Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2016-06-04 15:57:11

btk6pj
Member
Registered: 2016-06-04
Posts: 3

Help to decode unknow LF tag

I get some lf tag from a hotel, and need help to decode the binary data in order to clone this tag on t5577.
I have read the thread http://www.proxmark.org/forum/viewtopic.php?pid=17574#p17574 , and guess they may t55xx tags.
What I have tried:

lf read
data sample
data raw am 32

Here's the result:

proxmark3> lf read
#db# LF Sampling config:           
#db#   [q] divisor:           95           
#db#   [b] bps:               8           
#db#   [d] decimation:        1           
#db#   [a] averaging:         1           
#db#   [t] trigger threshold: 0           
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample          
#db# buffer samples: ff ff ff ff ff ff ff ff ...          
proxmark3> data sample
Reading 39999 bytes from device memory
          
Data fetched          
Samples @ 8 bits/smpl, decimation 1:1           
proxmark3> data raw am 32

Using Clock:32, Invert:0, Bits Found:513          
# Errors during Demoding (shown as 7 in bit stream): 19          
ASK/Manchester - Clock: 32 - Decoded bitstream:          
1101100000110000
0177000000100000
1010000010110001
0010001111011010
0001101100000110
0000177000000100
0001010000010110
0010010001111011
0100001101100000
1100000177000000
1000001010000010
1100010010001111
0110100001101100
0001100000177000
0001000001010000
0101100010010001
1110110100001101
1000001100000177
0000001000001010
0000101100010010
0011110110100001
1011000001100000
1770000001000001
0100000101100010
0100011110110100
0011011000001100
0001770000001000
0010100000101100
0100100011110110
1000011011000001
1000001770000001
0000010100000101

tag1:
00000010000010100000101100010010001111011010000110110000011000001
41416247B4360C1

tag2:
00000010000010100000110010101010111111011100001000100011001000001
4141955FB844641

tag3:
00000010000010101000110010101010001111011110000000111101001000001
41519547BC07A41

And with each tag, I tried "lf t55 write b 0 d 00088C6A" , but won't dump anything.

Is anyone know the type of these tags, and how to read/write them.

Thank you.

proxmark3> hw version
[[[ Cached information ]]]
          
Prox/RFID mark3 RFID instrument          
bootrom: master/v2.2.0-201-g6fcb5dd-suspect 2016-06-02 13:58:03
os: master/v2.2.0-201-g6fcb5dd-suspect 2016-06-02 13:58:04
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8
          
uC: AT91SAM7S256 Rev B          
Embedded Processor: ARM7TDMI          
Nonvolatile Program Memory Size: 256K bytes. Used: 184390 bytes (70%). Free: 77754 bytes (30%).          
Second Nonvolatile Program Memory Size: None          
Internal SRAM Size: 64K bytes          
Architecture Identifier: AT91SAM7Sxx Series          
Nonvolatile Program Memory Type: Embedded Flash Memory

Offline

#2 2016-06-04 16:45:02

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Help to decode unknow LF tag

why would you re-write the block 0 (configuration block) on the original tag?


also try
lf search
lf search u

Offline

#3 2016-06-05 08:37:38

btk6pj
Member
Registered: 2016-06-04
Posts: 3

Re: Help to decode unknow LF tag

iceman wrote:

why would you re-write the block 0 (configuration block) on the original tag?


also try
lf search
lf search u

I have tried lf search *

proxmark3> lf search
Reading 30000 bytes from device memory
          
Data fetched          
Samples @ 8 bits/smpl, decimation 1:1           
NOTE: some demods output possible binary
  if it finds something that looks like a tag          
False Positives ARE possible
          

Checking for known tags:
          

No Known Tags Found!
          
proxmark3> lf search u
Reading 30000 bytes from device memory
          
Data fetched          
Samples @ 8 bits/smpl, decimation 1:1           
NOTE: some demods output possible binary
  if it finds something that looks like a tag          
False Positives ARE possible
          

Checking for known tags:
          

No Known Tags Found!
          

Checking for Unknown tags:
          
Possible Auto Correlation of 2176 repeating samples          

Found Sequence Terminator          

Using Clock:32, Invert:0, Bits Found:513          
ASK/Manchester - Clock: 32 - Decoded bitstream:          
0000001000001010
0000101100010010
0011110110100001
1011000001100000
0000001000001010
0000101100010010
0011110110100001
1011000001100000
0000001000001010
0000101100010010
0011110110100001
1011000001100000
0000001000001010
0000101100010010
0011110110100001
1011000001100000
0000001000001010
0000101100010010
0011110110100001
1011000001100000
0000001000001010
0000101100010010
0011110110100001
1011000001100000
0000001000001010
0000101100010010
0011110110100001
1011000001100000
0000001000001010
0000101100010010
0011110110100001
1011000001100000
          

Unknown ASK Modulated and Manchester encoded Tag Found!          

if it does not look right it could instead be ASK/Biphase - try 'data rawdemod ab'

I try to re-write the block 0 because I thought these cards may have different configuration.
So what's the type of these tags actually.

Offline

#4 2016-06-05 12:15:18

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Help to decode unknow LF tag

data save
post data trace

Offline

#5 2016-06-05 14:05:42

btk6pj
Member
Registered: 2016-06-04
Posts: 3

Re: Help to decode unknow LF tag

ntk wrote:

data save
post data trace

https://paste.pound-python.org/raw/KGKAiiLswwquZfjFFC1N/

Offline

#6 2016-06-05 23:23:02

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Help to decode unknow LF tag

that is strange.

Some thing like this I never seen before

with "data rawdemod am" it gives a match/repeating string like this
0603041416247B4360C1508282C48F686C189310505891ED0D8301020A0B1
23DA1B
0603041416247B4360C1508282C48F686C189310505891ED0D8301020A0B1

and the inverse, show also the repeating  string

F9F2FBEBE9DB84BC9F3E5F7D7D3B709793E713EFAFA76E12F27CF1FDF5F4E
DC25E4
F9F2FBEBE9DB84BC9F3E5F7D7D3B709793E713EFAFA76E12F27CF1FDF5F4E

repeating string is normal, but at this length and with that group of HEX numbers inbetween!!! that is first time for me
the existence of "23DA1B" or in inverse case the HEX group "DC25E4" is strange to me...I don't know what that is

Even when there is no existence of the inbetween-HEX-group "23DA1B" "DC25E4" if use T55x7 to emulate this tag/key/card there is only 7 data blocks a 8bytes to write on. This
F9F2FBEBE9DB84BC9F3E5F7D7D3B709793E713EFAFA76E12F27CF1FDF5F4E needs 60 bytes to emulate it

You have a picture of it? Is there anything printed on?

Help for this I am afraid you have to wait for some most excellent veterans on LF sector to give you an explanation for this strange data...

Last edited by ntk (2016-06-05 23:39:46)

Offline

#7 2016-06-06 22:43:23

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help to decode unknow LF tag

the key is in

Found Sequence Terminator

020A0B123DA1B060 is your raw repeating data

is there a card number on it?  - or room number?

Last edited by marshmellow (2016-06-06 22:45:31)

Offline

#8 2016-06-07 01:03:19

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Help to decode unknow LF tag

oh dear, "Found Sequence Terminator" and the 77 ... I have overseen that information. Thanks Marshmellow.

Offline

Pages: 1

Board footer

Powered by FluxBB