lf t55xx read b 0 doesnt work?

drakospart · 2017-02-04 11:45:22

I am trying to read the t5577 and it doenst look like works. I get always the same result
I have the proxmark3 rdv board

bootrom: /-suspect 2015-11-19 10:08:02
os: /-suspect 2016-09-26 12:50:46
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8

proxmark3> lf t55xx read b 0
Reading Page 0:
blk | hex data | binary
proxmark3>

iceman · 2017-02-04 12:21:52

always run detection before trying anything with t55xx.

lf t55xx detect

--if it found a valid config, you can now try

lf t55xx read b 0

drakospart · 2017-02-04 12:54:41

proxmark3> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

I think that block 0 is 0x00150060

iceman · 2017-02-04 13:00:22

Would you mind posting your output from "hw tune"?

drakospart · 2017-02-04 13:08:30

.....I dont understand what happens.. why antenna is 0V

Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2015-11-19 10:08:02
os: /-suspect 2016-09-26 12:50:46
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 188608 bytes (36%). Free: 335680 bytes (64%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune
Measuring antenna characteristics, please wait...
# LF antenna: 0.00 V @ 125.00 kHz
# LF antenna: 0.00 V @ 134.00 kHz
# LF optimal: 0.00 V @ 12000.00 kHz
# HF antenna: 0.00 V @ 13.56 MHz
# Your LF antenna is unusable.
# Your HF antenna is unusable.

drakospart · 2017-02-04 13:09:47

the antenna works... if i put other tag it can read... so why it shows 0v?
proxmark3> lf t55xx detect
#db# DownloadFPGA(len: 42096)
Modulation : ASK
Bit Rate : 5 - RF/64
Inverted : No
Offset : 1
Block0 : 0x00148040

iceman · 2017-02-04 13:18:35

something tells me that you are not running the same client / flashed fullimage from the same build.

drakospart · 2017-02-04 13:20:47

is there a way to flash all again?
Easy way...please

iceman · 2017-02-04 13:32:14

read the wiki, search the forum,, there has been alot written about it.

drakospart · 2017-02-04 16:20:10

Can you tell me the latest version? I will figure out how to install it

drakospart · 2017-02-04 16:51:11

Flashed all again, now the antenna works.

C:\PM3\Windows\client>proxmark3 com4
Qt: Untested Windows version 6.2 detected!
Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2015-11-19 10:08:02
os: master/v2.3 2016-09-19 20:28:38
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 183707 bytes (35%). Free: 340581 bytes (65%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune

Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)
......#db# DownloadFPGA(len: 42096)
.
# LF antenna: 44.41 V @ 125.00 kHz
# LF antenna: 22.55 V @ 134.00 kHz
# LF optimal: 44.41 V @ 125.00 kHz
# HF antenna: 27.86 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

proxmark3> lf t55xx detect
#db# DownloadFPGA(len: 42096)
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

iceman · 2017-02-04 17:57:01

Antenna works and with output too.
Now, whats the output when you have tag on the antenna?

and whats the output from "lf search"

drakospart · 2017-02-04 18:38:07

proxmark3> lf search
Reading 30000 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

No Known Tags Found!

drakospart · 2017-02-04 18:42:19

I know that this tag should show block 0 0x00150060

and it shows something strange

proxmark3> lf t55xx dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 14011454 | 00010100000000010001010001010100
1 | BC165B51 | 10111100000101100101101101010001
2 | 14011454 | 00010100000000010001010001010100
3 | 280228A8 | 00101000000000100010100010101000
4 | 14011454 | 00010100000000010001010001010100
5 | 14011454 | 00010100000000010001010001010100
6 | BC165B51 | 10111100000101100101101101010001
7 | 14011454 | 00010100000000010001010001010100
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
0 | 14011454 | 00010100000000010001010001010100
1 | 14011454 | 00010100000000010001010001010100
2 | 14011454 | 00010100000000010001010001010100
3 | 14011454 | 00010100000000010001010001010100

AND THE FUNNY IS!!! that if i put the tag 1 cm away of the antenna it read somerthing else

proxmark3> lf t55xx dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 280228A8 | 00101000000000100010100010101000
1 | 280228A8 | 00101000000000100010100010101000
2 | 280228A8 | 00101000000000100010100010101000
3 | 50045150 | 01010000000001000101000101010000
4 | 280228A8 | 00101000000000100010100010101000
5 | 50045150 | 01010000000001000101000101010000
6 | 50045150 | 01010000000001000101000101010000
7 | 50045150 | 01010000000001000101000101010000
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
0 | 280228A8 | 00101000000000100010100010101000
1 | 50045150 | 01010000000001000101000101010000
2 | 50045150 | 01010000000001000101000101010000
3 | 50045150 | 01010000000001000101000101010000

Note that it is the number of first read but * 2 )))

first read 14011454
second read 280228A8

marshmellow · 2017-02-04 19:18:31

Can you do a read block 0, save a trace and post it to pastebin.com? Link it here.

iceman · 2017-02-04 20:07:41

you are getting wrong values because the "lf t55 detect" didn't find a config block for you.

If you have two the same tags, and one is failing with detection, try the other one and get most stuff right.
try "lf t55 read b 0" if it doesn't match your "0x00148040" but gets read.
Try different offsets with "lf t55 config" command and do the read again.

drakospart · 2017-02-04 21:57:47

I will make the trace tomorrow.
The 2 dump are from the same tag. Just onw is touching the antenna and the second 1 cm away of it. The 2nd dump is shifted left compared with the first
The block 0 should be 0x00150060.

drakospart · 2017-02-06 10:11:04

proxmark3> lf t55 read b 0
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 280228A8 | 00101000000000100010100010101000

drakospart · 2017-02-06 10:12:34

proxmark3> lf t55xx trace
The modulation is most likely wrong since the ACL is not 0xE0..

marshmellow · 2017-02-06 16:48:36

that is not what i meant by trace. let me clerify:
lf t55xx trace reads the traceability data from the T55xx chips. (if it exists)

i'm looking for a lf tag trace, obtained from the `data save [filename]` command

so do a `lf t55 read b 0` and a `data save xxx.pm3` then upload the contents of that file to pastebin.com and paste the link to pastebin here. that way i can look at what your pm3 is actually reading.

drakospart · 2017-02-07 18:21:17

http://pastebin.com/n30DYPGc

drakospart · 2017-02-07 18:30:59

http://pastebin.com/YtVNK2As

drakospart · 2017-02-07 18:32:27

the block 0 should be

proxmark3> lf t55 detect
Chip Type : T55x7
Modulation : BIPHASE
Bit Rate : 5 - RF/64
Inverted : No
Offset : 31
Seq. Term. : No
Block0 : 0x00150060

proxmark3> lf t55 read b 0
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 00150060 | 00000000000101010000000001100000

marshmellow · 2017-02-08 05:40:16

it looks like it works fine there...

if a tag is password protected it will not read unless the correct password is sent. instead it will send it's normal stream of data. which is what your traces look like

marshmellow · 2017-02-08 05:41:14

are you sure they are t55xx chips?

drakospart · 2017-02-08 11:04:14

In a former version of this tag, it was a t5557, now the new one is glued with resin so.. i cant see what kind of chip is it.The both tags works with the reader old and new version.
So.. if this is password protect, the only one way is to snif with a receiver and tag?

marshmellow · 2017-02-09 14:09:49

If it is password protected likely the only way to get the password is to snoop on the original programmer programming the tag. Snooping the reader might get it but it likely will not if the reader works on tags not password protected.

iceman · 2017-02-09 14:28:51

if pwd protected, @OP could use the t55xx bruteforce with the default_pwd.dic to see if its a known pwd.

Proxmark3 community

Announcement

#1 2017-02-04 11:45:22

lf t55xx read b 0 doesnt work?

#2 2017-02-04 12:21:52

Re: lf t55xx read b 0 doesnt work?

#3 2017-02-04 12:54:41

Re: lf t55xx read b 0 doesnt work?

#4 2017-02-04 13:00:22

Re: lf t55xx read b 0 doesnt work?

#5 2017-02-04 13:08:30

Re: lf t55xx read b 0 doesnt work?

#6 2017-02-04 13:09:47

Re: lf t55xx read b 0 doesnt work?

#7 2017-02-04 13:18:35

Re: lf t55xx read b 0 doesnt work?

#8 2017-02-04 13:20:47

Re: lf t55xx read b 0 doesnt work?

#9 2017-02-04 13:32:14

Re: lf t55xx read b 0 doesnt work?

#10 2017-02-04 16:20:10

Re: lf t55xx read b 0 doesnt work?

#11 2017-02-04 16:51:11

Re: lf t55xx read b 0 doesnt work?

#12 2017-02-04 17:57:01

Re: lf t55xx read b 0 doesnt work?

#13 2017-02-04 18:38:07

Re: lf t55xx read b 0 doesnt work?

#14 2017-02-04 18:42:19

Re: lf t55xx read b 0 doesnt work?

#15 2017-02-04 19:18:31

Re: lf t55xx read b 0 doesnt work?

#16 2017-02-04 20:07:41

Re: lf t55xx read b 0 doesnt work?

#17 2017-02-04 21:57:47

Re: lf t55xx read b 0 doesnt work?

#18 2017-02-06 10:11:04

Re: lf t55xx read b 0 doesnt work?

#19 2017-02-06 10:12:34

Re: lf t55xx read b 0 doesnt work?

#20 2017-02-06 16:48:36

Re: lf t55xx read b 0 doesnt work?

#21 2017-02-07 18:21:17

Re: lf t55xx read b 0 doesnt work?

#22 2017-02-07 18:30:59

Re: lf t55xx read b 0 doesnt work?

#23 2017-02-07 18:32:27

Re: lf t55xx read b 0 doesnt work?

#24 2017-02-08 05:40:16

Re: lf t55xx read b 0 doesnt work?

#25 2017-02-08 05:41:14

Re: lf t55xx read b 0 doesnt work?

#26 2017-02-08 11:04:14

Re: lf t55xx read b 0 doesnt work?

#27 2017-02-09 14:09:49

Re: lf t55xx read b 0 doesnt work?

#28 2017-02-09 14:28:51

Re: lf t55xx read b 0 doesnt work?

Board footer