Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hello,
I am gonna need some help here and will appreciate any advice.
Just got my Elechouse Proxmark3 RDV2.0 and I am learning how to work with it - seems to be working with LF tags, however I cannot get it to read any HF (13.56 MHz) tag. Tried with all of the enclosed ones and with some other cards that I managed to find, moving them between 20 cm and 0 cm from the HF antenna. The HF antenna connector was somehow loose but after exchanging the cable with the other one it seems to be better, the antenna is being detected.
Already have contacted the Elechouse support but they only advised me to try to flash the firmware again, which I did several times (even managed to brick the PM3, fortunately I had BusPirate and used it to re-flash via JTAG, now it is working again).
Here is some more information:
pm3 --> hf search
no known/supported 13.56 MHz tags found
pm3 --> hf mf dbg 4
#db# Debug level: 4
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)
iso14443a card select failed
pm3 --> hf 14b reader
iso14443-3 ATTRIB fail
iso14443-3 ATTRIB fail
no 14443B tag found
pm3 --> hf mf dbg 4
#db# Debug level: 4
pm3 --> hf 14b reader
#db# 14b raw: param, 0043
#db# iso1443b_setup Enter
#db# iso1443b_setup Exit
#db# Demod.state = 0, Demod.len = 0, PDC_RCR = 193
#db# f4 fa 09 f5 04 0e f3 ff
#db# 05 f2 08 0b f4 05 ff f1
#db# 0c 04 f7 0a f9 f3 0c fe
#db# fc 0e f6 f6 0b f8 01 0e
#db# f3 fb 07 f4 06 0c f3 02
#db# 02 f1 0b 08 f5 08 fc f2
#db# 0c 02 f9 0c f8 f4 0c fc
#db# fd 0e f4 f8 0a f6 03 0e
#db# f4 f9 09 f5 04 0e f3 fe
#db# 05 f2 08 0b f3 04 01 f1
#db# 0b 07 f5 08 fd f1 0c 02
#db# f8 0c f8 f4 0c fc fd 0e
#db# f5 f7 0b f8 02 0e f3 fc
#db# 07 f3 07 0c f3 02 02 f1
#db# 0a 08 f4 07 fe f1 0c 03
#db# f8 0c f8 f4 0c fc fd 0e
#db# f5 f7 0a f7 03 0e f3 fd
#db# 06 f3 08 0c f3 03 01 f1
#db# 0b 06 f6 09 fb f2 0d 00
#db# fa 0d f6 f5 0c fa 00 0e
#db# f3 fa 09 f5 04 0d f3 ff
#db# 05 f2 08 0a f4 05 00 f1
#db# 0b 06 f6 0a fb f2 0d ff
#db# fa 0d f7 f5 0c fa ff 0e
#db# f4 fa 09 f5 04 0e f3 ff
#db# 05 f2 09 0a f4 05 00 f1
#db# 0b 06 f6 09 fb f2 0d 00
#db# fb 0d f6 f5 0c fa ff 0e
#db# f4 f9 09 f5 04 0e f3 ff
#db# 05 f2 08 0b f3 03 01 f1
#db# 0b 07 f5 08 fc f2 0c 01
#db# f9 0c f7 f5 0c fa ff 0e
iso14443-3 ATTRIB fail
#db# 14b raw: param, 0002
#db# disconnect
#db# switch_off
#db# 14b raw: param, 0001
#db# iso1443b_setup Enter
#db# iso1443b_setup Exit
#db# 14b raw: param, 0080
#db# Demod.state = 0, Demod.len = 0, PDC_RCR = 192
#db# 0c fd fc 0e f5 f7 0b f8
#db# 01 0e f3 fa 09 f5 05 0d
#db# f2 00 04 f2 09 0a f3 05
#db# 00 f1 0b 05 f6 09 fb f2
#db# 0c 00 fa 0d f6 f5 0b fa
#db# ff 0e f4 f9 09 f6 04 0e
#db# f3 ff 06 f3 07 0b f3 03
#db# 01 f1 0b 07 f5 08 fc f2
#db# fb f2 0c 01 f9 0c f8 f4
#db# 0c fc fd 0e f5 f8 0a f7
#db# 02 0e f3 fc 08 f4 05 0d
#db# f3 00 04 f2 08 0a f3 04
#db# 01 f1 0b 07 f5 08 fc f2
#db# 0c 01 f9 0c f8 f4 0c fd
#db# fc 0e f6 f6 0b f9 00 0e
#db# f4 fa 09 f5 04 0e f3 fe
#db# 05 f2 08 0b f3 04 01 f1
#db# 0b 07 f5 08 fd f2 0c 02
#db# f8 0c f9 f3 0c fd fc 0e
#db# f6 f6 0b f9 01 0e f3 fb
#db# 08 f5 05 0d f3 ff 05 f2
#db# 08 0a f3 04 00 f1 0b 06
#db# f6 09 fb f2 0c 00 f9 0c
#db# f7 f5 0c fb ff 0e f4 f9
#db# 09 f6 04 0e f3 ff 05 f2
#db# 08 0b f3 04 01 f1 0b 07
#db# f5 08 fd f2 0c 02 f8 0c
#db# f8 f4 0c fd fc 0e f5 f7
#db# 0b f8 01 0e f3 fb 08 f5
#db# 04 0d f3 ff 05 f2 08 0b
#db# f3 03 01 f1 0b 07 f5 08
#db# fd f2 0c 02 f8 0b f9 f3
iso14443-3 ATTRIB fail
no 14443B tag found
#db# 14b raw: param, 0002
#db# disconnect
#db# switch_off
### HW VER that came with the device
Proxmark3 RFID instrument
bootrom: /-suspect 2015-11-19 10:08:02
os: /-suspect 2015-11-19 10:08:09
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 169916 bytes (32). Free: 354372 bytes (68).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
### HW VER after updating
Proxmark3 RFID instrument
bootrom: iceman/master/v1.1.0-2014-gd840622 2017-04-06 17:46:30
os: iceman/master/v1.1.0-2014-gd840622 2017-04-06 17:46:32
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 214803 bytes (41). Free: 309485 bytes (59).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
### With no card
pm3 --> hw tune
Measuring antenna characteristics, please wait......
# LF antenna: 36.16 V @ 125.00 kHz
# LF antenna: 22.82 V @ 134.00 kHz
# LF optimal: 36.16 V @ 125.00 kHz
# HF antenna: 32.08 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
### With card approached to the HF antenna
pm3 --> hw tune
Measuring antenna characteristics, please wait......
# LF antenna: 35.75 V @ 125.00 kHz
# LF antenna: 22.69 V @ 134.00 kHz
# LF optimal: 35.75 V @ 125.00 kHz
# HF antenna: 21.98 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
Any advice on what I can try next?
Offline
setting debug mode 4, is almost always failing since its execution makes the tag communication to timeout.
1-1.5cm is about where the sweetspot is for HF / mifare commands.
If you have a Mifare classic 1k s50 tag, try the hf 14a read with different positioning of card until you get a good read.
Offline
Thank you very much for your reply, iceman.
I do have Mifare 1k S50 tag and tried all distances from about 10 cm to 0.5 cm, but to no avail.
The "hf 14a read" command is failing immediately, no matter if there is a card near the antenna or not:
pm3 --> hf 14a read
iso14443a card select failed
pm3 --> hf 14a read
iso14443a card select failed
Is it possible that the FPGA code is corrupted somehow or should I start looking at some kind of hardware fault?
Offline
There are some known issues with the Proxmark3 RDV2. Elechouse update the information:
Here you have the PDF which appears int the Elechouse webstore
Offline
Just a quick update if someone happens to have the same problem - with some great help from Elechouse support it turned out to be a hardware fault in the HF operational amplifier (part number is SGM724XTS14/TR or MCP6294-E/ST).
I have replaced the original SGM724 with MCP6294-E and now PM3 is working just fine with HF tags:
pm3 --> hw tune
Measuring antenna characteristics, please wait......
# LF antenna: 35.20 V @ 125.00 kHz
# LF antenna: 23.10 V @ 134.00 kHz
# LF optimal: 35.61 V @ 126.32 kHz
# HF antenna: 34.14 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
pm3 --> hf search
UID : 9A 3A 74 FF
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1
proprietary non iso14443-4 card found, RATS not supported
Answers to magic commands: NO
Valid ISO14443-A Tag Found - Quiting Search
Thanks again for all the help and suggestions
Offline
Great! Thanks for sharing, and I'm glad you have a working pm3!
Offline