Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2015-06-07 17:56:48
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
PM3 Client with Reveng1.30
I just wanted to give a heads up, It started with an idea of mine when I saw a software called "Reveng", http://reveng.sourceforge.net/ a couple of months ago and used it for one of my PM3 projects. The actual project would have failed if it wasn't for this particular software. Anyway, about a month ago I realised that Reveng is opensource and developed in C. It was then I thought of, how cool wouldn't be to have that incoporated into the PM3 client. So I started out with a merge and got decent succes until I got to some problems. I'm not that good at C that I wish I am. However a couple of days ago I managed to involve and engage @Marshmellow into this idea and with his knowledge into C, he actually got it to work.
pm3 --> reveng -h
CRC RevEng, an arbitrary-precision CRC calculator and algorithm finder
Usage: reveng -cdDesvhu? [-bBfFlLMrStVXyz]
[-a BITS] [-A OBITS] [-i INIT] [-k KPOLY] [-m MODEL]
[-p POLY] [-P RPOLY] [-q QPOLY] [-w WIDTH] [-x XOROUT]
[STRING...]
Options:
-a BITS bits per character (1 to 32)
-A OBITS bits per output character (1 to 32)
-i INIT initial register value
-k KPOLY generator in Koopman notation (implies WIDTH)
-m MODEL preset CRC algorithm
-p POLY generator or search range start polynomial
-P RPOLY reversed generator polynomial
-q QPOLY search range end polynomial
-w WIDTH register size, in bits
-x XOROUT final register XOR value
Modifier switches:
-b big-endian CRC -B big-endian CRC output
-f read files named in STRINGs -F find presets less quickly
-l little-endian CRC -L little-endian CRC output
-M non-augmenting algorithm -r right-justified output
-S print spaces between chars -t left-justified output
-V reverse algorithm only -X print uppercase hex
-y low bytes first in files -z raw binary STRINGs
Mode switches:
-c calculate CRCs -d dump algorithm parameters
-D list preset algorithms -e echo (and reformat) input
-s search for algorithm -v calculate reversed CRCs
-h | -u | -? show this help
Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015 Gregory Cook
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Version 1.3.0 <http://reveng.sourceforge.net/>
pm3 --> reveng -w 32 -s
width=32 poly=0x814141ab init=0x00000000 refin=false refout=false xorout=0x00000000 check=0x3010bf7f name="CRC-32Q"
width=32 poly=0x04c11db7 init=0xffffffff refin=false refout=false xorout=0xffffffff check=0xfc891918 name="CRC-32/BZIP2"
width=32 poly=0x04c11db7 init=0xffffffff refin=false refout=false xorout=0x00000000 check=0x0376e6e7 name="CRC-32/MPEG-2"
width=32 poly=0x04c11db7 init=0x00000000 refin=false refout=false xorout=0xffffffff check=0x765e7680 name="CRC-32/POSIX"
width=32 poly=0x000000af init=0x00000000 refin=false refout=false xorout=0x00000000 check=0xbd0be338 name="XFER"
width=32 poly=0xa833982b init=0xffffffff refin=true refout=true xorout=0xffffffff check=0x87315576 name="CRC-32D"
width=32 poly=0x1edc6f41 init=0xffffffff refin=true refout=true xorout=0xffffffff check=0xe3069283 name="CRC-32C"
width=32 poly=0x04c11db7 init=0xffffffff refin=true refout=true xorout=0xffffffff check=0xcbf43926 name="CRC-32"
width=32 poly=0x04c11db7 init=0xffffffff refin=true refout=true xorout=0x00000000 check=0x340bc6d9 name="JAMCRC"
pm3 -->
pm3 --> reveng -m kermit -c 010203040506070809
9a4c
pm3 --> reveng -m kermit -c 0123456789
85afSo in my fork you will get it.
https://github.com/iceman1001/proxmark3And in a branch of Marshmellow:
https://github.com/marshmellow42/proxma … pm3+reveng
Marshmellow is not convinced that the PM3 should have it inside its code. While I'm just going for it hard.
Its time for the community to express their view of it.
So what do you guys think of it?
Offline
#2 2015-06-07 18:21:26
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: PM3 Client with Reveng1.30
Very useful tool!
I will include it in a new command category called for example "test":
Pm3 ---> test reveng params
Offline
#3 2015-06-08 03:57:44
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: PM3 Client with Reveng1.30
I'm also concerned it may not function on other platforms. It appears a few parameters need to be set different for different platforms, as some code indicates it is platform specific. I'm not sure yet how to incorporate the changes automatically. (Haven't had time or the environment to test). It should compile, but I'm not sure it will function without a few code changes on anything other than windows.
Last edited by marshmellow (2015-06-08 04:36:50)
Offline
#4 2015-06-08 04:03:30
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: PM3 Client with Reveng1.30
And I'd like to create some way of calling it and getting the output without printing it, so it can be called and used inside other functions in the pm3. Haven't gotten to it yet tho. -- edit -- looks like this already exists, just have to learn how to use it, and possibly create a few easy to call common items...
BTW
If anyone on Linux or osx could test and let me know what it does it'd help. I'll poke away at it in between other things. 
Oh and some test commands to see if it is working:
reveng -h
(Should get help text)
reveng -m CRC-8 -c 010203040506070809
(Should output a 2 digit hex value, I'll post the correct byte here: later...)Last edited by marshmellow (2015-06-08 04:42:15)
Offline
#5 2015-06-09 19:39:26
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: PM3 Client with Reveng1.30
the power of lua and reveng (thanks to iceman's lua work):
proxmark3> script run e -w 16
--- Executing: ./scripts/e.lua, args'-w 16'
Width of CRC: 16 bytes: 01020304
Model CRC CRC_Reverse
CRC-16/CDMA2000 2d75 eb62
CRC-16/TELEDISK 4a0a a7c5
CRC-16/T10-DIF 53da 16f7
CRC-16/DDS-110 9eeb 551a
CRC-16/BUYPASS 9e33 d517
CRC-16/EN-13757 e767 8c3a
CRC-16/GENIBUS 763c cb17
CRC-16/CCITT-FALSE 89c3 9f20
CRC-16/AUG-CCITT 0313 7dd0
XMODEM 0d03 60df
CRC-16/DECT-R b99e 4567
CRC-16/DECT-X b99f b176
CRC-16/USB 5ed4 92e1
MODBUS a12b a712
CRC-16/MAXIM 5ef0 6d1e
ARC nil nil
CRC-16/DNP b467 f540
X-25 9139 56b6
CRC-16/MCRF4XX 6ec6 7c5a
CRC-A 4f93 e0c6
CRC-16/RIELLO 29e2 cef0
CRC-16/TMS37157 903d 1292
KERMIT 4fc5 83a5
-----Finishedobviously still some cleanup to do, but it is coming along.
Offline
#6 2015-06-09 21:15:30
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: PM3 Client with Reveng1.30
And it happily do them all in one step.
pm3 --> sc r e
--- Executing: ./scripts/e.lua, args''
------------------------------------------------------------
Width of CRC | 0
Bytes | 01020304
Model | CRC | CRC_Reverse
------------------------------------------------------------
XFER | ae5ff3bc | 9faf8117
CRC-40/GSM | e60273c408 | f65f4052bf
CRC-32/POSIX | 41cc1549 | 751a1937
CRC-32/MPEG-2 | 793737cd | cc4a8281
CRC-32/BZIP2 | 86c8c832 | 8ae5e6c8
JAMCRC | 3204c349 | b0879309
CRC-32 | cdfb3cb6 | d272b59b
CRC-16/DECT-X | b99f | b176
CRC-16/DECT-R | b99e | 4567
CRC-8 | e3 | 58
CRC-8/ITU | b6 | 38
CRC-8/ROHC | d6 | 62
CRC-31/PHILIPS | 1ae2b33e | 447c37e7
CRC-6/ITU | 0a | 1b
CRC-82/DARC | d2e7c9166e459c87059f03| 449c9df1f0457bb109ca03
XMODEM | 0d03 | 60df
KERMIT | 4fc5 | 83a5
CRC-16/AUG-CCITT | 0313 | 7dd0
CRC-16/TMS37157 | 903d | 1292
CRC-16/RIELLO | 29e2 | cef0
CRC-A | 4f93 | e0c6
CRC-16/CCITT-FALSE | 89c3 | 9f20
CRC-16/GENIBUS | 763c | cb17
CRC-16/MCRF4XX | 6ec6 | 7c5a
X-25 | 9139 | 56b6
CRC-7 | 64 | 67
CRC-6/CDMA2000-B | 16 | 01
CRC-8/I-CODE | bf | 74
CRC-8/EBU | ea | a4
CRC-32C | f48c3029 | d0247f1a
CRC-14/DARC | f92c | d61e
CRC-5/USB | 11 | 13
CRC-4/ITU | 09 | 0a
CRC-8/MAXIM | f4 | 3b
CRC-8/DARC | 02 | 80
CRC-16/EN-13757 | e767 | 8c3a
CRC-16/DNP | b467 | f540
CRC-64 | 588d5ad42a701db2| bb9b2abb460d3016
CRC-64/WE | 8a7482ac8611b89d| d6ef10e1564994de
CRC-64/XZ | 25a81d04cc87b711| ebc56985e2ed65a6
CRC-5/EPC | 04 | 1e
CRC-24/FLEXRAY-B | 716fb4 | 0de7cd
CRC-24/FLEXRAY-A | 53255b | 58f698
CRC-3/ROHC | 00 | 06
CRC-6/DARC | 19 | 13
CRC-11 | 0539 | 04ba
CRC-16/BUYPASS | 9e33 | d517
ARC | a10f | 58ed
CRC-16/MAXIM | 5ef0 | 6d1e
CRC-16/DDS-110 | 9eeb | 551a
MODBUS | a12b | a712
CRC-16/USB | 5ed4 | 92e1
CRC-12/DECT | 040a | 01dd
CRC-12/3GPP | 0205 | b80b
CRC-32Q | 552b9287 | e2575f3a
CRC-24 | 7878cd | e86d96
CRC-15 | 6a75 | 5884
CRC-16/T10-DIF | 53da | 16f7
CRC-10 | 00b6 | 035d
CRC-8/WCDMA | d6 | d0
CRC-8/CDMA2000 | 67 | 98
CRC-6/CDMA2000-A | 3f | 27
CRC-7/ROHC | 69 | 56
CRC-16/TELEDISK | 4a0a | a7c5
CRC-5/ITU | 10 | 0d
CRC-32D | eeb27169 | 8c32eb54
CRC-16/CDMA2000 | 2d75 | eb62
CRC-15/MPT1327 | 607d | 29ae
CRC-8/DVB-S2 | 75 | 3e
CRC-13/BBC | 0aa8 | 1e79
CRC-12/CDMA2000 | 0a2a | 0d7d
CRC-10/CDMA2000 | 0326 | 007f
-----FinishedOffline
#7 2015-06-09 23:52:20
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: PM3 Client with Reveng1.30
Terrific! Absolutely useful!!
Offline
#8 2015-06-10 07:39:02
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: PM3 Client with Reveng1.30
Marshmellow just impl a crc search, that is useful and makes our lifes much simplier.
*edit* I take it back. It is very useful and instantly addictive.
Can @pwpiwi and @holiman do some evaluations on their platforms (ie linux? mac? ) since marshmellow and I only run it on windows / mingw.
@asper? does it work on yr andriod port?
Last edited by iceman (2015-06-10 08:55:08)
Offline
#9 2015-06-10 15:20:46
- DingYao
- Contributor
- Registered: 2015-05-23
- Posts: 24
Re: PM3 Client with Reveng1.30
@iceman
I had to make changes to client/Makefile and lua/Makefile to enable your source to compile.
For Mac OS X, the changes you made regarding QT4 and QT5 had to be modified to QT4Mac library locations to avoid compiling issues. For compiling on Kali Linux (Nethunter) I had to add -ncurses as an argument for gcc and install the ncurses library, the readline library is insufficient for successful compilation. Similar to Mac OS X, I had to make changes to the QT library path locations to enable the source to compile on Kali Linux (Nethunter) as well.
Offline
#10 2015-06-10 15:23:35
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: PM3 Client with Reveng1.30
When testing compile and running on different platforms please use my branch as it is closer to the master and will be used to do the pull requests.
Last edited by marshmellow (2015-06-10 15:24:39)
Offline
#11 2015-06-10 18:47:20
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: PM3 Client with Reveng1.30
Yeah, as I mentioned before, my fork is more unstable than the unstable branch in PM3. I just add all kinds of stuff.
However, after a couple months many of the new stuff finds its way into PM3 master.
So right now in my fork you get: TOPAZ, DESFIRE, REVENG, 14Bfixes, ANIMAL TAG on top of the PM3 master..
I havn't added Piwi's memory saver yet...
But wait a week and the 14B / ANIMAL TAG will be in PM3 master..
Offline
#12 2015-06-15 05:24:51
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: PM3 Client with Reveng1.30
i guess i will create a pull request and let the discussion carry out on github.
Offline
#13 2015-06-15 07:22:04
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: PM3 Client with Reveng1.30
Great work, @marshmellow
@DingYao, can you publish yr makefile changes?
Offline
#14 2016-06-15 08:47:07
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: PM3 Client with Reveng1.30
I upgraded the Reveng 1.30 to 1.40
Offline
#15 2016-07-28 18:20:02
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: PM3 Client with Reveng1.30
it appears there is a parameter error when entering more than a specific # of characters in the -s search function.
i will look into it when i have time
proxmark3> reveng -w 16 -s 0A00197d 3AA21a41 03AAa8fd66 170000000005AA74A2144
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: invalid character in hexadecimal argument
reveng: no models foundOffline
#16 2016-07-28 19:01:17
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: PM3 Client with Reveng1.30
I know, the Coverity Scan has reported some memory bugs in Reveng 1.30 and the latest 1.40, I didn't fixed em.
The changes you did and with the 1.40 changes I just was happy to make it compile Call me lazy, if you want.
Offline
Pages: 1