Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi
I have been able to run my pm3 finally. I have played a bit with, but i am unable to decode one of my cards neither simulate it.
Here is the info.
The card is from Rosslare as i know is 125 khz AT-R14 / AR-R14C.
the number that are printed on the card are 00566945146288 and 144,26032.
I have tried with em4x and more of them i order to try. I tried this one first because it looks like one of them. Anyway i if do after sudo ./proxmark3 ..
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64
if i do
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64
proxmark3> lf em4x em410xread 64
proxmark3>
i don't get nothing. Probably i making something bad, probably it is not a em4x card i don't know. heres are the results of data samples 16000 and plot
i have tried all types of demodulation but results are not clear to me.
I have tried to do some research with the graph results but i am so newbie i cannot get anything clear.
Thank you for reading and for any kind of help in advance.
Offline
please could you post a link to a saved trace?
Offline
please could you post a link to a saved trace?
Of course.. Here it is:
https://mega.co.nz/#!BxQ3zAKC!ta0NVmLH_-5sto8PfhQeM2GNNmUVFWdcXzAjxVTRMcI (sorry i cannot post url)
But please, if you are performing some kind of decoding, i would be very interested if you explain a little how to.
Thanks in advance.
Offline
what antenna are you using, and what is the output of "hw tune" ?
Your trace is a little rough, I'm finding it hard to trace manually; but there may be others on here that can trace the signal better than me.
Offline
what antenna are you using, and what is the output of "hw tune" ?
Your trace is a little rough, I'm finding it hard to trace manually; but there may be others on here that can trace the signal better than me.
I am using de lf antenna that came the proxmark3
these are the results, the first without card:
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# Measuring complete, sending report back to host
# LF antenna: 16,25 V @ 125.00 kHz
# LF antenna: 14,37 V @ 134.00 kHz
# LF optimal: 20,81 V @ 127,66 kHz
# HF antenna: 0,26 V @ 13.56 MHz
# Your HF antenna is unusable.
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# Measuring complete, sending report back to host
# LF antenna: 5,50 V @ 125.00 kHz
# LF antenna: 6,31 V @ 134.00 kHz
# LF optimal: 10,21 V @ 153,85 kHz
# HF antenna: 0,00 V @ 13.56 MHz
# Your HF antenna is unusable.
Offline
Hmm, looks ok to me, maybe the transponder on the card isn't that good?
The tag should be an EM4002 looking at data sheets on Rosslare's website.
Offline
OK thank you. If you or someone has more info or clues about how the modulation looks like it will be a good help.
Offline
According to www.datasheetarchive.com/dl/Datasheet-04/DSA0063818.pdf
its using PSK AM modulation (and might use/need Manchester decoding after that) a phase shift is logic zero, no phase shift is logic 1
Offline
You have alot of distortions in the middle, but it should go ok. You might be able to get some bitstream read off it with
data threshold x (try around 0)
data askdemod 0 (or 1)
data mandemod
However with the distortions around the zerocrossing it will be hard.
Check this post. I have a patch there that allows more flexibility, it will allow you to select more prominent points as distinction.
Offline
Thank you so much. I am going to give it a try.
I will post on discovering.
Offline
You have alot of distortions in the middle, but it should go ok. You might be able to get some bitstream read off it with
data threshold x (try around 0) data askdemod 0 (or 1) data mandemod
However with the distortions around the zerocrossing it will be hard.
HI!! can you help me applying the patch? I am very newbie as you can see. it is supposed to be added to cmddata.c?
Offline
Enio wrote:You have alot of distortions in the middle, but it should go ok. You might be able to get some bitstream read off it with
data threshold x (try around 0) data askdemod 0 (or 1) data mandemod
However with the distortions around the zerocrossing it will be hard.
HI!! can you help me applying the patch? I am very newbie as you can see. it is supposed to be added to cmddata.c?
You apply it in client folder. part goes in cmddata.c and .h
Then just make clean && make all in client folder.
Offline
Hi good news!!
Thanks for the guide i didnt pay attention to your code on the post. It was all very clear.
On the other hand, it worked like a charm. At least i think so.
That's the results:
i didn't know what to do next so i put the decode result into http://andrewmohawk.com/EM41X/ and then i had a some results that i have to study and think about. I think this is what has to be implemented on a t55x7 card in order to clone it? Am i right?
Anyway thank you so much for the patch. i think it would be interesting to introduce this in the next version. My fear is, i managed to decode other prox cards, but why this happened on this card, would it be happening with all cards? is it an issue with this card or with my antenna?
Thank you guys for helping me to learn a bit more.
Offline
Great it helped you!
Im not sure exactly why it doesnt work, must be because of the special waveform.
How to go on with the demodulated signal - i dont know. I have no experience yet.
But you might find hints how to interpret those bits you got in the net.
Let us know what you find,
Best, Enio
Offline
I have tried with em4x and more of them i order to try. I tried this one first because it looks like one of them. Anyway i if do after sudo ./proxmark3 ..
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64if i do
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64
proxmark3> lf em4x em410xread 64
proxmark3>i don't get nothing. Probably i making something bad, probably it is not a em4x card i don't know. heres are the results of data samples 16000 and plot
Hey there, i have experimented further with my em4100 tag. I also had this issue - not being able to extract ID with this command. I found out that it will fail when the wave is too "weak" - While manually we can still demodulate it, the built in demodulation relies on stronger peaks that are cut off. With my bigger antenna (10cm diameter) i get beautifully shaped waves, but not strong enough for this function, with a small diameter wave and the tag right ontop i get this form:
and "lf em4x em410xread" works.
Just to clarify, you need to read and get the samples before using this function, like this:
proxmark3> lf read
#db# buffer samples: b4 a6 9b 94 8d 8a 88 86 ...
proxmark3> data samples 40000
Reading 40000 samples
Done!
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64
EM410x Tag ID: XXXXXXXXXX
proxmark3>
Offline
Hi.
What do you mean with
with a small diameter wave and the tag right ontop i get this form
This is other antenna you ve got. Can you provide an image or a schematic?
Thanks for the help.
Offline
Hi.
What do you mean withwith a small diameter wave and the tag right ontop i get this form
This is other antenna you ve got. Can you provide an image or a schematic?
Thanks for the help.
Oh sorry i meant antenna, not wave there.
Well i can make a pic tomorrow. The small one is rolled on an empty toilet paper roll. 0.1mm wire, turns im not sure, alot.
Offline
dedosoa wrote:Hi.
What do you mean withwith a small diameter wave and the tag right ontop i get this form
This is other antenna you ve got. Can you provide an image or a schematic?
Thanks for the help.Oh sorry i meant antenna, not wave there.
Well i can make a pic tomorrow. The small one is rolled on an empty toilet paper roll. 0.1mm wire, turns im not sure, alot.
Nice!!
Have you got a manual or guide to make my own? could be nice!!
Offline
Pages: 1