Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
results
1. fixed (it seems) readline behavior. Now there is no proxmark3 prompts on the data.
2. emulator goes into beta stage.
works:
- work with 4BUID and 7BUID dumps
- load/save/grab dumps
- emulate select
- emulate authentication (with nested)
- emulate read/write blocks
- emulate NACK-ACK ping-pong
as it seems the work is almost done )
so... test it )
Offline
here are my results with omnikey
works perfect but sometimes need too much time to get the presence of the card
if you send a wrong key it make an error in the reader and this make disappear the presence of the card
#db# --> WORK. anticol2 time: 63
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 56
#db# --> WORK. anticol2 time: 60
#db# --> WORK. anticol2 time: 51
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 49
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 53
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 48
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 70
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 48
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 61
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 51
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 49
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 48
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 48
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 48
#db# --> WORK. anticol2 time: 53
#db# --> WORK. anticol2 time: 61
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 58
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 51
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 48
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 74
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 53
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 56
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 48
#db# --> WORK. anticol2 time: 50
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 55
#db# --> WORK. anticol2 time: 51
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 61
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 63
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 60
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 55
#db# --> WORK. anticol2 time: 53
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 76
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 44
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 50
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 60
#db# --> WORK. anticol2 time: 59
#db# --> WORK. anticol2 time: 59
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 57
#db# --> WORK. anticol2 time: 57
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 75
#db# --> WORK. anticol2 time: 55
#db# --> WORK. anticol2 time: 47
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 54
#db# --> WORK. anticol2 time: 46
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# --> WORK. anticol2 time: 45
#db# AUTH FAILED. cardRr=a4d23155, suc=b3a8cc72
#db# --> WORK. anticol2 time: 17
#db# --> HALTED. Selected time: 1076 ms
proxmark3>
i have to try more with other readers
Offline
i think it takes too much time for printing debug messages via USB.
ill turn it off in the next release.
do you try card with 4BUID from program (hf mf ecl)?
there is 0xfffffffffff at all keys.
P.S.
if you send a wrong key it make an error in the reader and this make disappear the presence of the card
I think it same as behavier standart mifare card
Last edited by merlok (2011-06-24 08:10:25)
Offline
new release http://code.google.com/p/proxmark3/source/detail?r=486
with working emulator
Last edited by merlok (2011-06-27 09:46:51)
Offline
Tested the new version out. I was able to flash my pm3, but can't seem to get the client working.
Every time I try to open the client, I get an error message which states: QtCore4.dll was not found
The file is in the Qt\bin folder... not sure whats going on here... Thanks.
Offline
r486 works perfect, tested with omnikey 5321 and acr122u.
4uid works perfect with both readers
7uid works but as you know fail in authentification
have you try this program? http://www.libnfc.org/community/topic/1 … -gui-tool/
if you can try this program, because it makes something strange everytime it authentificates the tag disappear
and i still having this problem http://www.proxmark.org/forum/viewtopic.php?id=865
thanks
Offline
Testing the firmware right now,
Just copying the dll files into the client folder seemed to get rid of the errors. Must be some sort of PATH error. I don't think I'm doing it right, but it seems to work... will let you know my experience with it
Offline
I test r486 for emulating mifare 1K card, it works perfectly with my ACR122U reader. Thanks merlok, you really did a great job! 十分感谢!
Last edited by mysx (2011-06-27 12:01:12)
Offline
Are you guys using a Windows GUI or Linux GUI to view the results? If Linux, what GUI?
Offline
hi why I never let hf mf mifare work? every time I run this command ,it's took a long time and no response, I try version r486 & r480 ,the result
is same? who can help me .
Offline
hi why I never let hf mf mifare work? every time I run this command ,it's took a long time and no response, I try version r486 & r480 ,the result
is same? who can help me .
The same situation!
Offline
I've never had any trouble using r486. Can you please explain the situation a little further so somebody can help you with troubleshooting?
Offline
Hello Merlok first of all thanks for the emulator...tested with acr-122u works perfect. I have a question, I hope one of the geniuses out here can answer. Ok I have able to recover all the sectors keys using Courtois Dark Side attack and then nethemba attack...And I fill those keys in the emulator memory...ekeyprn shows all the keys in memory....
Now, I do hf mf sim and it works perfect on acr122u ...However, I cannot make it work on my University readers. I do know orientation matters and i tried every orientation without luck..Could some one please enlighten me?What might I be doing wrong and where should I be looking. I know wht08 he was successfully able to do emulation in Imperial college readers. We have a Cardax reader here. Any help is greatly appreciated..Thank you.
Offline
Hi,
However, I cannot make it work on my University readers. I do know orientation matters and i tried every orientation without luck..Could some one please enlighten me?What might I be doing wrong and where should I be looking. I know wht08 he was successfully able to do emulation in Imperial college readers. We have a Cardax reader here. Any help is greatly appreciated..Thank you.
http://www.proxmark.org/forum/viewtopic.php?id=873
Some readers look at the time of the reply of an authentication command and then declines card if the card calculations takes more time than 64 ticks.
Offline
No luck for my ACR122U207. The PMark3's green light blinks but my reader just stays in with red light (no card)
Any ideas?
Thanks!!
Offline
No luck for my ACR122U207. The PMark3's green light blinks but my reader just stays in with red light (no card)
Any ideas?
Thanks!!
I have been able to make PM3 work with ACR122U. The yellow light along with the green should blink and the ACR122U should turn green. Just to make sure you are not doing the same mistake as I did, the orientation has to match. So try different orientation of the PM3 on the reader with antenna touching it properly. Good luck.
Offline
Hi,
kishangupta wrote:However, I cannot make it work on my University readers. I do know orientation matters and i tried every orientation without luck..Could some one please enlighten me?What might I be doing wrong and where should I be looking. I know wht08 he was successfully able to do emulation in Imperial college readers. We have a Cardax reader here. Any help is greatly appreciated..Thank you.
http://www.proxmark.org/forum/viewtopic.php?id=873
Some readers look at the time of the reply of an authentication command and then declines card if the card calculations takes more time than 64 ticks.
Thanks Merlok,
I was thinking the same. However, the reader does not even blink red to indicate it rejects the card. It just remains idle. So makes me wonder if I am missing anything or is it still a timing issue.
I was reading Cardax manuals and it says they implement "Mifare Enhanced Security (MES) " as a countermeasure for clone. I cannot find any documentation on what exactly is MES and how it works.
Any ideas please? Thank you.
Offline
moebius wrote:No luck for my ACR122U207. The PMark3's green light blinks but my reader just stays in with red light (no card)
Any ideas?
Thanks!!
I have been able to make PM3 work with ACR122U. The yellow light along with the green should blink and the ACR122U should turn green. Just to make sure you are not doing the same mistake as I did, the orientation has to match. So try different orientation of the PM3 on the reader with antenna touching it properly. Good luck.
hey! thanks for the response. Nope, not working.. I changed the orientation but red light or idle mode in ACR. And sorry, the yellow light is the one that just blinks, the green one is off.
Offline
kishangupta wrote:moebius wrote:No luck for my ACR122U207. The PMark3's green light blinks but my reader just stays in with red light (no card)
Any ideas?
Thanks!!
I have been able to make PM3 work with ACR122U. The yellow light along with the green should blink and the ACR122U should turn green. Just to make sure you are not doing the same mistake as I did, the orientation has to match. So try different orientation of the PM3 on the reader with antenna touching it properly. Good luck.
hey! thanks for the response. Nope, not working.. I changed the orientation but red light or idle mode in ACR. And sorry, the yellow light is the one that just blinks, the green one is off.
I am not quite sure since this could be due to various different reasons. Explain me more including commands and I will try to help you.
Offline
I'm following the so simple instructions... just hf mf sim [uid]
The yellow light is on, no green light.. and the acr stays in idle state.
I tried different positions, but with no luck.
I'll try with the scl3711 and post my results.
Offline
did you load the keys? you will first need to recover the keys. If you do know any of the keys or if the card uses default keys you can use nested authentication attack. If you dont know any of the keys you can use the Courtois darkside attack to recover all/any key and then use the nested attack if required. Once you have all teh keys you will need to load them in the emulator. Now when I think about it why it could have happen, I am more or less certain this is where you should be doing it wrong...Good luck : )
Offline
kishangupta wrote:moebius wrote:No luck for my ACR122U207. The PMark3's green light blinks but my reader just stays in with red light (no card)
Any ideas?
Thanks!!
I have been able to make PM3 work with ACR122U. The yellow light along with the green should blink and the ACR122U should turn green. Just to make sure you are not doing the same mistake as I did, the orientation has to match. So try different orientation of the PM3 on the reader with antenna touching it properly. Good luck.
hey! thanks for the response. Nope, not working.. I changed the orientation but red light or idle mode in ACR. And sorry, the yellow light is the one that just blinks, the green one is off.
I have the same problems with you." the yellow light is the one that just blinks, the green one is off." I think there are some problems with hardware. I build some PM3s, some of them works(mifare 1k sim), the others don't. I don't konw how to solve it.
Last edited by mysx (2011-09-14 15:35:06)
Offline
Hi again. I can't authenticate to the simulator. I'm using an ACR122U-A2 as a standard reader.
The simulator always shoots a failure while authenticating. BUT after that failure, I can use the read function of the ARC and get the data... weird...
Offline