AT5577 Emulation with Proxmark

hkplus · 2016-06-18 16:23:00

Hi guys,

Thanks everyone for all of your comments in the past they have been very helpful, especially cracking open the Farpointe format. Is there a way to push blocks of data into a buffer on the Proxmark in order to emulate FSK3 without reading the data from another card? I want to push over blocks of data serially, and use the Proxmark to do an emulation for brute force attack against a reader directly. I don't think that the command set currently supports this feature, as you have to press the button on the unit in order to start the card emulation? You also have to fill the buffer with data read from another card directly? With this brute force ability, I would have the ability to contribute some more format information to the forum. Any idea Marshmellow might know?

I guess I'm looking for more detail on how SIMFSK function works than is in the manual...

Thanks!

hkplus

Last edited by hkplus (2016-06-18 18:23:30)

hkplus · 2016-06-18 18:35:56

I think that i might have found what is needed on the forums. Going to try it out...

ntk · 2016-06-19 01:28:34

Would you pls share what your idea aims at hkplus? I am full ear to learn

marshmellow · 2016-06-20 03:49:13

@hkplus, it depends on what specifically you are attempting to do.

what would you like to brute force? or learn from the reader?

is it a Answer On Request type system where you want to hear a wakeup password?

do you just want to brute force a valid tag ID against a standard HID prox reader?

marshmellow · 2016-06-20 03:50:54

if you just want to know how to use simfsk see:

 lf simfsk h

hkplus · 2016-06-20 20:55:42

I want to try a bunch of sequential encodings against a card reader and see which ones make an output. I'm going to mess around with SIMFSK today and see how it works...

iceman · 2016-06-20 21:00:47

there is a few different bruteforce implementations, but not all works. Too little verification on the success detection step.

but that will give you some ideas. All in my fork. can't remember if they got into pm3 master.

marshmellow · 2016-06-20 22:49:17

you could likely lua script something to simfsk. but with no way to get validation from the reader you would have to watch it carefully.

hkplus · 2016-06-21 02:34:09

I going to write an app that sends data serially to the Proxmark. Then I am going to use a data-converter to monitor the output of the reader on another serial port via the same app.

iceman · 2016-06-21 06:27:28

I think I saw something like that on github. A user did similar to a bruteforce, where it also looked on a webcam pic to detect if the key-try was successful. search github for brutefore and proxmark.

iceman · 2016-06-21 08:56:08

found it: https://github.com/mtongsang/pm3Bruter

Proxmark3 community

Announcement

#1 2016-06-18 16:23:00

AT5577 Emulation with Proxmark

#2 2016-06-18 18:35:56

Re: AT5577 Emulation with Proxmark

#3 2016-06-19 01:28:34

Re: AT5577 Emulation with Proxmark

#4 2016-06-20 03:49:13

Re: AT5577 Emulation with Proxmark

#5 2016-06-20 03:50:54

Re: AT5577 Emulation with Proxmark

#6 2016-06-20 20:55:42

Re: AT5577 Emulation with Proxmark

#7 2016-06-20 21:00:47

Re: AT5577 Emulation with Proxmark

#8 2016-06-20 22:49:17

Re: AT5577 Emulation with Proxmark

#9 2016-06-21 02:34:09

Re: AT5577 Emulation with Proxmark

#10 2016-06-21 06:27:28

Re: AT5577 Emulation with Proxmark

#11 2016-06-21 08:56:08

Re: AT5577 Emulation with Proxmark

Board footer