Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-06-07 17:56:48

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

PM3 Client with Reveng1.30

I just wanted to give a heads up,    It started with an idea of mine when I saw a software called  "Reveng",  http://reveng.sourceforge.net/ a couple of months ago and used it for one of my PM3 projects.  The actual project would have failed if it wasn't for this particular software.   Anyway, about a month ago I realised that Reveng is opensource and developed in C.  It was then I thought of, how cool wouldn't be to have that incoporated into the PM3 client.  So I started out with a merge and got decent succes until I got to some problems.  I'm not that good at C that I wish I am.   However a couple of days ago I managed to involve and engage @Marshmellow into this idea and with his knowledge into C,  he actually got it to work.

pm3 --> reveng -h
CRC RevEng, an arbitrary-precision CRC calculator and algorithm finder
Usage:  reveng  -cdDesvhu? [-bBfFlLMrStVXyz]
                [-a BITS] [-A OBITS] [-i INIT] [-k KPOLY] [-m MODEL]
                [-p POLY] [-P RPOLY] [-q QPOLY] [-w WIDTH] [-x XOROUT]
                [STRING...]
Options:
        -a BITS         bits per character (1 to 32)
        -A OBITS        bits per output character (1 to 32)
        -i INIT         initial register value
        -k KPOLY        generator in Koopman notation (implies WIDTH)
        -m MODEL        preset CRC algorithm
        -p POLY         generator or search range start polynomial
        -P RPOLY        reversed generator polynomial
        -q QPOLY        search range end polynomial
        -w WIDTH        register size, in bits
        -x XOROUT       final register XOR value
Modifier switches:
        -b big-endian CRC               -B big-endian CRC output
        -f read files named in STRINGs  -F find presets less quickly
        -l little-endian CRC            -L little-endian CRC output
        -M non-augmenting algorithm     -r right-justified output
        -S print spaces between chars   -t left-justified output
        -V reverse algorithm only       -X print uppercase hex
        -y low bytes first in files     -z raw binary STRINGs
Mode switches:
        -c calculate CRCs               -d dump algorithm parameters
        -D list preset algorithms       -e echo (and reformat) input
        -s search for algorithm         -v calculate reversed CRCs
        -h | -u | -? show this help

Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015  Gregory Cook
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Version 1.3.0                             <http://reveng.sourceforge.net/>
pm3 --> reveng -w 32 -s
width=32  poly=0x814141ab  init=0x00000000  refin=false  refout=false  xorout=0x00000000  check=0x3010bf7f  name="CRC-32Q"
width=32  poly=0x04c11db7  init=0xffffffff  refin=false  refout=false  xorout=0xffffffff  check=0xfc891918  name="CRC-32/BZIP2"
width=32  poly=0x04c11db7  init=0xffffffff  refin=false  refout=false  xorout=0x00000000  check=0x0376e6e7  name="CRC-32/MPEG-2"
width=32  poly=0x04c11db7  init=0x00000000  refin=false  refout=false  xorout=0xffffffff  check=0x765e7680  name="CRC-32/POSIX"
width=32  poly=0x000000af  init=0x00000000  refin=false  refout=false  xorout=0x00000000  check=0xbd0be338  name="XFER"
width=32  poly=0xa833982b  init=0xffffffff  refin=true  refout=true  xorout=0xffffffff  check=0x87315576  name="CRC-32D"
width=32  poly=0x1edc6f41  init=0xffffffff  refin=true  refout=true  xorout=0xffffffff  check=0xe3069283  name="CRC-32C"
width=32  poly=0x04c11db7  init=0xffffffff  refin=true  refout=true  xorout=0xffffffff  check=0xcbf43926  name="CRC-32"
width=32  poly=0x04c11db7  init=0xffffffff  refin=true  refout=true  xorout=0x00000000  check=0x340bc6d9  name="JAMCRC"
pm3 -->

pm3 --> reveng -m kermit -c 010203040506070809
9a4c
pm3 --> reveng -m kermit -c 0123456789
85af

Marshmellow is not convinced that the PM3 should have it inside its code. While I'm just going for it hard.
Its time for the community to express their view of it.

So what do you guys think of it?

Offline

#2 2015-06-07 18:21:26

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: PM3 Client with Reveng1.30

Very useful tool!
I will include it in a new command category called for example "test":

Pm3 --->  test reveng params

Offline

#3 2015-06-08 03:57:44

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 Client with Reveng1.30

I'm also concerned it may not function on other platforms.  It appears a few parameters need to be set different for different platforms, as some code indicates it is platform specific.  I'm not sure yet how to incorporate the changes automatically.  (Haven't had time or the environment to test).  It should compile, but I'm not sure it will function without a few code changes on anything other than windows.

Last edited by marshmellow (2015-06-08 04:36:50)

Offline

#4 2015-06-08 04:03:30

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 Client with Reveng1.30

And I'd like to create some way of calling it and getting the output without printing it, so it can be called and used inside other functions in the pm3.  Haven't gotten to it yet tho.  -- edit -- looks like this already exists, just have to learn how to use it, and possibly create a few easy to call common items...

BTW
If anyone on Linux or osx could test and let me know what it does it'd help.   I'll poke away at it in between other things.  smile

Oh and some test commands to see if it is working:

reveng -h
(Should get help text)
reveng -m CRC-8 -c 010203040506070809
(Should output a 2 digit hex value, I'll post the correct byte here:  later...)

Last edited by marshmellow (2015-06-08 04:42:15)

Offline

#5 2015-06-09 19:39:26

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 Client with Reveng1.30

the power of lua and reveng (thanks to iceman's lua work):

proxmark3> script run e -w 16
--- Executing: ./scripts/e.lua, args'-w 16'
Width of CRC: 16  bytes: 01020304

Model   CRC     CRC_Reverse
CRC-16/CDMA2000 2d75    eb62
CRC-16/TELEDISK 4a0a    a7c5
CRC-16/T10-DIF  53da    16f7
CRC-16/DDS-110  9eeb    551a
CRC-16/BUYPASS  9e33    d517
CRC-16/EN-13757 e767    8c3a
CRC-16/GENIBUS  763c    cb17
CRC-16/CCITT-FALSE      89c3    9f20
CRC-16/AUG-CCITT        0313    7dd0
XMODEM  0d03    60df
CRC-16/DECT-R   b99e    4567
CRC-16/DECT-X   b99f    b176
CRC-16/USB      5ed4    92e1
MODBUS  a12b    a712
CRC-16/MAXIM    5ef0    6d1e
ARC     nil     nil
CRC-16/DNP      b467    f540
X-25    9139    56b6
CRC-16/MCRF4XX  6ec6    7c5a
CRC-A   4f93    e0c6
CRC-16/RIELLO   29e2    cef0
CRC-16/TMS37157 903d    1292
KERMIT  4fc5    83a5

-----Finished

obviously still some cleanup to do, but it is coming along.

Offline

#6 2015-06-09 21:15:30

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: PM3 Client with Reveng1.30

And it happily do them all in one step.

pm3 --> sc r e
--- Executing: ./scripts/e.lua, args''
------------------------------------------------------------
Width of CRC | 0
Bytes        | 01020304

Model               | CRC             | CRC_Reverse
------------------------------------------------------------
XFER                | ae5ff3bc        | 9faf8117
CRC-40/GSM          | e60273c408      | f65f4052bf
CRC-32/POSIX        | 41cc1549        | 751a1937
CRC-32/MPEG-2       | 793737cd        | cc4a8281
CRC-32/BZIP2        | 86c8c832        | 8ae5e6c8
JAMCRC              | 3204c349        | b0879309
CRC-32              | cdfb3cb6        | d272b59b
CRC-16/DECT-X       | b99f            | b176
CRC-16/DECT-R       | b99e            | 4567
CRC-8               | e3              | 58
CRC-8/ITU           | b6              | 38
CRC-8/ROHC          | d6              | 62
CRC-31/PHILIPS      | 1ae2b33e        | 447c37e7
CRC-6/ITU           | 0a              | 1b
CRC-82/DARC         | d2e7c9166e459c87059f03| 449c9df1f0457bb109ca03
XMODEM              | 0d03            | 60df
KERMIT              | 4fc5            | 83a5
CRC-16/AUG-CCITT    | 0313            | 7dd0
CRC-16/TMS37157     | 903d            | 1292
CRC-16/RIELLO       | 29e2            | cef0
CRC-A               | 4f93            | e0c6
CRC-16/CCITT-FALSE  | 89c3            | 9f20
CRC-16/GENIBUS      | 763c            | cb17
CRC-16/MCRF4XX      | 6ec6            | 7c5a
X-25                | 9139            | 56b6
CRC-7               | 64              | 67
CRC-6/CDMA2000-B    | 16              | 01
CRC-8/I-CODE        | bf              | 74
CRC-8/EBU           | ea              | a4
CRC-32C             | f48c3029        | d0247f1a
CRC-14/DARC         | f92c            | d61e
CRC-5/USB           | 11              | 13
CRC-4/ITU           | 09              | 0a
CRC-8/MAXIM         | f4              | 3b
CRC-8/DARC          | 02              | 80
CRC-16/EN-13757     | e767            | 8c3a
CRC-16/DNP          | b467            | f540
CRC-64              | 588d5ad42a701db2| bb9b2abb460d3016
CRC-64/WE           | 8a7482ac8611b89d| d6ef10e1564994de
CRC-64/XZ           | 25a81d04cc87b711| ebc56985e2ed65a6
CRC-5/EPC           | 04              | 1e
CRC-24/FLEXRAY-B    | 716fb4          | 0de7cd
CRC-24/FLEXRAY-A    | 53255b          | 58f698
CRC-3/ROHC          | 00              | 06
CRC-6/DARC          | 19              | 13
CRC-11              | 0539            | 04ba
CRC-16/BUYPASS      | 9e33            | d517
ARC                 | a10f            | 58ed
CRC-16/MAXIM        | 5ef0            | 6d1e
CRC-16/DDS-110      | 9eeb            | 551a
MODBUS              | a12b            | a712
CRC-16/USB          | 5ed4            | 92e1
CRC-12/DECT         | 040a            | 01dd
CRC-12/3GPP         | 0205            | b80b
CRC-32Q             | 552b9287        | e2575f3a
CRC-24              | 7878cd          | e86d96
CRC-15              | 6a75            | 5884
CRC-16/T10-DIF      | 53da            | 16f7
CRC-10              | 00b6            | 035d
CRC-8/WCDMA         | d6              | d0
CRC-8/CDMA2000      | 67              | 98
CRC-6/CDMA2000-A    | 3f              | 27
CRC-7/ROHC          | 69              | 56
CRC-16/TELEDISK     | 4a0a            | a7c5
CRC-5/ITU           | 10              | 0d
CRC-32D             | eeb27169        | 8c32eb54
CRC-16/CDMA2000     | 2d75            | eb62
CRC-15/MPT1327      | 607d            | 29ae
CRC-8/DVB-S2        | 75              | 3e
CRC-13/BBC          | 0aa8            | 1e79
CRC-12/CDMA2000     | 0a2a            | 0d7d
CRC-10/CDMA2000     | 0326            | 007f

-----Finished

Offline

#7 2015-06-09 23:52:20

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: PM3 Client with Reveng1.30

Terrific! Absolutely useful!!

Offline

#8 2015-06-10 07:39:02

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: PM3 Client with Reveng1.30

Marshmellow just impl a crc search,  that is useful and makes our lifes much simplier.

*edit*  I take it back. It is very useful and instantly addictive.


Can @pwpiwi and @holiman do some evaluations on their platforms (ie linux? mac? ) since marshmellow and I only run it on windows / mingw.

@asper?  does it work on yr andriod port?

Last edited by iceman (2015-06-10 08:55:08)

Offline

#9 2015-06-10 15:20:46

DingYao
Contributor
Registered: 2015-05-23
Posts: 24

Re: PM3 Client with Reveng1.30

@iceman

I had to make changes to client/Makefile and lua/Makefile to enable your source to compile.

For Mac OS X, the changes you made regarding QT4 and QT5 had to be modified to QT4Mac library locations to avoid compiling issues. For compiling on Kali Linux (Nethunter) I had to add -ncurses as an argument for gcc and install the ncurses library, the readline library is insufficient for successful compilation. Similar to Mac OS X, I had to make changes to the QT library path locations to enable the source to compile on Kali Linux (Nethunter) as well.

Offline

#10 2015-06-10 15:23:35

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 Client with Reveng1.30

When testing compile and running on different platforms please use my branch as it is closer to the master and will be used to do the pull requests.

Last edited by marshmellow (2015-06-10 15:24:39)

Offline

#11 2015-06-10 18:47:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: PM3 Client with Reveng1.30

Yeah,  as I mentioned before,  my fork is more unstable than the unstable branch in PM3.   I just add all kinds of stuff. 
However, after a couple months many of the new stuff finds its way into PM3 master. 
So right now in my fork you get:   TOPAZ, DESFIRE, REVENG, 14Bfixes, ANIMAL TAG  on top of the PM3 master..
I havn't added Piwi's memory saver yet...

But wait a week and the 14B / ANIMAL TAG will be in PM3 master..

Offline

#12 2015-06-15 05:24:51

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 Client with Reveng1.30

i guess i will create a pull request and let the discussion carry out on github.

Offline

#13 2015-06-15 07:22:04

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: PM3 Client with Reveng1.30

Great work, @marshmellow 


@DingYao,   can you publish yr makefile changes?

Offline

#14 2016-06-15 08:47:07

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: PM3 Client with Reveng1.30

I upgraded the Reveng 1.30 to 1.40

Offline

#15 2016-07-28 18:20:02

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: PM3 Client with Reveng1.30

it appears there is a parameter error when entering more than a specific # of characters in the -s search function.

i will look into it when i have time

proxmark3> reveng -w 16 -s 0A00197d 3AA21a41 03AAa8fd66 170000000005AA74A2144
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: no models found

Offline

#16 2016-07-28 19:01:17

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: PM3 Client with Reveng1.30

I know,  the Coverity Scan has reported some memory bugs in Reveng 1.30 and the latest 1.40,   I didn't fixed em.
The changes you did and with the 1.40 changes I just was happy to make it compile smile   Call me lazy, if you want.

Offline

Board footer

Powered by FluxBB