Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2016-02-20 12:50:25
- rrookie
- Member
- Registered: 2012-12-01
- Posts: 8
lf cmdread - switching from write to read too slow ?
Trying to analyze an unknown tag I snooped the communication between a real reader and the tag, which gives.
Running lf cmdread wakes up the tag using the snooped sequence as predicted, but the response is missing a couple of samples.
Settings for lf cmdread were:
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0I also had a DSO running tracing the signal, when running lf cmdread. The scope shows the same trace as the lf snoop.
Offline
#2 2016-02-20 14:40:57
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: lf cmdread - switching from write to read too slow ?
what parameters did you use in cmdread, you showed lf read config settings not cmdread settings. did you use a delay?
Offline
#3 2016-02-20 15:03:24
- rrookie
- Member
- Registered: 2012-12-01
- Posts: 8
Re: lf cmdread - switching from write to read too slow ?
lf cmdread d 80 z 100 o 200 c 00110But d (which is 'delay_off' in the code) also influences the mod, as far as I undersatand. If I change d more than 10 the wakeup sequence will not work any more.
// now modulate the reader field
while(*command != '\0' && *command != ' ') {
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
SpinDelayUs(delay_off);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
LED_D_ON();
if(*(command++) == '0')
SpinDelayUs(period_0);
else
SpinDelayUs(period_1);
}
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
LED_D_OFF();
SpinDelayUs(delay_off);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);I also changed the pm3 code, setting a smaller value, like 'SpinDelayUs(20)' after the while loop. But then also, the tag will not respond any more.
Offline
#4 2016-02-20 15:22:58
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: lf cmdread - switching from write to read too slow ?
line 127 of lfsampling.c is probably not helping... the buffer should be cleared outside of time sensitive routines. comment that line and see how much it helps.
Offline
#5 2016-02-20 15:43:05
- rrookie
- Member
- Registered: 2012-12-01
- Posts: 8
Re: lf cmdread - switching from write to read too slow ?
GREAT!!! That was the problem. Thanks a lot marshmellow .
After two days of fiddling around with the code and not having any clue what the timing problem is this is really helpfull.
BTW, any idea what this tag/encoding could be ? But I guess I should open a new post for this.
Offline
#6 2016-02-20 15:44:32
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: lf cmdread - switching from write to read too slow ?
I am not sure. are there any markings on it or on the reader that may help us lookup datasheets?
Offline
#7 2016-02-20 15:45:40
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: lf cmdread - switching from write to read too slow ?
I will adjust the code to make a permanent fix. thanks for identifying the bug!
Offline