Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#101 2015-03-12 03:30:01

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Different formats of farpointe?  Might not need a new thread.
Different tags altogether definitely should start a new thread.

Offline

#102 2015-03-12 03:37:15

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

@iceman, did you use a tool to test different checksums/polys?

Offline

#103 2015-03-12 06:38:47

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Problem now.  I used an online tool to verify the CRC's also, but the expansion of the calculation is vague.  I also currently don't have any source code to perform the calculation in vb.net.  Does anyone know how to expand this crc caclulation by hand so that I can write some code to calculate the final result?

Offline

#104 2015-03-12 10:59:50

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I had a generic crc.h / crc.c  in my common folder.  Maybe I put it there long time ago.


static crc_t    maxim_crc;
/* calculate crc for a FARPOINT tag */
static int MaximCRC(uint8_t *buff, size_t size  ) {
	crc_init(&maxim_crc, 8, 0x31, 0x00, 0x00);
	crc_clear(&maxim_crc);

	for ( int i=0; i < size; ++i){
		crc_update(&maxim_crc, buff[i], 8);
	}
	return crc_finish(&maxim_crc);
}


// called with:
	uint8_t buff[] = { 0x01, 0x01, 0x01, 0x01,
					   0x01, 0x01, 0x01, 0x01,
					   0x01, 0x40, 0x01, 0x01, 0x04 };
int crc8 = MaximCRC(buff, 13);
PrintAndLog("CRC-8: %x",crc8);

This works.

Offline

#105 2015-03-12 11:01:53

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

@marshmellow,   yes, I do use a tool for checking many different kinds of CRC algos.  smile

Offline

#106 2015-03-12 13:26:14

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Iceman, do you have the four other subroutines required to get this c code working? Mainly CRC_INIT(), CRC_CLEAR() & CRC_UPDATE(), CRC_FINISH?

If not I can write some code based on an expansion I have...

Last edited by hkplus (2015-03-12 13:32:31)

Offline

#107 2015-03-12 13:37:11

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I found this link that has VBA code for this checksum.  Just note it expects the input to be big endian.  But the code works.
http://www.maximintegrated.com/en/app-n … vp/id/4600

Offline

#108 2015-03-12 13:41:59

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

@hkplus:  in my fork under  common,  there is the  crc.c  / crc.h   which has what you want. https://github.com/iceman1001/proxmark3 … mmon/crc.c

Offline

#109 2015-03-12 14:11:14

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Cool let me see if I can convert this code to my fav VB.NET...thanks!

Offline

#110 2015-03-12 14:21:15

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

If we commit the crc.c , then Marshmellow can add the checksum to his lf demods...

Offline

#111 2015-03-12 14:22:48

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I'll look at adding it.

Offline

#112 2015-03-12 14:29:35

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

just take the crc.c / crc.h  under common,  and the method above and bob's your uncle

Offline

#113 2015-03-13 05:24:38

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

z

Last edited by hkplus (2016-05-01 04:46:30)

Offline

#114 2015-03-13 10:13:44

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I think @marshmellow will soon push some code to the PM3 master.

Offline

#115 2015-03-24 12:40:55

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Committed (a while ago actually)

Offline

#116 2015-03-29 02:17:03

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

MaxSecure is easy...it's a 14 bit number put into D11 and D10 that throws off the checksum calculation.

Last edited by hkplus (2015-03-29 02:17:46)

Offline

#117 2015-03-29 02:38:28

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Sample?

Offline

#118 2015-03-29 15:49:46

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

a sample would be much appreaciated.

Offline

#119 2015-03-29 23:06:21

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

A trace or an hex example would suffice.  smile

Offline

#120 2015-04-07 16:58:50

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Sorry I have been away.

Here you go:

FC 10, ID 2500, MaxSecure 1500, 26 Bit Wiegand:

BLOCK 0: 80107080
BLOCK 1: 00010116
BLOCK 2: B9010101
BLOCK 3: 01010140
BLOCK 4: A14F102F

Offline

#121 2015-04-07 17:21:10

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Using your block 0-4 I got this out.

Possible Auto Correlation of 6402 repeating samples

Using Clock:50, invert:0, fchigh:10, fclow:8
FSK2 decoded bitstream:
0010100011011111
1101111111011111
1101111111011111
1101111111010111
1110101111010110
0001110111111010
0000000000000000
0000000000000000
0010100011011111
1101111111011111
1101111111011111
1101111111010111
1110101111010110
0001110111111010
0000000000000000
0000000000000000
0010100011011111
1101111111011111
1101111111011111
1101111111010111
1110101111010110
0001110111111010
0000000000000000
0000000000000000
0010100011011111
1101111111011111
1101111111011111
1101111111010111
1110101111010110
0001110111111010
0000000000000000
0000000000000000

Offline

#122 2015-04-07 17:44:29

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I edited this whole post.   The CRC-8/Maxim works for both samples.
I don't know what made me think it was different? 

However,  please tell me what it is we were looking for again?   MaxSecure has the two different bytes,  and we need to descramble it or?!?

Last edited by iceman (2015-04-07 20:47:04)

Offline

#123 2015-04-07 20:33:34

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Checksum works the same way as standard 26 bit.

Example 2

FC 20, ID 2100, MaxSecure 1200:

BLOCK 0: 80107080
BLOCK 1: 00010113
BLOCK 2: 61010101
BLOCK 3: 01010143
BLOCK 4: 4040D3E9

Offline

#124 2015-04-07 22:33:07

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

iceman wrote:

I edited this whole post.   The CRC-8/Maxim works for both samples.
I don't know what made me think it was different? 

However,  please tell me what it is we were looking for again?   MaxSecure has the two different bytes,  and we need to descramble it or?!?

Nothing to solve.  MaxSecure is just another number shoved into D11 and D10 that throws off the result of the checksum calculation.  This is how the reader rejects cards that do not have the correct MaxSecure number encoded on them.

Offline

#125 2015-04-07 23:10:26

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

The two examples you gave, gets a correct checksum.  In which way do you think the extra number throws off the result?

Offline

#126 2015-04-07 23:42:53

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

is the maxsecure number set per customer/location or does it change with every card? (calculated?)

nevermind - it is specified like another Facility Code.

Last edited by marshmellow (2015-04-07 23:44:14)

Offline

#127 2015-04-08 01:21:50

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

By throw off the result I mean that the reader substitutes it's programmed MaxSecure number into D11 and D10 before comparing the cards checksum to its calculated one. Yes MaxSecure works like a second facility code on the reader level without effecting the actual card data output of the reader.

Offline

#128 2015-04-08 08:53:57

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

thanks for explaining it.

Offline

#129 2015-04-09 03:15:05

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Yes, I too appreciate your work on these tags hkplus.  smile

Offline

#130 2015-04-09 04:25:32

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I appreciate all of you guys help also. I'm currently messing with trying to get Indala 26 bit and HID ABA working on 5577...

Offline

#131 2015-04-09 17:40:43

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Don't want to continue this thread on a different topic, but is there any detailed information on how to implement HID ABA formats on 5577?  There is a listing of it in some posts, but no details on how to get the reader to recognize it as ABA data...

Offline

#132 2015-04-27 18:46:32

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

bin 200 new try, after inverted writing to new tag, but it don't work ?? FSK

proxmark3> data rawdemod  fs       
Args invert: 0 - Clock:50 - fchigh:10 - fclow: 8         
FSK decoded bitstream:         
1110111111101111         
1110111111101111         
1110111111101010         
1000001111100000         
0001110001111001         
0100111111111111         
1110111111101111         
1110111111101111         
1110111111101111         
1110111111101111         
1110111111101010         
1000001111100000         
0001110001111001         
0100111111111111         
1110111111101111         
1110111111101111         
proxmark3>
proxmark3> data rawdemod  fs  50 1   
Args invert: 1 - Clock:50 - fchigh:10 - fclow: 8         
FSK decoded bitstream:         
0000000000000010         
0000001000000010         
0000001000000010         
0000001000000010         
0000001000000010         
0000001010101111         
1000001111111100         
0111000011010110         
0000000000000010         
0000001000000010         
0000001000000010         
0000001000000010         
0000001000000010         
0000001010101111         
1000001111111100         
0111000011010110         
proxmark3>

Offline

#133 2015-04-27 18:58:52

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

is invert necessary ?? please help , thks

Offline

#134 2015-04-27 19:46:49

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

if the tag you are working with is FSK2a modulated then Invert is necessary to read it.  if it is FSK2 then no invert is needed.
if it is a "known" tag and your PM3 is up to date you should be using "lf search" to read it.

Offline

#135 2015-04-27 20:15:50

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Checking for known tags:

Pyramid ID Found - BitLength: 26, FC: 188, Card: 8142 - Wiegand: 1783f9c, Raw: 000101010101010101010157c1fe386b
Checksum 6b passed

Valid Pyramid ID Found!
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:

Pyramid ID Found - BitLength: 26, FC: 188, Card: 8142 - Wiegand: 1783f9c, Raw: 000101010101010101010157c1fe386b
Checksum 6b passed

Valid Pyramid ID Found!
Args invert: 0 - Clock:16 - fchigh:10 - fclow: 8
FSK decoded bitstream:
1111111111111101
1000011111011111
1111111111100001
1111111111111111
1111100011111111
1111111111111100
0111111111111111
1111111000011111
1111111111111111
1000011111111111
1111111111100011
1111111111111111
1111000111111111
1111111111111000
0111111111111111
1111111000011100
Data in Graphbuffer was too small.

yes, could it clock 16 or 50 ?

Offline

#136 2015-04-27 20:22:34

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

maybe some bugs with bin 200

Offline

#137 2015-04-27 20:25:06

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

bin 200?
looks like it identified your tag fine and output the RAW ID for you. - not sure what more you need.

Last edited by marshmellow (2015-04-27 20:28:45)

Offline

#138 2015-04-27 20:27:37

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

BTW, your output is jumbled, you must be sending multiple commands and pasting SOME of the output from each

Offline

#139 2015-04-27 20:31:07

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Yeah, Im also curious? Whats the "bin 200"

Offline

#140 2015-04-27 20:40:21

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

version 2.0.0?

EDIT: i get it i think.  Aspers compiled binaries are named as pm3-bin-2.0.0

Last edited by marshmellow (2015-04-27 20:41:58)

Offline

#141 2015-04-27 20:50:11

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

but is not working well as 007 ..

Offline

#142 2015-04-27 21:01:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Well,  the latest PM3 release,  https://github.com/Proxmark/proxmark3/r … tag/v2.0.0 
is also call 2.0.0,

Can you compile the latest source yourself, Joe?   There has been some changes since the latest offical release.
And yes,  I wonder the same as @Marshmellow,    what more is it that you are looking for??

Last edited by iceman (2015-04-27 21:02:16)

Offline

#143 2015-04-27 21:12:36

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I download from window client . Am I right ?

Offline

#144 2015-04-27 21:26:31

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

If you don't know how to compile the sourcecode,  then keep using Aspers pre-compiled binary distros.

Offline

#145 2015-04-28 03:20:48

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Will try again, Just wonder the config block 00107xxx or 80107xxx ?

Offline

#146 2015-04-28 03:34:35

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Doesn't matter.  Look at chip datasheet for why.

Offline

#147 2015-06-11 09:21:26

lime1
Contributor
Registered: 2015-04-17
Posts: 26

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

Hi,

Looking at this thread I can see marshmellow, hkplus & iceman did some great work!

I did a lf search and it found a 26 bit pyramid card and it displayed the facility code, card number, wiegand and raw output etc.

I am wondering if there is any command to clone the card?

Thanks

Offline

#148 2015-06-11 09:38:13

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

I might suggest, that you read the documentation for T55x7 tags, and understand how those tags works.
It will help you to clone all sorts of LF tags.  But to answer you question, no there is no specific clone command for Pyramid tags at the momement.  If you feel the need for it, you are much welcome to add it to the source code.

Offline

#149 2015-06-11 13:50:07

lime1
Contributor
Registered: 2015-04-17
Posts: 26

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

iceman wrote:

I might suggest, that you read the documentation for T55x7 tags, and understand how those tags works.
It will help you to clone all sorts of LF tags.  But to answer you question, no there is no specific clone command for Pyramid tags at the momement.  If you feel the need for it, you are much welcome to add it to the source code.

Thanks for the suggestion iceman.  I am trying to learn as much as I can about the proxmark and the relevant tags.  There is a lot of knowledge in these forums and a few other RFID websites.  Do you have any suggested reading materials for a relative newbie as a good place to start?  Thanks

Offline

#150 2015-06-11 13:51:41

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Hacking on Farpointe/Pyramid 26 bit, need encoding help

The document section on this site is a'ok.

ref:  http://proxmark.org/files/Documents/

Offline

Board footer

Powered by FluxBB