Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
At first I apology to all the people in this forum. I do realise that my posts are every where and look like I spam ... they must be like dorns in your eyes. I only review what already exist there in all the posts in forum in all area until I grasp a little basic understanding.
It is because for a beginner, proxmark3 is not simple and it has a already long history of development. Many things maybe clear and simple to you if you stick with its development, but not to us.
Bear with me a little more. Once I understand and know, I will post less questions. Post only when it is absolutely necessary. I promise.
In refer to http://www.proxmark.org/forum/viewtopic.php?id=296&p=2
where I try to understand the data bit rate read from a samples, In post #30 of
http://www.proxmark.org/forum/viewtopic.php?pid=16993#p16993
I found this document in Git/wiki
https://github.com/Proxmark/proxmark3/wiki/lf%20tag%20operations
this thread is about this document
Offline
Finding the tag’s bitstream period
i found a graph it explains about origin of purple and yellow markers in the LF operations document (https://github.com/Proxmark/proxmark3/wiki/lf%20tag%20operations)(pls from now in this thread my questions always refer to this only document, until I am through)
cited "In the example above, it is obvious the tag has a 4096 samples period. One sample period is equal to the carrier period since the Proxmark3 samples at the same rate as the carrier frequency. 1 carrier clock period being 8µs at 125kHz, the complete word is therefore sent in 32ms in the example above."
look at the graph it does has dt=4096 for some reason. That document has no trace as reference, so I could not graph, and clock auto detect, but I doubt it will give me clock 32.
My questions is
1/ Why that clean 32 result? I tried with a lot of traces from the trace directory and from my owns. dt= never shown clearly 1024, 2048 4096 but 50x, 6xx is it because proxmark3 (can I call PM3 from now) is developed more precise now, is it because my reading method is not scientific, unprecise?
2/ Is it necessary to get the exact clock rate? I guess 'yes', because for scientific purpose, you must be precise my tag is working on so and so carrier frequency, doing so and so (exact pls) bit rate ... But in my experiment I have saw, although I have not got all the systems flex, indala, secura, HID, all LF and HF etc., I saw although when autodetect clock say 64, 100 I did configure, by laziness or in the mean of challenge already there existed knowledge, the emulation with purpose clock 32. I bit my tongue and always stick with that clock rate, when configure Q5 or At55x7
That is totally wrong in the brain of a scientist. But in reality, although you set wrong data bit rate that experiment still works, door click open. So back to the question "Is it necessary to get the exact clock rate?" what are your answer.
"Is it necessary to get the exact clock rate?"
Last edited by ntk (2015-07-09 09:18:31)
Offline
if you have any document pls give me link.
@Marshmellow, pls explain the technique with setting the purple and yellow markers to me. I will be quiet then.... and can move on to next question
Last edited by ntk (2015-07-09 10:20:52)
Offline
when on a graph, press h key. look at pm3 cli. dt = distance between the two markers.
or see https://code.google.com/p/proxmark3/wik … h_commands
Last edited by marshmellow (2015-07-09 15:22:09)
Offline
https://www.dropbox.com/s/ml4tw2marp64q … 2.png?dl=0
Thank you Marshmellow.
I think the graph interpretation has been further developed compare to the version of the "lf tags operation" document, but EM41xx uses ASK modulation clock 32 or 64?
[== Undefined ==]
proxmark3> data load C:\pm3_upd\traces\EM4102-1.pm3
loaded 16000 samples
proxmark3>
proxmark3> data scale 125
proxmark3>
proxmark3> data autocorr 2000 g
performing 14000 correlations
Possible Correlation: 4096 samples
proxmark3>
proxmark3> data detectclock a
Auto-detected clock rate: 64, Best Starting Position: 0
proxmark3>
proxmark3> data autocorr 2000 g
performing 12000 correlations
Possible Correlation: 1 samples Last edited by ntk (2015-07-09 16:23:30)
Offline
EM41xx uses both. and more. the xx are different variations of the chip. some readers may only read one type though.
Offline
btw, a `data autocorr 2000 g` destroys the tag's read in the graphbuffer with new data. so doing a detectclock after that is pointless. you have to reload or get samples again before further data operations. (or omit the `g` option to not graph it)
Offline
proxmark3> data detectclock a
Auto-detected clock rate: 64, Best Starting Position: 16
proxmark3>
proxmark3> data detectclock n
Auto-detected clock rate: 32
proxmark3
that is before I touch the graph @Marshmellow
Offline
that would be accurate. different modulations have different clock rules. and NRZ clock will just about always be 1/2 of ASK clock.
Last edited by marshmellow (2015-07-09 17:23:54)
Offline
In the graph dt is distance between the two markers.
we see dt=4096
what is in the [... ] next to dt= value, @Marshmellow? How can I understand that 32 ish value?
"
obvious the tag has a 4096 samples period. One sample period is equal to the carrier period since the Proxmark3 samples at the same rate as the carrier frequency. 1 carrier clock period being 8µs at 125kHz, the complete word is therefore sent in 32ms "...
Last edited by ntk (2015-07-09 19:02:24)
Offline
the [1.#IO]. i assume it is just indicating if the yellow marker is before or after the other marker. (+1 or -1)
the 32 milliseconds = 4096 * 8 microseconds (or 125kHz)
Offline