data setdebugmode 0 - none
data setdebugmode 1 - intermediate level
data setdebugmode 2 - nightmare level
are there any debug switches to enable some verbose output of the lf search command, like output of the recognized modulation or clockrate? I'm pretty sure that in the past at least the clockrate was shown in the lf search output.
I have some different em tags, recognized only by the proxmark but not by a generic em reader as they use different clock rates. I would like to know whether they also use different modulations as this seems possible based on the em spec.
Cheers,
Simon
iI have both of them iceman
1/ RFIDler - An open source Software Defined RFID Reader/Writer/Emulator
2/ https://www.kickstarter.com/projects/1708444109/rfidler-a-software-defined-rfid-reader-writer-emul/posts/604981
i understood a little in document 1/ on how to use the blop technique to read 1 or 0 from signal following ASK/OOK modulation; but then in FSK signal I could not understand:
"So now, instead of signalling data directly by DAMPING for a 0 or a 1, we are creating a whole new CARRIER by DAMPING for different periods and allowing short or long pulses of the original CARRIER through. The fully DAMPED signal doesn't mean anything, it's the width and number of pulses of the UN-DAMPED signal that carries the information. In this case, 5 fat spikes means '0' and 7 thin spikes means '1' (or 12 thin spikes means '11'), so we've got '011010'. Neat!"
it is absolute terrifying where to read that neat "011010" sequence from
Or in case of PSK signal on few pages later, If we assume we're starting with a 0, this decodes as: '01101010001111100111000100010110000111010011100101101100001'. Easy-peasy!
Is that easy peasy. He's got 01101 I start with 01110 ...
Have you really follow those instructions and you understood howto to get your 1 and 0s out of ASK/FSK/PSK signal ...
Apropos I think I can release the pm3commands.xml today so users can test and report issue before we have time to polish it again before binding it in a place next to the GUI SW release 0xFFF will soon complete. Where should I release? here, perhaps at this place
Whet your appetite ... or new thread on the forum or could I send to you, so you will give it a place next to GUI SW so people can easily report issue, and request maintenance , iceman? window user should test it, the more use it, the better test, clean out all errors for all areas HF or LF
the settings.xml or pm3commands.xml for proxmark3 version 3.0.1
it takes 31s for start up, enjoy.
]]>that output format (wiegand) is the only tie between the formats you mention. but the raw binary of the tag formats that are used to generate that output are very different.
3d. understanding the individual wiegand formats used within a card format can assist in penetration testing when attempting an elevation in privileges attack by testing "the next number" in a format. Only with a full understanding of each bit of the full card format can you generate the raw bytes to sim or clone without a reference card.
and yes there is an ever growing list of these formats (there are literally thousands in the wild, which is why we cannot limit the base commands to one or two specific ones)
3d/"The hid sim and clone cmds don't need to know anything about wiegand or bit length because it uses the raw hex of the entire format." that is very clear and good to know. Sorry that I, an unbeliever, keep banging this door. Somehow last year our forum spend lot of time handle the problem getting clone over known FC, card ID number, so I had the always the impression that generating HID and AWID KANTEC from know description, without the card itself, would be the progress mark of our further understanding in these tags
]]>4) Adam laurie made some nice blogs about LF. with descriptive pictures. Just google him and rfidler. You'll find both is his site and the kickstarter.
5) not sure if the forum upgrade messed up linked pictures. It shouldn't.
6) follow the guideline idea of one question - one thread. That way its easy to follow posts and finding answers.
]]>Q1/ Is it correct that since Proxmark3 v3.0.1 we move the functions intentionally else where Marshmellow
data amplify
data askem410xdemod
data askgproxiidemod
data fskawiddemod
data fskhiddemod
data fskpyramiddemod
data fskparadoxdemod
data pskindalademod
Q2/ Is it also correct that for sector bi-phase we hardly see any sample we cover with 2 functions, in:
data rawdemod ab
data data biphaserawdecode...
what is the different meaning... I knew it exists since 2015 but hardly see its biphasewardecode application anywhere
Q3/ I may be wrong pls correct me in my impression how the HID development history has unfolded. In order to copy
- we start with understanding the HID tag by develop the 26 bit Wiegand excel table for pure HID tags so we could get any wiegand code and produce replicas of HID tags
- we had function lf hid read/demod/clone/sim
- over the year we meet more and more tags, branched off HID, like AWID, INDALA, KANTEC, GPROX, PARADOX, PYRAMID etc ... so we delve in development for tag function in these tag-specific areas to meet demand for cover not only 26bit, but also 32/35/37/40/42/50/64bits because some tags are further developed than the others I remember for a long time Marshmellow and iceman worked together in these area. User can at that time use even Card format code, facility code , card ID number specifically to generate HID or quasi-HID tags
My question is, now that we drop tag-specific function, going back to use only HEX digits UID, I am not a programmer for reading understanding code, and I have no HW for testing if replicas work can I safely assume the cover of longer wiegand raw code is still automatically covert, lf hid <hex uid> automatically see different type/branched off from HID and most important not only 26bit, but also 32/35/37/40/42/50/64bits are covert... How does "lf hid" see the complication, like length of wiegand bits, card format code. card facility code, card ID number etc, from the hex UID alone?
Q4/ could the senior users provide a sector of snoop trace/plot and scope pics for learning the basic reading 1s or 0s for any new user who wish to understand that technique. there were discussion topis and shared pics/traces, but they are no good because expired on time, reading comments without seeing the plot makes very hard to follow.
Q5/ I saw on early sticky thread, pictures somehow are displayed parallel with text, not just as a link. Is it true that with the new forum web page, this function has gone lost? I mean not everyone should plot and clutter the forum with pictures, but in important educational threads like using of revenge, crapto, hardnested, graphic tool, development of "lf read" into raw data etc ...Do you think that would be helpful?
Q6/ where is the appropriated place and how to place these questions in better form, that other would not think, I were a trouble maker or a crazy
Appreciated very much your soon reply on any question/point.
PS:
My ongoing knocking in these areas is because the ongoing work on updating the settings.xml requires it.
I found a way to indicate questionable parts. I have finished it yesterday, I believe.
I like to release the settigns.xml, but before I would have some answers at least to Q1, Q3 for confirmation not that I too hastly release wrong information.
]]>The changes are in this merge: https://github.com/Proxmark/proxmark3/commit/b067125f98f52d6d33e9dc97a1caa1b4b5bb9cde
Available commands are:
proxmark3> lf awid fskdemod h
Enables AWID26 compatible reader mode printing details of scanned AWID26 tags.
By default, values are printed and logged until the button is pressed or another USB command is issued.
If the ['1'] option is provided, reader mode is exited after reading a single AWID26 card.
Usage: lf awid fskdemod ['1']
Options :
1 : (optional) stop after reading a single card
sample : lf awid fskdemod
: lf awid fskdemod 1
proxmark3> lf awid sim
Enables simulation of AWID26 card with specified facility-code and card number.
Simulation runs until the button is pressed or another USB command is issued.
Per AWID26 format, the facility-code is 8-bit and the card number is 16-bit. Larger values are truncated.
Usage: lf awid sim <Facility-Code> <Card-Number>
Options :
<Facility-Code> : 8-bit value representing the AWID facility code
<Card Number> : 16-bit value representing the AWID card number
sample : lf awid sim 224 1337
proxmark3> lf awid clone
Enables cloning of AWID26 card with specified facility-code and card number onto T55x7.
The T55x7 must be on the antenna when issuing this command. T55x7 blocks are calculated and printed in the process.
Per AWID26 format, the facility-code is 8-bit and the card number is 16-bit. Larger values are truncated.
Usage: lf awid clone <Facility-Code> <Card-Number>
Options :
<Facility-Code> : 8-bit value representing the AWID facility code
<Card Number> : 16-bit value representing the AWID card number
sample : lf awid clone 224 1337
]]>Not sure. This thread only dealt with the LF side. I don't think srix has had any changes in a while tho.
You're right, sorry.
I've posted here because I saw that the FPGA code was modified and I thought the issue could be connected.
I'll repost that on a different 3d.
Thank you.