pixelk0 / proxmark3 Goto Github PK

below is a small patch to prevent em4x50read from crashing the gui when
called when no valid em4x50 trace data is loaded.


diff -u -N ../proxmark3-read-only/winsrc/command.cpp winsrc/command.cpp 
--- ../proxmark3-read-only/winsrc/command.cpp   2009-07-26 18:45:21.000000000
-0500
+++ winsrc/command.cpp  2009-07-26 18:47:38.000000000 -0500
@@ -331,7 +331,7 @@

    /* skip over the remainder of the LW */
    skip += tmpbuff[i+1]+tmpbuff[i+2];
-   while(GraphBuffer[skip] > low)
+   while(skip < MAX_GRAPH_TRACE_LEN && GraphBuffer[skip] > low)
        ++skip;
    skip += 8;

I am running a fresh instance of Windows XP SP2 inside a VM.  I've 
retreived the latest version from subversion and the latest windows build 
environment.  When I try to compile the armsrc I receive the following 
error. 


C:\prox-dev\proxmark\cockpit>1makearm.bat

C:\prox-dev\proxmark\cockpit>REN @echo off
The system cannot find the file specified.

C:\prox-dev\proxmark\cockpit>call _checkmake
**************
*** armsrc ***
**************
perl ../tools/mkversion.pl .. > version.c || 
copy ../common/default_version.c ve
rsion.c
arm-elf-gcc -c -I../include -Wall -Werror -pedantic -std=gnu99 -O6 -
DWITH_ISO156
93 -DWITH_ISO14443a -DWITH_ISO14443b -mthumb -mthumb-interwork -o 
obj/version.o
version.c
arm-elf-gcc -c -I../include -Wall -Werror -pedantic -std=gnu99 -O6 -
DWITH_ISO156
93 -DWITH_ISO14443a -DWITH_ISO14443b -mthumb-interwork -o obj/legicrf.o 
legicrf.
c
cc1.exe: warnings being treated as errors
legicrf.c: In function 'LegicRfSimulate':
legicrf.c:189: warning: 'r_data' may be used uninitialized in this function
legicrf.c:188: warning: 'r_size' may be used uninitialized in this function
legicrf.c:189: warning: 'r_data' may be used uninitialized in this function
legicrf.c:188: warning: 'r_size' may be used uninitialized in this function
make: *** [obj/legicrf.o] Error 1
C:\prox-dev\proxmark\cockpit>

These patches allow the proxmark3 to detect whether or not we are tethered
via usb to a computer.  This allows us to start standalone mode in either
scenario.

If anyone wants to test this and apply them to SVN I'd appreciate it.

-ryan

There was already a changelog file, better to keep using it if it's ok with
you.
As I may be wrong I let you decide.

Operating system - windows7 ultimate + proxspace.

After updating svn can't compile:

Previous update was made few months ago
$ make clean && make all
make -C bootrom clean
make[1]: Entering directory `/home/pm3/bootrom'
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
rm -rf obj/*.o
rm -rf obj/*.elf
rm -rf obj/*.s19
rm -rf obj/*.map
rm -rf obj/*.d
rm -rf version.c
make[1]: Leaving directory `/home/pm3/bootrom'
make -C armsrc clean
make[1]: Entering directory `/home/pm3/armsrc'
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
rm -rf obj/*.o
rm -rf obj/*.elf
rm -rf obj/*.s19
rm -rf obj/*.map
rm -rf obj/*.d
rm -rf version.c
make[1]: Leaving directory `/home/pm3/armsrc'
make -C client clean
make[1]: Entering directory `/home/pm3/client'
rm -f cli cli.exe flasher flasher.exe proxmark3 proxmark3.exe snooper snooper.ex
e obj/nonce2key/crapto1.o obj/nonce2key/crypto1.o obj/nonce2key/nonce2key.o obj/
mifarehost.o obj/crc16.o obj/iso14443crc.o obj/iso15693tools.o obj/data.o obj/gr
aph.o obj/ui.o obj/util.o obj/cmddata.o obj/cmdhf.o obj/cmdhf14a.o obj/cmdhf14b.
o obj/cmdhf15.o obj/cmdhflegic.o obj/cmdhficlass.o obj/cmdhfmf.o obj/cmdhw.o obj
/cmdlf.o obj/cmdlfem4x.o obj/cmdlfhid.o obj/cmdlfti.o obj/cmdparser.o obj/cmdmai
n.o obj/*.o *.o *.moc.cpp
make[1]: Leaving directory `/home/pm3/client'
make -C bootrom all
make[1]: Entering directory `/home/pm3/bootrom'
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
/bin/sh: arm-none-eabi-gcc: command not found
perl ../tools/mkversion.pl .. > version.c || cp ../common/default_version.c vers
ion.c
arm-none-eabi-gcc -c -I../include -I../common -Wall -Werror -pedantic -std=gnu99
 -I. -mthumb -mthumb-interwork -o obj/version.o version.c
make[1]: arm-none-eabi-gcc: Command not found
make[1]: *** [obj/version.o] Error 127
make[1]: Leaving directory `/home/pm3/bootrom'
make: *** [bootrom/all] Error 2

any ideas?

What steps will reproduce the problem?

Use latest firmware, do hf mf mifare, par_list will start with "00 00"

See http://www.proxmark.org/forum/viewtopic.php?pid=7141#p7141

A function (iso14443a_select_card) took a pointer to a local variable. The 
variable was 8 bytes, but 10 bytes of memory was cleared - and there was much 
confusion, since another local variable (par_list) was affected, even though it 
wasn't even used in the call. 

Proposed patch:

$ svn diff armsrc/iso14443a.c
Index: armsrc/iso14443a.c
===================================================================
--- armsrc/iso14443a.c  (revision 709)
+++ armsrc/iso14443a.c  (working copy)
@@ -1625,7 +1625,7 @@

   // clear uid
   if (uid_ptr) {
-    memset(uid_ptr,0,10);
+    memset(uid_ptr,0,8);
   }

   // OK we will select at least at cascade 1, lets see if first byte of UID was 0x88 in

What steps will reproduce the problem?
1. I follow instrucctions from PM3-UserGuide-v7.pdf
2. I download last version from google code
3. I run runme.bat
4. I run $ make clean
make -C bootrom clean
make[1]: Entering directory `/home/pm3/bootrom'
rm -rf obj/*.o
rm -rf obj/*.elf
rm -rf obj/*.s19
rm -rf obj/*.map
rm -rf obj/*.d
rm -rf version.c
make[1]: Leaving directory `/home/pm3/bootrom'
make -C armsrc clean
make[1]: Entering directory `/home/pm3/armsrc'
make[1]: Leaving directory `/home/pm3/armsrc'
make[1]: Entering directory `/home/pm3/armsrc'
rm -rf obj/*.o
rm -rf obj/*.elf
rm -rf obj/*.s19
rm -rf obj/*.map
rm -rf obj/*.d
rm -rf version.c
make[1]: Leaving directory `/home/pm3/armsrc'
make -C client clean
make[1]: Entering directory `/home/pm3/client'
rm -f cli cli.exe flasher flasher.exe proxmark3 proxmark3.exe snooper 
snooper.exe obj/nonce2key/crapto1.o obj/nonce2key/
crypto1.o obj/nonce2key/nonce2key.o obj/crc16.o obj/iso14443crc.o 
obj/iso15693tools.o obj/data.o obj/graph.o obj/ui.o ob
j/util.o obj/cmddata.o obj/cmdhf.o obj/cmdhf14a.o obj/cmdhf14b.o obj/cmdhf15.o 
obj/cmdhflegic.o obj/cmdhficlass.o obj/cm
dhw.o obj/cmdlf.o obj/cmdlfem4x.o obj/cmdlfhid.o obj/cmdlfti.o obj/cmdparser.o 
obj/cmdmain.o obj/*.o *.o *.moc.cpp
make[1]: Leaving directory `/home/pm3/client'

All seems ok

5. I run $ make all
make -C bootrom all
make[1]: Entering directory `/home/pm3/bootrom'
make[1]: Leaving directory `/home/pm3/bootrom'
make[1]: Entering directory `/home/pm3/bootrom'
perl ../tools/mkversion.pl .. > version.c || cp ../common/default_version.c 
version.c
arm-eabi-gcc -c -I../include -I../common -Wall -Werror -pedantic -std=gnu99 -I. 
-mthumb -mthumb-interwork -o obj/version
.o version.c
version.c:8:2: error: missing terminating " character
version.c:8: error: missing terminating " character
version.c:9:1: error: missing terminating " character
version.c:9: error: missing terminating " character
cc1.exe: warnings being treated as errors
version.c:10: error: initializer-string for array of chars is too long
version.c:10: error: (near initialization for 'version_information.svnversion')
make[1]: *** [obj/version.o] Error 1
make[1]: Leaving directory `/home/pm3/bootrom'
make: *** [bootrom/all] Error 2

The compilation fails

What is the expected output? What do you see instead?

version.c:8:2: error: missing terminating " character
version.c:8: error: missing terminating " character
version.c:9:1: error: missing terminating " character
version.c:9: error: missing terminating " character

What version of the product are you using? On what operating system?

Windows 7
I download last versions with links from PM3-UserGuide-v7.pdf

Please provide any additional information below.

What steps will reproduce the problem?
1. I checkout the last version code with subcommander from google repository
2. Run D:\prox-dev\proxmark\cockpit>0setpath.bat
Microsoft Windows [Versión 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Reservados todos los derechos.
Result its ok!
3. run D:\prox-dev\proxmark\cockpit>5makeall.bat

D:\prox-dev\proxmark\cockpit>call 1makearm.bat
perl ../tools/mkversion.pl .. > version.c || copy ../common/default_version.c ve
rsion.c
arm-eabi-gcc -c -I../include -I../common -Wall -Werror -pedantic -std=gnu99 -O2
-DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -DWITH_ISO14443b -I. -mthumb -mthumb-
interwork -o obj/version.o version.c
process_begin: CreateProcess(NULL, arm-eabi-gcc -c -I../include -I../common -Wal
l -Werror -pedantic -std=gnu99 -O2 -DWITH_LF -DWITH_ISO15693 -DWITH_ISO14443a -D
WITH_ISO14443b -I. -mthumb -mthumb-interwork -o obj/version.o version.c, ...) fa
iled.
make (e=2): file specified not found.
make: *** [obj/version.o] Error 2
perl ../tools/mkversion.pl .. > version.c || copy ../common/default_version.c ve
rsion.c
Access denied.
The sintax command its wrong.
make: *** [version.c] Error 1

Microsoft (R) Program Maintenance Utility Version 9.00.30729.01
Copyright (C) Microsoft Corporation.  All rights reserved.


What is the expected output? What do you see instead?

I can´t to compile the code

What version of the product are you using? On what operating system?

Windows 7
Last version of Compile Environment
Last version from google repository

Please provide any additional information below.
I try compilig with instrucctions from wiki 

After downloading the latest SVN on 10-10-2009 I ran into a problem
compiling on Windows using the ProxSpace found at
http://proxmark3.googlecode.com/files/2 … xSpace.zip

Visual studio 9 does not like strncasecmp. And resulted in the following error:

cl /W3 /nologo /Zi /MT /Fdobj/vc90.pdb /I"..\..\devkitWIN"\include
/D_WIN32_WINN
T=0x501 /DISOLATION_AWARE_ENABLED /D_WIN32_IE=0x600 /DWIN32_LEAN_AND_MEAN
/DWIN3
2 /D_MT /D_CRT_SECURE_NO_WARNINGS -c -Foobj/command.obj command.cpp
command.cpp
command.cpp(2837) : error C3861: 'strncasecmp': identifier not found
command.cpp(2839) : error C3861: 'strncasecmp': identifier not found
command.cpp(2841) : error C3861: 'strncasecmp': identifier not found
command.cpp(2843) : error C3861: 'strncasecmp': identifier not found
make: *** [proxmark3] Error 2

In order to resolve this I added the following lines to command.cpp
starting at line 21.

#if defined(_WIN32) || defined(_WIN64)
#define strncasecmp _strnicmp
#endif

Also the Makefile in winsrc contained the following line:
BASE_DIR    ?= "..\..\devkitWIN"

The quotes could be an issue depending on the  build environment.  I
changed the line in my source to the following:
BASE_DIR    ?= ..\..\devkitWIN

Attached is the diff for the files.

In the latest revisions of the firmware, several commands are broken

"hw tune" command does not work anymore
The proxmark receives and processes the command (green led on, then off after a 
while and finally the orange blinks) but the client never gets/prints the 
result.

Same thing for "lf" commands (at least "lf read").
Here is the output I get:
proxmark3> lf read
Waiting for a response from the proxmark...          
Don't forget to cancel its operation first by pressing on the button 

mifare commands still work so it is probably related to the recent rework of 
the internals.

regression
lf read h
stopped working

reproduce:
proxmark3> lf read h
use 'read' or 'read h'
proxmark3>

command returns an error message

What steps will reproduce the problem?
1. Trying to compile the current version (r486) on a Mac system. 
2. Trying to compile with arm-eabi-gcc >=4.6

What is the expected output? What do you see instead?
Expected output is a successful compilation.

Instead, on Mac:

util.c:45:19: error: conio.h: No such file or directory
util.c: In function ‘ukbhit’:
util.c:47: warning: implicit declaration of function ‘kbhit’
make[1]: *** [obj/util.o] Error 1
make: *** [client/all] Error 2

Also, on Mac or Linux with arm-eabi-gcc >= 4.6:

appmain.c: In function 'MeasureAntennaTuning':
appmain.c:189:9: error: variable 'ptr' set but not used 
[-Werror=unused-but-set-variable]
cc1: all warnings being treated as errors

make[1]: *** [obj/appmain.o] Error 1
make: *** [armsrc/all] Error 2


What version of the product are you using? On what operating system?
r486 on Mac OS X 10.6.6 and Ubuntu 11.04

Please provide any additional information below.

"ukbhit" error can be solved by adding "__APPLE__" to the first #ifdef in 
/client/util.c 

"variable ptr" error can be solved by compiling using arm-eabi-gcc version 4.5 
(r31).

However, on Mac OS X, even after these changes and a successful build, 
execution of any command within ./proxmark3 results in a segmentation fault. 

What steps will reproduce the problem?
1. Latest SVN
2. hf 14a snoop
3. hf 14a list


What is the expected output? What do you see instead?
First time, and sniffing a reader<->card communication, the hf 14a list command 
produces a trace 
of the communication between the reader and the card. The second .. n:th time, 
it produces no 
results.

Snooping should also be possible in ISO15693 mode. Since this mode uses the
same FPGA modes as ISO14443-B, it might be possible to do this without
touching the FPGA.

FPGA + ARM source code should be updated to enable raw snooping in LF mode.

What steps will reproduce the problem?
1. hf 14a snoop and sniff for a while

What is the expected output? What do you see instead?
Expected is the complete sniffed trace, obtained ,according to the client code, 
is only the first 1920B.

What version of the product are you using? On what operating system?
Tried several versions, currently using 526 on win 7.

Please provide any additional information below.
The snoop buffer is fixed to a specific value - 1920B, which is not sufficient 
in most cases. Changing the buffer sizes is tricky because it has to be done on 
several places and if done incorrectly buffer overflow(or something like that) 
occurs.

To reproduce:

run proxmark3 from cmd line, define incorrect port - 

\pm3-bin-715\win32>proxmark3 COM9
ERROR: invalid serial port
proxmark3> quit

then crash.

The following patch contains a refactored code of the iso15693 implementation 
as well as several enhancements:

1) A new interface to send commands directly to a tag (on the shell via the "HF 
15 CMD ..." comands; via USB using the new CMD_ISO_15693_COMMAND and 
CMD_ISO_15693_COMMAND_DONE messages). This allows easy access to the command & 
data layer of a tag. (see examples below) 

2) A way to bruteforce the AFI (Application Family Identifier) of an tag, as 
there is no standardized way of reading. (there is only a way to set it in the 
ISO-Standard)

3) An easy to use memory dump function that reads out all memory pages.

4) A small database that detects the manufacturer and type of a tag based on 
the UID. (see client/cmdhf15.c)

5) So far the code only supported the hispeed reader-to-tag mode called "1of4". 
I've added the "1of256" mode. There is still a lot to be done: There are 4 
possible modes for a tag to send data back (hi/lowspeed with either ASK or 
FSK). We still only support one of them (hispeed ASK).

6) The iso15693 code has been refactored to better fit the coding guidelines, 
although there is still work left on that. Common definitions and code between 
client and armsrc have been moved to shared .h/.c files.




Some usage examples:

Send an INQUIRY Command to tags in range:

proxmark3> hf 15 cmd inquiry
UID=E00700001A0xxxxxx
Tag Info: Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit


Read page 2 from a specific tag:

proxmark3> hf 15 cmd read E0054000076xxxxx 2
Using UID E0054000076xxxxx
2E 80 53 42   ..SB

Read page 2 from a tag in range (automatically find tag via INQUIRY first)

proxmark3> hf 15 cmd read * 2
Using UID E0054000076xxxxx
2E 80 53 42   ..SB

Read page 2 from any tag in range - using unaddressed commands (not supported 
by all tags)

proxmark3> hf 15 cmd read u 2
2E 80 53 42   ..SB

Write data to page 20 on a tag:

proxmark3> hf 15 cmd read u 20
 00 00 00 00 

proxmark3> hf 15 cmd write -o u 20 1234ABCD
 no answer

proxmark3> hf 15 cmd read u 20
 12 34 AB CD    

Note: the OPTION-Flag (-o) is mandatory on all TI Hi-Tags HF-I.
Note: As writing takes longer then usual operations, we run into a timeout - 
but the data is still written.

Send raw data to a tag:

proxmark3> hf 15 cmd raw -2 -c 26 01 00
received 12 octets

where -2 turnes of 1of256 longrange/lowspeed mode and -c calculates the correct 
CRC and adds it.
To view the received data, you have to turn of debug mode, which will also give 
you other info as well:

proxmark3> hf 15 cmd debug 1
#db# Iso15693 Debug is now on


Read all the memory from a tag (shown as HEX and ASCII):

proxmark3> hf 15 dumpmemory
Reading memory from tag UID=E00700001A0xxxxx
Tag Info: Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit
Block  0   00 00 FC 2A    ...*
Block  1   00 00 00 00    ....
Block  2   0B B8 67 94    ..g.
Block  3   57 A8 2D A6    W.-.
...


Find the AFI of an Tag:

proxmark3> hf 15 findafi
#db# NoAFI UID=E00700001A0xxxxx
#db# AFI=0 UID=E00700001A0xxxxx
#db# AFI=20 UID=E00700001A0xxxxx
#db# AFI Bruteforcing done.

Note: a "SetAFI" command will be added soon.



Things left to be done:

*) writing to tags takes longer then reading: we miss the answer from the tag 
in most cases  -> tweak the timeout 

*) Add more tag commands to the client - for example SetAFI, SetDSFID or the 
famous KillTag-Command of TI.

*) signal decoding from the card is still a bit shaky, although I tweaked it a 
bit to make it more error resistant.

*) signal decoding is unable to detect collisions.

*) add anti-collision support for inventory-commands 

*) sniffing and simulation do only support one transmission mode. need to 
support all 8 transmission combinations - this is imho the only way to make the 
tag simulator work on all readers. Then add memory-simulation.

*) remove or refactor old code in the "deprecated"-section

*) document all the functions

What steps will reproduce the problem?
1. connect proxmark
2. run client
3. run hf mf eload dumpname
4. shit hangs

OR

1. connect proxmark
2. run client
3. run hf mf esave dumpname
4. shit hangs, and green diode on proxmark blinks as fucked

What is the expected output? What do you see instead?

Is expected to load/save shit into/from memory, instead i get nothing/only 
shitty blinking led

What version of the product are you using? On what operating system?

#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: svn 716 2013-05-23 15:00:10                 
#db# os: svn 716 2013-05-23 15:00:10

Ubuntu

What steps will reproduce the problem?
proxmark3> hw tune
# HF antenna: 11.50 V @    13.56 MHz
proxmark3> hf 14b snoop

What is the expected output? What do you see instead?
Begin the snoop of ISO-14443-B session, instead I have always the error "blew 
circular buffer"

What version of the product are you using? On what operating system?
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 468 2011-04-24 20:17:51
#db# os: svn 468 2011-04-24 20:17:51
#db# FPGA image built on 2009/12/ 8 at  8: 3:54

Linux/Windows.

The problem is present also in old versions

Please provide any additional information below.
I tested many antennas and tags ISO-14443-B but I have always "blew circular 
buffer".

BUGS:
---------------
svn co http://proxmark3.googlecode.com/svn/trunk proxmark3-read-only
Checked out revision 468.

MPFR=http://ftp.gnu.org/gnu/mpfr/mpfr-2.4.2.tar.bz2
#MPFR=http://mpfr.loria.fr/mpfr-current/mpfr-${MPFR_VER}.tar.bz2
---------


http://www.proxmark.org/forum/topic/713/proxbrute/
-rmccurdy.com

What steps will reproduce the problem?
1. as i place the pm3's antenna close to reader ,the reader encounters error 
,so i pulling back pm3's antenna enough to make reader work, but now the only 
sniffed signals are belong to tag.what should i do?


What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?

bootrom:svn 442 2010-06-04
os:version information not available
fpga image built on 2009/12/08

Please provide any additional information below.

osimage revision 468 (latest)

If for(;;) loop in SnoopIso1443a break (because the trace buffer is full) the 
same statistic is printed twice because the same Dbprintf that's just above 
'done:' label is repeated bellow it also.

I assume the first can be deleted because the second will handle both cases 
(FINISHED because trace buffer full, CANCELLED by button press).

What steps will reproduce the problem?
1.  run the proxmark3.exe
2.  the client will response nothing when I call hw version some things.  

What is the expected output? What do you see instead?

response me the hardware version, but nothing happen.

What version of the product are you using? On what operating system?

i am using the r729 on windows xp sp3 and windows 7 x64

Please provide any additional information below.

pls refer my attach source to get more clear idea.

See

http://www.proxmark.org/forum/viewtopic.php?pid=7152#p7152

http://www.proxmark.org/forum/viewtopic.php?pid=7153#p7153

r617 does not compile

----------------------------------------------------------------
g++ -I/qt/include -I/qt/include/QtCore -I/qt/include/QtGui obj/proxmark3.o obj/n
once2key/crapto1.o obj/nonce2key/crypto1.o obj/nonce2key/nonce2key.o obj/mifareh
ost.o obj/crc16.o obj/iso14443crc.o obj/iso15693tools.o obj/data.o obj/graph.o o
bj/ui.o obj/util.o obj/cmddata.o obj/cmdhf.o obj/cmdhf14a.o obj/cmdhf14b.o obj/c
mdhf15.o obj/cmdhfepa.o obj/cmdhflegic.o obj/cmdhficlass.o obj/cmdhfmf.o obj/cmd
hw.o obj/cmdlf.o obj/cmdlfem4x.o obj/cmdlfhid.o obj/cmdlfti.o obj/cmdparser.o ob
j/cmdmain.o obj/proxusb.o obj/proxgui.o obj/proxguiqt.o obj/proxguiqt.moc.o -L/o
pt/local/lib -L/usr/local/lib -lusb -lreadline -lpthread -L/qt/lib -lQtCore4 -lQ
tGui4 -o proxmark3
obj/cmdhfepa.o: In function `CmdHFEPACollectPACENonces':
C:\proxmark\ProxSpace\pm3\client/cmdhfepa.c:63: undefined reference to `sleep'
collect2: ld returned 1 exit status
make[1]: *** [proxmark3] Error 1
make[1]: Leaving directory `/home/pm3/client'
make: *** [client/all] Error 2
----------------------------------------------------------------

Possible solution: #include "sleep.h" in cmdhfepa.c

Hi, wanted to ask which firmware to run. Some commands doesn't run with 
different firmwares. Also the green LED doesn't work.

I tried to loread h a tag and always get different value with the same tag.

Any help appriciated...

Thanks

Here is a patch that fixes the problem with claiming the device under linux
and also provides a cli to run arbitrary commands (based on snooper).

What steps will reproduce the problem?
1. ./proxmark3 
2. data plot
3. ##segfault## (1 out of 3)

Without this patch I get a segfault every 3 "data plot" command (with or 
without data in GraphBuffer[]). My system is x86_64.

Here is the patch:
####################################
Index: proxguiqt.cpp
===================================================================
--- proxguiqt.cpp       (revision 465)
+++ proxguiqt.cpp       (working copy)
@@ -282,6 +282,8 @@
        palette.setColor(QPalette::Button, QColor(100, 100, 100));
        setPalette(palette);
        setAutoFillBackground(true);
+       CursorAPos = 0;
+       CursorBPos = 0;
 }

 void ProxWidget::closeEvent(QCloseEvent *event)
####################################

William

What steps will reproduce the problem?
1. Execute tools/install-gnuarm4.sh ~/gnuarm `pwd`/tmp

What is the expected output? What do you see instead?
It should install the toolchain but the download
http://mpfr.loria.fr/mpfr-current/mpfr-2.4.2.tar.bz2 does not exists.


Please provide any additional information below.
Now there are available
http://mpfr.loria.fr/mpfr-current/mpfr-3.0.0.tar.bz2

What steps will reproduce the problem?
1. Open proxmark3
2. Issue command "data mandemod" or "lf em4x em410xread"

What is the expected output? What do you see instead?
The application should do a manchester demodulation of the samples in the plot 
window OR 
interpret a EM410x tag from the current downloaded proxmark data. Instead, the 
application 
receives EXC_BAD_ACCESS or Segmentation Fault signal, in the entry to the 
CmdManchesterDemod/CmdEM410xRead methods.

What version of the product are you using? On what operating system?

r468 on Ubuntu 10.10 - 64



When dumping ISO 15693 tags, the client often prints malformed UIDs:

proxmark3>  hf 15 dumpmemory
proxmark3> Reading memory from tag UID=E007000011FE6B0CЊt
Tag Info: Texas Instrument; Tag-it HF-I Plus Inlay; 64x32bit
proxmark3> Block  0   20 23 0A 23     #.#
...

Sometimes the client just crashes:

#0  0x00007ffff5bcd067 in __vfprintf_chk () from /lib/libc.so.6
#1  0x0000000000404f71 in vfprintf (
    fmt=0x414dc8 "Reading memory from tag UID=%s")
    at /usr/include/bits/stdio2.h:128
#2  PrintAndLog (fmt=0x414dc8 "Reading memory from tag UID=%s") at ui.c:44
#3  0x000000000040b2a0 in CmdHF15DumpMem (Cmd=<value optimized out>)
    at cmdhf15.c:280
...

The problem results from an invalid buffer length in iso15693tools.c in
function Iso15693sprintUID():

char* Iso15693sprintUID(char *target,uint8_t *uid) {
  static char tempbuf[9]="";
  if (target==NULL) target=tempbuf;
  sprintf(target,"%02hX%02hX%02hX%02hX%02hX%02hX%02hX%02hX",
        uid[7],uid[6],uid[5],uid[4],uid[3],uid[2],uid[1],uid[0]);
  return target;
}

The tempbuf can store up to 9 bytes, but the sprintf will write 2*8 bytes
plus one byte for an end marker. Therefore the tempbuf should be declared
as:

static char tempbuf[2*8+1]={0};

What steps will reproduce the problem?
1. run the proxmark3.exe
2. call data samples
3. then the client will crash


What version of the product are you using? On what operating system?

i am using the r729 on windows xp sp3

Please provide any additional information below.

I think it is the problem by the WaitForResponse(CMD_ACK, NULL) call from the 
cmdmain.c files. I have change the code to get a more safety way to resolve it. 

At the moment there is a "flasher" utility in the linux codebase, which
worked on a special firmware fork not compatible with the mainline
firmware. It should be updated to enable flashing the firmware on Linux,
just like the "prox load" or "prox fpga" commands.

This is a feature request (or maybe something stupid, sorry if It's that but 
I'm newbie on proxmark).

I saw that proxmark works with some components; a fgpa and an arm chipset. The 
OS running on ARM is working with logical layer and It is in communication with 
fpga who works with the physical layer. And there is an "external" component; 
the computer who talks with proxmark using USB interface.

I also saw that most of the logic are included into ARM OS (like card 
read/write instructions, some card emulations, etc) and I think that this can 
be a mistake. In my opinion the OS inside ARM has to do just little things and 
the big ones must to be implemented into PC side. The idea is that Proxmark OS 
provides a basic API raw_read/raw_write and "protocols" (and attacks) like 
mifare can be implemented on PC side.

In the same way, the sniffing (or snooping) feature can stream the information 
directly to PC to manage the information instead of fill a internal buffer.

I'm not sure if all of that It's stupid and can't be done because USB is too 
slow for some things that need to be fast on phisical layer. If It's that just 
tell me.

Thanks you for your work.

svn rev 316

losim sends the buffer to the proxmark in chunks of 48 bit.
After sending about 10 to 20 chunks the UsbCommand does not return.

Adding some timeout while sending on the client side (in command.c) or an
the proxmark in appmain.c does improve the situation but not reliable.

The only reliable (but dirty) solution I found was to send an answer back
for each received packet.

Patch included.

What steps will reproduce the problem?
Run "hf mf nested 1 0 a ffffffffffff" on a card whose first sector is locked 
with ffffffffffff key a, other sectors locked with other keys

What is the expected output? What do you see instead?
expected output:
Found valid key:4b6a3719d32a
actual output:
Found valid key:00003719d32a
the first 2 bytes are zeroed

Also the summary at the end of the command is wrong:
|---|----------------|-------|----------------|-------------|
|sec|key A           |res    |key B           |res          |
|---|----------------|-------|----------------|-------------|
|000|  0000ffffffff  | 65535 |  000000000001  | -85167063   |
|001|  0000197dc50f  | 15200 |  000000000001  | 704548052   |
|002|  000019fae87c  | 53575 |  000000000001  | 922793753   |
|003|  000099d627ff  | 1819  |  000000000001  | 924439338   |
|004|  0000a471d423  | 65064 |  000000000001  | -1801225694 |
|005|  00002a9fc954  | 41598 |  000000000001  | 414542648   |
|006|  000018b850ca  | 48236 |  000000000001  | 715074929   |
|007|  00009e1c64d3  | 8090  |  000000000001  | -1696862380 |
|008|  00004315ab29  | 22157 |  000000000001  | 398629738   |
|009|  0000111d4326  | 6234  |  000000000001  | 875735394   |
|010|  000073f70fd5  | 2493  |  000000000001  | -1956914071 |
|011|  0000c9b383ad  | 11080 |  000000000001  | 613525088   |
|012|  0000b91c6705  | 22056 |  000000000001  | 1652553483  |
|013|  0000315a1980  | 56244 |  000000000001  | -1954200790 |
|014|  00002491a6fa  | 13765 |  000000000001  | -1491499758 |
|015|  000064c71145  | 53413 |  000000000001  | 2034906379  |
|---|----------------|-------|----------------|-------------|

What version of the product are you using? On what operating system?
WinXp 32 bit, r604 compiled with ProxSpace-20100226-r390.7z, clean except for 
CROSS ?= arm-eabi- in the makefile.

Please provide any additional information below.
The bug also happened with "hf mf mifare", the key displayed missed the first 2 
bytes. I will run the command again later and add the exact output to this bug.
If saving the keys with "hf mf nested 1 0 a ffffffffffff d" the key file 
contains the *right* key, the bug only seem to impact the display, the 
algorithm gathers the right keys.

What steps will reproduce the problem?
1. running the command hf mf restore on a card that does not have 0xFFFFFFFFFFF 
as the key


What version of the product are you using? On what operating system?
revision 569.

Please provide any additional information below.

need to change keytype to type 1 and ensure key is keyB for writing. Working 
code is as below:

int CmdHF14AMfRestore(const char *Cmd)
{

    int i,j;
    uint8_t keyType = 1;
    uint8_t bldata[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    uint8_t keyA[16][6];
    uint8_t keyB[16][6];

    FILE *fdump;
    FILE *fkeys;

    if ((fdump = fopen("dumpdata.bin","rb")) == NULL) {
        PrintAndLog("Could not find file dumpdata.bin");
        return 1;
    }
    if ((fkeys = fopen("dumpkeys.bin","rb")) == NULL) {
        PrintAndLog("Could not find file dumpkeys.bin");
        return 1;
    }

    for (i=0 ; i<16 ; i++) {
        fread(keyA[i], 1, 6, fkeys);
    }
    for (i=0 ; i<16 ; i++) {
        fread(keyB[i], 1, 6, fkeys);
    }

    PrintAndLog("Restoring dumpdata.bin to card");

    for (i=0 ; i<16 ; i++) {
        for( j=0 ; j<4 ; j++) {
            UsbCommand c = {CMD_MIFARE_WRITEBL, {i*4 + j, keyType, 0}};
            memcpy(c.d.asBytes, keyB[i], 6);

            fread(bldata, 1, 16, fdump);

            if (j == 3) {
                bldata[0]  = (keyA[i][0]);
                bldata[1]  = (keyA[i][1]);
                bldata[2]  = (keyA[i][2]);
                bldata[3]  = (keyA[i][3]);
                bldata[4]  = (keyA[i][4]);
                bldata[5]  = (keyA[i][5]);
                bldata[10] = (keyB[i][0]);
                bldata[11] = (keyB[i][1]);
                bldata[12] = (keyB[i][2]);
                bldata[13] = (keyB[i][3]);
                bldata[14] = (keyB[i][4]);
                bldata[15] = (keyB[i][5]);
            }       

            PrintAndLog("Writing to block %2d: %s", i*4+j, sprint_hex(bldata, 16));

            /*
            PrintAndLog("Writing to block %2d: %s Confirm? [Y,N]", i*4+j, sprint_hex(bldata, 16));

            scanf("%c",&ch);
            if ((ch != 'y') && (ch != 'Y')){
                PrintAndLog("Aborting !");
                return 1;
            }
            */

            memcpy(c.d.asBytes + 10, bldata, 16);
            SendCommand(&c);
            UsbCommand *resp = WaitForResponseTimeout(CMD_ACK, 1500);

            if (resp != NULL) {
                uint8_t isOK  = resp->arg[0] & 0xff;
                PrintAndLog("isOk:%02x", isOK);
            } else {
                PrintAndLog("Command execute timeout");
            }
        }
    }

    fclose(fdump);
    fclose(fkeys);
    return 0;
}

I have "successfully" implemented an ISO-15693.  Using the PM3 with a TI- 
TRF7960 Reader/writer I can respond to an Inventory command and read block 
command and a Write-with-Password command.  This work\s with a single and 
double subcarrier request.

My problem is that the system does not work with the third party ready I am 
trying to attach.  when I snoop the reader with an actual Tag present i get

25010092E5                                                                      
    *** Inventory One slot - dual subcarrier
41200055B9                                                                      
    *** Read Block 00 - dual subcarrier - option flag
412001DCA8                                                                      
    *** Read Block 01 - dual subcarrier - option flag
412002479A                                                                      
    *** Read Block 03 - dual subcarrier - option flag
412003CE8B                                                                      
    *** Read Block 03 - dual subcarrier - option flag
61A50792722B6028C507E03C0B9E8B03000000004708      *** Write with Pwd block 03 - 
dual subcarrier - address - opt
412003CE8B                                                                      
     *** Read block 03 check if write was successful

When I replace the Tag with the PM3 all I get is the inventory Command - 
25010092E5.  So I guess the reader is not getting the response from the PM3.  
Yet the PM3 tag simulator can successfully respond to all these commands using 
the TI- TRF7960 Reader/writer.

Can anyone explain why the the Tag Simulator would work with the TI system and 
not the unknown reader?

The relevant code is attached.  
Note:  for the short term I have changed hi_simulate for ISO15693 tag 
modulation.  Once this is working, I will add a new 15692 module.  

What steps will reproduce the problem?
1. hf 14a sim 12345678


What is the expected output? What do you see instead?
Expected to send correct ( 12345678 ) card number to reader. 


What version of the product are you using? On what operating system?
latest:

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 468-unclean 2011-02-11 00:39:27
#db# os: svn 468-unclean 2011-02-11 00:39:28
#db# FPGA image built on 2009/12/ 8 at  8: 3:54

OMG OPTIMIZED

At least vchdemod and flexdemod, others should be reviewed as well.
Short term fix: i++ => i+=2
Workaround: run "dec" first to decimate the data

Linux CLI can now be used offline but still some todo:
- safeguard commands requiring online mode, currently they segfault
- port it to the windows CLI as well
- document this new feature in the changelog & readme

What steps will reproduce the problem?
1. ./proxmark3
2. tune

What is the expected output? What do you see instead?
I expcet the CLI to do the usual tuning. Instead, I see the help page as if
I entered anything wrong:

proxmark3> tune
help             This help. Use '<command> help' for details of the
following commands:

data             { Plot window / data buffer manipulation... }
exit             Exit program
hf               { HF commands... }
hw               { Hardware commands... }
lf               { LF commands... }
quit             Quit program
proxmark3> quit



What version of the product are you using? On what operating system?
Revision 438.
Gentoo Linux running 2.6.32.2 on x86_64 Intel(R) Core(TM)2 Quad CPU Q9550 @
2.83GHz

Please provide any additional information below.
Nope, I wouldn't know what.

[deleted issue]

What steps will reproduce the problem?
1. lf read
2. data plot (without issuing 'data samples')
This is the way to reproduce it for sure. When I first say 'data samples' I
am able to plot the data, but the program will crash later on a random
basis - mouse click in the window, another data-command, etc. etc.

What is the expected output? What do you see instead?
I would expect to see the plot window. What I see is an output similar to this:
proxmark3> *** buffer overflow detected ***: ./proxmark3 terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x6693ed8]
/lib/tls/i686/cmov/libc.so.6[0x6692f10]
/lib/tls/i686/cmov/libc.so.6[0x6692648]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0x9e)[0x661c59e]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0xe1c)[0x65f095c]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xad)[0x66926fd]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0x669263d]
./proxmark3[0x8057b5c]
/usr/lib/libQtGui.so.4(_ZN7QWidget5eventEP6QEvent+0x524)[0x99cdd4]
/usr/lib/libQtGui.so.4(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent
+0xb4)[0x947f54]
/usr/lib/libQtGui.so.4(_ZN12QApplication6notifyEP7QObjectP6QEvent+0xda)[0x94f5ca
]
/usr/lib/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+
0x7b)[0x6df6cb]
/usr/lib/libQtGui.so.4(_ZN14QWidgetPrivate10drawWidgetEP12QPaintDeviceRK7QRegion
RK6QPointiP8QPainterP19QWidgetBackingStore+0x525)[0x9a4e25]
/usr/lib/libQtGui.so.4[0xb332f8]
/usr/lib/libQtGui.so.4[0xb3377a]
/usr/lib/libQtGui.so.4(_ZN14QWidgetPrivate16syncBackingStoreERK7QRegion+0x65)[0x
996055]
/usr/lib/libQtGui.so.4[0x9ae090]
/usr/lib/libQtGui.so.4(_ZN12QApplication15x11ProcessEventEP7_XEvent+0x1462)[0x9b
c6f2]
/usr/lib/libQtGui.so.4[0x9e9502]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1f8)[0x4a5e88]
/lib/libglib-2.0.so.0[0x4a9730]
/lib/libglib-2.0.so.0(g_main_context_iteration+0x73)[0x4a9863]
/usr/lib/libQtCore.so.4(_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEve
ntLoop17ProcessEventsFlagEE+0x5c)[0x70a02c]
/usr/lib/libQtGui.so.4[0x9e8be5]
/usr/lib/libQtCore.so.4(_ZN10QEventLoop13processEventsE6QFlagsINS_17ProcessEvent
sFlagEE+0x49)[0x6ddc79]
/usr/lib/libQtCore.so.4(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0x
fa)[0x6de0ca]
/usr/lib/libQtCore.so.4(_ZN16QCoreApplication4execEv+0xaf)[0x6e053f]
/usr/lib/libQtGui.so.4(_ZN12QApplication4execEv+0x27)[0x947dd7]
./proxmark3[0x8055dd7]
./proxmark3[0x804b49f]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x65c9b56]
./proxmark3[0x804b391]
======= Memory map: ========
00110000-00134000 r-xp 00000000 08:05 24971     
/lib/tls/i686/cmov/libm-2.10.1.so
00134000-00135000 r--p 00023000 08:05 24971     
/lib/tls/i686/cmov/libm-2.10.1.so
00135000-00136000 rw-p 00024000 08:05 24971     
/lib/tls/i686/cmov/libm-2.10.1.so
00136000-00152000 r-xp 00000000 08:05 16701      /lib/libgcc_s.so.1
00152000-00153000 r--p 0001b000 08:05 16701      /lib/libgcc_s.so.1
00153000-00154000 rw-p 0001c000 08:05 16701      /lib/libgcc_s.so.1
00154000-00188000 r-xp 00000000 08:05 16416      /lib/libncurses.so.5.7
00188000-00189000 ---p 00034000 08:05 16416      /lib/libncurses.so.5.7
00189000-0018b000 r--p 00034000 08:05 16416      /lib/libncurses.so.5.7
0018b000-0018c000 rw-p 00036000 08:05 16416      /lib/libncurses.so.5.7
0018c000-001a4000 r-xp 00000000 08:05 25160      /usr/lib/libaudio.so.2.4
001a4000-001a5000 r--p 00017000 08:05 25160      /usr/lib/libaudio.so.2.4
001a5000-001a6000 rw-p 00018000 08:05 25160      /usr/lib/libaudio.so.2.4
001a6000-001c9000 r-xp 00000000 08:05 1155141    /usr/lib/libpng12.so.0.37.0
001c9000-001ca000 r--p 00022000 08:05 1155141    /usr/lib/libpng12.so.0.37.0
001ca000-001cb000 rw-p 00023000 08:05 1155141    /usr/lib/libpng12.so.0.37.0
001cb000-001cf000 r-xp 00000000 08:05 27719     
/usr/lib/libgthread-2.0.so.0.2200.3
001cf000-001d0000 r--p 00003000 08:05 27719     
/usr/lib/libgthread-2.0.so.0.2200.3
001d0000-001d1000 rw-p 00004000 08:05 27719     
/usr/lib/libgthread-2.0.so.0.2200.3
001d3000-001ee000 r-xp 00000000 08:05 16561      /lib/ld-2.10.1.so
001ee000-001ef000 r--p 0001a000 08:05 16561      /lib/ld-2.10.1.so
001ef000-001f0000 rw-p 0001b000 08:05 16561      /lib/ld-2.10.1.so
001f0000-0026a000 r-xp 00000000 08:05 27730      /usr/lib/libfreetype.so.6.3.20
0026a000-0026e000 r--p 00079000 08:05 27730      /usr/lib/libfreetype.so.6.3.20
0026e000-0026f000 rw-p 0007d000 08:05 27730      /usr/lib/libfreetype.so.6.3.20
0026f000-00276000 r-xp 00000000 08:05 24593      /usr/lib/libSM.so.6.0.0
00276000-00277000 r--p 00006000 08:05 24593      /usr/lib/libSM.so.6.0.0
00277000-00278000 rw-p 00007000 08:05 24593      /usr/lib/libSM.so.6.0.0
00278000-0027f000 r-xp 00000000 08:05 25323     
/lib/tls/i686/cmov/librt-2.10.1.so
0027f000-00280000 r--p 00006000 08:05 25323     
/lib/tls/i686/cmov/librt-2.10.1.so
00280000-00281000 rw-p 00007000 08:05 25323     
/lib/tls/i686/cmov/librt-2.10.1.so
00281000-00283000 r-xp 00000000 08:05 24970     
/lib/tls/i686/cmov/libdl-2.10.1.so
00283000-00284000 r--p 00001000 08:05 24970     
/lib/tls/i686/cmov/libdl-2.10.1.so
00284000-00285000 rw-p 00002000 08:05 24970     
/lib/tls/i686/cmov/libdl-2.10.1.so
00287000-002b8000 r-xp 00000000 08:05 18872      /lib/libreadline.so.5.2
002b8000-002b9000 ---p 00031000 08:05 18872      /lib/libreadline.so.5.2
002b9000-002ba000 r--p 00031000 08:05 18872      /lib/libreadline.so.5.2
002ba000-002bd000 rw-p 00032000 08:05 18872      /lib/libreadline.so.5.2
002bd000-002be000 rw-p 00000000 00:00 0 
002be000-002c0000 r-xp 00000000 08:05 27737      /usr/lib/libXau.so.6.0.0
002c0000-002c1000 r--p 00001000 08:05 27737      /usr/lib/libXau.so.6.0.0
002c1000-002c2000 rw-p 00002000 08:05 27737      /usr/lib/libXau.so.6.0.0
002c2000-002c5000 r-xp 00000000 08:05 16612      /lib/libuuid.so.1.3.0
002c5000-002c6000 r--p 00002000 08:05 16612      /lib/libuuid.so.1.3.0
002c6000-002c7000 rw-p 00003000 08:05 16612      /lib/libuuid.so.1.3.0
002c7000-002c9000 r-xp 00000000 08:05 28422      /usr/lib/gconv/UTF-16.so
002c9000-002ca000 r--p 00001000 08:05 28422      /usr/lib/gconv/UTF-16.so
002ca000-002cb000 rw-p 00002000 08:05 28422      /usr/lib/gconv/UTF-16.so
002cb000-003b1000 r-xp 00000000 08:05 26981      /usr/lib/libstdc++.so.6.0.13
003b1000-003b5000 r--p 000e6000 08:05 26981      /usr/lib/libstdc++.so.6.0.13
003b5000-003b6000 rw-p 000ea000 08:05 26981      /usr/lib/libstdc++.so.6.0.13
003b6000-003bd000 rw-p 00000000 00:00 0 
003bd000-003f9000 r-xp 00000000 08:05 27554     
/usr/lib/libgobject-2.0.so.0.2200.3
003f9000-003fa000 r--p 0003b000 08:05 27554     
/usr/lib/libgobject-2.0.so.0.2200.3
003fa000-003fb000 rw-p 0003c000 08:05 27554     
/usr/lib/libgobject-2.0.so.0.2200.3
003fb000-00412000 r-xp 00000000 08:05 28258      /usr/lib/libICE.so.6.3.0
00412000-00413000 r--p 00016000 08:05 28258      /usr/lib/libICE.so.6.3.0
00413000-00414000 rw-p 00017000 08:05 28258      /usr/lib/libICE.so.6.3.0
00414000-00416000 rw-p 00000000 00:00 0 
00416000-0042a000 r-xp 00000000 08:05 16714      /lib/libz.so.1.2.3.3
0042a000-0042b000 r--p 00013000 08:05 16714      /lib/libz.so.1.2.3.3
0042b000-0042c000 rw-p 00014000 08:05 16714      /lib/libz.so.1.2.3.3
0042c000-00457000 r-xp 00000000 08:05 26937     
/usr/lib/libfontconfig.so.1.3.0
00457000-00458000 r--p 0002a000 08:05 26937     
/usr/lib/libfontconfig.so.1.3.0
00458000-00459000 rw-p 0002b000 08:05 26937     
/usr/lib/libfontconfig.so.1.3.0
00459000-0045d000 r-xp 00000000 08:05 29919     
/usr/lib/libXdmcp.so.6.0.0Aborted


What version of the product are you using? On what operating system?
Proxmark-SW: Latest version from svn.
OS: Ubuntu 9.10 - Linux 2.6.31-20-generic, libqt4-dev

Please provide any additional information below.
The issue still occurs on a random basis. Sometimes I am able to plot data,
sometimes the program crashes. Sometimes everything works fine until I
click into the window, sometimes the program crashes when I issue some
data-command like autocorr, etc. But I haven't yet figured out any rule
when it works and when it doesn't.


Maybe I did something wrong?! I have first posted the issue in the
community but was encouraged to register an issue here.

Thanks and regards,
Tom

osimage 468 (latest)

When unknown command has been received from reader then it's receivedCmd[3] 
byte is printed twice into output

I assume it's unintentional

What steps will reproduce the problem?

go.bat invokes perl to post-process the fpga.rbt file to render C code from 
this. However, the script rbt2c.pl is not present. Most likely it is an 
artefact from ancient times.

What is the expected output? What do you see instead?

Will result in an error message.

What version of the product are you using? On what operating system?

r698 | [email protected] | 2013-04-15 11:15:36 +0200 (Mo, 15 Apr 2013)

Please provide any additional information below.

What steps will reproduce the problem?
1. connect proxmark3
2. start client/proxmark3
3. issue hf 14a snoop
4. issue hf 14a list

What is the expected output? What do you see instead?

I expected to see the output of the buffer, however what I get is this:
proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: svn 517-unclean 2012-01-16 14:28:58                 
#db# os: svn 517-unclean 2012-01-16 14:28:59                 
#db# FPGA image built on 2009/12/ 8 at  8: 3:54                 
proxmark3> hf 14a snoop
proxmark3> hf 14a list
write failed: No error!
Trying to reopen device...

Connected units:
    1. SN:  [004/087]

Connected units:
    1. SN:  [004/087]

Connected units:
    1. SN:  [004/087]
...
This is repeated until the watchdog triggers and the device is restarted.

dmesg tells me:
[30254.160613] usb 4-1.2: new full speed USB device number 85 using ehci_hcd
[30254.232483] usb 4-1.2: device descriptor read/64, error -32
[30254.408288] usb 4-1.2: device descriptor read/64, error -32
[30254.528373] hub 4-1:1.0: unable to enumerate USB device on port 2
[30255.183285] usb 4-1.2: new full speed USB device number 87 using ehci_hcd
[30260.269540] usb 4-1.2: New USB device found, idVendor=9ac4, idProduct=4b8f
[30260.269543] usb 4-1.2: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
[30260.269545] usb 4-1.2: Product: ProxMark-3 RFID Instrument
[30260.269546] usb 4-1.2: Manufacturer: J. Westhues
[30260.269548] usb 4-1.2: SerialNumber: ChangeMe
[30260.271023] generic-usb 0003:9AC4:4B8F.003A: hiddev0,hidraw3: USB HID v1.00 
Device [J. Westhues ProxMark-3 RFID Instrument] on usb-0000:00:1d.0-1.2/input0
[30294.911904] usb 4-1.2: usbfs: USBDEVFS_CONTROL failed cmd proxmark3 rqt 128 
rq 6 len 255 ret -110
[30301.902818] usb 4-1.2: usbfs: USBDEVFS_CONTROL failed cmd proxmark3 rqt 128 
rq 6 len 255 ret -110
[30308.893848] usb 4-1.2: usbfs: USBDEVFS_CONTROL failed cmd proxmark3 rqt 128 
rq 6 len 255 ret -110
[30315.884776] usb 4-1.2: usbfs: USBDEVFS_CONTROL failed cmd proxmark3 rqt 128 
rq 6 len 255 ret -110
[30322.875665] usb 4-1.2: usbfs: USBDEVFS_CONTROL failed cmd proxmark3 rqt 128 
rq 6 len 255 ret -110
[30329.866700] usb 4-1.2: usbfs: USBDEVFS_CONTROL failed cmd proxmark3 rqt 128 
rq 6 len 255 ret -110

I'm trying this on Linux x64 3.0.1, libusb 1.0.9.

On a side note... Before a snoop command is issued, this works:
proxmark3> hf 14a list
recorded activity:          
 ETU     :rssi: who bytes          
---------+----+----+----------- 

And a similar problem is visible using card emulation:
proxmark3> hf 14a sim
Emulating 14443A TAG with UID 0               0          
write failed: No error!
Trying to reopen device...

Connected units:
    1. SN:  [004/089]
....

Let me know if I can provide any further information that helps in tracking 
this issue down...

This is probably what you mean.