About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

jin · 2014-02-01 12:10:52

Hi there

I hope to change ATS on simulating 14443-4 card.

Thanks to vivat, I know that it is related to /armsrc/iso14443a.c.

So I modified iso14443a.c file.(Now my proxmark version is 842.)

From(Original Source)
1034 uint8_t response6[] = { 0x04, 0x58, 0x00, 0x02, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS
1035 ComputeCrc14443(CRC_14443_A, response6, 4, &response6[4], &response6[5]);
---------------------------
To(Modified)
1034 uint8_t response6[] = { 0x04, 0x78, 0x80, 0x83, 0x02, 0x4a, 0x43, 0x4f, 0x50, 0x34, 0x31, 0x56, 0x32, 0x33, 0x32, 0x00, 0x00 }; // dummy ATS (pseudo-ATR), answer to RATS
1035 ComputeCrc14443(CRC_14443_A, response6, 4, &response6[15], &response6[16]);

And compile and flash.

But it is not working....(Original version 842 works well.)

error message
#db# Received unknown command <len=1>

Please How do I can do let me know.

Thank you.

**************************************************************************************************************************************************
☆Pre My question.
subject:Simulating 14443-4 Card

Hi, guys?

(First My English is awkward. Sorry.)

I am studying about simulation of 14443-4 card.
Especially, interested in Java CARD.

So I have tried the simulation using proxmark3(r839 version).
And I used ACR122U as a reader.

Proxmark3 Command : hf 14a sim 4 12345678
ACR122u Command : nfc-list

Result is the below.

ATQA (SENS_RES): 00 04
UID (NFCID1): 12 34 56 78
SAK (SEL_RES): 28
ATS: 58 00 02
----------------------------------------------------------

But I want a Result the below.(I hope to change ATS value)

ATQA (SENS_RES): 00 04
UID (NFCID1): 12 34 56 78
SAK (SEL_RES): 28
ATS: 78 80 83 02 4a 43 4f 50 34 31 56 32 33 32

Please How do I can do let me know.

Thank you.

P.S.
And add as possible, I hope to know how to change ATQA, SAK, ATS freely.

☆Reply Vivat
Hi there
Have a look at file ../armsrc/iso14443a.c
function SimulateIso14443aTag()

holiman · 2014-02-01 16:41:05

Please do a 'hf 14a list' and show us the output. You'll get that message back when the reader sends something unexpected, so it'd be good to see the traffic log.

jin · 2014-02-01 17:21:06

hi~ holiman

hf 14a list results are below.

recorded activity:
ETU :rssi: who bytes
---------+----+----+-----------
+ 0: : 26
+ 0: 0: TAG 04 00
+ 0: : 78
+ 0: : 26
+ 0: 0: TAG 04 00
+ 0: : 93 20
+ 0: 0: TAG 12 34 56 78 08
+ 0: : 93 70 12 34 56 78 08 3c a2
+ 0: 0: TAG 28 b4 fc
+ 0: : e0 50 bc a5
+ 0: 0: TAG 04 78 80 83 02 4a 43 4f 50 34 31 56 32 33 32 a9 58 !crc
+ 0: : e0 50 bc a5
+ 0: 0: TAG 04 78 80 83 02 4a 43 4f 50 34 31 56 32 33 32 a9 58 !crc
+ 0: : c2 e0 b4
+ 0: 0: TAG ca e0 74 ce
+ 0: : 26
+ 0: 0: TAG 04 00
+ 0: : 93 20
+ 0: 0: TAG 12 34 56 78 08
+ 0: : 93 70 12 34 56 78 08 3c a2
+ 0: 0: TAG 28 b4 fc
+ 0: : e0 50 bc a5
+ 0: 0: TAG 04 78 80 83 02 4a 43 4f 50 34 31 56 32 33 32 a9 58 !crc
+ 0: : e0 50 bc a5
+ 0: 0: TAG 04 78 80 83 02 4a 43 4f 50 34 31 56 32 33 32 a9 58 !crc
+ 0: : c2 e0 b4
+ 0: 0: TAG ca e0 74 ce
+ 0: : 26
+ 0: 0: TAG 04 00
+ 0: : 78
+ 0: : 26
+ 0: 0: TAG 04 00
+ 0: : 78

jin · 2014-02-01 17:27:14

(original source, not modified)
hf 14a list results

It is accepted by acr122u reader.(works well)

recorded activity:
ETU :rssi: who bytes
---------+----+----+-----------
+ 0: : 26
+ 0: 0: TAG 04 00
+ 0: : 93 20
+ 0: 0: TAG 12 34 56 78 08
+ 0: : 93 70 12 34 56 78 08 3c a2
+ 0: 0: TAG 28 b4 fc
+ 0: : e0 50 bc a5
+ 0: 0: TAG 04 58 00 02 df 42
+ 0: : b2 67 c7
+ 0: : b2 67 c7
+ 0: : c2 e0 b4
+ 0: 0: TAG ca e0 74 ce
+ 0: : b2 67 c7
+ 0: : b3 ee d6

jin · 2014-02-01 17:49:44

and my java card result(hf 14a reader -> hf 14a list)

+ 0: : 52
+ 160: 0: TAG 04 00
+ 0: : 93 20
+ 376: 0: TAG 12 34 56 78 08
+ 0: : 93 70 12 34 56 78 08 a8 d1
+ 232: 0: TAG 28 b4 fc
+ 0: : e0 80 31 73
+ 1240: 0: TAG 0f! 78 80 83 02 4a 43 4f 50 34 31 56 32 33 32 58 8c

Thank you.

jin · 2014-02-01 17:51:16

jin wrote:

and my java card result(hf 14a reader -> hf 14a list)
+ 0: : 52
+ 160: 0: TAG 04 00
+ 0: : 93 20
+ 376: 0: TAG XX XX XX XX 08
+ 0: : 93 70 XX XX XX XX 08 a8 d1
+ 232: 0: TAG 28 b4 fc
+ 0: : e0 80 31 73
+ 1240: 0: TAG 0f! 78 80 83 02 4a 43 4f 50 34 31 56 32 33 32 58 8c
Thank you.

jin · 2014-02-09 15:15:49

jin · 2014-02-09 15:16:50

...

Last edited by jin (2014-02-09 15:18:45)

Proxmark3 community

Announcement

#1 2014-02-01 12:10:52

About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

#2 2014-02-01 16:41:05

Re: About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

#3 2014-02-01 17:21:06

Re: About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

#4 2014-02-01 17:27:14

Re: About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

#5 2014-02-01 17:49:44

Re: About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

#6 2014-02-01 17:51:16

Re: About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

#7 2014-02-09 15:15:49

Re: About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

#8 2014-02-09 15:16:50

Re: About simulating 14443-4 CARD.(or modifying /armsrc/iso14443a.c)

Board footer