Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Well, successfull making several LF antennas,
0.1mm cupper emanelled
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# Measuring complete, sending report back to host
# LF antenna: 22.56 V @ 125.00 kHz
# LF antenna: 15.44 V @ 134.00 kHz
# LF optimal: 22.83 V @ 123.71 kHz
# HF antenna: 0.68 V @ 13.56 MHz
# Your HF antenna is unusable.
[img]http://www.isqlsql.net/proxmark3/antenna 125 setup.jpg[/img]
[img]http://www.isqlsql.net/proxmark3/antenna 125 success.jpg[/img]
The round one works but seems to be to big to load a card but the rectangular one works like a charm.
The max reading distance for the rectangular one is just below 4cm. Not what I expected, I thought it would be possible to get up to 10cm at least.
Offline
Some might wonder, why even bother to make your own antenna since you can buy them online. Well, I had an idea of consealing the antenna in a rugsack or even in the arm of a jacket.
If you seen some pentesting videos on youtube, they are really sticking out, walking to a reader with a hug antenna and stand there for a while.. Not smooth at all.
Offline
i'm not able to see your images.
anyway, i want to make a LF antenna for small tag.
So i used this online calculator: http://www.coolcircuit.com/tools/multi_layer_coil_calculator/
Considering that:
C39 is 1nF capactor
f is 125kHz
the formula for L calculation starts from the RLC resonant frequency formula:
2*PI*f=1/(SQRT(L*C))
note: SQRT= square root
then the formula to calculate the inductance L is:
L=1/((2*PI*f)^2*C)
then L=1,62mH
let's suppose to use a wire diameter of 0,1mm
let's suppose to use a inner diameter of the coil of 11,5mm
let's suppose to use a length of the coil of 23mm
we obtain a number of coils of 584 equals to 21,5m
this is a really hard to manufacture antenna since the wire is really long and fragile.
how to do it?
EDIT: my suggestion is instead to purchase a ready to use inductance.
I found this one, (1.6mH), but it is out of stock. http://www.digikey.it/product-detail/it … ND/2521674
Can someone of you suggest another seller?
EDIT: i also found this one, but its tollerance is 15% http://it.mouser.com/ProductDetail/Bour … 252bUTE%3d
the question is also: is it ok a toroid as rfid antenna?
EDIT: the answer is yes, it is ok, for what i read on the web.
anyway i also found this inductor, may be it is ok, cause it's cheap and the tollerance is 10% : http://it.mouser.com/ProductDetail/Fast … mfGfmhc%3d
Last edited by gaucho (2014-05-14 13:20:06)
Offline
I tried with already made (1-component-only with 2 pins) coils but they are very small and coupling with small tags (ex pcf transponders) is extremely difficult to obtain (millimetric positioning is necessary).
Offline
Hmm, looks like I ruined my links..
The antennas almost matches the results from the multilayercoil calculator you used.
Since I have two different PM3s (one old model, one radiowars rev) were I suppose the C39 is different which would explain some voltage differenses.
Offline
So basically,
one of these babies, would do the trick aswell?
Offline
Good antenna iceman but it is "big" for small transponders, at least for my experience. 2-3cm (diameter) should be good for very small tags.
Offline
the High diameter antennas give very nice waves, even on small tags BUT those demod functions i tested rely on highs and lows clipping to max/min - thus dont function well.
Offline
Thanks Asper,
The cd jewel case is too big, doesnt power up a tag so its kind of useless.
The square one works, but doesnt drop in voltage as you would expect when powering up a tag either.
I'm thinking of using the cut-out board as a antenna instead. Should work.
Offline
Thanks Asper,
The cd jewel case is too big, doesnt power up a tag so its kind of useless.
I have one and it works for me (with mentioned restrictions).
Empty toiletpaper diameter works bettet for pm3 though.
Offline
Have you ever tried to read/write a pcf with such a "big" diameter (empty toilet paper) Enio ?
Offline
So basically,
one of these babies, would do the trick aswell?
someone should purchase one of these toroids and test it.
the size seems to be fine for the small tags that asper is talking about.
if you also consider the price of the time needed to manufacture it, i think it's really cheap.
Moreover to do a perfect inductor, you need to don't overlap wires while wrapping it. If we talk about 0,1mm wires, it's really really hard to do.
the purchased inductor instead is perfect cause they do it with a winder device (google translated).
I think that we should try also the inductors posted by me.
EDIT: another solution could be to purchase a 1,8 or 2,2 mH inductor (also those for audio scopes) and then unwire the required number of rounds. Anyway it should be better to find the correct inductor, without the need of manual work (apart the connector's soldering)
Last edited by gaucho (2014-05-14 18:23:22)
Offline
So the demod functions is what I used for trying the cd-jewelcase antenna... Hmm, then I should try it with som lf sim command instead I guess..
Offline
A used car immo antenna should work for reading small tags(PCF793x).
Offline
Car immo antennas are "small"
Offline
So the demod functions is what I used for trying the cd-jewelcase antenna... Hmm, then I should try it with som lf sim command instead I guess..
You need just do a lf read and see if the wave is "fine" - thebigger diameter antennas give less powerful butmore steady results. For current pm3 demod functions the signal is probably too weak. The point i try to make is that these antennas dont lose information, just those functions interpreting the data are not sophisticated enough (right now) to extract the information needed.
Offline
Have you ever tried to read/write a pcf with such a "big" diameter (empty toilet paper) Enio ?
I (manually) extracted uid of an em 57xx diameter 2.5cm tag with that cd case antenna, how small tags do you want to read?
Offline
asper wrote:Have you ever tried to read/write a pcf with such a "big" diameter (empty toilet paper) Enio ?
I (manually) extracted uid of an em 57xx diameter 2.5cm tag with that cd case antenna, how small tags do you want to read?
A smaller tag than 2.5 cm as i stated before (PCF family):
Coil is probably smaller than 1 cm.
Last edited by asper (2014-05-15 07:02:24)
Offline
I recently began playing with my pm3 again and was tuning my lf antennas noticing how limited the output of hw tune actually is. I was checking the code again as i remember a while back i did some debugprints of values obtained on hw tune, which helped me back then to easily spot which "side" my antenna is off for my aimed frequency, to see if i have to add or remove turns.
Turns out the samples are even written into our buffer, at an offset of 7256. So if you do a hw tune and a data samples 1000 you can see the nice courve of 255 samples starting at 7256.
By issuing the following commands you can see the nice courve obtained by hw tune, each value is the Voltage in mV divided by 256 (a >> 8 is done on the actual mV).
data buffclear // Theres a small error that prevents zeroing the used part of buffer for the tune samples, so I do that manually
hw tune
data samples 8000
data ltrim 7256
(data plot)
Moving the markers to 89 (Voltage at ~134khz) and 95 (Voltage at ~125khz) you can easily see how you have to tune your antenna to match both into the maximum.
When you want to "move" the courve towards the right, you have to add rounds, to move it towards the left you have to remove a rounds.
As i found this quite cool and made it very easy and fun to tune my lf antennas, I added a new command "data tune" simplifying the procedure (and also fixed the initialization error of the used buffer).
Git patch: http://pastebin.com/NtmPS8ar
You only have to issue these to have the plot update the samples after changing the antenna:
hw tune
data tune
(data plot)
Edit: THe beautiful courve of my jewelcase antenna!
Last edited by Enio (2014-11-30 16:14:08)
Offline
Great finding Enio !
Can you describe the antenna size and tunrs numbers ? Any picture ?
Offline
That a nice feature Enio!
Just for the fun of it, I added a "p" parameter to the "hw tune" command. Which calls the "ShowGraphWindow" and "CmdTuneSamples"..
Offline
Cool! Pushed to github!
Offline
Nice idea to hav it added to the hw tune too
Great finding Enio !
Can you describe the antenna size and tunrs numbers ? Any picture ?
As i built them quite a while ago i dont remember the turns i used. The first courve is from my toilet paper roll antenna, 2nd from the jewelcase one. Enammelled wire 0.1mm diameter:
The jewelcase gives really smooth waves even from bigger distances, however its hard to use the built in functions for i.e. manchester demod as they heavily rely on the values "clipping" to the min/max.
Offline
Hi all,
Sorry for reviving such an old thread, but I couldn't find any newer ones.
I was wondering if anyone has had any success with longer range antennas? What ranges were you able to achieve?
Offline
Pages: 1