Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-08-20 16:05:28

tristanik
Contributor
Registered: 2014-11-25
Posts: 96

New card to study

Hello my friends

i have this new tag

Proxmark3 RFID instrument


[ CLIENT ]
client: iceman build for RDV40 with flashmem; smartcard;

[ ARM ]
bootrom: iceman/master/ice_v3.1.0-1024-g25cf9bd5 2018-08-17 13:58:20
      os: iceman/master/ice_v3.1.0-1024-g25cf9bd5 2018-08-17 13:58:24

[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2018/ 8/10 at 11:48:34

[ Hardware ]
  --= uC: AT91SAM7S256 Rev B
  --= Embedded Processor: ARM7TDMI
  --= Nonvolatile Program Memory Size: 256K bytes, Used: 236178 bytes (90%) Free: 25966 bytes (10%)
  --= Second Nonvolatile Program Memory Size: None
  --= Internal SRAM Size: 64K bytes
  --= Architecture Identifier: AT91SAM7Sxx Series
  --= Nonvolatile Program Memory Type: Embedded Flash Memory

pm3 --> hf search
hf search
[!] timeout while waiting for reply.
UID    : C0 FC A6 5C
ATQB   : 00 00 00 00 91 71 71
CHIPID : 00
      App Data: 00 00 00 00
      Protocol: 91 71 71
      Bit Rate: 212 kbit/s PICC -> PCD supported
      Bit Rate: 212 kbit/s PICC <- PCD supported
                Same bit rate <-> required
Max Frame Size: 128 bytes
Protocol Type: Protocol is compliant with ISO/IEC 14443-4
Frame Wait Integer: 7 - 4096 ETUs | 38656 us
App Data Code: Application is Proprietary
Frame Options: NAD is not supported
Frame Options: CID is supported
Tag :
  Max Buf Length: 0 (MBLI) chained frames not supported
  CID : 0

[+] Valid ISO14443-B Tag Found


pm3 --> hf list
hf list
Recorded Activity (TraceLen = 94 bytes)

Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)

      Start |        End | Src | Data (! denotes parity error)                                           | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
          0 |        992 | Rdr |52                                                                       |     | WUPA   
4294957487 | 4294962251 | Rdr |05! 00! 08  39! 73                                                       | !crc|       
4294962253 | 4294963945 | Tag |50! c0! fc! a6! 5c! 00! 00! 00! 00! 91  71! 71! 0a! e3                   | !crc|       
       1579 |      61775 | Rdr |1d! c0! fc! a6! 5c! 00! 08  01  00! 09! 8e!                              | !crc|       
       7629 |      59952 | Tag |00! 78! f0!                                                              |     |       
4294957490 | 4294962232 | Rdr |06! 00! 97  5b 

but .....
pm3 --> hf 14b info
hf 14b info
[-] no 14443-B tag found

do you have any good ideas to give me?

Offline

#2 2018-08-20 17:57:30

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: New card to study

hw tune
hw status

distance between antenna and tag,
and try the other 14b commands... like dump..

Don't know if you are using a RDV40,  which you should try out::  https://github.com/RfidResearchGroup/proxmark3

if not,  stay with iceman fork or official

Offline

#3 2018-08-21 21:46:28

tristanik
Contributor
Registered: 2014-11-25
Posts: 96

Re: New card to study

Thanks iceman for reply
This tag is a new card of company trasportation
I have old proxmark3 ,if I use official build ..
proxmark3> hf search
no known/supported 13.56 MHz tags found
With Iceman64 precompiled is ok
pm3 --> hw tune         
         
[=] measuring antenna characteristics, please wait...
         
         
[!] LF antenna is UNUSABLE
         
[+] HF antenna:  8.11 V - 13.56 MHz  with tag on         
[+] HF antenna is OK         
         
[-] Not showing LF tuning graph since all values is zero.



I can try to sniff the communication with Hydrabus

Offline

#4 2018-08-22 10:04:54

tristanik
Contributor
Registered: 2014-11-25
Posts: 96

Re: New card to study

I tried to sniff a simple reading of the card. Do you have any ideas?

U00
Uff
    26
    26
    26
    26
U00
Uff
U00
Uff 6a
Uff
Uff
Uff 1d 02
U00
Uff
U00
Uff
U00
Uff
Uff d7
U00
Uff
U00
Uff
U00
Uf8 26
    26
    26
    26
    26
    26
    26
    26
U00
Uff
U00
Uff 6a
Uff
Uff
Uff 1d 02
U00
TAG
    ff 3f 80 a0 01 e3 67 8d 15 20 40 80 00 22 c5 8a a5 68 1e 40
U00
Uff 8a 0d
Uff 1c
U00 59 47
Uff 31
Uff 0d
Uff 0d
Uff 71 aa 0c
TAG
    00 00 00 00 00 00 00 40
Uff d6
U00
Uff
Uff b7 6e
Uff
Uff 69
U00
Uff 19
Uff
Uff 1b
Uff dd b2 0c
Uff
Uff 1b
Uff dd 1a
Uff 67
U00 32
TAG
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Uff d2
U00
Uff
Uff eb d2
U00 c6 37
Uff
TAG 48 12
    54 a9
TAG a2
TAG
   
U00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 88 00 00 01 02 00 04 08 10 20 40 80 00 00 01 02 04 08 10 20 40 80 00 02 b9 03 67 68 10 a0 43 f9 d4 42 71 aa c6 0a 19 a0 5e a0 00
U00
Uff d6
U00
Uff
Uff 9b 36
Uff 07
   
Uff 16
U00 d8 32
TAG
   
Uff 00 c0 7f eb fa 95 ca 94 68 d3 a4 4e c8 9d 5e 4d 2b 12 28 49 90 22 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
U00
Uff d2
U00
Uff
Uff 99 1a
Uff 65 6e
Uff 57 36
Uff
Uff 6b
U00 0c
Uff 2a
U00
TAG
   
U07 00 40 00 29 0a 04 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 82 04 28 5b 20 40
U00
Uff d6
U00
Uff
Uff 99 1a
Uff 15
U00 1b
Uff 57 36
Uff
Uff 35
Uff
U07 48 32
TAG
   
U00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 80 00 00 03 02 04 0c 08 10 20 64 80 dc 7a 01 1c
Uff d6 34
Uff d7 5a 0d
TAG
   
Uff ff 3f 80 94 05 a2 94 09 20
U00
Uff
U00
Uff 6a
Uff
Uff
Uff 1d 02
U00
TAG
   
U00
Uff 0c
U00
Uff
Uff d7
U00
Uff
U00
TAG
   
U00
Ufc 26
    26
    26
    26
    26
    26
    26
    26
U7f 0c
Uff
U00
Uff 6a
Uff
Uff
Uff 1d 02
U00
TAG
   
U00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
U00
Uff 8a 0d
Uff 1c
U00 59 47
Uff 31
Uff 0d
Uff 0d
Uff 71 aa 0c
TAG
   
U00 00 40 00 00 00 00 00 00
U00
Uff
U00
Uff 6a
Uff
Uff
Uff 1d 02
U00
TAG
   
U00
Uff 0c
U00
Uff
Uff d7
U00
Uff
U00
TAG
   
U00
Ufc 26
    26
    26
    26
    26
    26
    26
    26
U7f
Uff
U00
Uff 6a
Uff
Uff
Uff 1d 02
U00
TAG
   
Uff 00 c0 7f 5f fe 1c 98 72 2a 40 80 00 00 45 0a 15 00 00 00 80
U00
Uff 8a 0d
Uff 1c
U00 59 47
Uff 31
Uff 0d
Uff 0d
Uff 71 aa 0c
TAG
   
U00 00 00 00 00 00 00 00 60
Uff
U00
Uff 6a
Uff
Uff
Uff 1d 02
U00
TAG
   
U00
Uff 0c
U00
Uff
Uff d7
U00
Uff
U00
TAG
   
U00
Uf8 26

Offline

#5 2018-08-31 09:45:19

tristanik
Contributor
Registered: 2014-11-25
Posts: 96

Re: New card to study

the first track was not right, this is the sniff of reading

pm3 --> hf 14b list         
trace pointer not allocated
Recorded Activity (TraceLen = 66 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
         
      Start |        End | Src | Data (! denotes parity error)      | CRC | Annotation         
------------+------------+-----+--------------------------------+-----+--------------------         
          0 |          8 | Rdr |f0                         |     | ?         
     611091 |     611105 | Tag |0b  01                      |     |           
    1746045 |    1746053 | Rdr |10  f9  e0                  |  ok | ?         
    3753058 |    3753071 | Rdr |0a  0c  00  a4             | !crc| AUTHENTICATE         
    4149382 |    4149390 | Rdr |80                                                                             
    4660801 |    4660815 | Tag |01

Offline

#6 2018-09-01 16:16:10

app_o1
Contributor
Registered: 2013-06-22
Posts: 247

Re: New card to study

This is only a really tiny partial portion of the trace.
Where's the rest of it? Try again.

Offline

#7 2018-09-28 09:26:23

tristanik
Contributor
Registered: 2014-11-25
Posts: 96

Re: New card to study

I tried again, this is a reading,but the reader has not been registered..only the tag


pm3 --> hf 14b list         
trace pointer not allocated
Recorded Activity (TraceLen = 83 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
         
      Start |        End | Src | Data (! denotes parity error)                                           | CRC | Annotation         
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------         
          0 |         14 | Tag |50  c0                                                                   |     |           
     514016 |     514030 | Tag |0b  01  ad  e0  ff                                                       | !crc|           
    1713182 |    1713196 | Tag |00                                                                       |     |           
    5126175 |    5126189 | Tag |01  f1  e1                                                               |  ok |

Offline

#8 2018-10-05 13:46:36

tristanik
Contributor
Registered: 2014-11-25
Posts: 96

Re: New card to study

second stamp

pm3 --> hf 14b list         
trace pointer not allocated
Recorded Activity (TraceLen = 238 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
         
      Start |        End | Src | Data (! denotes parity error)                                           | CRC | Annotation         
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------         
          0 |         14 | Tag |01  f1  e1                                                               |  ok |           
     303199 |     303213 | Tag |00                                                                       |     |           
     508957 |     508971 | Tag |00  c0  3b  31  e0                                                       | !crc|           
     768430 |     768444 | Tag |0b  01                                                                   |     |           
    4365463 |    4365477 | Tag |41  01  fc  a6  5c                                                       | !crc|           
    4915414 |    4915428 | Tag |50  c0  fc  06  fe                                                       | !crc|           
   20256305 |   20256319 | Tag |0a  01  01  01  fc                                                       | !crc|           
   20260202 |   20260216 | Tag |ae  c0  33  b0  ac                                                       | !crc|           
   20268909 |   20268923 | Tag |00  00  c0  b8  e7  00  00  00  00  00  00  00  00  bc  b3  95  8d  90   |     |           
            |            |     |00  d4  d9                                                               | !crc|           
   21736161 |   21736175 | Tag |50  c0                                                                   |     |           
   21750655 |   21750669 | Tag |01                                                                       |     |           
   22852999 |   22853013 | Tag |00  00  c0  a6  5c  00  00  00  00  91  71  71  0a  e3                   | !crc|           
   22862923 |   22862936 | Rdr |01  f1  e1                                                               |  ok | ?         
   25082919 |   25082927 | Rdr |e3                                                                       |     | ?         
   31691225 |   31691232 | Rdr |90  00  d4  d9                                                           | !crc| ?         
   32561596 |   32561610 | Tag |50  c0  fc  86  ff                                                       | !crc|

Offline

Board footer

Powered by FluxBB