Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi,
I've developed a javacard program to simulate NDEF type 4 tags, and it works, but some phones aren't reading it.
i have a proxmark3-easy, and tried sniffing both successful and failed reads.
The problem is, I can't consistently capture both the reader and the tag info.
I managed to get one fairly complete log of a successful read, but I think there are commands missing. (I can't see the capabilities file read, but I see the response from the card)
Here's the info from startup. (I'm not sure when I built the firmware that's on there, but it's not super recent
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-361-ge069547-suspect 2018-04-16 17:19:40
os: master/v3.0.1-361-ge069547-suspect 2018-04-16 17:19:42
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
The Questions:
1. Are there specific alignments/methods for capturing the communications between a creditcard sized device and a mobile phone. Note, I have removed the riser and the low frequency coil to get better proximity. Currently, I've tried card under the pm3, phone on top and phone and card on top.
2. Should I try different/more recent firmware, and should I expect better results
3. Would I experience better/acceptable performance on the newer Proxmark3 RDV4? I'm willing to buy, but only if I can expect better results. The other uses I've put the Easy to have been great, and it's been a great learning platform, but for this project I need to specifically justify the expense around this problem.
Thanks in advance!
Kevin
Offline
One clarification:
Most of my reads have all src labeled as Tag, and there aren't any Selector other APDU's I can identify from the reader.
Here is my most complete snoop, which I haven't been able to replicate more than this first time:
Recorded Activity (TraceLen = 810 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 46176 | Rdr | f0 25 d4 00 9f 45 fc 50 18 96 bb 35 bc 0c 00 00 | |
| | | 00 32 46 66 6d 01 01 12 02 02 07 ff 03 02 00 13 | |
| | | 04 01 64 07 01 03 50 78 | ok | ?
201620 | 203988 | Tag | 04 00 | |
214564 | 219108 | Tag | 08 9f 1d c8 | |
239028 | 242612 | Tag | 20 fc 70 | |
260212 | 266484 | Tag | 10 78 80 70 02 00! | !crc|
443620 | 447140 | Tag | c2 e0 b4 | |
3236656 | 3239120 | Rdr | 93 20 | | ANTICOLL
3390112 | 3393728 | Rdr | b2 67 c7 | ok | ?
5535796 | 5541620 | Tag | 02 90 00 f1 09 | |
5869092 | 5874916 | Tag | 03 90 00 2d 53 | |
6106244 | 6129348 | Tag | 02 00 0f 20 00 80 00 80 04 06 e1 04 00 45 00 ff | | Capability container contents
| | | 90 00 26 fc | ok |
6174288 | 6185904 | Rdr | 03 00 a4 00 0c 02 e1 04 6d db | ok | Select NDEF Data
6675252 | 6679988 | Tag | f2 01 91 40 | |
6706116 | 6711940 | Tag | 03 90 00 2d 53 | |
6744464 | 6746288 | Rdr | 02 00! | | ?
7239412 | 7244148 | Tag | f2 01 91 40 | |
7740308 | 7745044 | Tag | f2 01 91 40 | |
7752032 | 7756800 | Rdr | f2 01 91 40 | ok | ?
8250052 | 8254788 | Tag | f2 01 91 40 | |
8750820 | 8755556 | Tag | f2 01 91 40 | |
9251460 | 9256196 | Tag | f2 01 91 40 | |
9777204 | 9781940 | Tag | f2 01 91 40 | |
10299364 | 10304100 | Tag | f2 01 91 40 | |
10799876 | 10804612 | Tag | f2 01 91 40 | |
11301812 | 11306548 | Tag | f2 01 91 40 | |
11806420 | 11811156 | Tag | f2 01 91 40 | |
12006260 | 12014452 | Tag | 02 00 43 90 00 91 e6 | ok |
12553620 | 12558356 | Tag | f2 01 91 40 | |
13060292 | 13065028 | Tag | f2 01 91 40 | |
13560804 | 13565540 | Tag | f2 01 91 40 | |
14080532 | 14085268 | Tag | f2 01 91 40 | |
14581044 | 14585780 | Tag | f2 01 91 40 | |
14594112 | 14597536 | Rdr | 7f 93 cf! | !crc| ?
15103332 | 15108068 | Tag | f2 01 91 40 | |
15605764 | 15610500 | Tag | f2 01 91 40 | |
15617488 | 15622256 | Rdr | f2 01 91 40 | ok | ?
16108596 | 16113332 | Tag | f2 01 91 40 | |
16617300 | 16622036 | Tag | f2 01 91 40 | |
16828532 | 16846068 | Tag | 03 d1 01 3f 54 02 65 6e 30 31 30 30 30 30 31 35 | |ndef file contents
| | | 33 39 39 35 35 35 33 36 30 30 38 38 30 30 30 30 | |
| | | 30 30 31 30 32 38 34 44 43 42 42 37 30 34 30 42 | |
| | | 36 37 39 35 42 41 45 34 41 44 32 34 33 32 37 45 | |
| | | 37 44 33 44 90 00 76 9e | ok |
17016756 | 17020276 | Tag | a3 6f c6 | |
20152992 | 20156608 | Rdr | b2 67 c7 | ok | ?
20161764 | 20165284 | Tag | a3 6f c6 | |
23282544 | 23283792 | Rdr | b2 | | ?
23291316 | 23294836 | Tag | a3 6f c6 | |
26398432 | 26399168 | Rdr |12! | | ?
26407204 | 26410724 | Tag | a3 6f c6 | |
29508820 | 29512340 | Tag | a3 6f c6 | |
32616948 | 32620468 | Tag | a3 6f c6 | |
35736532 | 35740052 | Tag | a3 6f c6 | |
38973236 | 38976756 | Tag | a3 6f c6 | |
42166096 | 42169712 | Rdr | b2 67 c7 | ok | ?
42174852 | 42178372 | Tag | a3 6f c6 | |
45394708 | 45398228 | Tag | a3 6f c6 | | Offline
My recent post and piwi's reply may be helpful to you. Hope my late reply is still relevant.
http://www.proxmark.org/forum/viewtopic … 861#p35861
Last edited by hfmfsniff (2019-07-18 16:49:07)
Offline
Pages: 1