Yes, tell me an approximate reason why newer assemblies do not work? Well, exactly in lf hitag sniff mode?
]]>C:\Users\User\Downloads\rrg_other-64-20200723-84a49bf03b1c62a2f70719e7ddc3e38d2de5a819\win64>proxmark3 COM12
[=] Session log C:/Users/User/Downloads/rrg_other-64-20200723-84a49bf03b1c62a2f70719e7ddc3e38d2de5a819/win64/.proxmark3/logs/log_20200727.txt
[+] loaded from JSON file C:/Users/User/Downloads/rrg_other-64-20200723-84a49bf03b1c62a2f70719e7ddc3e38d2de5a819/win64/.proxmark3/preferences.json
[=] Using UART port COM12
[=] Communicating with PM3 over USB-CDC
██████╗ ███╗ ███╗█████╗
██╔══██╗████╗ ████║╚═══██╗
██████╔╝██╔████╔██║ ████╔╝
██╔═══╝ ██║╚██╔╝██║ ╚══██╗
██║ ██║ ╚═╝ ██║█████╔╝ iceman@icesql.net
╚═╝ ╚═╝ ╚═╝╚════╝ bleeding edge
https://github.com/rfidresearchgroup/proxmark3/
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman/master/v4.9237-618-g84a49bf0 2020-07-23 22:32:27
compiled with MinGW-w64 9.3.0 OS:Windows (64b) ARCH:x86_64
[ PROXMARK3 ]
[ ARM ]
bootrom: RRG/Iceman/master/v4.9237-618-g84a49bf0 2020-07-23 22:32:11
os: RRG/Iceman/master/v4.9237-618-g84a49bf0 2020-07-23 22:32:18
compiled with GCC 9.2.1 20191025 (release) [ARM/arm-9-branch revision 277599]
[ FPGA ]
LF image built for 2s30vq100 on 2020-02-22 at 12:51:14
HF image built for 2s30vq100 on 2020-01-12 at 15:31:16
[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 227408 bytes (43%) Free: 296880 bytes (57%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory
[usb] pm3 --> hw tune
[=] Measuring antenna characteristics, please wait...
[/] 10
[=] ---------- LF Antenna ----------
[+] LF antenna: 21.68 V - 125.00 kHz
[+] LF antenna: 30.03 V - 134.83 kHz
[+] LF optimal: 30.78 V - 133.33 kHz
[+] LF antenna is OK
[=] ---------- HF Antenna ----------
[+] HF antenna: 36.28 V - 13.56 MHz
[+] HF antenna is OK
[+] Displaying LF tuning graph. Divisor 88 is 134.83 kHz, 95 is 125.00 kHz.
[usb] pm3 --> hw status
[#] Memory
[#] BigBuf_size.............43924
[#] Available memory........43924
[#] Tracing
[#] tracing ................1
[#] traceLen ...............0
[#] Current FPGA image
[#] mode.................... HF image built for 2s30vq100 on 2020-01-12 at 15:31:16
[#] LF Sampling config
[#] [q] divisor.............95 ( 125.00 kHz )
[#] [b] bits per sample.....8
[#] [d] decimation..........1
[#] [a] averaging...........Yes
[#] [t] trigger threshold...0
[#] [s] samples to skip.....0
[#] LF Sampling Stack
[#] Max stack usage.........3952 / 8480 bytes
[#] LF T55XX config
[#] [r] [a] [b] [c] [d] [e] [f] [g]
[#] mode |start|write|write|write| read|write|write
[#] | gap | gap | 0 | 1 | gap | 2 | 3
[#] ---------------------------+-----+-----+-----+-----+-----+-----+------
[#] fixed bit length (default) | 31 | 20 | 18 | 50 | 15 | N/A | N/A |
[#] long leading reference | 31 | 20 | 18 | 50 | 15 | N/A | N/A |
[#] leading zero | 31 | 20 | 18 | 40 | 15 | N/A | N/A |
[#] 1 of 4 coding reference | 31 | 20 | 18 | 34 | 15 | 50 | 66 |
[#]
[#] Transfer Speed
[#] Sending packets to client...
[#] Time elapsed............500ms
[#] Bytes transferred.......270336
[#] Transfer Speed PM3 -> Client = 540672 bytes/s
[#] Various
[#] Max stack usage.........4112 / 8480 bytes
[#] DBGLEVEL................1
[#] ToSendMax...............-1
[#] ToSendBit...............0
[#] ToSend BUFFERSIZE.......2308
[#] Slow clock..............31628 Hz
[#] Installed StandAlone Mode
[#] HF - Reading Visa cards & Emulating a Visa MSD Transaction(ISO14443) - (Salvador Mendoza)
[usb] pm3 --> hw hitag reader 26
help This help
connect connect Proxmark3 to serial port
dbg Set Proxmark3 debug level
detectreader ['l'|'h'] -- Detect external reader field (option 'l' or 'h' to limit to LF or HF)
fpgaoff Set FPGA off
ping Test if the Proxmark3 is responsive
readmem [address] -- Read memory at decimal address from flash
reset Reset the Proxmark3
setlfdivisor <19 - 255> -- Drive LF antenna at 12MHz/(divisor+1)
setmux Set the ADC mux to a specific value
standalone Jump to the standalone mode
status Show runtime status information about the connected Proxmark3
tia Trigger a Timing Interval Acquisition to re-adjust the RealTimeCounter divider
tune Measure antenna tuning
version Show version information about the connected Proxmark3
[usb] pm3 --> lf hitag reader 26
[+] UID: 0a350429
[usb] pm3 --> lf hitag sniff
[usb] pm3 --> [#] Starting Hitag2 sniffing
lf hitag list
[=] downloading tracelog from device
[=] Waiting for a response from the Proxmark3...
[=] You can cancel this operation by pressing the pm3 button
[-] Timed out while trying to download data from device
[!] timeout while waiting for reply.
[+] Recorded activity (trace len = 0 bytes)
[usb] pm3 -->
[!] Communicating with Proxmark3 device failed
[=] Running in OFFLINE mode. Use "hw connect" to reconnect
[offline] pm3 --> hw connect
[=] Using UART port COM12
[=] Communicating with PM3 over USB-CDC
[usb] pm3 --> lf hitag sniff l
[usb] pm3 --> [#] Starting Hitag2 sniffing
[!] Communicating with Proxmark3 device failed
[=] Running in OFFLINE mode. Use "hw connect" to reconnect
[offline] pm3 -->
Based from the Hitag2 to Hell source, two attacks has emerged. One CPU based and one GPU based.
HiTag2 Cracking Suite
Authors:
Attacks 1, 2, 3, 4 : Kevin Sheldrake kev@headhacking.com
Attacks 5, 5gpu : anonymous, based on https://github.com/factoritbv/hitag2hell by FactorIT B.V.
Attack 5
Attack 5 is heavily based on the HiTag2 Hell CPU implementation from https://github.com/factoritbv/hitag2hell by FactorIT B.V., with the following changes:
Main takes a UID and 2 {nR},{aR} pairs as arguments and searches for states producing the first aR sample, reconstructs the corresponding key candidates and tests them against the second nR,aR pair;
Reuses the Hitag helping functions of the other attacks.
Attack 5gpu
Attack 5gpu is identical to attack 5, simply the code has been ported to OpenCL to run on GPUs and is therefore much faster than attack 5.
Usage details: Attack 5
Attack 5 requires two encrypted nonce and challenge response value pairs (nR, aR) for the tag's UID.
pm3 --> lf hitag sniff
Stop once you got two pairs.
$ ./ht2crack5 <UID> <nR1> <aR1> <nR2> <aR2>
Usage details: Attack 5gpu
Attack 5gpu requires two encrypted nonce and challenge response value pairs (nR, aR) for the tag's UID.
pm3 --> lf hitag sniff
Stop once you got two pairs.
$ ./ht2crack5gpu <UID> <nR1> <aR1> <nR2> <aR2>