Here is my PR, but I can't test in real chameleon, because on vanilla proxgrind branch I have always "auth failed" at proxmark - I have used clean emsec version of MifareClassic.c file in my branch.
https://github.com/RfidResearchGroup/ChameleonMini/pull/26
]]>I have same problem, ChamelionTiny by Proxgrind, emulation for Russian transport system. I can't emulate neither Mifare Ultralight, not Mifare classic. Problem with ultralight is more complicated (read is ok, write is ok - but it fail some checks), but problem with classic is very strange/simple/on common layer.
I have dumped my classic card with all keys and uploaded dump to Chameleon.
I can read it by blocks/sectors by proxmark with valid keys, I also can dump it from Chameleon with a proxmark without problems. But when I went to real reader I got a strange problem - it can't auth at all (but select is ok). Keys are correct - Chinese 'gen 3' card works great with same data and reader, so clones are accepted.
Here is the communication log, hope you can give us some hints where the problem can be:
Is is strange for me that we answer imidiatelly (+0 ms) after receiving data, is it ok?
00000 ms <+64264 ms>:BOOT (0 bytes) [ ]
00493 ms < +493 ms>:CODEC RX (1 bytes) [26 ]
00493 ms < +0 ms>:CODEC TX (2 bytes) [4400 ]
00494 ms < +1 ms>:CODEC RX (2 bytes) [9320 ]
00494 ms < +0 ms>:CODEC TX (5 bytes) [8804121987 ]
00504 ms < +10 ms>:CODEC RX (9 bytes) [9370880412198716f9 ]
00504 ms < +0 ms>:CODEC TX (3 bytes) [04da17 ]
00505 ms < +1 ms>:CODEC RX (2 bytes) [9520 ]
00505 ms < +0 ms>:CODEC TX (5 bytes) [c3cc980295 ]
00507 ms < +2 ms>:CODEC RX (9 bytes) [9570c3cc98029528c4 ]
00507 ms < +0 ms>:CODEC TX (3 bytes) [08b6dd ]
00570 ms < +63 ms>:CODEC RX (4 bytes) [6004d13d ]
00570 ms < +0 ms>:APP AUTH (2 bytes) [6004 ]
00570 ms < +0 ms>:CODEC TX (4 bytes) [2f112d05 ]
00639 ms < +69 ms>:CODEC RX (4 bytes) [500057cd ]
00639 ms < +0 ms>:APP AUTHING (4 bytes) [98063528 ]
00639 ms < +0 ms>:APP AUTH FAILED (4 bytes) [526dc608 ]
00636 ms <+65533 ms>:CODEC RX (1 bytes) [52 ]
00636 ms < +0 ms>:CODEC TX (2 bytes) [4400 ]
00742 ms < +106 ms>:CODEC RX (9 bytes) [9370880412198716f9 ]
00743 ms < +1 ms>:CODEC TX (3 bytes) [04da17 ]
00848 ms < +105 ms>:CODEC RX (9 bytes) [9570c3cc98029528c4 ]
00848 ms < +0 ms>:CODEC TX (3 bytes) [08b6dd ]
00853 ms < +5 ms>:CODEC RX (4 bytes) [6010746b ]
00853 ms < +0 ms>:APP AUTH (2 bytes) [6010 ]
00853 ms < +0 ms>:CODEC TX (4 bytes) [5f30d1c8 ]
00958 ms < +105 ms>:CODEC RX (4 bytes) [500057cd ]
00958 ms < +0 ms>:APP AUTHING (4 bytes) [f802de68 ]
00958 ms < +0 ms>:APP AUTH FAILED (4 bytes) [07ef5e7e ]
01019 ms < +61 ms>:CODEC RX (1 bytes) [52 ]
01019 ms < +0 ms>:CODEC TX (2 bytes) [4400 ]
01124 ms < +105 ms>:CODEC RX (9 bytes) [9370880412198716f9 ]
01124 ms < +0 ms>:CODEC TX (3 bytes) [04da17 ]
01183 ms < +59 ms>:CODEC RX (9 bytes) [9570c3cc98029528c4 ]
01183 ms < +0 ms>:CODEC TX (3 bytes) [08b6dd ]
01262 ms < +79 ms>:CODEC RX (4 bytes) [601c18a1 ]
01262 ms < +0 ms>:APP AUTH (2 bytes) [601c ]
01263 ms < +1 ms>:CODEC TX (4 bytes) [2acae548 ]
01273 ms < +10 ms>:CODEC RX (4 bytes) [500057cd ]
01273 ms < +0 ms>:APP AUTHING (4 bytes) [89509d6a ]
01273 ms < +0 ms>:APP AUTH FAILED (4 bytes) [aba241f3 ]
01398 ms < +125 ms>:CODEC RX (1 bytes) [52 ]
01398 ms < +0 ms>:CODEC TX (2 bytes) [4400 ]
01402 ms < +4 ms>:CODEC RX (9 bytes) [9370880412198716f9 ]
01402 ms < +0 ms>:CODEC TX (3 bytes) [04da17 ]
01534 ms < +132 ms>:CODEC RX (9 bytes) [9570c3cc98029528c4 ]
01534 ms < +0 ms>:CODEC TX (3 bytes) [08b6dd ]
01590 ms < +56 ms>:CODEC RX (4 bytes) [6020f75a ]
01590 ms < +0 ms>:APP AUTH (2 bytes) [6020 ]
01591 ms < +1 ms>:CODEC TX (4 bytes) [d5f3d9e4 ]
01712 ms < +121 ms>:CODEC RX (4 bytes) [500057cd ]
01712 ms < +0 ms>:APP AUTHING (4 bytes) [8902d428 ]
01712 ms < +0 ms>:APP AUTH FAILED (4 bytes) [cbea763a ]
01802 ms < +90 ms>:CODEC RX (1 bytes) [52 ]
01802 ms < +0 ms>:CODEC TX (2 bytes) [4400 ]
Here is proxmark comparison of read between card (first) and chameleon emulation (second):
Original card:
[usb] pm3 --> hf mf rdbl 0 a a0a1a2a3a4a5
--block no:0, key type:A, key:A0 A1 A2 A3 A4 A5
data: 04 67 2E FA 36 4B 80 08 44 00 12 01 11 00 04 16
[usb] pm3 --> hf list
[=] downloading tracelog from device
[+] Recorded activity (trace len = 244 bytes)
[=] Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
[=] ISO14443A - All times are in carrier periods (1/13.56MHz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52 | | WUPA
2116 | 4484 | Tag |44 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10564 | 16388 | Tag |88 04 67 2e c5 | |
18816 | 29344 | Rdr |93 70 88 04 67 2e c5 cf da | ok | SELECT_UID
30404 | 33924 | Tag |04 da 17 | |
35200 | 37664 | Rdr |95 20 | | ANTICOLL-2
38724 | 44612 | Tag |fa 36 4b 80 07 | |
46976 | 57440 | Rdr |95 70 fa 36 4b 80 07 94 82 | ok | SELECT_UID-2
58564 | 62084 | Tag |08 b6 dd | |
64128 | 68832 | Rdr |60 00 f5 7b | ok | AUTH-A(0)
73284 | 78020 | Tag |85 4e c7 d9 | |
87296 | 96608 | Rdr |f9 ee! d1 83 13! d0! f7! 69 | !crc|
97732 | 102404 | Tag |ef! 47! 15 f7! | |
108288 | 113056 | Rdr |d0 a9! 2d 05! | !crc|
115268 | 136068 | Tag |bc! 3a 3f 30 f4 f8! 0c ed! da! 3c! 23! f3 ea 05 72! b0! d5 88 | !crc|
149248 | 154016 | Rdr |8f 63! a4! 62 | !crc|
Emulation:
[usb] pm3 --> hf mf rdbl 0 a a0a1a2a3a4a5
--block no:0, key type:A, key:A0 A1 A2 A3 A4 A5
data: 04 67 2E FA 36 4B 80 08 44 00 12 01 11 00 04 16
[usb] pm3 --> hf list
[=] downloading tracelog from device
[+] Recorded activity (trace len = 244 bytes)
[=] Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
[=] ISO14443A - All times are in carrier periods (1/13.56MHz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52 | | WUPA
2116 | 4484 | Tag |44 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10564 | 16388 | Tag |88 04 67 2e c5 | |
18816 | 29344 | Rdr |93 70 88 04 67 2e c5 cf da | ok | SELECT_UID
30404 | 33924 | Tag |04 da 17 | |
35200 | 37664 | Rdr |95 20 | | ANTICOLL-2
38724 | 44612 | Tag |fa 36 4b 80 07 | |
46976 | 57440 | Rdr |95 70 fa 36 4b 80 07 94 82 | ok | SELECT_UID-2
58564 | 62084 | Tag |08 b6 dd | |
64128 | 68832 | Rdr |60 00 f5 7b | ok | AUTH-A(0)
78404 | 83076 | Tag |b9 b5 ba f0 | |
92416 | 101792 | Rdr |8a 73! 21! a6! e1 30! 32! 63! | !crc|
107204 | 111940 | Tag |10! d0! 0d! ce | |
117760 | 122464 | Rdr |88! dd! 4b! 18 | !crc|
132036 | 152900 | Tag |dd! 59 95 ea 2d! e2 50 f3 f1 77 8a 78! d9 91! bc c6 3b! 97 | !crc|
166016 | 170720 | Rdr |0a 78! c2! c8! | !crc|
overall difference is 16704 clocks. Is it critical or problem in crypto1 implementation?
]]>[moved]
]]>