.pdf -------------------------------------------------------------------------------- /doc/proxmark3.sch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/proxmark3.sch -------------------------------------------------------------------------------- /doc/proxmark3.xls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/proxmark3.xls -------------------------------------------------------------------------------- /client/loclass/loclass_main.h: -------------------------------------------------------------------------------- 1 | #ifndef LOCLASS_MAIN_H 2 | #define LOCLASS_MAIN_H 3 | 4 | #endif // LOCLASS_MAIN_H 5 | -------------------------------------------------------------------------------- /doc/proxmark3_schema.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/proxmark3_schema.pdf -------------------------------------------------------------------------------- /StandAloneModeDiagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/StandAloneModeDiagram.png -------------------------------------------------------------------------------- /client/scripts/tnp3sim.lua: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/client/scripts/tnp3sim.lua -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # .gitattributes 2 | # prevent binary files from CRLF handling, diff and merge: 3 | fpga/fpga.bit -crlf -diff 4 | -------------------------------------------------------------------------------- /client/loclass/iclass_dump.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/client/loclass/iclass_dump.bin -------------------------------------------------------------------------------- /doc/RFID_Antenna-Basic-Form.stl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/RFID_Antenna-Basic-Form.stl -------------------------------------------------------------------------------- /pcb/lf-antenna/CAD/lf-antenna.brd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/lf-antenna/CAD/lf-antenna.brd -------------------------------------------------------------------------------- /doc/Proxmark III - Ubuntu GSG v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/Proxmark III - Ubuntu GSG v1.pdf -------------------------------------------------------------------------------- /doc/Proxmark III - Windows 7 GSG v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/Proxmark III - Windows 7 GSG v1.pdf -------------------------------------------------------------------------------- /doc/RFID_Antenna-With-Lanyard-Hook.stl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/RFID_Antenna-With-Lanyard-Hook.stl -------------------------------------------------------------------------------- /pcb/lf-antenna/MFG/lf-antenna_bot.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/lf-antenna/MFG/lf-antenna_bot.pdf -------------------------------------------------------------------------------- /pcb/lf-antenna/MFG/lf-antenna_cam.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/lf-antenna/MFG/lf-antenna_cam.zip -------------------------------------------------------------------------------- /pcb/lf-antenna/MFG/lf-antenna_top.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/lf-antenna/MFG/lf-antenna_top.pdf -------------------------------------------------------------------------------- /pcb/proxmark3_fix/BOT_layer_preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/BOT_layer_preview.png -------------------------------------------------------------------------------- /pcb/proxmark3_fix/IN1_layer_preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/IN1_layer_preview.png -------------------------------------------------------------------------------- /pcb/proxmark3_fix/IN2_layer_preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/IN2_layer_preview.png -------------------------------------------------------------------------------- /pcb/proxmark3_fix/MFG/proxmark3_IN1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/MFG/proxmark3_IN1.pdf -------------------------------------------------------------------------------- /pcb/proxmark3_fix/MFG/proxmark3_IN2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/MFG/proxmark3_IN2.pdf -------------------------------------------------------------------------------- /pcb/proxmark3_fix/MFG/proxmark3_bot.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/MFG/proxmark3_bot.pdf -------------------------------------------------------------------------------- /pcb/proxmark3_fix/MFG/proxmark3_cam.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/MFG/proxmark3_cam.zip -------------------------------------------------------------------------------- /pcb/proxmark3_fix/MFG/proxmark3_sch.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/MFG/proxmark3_sch.pdf -------------------------------------------------------------------------------- /pcb/proxmark3_fix/MFG/proxmark3_top.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/MFG/proxmark3_top.pdf -------------------------------------------------------------------------------- /pcb/proxmark3_fix/TOP_layer_preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_fix/TOP_layer_preview.png -------------------------------------------------------------------------------- /doc/Proxmark III - Windows XP SP3 GSG v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/Proxmark III - Windows XP SP3 GSG v1.pdf -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.in -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.time: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.time -------------------------------------------------------------------------------- /pcb/lf-antenna/README.md: -------------------------------------------------------------------------------- 1 | LF antenna CAD / CAM / MFG files. Put here as it was in the original zip file too. Didn't modified the layout file, only CAM generation. -------------------------------------------------------------------------------- /client/pm3_binlib.h: -------------------------------------------------------------------------------- 1 | #ifndef PM3_BINLIB 2 | #define PM3_BINLIB 3 | 4 | #include 5 | int set_bin_library (lua_State *L); 6 | 7 | #endif /* PM3_BINLIB */ 8 | -------------------------------------------------------------------------------- /client/pm3_bitlib.h: -------------------------------------------------------------------------------- 1 | #ifndef PM3_BITLIB 2 | #define PM3_BITLIB 3 | 4 | #include 5 | int set_bit_library (lua_State *L); 6 | 7 | #endif /* PM3_BITLIB */ 8 | -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.high.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.high.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.low.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.low.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.lowz.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.lowz.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.max.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.max.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.min.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.min.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.in -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.highz.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.highz.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.time: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.time -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_read_1MSA_data.filtered.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_read_1MSA_data.filtered.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.low.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.low.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.max.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.max.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.min.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.min.gold -------------------------------------------------------------------------------- /doc/Compiling Proxmark source and firmware upgrading v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/doc/Compiling Proxmark source and firmware upgrading v1.pdf -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.high.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.high.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.highz.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.highz.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.lowz.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.lowz.gold -------------------------------------------------------------------------------- /fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.filtered.gold: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/fpga/tests/tb_data/pcf7931_write1byte_1MSA_data.filtered.gold -------------------------------------------------------------------------------- /pcb/proxmark3_original_cad_cam_zip_files/proxmark3-eagle.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_original_cad_cam_zip_files/proxmark3-eagle.zip -------------------------------------------------------------------------------- /fpga/xst_hf.scr: -------------------------------------------------------------------------------- 1 | run -ifn fpga_hf.v -ifmt Verilog -ofn fpga_hf.ngc -ofmt NGC -p xc2s30-5-vq100 -top fpga_hf -opt_mode area -opt_level 2 -resource_sharing yes -fsm_style bram -fsm_encoding compact 2 | -------------------------------------------------------------------------------- /fpga/xst_lf.scr: -------------------------------------------------------------------------------- 1 | run -ifn fpga_lf.v -ifmt Verilog -ofn fpga_lf.ngc -ofmt NGC -p xc2s30-5-vq100 -top fpga_lf -opt_mode area -opt_level 2 -resource_sharing yes -fsm_style bram -fsm_encoding compact 2 | -------------------------------------------------------------------------------- /pcb/proxmark3_original_cad_cam_zip_files/proxmark3-mfgr-data.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/exploitagency/hid1000-bruteforce/master/pcb/proxmark3_original_cad_cam_zip_files/proxmark3-mfgr-data.zip -------------------------------------------------------------------------------- /client/pm3_bit_limits.h: -------------------------------------------------------------------------------- 1 | #define BITLIB_FLOAT_BITS 53 2 | #define BITLIB_FLOAT_MAX 0xfffffffffffffL 3 | #define BITLIB_FLOAT_MIN (-0x10000000000000L) 4 | #define BITLIB_FLOAT_UMAX 0x1fffffffffffffUL 5 | -------------------------------------------------------------------------------- /pcb/proxmark3_fix/README.md: -------------------------------------------------------------------------------- 1 | Corrected Eagle layout files and re-generated CAM files. DRC checked (via eurocircuits.com 's PCB visualizer too) no problems found, ready to production! 2 | 3 | Please find the change list in the CAD folder text file. -------------------------------------------------------------------------------- /liblua/lua.hpp: -------------------------------------------------------------------------------- 1 | // lua.hpp 2 | // Lua header files for C++ 3 | // <> not supplied automatically because Lua also compiles as C++ 4 | 5 | extern "C" { 6 | #include "lua.h" 7 | #include "lualib.h" 8 | #include "lauxlib.h" 9 | } 10 | -------------------------------------------------------------------------------- /client/cmdlfio.h: -------------------------------------------------------------------------------- 1 | // Low frequency Kantech commands 2 | //----------------------------------------------------------------------------- 3 | 4 | #ifndef CMDLFIO_H__ 5 | #define CMDLFIO_H__ 6 | 7 | int CmdLFIO(const char *Cmd); 8 | 9 | int CmdIODemodFSK(const char *Cmd); 10 | 11 | #endif 12 | -------------------------------------------------------------------------------- /client/scripts/test.lua: -------------------------------------------------------------------------------- 1 | local foo = "This shows how to use some standard libraries" 2 | print(foo) 3 | local answer 4 | repeat 5 | io.write("Continue with this operation (y/n)? ") 6 | io.flush() 7 | answer=io.read() 8 | until answer=="y" or answer=="n" 9 | local x = "Ok then, %s" 10 | print (x:format("whatever")) -------------------------------------------------------------------------------- /pcb/proxmark3_original_cad_cam_zip_files/README.md: -------------------------------------------------------------------------------- 1 | These files are downloaded from here: http://cq.cx/proxmark3.pl 2 | 3 | These are the original, non-modified parts. 4 | 5 | What I've noticed that there are problems with the stop mask layers (via and component silkscreen print) This is what I'm going to modify in my cad / cam version. -------------------------------------------------------------------------------- /client/.history: -------------------------------------------------------------------------------- 1 | exit 2 | exit 3 | exit 4 | exit 5 | exit 6 | exit 7 | lf detec 8 | lf search 9 | lf search 10 | lf search 11 | lf search 12 | hf search 13 | lf search 14 | lf hid clone 15 | lf hid clone 2c0d636b98 16 | lf search 17 | lf hid clone 3c0d636b98 18 | lf search 19 | lf hid clone 2d0d636b98 20 | lf search 21 | lf search 22 | lf search 23 | -------------------------------------------------------------------------------- /tools/mfkey/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | LD = gcc 3 | CFLAGS = -Wall -Winline -O4 4 | LDFLAGS = 5 | 6 | OBJS = crapto1.o crypto1.o 7 | HEADERS = 8 | EXES = mfkey64 mfkey32 9 | LIBS = 10 | 11 | all: $(OBJS) $(EXES) $(LIBS) 12 | 13 | % : %.c $(OBJS) 14 | $(LD) $(CFLAGS) -o $@ $< $(OBJS) $(LDFLAGS) 15 | 16 | clean: 17 | rm -f $(OBJS) $(EXES) $(LIBS) 18 | -------------------------------------------------------------------------------- /pcb/lf-antenna/CAM/lf-antenna.TXT: -------------------------------------------------------------------------------- 1 | % 2 | M48 3 | M72 4 | T01C0.0394 5 | T02C0.1299 6 | % 7 | T01 8 | X42938Y20014 9 | X42938Y21196 10 | X42855Y18105 11 | X27105Y20605 12 | X26355Y20605 13 | X42855Y23105 14 | T02 15 | X20605Y20605 16 | X17605Y20605 17 | X20605Y23605 18 | X20605Y17605 19 | X23605Y20605 20 | X18484Y18484 21 | X22726Y18484 22 | X22726Y22726 23 | X18484Y22726 24 | M30 25 | -------------------------------------------------------------------------------- /client/scripts/cmdline.lua: -------------------------------------------------------------------------------- 1 | print("This is how a cmd-line interface could be implemented\nPrint 'exit' to exit.\n") 2 | local answer 3 | repeat 4 | io.write("$>") 5 | io.flush() 6 | answer=io.read() 7 | if answer ~= 'exit' then 8 | local func = assert(loadstring("return " .. answer)) 9 | io.write("\n"..tostring(func() or "").."\n"); 10 | end--]] 11 | until answer=="exit" 12 | print("Bye\n"); 13 | -------------------------------------------------------------------------------- /client/scripts/hf_read.lua: -------------------------------------------------------------------------------- 1 | local reader = require('hf_reader') 2 | 3 | local function main(args) 4 | print("WORK IN PROGRESS - not expected to be functional yet") 5 | info, err = reader.waitForTag() 6 | 7 | if err then 8 | print(err) 9 | return 10 | end 11 | local k,v 12 | print("Tag info") 13 | for k,v in pairs(info) do 14 | print(string.format(" %s : %s", tostring(k), tostring(v))) 15 | end 16 | return 17 | end 18 | main(args) -------------------------------------------------------------------------------- /tools/nonce2key/Makefile: -------------------------------------------------------------------------------- 1 | CC = gcc 2 | LD = gcc 3 | CFLAGS = -Wall -O4 -c 4 | LDFLAGS = 5 | 6 | OBJS = crypto1.o crapto1.o 7 | HEADERS = crapto1.h 8 | EXES = nonce2key 9 | 10 | all: $(OBJS) $(EXES) 11 | 12 | %.o : %.c 13 | $(CC) $(CFLAGS) -o $@ $< 14 | 15 | % : %.c 16 | $(LD) $(LDFLAGS) -o $@ $(OBJS) $< 17 | 18 | crypto1test: libnfc $(OBJS) 19 | $(LD) $(LDFLAGS) -o crypto1test crypto1test.c $(OBJS) 20 | 21 | clean: 22 | rm -f $(OBJS) $(EXES) 23 | -------------------------------------------------------------------------------- /common/default_version.c: -------------------------------------------------------------------------------- 1 | #include "proxmark3.h" 2 | /* This is the default version.c file that Makefile.common falls back to if perl is not available */ 3 | const struct version_information __attribute__((section(".version_information"))) version_information = { 4 | VERSION_INFORMATION_MAGIC, 5 | 1, /* version 1 */ 6 | 0, /* version information not present */ 7 | 2, /* cleanliness couldn't be determined */ 8 | /* Remaining fields: zero */ 9 | }; 10 | -------------------------------------------------------------------------------- /zlib/inffast.h: -------------------------------------------------------------------------------- 1 | /* inffast.h -- header to use inffast.c 2 | * Copyright (C) 1995-2003, 2010 Mark Adler 3 | * For conditions of distribution and use, see copyright notice in zlib.h 4 | */ 5 | 6 | /* WARNING: this file should *not* be used by applications. It is 7 | part of the implementation of the compression library and is 8 | subject to change. Applications should only use zlib.h. 9 | */ 10 | 11 | void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start)); 12 | -------------------------------------------------------------------------------- /client/unbind-proxmark: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | for i in /sys/bus/usb/devices/*; do 4 | if grep "9ac4" "${i}/idVendor" >/dev/null 2>&1; then 5 | echo "Found Proxmark..." 6 | dev=`basename "${i}"` 7 | 8 | for j in /sys/bus/usb/drivers/usbhid/*; do 9 | if basename "${j}"|grep "^${dev}" >/dev/null; then 10 | bound="`basename "${j}"`" 11 | echo "Unbinding ${bound}..." 12 | echo -n "${bound}" >/sys/bus/usb/drivers/usbhid/unbind 13 | fi 14 | done 15 | fi 16 | done 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # .gitignore 2 | # don't push these files to the repository 3 | 4 | *.log 5 | *.eml 6 | *.o 7 | *.a 8 | *.d 9 | *.elf 10 | *.s19 11 | *.map 12 | *.bin 13 | *.dll 14 | *.moc.cpp 15 | *.exe 16 | proxmark 17 | proxmark3 18 | flasher 19 | version.c 20 | lua 21 | luac 22 | 23 | fpga/* 24 | !fpga/tests 25 | !fpga/fpga_lf.bit 26 | !fpga/fpga_hf.bit 27 | !fpga/*.v 28 | !fpga/Makefile 29 | !fpga/fpga.ucf 30 | !fpga/xst_lf.scr 31 | !fpga/xst_hf.scr 32 | !fpga/go.bat 33 | !fpga/sim.tcl 34 | 35 | 36 | -------------------------------------------------------------------------------- /recovery/Makefile: -------------------------------------------------------------------------------- 1 | include ../common/Makefile.common 2 | 3 | BINS = bootrom.bin fullimage.bin proxmark3_recovery.bin 4 | 5 | all: $(BINS) 6 | 7 | bootrom.bin: ../bootrom/obj/bootrom.elf 8 | $(OBJCOPY) --gap-fill=0xff --pad-to 0x00102000 -O binary $^ $@ 9 | 10 | fullimage.bin: ../armsrc/obj/fullimage.elf 11 | $(OBJCOPY) --gap-fill=0xff -O binary $^ $@ 12 | 13 | proxmark3_recovery.bin: bootrom.bin fullimage.bin 14 | cat bootrom.bin fullimage.bin > $@ 15 | 16 | clean: 17 | rm -f $(BINS) 18 | 19 | -------------------------------------------------------------------------------- /common/crc64.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // CRC64 ECMA 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __CRC64_H 10 | #define __CRC64_H 11 | 12 | void crc64 (const uint8_t *data, const size_t len, uint64_t *crc) ; 13 | 14 | #endif 15 | -------------------------------------------------------------------------------- /client/cmdhftopaz.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2015 Piwi 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // High frequency Topaz (NFC Type 1) commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHFTOPAZ_H__ 12 | #define CMDHFTOPAZ_H__ 13 | 14 | int CmdHFTopaz(const char *Cmd); 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /liblua/lapi.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lapi.h,v 2.7 2009/11/27 15:37:59 roberto Exp $ 3 | ** Auxiliary functions from Lua API 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef lapi_h 8 | #define lapi_h 9 | 10 | 11 | #include "llimits.h" 12 | #include "lstate.h" 13 | 14 | #define api_incr_top(L) {L->top++; api_check(L, L->top <= L->ci->top, \ 15 | "stack overflow");} 16 | 17 | #define adjustresults(L,nres) \ 18 | { if ((nres) == LUA_MULTRET && L->ci->top < L->top) L->ci->top = L->top; } 19 | 20 | #define api_checknelems(L,n) api_check(L, (n) < (L->top - L->ci->func), \ 21 | "not enough elements in the stack") 22 | 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /armsrc/fonts.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // Fonts for the LCD 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __FONTS_H 10 | #define __FONTS_H 11 | 12 | extern const char FONT6x8[97][8]; 13 | extern const char FONT8x8F[97][8]; 14 | extern const char FONT8x16[97][16]; 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /driver/77-mm-usb-device-blacklist.rules: -------------------------------------------------------------------------------- 1 | # Proxmark3 linux modem-manager de-confliction file 2 | # 3 | # copy this file to /etc/udev/rules.d (or add the entry to the end of an existing file) 4 | # and restart udev hotplug: 5 | # 6 | # 'sudo udevadm control --reload-rules' 7 | # 8 | 9 | # proxmark3 10 | ACTION!="add|change", GOTO="mm_usb_device_blacklist_end" 11 | SUBSYSTEM!="tty", GOTO="mm_ignore" 12 | 13 | ATTRS{idVendor}=="2d2d" ATTRS{idProduct}=="504d", ENV{ID_MM_DEVICE_IGNORE}="1" SYMLINK+="pm3-%n" 14 | 15 | LABEL="mm_ignore" 16 | ATTRS{idVendor}=="2d2d" ATTRS{idProduct}=="504d", ENV{ID_MM_DEVICE_IGNORE}="1" 17 | 18 | LABEL="mm_usb_device_blacklist_end" 19 | -------------------------------------------------------------------------------- /common/crc32.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // CRC32 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __CRC32_H 10 | #define __CRC32_H 11 | 12 | void crc32 (const uint8_t *data, const size_t len, uint8_t *crc); 13 | void crc32_append (uint8_t *data, const size_t len); 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /bootrom/ram-reset.s: -------------------------------------------------------------------------------- 1 | @----------------------------------------------------------------------------- 2 | @ This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | @ at your option, any later version. See the LICENSE.txt file for the text of 4 | @ the license. 5 | @----------------------------------------------------------------------------- 6 | @ RAM reset vector for relaunching the bootloader 7 | @----------------------------------------------------------------------------- 8 | 9 | .extern BootROM 10 | 11 | .section .startphase2,"ax" 12 | 13 | .arm 14 | 15 | .global ram_start 16 | ram_start: 17 | ldr sp, =_stack_end 18 | bl BootROM 19 | 20 | .ltorg 21 | -------------------------------------------------------------------------------- /client/cmdscript.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2013 m h swende 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Some lua scripting glue to proxmark core. 9 | //----------------------------------------------------------------------------- 10 | 11 | 12 | #ifndef CMDSCRIPT_H__ 13 | #define CMDSCRIPT_H__ 14 | 15 | 16 | int CmdScript(const char *Cmd); 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /armsrc/pcf7931.h: -------------------------------------------------------------------------------- 1 | #ifndef __PCF7931_H 2 | #define __PCF7931_H 3 | 4 | int DemodPCF7931(uint8_t **outBlocks); 5 | int IsBlock0PCF7931(uint8_t *Block); 6 | int IsBlock1PCF7931(uint8_t *Block); 7 | void ReadPCF7931(); 8 | void SendCmdPCF7931(uint32_t * tab); 9 | bool AddBytePCF7931(uint8_t byte, uint32_t * tab, int32_t l, int32_t p); 10 | bool AddBitPCF7931(bool b, uint32_t * tab, int32_t l, int32_t p); 11 | bool AddPatternPCF7931(uint32_t a, uint32_t b, uint32_t c, uint32_t * tab); 12 | void WritePCF7931(uint8_t pass1, uint8_t pass2, uint8_t pass3, uint8_t pass4, uint8_t pass5, uint8_t pass6, uint8_t pass7, uint16_t init_delay, int32_t l, int32_t p, uint8_t address, uint8_t byte, uint8_t data); 13 | 14 | #endif 15 | -------------------------------------------------------------------------------- /client/cmdhf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // High frequency commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHF_H__ 12 | #define CMDHF_H__ 13 | 14 | int CmdHF(const char *Cmd); 15 | int CmdHFTune(const char *Cmd); 16 | int CmdHFList(const char *Cmd); 17 | #endif 18 | -------------------------------------------------------------------------------- /tools/srecswap.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | # endian-swap S records; we need this because the JTAG tools we're using 4 | # expect the memory image in byte-swapped format 5 | # 6 | # Jonathan Westhues, April 2004 7 | 8 | if(@ARGV == 0) { 9 | die "usage: $0 file-to-endian-swap.s19 > out.s19\n"; 10 | } 11 | 12 | while(<>) { 13 | chomp; 14 | 15 | if(/^S0/) { 16 | next; 17 | } 18 | if(/^S7/) { 19 | print "$_\n"; 20 | next; 21 | } 22 | 23 | if(not /^S3(..)(........)(.*)(..)$/) { 24 | die "bad S record at line $.\n"; 25 | } 26 | 27 | $data = $3; 28 | $checksum = $4; 29 | 30 | print "S3$1$2"; 31 | while($data =~ m#(..)(..)(..)(..)#g) { 32 | print "$4$3$2$1"; 33 | } 34 | print "$checksum\n"; 35 | } 36 | -------------------------------------------------------------------------------- /client/cmdlfviking.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // 3 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 4 | // at your option, any later version. See the LICENSE.txt file for the text of 5 | // the license. 6 | //----------------------------------------------------------------------------- 7 | // Low frequency T55xx commands 8 | //----------------------------------------------------------------------------- 9 | #ifndef CMDLFVIKING_H__ 10 | #define CMDLFVIKING_H__ 11 | int CmdLFViking(const char *Cmd); 12 | int CmdVikingRead(const char *Cmd); 13 | int CmdVikingClone(const char *Cmd); 14 | int CmdVikingSim(const char *Cmd); 15 | #endif 16 | 17 | -------------------------------------------------------------------------------- /client/hid-flasher/proxmark3.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2009 Michael Gernoth 3 | // Copyright (C) 2010 iZsh 4 | // 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | // at your option, any later version. See the LICENSE.txt file for the text of 7 | // the license. 8 | //----------------------------------------------------------------------------- 9 | // Main binary 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef PROXMARK3_H__ 13 | #define PROXMARK3_H__ 14 | 15 | #define PROXPROMPT "proxmark3> " 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /client/cmdhfepa.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2012 Frederik Möllers 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Commands related to the German electronic Identification Card 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHFEPA_H__ 12 | #define CMDHFEPA_H__ 13 | 14 | int CmdHFEPA(const char *Cmd); 15 | 16 | int CmdHFEPACollectPACENonces(const char *Cmd); 17 | 18 | #endif // CMDHFEPA_H__ 19 | -------------------------------------------------------------------------------- /include/legic_prng.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // LEFIC's obfuscation function 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __LEGIC_PRNG_H 10 | #define __LEGIC_PRNG_H 11 | 12 | #include 13 | extern void legic_prng_init(uint8_t init); 14 | extern void legic_prng_forward(int count); 15 | extern int legic_prng_count(); 16 | extern uint8_t legic_prng_get_bit(); 17 | 18 | #endif 19 | 20 | -------------------------------------------------------------------------------- /client/cmdlfti.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Low frequency TI commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDLFTI_H__ 12 | #define CMDLFTI_H__ 13 | 14 | int CmdLFTI(const char *Cmd); 15 | 16 | int CmdTIDemod(const char *Cmd); 17 | int CmdTIRead(const char *Cmd); 18 | int CmdTIWrite(const char *Cmd); 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /client/cmdlfpyramid.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // 3 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 4 | // at your option, any later version. See the LICENSE.txt file for the text of 5 | // the license. 6 | //----------------------------------------------------------------------------- 7 | // Low frequency T55xx commands 8 | //----------------------------------------------------------------------------- 9 | #ifndef CMDLFPYRAMID_H__ 10 | #define CMDLFPYRAMID_H__ 11 | 12 | int CmdLFPyramid(const char *Cmd); 13 | int CmdPyramidClone(const char *Cmd); 14 | int CmdPyramidSim(const char *Cmd); 15 | 16 | int usage_lf_pyramid_clone(void); 17 | int usage_lf_pyramid_sim(void); 18 | #endif 19 | 20 | -------------------------------------------------------------------------------- /client/pm3_eml2mfd.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | ''' 4 | # Andrei Costin , 2011 5 | # pm3_eml2mfd.py 6 | # Converts PM3 Mifare Classic emulator EML text file to MFD binary dump file 7 | ''' 8 | 9 | from __future__ import with_statement 10 | import sys 11 | import binascii 12 | 13 | def main(argv): 14 | argc = len(argv) 15 | if argc < 3: 16 | print 'Usage:', argv[0], 'input.eml output.mfd' 17 | sys.exit(1) 18 | 19 | with file(argv[1], "r") as file_inp, file(argv[2], "wb") as file_out: 20 | for line in file_inp: 21 | line = line.rstrip('\n').rstrip('\r') 22 | print line 23 | data = binascii.unhexlify(line) 24 | file_out.write(data) 25 | 26 | if __name__ == '__main__': 27 | main(sys.argv) 28 | -------------------------------------------------------------------------------- /fpga/util.v: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // General-purpose miscellany. 3 | // 4 | // Jonathan Westhues, April 2006. 5 | //----------------------------------------------------------------------------- 6 | 7 | module mux8(sel, y, x0, x1, x2, x3, x4, x5, x6, x7); 8 | input [2:0] sel; 9 | input x0, x1, x2, x3, x4, x5, x6, x7; 10 | output y; 11 | reg y; 12 | 13 | always @(x0 or x1 or x2 or x3 or x4 or x5 or x6 or x7 or sel) 14 | begin 15 | case (sel) 16 | 3'b000: y = x0; 17 | 3'b001: y = x1; 18 | 3'b010: y = x2; 19 | 3'b011: y = x3; 20 | 3'b100: y = x4; 21 | 3'b101: y = x5; 22 | 3'b110: y = x6; 23 | 3'b111: y = x7; 24 | endcase 25 | end 26 | 27 | endmodule 28 | -------------------------------------------------------------------------------- /armsrc/legicrf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // (c) 2009 Henryk Plötz 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // LEGIC RF emulation public interface 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef __LEGICRF_H 12 | #define __LEGICRF_H 13 | 14 | extern void LegicRfSimulate(int phase, int frame, int reqresp); 15 | extern int LegicRfReader(int bytes, int offset); 16 | extern void LegicRfWriter(int bytes, int offset); 17 | 18 | #endif /* __LEGICRF_H */ 19 | -------------------------------------------------------------------------------- /client/cmdlfhid.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Low frequency HID commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDLFHID_H__ 12 | #define CMDLFHID_H__ 13 | 14 | int CmdLFHID(const char *Cmd); 15 | //int CmdHIDDemod(const char *Cmd); 16 | int CmdHIDDemodFSK(const char *Cmd); 17 | int CmdHIDSim(const char *Cmd); 18 | int CmdHIDClone(const char *Cmd); 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /client/cmdlfhitag.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2012 Roel Verdult 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Low frequency Hitag support 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDLFHITAG_H__ 12 | #define CMDLFHITAG_H__ 13 | 14 | int CmdLFHitag(const char *Cmd); 15 | 16 | int CmdLFHitagList(const char *Cmd); 17 | int CmdLFHitagSnoop(const char *Cmd); 18 | int CmdLFHitagSim(const char *Cmd); 19 | int CmdLFHitagReader(const char *Cmd); 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /client/data.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Data utilities 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef DATA_H__ 12 | #define DATA_H__ 13 | 14 | #include 15 | 16 | #define FILE_PATH_SIZE 1000 17 | 18 | extern uint8_t* sample_buf; 19 | #define arraylen(x) (sizeof(x)/sizeof((x)[0])) 20 | 21 | void GetFromBigBuf(uint8_t *dest, int bytes, int start_index); 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /client/hid-flasher/sleep.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // platform-independant sleep macros 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef SLEEP_H__ 12 | #define SLEEP_H__ 13 | 14 | #ifdef WIN32 15 | #include 16 | #define sleep(n) Sleep(1000 * n) 17 | #define msleep(n) Sleep(n) 18 | #else 19 | #include 20 | #define msleep(n) usleep(1000 * n) 21 | #endif 22 | 23 | #endif 24 | 25 | -------------------------------------------------------------------------------- /tools/at91sam7s256-jtagkey.cfg: -------------------------------------------------------------------------------- 1 | #define our ports 2 | telnet_port 4444 3 | gdb_port 3333 4 | 5 | #commands specific to the Amontec JTAGKey 6 | interface ft2232 7 | ft2232_device_desc "Amontec JTAGkey A" 8 | ft2232_layout jtagkey 9 | ft2232_vid_pid 0x0403 0xcff8 10 | jtag_khz 200 11 | jtag_nsrst_delay 200 12 | jtag_ntrst_delay 200 13 | 14 | #reset_config [combination] [trst_type] [srst_type] 15 | reset_config srst_only srst_pulls_trst 16 | 17 | jtag newtap sam7x256 cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x3f0f0f0f 18 | 19 | target create sam7x256.cpu arm7tdmi -endian little -chain-position sam7x256.cpu -variant arm7tdmi 20 | 21 | gdb_memory_map enable 22 | 23 | sam7x256.cpu configure -work-area-virt 0 -work-area-phys 0x00200000 -work-area-size 0x10000 -work-area-backup 0 24 | flash bank at91sam7 0x100000 0x40000 0 4 sam7x256.cpu 25 | -------------------------------------------------------------------------------- /fpga/clk_divider.v: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2014 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | module clk_divider(input clk, input [7:0] divisor, output [7:0] div_cnt, output div_clk); 9 | 10 | reg [7:0] div_cnt_ = 0; 11 | reg div_clk_; 12 | assign div_cnt = div_cnt_; 13 | assign div_clk = div_clk_; 14 | 15 | always @(posedge clk) 16 | begin 17 | if(div_cnt == divisor) begin 18 | div_cnt_ <= 8'd0; 19 | div_clk_ = !div_clk_; 20 | end else 21 | div_cnt_ <= div_cnt_ + 1; 22 | end 23 | 24 | endmodule 25 | 26 | -------------------------------------------------------------------------------- /client/scripting.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2013 m h swende 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Some lua scripting glue to proxmark core. 9 | //----------------------------------------------------------------------------- 10 | #ifndef SCRIPTING_H__ 11 | #define SCRIPTING_H__ 12 | 13 | #include 14 | 15 | /** 16 | * @brief set_libraries loads the core components of pm3 into the 'pm3' 17 | * namespace within the given lua_State 18 | * @param L 19 | */ 20 | 21 | int set_pm3_libraries(lua_State *L); 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /pcb/proxmark3_fix/CAM/README.txt: -------------------------------------------------------------------------------- 1 | 2 | project: proxmark3-00 3 | 4 | * please make 18 boards 5 | * panelize 3x1 (for total 6 panels) 6 | * 0.062" finished thickness 7 | * FR-4 8 | * solder mask top and bottom 9 | * silkscreen legend top 10 | * either 1 ounce or 0.5 ounce copper acceptable (1 ounce preferred) 11 | 12 | Layer stackup: 13 | 14 | Top layer: *.GTL 15 | Inner Layer 1: *.GL1 (for 4-layer board) 16 | Inner Layer 2: *.GL2 (for 4-layer board) 17 | Bottom layer: *.GBL 18 | Solder Stop Mask top: *.GTS 19 | Solder Stop Mask Bottom: *.GBS 20 | Silk Top: *.GTO 21 | Silk Bottom: *.GBO 22 | NC Drill: *.TXT 23 | Outline layer: *.GKO or *.DO 24 | 25 | Note: 26 | All the gerber files in RS-274x format, except the drill file in Excellon format. 27 | 28 | 29 | 30 | Ship to 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /armsrc/iso14443b.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Merlok - June 2011 3 | // Gerhard de Koning Gans - May 2008 4 | // Hagen Fritsch - June 2010 5 | // 6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 7 | // at your option, any later version. See the LICENSE.txt file for the text of 8 | // the license. 9 | //----------------------------------------------------------------------------- 10 | // Routines to support ISO 14443 type A. 11 | //----------------------------------------------------------------------------- 12 | 13 | #ifndef __ISO14443B_H 14 | #define __ISO14443B_H 15 | #include "common.h" 16 | 17 | int iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response); 18 | void iso14443b_setup(); 19 | int iso14443b_select_card(); 20 | 21 | #endif /* __ISO14443B_H */ 22 | -------------------------------------------------------------------------------- /pcb/lf-antenna/CAM/lf-antenna.dri: -------------------------------------------------------------------------------- 1 | Generated by EAGLE CAM Processor 6.4.0 2 | 3 | Drill Station Info File: lf-antenna.dri 4 | 5 | Date : 2015.11.13. 17:00:29 6 | Drills : generated 7 | Device : Excellon drill station 8 | 9 | Parameter settings: 10 | 11 | Tolerance Drill + : 0.00 % 12 | Tolerance Drill - : 0.00 % 13 | Rotate : no 14 | Mirror : no 15 | Optimize : no 16 | Auto fit : yes 17 | OffsetX : 0inch 18 | OffsetY : 0inch 19 | Layers : Drills Holes 20 | 21 | Drill File Info: 22 | 23 | Data Mode : Absolute 24 | Units : 1/10000 Inch 25 | 26 | Drills used: 27 | 28 | Code Size used 29 | 30 | T01 0.0394inch 6 31 | T02 0.1299inch 9 32 | 33 | Total number of drills: 15 34 | 35 | Plotfiles: 36 | 37 | lf-antenna.TXT 38 | -------------------------------------------------------------------------------- /client/eml2UPPER.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Andrei Costin , 2011 4 | # eml2UPPER.sh 5 | # Converts PM3 Mifare Classic emulator EML file to UPPER case (for easier comparison in some text-comparison tools) 6 | 7 | # http://www.linuxquestions.org/questions/programming-9/bash-script-parsing-optional-parameters-621728/ 8 | 9 | # show program usage 10 | show_usage() 11 | { 12 | echo 13 | echo "Usage:" 14 | echo "${0##/} input.eml output.eml" 15 | exit 16 | } 17 | 18 | # Minimum number of arguments needed by this program 19 | MINARGS=2 20 | 21 | # get the number of command-line arguments given 22 | ARGC=$# 23 | 24 | # check to make sure enough arguments were given or exit 25 | if [[ $ARGC -lt $MINARGS ]] ; then 26 | echo "Too few arguments given (Minimum:$MINARGS)" 27 | echo 28 | show_usage 29 | fi 30 | 31 | tr '[:lower:]' '[:upper:]' < $1 > $2 32 | -------------------------------------------------------------------------------- /client/eml2lower.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Andrei Costin , 2011 4 | # eml2lower.sh 5 | # Converts PM3 Mifare Classic emulator EML file to lower case (for easier comparison in some text-comparison tools) 6 | 7 | # http://www.linuxquestions.org/questions/programming-9/bash-script-parsing-optional-parameters-621728/ 8 | 9 | # show program usage 10 | show_usage() 11 | { 12 | echo 13 | echo "Usage:" 14 | echo "${0##/} input.eml output.eml" 15 | exit 16 | } 17 | 18 | # Minimum number of arguments needed by this program 19 | MINARGS=2 20 | 21 | # get the number of command-line arguments given 22 | ARGC=$# 23 | 24 | # check to make sure enough arguments were given or exit 25 | if [[ $ARGC -lt $MINARGS ]] ; then 26 | echo "Too few arguments given (Minimum:$MINARGS)" 27 | echo 28 | show_usage 29 | fi 30 | 31 | tr '[:upper:]' '[:lower:]' < $1 > $2 32 | -------------------------------------------------------------------------------- /common/crc16.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // CRC16 7 | //----------------------------------------------------------------------------- 8 | #include 9 | 10 | #ifndef __CRC16_H 11 | #define __CRC16_H 12 | unsigned short update_crc16(unsigned short crc, unsigned char c); 13 | uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial); 14 | uint16_t crc16_ccitt(uint8_t const *message, int length); 15 | uint16_t crc16_ccitt_kermit(uint8_t const *message, int length); 16 | uint16_t bit_reverse_uint16 (uint16_t value); 17 | #endif 18 | -------------------------------------------------------------------------------- /client/pm3_mfd2eml.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | ''' 4 | # Andrei Costin , 2011 5 | # pm3_eml2mfd.py 6 | # Converts PM3 Mifare Classic MFD binary dump file to emulator EML text file 7 | ''' 8 | 9 | from __future__ import with_statement 10 | import sys 11 | import binascii 12 | 13 | READ_BLOCKSIZE = 16 14 | 15 | def main(argv): 16 | argc = len(argv) 17 | if argc < 3: 18 | print 'Usage:', argv[0], 'input.mfd output.eml' 19 | sys.exit(1) 20 | 21 | with file(argv[1], "rb") as file_inp, file(argv[2], "w") as file_out: 22 | while True: 23 | byte_s = file_inp.read(READ_BLOCKSIZE) 24 | if not byte_s: 25 | break 26 | hex_char_repr = binascii.hexlify(byte_s) 27 | file_out.write(hex_char_repr) 28 | file_out.write("\n") 29 | 30 | if __name__ == '__main__': 31 | main(sys.argv) 32 | -------------------------------------------------------------------------------- /liblua/lundump.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lundump.h,v 1.39 2012/05/08 13:53:33 roberto Exp $ 3 | ** load precompiled Lua chunks 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef lundump_h 8 | #define lundump_h 9 | 10 | #include "lobject.h" 11 | #include "lzio.h" 12 | 13 | /* load one chunk; from lundump.c */ 14 | LUAI_FUNC Closure* luaU_undump (lua_State* L, ZIO* Z, Mbuffer* buff, const char* name); 15 | 16 | /* make header; from lundump.c */ 17 | LUAI_FUNC void luaU_header (lu_byte* h); 18 | 19 | /* dump one chunk; from ldump.c */ 20 | LUAI_FUNC int luaU_dump (lua_State* L, const Proto* f, lua_Writer w, void* data, int strip); 21 | 22 | /* data to catch conversion errors */ 23 | #define LUAC_TAIL "\x19\x93\r\n\x1a\n" 24 | 25 | /* size in bytes of header of binary files */ 26 | #define LUAC_HEADERSIZE (sizeof(LUA_SIGNATURE)-sizeof(char)+2+6+sizeof(LUAC_TAIL)-sizeof(char)) 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /tools/at91sam7s256-armusbocd.cfg: -------------------------------------------------------------------------------- 1 | #define our ports 2 | telnet_port 4444 3 | gdb_port 3333 4 | 5 | #commands specific to the Olimex arm-usb-ocd 6 | interface ft2232 7 | # Be careful to reflect the exact description here: 8 | ft2232_device_desc "Olimex OpenOCD JTAG" 9 | ft2232_layout "olimex-jtag" 10 | ft2232_vid_pid 0x15BA 0x0003 11 | jtag_speed 2 12 | jtag_nsrst_delay 200 13 | jtag_ntrst_delay 200 14 | 15 | #reset_config [combination] [trst_type] [srst_type] 16 | reset_config srst_only srst_pulls_trst 17 | 18 | #jtag_device 19 | jtag_device 4 0x1 0xf 0xe 20 | 21 | #daemon_startup <'attach'|'reset'> 22 | daemon_startup reset 23 | 24 | #target [variant] 25 | target arm7tdmi little run_and_init 0 arm7tdmi_r4 26 | 27 | #run_and_halt_time 28 | run_and_halt_time 0 30 29 | 30 | -------------------------------------------------------------------------------- /client/cmdhf14a.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // 2011, Merlok 3 | // Copyright (C) 2010 iZsh 4 | // 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | // at your option, any later version. See the LICENSE.txt file for the text of 7 | // the license. 8 | //----------------------------------------------------------------------------- 9 | // High frequency ISO14443A commands 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef CMDHF14A_H__ 13 | #define CMDHF14A_H__ 14 | 15 | int CmdHF14A(const char *Cmd); 16 | 17 | int CmdHF14AList(const char *Cmd); 18 | int CmdHF14AMifare(const char *Cmd); 19 | int CmdHF14AReader(const char *Cmd); 20 | int CmdHF14ASim(const char *Cmd); 21 | int CmdHF14ASnoop(const char *Cmd); 22 | 23 | char* getTagInfo(uint8_t uid); 24 | #endif 25 | -------------------------------------------------------------------------------- /client/data.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Data utilities 9 | //----------------------------------------------------------------------------- 10 | 11 | #include 12 | #include 13 | #include "data.h" 14 | #include "ui.h" 15 | #include "proxmark3.h" 16 | #include "cmdmain.h" 17 | 18 | uint8_t* sample_buf; 19 | 20 | void GetFromBigBuf(uint8_t *dest, int bytes, int start_index) 21 | { 22 | sample_buf = dest; 23 | UsbCommand c = {CMD_DOWNLOAD_RAW_ADC_SAMPLES_125K, {start_index, bytes, 0}}; 24 | SendCommand(&c); 25 | } 26 | -------------------------------------------------------------------------------- /client/guidummy.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2009 Michael Gernoth 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // GUI dummy file 9 | //----------------------------------------------------------------------------- 10 | 11 | #include 12 | 13 | void ShowGraphWindow(void) 14 | { 15 | static int warned = 0; 16 | 17 | if (!warned) { 18 | printf("No GUI in this build!\n"); 19 | warned = 1; 20 | } 21 | } 22 | 23 | void HideGraphWindow(void) {} 24 | void RepaintGraphWindow(void) {} 25 | void MainGraphics() {} 26 | void InitGraphics(int argc, char **argv) {} 27 | void ExitGraphics(void) {} 28 | -------------------------------------------------------------------------------- /armsrc/mifarecmd.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Merlok - June 2011 3 | // Gerhard de Koning Gans - May 2008 4 | // Hagen Fritsch - June 2010 5 | // 6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 7 | // at your option, any later version. See the LICENSE.txt file for the text of 8 | // the license. 9 | //----------------------------------------------------------------------------- 10 | // Routines to support ISO 14443 type A. 11 | //----------------------------------------------------------------------------- 12 | 13 | #ifndef __MIFARECMD_H 14 | #define __MIFARECMD_H 15 | 16 | #include "proxmark3.h" 17 | #include "apps.h" 18 | #include "util.h" 19 | #include "string.h" 20 | 21 | #include "iso14443crc.h" 22 | #include "iso14443a.h" 23 | #include "crapto1.h" 24 | #include "mifareutil.h" 25 | #include "common.h" 26 | 27 | 28 | #endif -------------------------------------------------------------------------------- /armsrc/aes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * AES Cryptographic Algorithm Header File. Include this header file in 3 | * your source which uses these given APIs. (This source is kept under 4 | * public domain) 5 | */ 6 | 7 | // AES context structure 8 | typedef struct { 9 | unsigned int Ek[60]; 10 | unsigned int Dk[60]; 11 | unsigned int Iv[4]; 12 | unsigned char Nr; 13 | unsigned char Mode; 14 | } AesCtx; 15 | 16 | // key length in bytes 17 | #define KEY128 16 18 | #define KEY192 24 19 | #define KEY256 32 20 | // block size in bytes 21 | #define BLOCKSZ 16 22 | // mode 23 | #define EBC 0 24 | #define CBC 1 25 | 26 | // AES API function prototype 27 | 28 | int AesCtxIni(AesCtx *pCtx, unsigned char *pIV, unsigned char *pKey, unsigned int KeyLen, unsigned char Mode); 29 | int AesEncrypt(AesCtx *pCtx, unsigned char *pData, unsigned char *pCipher, unsigned int DataLen); 30 | int AesDecrypt(AesCtx *pCtx, unsigned char *pCipher, unsigned char *pData, unsigned int CipherLen); -------------------------------------------------------------------------------- /client/proxmark3.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2009 Michael Gernoth 3 | // Copyright (C) 2010 iZsh 4 | // 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | // at your option, any later version. See the LICENSE.txt file for the text of 7 | // the license. 8 | //----------------------------------------------------------------------------- 9 | // Main binary 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef PROXMARK3_H__ 13 | #define PROXMARK3_H__ 14 | 15 | #define __STDC_FORMAT_MACROS 16 | #include 17 | #define llx PRIx64 18 | #define lli PRIi64 19 | #define llu PRIu64 20 | #define hhu PRIu8 21 | 22 | #include "usb_cmd.h" 23 | 24 | #define PROXPROMPT "proxmark3> " 25 | 26 | void SendCommand(UsbCommand *c); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /driver/proxmark3.inf: -------------------------------------------------------------------------------- 1 | [Version] 2 | Signature="$Windows NT$" 3 | Class=Ports 4 | ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318} 5 | Provider=%ProviderName% 6 | DriverVer=10/15/2009,1.0.0.0 7 | 8 | [MANUFACTURER] 9 | %ProviderName%=DeviceList, NTx86, NTamd64 10 | 11 | [DeviceList.NTx86] 12 | %DeviceName%=DriverInstall,USB\VID_2d2d&PID_504d 13 | 14 | [DeviceList.NTamd64] 15 | %DeviceName%=DriverInstall,USB\VID_2d2d&PID_504d 16 | 17 | [DriverInstall] 18 | include=mdmcpq.inf 19 | CopyFiles=FakeModemCopyFileSection 20 | AddReg=LowerFilterAddReg,SerialPropPageAddReg 21 | 22 | [DriverInstall.Services] 23 | include = mdmcpq.inf 24 | AddService = usbser, 0x00000002, LowerFilter_Service_Inst 25 | 26 | ; This adds the serial port property tab to the device properties dialog 27 | [SerialPropPageAddReg] 28 | HKR,,EnumPropPages32,,"MsPorts.dll,SerialPortPropPageProvider" 29 | 30 | [Strings] 31 | ProviderName = "proxmark.org" 32 | DeviceName = "Proxmark3" 33 | -------------------------------------------------------------------------------- /client/cmdhflegic.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // High frequency Legic commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHFLEGIC_H__ 12 | #define CMDHFLEGIC_H__ 13 | 14 | int CmdHFLegic(const char *Cmd); 15 | 16 | int CmdLegicRFRead(const char *Cmd); 17 | int CmdLegicDecode(const char *Cmd); 18 | int CmdLegicLoad(const char *Cmd); 19 | int CmdLegicSave(const char *Cmd); 20 | int CmdLegicRfSim(const char *Cmd); 21 | int CmdLegicRfWrite(const char *Cmd); 22 | int CmdLegicRfFill(const char *Cmd); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /client/sleep.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // platform-independant sleep macros 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef SLEEP_H__ 12 | #define SLEEP_H__ 13 | 14 | #ifdef _WIN32 15 | # include 16 | # define sleep(n) Sleep(1000 * n) 17 | # define msleep(n) Sleep(n) 18 | #else 19 | # include 20 | # include 21 | void nsleep(uint64_t n); 22 | # define msleep(n) nsleep(1000000 * n) 23 | # define usleep(n) nsleep(1000 * n) 24 | #endif // _WIN32 25 | 26 | #endif // SLEEP_H__ 27 | 28 | -------------------------------------------------------------------------------- /client/cmdlfpresco.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // 3 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 4 | // at your option, any later version. See the LICENSE.txt file for the text of 5 | // the license. 6 | //----------------------------------------------------------------------------- 7 | // Low frequency T55xx commands 8 | //----------------------------------------------------------------------------- 9 | #ifndef CMDLFPRESCO_H__ 10 | #define CMDLFPRESCO_H__ 11 | 12 | #include //uint_32+ 13 | #include //bool 14 | 15 | int CmdLFPresco(const char *Cmd); 16 | int CmdPrescoClone(const char *Cmd); 17 | int CmdPrescoSim(const char *Cmd); 18 | 19 | int GetWiegandFromPresco(const char *id, uint32_t *sitecode, uint32_t *usercode, uint32_t *fullcode, bool *Q5); 20 | 21 | int usage_lf_presco_clone(void); 22 | int usage_lf_presco_sim(void); 23 | #endif 24 | 25 | -------------------------------------------------------------------------------- /armsrc/printf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 Hector Martin "marcan" 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Common *printf() functions 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef __PRINTF_H 12 | #define __PRINTF_H 13 | 14 | #include 15 | 16 | int kvsprintf(const char *format, void *arg, int radix, va_list ap) __attribute__ ((format (printf, 1, 0))); 17 | int vsprintf(char *str, const char *format, va_list ap) __attribute__ ((format (printf, 2, 0))); 18 | int sprintf(char *str, const char *format, ...) __attribute__ ((format (printf, 2, 3))); 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /client/ui.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // UI utilities 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef UI_H__ 12 | #define UI_H__ 13 | 14 | void ShowGui(void); 15 | void HideGraphWindow(void); 16 | void ShowGraphWindow(void); 17 | void RepaintGraphWindow(void); 18 | void PrintAndLog(char *fmt, ...); 19 | void SetLogFilename(char *fn); 20 | 21 | extern double CursorScaleFactor; 22 | extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault; 23 | extern int offline; 24 | extern int flushAfterWrite; //buzzy 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /client/cmdhf14b.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // High frequency ISO14443B commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHF14B_H__ 12 | #define CMDHF14B_H__ 13 | 14 | int CmdHF14B(const char *Cmd); 15 | int CmdHF14BList(const char *Cmd); 16 | int CmdHF14BInfo(const char *Cmd); 17 | int CmdHF14BSim(const char *Cmd); 18 | int CmdHF14BSnoop(const char *Cmd); 19 | int CmdSri512Read(const char *Cmd); 20 | int CmdSrix4kRead(const char *Cmd); 21 | int CmdHF14BWrite( const char *cmd); 22 | int HF14BInfo(bool verbose); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /client/cmdmain.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Main command parser entry point 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDMAIN_H__ 12 | #define CMDMAIN_H__ 13 | 14 | #include "usb_cmd.h" 15 | #include "cmdparser.h" 16 | void UsbCommandReceived(UsbCommand *UC); 17 | int CommandReceived(char *Cmd); 18 | bool WaitForResponseTimeout(uint32_t cmd, UsbCommand* response, size_t ms_timeout); 19 | bool WaitForResponse(uint32_t cmd, UsbCommand* response); 20 | void clearCommandBuffer(); 21 | command_t* getTopLevelCommandTable(); 22 | #endif 23 | -------------------------------------------------------------------------------- /client/sleep.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // platform-independant sleep macros 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef _WIN32 12 | 13 | #define _POSIX_C_SOURCE 199309L 14 | #include "sleep.h" 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | void nsleep(uint64_t n) { 21 | struct timespec timeout; 22 | timeout.tv_sec = n/1000000000; 23 | timeout.tv_nsec = n%1000000000; 24 | while (nanosleep(&timeout, &timeout) && errno == EINTR); 25 | } 26 | 27 | #endif // _WIN32 28 | 29 | -------------------------------------------------------------------------------- /pcb/proxmark3_fix/CAM/proxmark3.dri: -------------------------------------------------------------------------------- 1 | Generated by EAGLE CAM Processor 6.4.0 2 | 3 | Drill Station Info File: proxmark3.dri 4 | 5 | Date : 2015.11.13. 16:16:25 6 | Drills : generated 7 | Device : Excellon drill station 8 | 9 | Parameter settings: 10 | 11 | Tolerance Drill + : 0.00 % 12 | Tolerance Drill - : 0.00 % 13 | Rotate : no 14 | Mirror : no 15 | Optimize : no 16 | Auto fit : yes 17 | OffsetX : 0inch 18 | OffsetY : 0inch 19 | Layers : Drills Holes 20 | 21 | Drill File Info: 22 | 23 | Data Mode : Absolute 24 | Units : 1/10000 Inch 25 | 26 | Drills used: 27 | 28 | Code Size used 29 | 30 | T01 0.0157inch 326 31 | T02 0.0354inch 2 32 | T03 0.0394inch 2 33 | T04 0.0450inch 26 34 | T05 0.0630inch 1 35 | T06 0.0787inch 2 36 | 37 | Total number of drills: 359 38 | 39 | Plotfiles: 40 | 41 | proxmark3.TXT 42 | -------------------------------------------------------------------------------- /client/cmdlfawid.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Low frequency AWID commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDLFAWID_H__ 12 | #define CMDLFAWID_H__ 13 | 14 | int CmdLFAWID(const char *Cmd); 15 | //int CmdAWIDDemod(const char *Cmd); 16 | int CmdAWIDDemodFSK(const char *Cmd); 17 | int CmdAWIDSim(const char *Cmd); 18 | int CmdAWIDClone(const char *Cmd); 19 | int getAWIDBits(unsigned int fc, unsigned int cn, uint8_t *AWIDBits); 20 | int usage_lf_awid_fskdemod(void); 21 | int usage_lf_awid_clone(void); 22 | int usage_lf_awid_sim(void); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /client/cmdhw.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Hardware commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHW_H__ 12 | #define CMDHW_H__ 13 | 14 | int CmdHW(const char *Cmd); 15 | 16 | int CmdDetectReader(const char *Cmd); 17 | int CmdFPGAOff(const char *Cmd); 18 | int CmdLCD(const char *Cmd); 19 | int CmdLCDReset(const char *Cmd); 20 | int CmdReadmem(const char *Cmd); 21 | int CmdReset(const char *Cmd); 22 | int CmdSetDivisor(const char *Cmd); 23 | int CmdSetMux(const char *Cmd); 24 | int CmdTune(const char *Cmd); 25 | int CmdVersion(const char *Cmd); 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /client/cmdhf15.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // High frequency ISO15693 commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHF15_H__ 12 | #define CMDHF15_H__ 13 | 14 | int CmdHF15(const char *Cmd); 15 | 16 | int CmdHF15Demod(const char *Cmd); 17 | int CmdHF15Read(const char *Cmd); 18 | int HF15Reader(const char *Cmd, bool verbose); 19 | int CmdHF15Reader(const char *Cmd); 20 | int CmdHF15Sim(const char *Cmd); 21 | int CmdHF15Record(const char *Cmd); 22 | int CmdHF15Cmd(const char*Cmd); 23 | int CmdHF15CmdHelp(const char*Cmd); 24 | int CmdHF15Help(const char*Cmd); 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /fpga/lo_passthru.v: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // For reading TI tags, we need to place the FPGA in pass through mode 3 | // and pass everything through to the ARM 4 | //----------------------------------------------------------------------------- 5 | // iZsh , June 2014 6 | 7 | module lo_passthru( 8 | input pck_divclk, 9 | output pwr_lo, output pwr_hi, 10 | output pwr_oe1, output pwr_oe2, output pwr_oe3, output pwr_oe4, 11 | output adc_clk, 12 | output ssp_din, input ssp_dout, 13 | input cross_lo, 14 | output dbg 15 | ); 16 | 17 | // the antenna is modulated when ssp_dout = 1, when 0 the 18 | // antenna drivers stop modulating and go into listen mode 19 | assign pwr_oe3 = 1'b0; 20 | assign pwr_oe1 = ssp_dout; 21 | assign pwr_oe2 = ssp_dout; 22 | assign pwr_oe4 = ssp_dout; 23 | assign pwr_lo = pck_divclk && ssp_dout; 24 | assign pwr_hi = 1'b0; 25 | assign adc_clk = 1'b0; 26 | assign ssp_din = cross_lo; 27 | assign dbg = cross_lo; 28 | 29 | endmodule 30 | -------------------------------------------------------------------------------- /fpga/sim.tcl: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------ 2 | # Run the simulation testbench in ModelSim: recompile both Verilog source 3 | # files, then start the simulation, add a lot of signals to the waveform 4 | # viewer, and run. I should (TODO) fix the absolute paths at some point. 5 | # 6 | # Jonathan Westhues, Mar 2006 7 | #------------------------------------------------------------------------------ 8 | 9 | vlog -work work -O0 C:/depot/proximity/mark3/fpga/fpga.v 10 | vlog -work work -O0 C:/depot/proximity/mark3/fpga/fpga_tb.v 11 | 12 | vsim work.fpga_tb 13 | 14 | add wave sim:/fpga_tb/adc_clk 15 | add wave sim:/fpga_tb/adc_d 16 | add wave sim:/fpga_tb/pwr_lo 17 | add wave sim:/fpga_tb/ssp_clk 18 | add wave sim:/fpga_tb/ssp_frame 19 | add wave sim:/fpga_tb/ssp_din 20 | add wave sim:/fpga_tb/ssp_dout 21 | 22 | add wave sim:/fpga_tb/dut/clk_lo 23 | add wave sim:/fpga_tb/dut/pck_divider 24 | add wave sim:/fpga_tb/dut/carrier_divider_lo 25 | add wave sim:/fpga_tb/dut/conf_word 26 | 27 | run 30000 28 | -------------------------------------------------------------------------------- /include/common.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Hagen Fritsch - June 2010 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | 8 | //----------------------------------------------------------------------------- 9 | // Interlib Definitions 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef __COMMON_H 13 | #define __COMMON_H 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | typedef unsigned char byte_t; 20 | 21 | #ifndef MIN 22 | # define MIN(a, b) (((a) < (b)) ? (a) : (b)) 23 | #endif 24 | #ifndef MAX 25 | # define MAX(a, b) (((a) > (b)) ? (a) : (b)) 26 | #endif 27 | #ifndef ABS 28 | # define ABS(a) ( ((a)<0) ? -(a) : (a) ) 29 | #endif 30 | 31 | 32 | #define RAMFUNC __attribute((long_call, section(".ramfunc"))) 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /pcb/proxmark3_fix/CAD/change_log.txt: -------------------------------------------------------------------------------- 1 | 13/11/2015 Change list from original PCB: 2 | 3 | Main problem: more then 800 DRC errors when runing that in Eagle. Check out the following changes to make a more reliable PCB. Those are minor cosmetic changes, but ease your life to avoid short circuit. 4 | 5 | 1. Eagle Layout / DRC rules / Masks / Limit: from 0mil to 16mil, thus ordinary GND and signal vias which smaller then 16mil wont be open at solder stop mask layer. 6 | 7 | 2. Eagle Layout / DRC rules / Masks / Stop MAX: from 2mil to 0, this way the solder stop mask wont overlap silkscreen drawings. Also as per PCB assembly houses, it's recommended, they set their own scaling for production. 8 | 9 | 3. Exporting all the parts in the proxmark3 Eagle Layout into a library for minor silkscreen edition: proxmark3_components merged.lbr 10 | - Editing components footprint as was overlapping with top stop mask 11 | 12 | 4. Adding top, bottom, in1, in2 layer markings in PCB layout for better manufacturing identification 13 | 14 | 5. Generating 4 layer CAM files 15 | -------------------------------------------------------------------------------- /client/gen_pm3mfsim_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Andrei Costin , 2011 4 | # gen_pm3mfsim_script.sh 5 | # Generates Mifare Classic emulation script file that will load a given EML dump into PM3 and start emulation automagically 6 | 7 | # http://www.linuxquestions.org/questions/programming-9/bash-script-parsing-optional-parameters-621728/ 8 | 9 | # show program usage 10 | show_usage() 11 | { 12 | echo 13 | echo "Usage:" 14 | echo "${0##/} input_eml_without_extension output.pm3scr" 15 | exit 16 | } 17 | 18 | # Minimum number of arguments needed by this program 19 | MINARGS=2 20 | 21 | # get the number of command-line arguments given 22 | ARGC=$# 23 | 24 | # check to make sure enough arguments were given or exit 25 | if [[ $ARGC -lt $MINARGS ]] ; then 26 | echo "Too few arguments given (Minimum:$MINARGS)" 27 | echo 28 | show_usage 29 | fi 30 | 31 | rm $2 32 | echo "hf mf eclr" >> $2 33 | echo "hf mf eload" $1 >> $2 34 | echo "hf mf ekeyprn" >> $2 35 | echo "hf mf sim" `cat $1.eml | (read -n 8 uid; echo $uid)` >> $2 -------------------------------------------------------------------------------- /armsrc/stdint.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 Hector Martin "marcan" 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Replacement stdint.h because GCC doesn't come with it yet (C99) 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef __STDINT_H 12 | #define __STDINT_H 13 | 14 | typedef signed char int8_t; 15 | typedef short int int16_t; 16 | typedef int int32_t; 17 | typedef long long int int64_t; 18 | 19 | typedef unsigned char uint8_t; 20 | typedef unsigned short int uint16_t; 21 | typedef unsigned int uint32_t; 22 | typedef unsigned long long int uint64_t; 23 | 24 | typedef int intptr_t; 25 | typedef unsigned int uintptr_t; 26 | 27 | #endif /* __STDINT_H */ 28 | -------------------------------------------------------------------------------- /common/crc32.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "crc32.h" 4 | 5 | #define htole32(x) (x) 6 | #define CRC32_PRESET 0xFFFFFFFF 7 | 8 | 9 | static void crc32_byte (uint32_t *crc, const uint8_t value); 10 | 11 | static void crc32_byte (uint32_t *crc, const uint8_t value) { 12 | /* x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1 */ 13 | const uint32_t poly = 0xEDB88320; 14 | 15 | *crc ^= value; 16 | for (int current_bit = 7; current_bit >= 0; current_bit--) { 17 | int bit_out = (*crc) & 0x00000001; 18 | *crc >>= 1; 19 | if (bit_out) 20 | *crc ^= poly; 21 | } 22 | } 23 | 24 | void crc32 (const uint8_t *data, const size_t len, uint8_t *crc) { 25 | uint32_t desfire_crc = CRC32_PRESET; 26 | for (size_t i = 0; i < len; i++) { 27 | crc32_byte (&desfire_crc, data[i]); 28 | } 29 | 30 | *((uint32_t *)(crc)) = htole32 (desfire_crc); 31 | } 32 | 33 | void crc32_append (uint8_t *data, const size_t len) { 34 | crc32 (data, len, data + len); 35 | } 36 | -------------------------------------------------------------------------------- /client/cmdparser.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Command parser 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDPARSER_H__ 12 | #define CMDPARSER_H__ 13 | 14 | typedef struct command_s 15 | { 16 | const char * Name; 17 | int (*Parse)(const char *Cmd); 18 | int Offline; 19 | const char * Help; 20 | } command_t; 21 | 22 | // command_t array are expected to be NULL terminated 23 | 24 | // Print help for each command in the command array 25 | void CmdsHelp(const command_t Commands[]); 26 | // Parse a command line 27 | int CmdsParse(const command_t Commands[], const char *Cmd); 28 | void dumpCommandsRecursive(const command_t cmds[], int markdown); 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /client/hid-flasher/flash.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // Flashing utility functions 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __FLASH_H__ 10 | #define __FLASH_H__ 11 | 12 | #include 13 | #include "elf.h" 14 | 15 | typedef struct { 16 | void *data; 17 | uint32_t start; 18 | uint32_t length; 19 | } flash_seg_t; 20 | 21 | typedef struct { 22 | const char *filename; 23 | int can_write_bl; 24 | int num_segs; 25 | flash_seg_t *segments; 26 | } flash_file_t; 27 | 28 | int flash_load(flash_file_t *ctx, const char *name, int can_write_bl); 29 | int flash_start_flashing(int enable_bl_writes); 30 | int flash_write(flash_file_t *ctx); 31 | void flash_free(flash_file_t *ctx); 32 | int flash_stop_flashing(void); 33 | 34 | #endif 35 | 36 | -------------------------------------------------------------------------------- /client/flash.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // Flashing utility functions 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __FLASH_H__ 10 | #define __FLASH_H__ 11 | 12 | #include 13 | #include "elf.h" 14 | 15 | typedef struct { 16 | void *data; 17 | uint32_t start; 18 | uint32_t length; 19 | } flash_seg_t; 20 | 21 | typedef struct { 22 | const char *filename; 23 | int can_write_bl; 24 | int num_segs; 25 | flash_seg_t *segments; 26 | } flash_file_t; 27 | 28 | int flash_load(flash_file_t *ctx, const char *name, int can_write_bl); 29 | int flash_start_flashing(int enable_bl_writes,char *serial_port_name); 30 | int flash_write(flash_file_t *ctx); 31 | void flash_free(flash_file_t *ctx); 32 | int flash_stop_flashing(void); 33 | 34 | #endif 35 | 36 | -------------------------------------------------------------------------------- /client/proxgui.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2009 Michael Gernoth 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // GUI functions 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | 15 | void ShowGraphWindow(void); 16 | void HideGraphWindow(void); 17 | void RepaintGraphWindow(void); 18 | void MainGraphics(void); 19 | void InitGraphics(int argc, char **argv); 20 | void ExitGraphics(void); 21 | 22 | #define MAX_GRAPH_TRACE_LEN (40000*8) 23 | extern int GraphBuffer[MAX_GRAPH_TRACE_LEN]; 24 | extern int GraphTraceLen; 25 | extern double CursorScaleFactor; 26 | extern int PlotGridX, PlotGridY, PlotGridXdefault, PlotGridYdefault; 27 | extern int CommandFinished; 28 | extern int offline; 29 | 30 | #ifdef __cplusplus 31 | } 32 | #endif 33 | -------------------------------------------------------------------------------- /fpga/testbed_fpga.v: -------------------------------------------------------------------------------- 1 | `include "fpga.v" 2 | 3 | module testbed_fpga; 4 | reg spck, mosi, ncs; 5 | wire miso; 6 | reg pck0i, ck_1356meg, ck_1356megb; 7 | wire pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4; 8 | reg [7:0] adc_d; 9 | wire adc_clk, adc_noe; 10 | reg ssp_dout; 11 | wire ssp_frame, ssp_din, ssp_clk; 12 | 13 | fpga dut( 14 | spck, miso, mosi, ncs, 15 | pck0i, ck_1356meg, ck_1356megb, 16 | pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4, 17 | adc_d, adc_clk, adc_noe, 18 | ssp_frame, ssp_din, ssp_dout, ssp_clk 19 | ); 20 | 21 | integer i; 22 | 23 | initial begin 24 | 25 | // init inputs 26 | #5 ncs=1; 27 | #5 spck = 1; 28 | #5 mosi = 1; 29 | 30 | #50 ncs=0; 31 | for (i = 0 ; i < 8 ; i = i + 1) begin 32 | #5 mosi = $random; 33 | #5 spck = 0; 34 | #5 spck = 1; 35 | end 36 | #5 ncs=1; 37 | 38 | #50 ncs=0; 39 | for (i = 0 ; i < 8 ; i = i + 1) begin 40 | #5 mosi = $random; 41 | #5 spck = 0; 42 | #5 spck = 1; 43 | end 44 | #5 ncs=1; 45 | 46 | #50 mosi=1; 47 | $finish; 48 | end 49 | 50 | endmodule // main 51 | -------------------------------------------------------------------------------- /client/cmdlf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Low frequency commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDLF_H__ 12 | #define CMDLF_H__ 13 | 14 | int CmdLF(const char *Cmd); 15 | 16 | int CmdLFCommandRead(const char *Cmd); 17 | int CmdFlexdemod(const char *Cmd); 18 | int CmdIndalaDemod(const char *Cmd); 19 | int CmdIndalaClone(const char *Cmd); 20 | int CmdLFRead(const char *Cmd); 21 | int CmdLFSim(const char *Cmd); 22 | int CmdLFaskSim(const char *Cmd); 23 | int CmdLFfskSim(const char *Cmd); 24 | int CmdLFpskSim(const char *Cmd); 25 | int CmdLFSimBidir(const char *Cmd); 26 | int CmdLFSnoop(const char *Cmd); 27 | int CmdVchDemod(const char *Cmd); 28 | int CmdLFfind(const char *Cmd); 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /client/cmdlfem4x.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Low frequency EM4x commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDLFEM4X_H__ 12 | #define CMDLFEM4X_H__ 13 | 14 | int CmdEMdemodASK(const char *Cmd); 15 | int CmdEM410xRead(const char *Cmd); 16 | int CmdEM410xSim(const char *Cmd); 17 | int CmdEM410xWatch(const char *Cmd); 18 | int CmdEM410xWatchnSpoof(const char *Cmd); 19 | int CmdEM410xWrite(const char *Cmd); 20 | int CmdEM4x50Read(const char *Cmd); 21 | int CmdLFEM4X(const char *Cmd); 22 | int CmdReadWord(const char *Cmd); 23 | int CmdReadWordPWD(const char *Cmd); 24 | int CmdWriteWord(const char *Cmd); 25 | int CmdWriteWordPWD(const char *Cmd); 26 | int EM4x50Read(const char *Cmd, bool verbose); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /client/cmdlfpcf7931.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2012 Chalk 3 | // 2015 Dake 4 | 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | // at your option, any later version. See the LICENSE.txt file for the text of 7 | // the license. 8 | //----------------------------------------------------------------------------- 9 | // Low frequency PCF7931 commands 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef CMDLFPCF7931_H__ 13 | #define CMDLFPCF7931_H__ 14 | 15 | struct pcf7931_config{ 16 | uint8_t Pwd[7]; 17 | uint16_t InitDelay; 18 | int16_t OffsetWidth; 19 | int16_t OffsetPosition; 20 | }; 21 | 22 | int pcf7931_resetConfig(); 23 | int pcf7931_printConfig(); 24 | 25 | int usage_pcf7931_read(); 26 | int usage_pcf7931_write(); 27 | int usage_pcf7931_config(); 28 | 29 | int CmdLFPCF7931(const char *Cmd); 30 | 31 | int CmdLFPCF7931Read(const char *Cmd); 32 | int CmdLFPCF7931Write(const char *Cmd); 33 | int CmdLFPCF7931Config(const char *Cmd); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /armsrc/string.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Jonathan Westhues, Aug 2005 3 | // Copyright (C) 2010 Hector Martin "marcan" 4 | // 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | // at your option, any later version. See the LICENSE.txt file for the text of 7 | // the license. 8 | //----------------------------------------------------------------------------- 9 | // Common string.h functions 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef __STRING_H 13 | #define __STRING_H 14 | 15 | #include 16 | #include 17 | 18 | int strlen(const char *str); 19 | RAMFUNC void *memcpy(void *dest, const void *src, int len); 20 | void *memset(void *dest, int c, int len); 21 | RAMFUNC int memcmp(const void *av, const void *bv, int len); 22 | void memxor(uint8_t * dest, uint8_t * src, size_t len); 23 | char *strncat(char *dest, const char *src, unsigned int n); 24 | char *strcat(char *dest, const char *src); 25 | void strreverse(char s[]); 26 | void itoa(int n, char s[]); 27 | 28 | 29 | #endif /* __STRING_H */ 30 | -------------------------------------------------------------------------------- /client/hid-flasher/proxusb.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // USB utilities 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef PROXUSB_H__ 12 | #define PROXUSB_H__ 13 | 14 | #include 15 | #include 16 | #include 17 | #include "usb_cmd.h" 18 | 19 | extern unsigned char return_on_error; 20 | extern unsigned char error_occured; 21 | 22 | void SendCommand(UsbCommand *c); 23 | bool ReceiveCommandPoll(UsbCommand *c); 24 | void ReceiveCommand(UsbCommand *c); 25 | struct usb_dev_handle* FindProxmark(int verbose, unsigned int *iface); 26 | struct usb_dev_handle* OpenProxmark(int verbose); 27 | void CloseProxmark(void); 28 | 29 | struct prox_unit { 30 | usb_dev_handle *handle; 31 | char serial_number[256]; 32 | }; 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /liblua/lfunc.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lfunc.h,v 2.8 2012/05/08 13:53:33 roberto Exp $ 3 | ** Auxiliary functions to manipulate prototypes and closures 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef lfunc_h 8 | #define lfunc_h 9 | 10 | 11 | #include "lobject.h" 12 | 13 | 14 | #define sizeCclosure(n) (cast(int, sizeof(CClosure)) + \ 15 | cast(int, sizeof(TValue)*((n)-1))) 16 | 17 | #define sizeLclosure(n) (cast(int, sizeof(LClosure)) + \ 18 | cast(int, sizeof(TValue *)*((n)-1))) 19 | 20 | 21 | LUAI_FUNC Proto *luaF_newproto (lua_State *L); 22 | LUAI_FUNC Closure *luaF_newCclosure (lua_State *L, int nelems); 23 | LUAI_FUNC Closure *luaF_newLclosure (lua_State *L, int nelems); 24 | LUAI_FUNC UpVal *luaF_newupval (lua_State *L); 25 | LUAI_FUNC UpVal *luaF_findupval (lua_State *L, StkId level); 26 | LUAI_FUNC void luaF_close (lua_State *L, StkId level); 27 | LUAI_FUNC void luaF_freeproto (lua_State *L, Proto *f); 28 | LUAI_FUNC void luaF_freeupval (lua_State *L, UpVal *uv); 29 | LUAI_FUNC const char *luaF_getlocalname (const Proto *func, int local_number, 30 | int pc); 31 | 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /client/default_pwd.dic: -------------------------------------------------------------------------------- 1 | # known cloners 2 | # ref. http://www.proxmark.org/forum/viewtopic.php?id=2022 3 | 51243648, 4 | 000D8787, 5 | # Default pwd, simple: 6 | 00000000, 7 | 11111111, 8 | 22222222, 9 | 33333333, 10 | 44444444, 11 | 55555555, 12 | 66666666, 13 | 77777777, 14 | 88888888, 15 | 99999999, 16 | AAAAAAAA, 17 | BBBBBBBB, 18 | CCCCCCCC, 19 | DDDDDDDD, 20 | EEEEEEEE, 21 | FFFFFFFF, 22 | a0a1a2a3, 23 | b0b1b2b3, 24 | aabbccdd, 25 | bbccddee, 26 | ccddeeff, 27 | 00000001, 28 | 00000002, 29 | 0000000a, 30 | 0000000b, 31 | 01020304, 32 | 02030405, 33 | 03040506, 34 | 04050607, 35 | 05060708, 36 | 06070809, 37 | 0708090A, 38 | 08090A0B, 39 | 090A0B0C, 40 | 0A0B0C0D, 41 | 0B0C0D0E, 42 | 0C0D0E0F, 43 | 01234567, 44 | 12345678, 45 | 10000000, 46 | 20000000, 47 | 30000000, 48 | 40000000, 49 | 50000000, 50 | 60000000, 51 | 70000000, 52 | 80000000, 53 | 90000000, 54 | A0000000, 55 | B0000000, 56 | C0000000, 57 | D0000000, 58 | E0000000, 59 | F0000000, 60 | 10101010, 61 | 01010101, 62 | 11223344, 63 | 22334455, 64 | 33445566, 65 | 44556677, 66 | 55667788, 67 | 66778899, 68 | 778899AA, 69 | 8899AABB, 70 | 99AABBCC, 71 | AABBCCDD, 72 | BBCCDDEE, 73 | CCDDEEFF, 74 | 0CB7E7FC, //rfidler? 75 | FABADA11, //china? -------------------------------------------------------------------------------- /liblua/ldebug.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: ldebug.h,v 2.7 2011/10/07 20:45:19 roberto Exp $ 3 | ** Auxiliary functions from Debug Interface module 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef ldebug_h 8 | #define ldebug_h 9 | 10 | 11 | #include "lstate.h" 12 | 13 | 14 | #define pcRel(pc, p) (cast(int, (pc) - (p)->code) - 1) 15 | 16 | #define getfuncline(f,pc) (((f)->lineinfo) ? (f)->lineinfo[pc] : 0) 17 | 18 | #define resethookcount(L) (L->hookcount = L->basehookcount) 19 | 20 | /* Active Lua function (given call info) */ 21 | #define ci_func(ci) (clLvalue((ci)->func)) 22 | 23 | 24 | LUAI_FUNC l_noret luaG_typeerror (lua_State *L, const TValue *o, 25 | const char *opname); 26 | LUAI_FUNC l_noret luaG_concaterror (lua_State *L, StkId p1, StkId p2); 27 | LUAI_FUNC l_noret luaG_aritherror (lua_State *L, const TValue *p1, 28 | const TValue *p2); 29 | LUAI_FUNC l_noret luaG_ordererror (lua_State *L, const TValue *p1, 30 | const TValue *p2); 31 | LUAI_FUNC l_noret luaG_runerror (lua_State *L, const char *fmt, ...); 32 | LUAI_FUNC l_noret luaG_errormsg (lua_State *L); 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /tools/at91sam7s256-wiggler.cfg: -------------------------------------------------------------------------------- 1 | telnet_port 4444 2 | gdb_port 3333 3 | 4 | interface parport 5 | parport_port 0x378 6 | parport_cable wiggler 7 | jtag_speed 0 8 | jtag_nsrst_delay 200 9 | jtag_ntrst_delay 200 10 | 11 | reset_config srst_only srst_pulls_trst 12 | 13 | jtag newtap sam7x256 cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x3f0f0f0f 14 | #jtag newtap xilinx tap -irlen 6 -ircapture 0x1 -irmask 0xf -expected-id 0x1c1a093 15 | 16 | target create sam7x256.cpu arm7tdmi -endian little -chain-position sam7x256.cpu -variant arm7tdmi 17 | sam7x256.cpu configure -event reset-init { 18 | # disable watchdog 19 | mww 0xfffffd44 0x00008000 20 | # enable user reset 21 | mww 0xfffffd08 0xa5000001 22 | # CKGR_MOR : enable the main oscillator 23 | mww 0xfffffc20 0x00000601 24 | sleep 10 25 | # CKGR_PLLR: 16 MHz * (5+1) /1 = 96Mhz 26 | mww 0xfffffc2c 0x00051c01 27 | sleep 10 28 | # PMC_MCKR : MCK = PLL / 2 = 48 MHz 29 | mww 0xfffffc30 0x00000007 30 | sleep 10 31 | # MC_FMR: flash mode (FWS=1,FMCN=60) 32 | mww 0xffffff60 0x003c0100 33 | sleep 100 34 | } 35 | 36 | gdb_memory_map enable 37 | 38 | sam7x256.cpu configure -work-area-virt 0 -work-area-phys 0x00200000 -work-area-size 0x10000 -work-area-backup 0 39 | flash bank at91sam7 0 0 0 0 0 40 | -------------------------------------------------------------------------------- /tools/at91sam7s256-armusbocd-flash-program.cfg: -------------------------------------------------------------------------------- 1 | #define our ports 2 | telnet_port 4444 3 | gdb_port 3333 4 | 5 | #commands specific to the Olimex ARM-USB-OCD Dongle 6 | interface ft2232 7 | ft2232_device_desc "Olimex OpenOCD JTAG" 8 | ft2232_layout "olimex-jtag" 9 | ft2232_vid_pid 0x15BA 0x0003 10 | jtag_speed 2 11 | jtag_nsrst_delay 200 12 | jtag_ntrst_delay 200 13 | 14 | #reset_config [combination] [trst_type] [srst_type] 15 | reset_config srst_only srst_pulls_trst 16 | 17 | #jtag_device 18 | jtag_device 4 0x1 0xf 0xe 19 | 20 | #daemon_startup <'attach'|'reset'> 21 | daemon_startup reset 22 | 23 | #target [variant] 24 | target arm7tdmi little run_and_init 0 arm7tdmi_r4 25 | 26 | #run_and_halt_time 27 | run_and_halt_time 0 30 28 | 29 | # commands below are specific to AT91sam7 Flash Programming 30 | # --------------------------------------------------------- 31 | 32 | #target_script specifies the flash programming script file 33 | target_script 0 reset script.ocd 34 | 35 | #working_area
<'backup'|'nobackup'> 36 | working_area 0 0x40000000 0x4000 nobackup 37 | 38 | #flash bank at91sam7 0 0 0 0 39 | flash bank at91sam7 0 0 0 0 0 40 | -------------------------------------------------------------------------------- /common/legic_prng.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // LEFIC's obfuscation function 7 | //----------------------------------------------------------------------------- 8 | 9 | #include "legic_prng.h" 10 | 11 | struct lfsr { 12 | uint8_t a; 13 | uint8_t b; 14 | uint32_t c; 15 | } lfsr; 16 | 17 | void legic_prng_init(uint8_t init) { 18 | lfsr.c = 0; 19 | lfsr.a = init; 20 | if(init == 0) /* hack to get a always 0 keystream */ 21 | lfsr.b = 0; 22 | else 23 | lfsr.b = (init << 1) | 1; 24 | } 25 | 26 | void legic_prng_forward(int count) { 27 | lfsr.c += count; 28 | while(count--) { 29 | lfsr.a = lfsr.a >> 1 | (lfsr.a ^ lfsr.a >> 6) << 6; 30 | lfsr.b = lfsr.b >> 1 | (lfsr.b ^ lfsr.b >> 2 ^ lfsr.b >> 3 ^ lfsr.b >> 7) << 7; 31 | } 32 | } 33 | 34 | int legic_prng_count() { 35 | return lfsr.c; 36 | } 37 | 38 | uint8_t legic_prng_get_bit() { 39 | uint8_t idx = 7 - ( (lfsr.a & 4) | (lfsr.a >> 2 & 2) | (lfsr.a >> 4 & 1) ); 40 | return lfsr.b >> idx & 1; 41 | } 42 | -------------------------------------------------------------------------------- /liblua/lualib.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lualib.h,v 1.43 2011/12/08 12:11:37 roberto Exp $ 3 | ** Lua standard libraries 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | 8 | #ifndef lualib_h 9 | #define lualib_h 10 | 11 | #include "lua.h" 12 | 13 | 14 | 15 | LUAMOD_API int (luaopen_base) (lua_State *L); 16 | 17 | #define LUA_COLIBNAME "coroutine" 18 | LUAMOD_API int (luaopen_coroutine) (lua_State *L); 19 | 20 | #define LUA_TABLIBNAME "table" 21 | LUAMOD_API int (luaopen_table) (lua_State *L); 22 | 23 | #define LUA_IOLIBNAME "io" 24 | LUAMOD_API int (luaopen_io) (lua_State *L); 25 | 26 | #define LUA_OSLIBNAME "os" 27 | LUAMOD_API int (luaopen_os) (lua_State *L); 28 | 29 | #define LUA_STRLIBNAME "string" 30 | LUAMOD_API int (luaopen_string) (lua_State *L); 31 | 32 | #define LUA_BITLIBNAME "bit32" 33 | LUAMOD_API int (luaopen_bit32) (lua_State *L); 34 | 35 | #define LUA_MATHLIBNAME "math" 36 | LUAMOD_API int (luaopen_math) (lua_State *L); 37 | 38 | #define LUA_DBLIBNAME "debug" 39 | LUAMOD_API int (luaopen_debug) (lua_State *L); 40 | 41 | #define LUA_LOADLIBNAME "package" 42 | LUAMOD_API int (luaopen_package) (lua_State *L); 43 | 44 | 45 | /* open all previous libraries */ 46 | LUALIB_API void (luaL_openlibs) (lua_State *L); 47 | 48 | 49 | 50 | #if !defined(lua_assert) 51 | #define lua_assert(x) ((void)0) 52 | #endif 53 | 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /client/snooper.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2009 Michael Gernoth 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Snooper binary 9 | //----------------------------------------------------------------------------- 10 | 11 | #include "sleep.h" 12 | #include "ui.h" 13 | #include "proxusb.h" 14 | #include "cmdmain.h" 15 | 16 | #define HANDLE_ERROR if (error_occured) { \ 17 | error_occured = 0;\ 18 | break;\ 19 | } 20 | 21 | int main() 22 | { 23 | usb_init(); 24 | SetLogFilename("snooper.log"); 25 | 26 | return_on_error = 1; 27 | 28 | while(1) { 29 | while (!OpenProxmark(0)) { sleep(1); } 30 | while (1) { 31 | UsbCommand cmdbuf; 32 | CommandReceived("hf 14a snoop"); 33 | HANDLE_ERROR; 34 | ReceiveCommand(&cmdbuf); 35 | HANDLE_ERROR; 36 | for (int i = 0; i < 5; ++i) { 37 | ReceiveCommandPoll(&cmdbuf); 38 | } 39 | HANDLE_ERROR; 40 | CommandReceived("hf 14a list"); 41 | HANDLE_ERROR; 42 | } 43 | } 44 | 45 | CloseProxmark(); 46 | return 0; 47 | } 48 | -------------------------------------------------------------------------------- /common/iso14443crc.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // ISO14443 CRC calculation code. 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __ISO14443CRC_H 10 | #define __ISO14443CRC_H 11 | #include "common.h" 12 | 13 | //----------------------------------------------------------------------------- 14 | // Routines to compute the CRCs (two different flavours, just for confusion) 15 | // required for ISO 14443, swiped directly from the spec. 16 | //----------------------------------------------------------------------------- 17 | #define CRC_14443_A 0x6363 /* ITU-V.41 */ 18 | #define CRC_14443_B 0xFFFF /* ISO/IEC 13239 (formerly ISO/IEC 3309) */ 19 | #define CRC_ICLASS 0xE012 /* ICLASS PRERFIX */ 20 | 21 | void ComputeCrc14443(int CrcType, 22 | const unsigned char *Data, int Length, 23 | unsigned char *TransmitFirst, 24 | unsigned char *TransmitSecond); 25 | int CheckCrc14443(int CrcType, const unsigned char *Data, int Length); 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /bootrom/flash-reset.s: -------------------------------------------------------------------------------- 1 | @----------------------------------------------------------------------------- 2 | @ This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | @ at your option, any later version. See the LICENSE.txt file for the text of 4 | @ the license. 5 | @----------------------------------------------------------------------------- 6 | @ Reset vector for running from FLASH 7 | @----------------------------------------------------------------------------- 8 | 9 | .section .startup,"ax" 10 | 11 | .arm 12 | 13 | .global flashstart 14 | flashstart: 15 | b reset 16 | b undefined_instruction 17 | b software_interrupt 18 | b prefetch_abort 19 | b data_abort 20 | b . @reserved 21 | ldr pc, [pc,#-0xF20] @ IRQ - read the AIC 22 | b fiq 23 | 24 | reset: 25 | ldr sp, =_stack_end @ initialize stack pointer to top of RAM 26 | 27 | @ copy bootloader to RAM (in case the user re-flashes the bootloader) 28 | ldr r0, =__bootphase2_src_start__ 29 | ldr r1, =__bootphase2_start__ 30 | ldr r2, =__bootphase2_end__ 31 | 1: 32 | ldr r3, [r0], #4 33 | str r3, [r1], #4 34 | cmp r1, r2 35 | blo 1b 36 | 37 | ldr r3, =ram_start @ start address of RAM bootloader 38 | bx r3 @ jump to it 39 | 40 | .ltorg 41 | 42 | undefined_instruction: 43 | b . 44 | software_interrupt: 45 | b . 46 | prefetch_abort: 47 | b . 48 | data_abort: 49 | b . 50 | fiq: 51 | b . 52 | -------------------------------------------------------------------------------- /liblua/ltm.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: ltm.h,v 2.11 2011/02/28 17:32:10 roberto Exp $ 3 | ** Tag methods 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef ltm_h 8 | #define ltm_h 9 | 10 | 11 | #include "lobject.h" 12 | 13 | 14 | /* 15 | * WARNING: if you change the order of this enumeration, 16 | * grep "ORDER TM" 17 | */ 18 | typedef enum { 19 | TM_INDEX, 20 | TM_NEWINDEX, 21 | TM_GC, 22 | TM_MODE, 23 | TM_LEN, 24 | TM_EQ, /* last tag method with `fast' access */ 25 | TM_ADD, 26 | TM_SUB, 27 | TM_MUL, 28 | TM_DIV, 29 | TM_MOD, 30 | TM_POW, 31 | TM_UNM, 32 | TM_LT, 33 | TM_LE, 34 | TM_CONCAT, 35 | TM_CALL, 36 | TM_N /* number of elements in the enum */ 37 | } TMS; 38 | 39 | 40 | 41 | #define gfasttm(g,et,e) ((et) == NULL ? NULL : \ 42 | ((et)->flags & (1u<<(e))) ? NULL : luaT_gettm(et, e, (g)->tmname[e])) 43 | 44 | #define fasttm(l,et,e) gfasttm(G(l), et, e) 45 | 46 | #define ttypename(x) luaT_typenames_[(x) + 1] 47 | #define objtypename(x) ttypename(ttypenv(x)) 48 | 49 | LUAI_DDEC const char *const luaT_typenames_[LUA_TOTALTAGS]; 50 | 51 | 52 | LUAI_FUNC const TValue *luaT_gettm (Table *events, TMS event, TString *ename); 53 | LUAI_FUNC const TValue *luaT_gettmbyobj (lua_State *L, const TValue *o, 54 | TMS event); 55 | LUAI_FUNC void luaT_init (lua_State *L); 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /pcb/lf-antenna/CAM/lf-antenna.gpi: -------------------------------------------------------------------------------- 1 | Generated by EAGLE CAM Processor 6.4.0 2 | 3 | Photoplotter Info File: lf-antenna.gpi 4 | 5 | Date : 2015.11.13. 17:00:29 6 | Plotfile : lf-antenna.GTL 7 | Apertures : generated: 8 | Device : Gerber RS-274-X photoplotter, coordinate format 2.4 inch 9 | 10 | Parameter settings: 11 | 12 | Emulate Apertures : no 13 | Tolerance Draw + : 0.00 % 14 | Tolerance Draw - : 0.00 % 15 | Tolerance Flash + : 0.00 % 16 | Tolerance Flash - : 0.00 % 17 | Rotate : no 18 | Mirror : no 19 | Optimize : yes 20 | Auto fit : yes 21 | OffsetX : 0inch 22 | OffsetY : 0inch 23 | 24 | Plotfile Info: 25 | 26 | Coordinate Format : 2.4 27 | Coordinate Units : Inch 28 | Data Mode : Absolute 29 | Zero Suppression : None 30 | End Of Block : * 31 | 32 | Apertures used: 33 | 34 | Code Shape Size used 35 | 36 | D10 draw 0.0010inch 6 37 | D11 draw 0.0000inch 11 38 | D12 rectangle 0.1496inch x 0.0906inch 2 39 | D13 rectangle 0.0984inch x 0.0217inch 4 40 | D14 rectangle 0.0394inch x 0.0433inch 12 41 | D15 draw 0.0150inch 458 42 | D16 round 0.0700inch 2 43 | D17 round 0.0591inch 2 44 | 45 | -------------------------------------------------------------------------------- /client/scripts/remagic.lua: -------------------------------------------------------------------------------- 1 | local getopt = require('getopt') 2 | 3 | example = "script run remagic" 4 | author = "Iceman" 5 | 6 | desc = 7 | [[ 8 | This is a script that tries to bring back a chinese magic card (1k generation1) 9 | from the dead when it's block 0 has been written with bad values. 10 | 11 | Arguments: 12 | -h this help 13 | ]] 14 | --- 15 | -- A debug printout-function 16 | function dbg(args) 17 | if DEBUG then 18 | print("###", args) 19 | end 20 | end 21 | --- 22 | -- This is only meant to be used when errors occur 23 | function oops(err) 24 | print("ERROR: ",err) 25 | end 26 | 27 | --- 28 | -- Usage help 29 | function help() 30 | print(desc) 31 | print("Example usage") 32 | print(example) 33 | end 34 | 35 | --- 36 | -- The main entry point 37 | function main(args) 38 | 39 | 40 | -- Read the parameters 41 | for o, a in getopt.getopt(args, 'h') do 42 | if o == "h" then help() return end 43 | end 44 | 45 | local _cmds = { 46 | --[[ 47 | --]] 48 | [0] = "hf 14a raw -p -a -b 7 40", 49 | [1] = "hf 14a raw -p -a 43", 50 | [2] = "hf 14a raw -c -p -a A000", 51 | [3] = "hf 14a raw -c -p -a 01 02 03 04 04 98 02 00 00 00 00 00 00 00 10 01", 52 | } 53 | core.clearCommandBuffer() 54 | 55 | local i 56 | --for _,c in pairs(_cmds) do 57 | for i = 0, 3 do 58 | print ( _cmds[i] ) 59 | core.console( _cmds[i] ) 60 | end 61 | end 62 | 63 | main(args) 64 | -------------------------------------------------------------------------------- /include/mifare.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // (c) 2012 Roel Verdult 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // MIFARE type prototyping 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef _MIFARE_H_ 12 | #define _MIFARE_H_ 13 | 14 | #include "common.h" 15 | 16 | //----------------------------------------------------------------------------- 17 | // ISO 14443A 18 | //----------------------------------------------------------------------------- 19 | typedef struct { 20 | byte_t uid[10]; 21 | byte_t uidlen; 22 | byte_t atqa[2]; 23 | byte_t sak; 24 | byte_t ats_len; 25 | byte_t ats[256]; 26 | } __attribute__((__packed__)) iso14a_card_select_t; 27 | 28 | typedef enum ISO14A_COMMAND { 29 | ISO14A_CONNECT = (1 << 0), 30 | ISO14A_NO_DISCONNECT = (1 << 1), 31 | ISO14A_APDU = (1 << 2), 32 | ISO14A_RAW = (1 << 3), 33 | ISO14A_REQUEST_TRIGGER = (1 << 4), 34 | ISO14A_APPEND_CRC = (1 << 5), 35 | ISO14A_SET_TIMEOUT = (1 << 6), 36 | ISO14A_NO_SELECT = (1 << 7), 37 | ISO14A_TOPAZMODE = (1 << 8) 38 | } iso14a_command_t; 39 | 40 | #endif // _MIFARE_H_ 41 | -------------------------------------------------------------------------------- /client/hid-flasher/proxendian.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 Hector Martin "marcan" 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Endianness convenience functions 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef PROXENDIAN_H__ 12 | #define PROXENDIAN_H__ 13 | 14 | #include 15 | 16 | #ifdef WIN32 17 | # define HOST_LITTLE_ENDIAN 18 | #else 19 | # include 20 | 21 | # if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 22 | # error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 23 | # endif 24 | 25 | # if BYTE_ORDER == LITTLE_ENDIAN 26 | # define HOST_LITTLE_ENDIAN 27 | # endif 28 | #endif 29 | 30 | #ifdef HOST_LITTLE_ENDIAN 31 | # define le16(x) (x) 32 | # define le32(x) (x) 33 | #else 34 | 35 | static inline uint16_t le16(uint16_t v) 36 | { 37 | return (v>>8) | (v<<8); 38 | } 39 | 40 | static inline uint32_t le32(uint32_t v) 41 | { 42 | return (le16(v)<<16) | (le16(v>>16)); 43 | } 44 | #endif // HOST_LITTLE_ENDIAN 45 | 46 | #endif // PROXENDIAN_H__ 47 | -------------------------------------------------------------------------------- /include/hitag2.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // (c) 2012 Roel Verdult 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Hitag2 type prototyping 9 | //----------------------------------------------------------------------------- 10 | // HitagS added 11 | //----------------------------------------------------------------------------- 12 | 13 | #ifndef _HITAG2_H_ 14 | #define _HITAG2_H_ 15 | 16 | typedef enum { 17 | RHTSF_CHALLENGE = 01, 18 | RHTSF_KEY = 02, 19 | WHTSF_CHALLENGE = 03, 20 | WHTSF_KEY = 04, 21 | RHT2F_PASSWORD = 21, 22 | RHT2F_AUTHENTICATE = 22, 23 | RHT2F_CRYPTO = 23, 24 | RHT2F_TEST_AUTH_ATTEMPTS = 25, 25 | } hitag_function; 26 | 27 | typedef struct { 28 | byte_t password[4]; 29 | } PACKED rht2d_password; 30 | 31 | typedef struct { 32 | byte_t NrAr[8]; 33 | byte_t data[4]; 34 | } PACKED rht2d_authenticate; 35 | 36 | typedef struct { 37 | byte_t key[6]; 38 | byte_t data[4]; 39 | } PACKED rht2d_crypto; 40 | 41 | typedef union { 42 | rht2d_password pwd; 43 | rht2d_authenticate auth; 44 | rht2d_crypto crypto; 45 | } hitag_data; 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /fpga/Makefile: -------------------------------------------------------------------------------- 1 | include ../common/Makefile.common 2 | 3 | all: fpga_lf.bit fpga_hf.bit 4 | clean: 5 | $(DELETE) *.bgn *.drc *.ncd *.ngd *_par.xrpt *-placed.* *-placed_pad.* *_usage.xml xst_hf.srp xst_lf.srp 6 | $(DELETE) *.map *.ngc *.xrpt *.pcf *.rbt *_auto_* *.bld *.mrp *.ngm *.unroutes *_summary.xml netlist.lst xst 7 | 8 | fpga_hf.ngc: fpga_hf.v fpga.ucf xst_hf.scr util.v hi_simulate.v hi_read_tx.v hi_read_rx_xcorr.v hi_iso14443a.v hi_sniffer.v 9 | $(DELETE) $@ 10 | $(XILINX_TOOLS_PREFIX)xst -ifn xst_hf.scr 11 | 12 | fpga_lf.ngc: fpga_lf.v fpga.ucf xst_lf.scr util.v clk_divider.v lo_edge_detect.v lo_read.v lo_passthru.v lp20khz_1MSa_iir_filter.v min_max_tracker.v lf_edge_detect.v 13 | $(DELETE) $@ 14 | $(XILINX_TOOLS_PREFIX)xst -ifn xst_lf.scr 15 | 16 | %.ngd: %.ngc 17 | $(DELETE) $@ 18 | $(XILINX_TOOLS_PREFIX)ngdbuild -aul -p xc2s30-5-vq100 -nt timestamp -uc fpga.ucf $< $@ 19 | 20 | %.ncd: %.ngd 21 | $(DELETE) $@ 22 | $(XILINX_TOOLS_PREFIX)map -p xc2s30-5-vq100 $< 23 | 24 | %-placed.ncd: %.ncd 25 | $(DELETE) $@ 26 | $(XILINX_TOOLS_PREFIX)par $< $@ 27 | 28 | %.bit: %-placed.ncd 29 | $(DELETE) $@ $*.drc $*.rbt 30 | $(XILINX_TOOLS_PREFIX)bitgen $< $@ 31 | 32 | .PHONY: all clean help 33 | help: 34 | @echo Multi-OS Makefile, you are running on $(DETECTED_OS) 35 | @echo Possible targets: 36 | @echo + all - Make fpga.bit, the FPGA bitstream 37 | @echo + clean - Clean intermediate files, does not clean fpga.bit 38 | 39 | -------------------------------------------------------------------------------- /liblua/ltable.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: ltable.h,v 2.16 2011/08/17 20:26:47 roberto Exp $ 3 | ** Lua tables (hash) 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef ltable_h 8 | #define ltable_h 9 | 10 | #include "lobject.h" 11 | 12 | 13 | #define gnode(t,i) (&(t)->node[i]) 14 | #define gkey(n) (&(n)->i_key.tvk) 15 | #define gval(n) (&(n)->i_val) 16 | #define gnext(n) ((n)->i_key.nk.next) 17 | 18 | #define invalidateTMcache(t) ((t)->flags = 0) 19 | 20 | 21 | LUAI_FUNC const TValue *luaH_getint (Table *t, int key); 22 | LUAI_FUNC void luaH_setint (lua_State *L, Table *t, int key, TValue *value); 23 | LUAI_FUNC const TValue *luaH_getstr (Table *t, TString *key); 24 | LUAI_FUNC const TValue *luaH_get (Table *t, const TValue *key); 25 | LUAI_FUNC TValue *luaH_newkey (lua_State *L, Table *t, const TValue *key); 26 | LUAI_FUNC TValue *luaH_set (lua_State *L, Table *t, const TValue *key); 27 | LUAI_FUNC Table *luaH_new (lua_State *L); 28 | LUAI_FUNC void luaH_resize (lua_State *L, Table *t, int nasize, int nhsize); 29 | LUAI_FUNC void luaH_resizearray (lua_State *L, Table *t, int nasize); 30 | LUAI_FUNC void luaH_free (lua_State *L, Table *t); 31 | LUAI_FUNC int luaH_next (lua_State *L, Table *t, StkId key); 32 | LUAI_FUNC int luaH_getn (Table *t); 33 | 34 | 35 | #if defined(LUA_DEBUG) 36 | LUAI_FUNC Node *luaH_mainposition (const Table *t, const TValue *key); 37 | LUAI_FUNC int luaH_isdummy (Node *n); 38 | #endif 39 | 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /tools/mkversion.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # Output a version.c file that includes information about the current build 3 | # Normally a couple of lines of bash would be enough (see openpcd project, original firmware by Harald Welte and Milosch Meriac) 4 | # but this will, at least in theory, also work on Windows with our current compile environment. 5 | # -- Henryk Plötz 2009-09-28 6 | # Modified april 2014 because of the move to github. 7 | # --- Martin Holst Swende 8 | 9 | 10 | # Clear environment locale so that git will not use localized strings 11 | $ENV{'LC_ALL'} = "C"; 12 | $ENV{'LANG'} = "C"; 13 | 14 | my $gitversion = `git describe --dirty`; 15 | my $gitbranch = `git rev-parse --abbrev-ref HEAD`; 16 | my $clean = 2; 17 | my @compiletime = gmtime(); 18 | 19 | my $fullgitinfo = $gitbranch . '/' . $gitversion; 20 | 21 | $fullgitinfo =~ s/(\s)//g; 22 | 23 | # Crop so it fits within 50 characters 24 | $fullgitinfo =~ s/.{50}\K.*//s; 25 | 26 | $compiletime[4] += 1; 27 | $compiletime[5] += 1900; 28 | my $ctime = sprintf("%6\$04i-%5\$02i-%4\$02i %3\$02i:%2\$02i:%1\$02i", @compiletime); 29 | 30 | 31 | print <len+1)*sizeof(char)) 16 | 17 | #define sizeudata(u) (sizeof(union Udata)+(u)->len) 18 | 19 | #define luaS_newliteral(L, s) (luaS_newlstr(L, "" s, \ 20 | (sizeof(s)/sizeof(char))-1)) 21 | 22 | #define luaS_fix(s) l_setbit((s)->tsv.marked, FIXEDBIT) 23 | 24 | 25 | /* 26 | ** test whether a string is a reserved word 27 | */ 28 | #define isreserved(s) ((s)->tsv.tt == LUA_TSHRSTR && (s)->tsv.extra > 0) 29 | 30 | 31 | /* 32 | ** equality for short strings, which are always internalized 33 | */ 34 | #define eqshrstr(a,b) check_exp((a)->tsv.tt == LUA_TSHRSTR, (a) == (b)) 35 | 36 | 37 | LUAI_FUNC unsigned int luaS_hash (const char *str, size_t l, unsigned int seed); 38 | LUAI_FUNC int luaS_eqlngstr (TString *a, TString *b); 39 | LUAI_FUNC int luaS_eqstr (TString *a, TString *b); 40 | LUAI_FUNC void luaS_resize (lua_State *L, int newsize); 41 | LUAI_FUNC Udata *luaS_newudata (lua_State *L, size_t s, Table *e); 42 | LUAI_FUNC TString *luaS_newlstr (lua_State *L, const char *str, size_t l); 43 | LUAI_FUNC TString *luaS_new (lua_State *L, const char *str); 44 | 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /tools/at91sam7s512-jtagkey.cfg: -------------------------------------------------------------------------------- 1 | #define our ports 2 | telnet_port 4444 3 | gdb_port 3333 4 | 5 | #commands specific to the Amontec JTAGKey 6 | interface ft2232 7 | ft2232_device_desc "Amontec JTAGkey A" 8 | ft2232_layout jtagkey 9 | ft2232_vid_pid 0x0403 0xcff8 10 | jtag_khz 200 11 | jtag_nsrst_delay 200 12 | jtag_ntrst_delay 200 13 | 14 | #reset_config [combination] [trst_type] [srst_type] 15 | reset_config srst_only srst_pulls_trst 16 | 17 | jtag newtap sam7x cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x3f0f0f0f 18 | 19 | target create sam7x.cpu arm7tdmi -endian little -chain-position sam7x.cpu -variant arm7tdmi 20 | 21 | sam7x.cpu configure -event reset-init { 22 | soft_reset_halt 23 | mww 0xfffffd00 0xa5000004 # RSTC_CR: Reset peripherals 24 | mww 0xfffffd44 0x00008000 # WDT_MR: disable watchdog 25 | mww 0xfffffd08 0xa5000001 # RSTC_MR enable user reset 26 | mww 0xfffffc20 0x00005001 # CKGR_MOR : enable the main oscillator 27 | sleep 10 28 | mww 0xfffffc2c 0x000b1c02 # CKGR_PLLR: 16MHz * 12/2 = 96MHz 29 | sleep 10 30 | mww 0xfffffc30 0x00000007 # PMC_MCKR : MCK = PLL / 2 = 48 MHz 31 | sleep 10 32 | mww 0xffffff60 0x00480100 # MC_FMR: flash mode (FWS=1,FMCN=72) 33 | sleep 100 34 | } 35 | 36 | gdb_memory_map enable 37 | gdb_breakpoint_override hard 38 | armv4_5 core_state arm 39 | 40 | sam7x.cpu configure -work-area-virt 0 -work-area-phys 0x00200000 -work-area-size 0x10000 -work-area-backup 0 41 | flash bank at91sam7 0x100000 0x40000 0 4 sam7x.cpu 42 | -------------------------------------------------------------------------------- /fpga/go.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rmdir/s/q xst 4 | 5 | del fpga_lf.ngc 6 | xst -ifn xst_lf.scr 7 | if errorlevel 0 goto ok1 8 | goto done 9 | :ok1 10 | 11 | del fpga_lf.ngd 12 | ngdbuild -aul -p xc2s30-6vq100 -nt timestamp -uc fpga.ucf fpga_lf.ngc fpga_lf.ngd 13 | if errorlevel 0 goto ok2 14 | goto done 15 | :ok2 16 | 17 | del fpga_lf.ncd 18 | map -p xc2s30-6vq100 fpga_lf.ngd 19 | if errorlevel 0 goto ok3 20 | goto done 21 | :ok3 22 | 23 | del fpga_lf-placed.ncd 24 | par fpga_lf.ncd fpga_lf-placed.ncd 25 | if errorlevel 0 goto ok4 26 | goto done 27 | :ok4 28 | 29 | del fpga_lf.bit fpga_lf.drc fpga_lf.rbt 30 | bitgen -b fpga_lf-placed.ncd fpga_lf.bit 31 | if errorlevel 0 goto ok5 32 | goto done 33 | :ok5 34 | 35 | del fpga_hf.ngc 36 | xst -ifn xst_hf.scr 37 | if errorlevel 0 goto ok6 38 | goto done 39 | :ok6 40 | 41 | del fpga_hf.ngd 42 | ngdbuild -aul -p xc2s30-6vq100 -nt timestamp -uc fpga.ucf fpga_hf.ngc fpga_hf.ngd 43 | if errorlevel 0 goto ok7 44 | goto done 45 | :ok7 46 | 47 | del fpga_hf.ncd 48 | map -p xc2s30-6vq100 fpga_hf.ngd 49 | if errorlevel 0 goto ok8 50 | goto done 51 | :ok8 52 | 53 | del fpga_hf-placed.ncd 54 | par fpga_hf.ncd fpga_hf-placed.ncd 55 | if errorlevel 0 goto ok9 56 | goto done 57 | :ok9 58 | 59 | del fpga_hf.bit fpga_hf.drc fpga_hf.rbt 60 | bitgen -b fpga_hf-placed.ncd fpga_hf.bit 61 | if errorlevel 0 goto ok10 62 | goto done 63 | :ok10 64 | 65 | echo okay 66 | perl ..\tools\rbt2c.pl fpga_lf.rbt > ..\armsrc\fpgaimg.c 67 | 68 | :done 69 | -------------------------------------------------------------------------------- /client/cmdhfmfu.h: -------------------------------------------------------------------------------- 1 | #include "cmdhfmf.h" 2 | #include "cmdhf14a.h" 3 | 4 | #ifndef CMDHFMFU_H__ 5 | #define CMDHFMFU_H__ 6 | 7 | int CmdHF14AMfUWrBl(const char *Cmd); 8 | int CmdHF14AMfURdBl(const char *Cmd); 9 | 10 | //Crypto Cards 11 | int CmdHF14AMfucAuth(const char *Cmd); 12 | 13 | //general stuff 14 | int CmdHF14AMfUDump(const char *Cmd); 15 | int CmdHF14AMfUInfo(const char *Cmd); 16 | 17 | uint32_t GetHF14AMfU_Type(void); 18 | int ul_print_type(uint32_t tagtype, uint8_t spacer); 19 | void ul_switch_off_field(void); 20 | 21 | int usage_hf_mfu_dump(void); 22 | int usage_hf_mfu_info(void); 23 | int usage_hf_mfu_rdbl(void); 24 | int usage_hf_mfu_wrbl(void); 25 | 26 | int CmdHFMFUltra(const char *Cmd); 27 | 28 | typedef enum TAGTYPE_UL { 29 | UNKNOWN = 0x000000, 30 | UL = 0x000001, 31 | UL_C = 0x000002, 32 | UL_EV1_48 = 0x000004, 33 | UL_EV1_128 = 0x000008, 34 | NTAG = 0x000010, 35 | NTAG_203 = 0x000020, 36 | NTAG_210 = 0x000040, 37 | NTAG_212 = 0x000080, 38 | NTAG_213 = 0x000100, 39 | NTAG_215 = 0x000200, 40 | NTAG_216 = 0x000400, 41 | MY_D = 0x000800, 42 | MY_D_NFC = 0x001000, 43 | MY_D_MOVE = 0x002000, 44 | MY_D_MOVE_NFC = 0x004000, 45 | MY_D_MOVE_LEAN= 0x008000, 46 | NTAG_I2C_1K = 0x010000, 47 | NTAG_I2C_2K = 0x020000, 48 | FUDAN_UL = 0x040000, 49 | MAGIC = 0x080000, 50 | UL_MAGIC = UL | MAGIC, 51 | UL_C_MAGIC = UL_C | MAGIC, 52 | UL_ERROR = 0xFFFFFF, 53 | } TagTypeUL_t; 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /fpga/tests/tb_lp20khz_1MSa_iir_filter.v: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2014 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // testbench for lp20khz_1MSa_iir_filter 9 | `include "lp20khz_1MSa_iir_filter.v" 10 | 11 | `define FIN "tb_tmp/data.in" 12 | `define FOUT "tb_tmp/data.filtered" 13 | 14 | module lp20khz_1MSa_iir_filter_tb; 15 | 16 | integer fin, fout, r; 17 | 18 | reg clk; 19 | reg [7:0] adc_d; 20 | wire data_rdy; 21 | wire [7:0] adc_filtered; 22 | 23 | initial 24 | begin 25 | clk = 0; 26 | fin = $fopen(`FIN, "r"); 27 | if (!fin) begin 28 | $display("ERROR: can't open the data file"); 29 | $finish; 30 | end 31 | fout = $fopen(`FOUT, "w+"); 32 | if (!$feof(fin)) 33 | adc_d = $fgetc(fin); // read the first value 34 | end 35 | 36 | always 37 | # 1 clk = !clk; 38 | 39 | always @(posedge clk) 40 | if (data_rdy) begin 41 | if ($time > 1) 42 | r = $fputc(adc_filtered, fout); 43 | if (!$feof(fin)) 44 | adc_d <= $fgetc(fin); 45 | else begin 46 | $fclose(fin); 47 | $fclose(fout); 48 | $finish; 49 | end 50 | end 51 | 52 | // module to test 53 | lp20khz_1MSa_iir_filter filter(clk, adc_d, data_rdy, adc_filtered); 54 | 55 | endmodule 56 | -------------------------------------------------------------------------------- /armsrc/mifaresniff.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Merlok - June 2012 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Routines to support mifare classic sniffer. 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef __MIFARESNIFF_H 12 | #define __MIFARESNIFF_H 13 | 14 | #include "proxmark3.h" 15 | #include "apps.h" 16 | #include "util.h" 17 | #include "string.h" 18 | 19 | #include "iso14443crc.h" 20 | #include "iso14443a.h" 21 | #include "crapto1.h" 22 | #include "mifareutil.h" 23 | #include "common.h" 24 | 25 | #define SNF_INIT 0 26 | #define SNF_NO_FIELD 1 27 | #define SNF_WUPREQ 2 28 | #define SNF_ATQA 3 29 | #define SNF_ANTICOL1 4 30 | #define SNF_UID1 5 31 | #define SNF_ANTICOL2 6 32 | #define SNF_UID2 7 33 | #define SNF_SAK 8 34 | #define SNF_CARD_IDLE 9 35 | #define SNF_CARD_CMD 10 36 | #define SNF_CARD_RESP 11 37 | 38 | #define SNF_UID_4 0 39 | #define SNF_UID_7 0 40 | 41 | bool MfSniffInit(void); 42 | bool RAMFUNC MfSniffLogic(const uint8_t *data, uint16_t len, uint8_t *parity, uint16_t bitCnt, bool reader); 43 | bool RAMFUNC MfSniffSend(uint16_t maxTimeoutMs); 44 | bool intMfSniffSend(); 45 | bool MfSniffEnd(void); 46 | 47 | #endif -------------------------------------------------------------------------------- /client/proxendian.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 Hector Martin "marcan" 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Endianness convenience functions 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef PROXENDIAN_H__ 12 | #define PROXENDIAN_H__ 13 | 14 | #include 15 | 16 | #ifdef _WIN32 17 | # define HOST_LITTLE_ENDIAN 18 | #else 19 | # include 20 | # ifndef BYTE_ORDER 21 | # define BYTE_ORDER __BYTE_ORDER 22 | # define LITTLE_ENDIAN __LITTLE_ENDIAN 23 | # define BIG_ENDIAN __BIG_ENDIAN 24 | # endif 25 | # if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 26 | # error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 27 | # endif 28 | # if BYTE_ORDER == LITTLE_ENDIAN 29 | # define HOST_LITTLE_ENDIAN 30 | # endif 31 | #endif 32 | 33 | #ifdef HOST_LITTLE_ENDIAN 34 | # define le16(x) (x) 35 | # define le32(x) (x) 36 | #else 37 | 38 | static inline uint16_t le16(uint16_t v) 39 | { 40 | return (v>>8) | (v<<8); 41 | } 42 | 43 | static inline uint32_t le32(uint32_t v) 44 | { 45 | return (le16(v)<<16) | (le16(v>>16)); 46 | } 47 | #endif // HOST_LITTLE_ENDIAN 48 | 49 | #endif // PROXENDIAN_H__ 50 | -------------------------------------------------------------------------------- /client/proxgui.cpp: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2009 Michael Gernoth 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // GUI functions 9 | //----------------------------------------------------------------------------- 10 | 11 | #include "proxgui.h" 12 | #include "proxguiqt.h" 13 | 14 | static ProxGuiQT *gui = NULL; 15 | 16 | extern "C" void ShowGraphWindow(void) 17 | { 18 | if (!gui) 19 | return; 20 | 21 | gui->ShowGraphWindow(); 22 | } 23 | 24 | extern "C" void HideGraphWindow(void) 25 | { 26 | if (!gui) 27 | return; 28 | 29 | gui->HideGraphWindow(); 30 | } 31 | 32 | extern "C" void RepaintGraphWindow(void) 33 | { 34 | if (!gui) 35 | return; 36 | 37 | gui->RepaintGraphWindow(); 38 | } 39 | 40 | extern "C" void MainGraphics(void) 41 | { 42 | if (!gui) 43 | return; 44 | 45 | gui->MainLoop(); 46 | } 47 | 48 | extern "C" void InitGraphics(int argc, char **argv) 49 | { 50 | #ifdef Q_WS_X11 51 | bool useGUI = getenv("DISPLAY") != 0; 52 | #else 53 | bool useGUI = true; 54 | #endif 55 | if (!useGUI) 56 | return; 57 | 58 | gui = new ProxGuiQT(argc, argv); 59 | } 60 | 61 | extern "C" void ExitGraphics(void) 62 | { 63 | if (!gui) 64 | return; 65 | 66 | delete gui; 67 | gui = NULL; 68 | } 69 | -------------------------------------------------------------------------------- /common/ldscript.common: -------------------------------------------------------------------------------- 1 | /* 2 | ----------------------------------------------------------------------------- 3 | This code is licensed to you under the ter 4 | ms of the GNU GPL, version 2 or, 5 | at your option, any later version. See the LICENSE.txt file for the text of 6 | the license. 7 | ----------------------------------------------------------------------------- 8 | Common linker script 9 | ----------------------------------------------------------------------------- 10 | */ 11 | 12 | /* AT91SAM7S256 has 256k Flash and 64k RAM */ 13 | MEMORY 14 | { 15 | bootphase1 : ORIGIN = 0x00100000, LENGTH = 0x200 /* Phase 1 bootloader: Copies real bootloader to RAM */ 16 | bootphase2 : ORIGIN = 0x00100200, LENGTH = 0x2000 - 0x200 /* Main bootloader code, stored in Flash, executed from RAM */ 17 | osimage : ORIGIN = 0x00102000, LENGTH = 256K - 0x2000 /* Place where the main OS will end up */ 18 | ram : ORIGIN = 0x00200000, LENGTH = 64K - 0x20 /* RAM, minus small common area */ 19 | commonarea : ORIGIN = 0x00200000 + 64K - 0x20, LENGTH = 0x20 /* Communication between bootloader and main OS */ 20 | } 21 | 22 | /* Export some information that can be used from within the firmware */ 23 | _bootphase1_version_pointer = ORIGIN(bootphase1) + LENGTH(bootphase1) - 0x4; 24 | _osimage_entry = ORIGIN(osimage); 25 | _bootrom_start = ORIGIN(bootphase1); 26 | _bootrom_end = ORIGIN(bootphase2) + LENGTH(bootphase2); 27 | _flash_start = ORIGIN(bootphase1); 28 | _flash_end = ORIGIN(osimage) + LENGTH(osimage); 29 | _stack_end = ORIGIN(ram) + LENGTH(ram) - 8; 30 | -------------------------------------------------------------------------------- /client/nonce2key/nonce2key.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Merlok - June 2011 3 | // Roel - Dec 2009 4 | // Unknown author 5 | // 6 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 7 | // at your option, any later version. See the LICENSE.txt file for the text of 8 | // the license. 9 | //----------------------------------------------------------------------------- 10 | // MIFARE Darkside hack 11 | //----------------------------------------------------------------------------- 12 | 13 | #ifndef __NONCE2KEY_H 14 | #define __NONCE2KEY_H 15 | 16 | #include 17 | #include 18 | #include "crapto1.h" 19 | #include "common.h" 20 | //#include //for bool 21 | 22 | typedef struct { 23 | uint32_t cuid; 24 | uint8_t sector; 25 | uint8_t keytype; 26 | uint32_t nonce; 27 | uint32_t ar; 28 | uint32_t nr; 29 | uint32_t nonce2; 30 | uint32_t ar2; 31 | uint32_t nr2; 32 | } nonces_t; 33 | 34 | int nonce2key(uint32_t uid, uint32_t nt, uint32_t nr, uint64_t par_info, uint64_t ks_info, uint64_t * key); 35 | bool mfkey32(nonces_t data, uint64_t *outputkey); 36 | bool tryMfk32_moebius(nonces_t data, uint64_t *outputkey); 37 | int tryMfk64_ex(uint8_t *data, uint64_t *outputkey); 38 | int tryMfk64(uint32_t uid, uint32_t nt, uint32_t nr_enc, uint32_t ar_enc, uint32_t at_enc, uint64_t *outputkey); 39 | 40 | //uint64_t mfkey32(uint32_t uid, uint32_t nt, uint32_t nr0_enc, uint32_t ar0_enc, uint32_t nr1_enc, uint32_t ar1_enc); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /bootrom/ldscript-flash: -------------------------------------------------------------------------------- 1 | /* 2 | ----------------------------------------------------------------------------- 3 | This code is licensed to you under the terms of the GNU GPL, version 2 or, 4 | at your option, any later version. See the LICENSE.txt file for the text of 5 | the license. 6 | ----------------------------------------------------------------------------- 7 | Bootrom linker script 8 | ----------------------------------------------------------------------------- 9 | */ 10 | 11 | INCLUDE ../common/ldscript.common 12 | 13 | PHDRS 14 | { 15 | phase1 PT_LOAD; 16 | phase2 PT_LOAD; 17 | bss PT_LOAD; 18 | } 19 | 20 | ENTRY(flashstart) 21 | SECTIONS 22 | { 23 | .bootphase1 : { 24 | *(.startup) 25 | 26 | . = ALIGN(4); 27 | _version_information_start = .; 28 | KEEP(*(.version_information)); 29 | 30 | . = LENGTH(bootphase1) - 0x4; 31 | LONG(_version_information_start); 32 | } >bootphase1 :phase1 33 | 34 | .bootphase2 : { 35 | *(.startphase2) 36 | *(.text) 37 | *(.text.*) 38 | *(.eh_frame) 39 | *(.glue_7) 40 | *(.glue_7t) 41 | *(.rodata) 42 | *(.rodata.*) 43 | *(.data) 44 | *(.data.*) 45 | . = ALIGN(4); 46 | } >ram AT>bootphase2 :phase2 47 | 48 | __bootphase2_src_start__ = LOADADDR(.bootphase2); 49 | __bootphase2_start__ = ADDR(.bootphase2); 50 | __bootphase2_end__ = __bootphase2_start__ + SIZEOF(.bootphase2); 51 | 52 | .bss : { 53 | __bss_start__ = .; 54 | *(.bss) 55 | *(.bss.*) 56 | . = ALIGN(4); 57 | __bss_end__ = .; 58 | } >ram AT>ram :bss 59 | 60 | .commonarea (NOLOAD) : { 61 | *(.commonarea) 62 | } >commonarea 63 | } 64 | -------------------------------------------------------------------------------- /fpga/hi_sniffer.v: -------------------------------------------------------------------------------- 1 | module hi_sniffer( 2 | pck0, ck_1356meg, ck_1356megb, 3 | pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4, 4 | adc_d, adc_clk, 5 | ssp_frame, ssp_din, ssp_dout, ssp_clk, 6 | cross_hi, cross_lo, 7 | dbg, 8 | xcorr_is_848, snoop, xcorr_quarter_freq // not used. 9 | ); 10 | input pck0, ck_1356meg, ck_1356megb; 11 | output pwr_lo, pwr_hi, pwr_oe1, pwr_oe2, pwr_oe3, pwr_oe4; 12 | input [7:0] adc_d; 13 | output adc_clk; 14 | input ssp_dout; 15 | output ssp_frame, ssp_din, ssp_clk; 16 | input cross_hi, cross_lo; 17 | output dbg; 18 | input xcorr_is_848, snoop, xcorr_quarter_freq; // not used. 19 | 20 | // We are only snooping, all off. 21 | assign pwr_hi = 1'b0; 22 | assign pwr_lo = 1'b0; 23 | assign pwr_oe1 = 1'b0; 24 | assign pwr_oe2 = 1'b0; 25 | assign pwr_oe3 = 1'b0; 26 | assign pwr_oe4 = 1'b0; 27 | 28 | reg ssp_frame; 29 | reg [7:0] adc_d_out = 8'd0; 30 | reg [2:0] ssp_cnt = 3'd0; 31 | 32 | assign adc_clk = ck_1356meg; 33 | assign ssp_clk = ~ck_1356meg; 34 | 35 | always @(posedge ssp_clk) 36 | begin 37 | if(ssp_cnt[2:0] == 3'd7) 38 | ssp_cnt[2:0] <= 3'd0; 39 | else 40 | ssp_cnt <= ssp_cnt + 1; 41 | 42 | if(ssp_cnt[2:0] == 3'b000) // set frame length 43 | begin 44 | adc_d_out[7:0] <= adc_d; 45 | ssp_frame <= 1'b1; 46 | end 47 | else 48 | begin 49 | adc_d_out[7:0] <= {1'b0, adc_d_out[7:1]}; 50 | ssp_frame <= 1'b0; 51 | end 52 | 53 | end 54 | 55 | assign ssp_din = adc_d_out[0]; 56 | 57 | endmodule 58 | -------------------------------------------------------------------------------- /client/graph.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Graph utilities 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef GRAPH_H__ 12 | #define GRAPH_H__ 13 | #include 14 | 15 | void AppendGraph(int redraw, int clock, int bit); 16 | int ClearGraph(int redraw); 17 | //int DetectClock(int peak); 18 | size_t getFromGraphBuf(uint8_t *buff); 19 | int GetAskClock(const char str[], bool printAns, bool verbose); 20 | int GetPskClock(const char str[], bool printAns, bool verbose); 21 | uint8_t GetPskCarrier(const char str[], bool printAns, bool verbose); 22 | uint8_t GetNrzClock(const char str[], bool printAns, bool verbose); 23 | uint8_t GetFskClock(const char str[], bool printAns, bool verbose); 24 | uint8_t fskClocks(uint8_t *fc1, uint8_t *fc2, uint8_t *rf1, bool verbose); 25 | void setGraphBuf(uint8_t *buff, size_t size); 26 | void save_restoreGB(uint8_t saveOpt); 27 | 28 | bool HasGraphData(); 29 | void DetectHighLowInGraph(int *high, int *low, bool addFuzz); 30 | 31 | // Max graph trace len: 40000 (bigbuf) * 8 (at 1 bit per sample) 32 | #define MAX_GRAPH_TRACE_LEN (40000 * 8 ) 33 | 34 | extern int GraphBuffer[MAX_GRAPH_TRACE_LEN]; 35 | extern int GraphTraceLen; 36 | #endif 37 | -------------------------------------------------------------------------------- /armsrc/ldscript: -------------------------------------------------------------------------------- 1 | /* 2 | ----------------------------------------------------------------------------- 3 | This code is licensed to you under the terms of the GNU GPL, version 2 or, 4 | at your option, any later version. See the LICENSE.txt file for the text of 5 | the license. 6 | ----------------------------------------------------------------------------- 7 | Linker script for the ARM binary 8 | ----------------------------------------------------------------------------- 9 | */ 10 | INCLUDE ../common/ldscript.common 11 | 12 | PHDRS 13 | { 14 | text PT_LOAD FLAGS(5); 15 | data PT_LOAD; 16 | bss PT_LOAD; 17 | } 18 | 19 | ENTRY(Vector) 20 | SECTIONS 21 | { 22 | .start : { 23 | *(.startos) 24 | } >osimage :text 25 | 26 | .text : { 27 | KEEP(*(stage1_image)) 28 | *(.text) 29 | *(.text.*) 30 | *(.eh_frame) 31 | *(.glue_7) 32 | *(.glue_7t) 33 | } >osimage :text 34 | 35 | .rodata : { 36 | *(.rodata) 37 | *(.rodata.*) 38 | *(fpga_all_bit.data) 39 | KEEP(*(.version_information)) 40 | . = ALIGN(8); 41 | } >osimage :text 42 | 43 | .data : { 44 | KEEP(*(compressed_data)) 45 | *(.data) 46 | *(.data.*) 47 | *(.ramfunc) 48 | . = ALIGN(4); 49 | } >ram AT>osimage :data 50 | 51 | __data_src_start__ = LOADADDR(.data); 52 | __data_start__ = ADDR(.data); 53 | __data_end__ = __data_start__ + SIZEOF(.data); 54 | __os_size__ = SIZEOF(.text) + SIZEOF(.data) + SIZEOF(.rodata); 55 | 56 | .bss : { 57 | __bss_start__ = .; 58 | *(.bss) 59 | *(.bss.*) 60 | . = ALIGN(4); 61 | __bss_end__ = .; 62 | } >ram AT>ram :bss 63 | 64 | .commonarea (NOLOAD) : { 65 | *(.commonarea) 66 | } >commonarea :NONE 67 | } 68 | -------------------------------------------------------------------------------- /client/cli.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // Command line binary 7 | //----------------------------------------------------------------------------- 8 | 9 | #include 10 | #include "sleep.h" 11 | #include "ui.h" 12 | #include "proxusb.h" 13 | #include "cmdmain.h" 14 | 15 | #define HANDLE_ERROR if (error_occured) { \ 16 | error_occured = 0;\ 17 | break;\ 18 | } 19 | 20 | int main(int argc, char **argv) 21 | { 22 | if (argc != 3 && argc != 4) 23 | { 24 | printf("\n\tusage: cli [logfile (default cli.log)]\n"); 25 | printf("\n"); 26 | printf("\texample: cli hi14asnoop hi14alist h14a.log\n"); 27 | printf("\n"); 28 | return -1; 29 | } 30 | 31 | usb_init(); 32 | if (argc == 4) 33 | SetLogFilename(argv[3]); 34 | else 35 | SetLogFilename("cli.log"); 36 | 37 | return_on_error = 1; 38 | 39 | while (1) { 40 | while (!OpenProxmark(0)) { sleep(1); } 41 | while (1) { 42 | UsbCommand cmdbuf; 43 | CommandReceived(argv[1]); 44 | HANDLE_ERROR; 45 | ReceiveCommand(&cmdbuf); 46 | HANDLE_ERROR; 47 | for (int i = 0; i < 5; ++i) { 48 | ReceiveCommandPoll(&cmdbuf); 49 | } 50 | HANDLE_ERROR; 51 | CommandReceived(argv[2]); 52 | HANDLE_ERROR; 53 | } 54 | } 55 | 56 | CloseProxmark(); 57 | return 0; 58 | } 59 | -------------------------------------------------------------------------------- /common/crc.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // Generic CRC calculation code. 7 | //----------------------------------------------------------------------------- 8 | #include "crc.h" 9 | #include 10 | #include 11 | 12 | void crc_init(crc_t *crc, int order, uint32_t polynom, uint32_t initial_value, uint32_t final_xor) 13 | { 14 | crc->order = order; 15 | crc->polynom = polynom; 16 | crc->initial_value = initial_value; 17 | crc->final_xor = final_xor; 18 | crc->mask = (1L<state; 27 | crc->state = crc->state >> 1; 28 | if( (oldstate^data) & 1 ) { 29 | crc->state ^= crc->polynom; 30 | } 31 | data >>= 1; 32 | } 33 | } 34 | 35 | void crc_clear(crc_t *crc) 36 | { 37 | crc->state = crc->initial_value & crc->mask; 38 | } 39 | 40 | uint32_t crc_finish(crc_t *crc) 41 | { 42 | return ( crc->state ^ crc->final_xor ) & crc->mask; 43 | } 44 | 45 | //credits to iceman 46 | uint32_t CRC8Maxim(uint8_t *buff, size_t size) 47 | { 48 | crc_t crc; 49 | crc_init(&crc, 9, 0x8c, 0x00, 0x00); 50 | crc_clear(&crc); 51 | 52 | for (size_t i=0; i < size; ++i){ 53 | crc_update(&crc, buff[i], 8); 54 | } 55 | return crc_finish(&crc); 56 | } 57 | -------------------------------------------------------------------------------- /liblua/lvm.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lvm.h,v 2.18 2013/01/08 14:06:55 roberto Exp $ 3 | ** Lua virtual machine 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef lvm_h 8 | #define lvm_h 9 | 10 | 11 | #include "ldo.h" 12 | #include "lobject.h" 13 | #include "ltm.h" 14 | 15 | 16 | #define tostring(L,o) (ttisstring(o) || (luaV_tostring(L, o))) 17 | 18 | #define tonumber(o,n) (ttisnumber(o) || (((o) = luaV_tonumber(o,n)) != NULL)) 19 | 20 | #define equalobj(L,o1,o2) (ttisequal(o1, o2) && luaV_equalobj_(L, o1, o2)) 21 | 22 | #define luaV_rawequalobj(o1,o2) equalobj(NULL,o1,o2) 23 | 24 | 25 | /* not to called directly */ 26 | LUAI_FUNC int luaV_equalobj_ (lua_State *L, const TValue *t1, const TValue *t2); 27 | 28 | 29 | LUAI_FUNC int luaV_lessthan (lua_State *L, const TValue *l, const TValue *r); 30 | LUAI_FUNC int luaV_lessequal (lua_State *L, const TValue *l, const TValue *r); 31 | LUAI_FUNC const TValue *luaV_tonumber (const TValue *obj, TValue *n); 32 | LUAI_FUNC int luaV_tostring (lua_State *L, StkId obj); 33 | LUAI_FUNC void luaV_gettable (lua_State *L, const TValue *t, TValue *key, 34 | StkId val); 35 | LUAI_FUNC void luaV_settable (lua_State *L, const TValue *t, TValue *key, 36 | StkId val); 37 | LUAI_FUNC void luaV_finishOp (lua_State *L); 38 | LUAI_FUNC void luaV_execute (lua_State *L); 39 | LUAI_FUNC void luaV_concat (lua_State *L, int total); 40 | LUAI_FUNC void luaV_arith (lua_State *L, StkId ra, const TValue *rb, 41 | const TValue *rc, TMS op); 42 | LUAI_FUNC void luaV_objlen (lua_State *L, StkId ra, const TValue *rb); 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /liblua/ldo.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: ldo.h,v 2.20 2011/11/29 15:55:08 roberto Exp $ 3 | ** Stack and Call structure of Lua 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef ldo_h 8 | #define ldo_h 9 | 10 | 11 | #include "lobject.h" 12 | #include "lstate.h" 13 | #include "lzio.h" 14 | 15 | 16 | #define luaD_checkstack(L,n) if (L->stack_last - L->top <= (n)) \ 17 | luaD_growstack(L, n); else condmovestack(L); 18 | 19 | 20 | #define incr_top(L) {L->top++; luaD_checkstack(L,0);} 21 | 22 | #define savestack(L,p) ((char *)(p) - (char *)L->stack) 23 | #define restorestack(L,n) ((TValue *)((char *)L->stack + (n))) 24 | 25 | 26 | /* type of protected functions, to be ran by `runprotected' */ 27 | typedef void (*Pfunc) (lua_State *L, void *ud); 28 | 29 | LUAI_FUNC int luaD_protectedparser (lua_State *L, ZIO *z, const char *name, 30 | const char *mode); 31 | LUAI_FUNC void luaD_hook (lua_State *L, int event, int line); 32 | LUAI_FUNC int luaD_precall (lua_State *L, StkId func, int nresults); 33 | LUAI_FUNC void luaD_call (lua_State *L, StkId func, int nResults, 34 | int allowyield); 35 | LUAI_FUNC int luaD_pcall (lua_State *L, Pfunc func, void *u, 36 | ptrdiff_t oldtop, ptrdiff_t ef); 37 | LUAI_FUNC int luaD_poscall (lua_State *L, StkId firstResult); 38 | LUAI_FUNC void luaD_reallocstack (lua_State *L, int newsize); 39 | LUAI_FUNC void luaD_growstack (lua_State *L, int n); 40 | LUAI_FUNC void luaD_shrinkstack (lua_State *L); 41 | 42 | LUAI_FUNC l_noret luaD_throw (lua_State *L, int errcode); 43 | LUAI_FUNC int luaD_rawrunprotected (lua_State *L, Pfunc f, void *ud); 44 | 45 | #endif 46 | 47 | -------------------------------------------------------------------------------- /client/hid-flasher/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | CFBundleDevelopmentRegion 10 | English 11 | CFBundleIconFile 12 | 13 | CFBundleIdentifier 14 | com.proxmark.driver.dummy 15 | CFBundleInfoDictionaryVersion 16 | 6.0 17 | CFBundlePackageType 18 | KEXT 19 | CFBundleSignature 20 | ???? 21 | CFBundleVersion 22 | 1.0.0d2 23 | IOKitPersonalities 24 | 25 | 26 | Proxmark3 27 | 28 | CFBundleIdentifier 29 | com.apple.kpi.iokit 30 | IOClass 31 | IOService 32 | IOProviderClass 33 | IOUSBInterface 34 | bConfigurationValue 35 | 1 36 | bInterfaceNumber 37 | 0 38 | idProduct 39 | 19343 40 | idVendor 41 | 39620 42 | 43 | 44 | OSBundleLibraries 45 | 46 | com.apple.iokit.IOUSBFamily 47 | 1.8 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | All notable changes to this project will be documented in this file. 3 | This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log... 4 | 5 | ## [Unreleased][unreleased] 6 | ### Changed 7 | - Improved LF manchester and biphase demodulation and ask clock detection especially for reads with heavy clipping. (marshmellow) 8 | - Iclass read, `hf iclass read` now also reads tag config and prints configuration. (holiman) 9 | - *bootrom* needs to be flashed, due to new address boundaries between os and fpga, after a size optimization (piwi) 10 | 11 | ### Fixed 12 | - Fixed EM4x50 read/demod of the tags broadcasted memory blocks. 'lf em4x em4x50read' (not page read) (marshmellow) 13 | - Fixed issue #19, problems with LF T55xx commands (iceman1001, marshmellow) 14 | 15 | ### Added 16 | - Added changelog 17 | 18 | ## [2.0.0] - 2015-03-25 19 | ### Changed 20 | - LF sim operations now abort when new commands arrive over the USB - not required to push the device button anymore. 21 | 22 | ### Fixed 23 | - Mifare simulation, `hf mf sim` (was broken a long time) (pwpiwi) 24 | - Major improvements in LF area and data operations. (marshmellow, iceman1001) 25 | - Issues regarding LF simulation (pwpiwi) 26 | 27 | ### Added 28 | - iClass functionality: full simulation of iclass tags, so tags can be simulated with data (not only CSN). Not yet support for write/update, but readers don't seem to enforce update. (holiman). 29 | - iClass decryption. Proxmark can now decrypt data on an iclass tag, but requires you to have the HID decryption key locally on your computer, as this is not bundled with the sourcecode. 30 | 31 | 32 | -------------------------------------------------------------------------------- /client/hid-flasher/Makefile: -------------------------------------------------------------------------------- 1 | #----------------------------------------------------------------------------- 2 | # This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | # at your option, any later version. See the LICENSE.txt file for the text of 4 | # the license. 5 | #----------------------------------------------------------------------------- 6 | include ../../common/Makefile.common 7 | 8 | CC=gcc 9 | CXX=g++ 10 | #COMMON_FLAGS = -m32 11 | 12 | VPATH = ../../common 13 | OBJDIR = obj 14 | 15 | LDLIBS = -L/opt/local/lib -L/usr/local/lib -lusb -lreadline -lpthread 16 | LDFLAGS = $(COMMON_FLAGS) 17 | CFLAGS = -std=gnu99 -I. -I../include -I../common -I/opt/local/include -Wall -Wno-unused-function $(COMMON_FLAGS) -g -O3 18 | 19 | CXXFLAGS = 20 | QTLDLIBS = 21 | 22 | RM = rm -f 23 | BINS = flasher 24 | CLEAN = flasher flasher.exe $(OBJDIR)/*.o *.o 25 | 26 | all: $(BINS) 27 | 28 | flasher: $(OBJDIR)/flash.o $(OBJDIR)/flasher.o $(OBJDIR)/proxusb.o 29 | $(CXX) $(CXXFLAGS) $^ $(LDLIBS) -o $@ 30 | 31 | $(OBJDIR)/%.o: %.c 32 | $(CC) $(CFLAGS) -c -o $@ $< 33 | 34 | clean: 35 | $(RM) $(CLEAN) 36 | 37 | # must be run as root 38 | install_kext: Info.plist 39 | mkdir -p /System/Library/Extensions/Proxmark3.kext/Contents 40 | cp Info.plist /System/Library/Extensions/Proxmark3.kext/Contents 41 | chown -R root:wheel /System/Library/Extensions/Proxmark3.kext 42 | chmod 755 /System/Library/Extensions/Proxmark3.kext /System/Library/Extensions/Proxmark3.kext/Contents 43 | chmod 644 /System/Library/Extensions/Proxmark3.kext/Contents/Info.plist 44 | rm -rf /System/Library/Caches/com.apple.kext.caches 45 | touch /System/Library/Extensions 46 | @echo "*** You may need to reboot for the kext to take effect." 47 | 48 | .PHONY: all clean 49 | -------------------------------------------------------------------------------- /client/scripts/emul2dump.lua: -------------------------------------------------------------------------------- 1 | local getopt = require('getopt') 2 | local bin = require('bin') 3 | local dumplib = require('html_dumplib') 4 | 5 | example =[[ 6 | 1. script run emul2dump 7 | 2. script run emul2dump -i myfile.eml 8 | 3. script run emul2dump -i myfile.eml -o myfile.bin 9 | ]] 10 | author = "Iceman" 11 | usage = "script run emul2dump [-i ] [-o ]" 12 | desc =[[ 13 | This script takes an dumpfile on EML (ASCII) format and converts it to the PM3 dumpbin file to be used with "hf mf restore" 14 | 15 | Arguments: 16 | -h This help 17 | -i Specifies the dump-file (input). If omitted, 'dumpdata.eml' is used 18 | -o Specifies the output file. If omitted, .bin is used. 19 | ]] 20 | 21 | --- 22 | -- This is only meant to be used when errors occur 23 | function oops(err) 24 | print("ERROR: ",err) 25 | end 26 | --- 27 | -- Usage help 28 | function help() 29 | print(desc) 30 | print("Example usage") 31 | print(example) 32 | end 33 | -- 34 | -- Exit message 35 | function ExitMsg(msg) 36 | print( string.rep('--',20) ) 37 | print( string.rep('--',20) ) 38 | print(msg) 39 | print() 40 | end 41 | 42 | local function main(args) 43 | 44 | local input = "dumpdata.eml" 45 | local output = os.date("%Y-%m-%d_%H%M%S.bin"); 46 | 47 | -- Arguments for the script 48 | for o, a in getopt.getopt(args, 'hi:o:') do 49 | if o == "h" then return help() end 50 | if o == "i" then input = a end 51 | if o == "o" then output = a end 52 | end 53 | 54 | local filename, err = dumplib.convert_eml_to_bin(input,output) 55 | if err then return oops(err) end 56 | 57 | ExitMsg(("Wrote a BIN dump to the file %s"):format(filename)) 58 | end 59 | 60 | main(args) -------------------------------------------------------------------------------- /liblua/lzio.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lzio.h,v 1.26 2011/07/15 12:48:03 roberto Exp $ 3 | ** Buffered streams 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | 8 | #ifndef lzio_h 9 | #define lzio_h 10 | 11 | #include "lua.h" 12 | 13 | #include "lmem.h" 14 | 15 | 16 | #define EOZ (-1) /* end of stream */ 17 | 18 | typedef struct Zio ZIO; 19 | 20 | #define zgetc(z) (((z)->n--)>0 ? cast_uchar(*(z)->p++) : luaZ_fill(z)) 21 | 22 | 23 | typedef struct Mbuffer { 24 | char *buffer; 25 | size_t n; 26 | size_t buffsize; 27 | } Mbuffer; 28 | 29 | #define luaZ_initbuffer(L, buff) ((buff)->buffer = NULL, (buff)->buffsize = 0) 30 | 31 | #define luaZ_buffer(buff) ((buff)->buffer) 32 | #define luaZ_sizebuffer(buff) ((buff)->buffsize) 33 | #define luaZ_bufflen(buff) ((buff)->n) 34 | 35 | #define luaZ_resetbuffer(buff) ((buff)->n = 0) 36 | 37 | 38 | #define luaZ_resizebuffer(L, buff, size) \ 39 | (luaM_reallocvector(L, (buff)->buffer, (buff)->buffsize, size, char), \ 40 | (buff)->buffsize = size) 41 | 42 | #define luaZ_freebuffer(L, buff) luaZ_resizebuffer(L, buff, 0) 43 | 44 | 45 | LUAI_FUNC char *luaZ_openspace (lua_State *L, Mbuffer *buff, size_t n); 46 | LUAI_FUNC void luaZ_init (lua_State *L, ZIO *z, lua_Reader reader, 47 | void *data); 48 | LUAI_FUNC size_t luaZ_read (ZIO* z, void* b, size_t n); /* read next n bytes */ 49 | 50 | 51 | 52 | /* --------- Private Part ------------------ */ 53 | 54 | struct Zio { 55 | size_t n; /* bytes still unread */ 56 | const char *p; /* current position in buffer */ 57 | lua_Reader reader; /* reader function */ 58 | void* data; /* additional data */ 59 | lua_State *L; /* Lua state (for reader) */ 60 | }; 61 | 62 | 63 | LUAI_FUNC int luaZ_fill (ZIO *z); 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /traces/README.txt: -------------------------------------------------------------------------------- 1 | em4102-clamshell.pm3: Samy's clamshell EM4102 tag (ID: 1f00d9b3a5) 2 | em4102-thin.pm3: Samy's thin credit-card style EM4102 tag (ID: 1a0041375d) 3 | EM4102-1.pm3: credit card style card EM4102 tag (ID: 010872e77c) 4 | EM4102-2.pm3: credit card style card EM4102 tag (ID: 010872beec) 5 | EM4102-3.pm3: credit card style card EM4102 tag (ID: 010872e14f) 6 | em4x05.pm3: ear tag FDX-B ISO-11784/5 (ID: 6DB0840800F80001 - Application Identifier: 8000, Country Code: 124 (Canada), National ID: 270601654) 7 | em4x50.pm3: credit card style card EM4x50 tag (ID: DE2A3F00) 8 | hid-proxCardII-05512-11432784-1.pm3: clamshell-style HID ProxCard II card 9 | indala-00002-12345678-1A: Indala credit-card style card 10 | homeagain.pm3: HomeAgain animal (cat) tag - ID 985121004515220 11 | homeagain1600.pm3: HomeAgain animal (cat) tag - ID 985121004515220 12 | keri.pm3: Keri PSK-3 Key Ring tag (back of tag: 1460 3411) 13 | Transit999-best.pm3: Transit 999 format (UID 99531670) 14 | 15 | The files 'modulation-'... are all encoded with identical data (hex 00 01 02 03 04 05 06 07 08 09 0A 0B) 16 | for the purpose of recognition and testing of demodulation schemes. They were created by writing Q5 tags 17 | appropriately configured. The raw data is in 'modulation-data.dat'. 18 | 19 | ata5577-HIDemu-FC1-C9.pm3: ata5577 in hid prox 26 bit emulation facility code:1 card#:9 20 | casi-12ed825c29.pm3: casi rusco 40 bit (EM410x ID: 12ed825c29) 21 | EM4102-Fob.pm3: (ID: 0400193cbe) 22 | ioprox-XSF-01-3B-44725.pm3: IO Prox FSK RF/64 ID in name 23 | ioprox-XSF-01-BE-03011.pm3: IO Prox FSK RF/64 ID in name 24 | indala-504278295.pm3: PSK 26 bit indala 25 | AWID-15-259.pm3: AWID FSK RF/50 FC: 15 Card: 259 26 | HID-weak-fob-11647.pm3: HID 32bit Prox Card#: 11647. very weak tag/read but just readable. -------------------------------------------------------------------------------- /fpga/tests/plot_edgedetect.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #----------------------------------------------------------------------------- 3 | # Copyright (C) 2014 iZsh 4 | # 5 | # This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | # at your option, any later version. See the LICENSE.txt file for the text of 7 | # the license. 8 | #----------------------------------------------------------------------------- 9 | import numpy 10 | import matplotlib.pyplot as plt 11 | import sys 12 | 13 | if len(sys.argv) != 2: 14 | print "Usage: %s " % sys.argv[0] 15 | sys.exit(1) 16 | 17 | BASENAME = sys.argv[1] 18 | 19 | nx = numpy.fromfile(BASENAME + ".time") 20 | 21 | def plot_time(dat1): 22 | plt.plot(nx, dat1) 23 | 24 | sig = open(BASENAME + ".filtered").read() 25 | sig = map(lambda x: ord(x), sig) 26 | 27 | min_vals = open(BASENAME + ".min").read() 28 | min_vals = map(lambda x: ord(x), min_vals) 29 | 30 | max_vals = open(BASENAME + ".max").read() 31 | max_vals = map(lambda x: ord(x), max_vals) 32 | 33 | states = open(BASENAME + ".state").read() 34 | states = map(lambda x: ord(x) * 10 + 65, states) 35 | 36 | toggles = open(BASENAME+ ".toggle").read() 37 | toggles = map(lambda x: ord(x) * 10 + 80, toggles) 38 | 39 | high = open(BASENAME + ".high").read() 40 | high = map(lambda x: ord(x), high) 41 | highz = open(BASENAME + ".highz").read() 42 | highz = map(lambda x: ord(x), highz) 43 | lowz = open(BASENAME + ".lowz").read() 44 | lowz = map(lambda x: ord(x), lowz) 45 | low = open(BASENAME + ".low").read() 46 | low = map(lambda x: ord(x), low) 47 | 48 | plot_time(sig) 49 | plot_time(min_vals) 50 | plot_time(max_vals) 51 | plot_time(states) 52 | plot_time(toggles) 53 | plot_time(high) 54 | plot_time(highz) 55 | plot_time(lowz) 56 | plot_time(low) 57 | 58 | plt.show() 59 | -------------------------------------------------------------------------------- /armsrc/optimized_cipher.h: -------------------------------------------------------------------------------- 1 | #ifndef OPTIMIZED_CIPHER_H 2 | #define OPTIMIZED_CIPHER_H 3 | #include 4 | 5 | /** 6 | * Definition 1 (Cipher state). A cipher state of iClass s is an element of F 40/2 7 | * consisting of the following four components: 8 | * 1. the left register l = (l 0 . . . l 7 ) ∈ F 8/2 ; 9 | * 2. the right register r = (r 0 . . . r 7 ) ∈ F 8/2 ; 10 | * 3. the top register t = (t 0 . . . t 15 ) ∈ F 16/2 . 11 | * 4. the bottom register b = (b 0 . . . b 7 ) ∈ F 8/2 . 12 | **/ 13 | typedef struct { 14 | uint8_t l; 15 | uint8_t r; 16 | uint8_t b; 17 | uint16_t t; 18 | } State; 19 | 20 | /** The reader MAC is MAC(key, CC * NR ) 21 | **/ 22 | void opt_doReaderMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]); 23 | /** 24 | * The tag MAC is MAC(key, CC * NR * 32x0)) 25 | */ 26 | void opt_doTagMAC(uint8_t *cc_p, const uint8_t *div_key_p, uint8_t mac[4]); 27 | 28 | /** 29 | * The tag MAC can be divided (both can, but no point in dividing the reader mac) into 30 | * two functions, since the first 8 bytes are known, we can pre-calculate the state 31 | * reached after feeding CC to the cipher. 32 | * @param cc_p 33 | * @param div_key_p 34 | * @return the cipher state 35 | */ 36 | State opt_doTagMAC_1(uint8_t *cc_p, const uint8_t *div_key_p); 37 | /** 38 | * The second part of the tag MAC calculation, since the CC is already calculated into the state, 39 | * this function is fed only the NR, and internally feeds the remaining 32 0-bits to generate the tag 40 | * MAC response. 41 | * @param _init - precalculated cipher state 42 | * @param nr - the reader challenge 43 | * @param mac - where to store the MAC 44 | * @param div_key_p - the key to use 45 | */ 46 | void opt_doTagMAC_2(State _init, uint8_t* nr, uint8_t mac[4], const uint8_t* div_key_p); 47 | 48 | #endif // OPTIMIZED_CIPHER_H 49 | -------------------------------------------------------------------------------- /tools/xorcheck.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | # xorcheck.py - find xor values for 8-bit LRC 4 | # 5 | # Adam Laurie 6 | # http://rfidiot.org/ 7 | # 8 | # This code is copyright (c) Adam Laurie, 2009, All rights reserved. 9 | # For non-commercial use only, the following terms apply - for all other 10 | # uses, please contact the author: 11 | # 12 | # This code is free software; you can redistribute it and/or modify 13 | # it under the terms of the GNU General Public License as published by 14 | # the Free Software Foundation; either version 2 of the License, or 15 | # (at your option) any later version. 16 | # 17 | # This code is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | # GNU General Public License for more details. 21 | # 22 | 23 | import sys 24 | import os 25 | 26 | if(len(sys.argv) < 3): 27 | print 28 | print '\t'+sys.argv[0] + ' - Generate final byte for XOR LRC' 29 | print 30 | print 'Usage: ' + sys.argv[0] + ' ... ' 31 | print 32 | print '\tSpecifying the bytes of a UID with a known LRC will find the last byte value' 33 | print '\tneeded to generate that LRC with a rolling XOR. All bytes should be specified in HEX.' 34 | print 35 | print 'Example:' 36 | print 37 | print '\txorcheck.py 04 00 80 64 ba' 38 | print 39 | print 'Should produce the output:' 40 | print 41 | print '\tTarget (BA) requires final LRC XOR byte value: 5A' 42 | print 43 | os._exit(True) 44 | 45 | target= int(sys.argv[len(sys.argv) - 1],16) 46 | 47 | lrc= 0x00 48 | for i in range(len(sys.argv) - 1): 49 | lrc ^= int(sys.argv[i + 1],16) 50 | print 51 | print 'Target (%02X) requires final LRC XOR byte value: %02X' % (target,lrc) 52 | print 53 | -------------------------------------------------------------------------------- /client/cmdhficlass.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2010 iZsh 3 | // Copyright (C) 2011 Gerhard de Koning Gans 4 | // 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | // at your option, any later version. See the LICENSE.txt file for the text of 7 | // the license. 8 | //----------------------------------------------------------------------------- 9 | // High frequency iClass support 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef CMDHFICLASS_H__ 13 | #define CMDHFICLASS_H__ 14 | 15 | int CmdHFiClass(const char *Cmd); 16 | 17 | int CmdHFiClassCalcNewKey(const char *Cmd); 18 | int CmdHFiClassCloneTag(const char *Cmd); 19 | int CmdHFiClassDecrypt(const char *Cmd); 20 | int CmdHFiClassEncryptBlk(const char *Cmd); 21 | int CmdHFiClassELoad(const char *Cmd); 22 | int CmdHFiClassList(const char *Cmd); 23 | int HFiClassReader(const char *Cmd, bool loop, bool verbose); 24 | int CmdHFiClassReader(const char *Cmd); 25 | int CmdHFiClassReader_Dump(const char *Cmd); 26 | int CmdHFiClassReader_Replay(const char *Cmd); 27 | int CmdHFiClassReadKeyFile(const char *filename); 28 | int CmdHFiClassReadTagFile(const char *Cmd); 29 | int CmdHFiClass_ReadBlock(const char *Cmd); 30 | int CmdHFiClass_TestMac(const char *Cmd); 31 | int CmdHFiClassManageKeys(const char *Cmd); 32 | int CmdHFiClass_loclass(const char *Cmd); 33 | int CmdHFiClassSnoop(const char *Cmd); 34 | int CmdHFiClassSim(const char *Cmd); 35 | int CmdHFiClassWriteKeyFile(const char *Cmd); 36 | int CmdHFiClass_WriteBlock(const char *Cmd); 37 | void printIclassDumpContents(uint8_t *iclass_dump, uint8_t startblock, uint8_t endblock, size_t filesize); 38 | void HFiClassCalcDivKey(uint8_t *CSN, uint8_t *KEY, uint8_t *div_key, bool elite); 39 | #endif 40 | -------------------------------------------------------------------------------- /client/elf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // ELF header 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __ELF_H__ 10 | #define __ELF_H__ 11 | 12 | typedef struct { 13 | uint32_t p_type; 14 | uint32_t p_offset; 15 | uint32_t p_vaddr; 16 | uint32_t p_paddr; 17 | uint32_t p_filesz; 18 | uint32_t p_memsz; 19 | uint32_t p_flags; 20 | uint32_t p_align; 21 | } __attribute__((__packed__)) Elf32_Phdr; 22 | 23 | #define EI_NIDENT 16 24 | 25 | typedef struct { 26 | unsigned char e_ident[EI_NIDENT]; 27 | uint16_t e_type; 28 | uint16_t e_machine; 29 | uint32_t e_version; 30 | uint32_t e_entry; 31 | uint32_t e_phoff; 32 | uint32_t e_shoff; 33 | uint32_t e_flags; 34 | uint16_t e_ehsize; 35 | uint16_t e_phentsize; 36 | uint16_t e_phnum; 37 | uint16_t e_shentsize; 38 | uint16_t e_shnum; 39 | uint16_t e_shtrndx; 40 | } __attribute__((__packed__)) Elf32_Ehdr; 41 | 42 | #define PT_NULL 0 43 | #define PT_LOAD 1 44 | #define PT_DYNAMIC 2 45 | #define PT_INTERP 3 46 | #define PT_NOTE 4 47 | #define PT_SHLIB 5 48 | #define PT_PHDR 6 49 | 50 | #define ELFCLASS32 1 51 | #define ELFCLASS64 2 52 | 53 | #define ELFDATA2LSB 1 54 | #define ELFDATA2MSB 2 55 | 56 | #define EV_CURRENT 1 57 | 58 | #define ET_NONE 0 59 | #define ET_REL 1 60 | #define ET_EXEC 2 61 | #define ET_DYN 3 62 | #define ET_CORE 4 63 | 64 | #define EM_ARM 0x28 65 | 66 | #define PF_R 4 67 | #define PF_W 2 68 | #define PF_X 1 69 | 70 | #endif 71 | 72 | -------------------------------------------------------------------------------- /common/iso14443crc.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // ISO14443 CRC calculation code. 7 | //----------------------------------------------------------------------------- 8 | 9 | #include "iso14443crc.h" 10 | 11 | static unsigned short UpdateCrc14443(unsigned char ch, unsigned short *lpwCrc) 12 | { 13 | ch = (ch ^ (unsigned char) ((*lpwCrc) & 0x00FF)); 14 | ch = (ch ^ (ch << 4)); 15 | *lpwCrc = (*lpwCrc >> 8) ^ ((unsigned short) ch << 8) ^ 16 | ((unsigned short) ch << 3) ^ ((unsigned short) ch >> 4); 17 | return (*lpwCrc); 18 | } 19 | 20 | void ComputeCrc14443(int CrcType, 21 | const unsigned char *Data, int Length, 22 | unsigned char *TransmitFirst, 23 | unsigned char *TransmitSecond) 24 | { 25 | unsigned char chBlock; 26 | unsigned short wCrc=CrcType; 27 | 28 | do { 29 | chBlock = *Data++; 30 | UpdateCrc14443(chBlock, &wCrc); 31 | } while (--Length); 32 | 33 | if (CrcType == CRC_14443_B) 34 | wCrc = ~wCrc; /* ISO/IEC 13239 (formerly ISO/IEC 3309) */ 35 | 36 | *TransmitFirst = (unsigned char) (wCrc & 0xFF); 37 | *TransmitSecond = (unsigned char) ((wCrc >> 8) & 0xFF); 38 | return; 39 | } 40 | 41 | int CheckCrc14443(int CrcType, const unsigned char *Data, int Length) { 42 | unsigned char b1; 43 | unsigned char b2; 44 | if (Length < 3) return 0; 45 | ComputeCrc14443(CrcType, Data, Length - 2, &b1, &b2); 46 | if ((b1 == Data[Length - 2]) && (b2 == Data[Length - 1])) return 1; 47 | return 0; 48 | } 49 | -------------------------------------------------------------------------------- /fpga/tests/tb_min_max_tracker.v: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2014 iZsh 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // testbench for min_max_tracker 9 | `include "min_max_tracker.v" 10 | 11 | `define FIN "tb_tmp/data.filtered.gold" 12 | `define FOUT_MIN "tb_tmp/data.min" 13 | `define FOUT_MAX "tb_tmp/data.max" 14 | 15 | module min_max_tracker_tb; 16 | 17 | integer fin; 18 | integer fout_min, fout_max; 19 | integer r; 20 | 21 | reg clk; 22 | reg [7:0] adc_d; 23 | wire [7:0] min; 24 | wire [7:0] max; 25 | 26 | initial 27 | begin 28 | clk = 0; 29 | fin = $fopen(`FIN, "r"); 30 | if (!fin) begin 31 | $display("ERROR: can't open the data file"); 32 | $finish; 33 | end 34 | fout_min = $fopen(`FOUT_MIN, "w+"); 35 | fout_max = $fopen(`FOUT_MAX, "w+"); 36 | if (!$feof(fin)) 37 | adc_d = $fgetc(fin); // read the first value 38 | end 39 | 40 | always 41 | # 1 clk = !clk; 42 | 43 | // input 44 | initial 45 | begin 46 | while (!$feof(fin)) begin 47 | @(negedge clk) adc_d <= $fgetc(fin); 48 | end 49 | 50 | if ($feof(fin)) 51 | begin 52 | # 3 $fclose(fin); 53 | $fclose(fout_min); 54 | $fclose(fout_max); 55 | $finish; 56 | end 57 | end 58 | 59 | initial 60 | begin 61 | // $monitor("%d\t min: %x, max: %x", $time, min, max); 62 | end 63 | 64 | // output 65 | always @(negedge clk) 66 | if ($time > 2) begin 67 | r = $fputc(min, fout_min); 68 | r = $fputc(max, fout_max); 69 | end 70 | 71 | // module to test 72 | min_max_tracker tracker(clk, adc_d, 8'd127, min, max); 73 | 74 | endmodule -------------------------------------------------------------------------------- /tools/nonce2key/nonce2key.c: -------------------------------------------------------------------------------- 1 | #include "crapto1.h" 2 | #define __STDC_FORMAT_MACROS 3 | #include 4 | #define llx PRIx64 5 | #include 6 | typedef unsigned char byte_t; 7 | 8 | int main(const int argc, const char* argv[]) { 9 | struct Crypto1State *state; 10 | uint32_t pos, uid, nt, nr, rr, nr_diff, ks1, ks2; 11 | byte_t bt, i, ks3x[8], par[8][8]; 12 | uint64_t key, key_recovered; 13 | uint64_t par_info; 14 | uint64_t ks_info; 15 | nr = rr = 0; 16 | 17 | if (argc < 5) { 18 | printf("\nsyntax: %s \n\n",argv[0]); 19 | return 1; 20 | } 21 | sscanf(argv[1],"%08x",&uid); 22 | sscanf(argv[2],"%08x",&nt); 23 | sscanf(argv[3],"%016"llx,&par_info); 24 | sscanf(argv[4],"%016"llx,&ks_info); 25 | 26 | // Reset the last three significant bits of the reader nonce 27 | nr &= 0xffffff1f; 28 | 29 | printf("\nuid(%08x) nt(%08x) par(%016"llx") ks(%016"llx")\n\n",uid,nt,par_info,ks_info); 30 | 31 | for (pos=0; pos<8; pos++) 32 | { 33 | ks3x[7-pos] = (ks_info >> (pos*8)) & 0x0f; 34 | bt = (par_info >> (pos*8)) & 0xff; 35 | for (i=0; i<8; i++) 36 | { 37 | par[7-pos][i] = (bt >> i) & 0x01; 38 | } 39 | } 40 | 41 | printf("|diff|{nr} |ks3|ks3^5|parity |\n"); 42 | printf("+----+--------+---+-----+---------------+\n"); 43 | for (i=0; i<8; i++) 44 | { 45 | nr_diff = nr | i << 5; 46 | printf("| %02x |%08x|",i << 5, nr_diff); 47 | printf(" %01x | %01x |",ks3x[i], ks3x[i]^5); 48 | for (pos=0; pos<7; pos++) printf("%01x,",par[i][pos]); 49 | printf("%01x|\n",par[i][7]); 50 | } 51 | 52 | state = lfsr_common_prefix(nr,rr,ks3x,par); 53 | lfsr_rollback_word(state,uid^nt,0); 54 | crypto1_get_lfsr(state,&key_recovered); 55 | printf("\nkey recovered: %012"llx"\n\n",key_recovered); 56 | crypto1_destroy(state); 57 | 58 | return 0; 59 | } 60 | -------------------------------------------------------------------------------- /tools/findbits_test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from itertools import imap 4 | import unittest, sys, findbits 5 | 6 | class TestFindBits(unittest.TestCase): 7 | def setUp(self): 8 | self.old_stdout = sys.stdout 9 | sys.stdout = OutputBuffer() 10 | 11 | def tearDown(self): 12 | sys.stdout = self.old_stdout 13 | 14 | INVERT_CASES = [ 15 | ('10', '01'), 16 | ('', ''), 17 | ] 18 | def test_invert(self): 19 | self.commutative_test(findbits.invert, self.INVERT_CASES) 20 | 21 | SEARCH_CASES = [ 22 | ('1111', '10111101', ['Match at bit 2', '0<1111>0']), 23 | ('00', '10111101', ['Not found']), 24 | ] 25 | def test_search(self): 26 | for target, data, expected_fragments in self.SEARCH_CASES: 27 | sys.stdout.clear_buffer() 28 | findbits.search(target, data) 29 | for fragment in expected_fragments: 30 | self.assertIn(fragment, sys.stdout.content) 31 | 32 | BINSTRING_CASES = [ 33 | (42, '101010'), 34 | (1, '1'), 35 | (0, ''), 36 | ] 37 | def test_binstring(self): 38 | self.unary_operation_test(findbits.binstring, self.BINSTRING_CASES) 39 | 40 | REVERSE_CASES = [ 41 | ('abc', 'cba'), 42 | ('', ''), 43 | ] 44 | def test_stringreverse(self): 45 | self.commutative_test(findbits.stringreverse, self.REVERSE_CASES) 46 | 47 | def commutative_test(self, operation, cases): 48 | self.unary_operation_test(operation, cases) 49 | self.unary_operation_test(operation, imap(reversed, cases)) 50 | 51 | def unary_operation_test(self, operation, cases): 52 | for case_in, case_out in cases: 53 | self.assertEqual(operation(case_in), case_out) 54 | 55 | 56 | class OutputBuffer(object): 57 | def __init__(self): 58 | self.clear_buffer() 59 | 60 | def clear_buffer(self): 61 | self.content = '' 62 | 63 | def write(self, data): 64 | self.content += data 65 | 66 | 67 | if __name__ == '__main__': 68 | unittest.main() 69 | -------------------------------------------------------------------------------- /client/hid-flasher/elf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // ELF header 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __ELF_H__ 10 | #define __ELF_H__ 11 | 12 | typedef struct { 13 | uint32_t p_type; 14 | uint32_t p_offset; 15 | uint32_t p_vaddr; 16 | uint32_t p_paddr; 17 | uint32_t p_filesz; 18 | uint32_t p_memsz; 19 | uint32_t p_flags; 20 | uint32_t p_align; 21 | } __attribute__((__packed__)) Elf32_Phdr; 22 | 23 | #define EI_NIDENT 16 24 | 25 | typedef struct { 26 | unsigned char e_ident[EI_NIDENT]; 27 | uint16_t e_type; 28 | uint16_t e_machine; 29 | uint32_t e_version; 30 | uint32_t e_entry; 31 | uint32_t e_phoff; 32 | uint32_t e_shoff; 33 | uint32_t e_flags; 34 | uint16_t e_ehsize; 35 | uint16_t e_phentsize; 36 | uint16_t e_phnum; 37 | uint16_t e_shentsize; 38 | uint16_t e_shnum; 39 | uint16_t e_shtrndx; 40 | } __attribute__((__packed__)) Elf32_Ehdr; 41 | 42 | #define PT_NULL 0 43 | #define PT_LOAD 1 44 | #define PT_DYNAMIC 2 45 | #define PT_INTERP 3 46 | #define PT_NOTE 4 47 | #define PT_SHLIB 5 48 | #define PT_PHDR 6 49 | 50 | #define ELFCLASS32 1 51 | #define ELFCLASS64 2 52 | 53 | #define ELFDATA2LSB 1 54 | #define ELFDATA2MSB 2 55 | 56 | #define EV_CURRENT 1 57 | 58 | #define ET_NONE 0 59 | #define ET_REL 1 60 | #define ET_EXEC 2 61 | #define ET_DYN 3 62 | #define ET_CORE 4 63 | 64 | #define EM_ARM 0x28 65 | 66 | #define PF_R 4 67 | #define PF_W 2 68 | #define PF_X 1 69 | 70 | #endif 71 | 72 | -------------------------------------------------------------------------------- /include/config_gpio.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // GPIO pin mapping for the Proxmark3 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __CONFIG_GPIO_H 10 | #define __CONFIG_GPIO_H 11 | 12 | #define GPIO_LED_A AT91C_PIO_PA0 13 | #define GPIO_PA1 AT91C_PIO_PA1 14 | #define GPIO_LED_D AT91C_PIO_PA2 15 | #define GPIO_NVDD_ON AT91C_PIO_PA3 16 | #define GPIO_FPGA_NINIT AT91C_PIO_PA4 17 | #define GPIO_PA5 AT91C_PIO_PA5 18 | #define GPIO_PCK0 AT91C_PA6_PCK0 19 | #define GPIO_LRST AT91C_PIO_PA7 20 | #define GPIO_LED_B AT91C_PIO_PA8 21 | #define GPIO_LED_C AT91C_PIO_PA9 22 | #define GPIO_NCS2 AT91C_PA10_NPCS2 23 | #define GPIO_NCS0 AT91C_PA11_NPCS0 24 | #define GPIO_MISO AT91C_PA12_MISO 25 | #define GPIO_MOSI AT91C_PA13_MOSI 26 | #define GPIO_SPCK AT91C_PA14_SPCK 27 | #define GPIO_SSC_FRAME AT91C_PA15_TF 28 | #define GPIO_SSC_CLK AT91C_PA16_TK 29 | #define GPIO_SSC_DOUT AT91C_PA17_TD 30 | #define GPIO_SSC_DIN AT91C_PA18_RD 31 | #define GPIO_MUXSEL_HIPKD AT91C_PIO_PA19 32 | #define GPIO_MUXSEL_LOPKD AT91C_PIO_PA20 33 | #define GPIO_MUXSEL_HIRAW AT91C_PIO_PA21 34 | #define GPIO_MUXSEL_LORAW AT91C_PIO_PA22 35 | #define GPIO_BUTTON AT91C_PIO_PA23 36 | #define GPIO_USB_PU AT91C_PIO_PA24 37 | #define GPIO_RELAY AT91C_PIO_PA25 38 | #define GPIO_FPGA_ON AT91C_PIO_PA26 39 | #define GPIO_FPGA_DONE AT91C_PIO_PA27 40 | #define GPIO_FPGA_NPROGRAM AT91C_PIO_PA28 41 | #define GPIO_FPGA_CCLK AT91C_PIO_PA29 42 | #define GPIO_FPGA_DIN AT91C_PIO_PA30 43 | #define GPIO_FPGA_DOUT AT91C_PIO_PA31 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /fpga/fpga.ucf: -------------------------------------------------------------------------------- 1 | # See the schematic for the pin assignment. 2 | 3 | NET "adc_d<0>" LOC = "P62" ; 4 | NET "adc_d<1>" LOC = "P60" ; 5 | NET "adc_d<2>" LOC = "P58" ; 6 | NET "adc_d<3>" LOC = "P57" ; 7 | NET "adc_d<4>" LOC = "P56" ; 8 | NET "adc_d<5>" LOC = "P55" ; 9 | NET "adc_d<6>" LOC = "P54" ; 10 | NET "adc_d<7>" LOC = "P53" ; 11 | #NET "cross_hi" LOC = "P88" ; 12 | #NET "miso" LOC = "P40" ; 13 | #PACE: Start of Constraints generated by PACE 14 | 15 | #PACE: Start of PACE I/O Pin Assignments 16 | NET "adc_clk" LOC = "P46" ; 17 | NET "adc_noe" LOC = "P47" ; 18 | NET "ck_1356meg" LOC = "P91" ; 19 | NET "ck_1356megb" LOC = "P93" ; 20 | NET "cross_lo" LOC = "P87" ; 21 | NET "dbg" LOC = "P22" ; 22 | NET "mosi" LOC = "P43" ; 23 | NET "ncs" LOC = "P44" ; 24 | NET "pck0" LOC = "P36" ; 25 | NET "pwr_hi" LOC = "P80" ; 26 | NET "pwr_lo" LOC = "P81" ; 27 | NET "pwr_oe1" LOC = "P82" ; 28 | NET "pwr_oe2" LOC = "P83" ; 29 | NET "pwr_oe3" LOC = "P84" ; 30 | NET "pwr_oe4" LOC = "P86" ; 31 | NET "spck" LOC = "P39" ; 32 | NET "ssp_clk" LOC = "P71" ; 33 | NET "ssp_din" LOC = "P32" ; 34 | NET "ssp_dout" LOC = "P34" ; 35 | NET "ssp_frame" LOC = "P31" ; 36 | 37 | #PACE: Start of PACE Area Constraints 38 | 39 | #PACE: Start of PACE Prohibit Constraints 40 | 41 | #PACE: End of Constraints generated by PACE 42 | 43 | # definition of Clock nets: 44 | NET "ck_1356meg" TNM_NET = "clk_net_1356" ; 45 | NET "ck_1356megb" TNM_NET = "clk_net_1356b" ; 46 | NET "pck0" TNM_NET = "clk_net_pck0" ; 47 | NET "spck" TNM_NET = "clk_net_spck" ; 48 | 49 | # Timing specs of clock nets: 50 | TIMEGRP "clk_net_1356_all" = "clk_net_1356" "clk_net_1356b" ; 51 | TIMESPEC "TS_1356MHz" = PERIOD "clk_net_1356_all" 74 ns HIGH 37 ns ; 52 | TIMESPEC "TS_24MHz" = PERIOD "clk_net_pck0" 42 ns HIGH 21 ns ; 53 | TIMESPEC "TS_4MHz" = PERIOD "clk_net_spck" 250 ns HIGH 125 ns ; 54 | 55 | -------------------------------------------------------------------------------- /client/proxguiqt.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2009 Michael Gernoth 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // GUI (QT) 9 | //----------------------------------------------------------------------------- 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | class ProxWidget : public QWidget 18 | { 19 | Q_OBJECT; 20 | 21 | private: 22 | int GraphStart; 23 | double GraphPixelsPerPoint; 24 | int CursorAPos; 25 | int CursorBPos; 26 | 27 | public: 28 | ProxWidget(QWidget *parent = 0); 29 | 30 | protected: 31 | void paintEvent(QPaintEvent *event); 32 | void closeEvent(QCloseEvent *event); 33 | void mouseMoveEvent(QMouseEvent *event); 34 | void mousePressEvent(QMouseEvent *event) { mouseMoveEvent(event); } 35 | void keyPressEvent(QKeyEvent *event); 36 | }; 37 | 38 | class ProxGuiQT : public QObject 39 | { 40 | Q_OBJECT; 41 | 42 | private: 43 | QApplication *plotapp; 44 | ProxWidget *plotwidget; 45 | int argc; 46 | char **argv; 47 | void (*main_func)(void); 48 | 49 | public: 50 | ProxGuiQT(int argc, char **argv); 51 | ~ProxGuiQT(void); 52 | void ShowGraphWindow(void); 53 | void RepaintGraphWindow(void); 54 | void HideGraphWindow(void); 55 | void MainLoop(void); 56 | 57 | private slots: 58 | void _ShowGraphWindow(void); 59 | void _RepaintGraphWindow(void); 60 | void _HideGraphWindow(void); 61 | 62 | signals: 63 | void ShowGraphWindowSignal(void); 64 | void RepaintGraphWindowSignal(void); 65 | void HideGraphWindowSignal(void); 66 | }; 67 | -------------------------------------------------------------------------------- /armsrc/util.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Jonathan Westhues, Aug 2005 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // Utility functions used in many places, not specific to any piece of code. 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef __UTIL_H 12 | #define __UTIL_H 13 | 14 | #include 15 | #include 16 | #include "common.h" 17 | 18 | #define BYTEx(x, n) (((x) >> (n * 8)) & 0xff ) 19 | 20 | #define LED_RED 1 21 | #define LED_ORANGE 2 22 | #define LED_GREEN 4 23 | #define LED_RED2 8 24 | #define BUTTON_HOLD 1 25 | #define BUTTON_NO_CLICK 0 26 | #define BUTTON_SINGLE_CLICK -1 27 | #define BUTTON_DOUBLE_CLICK -2 28 | #define BUTTON_ERROR -99 29 | 30 | void print_result(char *name, uint8_t *buf, size_t len); 31 | size_t nbytes(size_t nbits); 32 | uint32_t SwapBits(uint32_t value, int nrbits); 33 | void num_to_bytes(uint64_t n, size_t len, uint8_t* dest); 34 | uint64_t bytes_to_num(uint8_t* src, size_t len); 35 | void rol(uint8_t *data, const size_t len); 36 | void lsl (uint8_t *data, size_t len); 37 | int32_t le24toh (uint8_t data[3]); 38 | 39 | void SpinDelay(int ms); 40 | void SpinDelayUs(int us); 41 | void LED(int led, int ms); 42 | void LEDsoff(); 43 | int BUTTON_CLICKED(int ms); 44 | int BUTTON_HELD(int ms); 45 | void FormatVersionInformation(char *dst, int len, const char *prefix, void *version_information); 46 | 47 | void StartTickCount(); 48 | uint32_t RAMFUNC GetTickCount(); 49 | 50 | void StartCountUS(); 51 | uint32_t RAMFUNC GetCountUS(); 52 | uint32_t RAMFUNC GetDeltaCountUS(); 53 | 54 | void StartCountSspClk(); 55 | uint32_t RAMFUNC GetCountSspClk(); 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /client/pm3_eml_mfd_test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from __future__ import with_statement 4 | from tempfile import mkdtemp 5 | from shutil import rmtree 6 | from itertools import imap 7 | from string import hexdigits 8 | import unittest, os 9 | import pm3_eml2mfd, pm3_mfd2eml 10 | 11 | class TestEmlMfd(unittest.TestCase): 12 | def setUp(self): 13 | self.tmpdir = mkdtemp() 14 | 15 | def tearDown(self): 16 | rmtree(self.tmpdir) 17 | 18 | EML2MFD_TESTCASES = [ 19 | ('', ''), 20 | ("41424344\r\n45464748\n494A4B4C\n", "ABCDEFGHIJKL") 21 | ] 22 | def test_eml2mfd(self): 23 | self.three_argument_test(pm3_eml2mfd.main, self.EML2MFD_TESTCASES) 24 | 25 | def test_mfd2eml(self): 26 | self.three_argument_test(pm3_mfd2eml.main, 27 | imap(reversed, self.EML2MFD_TESTCASES), c14n=hex_c14n) 28 | 29 | def three_argument_test(self, operation, cases, c14n=str): 30 | for case_input, case_output in cases: 31 | try: 32 | inp_name = os.path.join(self.tmpdir, 'input') 33 | out_name = os.path.join(self.tmpdir, 'output') 34 | with file(inp_name, 'wb') as in_file: 35 | in_file.write(case_input) 36 | operation(['', inp_name, out_name]) 37 | with file(out_name, 'rb') as out_file: 38 | self.assertEquals(c14n(case_output), c14n(out_file.read())) 39 | finally: 40 | for file_name in inp_name, out_name: 41 | if os.path.exists(file_name): 42 | os.remove(file_name) 43 | 44 | 45 | def hex_c14n(inp): 46 | """ 47 | Canonicalizes the input string by removing non-hexadecimal 48 | characters and making everything uppercase 49 | """ 50 | return ''.join(c.upper() for c in inp if c in hexdigits) 51 | 52 | if __name__ == '__main__': 53 | unittest.main() 54 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | include common/Makefile.common 2 | 3 | FLASH_PORT=/dev/ttyACM0 4 | 5 | all clean: %: client/% bootrom/% armsrc/% recovery/% 6 | 7 | bootrom/%: FORCE 8 | $(MAKE) -C bootrom $(patsubst bootrom/%,%,$@) 9 | armsrc/%: FORCE 10 | $(MAKE) -C armsrc $(patsubst armsrc/%,%,$@) 11 | client/%: FORCE 12 | $(MAKE) -C client $(patsubst client/%,%,$@) 13 | recovery/%: FORCE 14 | $(MAKE) -C recovery $(patsubst recovery/%,%,$@) 15 | FORCE: # Dummy target to force remake in the subdirectories, even if files exist (this Makefile doesn't know about the prerequisites) 16 | 17 | .PHONY: all clean help _test flash-bootrom flash-os flash-all FORCE 18 | 19 | help: 20 | @echo Multi-OS Makefile, you are running on $(DETECTED_OS) 21 | @echo Possible targets: 22 | @echo + all - Make bootrom, armsrc and the OS-specific host directory 23 | @echo + client - Make only the OS-specific host directory 24 | @echo + flash-bootrom - Make bootrom and flash it 25 | @echo + flash-os - Make armsrc and flash os \(includes fpga\) 26 | @echo + flash-all - Make bootrom and armsrc and flash bootrom and os image 27 | @echo + clean - Clean in bootrom, armsrc and the OS-specific host directory 28 | 29 | client: client/all 30 | 31 | flash-bootrom: bootrom/obj/bootrom.elf $(FLASH_TOOL) 32 | $(FLASH_TOOL) $(FLASH_PORT) -b $(subst /,$(PATHSEP),$<) 33 | 34 | flash-os: armsrc/obj/fullimage.elf $(FLASH_TOOL) 35 | $(FLASH_TOOL) $(FLASH_PORT) $(subst /,$(PATHSEP),$<) 36 | 37 | flash-all: bootrom/obj/bootrom.elf armsrc/obj/fullimage.elf $(FLASH_TOOL) 38 | $(FLASH_TOOL) $(FLASH_PORT) -b $(subst /,$(PATHSEP),$(filter-out $(FLASH_TOOL),$^)) 39 | 40 | newtarbin: 41 | $(DELETE) proxmark3-$(platform)-bin.tar proxmark3-$(platform)-bin.tar.gz 42 | @touch proxmark3-$(platform)-bin.tar 43 | 44 | tarbin: newtarbin client/tarbin armsrc/tarbin bootrom/tarbin 45 | $(GZIP) proxmark3-$(platform)-bin.tar 46 | 47 | # Dummy target to test for GNU make availability 48 | _test: 49 | -------------------------------------------------------------------------------- /liblua/lzio.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lzio.c,v 1.35 2012/05/14 13:34:18 roberto Exp $ 3 | ** Buffered streams 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | 8 | #include 9 | 10 | #define lzio_c 11 | #define LUA_CORE 12 | 13 | #include "lua.h" 14 | 15 | #include "llimits.h" 16 | #include "lmem.h" 17 | #include "lstate.h" 18 | #include "lzio.h" 19 | 20 | 21 | int luaZ_fill (ZIO *z) { 22 | size_t size; 23 | lua_State *L = z->L; 24 | const char *buff; 25 | lua_unlock(L); 26 | buff = z->reader(L, z->data, &size); 27 | lua_lock(L); 28 | if (buff == NULL || size == 0) 29 | return EOZ; 30 | z->n = size - 1; /* discount char being returned */ 31 | z->p = buff; 32 | return cast_uchar(*(z->p++)); 33 | } 34 | 35 | 36 | void luaZ_init (lua_State *L, ZIO *z, lua_Reader reader, void *data) { 37 | z->L = L; 38 | z->reader = reader; 39 | z->data = data; 40 | z->n = 0; 41 | z->p = NULL; 42 | } 43 | 44 | 45 | /* --------------------------------------------------------------- read --- */ 46 | size_t luaZ_read (ZIO *z, void *b, size_t n) { 47 | while (n) { 48 | size_t m; 49 | if (z->n == 0) { /* no bytes in buffer? */ 50 | if (luaZ_fill(z) == EOZ) /* try to read more */ 51 | return n; /* no more input; return number of missing bytes */ 52 | else { 53 | z->n++; /* luaZ_fill consumed first byte; put it back */ 54 | z->p--; 55 | } 56 | } 57 | m = (n <= z->n) ? n : z->n; /* min. between n and z->n */ 58 | memcpy(b, z->p, m); 59 | z->n -= m; 60 | z->p += m; 61 | b = (char *)b + m; 62 | n -= m; 63 | } 64 | return 0; 65 | } 66 | 67 | /* ------------------------------------------------------------------------ */ 68 | char *luaZ_openspace (lua_State *L, Mbuffer *buff, size_t n) { 69 | if (n > buff->buffsize) { 70 | if (n < LUA_MINBUFFER) n = LUA_MINBUFFER; 71 | luaZ_resizebuffer(L, buff, n); 72 | } 73 | return buff->buffer; 74 | } 75 | 76 | 77 | -------------------------------------------------------------------------------- /client/scripts/htmldump.lua: -------------------------------------------------------------------------------- 1 | -- The getopt-functionality is loaded from pm3/getopt.lua 2 | -- Have a look there for further details 3 | getopt = require('getopt') 4 | bin = require('bin') 5 | dumplib = require('html_dumplib') 6 | 7 | example = "script run htmldump -o mifarecard_foo.html" 8 | author = "Martin Holst Swende" 9 | usage = "script run htmldump [-i ] [-o ]" 10 | desc =[[ 11 | This script takes a dumpfile and produces a html based dump, which is a 12 | bit more easily analyzed. 13 | 14 | Arguments: 15 | -h This help 16 | -i Specifies the dump-file (input). If omitted, 'dumpdata.bin' is used 17 | -o Speciies the output file. If omitted, .html is used. 18 | 19 | ]] 20 | 21 | ------------------------------- 22 | -- Some utilities 23 | ------------------------------- 24 | 25 | --- 26 | -- A debug printout-function 27 | function dbg(args) 28 | if DEBUG then 29 | print("###", args) 30 | end 31 | end 32 | --- 33 | -- This is only meant to be used when errors occur 34 | function oops(err) 35 | print("ERROR: ",err) 36 | end 37 | 38 | 39 | --- 40 | -- Usage help 41 | function help() 42 | print(desc) 43 | print("Example usage") 44 | print(example) 45 | end 46 | 47 | local function main(args) 48 | 49 | local input = "dumpdata.bin" 50 | local output = os.date("%Y-%m-%d_%H%M%S.html"); 51 | for o, a in getopt.getopt(args, 'i:o:h') do 52 | if o == "h" then return help() end 53 | if o == "i" then input = a end 54 | if o == "o" then output = a end 55 | end 56 | local filename, err = dumplib.convert_bin_to_html(input,output,16) 57 | if err then return oops(err) end 58 | 59 | print(("Wrote a HTML dump to the file %s"):format(filename)) 60 | end 61 | 62 | --[[ 63 | In the future, we may implement so that scripts are invoked directly 64 | into a 'main' function, instead of being executed blindly. For future 65 | compatibility, I have done so, but I invoke my main from here. 66 | --]] 67 | main(args) -------------------------------------------------------------------------------- /client/scripts/emul2html.lua: -------------------------------------------------------------------------------- 1 | -- The getopt-functionality is loaded from pm3/getopt.lua 2 | -- Have a look there for further details 3 | getopt = require('getopt') 4 | bin = require('bin') 5 | dumplib = require('html_dumplib') 6 | 7 | example = "script run emul2html -o dumpdata.eml " 8 | author = "Martin Holst Swende" 9 | usage = "script run htmldump [-i ] [-o ]" 10 | desc =[[ 11 | This script takes a dumpfile on EML (ASCII) format and produces a html based dump, which is a 12 | bit more easily analyzed. 13 | 14 | Arguments: 15 | -h This help 16 | -i Specifies the dump-file (input). If omitted, 'dumpdata.eml' is used 17 | -o Speciies the output file. If omitted, .html is used. 18 | 19 | ]] 20 | 21 | ------------------------------- 22 | -- Some utilities 23 | ------------------------------- 24 | 25 | --- 26 | -- A debug printout-function 27 | function dbg(args) 28 | if DEBUG then 29 | print("###", args) 30 | end 31 | end 32 | --- 33 | -- This is only meant to be used when errors occur 34 | function oops(err) 35 | print("ERROR: ",err) 36 | end 37 | 38 | 39 | --- 40 | -- Usage help 41 | function help() 42 | print(desc) 43 | print("Example usage") 44 | print(example) 45 | end 46 | 47 | local function main(args) 48 | 49 | local input = "dumpdata.eml" 50 | local output = os.date("%Y-%m-%d_%H%M%S.html"); 51 | for o, a in getopt.getopt(args, 'i:o:h') do 52 | if o == "h" then return help() end 53 | if o == "i" then input = a end 54 | if o == "o" then output = a end 55 | end 56 | local filename, err = dumplib.convert_eml_to_html(input,output) 57 | if err then return oops(err) end 58 | 59 | print(("Wrote a HTML dump to the file %s"):format(filename)) 60 | end 61 | 62 | --[[ 63 | In the future, we may implement so that scripts are invoked directly 64 | into a 'main' function, instead of being executed blindly. For future 65 | compatibility, I have done so, but I invoke my main from here. 66 | --]] 67 | main(args) -------------------------------------------------------------------------------- /liblua/linit.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: linit.c,v 1.32 2011/04/08 19:17:36 roberto Exp $ 3 | ** Initialization of libraries for lua.c and other clients 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | 8 | /* 9 | ** If you embed Lua in your program and need to open the standard 10 | ** libraries, call luaL_openlibs in your program. If you need a 11 | ** different set of libraries, copy this file to your project and edit 12 | ** it to suit your needs. 13 | */ 14 | 15 | 16 | #define linit_c 17 | #define LUA_LIB 18 | 19 | #include "lua.h" 20 | 21 | #include "lualib.h" 22 | #include "lauxlib.h" 23 | 24 | 25 | /* 26 | ** these libs are loaded by lua.c and are readily available to any Lua 27 | ** program 28 | */ 29 | static const luaL_Reg loadedlibs[] = { 30 | {"_G", luaopen_base}, 31 | {LUA_LOADLIBNAME, luaopen_package}, 32 | {LUA_COLIBNAME, luaopen_coroutine}, 33 | {LUA_TABLIBNAME, luaopen_table}, 34 | {LUA_IOLIBNAME, luaopen_io}, 35 | {LUA_OSLIBNAME, luaopen_os}, 36 | {LUA_STRLIBNAME, luaopen_string}, 37 | {LUA_BITLIBNAME, luaopen_bit32}, 38 | {LUA_MATHLIBNAME, luaopen_math}, 39 | {LUA_DBLIBNAME, luaopen_debug}, 40 | {NULL, NULL} 41 | }; 42 | 43 | 44 | /* 45 | ** these libs are preloaded and must be required before used 46 | */ 47 | static const luaL_Reg preloadedlibs[] = { 48 | {NULL, NULL} 49 | }; 50 | 51 | 52 | LUALIB_API void luaL_openlibs (lua_State *L) { 53 | const luaL_Reg *lib; 54 | /* call open functions from 'loadedlibs' and set results to global table */ 55 | for (lib = loadedlibs; lib->func; lib++) { 56 | luaL_requiref(L, lib->name, lib->func, 1); 57 | lua_pop(L, 1); /* remove lib */ 58 | } 59 | /* add open functions from 'preloadedlibs' into 'package.preload' table */ 60 | luaL_getsubtable(L, LUA_REGISTRYINDEX, "_PRELOAD"); 61 | for (lib = preloadedlibs; lib->func; lib++) { 62 | lua_pushcfunction(L, lib->func); 63 | lua_setfield(L, -2, lib->name); 64 | } 65 | lua_pop(L, 1); /* remove _PRELOAD table */ 66 | } 67 | 68 | -------------------------------------------------------------------------------- /include/hitagS.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // HitagS emulation (preliminary test version) 7 | // 8 | // (c) 2016 Oguzhan Cicek, Hendrik Schwartke, Ralf Spenneberg 9 | // 10 | //----------------------------------------------------------------------------- 11 | 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #ifndef _HITAGS_H_ 18 | #define _HITAGS_H_ 19 | 20 | typedef enum PROTO_STATE {READY=0,INIT,AUTHENTICATE,SELECTED,QUIET,TTF,FAIL} PSTATE; //protocol-state 21 | typedef enum TAG_STATE {NO_OP=0,READING_PAGE,WRITING_PAGE_ACK,WRITING_PAGE_DATA,WRITING_BLOCK_DATA} TSATE; //tag-state 22 | typedef enum SOF_TYPE {STANDARD=0,ADVANCED,FAST_ADVANCED,ONE,NO_BITS} stype; //number of start-of-frame bits 23 | 24 | struct hitagS_tag { 25 | PSTATE pstate; //protocol-state 26 | TSATE tstate; //tag-state 27 | uint32_t uid; 28 | uint32_t pages[16][4]; 29 | uint64_t key; 30 | byte_t pwdl0,pwdl1,pwdh0; 31 | //con0 32 | int max_page; 33 | stype mode; 34 | //con1 35 | bool auth; //0=Plain 1=Auth 36 | bool TTFC; //Transponder Talks first coding. 0=Manchester 1=Biphase 37 | int TTFDR; //data rate in TTF Mode 38 | int TTFM; //the number of pages that are sent to the RWD 39 | bool LCON; //0=con1/2 read write 1=con1 read only and con2 OTP 40 | bool LKP; //0=page2/3 read write 1=page2/3 read only in Plain mode and no access in authenticate mode 41 | //con2 42 | //0=read write 1=read only 43 | bool LCK7; //page4/5 44 | bool LCK6; //page6/7 45 | bool LCK5; //page8-11 46 | bool LCK4; //page12-15 47 | bool LCK3; //page16-23 48 | bool LCK2; //page24-31 49 | bool LCK1; //page32-47 50 | bool LCK0; //page48-63 51 | } ; 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /common/crc.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // Generic CRC calculation code. 7 | //----------------------------------------------------------------------------- 8 | 9 | #ifndef __CRC_H 10 | #define __CRC_H 11 | 12 | #include 13 | #include 14 | 15 | typedef struct crc { 16 | uint32_t state; 17 | int order; 18 | uint32_t polynom; 19 | uint32_t initial_value; 20 | uint32_t final_xor; 21 | uint32_t mask; 22 | } crc_t; 23 | 24 | /* Initialize a crc structure. order is the order of the polynom, e.g. 32 for a CRC-32 25 | * polynom is the CRC polynom. initial_value is the initial value of a clean state. 26 | * final_xor is XORed onto the state before returning it from crc_result(). */ 27 | extern void crc_init(crc_t *crc, int order, uint32_t polynom, uint32_t initial_value, uint32_t final_xor); 28 | 29 | /* Update the crc state. data is the data of length data_width bits (only the 30 | * data_width lower-most bits are used). 31 | */ 32 | extern void crc_update(crc_t *crc, uint32_t data, int data_width); 33 | 34 | /* Clean the crc state, e.g. reset it to initial_value */ 35 | extern void crc_clear(crc_t *crc); 36 | 37 | /* Get the result of the crc calculation */ 38 | extern uint32_t crc_finish(crc_t *crc); 39 | 40 | // Calculate CRC-8/Maxim checksum 41 | uint32_t CRC8Maxim(uint8_t *buff, size_t size ); 42 | /* Static initialization of a crc structure */ 43 | #define CRC_INITIALIZER(_order, _polynom, _initial_value, _final_xor) { \ 44 | .state = ((_initial_value) & ((1L<<(_order))-1)), \ 45 | .order = (_order), \ 46 | .polynom = (_polynom), \ 47 | .initial_value = (_initial_value), \ 48 | .final_xor = (_final_xor), \ 49 | .mask = ((1L<<(_order))-1) } 50 | 51 | #endif /* __CRC_H */ 52 | -------------------------------------------------------------------------------- /liblua/lmem.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** $Id: lmem.h,v 1.40 2013/02/20 14:08:21 roberto Exp $ 3 | ** Interface to Memory Manager 4 | ** See Copyright Notice in lua.h 5 | */ 6 | 7 | #ifndef lmem_h 8 | #define lmem_h 9 | 10 | 11 | #include 12 | 13 | #include "llimits.h" 14 | #include "lua.h" 15 | 16 | 17 | /* 18 | ** This macro avoids the runtime division MAX_SIZET/(e), as 'e' is 19 | ** always constant. 20 | ** The macro is somewhat complex to avoid warnings: 21 | ** +1 avoids warnings of "comparison has constant result"; 22 | ** cast to 'void' avoids warnings of "value unused". 23 | */ 24 | #define luaM_reallocv(L,b,on,n,e) \ 25 | (cast(void, \ 26 | (cast(size_t, (n)+1) > MAX_SIZET/(e)) ? (luaM_toobig(L), 0) : 0), \ 27 | luaM_realloc_(L, (b), (on)*(e), (n)*(e))) 28 | 29 | #define luaM_freemem(L, b, s) luaM_realloc_(L, (b), (s), 0) 30 | #define luaM_free(L, b) luaM_realloc_(L, (b), sizeof(*(b)), 0) 31 | #define luaM_freearray(L, b, n) luaM_reallocv(L, (b), n, 0, sizeof((b)[0])) 32 | 33 | #define luaM_malloc(L,s) luaM_realloc_(L, NULL, 0, (s)) 34 | #define luaM_new(L,t) cast(t *, luaM_malloc(L, sizeof(t))) 35 | #define luaM_newvector(L,n,t) \ 36 | cast(t *, luaM_reallocv(L, NULL, 0, n, sizeof(t))) 37 | 38 | #define luaM_newobject(L,tag,s) luaM_realloc_(L, NULL, tag, (s)) 39 | 40 | #define luaM_growvector(L,v,nelems,size,t,limit,e) \ 41 | if ((nelems)+1 > (size)) \ 42 | ((v)=cast(t *, luaM_growaux_(L,v,&(size),sizeof(t),limit,e))) 43 | 44 | #define luaM_reallocvector(L, v,oldn,n,t) \ 45 | ((v)=cast(t *, luaM_reallocv(L, v, oldn, n, sizeof(t)))) 46 | 47 | LUAI_FUNC l_noret luaM_toobig (lua_State *L); 48 | 49 | /* not to be called directly */ 50 | LUAI_FUNC void *luaM_realloc_ (lua_State *L, void *block, size_t oldsize, 51 | size_t size); 52 | LUAI_FUNC void *luaM_growaux_ (lua_State *L, void *block, int *size, 53 | size_t size_elem, int limit, 54 | const char *what); 55 | 56 | #endif 57 | 58 | -------------------------------------------------------------------------------- /client/loclass/cipher.h: -------------------------------------------------------------------------------- 1 | /***************************************************************************** 2 | * WARNING 3 | * 4 | * THIS CODE IS CREATED FOR EXPERIMENTATION AND EDUCATIONAL USE ONLY. 5 | * 6 | * USAGE OF THIS CODE IN OTHER WAYS MAY INFRINGE UPON THE INTELLECTUAL 7 | * PROPERTY OF OTHER PARTIES, SUCH AS INSIDE SECURE AND HID GLOBAL, 8 | * AND MAY EXPOSE YOU TO AN INFRINGEMENT ACTION FROM THOSE PARTIES. 9 | * 10 | * THIS CODE SHOULD NEVER BE USED TO INFRINGE PATENTS OR INTELLECTUAL PROPERTY RIGHTS. 11 | * 12 | ***************************************************************************** 13 | * 14 | * This file is part of loclass. It is a reconstructon of the cipher engine 15 | * used in iClass, and RFID techology. 16 | * 17 | * The implementation is based on the work performed by 18 | * Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and 19 | * Milosch Meriac in the paper "Dismantling IClass". 20 | * 21 | * Copyright (C) 2014 Martin Holst Swende 22 | * 23 | * This is free software: you can redistribute it and/or modify 24 | * it under the terms of the GNU General Public License version 2 as published 25 | * by the Free Software Foundation. 26 | * 27 | * This file is distributed in the hope that it will be useful, 28 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 29 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 30 | * GNU General Public License for more details. 31 | * 32 | * You should have received a copy of the GNU General Public License 33 | * along with loclass. If not, see . 34 | * 35 | * 36 | * 37 | ****************************************************************************/ 38 | 39 | 40 | #ifndef CIPHER_H 41 | #define CIPHER_H 42 | #include 43 | 44 | void doMAC(uint8_t *cc_nr_p, uint8_t *div_key_p, uint8_t mac[4]); 45 | void doMAC_N(uint8_t *address_data_p,uint8_t address_data_size, uint8_t *div_key_p, uint8_t mac[4]); 46 | 47 | #ifndef ON_DEVICE 48 | int testMAC(); 49 | #endif 50 | 51 | #endif // CIPHER_H 52 | -------------------------------------------------------------------------------- /common/crc16.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 3 | // at your option, any later version. See the LICENSE.txt file for the text of 4 | // the license. 5 | //----------------------------------------------------------------------------- 6 | // CRC16 7 | //----------------------------------------------------------------------------- 8 | 9 | #include "crc16.h" 10 | 11 | unsigned short update_crc16( unsigned short crc, unsigned char c ) 12 | { 13 | unsigned short i, v, tcrc = 0; 14 | 15 | v = (crc ^ c) & 0xff; 16 | for (i = 0; i < 8; i++) { 17 | tcrc = ( (tcrc ^ v) & 1 ) ? ( tcrc >> 1 ) ^ 0x8408 : tcrc >> 1; 18 | v >>= 1; 19 | } 20 | 21 | return ((crc >> 8) ^ tcrc)&0xffff; 22 | } 23 | 24 | uint16_t crc16(uint8_t const *message, int length, uint16_t remainder, uint16_t polynomial) { 25 | 26 | if (length == 0) return (~remainder); 27 | 28 | for (int byte = 0; byte < length; ++byte) { 29 | remainder ^= (message[byte] << 8); 30 | for (uint8_t bit = 8; bit > 0; --bit) { 31 | if (remainder & 0x8000) { 32 | remainder = (remainder << 1) ^ polynomial; 33 | } else { 34 | remainder = (remainder << 1); 35 | } 36 | } 37 | } 38 | return remainder; 39 | } 40 | 41 | uint16_t crc16_ccitt(uint8_t const *message, int length) { 42 | return crc16(message, length, 0xffff, 0x1021); 43 | } 44 | 45 | uint16_t crc16_ccitt_kermit(uint8_t const *message, int length) { 46 | return bit_reverse_uint16(crc16(message, length, 0x0000, 0x1021)); 47 | } 48 | 49 | uint16_t bit_reverse_uint16 (uint16_t value) { 50 | const uint16_t mask0 = 0x5555; 51 | const uint16_t mask1 = 0x3333; 52 | const uint16_t mask2 = 0x0F0F; 53 | const uint16_t mask3 = 0x00FF; 54 | 55 | value = (((~mask0) & value) >> 1) | ((mask0 & value) << 1); 56 | value = (((~mask1) & value) >> 2) | ((mask1 & value) << 2); 57 | value = (((~mask2) & value) >> 4) | ((mask2 & value) << 4); 58 | value = (((~mask3) & value) >> 8) | ((mask3 & value) << 8); 59 | 60 | return value; 61 | } 62 | -------------------------------------------------------------------------------- /common/cmd.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Proxmark send and receive commands 3 | * 4 | * Copyright (c) 2010, Roel Verdult 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 3. Neither the name of the copyright holders nor the 15 | * names of its contributors may be used to endorse or promote products 16 | * derived from this software without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ''AS IS'' AND ANY 19 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY 22 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | * 29 | * @file cmd.h 30 | * @brief 31 | */ 32 | 33 | #ifndef _PROXMARK_CMD_H_ 34 | #define _PROXMARK_CMD_H_ 35 | 36 | #include "common.h" 37 | #include "usb_cmd.h" 38 | #include "usb_cdc.h" 39 | 40 | bool cmd_receive(UsbCommand* cmd); 41 | bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len); 42 | 43 | #endif // _PROXMARK_CMD_H_ 44 | 45 | -------------------------------------------------------------------------------- /armsrc/BigBuf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Jonathan Westhues, Aug 2005 3 | // Gerhard de Koning Gans, April 2008, May 2011 4 | // 5 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 6 | // at your option, any later version. See the LICENSE.txt file for the text of 7 | // the license. 8 | //----------------------------------------------------------------------------- 9 | // BigBuf and functions to allocate/free parts of it. 10 | //----------------------------------------------------------------------------- 11 | 12 | #ifndef __BIGBUF_H 13 | #define __BIGBUF_H 14 | 15 | #include // for bool 16 | #include "common.h" // for ramfunc 17 | 18 | #define BIGBUF_SIZE 40000 19 | #define MAX_FRAME_SIZE 256 // maximum allowed ISO14443 frame 20 | #define MAX_PARITY_SIZE ((MAX_FRAME_SIZE + 7) / 8) 21 | #define MAX_MIFARE_FRAME_SIZE 18 // biggest Mifare frame is answer to a read (one block = 16 Bytes) + 2 Bytes CRC 22 | #define MAX_MIFARE_PARITY_SIZE 3 // need 18 parity bits for the 18 Byte above. 3 Bytes are enough to store these 23 | #define CARD_MEMORY_SIZE 4096 24 | #define DMA_BUFFER_SIZE 128 25 | 26 | extern uint8_t *BigBuf_get_addr(void); 27 | extern uint8_t *BigBuf_get_EM_addr(void); 28 | extern uint16_t BigBuf_max_traceLen(void); 29 | extern void BigBuf_Clear(void); 30 | extern void BigBuf_Clear_ext(bool verbose); 31 | extern void BigBuf_Clear_keep_EM(void); 32 | extern uint8_t *BigBuf_malloc(uint16_t); 33 | extern void BigBuf_free(void); 34 | extern void BigBuf_free_keep_EM(void); 35 | extern void BigBuf_print_status(void); 36 | extern uint16_t BigBuf_get_traceLen(void); 37 | extern void clear_trace(); 38 | extern void set_tracing(bool enable); 39 | extern bool RAMFUNC LogTrace(const uint8_t *btBytes, uint16_t iLen, uint32_t timestamp_start, uint32_t timestamp_end, uint8_t *parity, bool readerToTag); 40 | extern int LogTraceHitag(const uint8_t * btBytes, int iBits, int iSamples, uint32_t dwParity, int bReader); 41 | extern uint8_t emlSet(uint8_t *data, uint32_t offset, uint32_t length); 42 | #endif /* __BIGBUF_H */ 43 | -------------------------------------------------------------------------------- /client/cmdhfmf.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // Copyright (C) 2011 Merlok 3 | // 4 | // This code is licensed to you under the terms of the GNU GPL, version 2 or, 5 | // at your option, any later version. See the LICENSE.txt file for the text of 6 | // the license. 7 | //----------------------------------------------------------------------------- 8 | // High frequency MIFARE commands 9 | //----------------------------------------------------------------------------- 10 | 11 | #ifndef CMDHFMF_H__ 12 | #define CMDHFMF_H__ 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include "proxmark3.h" 19 | #include "iso14443crc.h" 20 | #include "data.h" 21 | #include "ui.h" 22 | #include "cmdparser.h" 23 | #include "common.h" 24 | #include "util.h" 25 | #include "mifarehost.h" 26 | 27 | int CmdHFMF(const char *Cmd); 28 | 29 | int CmdHF14AMfDbg(const char* cmd); 30 | int CmdHF14AMfRdBl(const char* cmd); 31 | int CmdHF14AMfURdBl(const char* cmd); 32 | int CmdHF14AMfRdSc(const char* cmd); 33 | int CmdHF14SMfURdCard(const char* cmd); 34 | int CmdHF14AMfDump(const char* cmd); 35 | int CmdHF14AMfRestore(const char* cmd); 36 | int CmdHF14AMfWrBl(const char* cmd); 37 | int CmdHF14AMfUWrBl(const char* cmd); 38 | int CmdHF14AMfChk(const char* cmd); 39 | int CmdHF14AMifare(const char* cmd); 40 | int CmdHF14AMfNested(const char* cmd); 41 | int CmdHF14AMfSniff(const char* cmd); 42 | int CmdHF14AMf1kSim(const char* cmd); 43 | int CmdHF14AMfEClear(const char* cmd); 44 | int CmdHF14AMfEGet(const char* cmd); 45 | int CmdHF14AMfESet(const char* cmd); 46 | int CmdHF14AMfELoad(const char* cmd); 47 | int CmdHF14AMfESave(const char* cmd); 48 | int CmdHF14AMfECFill(const char* cmd); 49 | int CmdHF14AMfEKeyPrn(const char* cmd); 50 | int CmdHF14AMfCSetUID(const char* cmd); 51 | int CmdHF14AMfCSetBlk(const char* cmd); 52 | int CmdHF14AMfCGetBlk(const char* cmd); 53 | int CmdHF14AMfCGetSc(const char* cmd); 54 | int CmdHF14AMfCLoad(const char* cmd); 55 | int CmdHF14AMfCSave(const char* cmd); 56 | 57 | #endif 58 | --------------------------------------------------------------------------------