Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Guys, I'm new to RFID and need to seek help from experts here. I have some cards detected as Viking and would like to duplicate more of such cards.
Original card:-
proxmark3> lf search
#db# DownloadFPGA(len: 42096)
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
Viking Tag Found: Card ID 01234567, Checksum: EF
Raw: F2000001234567EF
Valid Viking ID Found!
1) I had been reading this forum and seemed like there is a common called "lf viking clone 01234567" which I am suppose to use to clone Viking cards but the version that I had downloaded from this forum("pm3-bin-2.5.0") does not have such command. May I know what am I missing here? I tried to dig for more and found in github that in version 2.3, there's viking command updates in the change log. I tried to compile on my own but I'm just not smart enough to do it even after doing for days and reading the compiling file, readme file, GSG file, etc.
2) In absence of the viking command, is there any way that I can still create viking cards manually?
I did these:-
a) lf t55xx write b 0 d 00088040
b) lf t55xx write b 1 d F2000001
c) lf t55xx write b 2 d 234567EF
but the cards created are not working.
proxmark3> lf search
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
No Known Tags Found!
Appreciate if experts here can shine me some light to get this working. Thank you.
Last edited by javenlim (2016-10-08 19:02:18)
Offline
Thats because you are not using the iceman fork. You need to clone, flash bootrom, fullimage and run the client in order to get the viking commands.
repo: https://github.com/iceman1001/
git: https://github.com/iceman1001/proxmark3.git
Offline
Thanks alot iceman. Can I confirm that I need to
1) download from your fork
2) compile the codes and I will get the images to flash as well as a bat file to run the client
3) flash bootrom and fullimage
Then I'll get the viking command to use?
Sorry. I'm new to this. The earlier versions that I had been using had some bat file for me to run. Just want to make sure I'm doing it right...
Offline
I suggest reading the Github wiki in order to get the correct instructions.
Or you run the docker container if you don't want to fiddle.
Offline
Thanks alot for your guidance. I just realized the link you posted had the complete steps. I was looking at compiling.txt which is why I couldn't do it. In any case, I hit an error while compiling at the last stage. May I seek you advice on the under mentioned pls? Thanks alot.
gcc -std=c99 -O3 -mpopcnt -march=native -g -I. -I../include -I../common -I../zlib -I/opt/local/include -I../liblua -Wall -I/mingw/include -DHAVE_GUI -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED -c -o obj/prng.o ../common/prng.c
gcc -std=c99 -O3 -mpopcnt -march=native -g -I. -I../include -I../common -I../zlib -I/opt/local/include -I../liblua -Wall -I/mingw/include -DHAVE_GUI -DZ_SOLO -DZ_PREFIX -DNO_GZIP -DZLIB_PM3_TUNED -c -o obj/bucketsort.o ../common/bucketsort.c
g++ -I/c/Qt/5.6/mingw492_32/include -I/c/Qt/5.6/mingw492_32/include/QtCore -I/c/Qt/5.6/mingw492_32/include/QtGui -c -o obj/proxgui.o proxgui.cpp
In file included from proxgui.cpp:12:0:
proxguiqt.h:11:24: fatal error: QApplication: No such file or directory
#include <QApplication>
^
compilation terminated.
make[1]: *** [obj/proxgui.o] Error 1
make[1]: Leaving directory `/home/Javen/proxmark3/client'
make: *** [client/all] Error 2
Offline
the COMPILATION.txt could do with some textual updates.
Which enviroment are you in? Li0nux (which), Win (mingw) or Mac OS?
If you are on windows, QT needs some dlls inside client/platforms folder.
otherwise you need to install QT with apt-get.
Offline
I'm on windows 10. May I know what are the dlls that I need to copy to the client/platforms folder?
Offline
Don't know why I never wrote this down somewhere in my fork..
Offline
I found qwindows.dll which is abt 29mb and started downloading but I cannot find qwindowsd.dll. May I know where can I get them?
Offline
when you dl QT and unpack it, you find it somewhere in that folder structure. I don't remember anymore.
Looking now: Qt/5.3.1/plugins/platforms/
I've QT5.3.1 installed.
Offline
ok... noted... I will try to see if I can resolve it or not...
BTW, I also tried the MAC version and hit some errors... I think if I cannot settle the windows one by tonight, I'll try Linux one again tomorrow or so... Thanks a lot for your help... If I hit issues again on the Linux platform, probably need to trouble you again... Thanks...
Last 15 lines from /Users/javenlim/Library/Logs/Homebrew/proxmark3/02.make:
In file included from iso14443a.h:20:0,
from desfire_crypto.h:9,
from desfire_crypto.c:28:
../common/cmd.h:41:6: error: conflicting types for 'cmd_send'
bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len);
^
In file included from ./util.h:18:0,
from ./string.h:16,
from desfire_crypto.h:4,
from desfire_crypto.c:28:
./apps.h:214:6: note: previous declaration of 'cmd_send' was here
bool cmd_send(uint32_t cmd, uint32_t arg0, uint32_t arg1, uint32_t arg2, void* data, size_t len);
^
make[1]: *** [obj/desfire_crypto.o] Error 1
make: *** [armsrc/all] Error 2
READ THIS: https://git.io/brew-troubleshooting
If reporting this issue please do so at (not Homebrew/brew):
https://github.com/iceman1001/homebrew-proxmark3/issues
Offline
I copied all dll files I can find from Qt folder and copied into the platforms folder and it is still not working. I'm giving up on the windows version...
I got a CentOS available but will probably dig one of my old PC and spin up a Ubuntu instead... Do a 100% Like-for-Like easier to seek for your advice...
Just to confirm, if I do not use your fork, there's no way for me to create Viking cards? In case, I still cannot get the Linux one working...
Offline
the "homebrew" thing doesnt deliver. https://github.com/iceman1001/proxmark3/issues/23
I'll need to find a MacOS vmware image to figure it out.
Go the other MacOs way instead as described on wiki https://github.com/Proxmark/proxmark3/wiki/OSX
Offline
I had install Ubuntu 15.10 and run through the Linux steps. When I do ls /dev, I already can see "ttyACM0". When I run " ./proxmark3 ttyACM0", I get this error:-
ERROR: invalid serial port
pm3 -->
Now I finally see viking command but unfortunately, my proxmark3 is no longer talking to my notebook. Pls kindly advise. Thanks alot.
Offline
its because you are missing one thing...
./proxmark3 /dev/ttyACM0
Offline
I tried with /dev/ttyACM0 and it has the same results
./proxmark3 /dev/ttyACM0
ERROR: invalid serial port
pm3 -->
Should I flash my proxmark3? It appears that I am not able to flash it... I press and hold the button while unplug and plug, there's no response.
Offline
-unplug device,
-plug in again,
dmesg | tail
That would give you a hint which deviceport your pm3 got connected to.
Offline
And yes, if you are gonna use my fork, you need to flash yr device.
However, which kind of pm3 do you have?
Offline
It is correct ttyACM0 but still invalid serial port...
[ 1571.155493] cdc_acm 1-2:1.0: ttyACM0: USB ACM device
[ 1591.471536] usb 1-2: USB disconnect, device number 70
[ 1592.150673] usb 1-2: new full-speed USB device number 71 using xhci_hcd
[ 1597.284167] usb 1-2: New USB device found, idVendor=2d2d, idProduct=504d
[ 1597.284171] usb 1-2: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[ 1597.284173] usb 1-2: Manufacturer: proxmark.org
[ 1597.284348] usb 1-2: ep 0x83 - rounding interval to 1024 microframes, ep desc says 2040 microframes
[ 1597.284582] cdc_acm 1-2:1.0: ttyACM0: USB ACM device
./proxmark3 /dev/ttyACM0
ERROR: invalid serial port
pm3 -->
Offline
did you follow the instructions on the wiki for running on linux?
Offline
I tried a non-USB3 port and it's the same...
[ 1832.247318] usb 3-1.3: Manufacturer: proxmark.org
[ 1832.247583] cdc_acm 3-1.3:1.0: ttyACM0: USB ACM device
[ 1852.829354] usb 3-1.3: USB disconnect, device number 9
[ 1853.282879] usb 3-1.3: new full-speed USB device number 10 using ehci-pci
[ 1858.380289] usb 3-1.3: New USB device found, idVendor=2d2d, idProduct=504d
[ 1858.380292] usb 3-1.3: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[ 1858.380294] usb 3-1.3: Manufacturer: proxmark.org
[ 1858.380698] cdc_acm 3-1.3:1.0: ttyACM0: USB ACM device
./proxmark3 /dev/ttyACM0
ERROR: invalid serial port
pm3 -->
Offline
Yes. I followed exactly based on the steps given...
The only thing was I never been able to flash bootrom and full image... I press the button and flash but nothing happens...
Offline
The USB 3.0 ports should be avoided for now.
--
You might want to add the udev rules.
if you use my fork, try
make udev
It should copy the udev rules to the right place. Will ask you about the root pwd.
Offline
done that and still the same... I just need to make udev and no need to redo make clean && make all right?
If yes, then it's not working... I'm receiving same error...
Offline
Sometimes I've been having trouble when I connect the device for the first time to the linux machine.
Others has tested to restart and then it works. Might give that a try. Otherwise I don't know.
Offline
May I know if I don't use your fork, can I still create Viking cards? I got some cards and some numbers to write to the card... Technically speaking will I still be able to create Viking cards without using your fork? My Proxmark3 is working fine with the original firmware 2.5.0... just need to know how to create Viking cards. Thanks...
Offline
I realized I have some warning after I compile... May I ask if there's issues with the way I compile it?
arm-none-eabi-objcopy -O elf32-littlearm -I binary -B arm --rename-section .data=compressed_data obj/fullimage.data.bin.z obj/fullimage.data.o
arm-none-eabi-gcc -nostartfiles -nodefaultlibs -Wl,-gc-sections -n -Wl,-T,ldscript,-Map,obj/fullimage.map -o obj/fullimage.elf obj/fullimage.nodata.o obj/fullimage.data.o
/opt/devkitpro/devkitARM/lib/gcc/arm-none-eabi/4.7.1/../../../../arm-none-eabi/bin/ld: warning: cannot find entry symbol Vector; defaulting to 0000000000102000
arm-none-eabi-objcopy -Osrec --srec-forceS3 --strip-debug --no-change-warnings --change-addresses -0x100000 --change-start 0 --change-section-address .bss+0 --change-section-address .data+0 --change-section-address .commonarea+0 obj/fullimage.elf obj/fullimage.s19
make[1]: Leaving directory '/home/javen/Downloads/proxmark3/armsrc'
make -C recovery all
make[1]: Entering directory '/home/javen/Downloads/proxmark3/recovery'
arm-none-eabi-objcopy --gap-fill=0xff --pad-to 0x00102000 -O binary ../bootrom/obj/bootrom.elf bootrom.bin
arm-none-eabi-objcopy --gap-fill=0xff -O binary ../armsrc/obj/fullimage.elf fullimage.bin
cat bootrom.bin fullimage.bin > proxmark3_recovery.bin
make[1]: Leaving directory '/home/javen/Downloads/proxmark3/recovery'
Offline
I finally got the fork working on windows... but I have a new problem... I try to clone a Viking tag using T5577 cards. The ID is 01234567. The cloned cards are not working. I tried to do lf search on original card, it is detected as a Viking tag but when I do the same to the cloned card, it cannot identify the card as Viking card.
Prior to using Iceman fork, I actually accidentally overwritten one of the original cards by writing some values to block 0. I use lf search after writing block 0, I realize it is no longer recognized as Viking tags as before. I was hoping to use this fork to recover this. But regardless of writing to new blank T5577 card or the original card with the right values, they are all not detected as Viking tags when I do lf search and when I test on the reader, it is not reading as well. May I seek some expert advice on this pls?
Original Tag:-
pm3 --> lf search
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
Viking Tag Found: Card ID 01234567, Checksum: EF
Raw: F2000001234567EF
Valid Viking ID Found!
New Tag:-
pm3 --> lf viking clone 01234567
Cloning - ID: 01234567, Raw: F2000001234567EF
pm3 --> lf search
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
No Known Tags Found!
Offline
To add on, when I do lf viking read, original working tag and new tag gives different results...
May I ask did I actually successfully write the ID value into the card?
Original working tag:-
pm3 --> lf viking read
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
Viking Tag Found: Card ID 01234567, Checksum: EF
Raw: F2000001234567EF
New tag which is not working:-
pm3 --> lf viking read
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
Offline
Would you mind dumping the tag via "lf t55 detect, lf t55 dump" and post the output on the tag that doesnt work
Offline
Anyway, you must flash bootrom, fullimage if you are using my fork with the latest changes.
Which device are you on? a 256kb or 512kb?
Offline
Running "lf viking" on my fork, latest source, I have no problem.
pm3 --> lf viking clone 01234567
Cloning - ID: 01234567, Raw: F20000012345675A
pm3 --> lf se
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
Viking Tag Found: Card ID 01234567, Checksum: 5A
Raw: F20000012345675A
Valid Viking ID Found!
pm3 -->
Offline
You seem to be using a older version which has the checksum bug in it.
Offline
pm3 --> lf t55 detect
Chip Type : T55x7
Modulation : DIRECT/NRZ
Bit Rate : 0 - RF/8
Inverted : No
Offset : 31
Seq. Term. : No
Block0 : 0x0002040C
pm3 --> lf t55 dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
00 | 00000000 | 0000000000000000000000000000000
01 | 00000030 | 0000000000000000000000000011000
02 | 00000000 | 0000000000000000000000000000000
03 | 00000000 | 0000000000000000000000000000000
04 | 04000400 | 0000010000000000000001000000000
05 | 00000102 | 0000000000000000000000010000001
06 | 00000000 | 0000000000000000000000000000000
07 | 00000008 | 0000000000000000000000000000100
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
00 | 00000004 | 0000000000000000000000000000010
01 | 00000000 | 0000000000000000000000000000000
02 | 00000000 | 0000000000000000000000000000000
03 | 00000106 | 0000000000000000000000010000011
pm3 --> hw version
[[[ Cached information ]]]
Prox/RFID mark3 RFID instrument
bootrom: Version information not available
os: Version information not available
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 215953 bytes (82). Free: 46191 bytes (18).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
Offline
It's not a bug... I masked out my ID but did not amend the checksum which is why it looks like the checksum had issues.
I flashed the firmware as per your guide and I believe it is in order. I flashed both boot and fullimage
Offline
Sometimes, I cannot detect the card and have this instead...
pm3 --> lf t55 detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'
pm3 --> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'
pm3 --> lf t55xx config
Chip Type : T55x7
Modulation : DIRECT/NRZ
Bit Rate : 0 - RF/8
Inverted : No
Offset : 31
Seq. Term. : No
Block0 : 0x0002040C
Offline
This is the actual card that is working without any masking of ID....
pm3 --> lf t55xx detect
Chip Type : T55x7
Modulation : ASK
Bit Rate : 2 - RF/32
Inverted : No
Offset : 33
Seq. Term. : Yes
Block0 : 0x00088040
Last edited by javenlim (2016-10-08 18:35:42)
Offline
You should test to "lf t55 wipe" your tag that doesnt seem to work.
then you should test the "lf viking clone" again
Offline
It worked now... Thanks alot for your help these few days... Greatly appreciated...
I thought writing straight 0 on all blocks will be able to wipe the card... Apparently, not so... Original proxmark3 software do not have the wipe command... I forgot your fork is different... Thanks for your guidance...
I have some other cards to clone... ISO14443A Tag... Is this MiFare tag? What kind of cards do I need to get to clone this?
Offline
- Edit your first post and add "[solved]" to your subject.
- Open new threads for different questions.
And you are welcome, yes my fork is different. I'm glad you noticed.
And if you gonna fiddle around with RFID, there is a lot to learn. Then you would understand why you shouldnt write zeros to the configuration block on a T55x7.
Offline
Noted with thanks... I'll read the forum first before I post questions for the ISO14443A tags...
Offline
Pages: 1