iceman1001
commented
6 years ago Could it be the sample_buf memory is overwritting its memory in cmdmain.c when downloading from device since there is no array length checks there?
Closed Kaicastledine closed 5 years ago
iceman1001
commented
6 years ago Could it be the sample_buf memory is overwritting its memory in cmdmain.c when downloading from device since there is no array length checks there?
pwpiwi
commented
6 years ago No. It is that after a timeout (WaitForCommandTimeout()) it is possible to continue writing into sample_buf. If this happens to be an automatic variable (i.e. a stack location) which is already released, it overwrites other variables and the return address.
iceman1001
commented
6 years ago isn't sample_buf a pointer, used as global variable? What is a automatic variable in C?
pwpiwi
commented
6 years ago A variable declared inside a function and not static. sample_buf can point to it.
iceman1001
commented
6 years ago aha, you talk about local scope. Like the one inside CmdStatus ( cmdhw.c)
pwpiwi
commented
6 years ago No, it is not about local scope. Variables declared static inside a function have local scope too. But they have a memory reserved which remains valid after the function returns. The memory of an automatic variable is on stack and is reused for other purposes after the function returns.
pwpiwi
commented
6 years ago @Kaicastledine: could you test the fix in PR #597 ?
Kaicastledine
commented
6 years ago Apologies for the delay had to shelf the proxmark stuff but got some time again !
Latest test HEAD-fdee1ff
Lf read - has some issue after repeated use
KCMP-2:HEAD-fdee1ff kaicas$ Proxmark3 /dev/cu.usbmodem1421
Prox/RFID mark3 RFID instrument
bootrom: master/-suspect 2018-06-27 14:54:05
os: master/-suspect 2018-06-27 14:54:06
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 200278 bytes (38). Free: 324010 bytes (62).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 cd ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 cd ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 ce ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 cd ff ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 cd ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 cc ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 ce ff ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 cd ff ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 cd ff ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 cb ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 cd ff ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 ce ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
command execution time out
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 0 out of 0 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 ce ff ff ff ...
Reading 39999 bytes from device memory
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 0 out of 0 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 ce ff ff ff ...
Data fetched
WARNING: Command buffer about to overwrite command! This needs to be fixed!
proxmark3> lf read
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
command execution time out
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 0 out of 0 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 ce ff ff ff ...
Reading 39999 bytes from device memory
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 0 out of 0 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 ce ff ff ff ...
Data fetched
WARNING: Command buffer about to overwrite command! This needs to be fixed!
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 00 cf ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 00 cd ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1 If I then switch to HF search without reboot or proxmark exit. I get lag and inconstant results
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 00 cd ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf search
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
command execution time out
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
No Known Tags Found!
proxmark3> hf search
UID :
ATQA : 00 00
SAK : 00 [240000]
Tag is not Ultralight | NTAG | MY-D [ATQA: 00 04 SAK: 08]
TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proprietary non iso14443-4 card found, RATS not supported
Chinese magic backdoor commands (GEN 1a) detected
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
CC: 00 00 00 00 00 00 00 00
no known/supported 13.56 MHz tags found
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
PRNG UID: Reply timeout.
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : f5 e6 a1 ac
- TL : length is 245 bytes
ATS may be corrupted. Length of ATS (4 bytes incl. 2 Bytes CRC) doesn't match TL
- T0 : TA1 is NOT present, TB1 is present, TC1 is present, FSCI is 6 (FSC = 96)
- TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 10 (FWT = 4194304/fc)
- TC1 : NAD is NOT supported, CID is NOT supported
- HB : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Chinese magic backdoor command (GEN 1b) detected
PRNG data error: Wrong length: 0
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : e3 3f 18 f6
- TL : length is 227 bytes
ATS may be corrupted. Length of ATS (4 bytes incl. 2 Bytes CRC) doesn't match TL
- T0 : TA1 is present, TB1 is present, TC1 is NOT present, FSCI is 15 (FSC = 4294967295)
- TA1 : different divisors are supported, DR: [], DS: [2]
- TB1 : SFGI = 6 (SFGT = 262144/fc), FWI = 15 (FWT = 134217728/fc)
- HB : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Chinese magic backdoor command (GEN 1b) detected
PRNG data error: Wrong length: 0
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : 26 40 2a ca
- TL : length is 38 bytes
ATS may be corrupted. Length of ATS (4 bytes incl. 2 Bytes CRC) doesn't match TL
- T0 : TA1 is NOT present, TB1 is NOT present, TC1 is present, FSCI is 0 (FSC = 4294967280)
- TC1 : NAD is NOT supported, CID is supported
- HB : ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Chinese magic backdoor command (GEN 1b) detected
PRNG data error: Wrong length: 0
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
proxmark3>
If I then quit the proxmark tool (without restarting the proxmark) and retest a mix between lf read + hf search results are as follows. (Ignore the HF read typos :) )
KCMP-2:HEAD-fdee1ff kaicas$ Proxmark3 /dev/cu.usbmodem1421
Prox/RFID mark3 RFID instrument
bootrom: master/-suspect 2018-06-27 14:54:05
os: master/-suspect 2018-06-27 14:54:06
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 200278 bytes (38). Free: 324010 bytes (62).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 ce ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 cd ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 cd ff ff ff ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> hf read
help This help
14a { ISO14443A RFIDs... }
14b { ISO14443B RFIDs... }
15 { ISO15693 RFIDs... }
epa { German Identification Card... }
emv { EMV cards... }
legic { LEGIC RFIDs... }
iclass { ICLASS RFIDs... }
mf { MIFARE RFIDs... }
mfu { MIFARE Ultralight RFIDs... }
topaz { TOPAZ (NFC Type 1) RFIDs... }
tune Continuously measure HF antenna tuning
list List protocol data in trace buffer
search Search for known HF tags [preliminary]
snoop <samples to skip (10000)> <triggers to skip (1)> Generic HF Snoop
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
proprietary non iso14443-4 card found, RATS not supported
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
No chinese magic backdoor command detected
PRNG UID: Reply timeout.
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf read
help This help
14a { ISO14443A RFIDs... }
14b { ISO14443B RFIDs... }
15 { ISO15693 RFIDs... }
epa { German Identification Card... }
emv { EMV cards... }
legic { LEGIC RFIDs... }
iclass { ICLASS RFIDs... }
mf { MIFARE RFIDs... }
mfu { MIFARE Ultralight RFIDs... }
topaz { TOPAZ (NFC Type 1) RFIDs... }
tune Continuously measure HF antenna tuning
list List protocol data in trace buffer
search Search for known HF tags [preliminary]
snoop <samples to skip (10000)> <triggers to skip (1)> Generic HF Snoop
proxmark3> lf read
Reading 39999 bytes from device memory
Data fetched
Samples @ 248 bits/smpl, decimation 1:227
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 0 out of 0 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 00 00 00 00 ...
WARNING: Command buffer about to overwrite command! This needs to be fixed!
proxmark3> hf search
UID :
ATQA : 00 00
SAK : 00 [1]
Tag is not Ultralight | NTAG | MY-D [ATQA: 00 04 SAK: 08]
TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proprietary non iso14443-4 card found, RATS not supported
Chinese magic backdoor commands (GEN 1a) detected
Valid ISO14443A Tag Found - Quiting Search
proxmark3> lf read
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
command execution time out
proxmark3> hf search
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 0 out of 0 seen samples at 8 bits/sample
#db# buffer samples: 00 00 00 00 00 00 00 00 ...
CC: 00 00 00 00 00 00 00 00
no known/supported 13.56 MHz tags found
proxmark3> hf search
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search works to around 27 X the command then get the following
27 + commands
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
proxmark3>
proxmark3> hf search
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
proprietary non iso14443-4 card found, RATS not supported
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
No chinese magic backdoor command detected
Prng detection: WEAK
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected
PRNG UID: Reply timeout.
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : 85 ef e8 8e
- TL : length is 133 bytes
ATS may be corrupted. Length of ATS (4 bytes incl. 2 Bytes CRC) doesn't match TL
- T0 : TA1 is NOT present, TB1 is present, TC1 is present, FSCI is 15 (FSC = 4294967295)
- TB1 : SFGI = 8 (SFGT = 1048576/fc), FWI = 14 (FWT = 67108864/fc)
- TC1 : NAD is NOT supported, CID is supported
- HB : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Chinese magic backdoor command (GEN 1b) detected
PRNG data error: Wrong length: 0
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
proxmark3> hf search
UID : e4 a0 66 79
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
SAK incorrectly claims that card doesn't support RATS
ATS : 93 3d a9 1c
- TL : length is 147 bytes
ATS may be corrupted. Length of ATS (4 bytes incl. 2 Bytes CRC) doesn't match TL
- T0 : TA1 is present, TB1 is present, TC1 is NOT present, FSCI is 13 (FSC = 4294967295)
- TA1 : different divisors are NOT supported, DR: [2], DS: [4]
- TB1 : SFGI = 12 (SFGT = 16777216/fc), FWI = 1 (FWT = 8192/fc)
- HB : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Chinese magic backdoor command (GEN 1b) detected
PRNG data error: Wrong length: 0
Prng detection error.
Valid ISO14443A Tag Found - Quiting Search
Let me know if theres anything else that I can do :)
pwpiwi
commented
6 years ago The good news: no more crashes. But we still have the underlying issue of a sudden slowdown in USB communications resulting in timeouts (usually indicated by "Waiting for a response from Proxmark").
Kaicastledine
commented
6 years ago atm I'm quitting and restarting the proxmark app to get around it, unless it gets really bad and a reboot is needed of the prox.
So much better than before and thanks everyone for sorting things out so far :)
pwpiwi
commented
6 years ago With the memory corruption being fixed I would like to close this issue because the remaining problems are most probably a duplicate of #283 - but I would like to confirm. @Kaicastledine, can you please compile without Qt (i.e. no graph support) and confirm that the issues are then gone?
Kaicastledine
commented
6 years ago Yeah sure, how can I compile without Qt and I'll get it tested ?
pwpiwi
commented
6 years ago In client/Makefile remove (or comment) all the following lines:
# Check for correctly configured Qt5
QTINCLUDES = $(shell pkg-config --cflags Qt5Core Qt5Widgets 2>/dev/null)
QTLDLIBS = $(shell pkg-config --libs Qt5Core Qt5Widgets 2>/dev/null)
MOC = $(shell pkg-config --variable=host_bins Qt5Core)/moc
UIC = $(shell pkg-config --variable=host_bins Qt5Core)/uic
ifeq ($(QTINCLUDES), )
# if Qt5 not found check for correctly configured Qt4
QTINCLUDES = $(shell pkg-config --cflags QtCore QtGui 2>/dev/null)
QTLDLIBS = $(shell pkg-config --libs QtCore QtGui 2>/dev/null)
MOC = $(shell pkg-config --variable=moc_location QtCore)
UIC = $(shell pkg-config --variable=uic_location QtCore)
else
CXXFLAGS += -std=c++11 -fPIC
endif
ifeq ($(QTINCLUDES), )
# if both pkg-config commands failed, search in common places
ifneq ($(QTDIR), )
QTINCLUDES = -I$(QTDIR)/include -I$(QTDIR)/include/QtCore -I$(QTDIR)/include/QtGui
QTLDLIBS = -L$(QTDIR)/lib -lQtCore4 -lQtGui4
ifneq ($(wildcard $(QTDIR)/include/QtWidgets),)
QTINCLUDES += -I$(QTDIR)/include/QtWidgets
QTLDLIBS = -L$(QTDIR)/lib -lQt5Widgets -lQt5Gui -lQt5Core
CXXFLAGS += -std=c++11 -fPIC
endif
MOC = $(QTDIR)/bin/moc
UIC = $(QTDIR)/bin/uic
endif
endifThen make clean and make all again. You should get a proxmark client without grafics. And it should not show the weird behaviour. Please confirm.
pwpiwi
commented
6 years ago Or much easier:
make QTLDLIBS=will compile the client without gui as well.
pwpiwi
commented
5 years ago Crashes are fixed. Issue #283 remains.
Closing this one.
Hello,
So I've had the USB power issues on mac as previously posted.
Went and reflashed using the --head brew install. (Uninstalled previous one first)
Now I get the following issues - All tested with a Mifare S50
Any ideas or maybe a re-flash ?