Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi!
It would be really great to add a command like "lf t55x7write 1 0x12ABCDEF" to be able to write anything to the T55x7. Just select which blocks you want to write, and the data. Maybe add like an extra attribute to allow writing configuration block 0, just to prevent corrupting the tag.
The function is already there in the source: T55xxWriteBlock(data,block). Now we just need a good command with it!
Offline
I don't understand what you mean. The function already exists thanks to Cex. How many data blocks do you expect to write? This isn't the Mifare card.
Offline
I think you mean cloning EM4102 to T55x7, that feature is available through the console, yes.
The T55x7 have 7 writable blocks, and that cloning function using the command T55xxWriteBlock(data,block) to write block 0, 1 and 2. It configures block 0 to match EM4102 standard and then generates a manchester bitstream and write them to block 1 and 2 like this:
EM4102 tag ID: 06001259E3
Manchester encoded:
1111111110000001100000000000000011001010101010010111010011001000
The function splits the mancester on half like this:
11111111100000011000000000000000 = 0xFF818000
11001010101010010111010011001000 = 0xCAA974C8
And then the function runs this command:
T55xxWriteBlock(xxxxxxxxxxx,0) <- configuration block, sry, I don't remember the actual data right now.
T55xxWriteBlock(0xFF818000,1)
T55xxWriteBlock(0xCAA974C8,2)
If you write this to the T55x7, you will get an EM4102-tag with id 06001259E3.
But what I mean was that we need a console command to call this function T55xxWriteBlock directly, so we easily can experiment with other card systems than EM4102.
Last edited by urkis (2013-01-10 23:05:58)
Offline
Functions to program blocks are already implemented in the firmware (the hard part).
To add commands to user interface you only need to change 3 files if I'm not wrong.
Anyway I'm planning to add these in a few weeks time (when I had some time) and also support for writting blocks to EM4469/4269/4305 cards.
Regards.
Offline
Hey Cex, I was wondering if I can read a card, that it can't be read by the pm3 commands(hf 14a,14b,15...), no one of these let me read my card.
So I'm asking if it possible to write a piece of code that would let me read my card ?
Offline
Hey Cex, I was wondering if I can read a card, that it can't be read by the pm3 commands(hf 14a,14b,15...), no one of these let me read my card.
So I'm asking if it possible to write a piece of code that would let me read my card ?
It is impossible to know what you need without more information.
Offline
Hi!
It would be really great to add a command like "lf t55x7write 1 0x12ABCDEF" to be able to write anything to the T55x7. Just select which blocks you want to write, and the data. Maybe add like an extra attribute to allow writing configuration block 0, just to prevent corrupting the tag.
The function is already there in the source: T55xxWriteBlock(data,block). Now we just need a good command with it!
Added in r649.
readblock <Block> -- Reads T55xx block data (in page 0) ; Block = 0-7
readblockPWD <Block> <Password> -- Reads T55xx block data in password mode(in page 0); Block = 0-7; Password in HEX
writeblock <Data> <Block> -- Writes T55xx block data (in page 0); Block = 0-7; Data in HEX
writeblockPWD <Data> <Block> <Password>-- Writes T55xx block data (in page 0); Block = 0-7; Data and Password in HEX
readtrace -- Reads T55xx traceability data (page 1)
NOTES:
- Read commands do not decode the data as it is output in the format configured. Use "data sample" and "data plot" to check read data.
- Be very carefull when writing Block 0 as you can destry your card
- If you set password mode, make sure you know the contents of Block 7 (the password) or you won't be able to reprogram your card.
Make use of these command at your own risk.
An example of a write command is:
lf t55xx writeblock AAAA5555 3 50415353
This writes data 0xAAAA5555 to block number 3 with password "PASS" (0x50415353)
Regards.
Offline
Pages: 1