| blob | be0414a58cf82bbdb3381a937ca21eb3a7d21102 |
1 //-----------------------------------------------------------------------------
2 // Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
3 //
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // See LICENSE.txt for the text of the license.
15 //-----------------------------------------------------------------------------
16 // HF_UNISNIFF: Integrated 14a/14b/15/picopass sniffer
17 //-----------------------------------------------------------------------------
19 /*
20 * 'hf_unisniff' integrates existing sniffer functionality for 14a/14b/15/iclass into
21 * one standalone module. It can sniff to the RAM trace buffer, or if you have
22 * a PM3 with Flash it will (optionally) save traces to SPIFFS.
23 *
24 * You can select which protocol will be sniffed with compile-time flags, or at
25 * runtime via button presses or a config file in SPIFFS. You can also choose
26 * whether it will append to the trace file for each sniffing session
27 * or create new ones.
28 *
29 * If the protocol to sniff is configured at compile time or in config file:
30 * Once the module is launched, it will begin sniffing immediately.
31 *
32 * If configured for runtime selection:
33 * Flashing LED(s) indicate selected sniffer protocol: A=14a, B=14b, A+B=15, C=iclass
34 * Short press cycles through options. Long press begins sniffing.
35 *
36 * Short-pressing the button again will stop sniffing, with the sniffed data in
37 * the trace buffer. If you have Flash, and have not set the 'save=none'
38 * option in the config file, trace data will be saved to SPIFFS. The default
39 * is to create a new file for each sniffing session, but you may configure it
40 * to append instead.
41 *
42 * Once the data is saved, standalone mode will exit.
43 *
44 * LEDs:
45 * - LED1: sniffing
46 * - LED2: sniffed tag command, turns off when finished sniffing reader command
47 * - LED3: sniffed reader command, turns off when finished sniffing tag command
48 * - LED4: unmounting/sync'ing flash (normally < 100ms)
49 *
50 * Config file: 'hf_unisniff.conf' is a plain text file, one option per line.
51 * Settings here will override the compile-time options.
52 *
53 * Currently available options:
54 * save = [new|append|none]
55 * new = create a new file with a numbered name for each session.
56 * append = append to existing file, create if not existing.
57 * none = do not save to SPIFFS, leave in trace buffer only.
58 *
59 * protocol = [14a|14b|15|iclass|user]
60 * which protocol to sniff. If you choose a protocol it will go directly
61 * to work. If you choose 'user' you may select the protocol at the start
62 * of each session.
63 *
64 * hf_unisniff.conf sample file:
65 * save=new
66 * protocol=14a
67 *
68 * Upload it to the Proxmark3 spiffs.
69 * mem spiffs upload -s hf_unisniff.conf -d hf_unisniff.conf
70 *
71 * To use the mode:
72 * Start mode by pressing the Proxmark3 button for 3 seconds. See ledshow as indicator its in standalone mode.
73 * present proxmark3 and card to the reader.
74 * press proxmark3 button to exit the standalone mode.
75 *
76 *
77 * To retrieve trace data from flash:
78 *
79 * 1. mem spiffs dump -s hf_unisniff_[protocol]_[number].trace -d hf_unisniff.trace
80 * Copies trace data file from flash to your PC.
81 *
82 * 2. trace load -f hf_unisniff.trace
83 * Loads trace data from a file into PC-side buffers.
84 *
85 * 3. For ISO14443a........ trace list -1 -t 14a
86 * For MIFARE Classic... trace list -1 -t mf
87 *
88 * Lists trace data from buffer without requesting it from PM3.
89 *
90 * This module emits debug strings during normal operation -- so try it out in
91 * the lab connected to PM3 client before taking it into the field.
92 * Use `hw dbg -3` for debug messages.
93 *
94 * To delete the trace data from flash:
95 * mem spiffs remove -f [filename]
96 *
97 * Caveats / notes:
98 * - Trace buffer will be cleared on starting stand-alone mode. Data in flash
99 * will remain unless explicitly deleted.
100 * - This module will terminate if the trace buffer is full (and save data to flash).
101 * - Like normal sniffing mode, timestamps overflow after 5 min 16 sec.
102 * However, the trace buffer is sequential, so will be in the correct order.
103 *
104 * Mostly this is based on existing code, i.e. the hf_1*sniff modules and dankarmulti.
105 * I find it handy to have multiprotocol sniffing on the go, and prefer separate trace
106 * files rather than appends, so here it is.
107 *
108 * If you really like navigating menus with one button and some LEDs, it also works
109 * with dankarmulti :)
110 *
111 * Enjoy!
112 */
133 #define HF_UNISNIFF_CONFIG_SIZE 128
135 // The logic requires USER be last.
136 #define HF_UNISNIFF_PROTO_14A 0
137 #define HF_UNISNIFF_PROTO_14B 1
138 #define HF_UNISNIFF_PROTO_15 2
139 #define HF_UNISNIFF_PROTO_ICLASS 3
140 #define HF_UNISNIFF_PROTO_USER 4
142 // Default, override in .conf
143 #define HF_UNISNIFF_SAVE_MODE HF_UNISNIFF_SAVE_MODE_NEW
144 #define HF_UNISNIFF_SAVE_MODE_NEW 0
145 #define HF_UNISNIFF_SAVE_MODE_APPEND 1
146 #define HF_UNISNIFF_SAVE_MODE_NONE 2
148 #ifdef WITH_FLASH
155 }
156 #endif
161 #ifdef WITH_FLASH
163 #endif
164 }
174 // some magic to allow for `hw standalone` command to trigger a particular sniff from inside the pm3 client
181 }
182 }
187 }
188 }
189 }
194 Dbprintf("Compile-time configured protocol... %s ( %u )", protocols[sniff_protocol], sniff_protocol);
195 }
197 #ifdef WITH_FLASH
200 // Allocate memory now for buffer for filename to save to. Who knows what'll be
201 // available after filling the trace buffer.
206 }
207 // Read the config file. Size is limited to defined value so as not to consume
208 // stupid amounts of stack
214 }
221 , fsize
222 , RDV40_SPIFFS_SAFETY_SAFE
223 );
225 // This parser is terrible but I think fairly memory efficient? Maybe better to use JSON?
229 // strip out all the whitespace and Windows line-endings
234 }
247 // If we got a selection here, override compile-time selection
252 }
253 }
257 // Assume NEW
262 }
266 }
267 }
268 }
271 }
275 Dbprintf("Run-time configured protocol.... %s ( %u )", protocols[sniff_protocol], sniff_protocol);
277 }
279 }
280 #endif
293 }
299 }
301 // Was our button held down or pressed?
306 sniff_protocol++;
309 }
313 }
323 }
329 }
330 }
331 }
351 }
358 #ifndef WITH_FLASH
359 // Keep stuff in BigBuf for USB/BT dumping
362 }
364 #else
365 // Write stuff to spiffs logfile
375 sprintf(filename, "%s_%s%s", HF_UNISNIFF_LOGFILE, protocols[sniff_protocol], HF_UNISNIFF_LOGEXT);
384 }
387 , HF_UNISNIFF_LOGFILE
389 , file_index
390 , HF_UNISNIFF_LOGEXT
391 );
392 }
399 }
400 }
410 }
411 }
413 }
422 #endif
426 }