Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-06-02 01:14:03

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Interesting Hw tune behaviour

While planning to learning how to use snoop sniffer on Proxmark I came a crossed very interesting situation.

I use SW checked out from github on 21/5/2015
I use win32 client with prox mark tools alias GUI with exe built 21/09/2013
I use Setting.xml dated 21/05/2015 I pull from somewhere from one of Marshmellow post, I don’t remember how/where anymore


So to snoop,  I have PM3 connected, antenna connected, GUI fired up, serial port setting, sending hw version to test everything is ready,fob to test is aan EM fob omn 125Khz or the provided mifare 1K card to snoop in 13.56 Mhz frequency operation area

First I did a hw tune few times without fob, voltages reported back, test passed

Then I did/clicked several times, intentional-quicly to cause stress, the voltage slowly and sturdily reported, test passed

Then I put the fob on the antenna and did the same again, test also passed.

I always do commands over serial port and over GUI, so I know on my way up to here there was no problem hidden somewhere bitten in my back

Now I want to learn to snoop conversation between fob and a reader, so I connect and power up a reader, put the antenna on the reader.

Now I do something very childish, perhaps already forgetting I did it previously aleady,  I run “HW tune” as above, with the antenna on top of the reader. “hw tune” reported voltage as expected, test passed

Wanting to snoop, so I need a fob talking to the reader. But before the snoop, I did hw tune with a fob on top of antenna and antenna on top of the reader ( 125 KhZ, or 13.56 Mhz) pls noted when I came nearer with the fob, the reader changd light/click…it did something.

I just ran "hw tune" with this staple of 3 objects so that I can finally study my snoop ….the first time it did nicely. Now I held with my hand the fob attached to the PM antenna, moved them away from the reader and approached it again and I saw the light lit, and the click from the reader, and .... …
… suddenly …. 
Voila even through I di not send any more "hw tune" to serial port or GUI, there is a loop of the command “hw tune“ it kept sending itself to serial port repeatedly, tic tac tic tac like a clock …  … No way to stop not by clicking, pressing keyboard in GUI, nor pressing the button on PM3 ....  until I had to restart the computer

System won,  I failed to learn my snoop... that was clear ....

Offline

#2 2015-06-02 04:22:49

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Interesting Hw tune behaviour

sounds like you were in the windows gui and your keyboard's enter key got stuck down...  can you repeat?

Offline

#3 2015-06-02 11:28:53

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Interesting Hw tune behaviour

no definitely nothing got stuck down there Marshmellow, if you have reader you could raise the alarm too.

I can reproduce the result 3 times before I report that is something no bug but interesting, So interesting I forgot tht Sunday afternoon my aim was sitting there for learning the snoop .... because the un-expecting mays lead to new invention

Offline

#4 2015-06-15 05:23:30

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Interesting Hw tune behaviour

was your other reader working as a HID and typing what it read from the tag?

Offline

#5 2015-06-15 22:17:28

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Interesting Hw tune behaviour

@Marshmellow, it was a Mifare 13.56 MHz reader.

Offline

#6 2015-06-16 03:57:17

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Interesting Hw tune behaviour

Many of those act as a human interface device and will act as a keyboard when a tag is presented, sending the uid like you typed it.

Offline

#7 2015-06-17 02:11:49

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Interesting Hw tune behaviour

yes that is correct Mashmellow. When I open notepad the uids are recorded each time I tape a HF card/fob on the reader. But I don't get it how can that explain "HW tune" is sent over and over?

Offline

#8 2015-06-17 02:25:08

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Interesting Hw tune behaviour

in the GUI, pressing keys on the keyboard can send the command that is selected.  press the key multiple times and it sends the command multiple times. or for each character entered by the 3rd party reader it sent "clicked" the send command button. 

at least some of that should be true and can help to explain it.  smile

Offline

#9 2015-06-21 22:08:17

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Interesting Hw tune behaviour

Marshmellow, when the 13.56Mhz reader is plugged in, I do see in Device Manager Controller the "HID" icon turning on.

Thank you for trying to find a cause to explain that weird "quasi-supernatural" behavior... the whole system seemed to find it own way

But I don't understand much about electronics to accompany your idea. I can not comment much here.

Offline

Board footer

Powered by FluxBB