Topic: No security in Tag-IT
Tag-IT got no security in it. This is a non secured chip with some options to lock write after personalisation
Secured chip from TI-RFID is name SpeedPass and has already been broken by students 2 or 3 years ago.
Re: No security in Tag-IT
afiak tag-it uses the iso15k standard - is there a way to modify the hi15reader-command so it also reads all the memory banks in the tag-it transponder?
Re: No security in Tag-IT
During my stay in Berlin for 26c3, the Hotel I was staying at was using a RFID card I couldn't identify using the proxmark. So I brought one back home to identify it. And it was a tag-it one (see http://www.dropbox.com/gallery/4064278/ … 9?h=ae1eb6). So, needless to say, it's my next target (after I complete the code cleaning I'm currently doing) 
Last edited by iZsh (2010-02-03 02:27:07)
Re: No security in Tag-IT
I took a look at the Tag-it reference manual. It indeed seems to be using the ISO15693 standard, but with a dual subcarrier. From what I can see in the current proxmark's code, it's only supporting single subcarrier.
Not being a signal processing guy I'm not sure what need to be done to support dual subcarrier. I'll first need to learn some signal processing background I guess.
- henryk
- Member
- Offline
Re: No security in Tag-IT
IIRC the dual subcarrier should gracefully degrade to single subcarrier on the receiver side, if you correctly filter out the single subcarrier that you support. (It's been some time since I looked into 15693, so I might be wrong.)
Re: No security in Tag-IT
Actually I take it back. The frames are not the same than ISO15693.
Re: No security in Tag-IT
here http://www.proxmark.org/forum/post/2883/#p2883 I modified the iso15k reader-command to access and print the memory pages. I'll will report back as soon as I know if they work on TagIT transponders.