Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2011-12-17 19:47:35

hani
Member
Registered: 2011-07-07
Posts: 4

rfkit: analysing and cloning proximity cards

I've made a small library while tinkering with some proximity cards. These tools allow you to easily clone any proximity card using Q5 chips. As a bonus, it also produces png images of the wave forms if you are interested in really understanding how it's encoded. The tool is written in python.

https://github.com/hanimustafa/rfkit/

Offline

#2 2011-12-18 15:13:34

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: rfkit: analysing and cloning proximity cards

The cloning feature for 125kHz tags has already been made available by Cex and is quite nice. His code included the OSI code for the PM3. I don't see how your Python script will work. You need to let us know if this script work with the current r498. Also, what client drivers is the Python script supposed to work with?

Offline

#3 2011-12-18 15:23:56

hani
Member
Registered: 2011-07-07
Posts: 4

Re: rfkit: analysing and cloning proximity cards

By clone, do you mean making the pm3 pretend it's a card? Not very practical walking around with a proxmark all the time.

The python scripts will analyse .pm3 files offline, and that's the only way it interacts with the proxmark3. But it will also allow you to clone it using a Q5 card. I've cloned my card in a small Q5 chip and have it in my ring, now I walk around like batman.

Offline

#4 2011-12-19 01:30:54

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: rfkit: analysing and cloning proximity cards

By clone, I did not mean emulate or simulate. I mean't you can program T5567 cards. I have programmed several.

You still did not answer the question about your driver or PM3 OSI code. Your Python script is easy to follow, but I fail to see how writing commands to the PM3 will allow you to program a Q5. I don't think there are any commands that will allow you to do this unless you have Cex's OSI code.

Please elaborate........I'm curious.

Offline

#5 2011-12-19 01:50:01

hani
Member
Registered: 2011-07-07
Posts: 4

Re: rfkit: analysing and cloning proximity cards

It will spit out some commands that you can use directly on an AGC writer. You can most probably do that on a proxmark3. The only command I used was the write command: W01ffffffff means write ffffffff to block 0.

Should be straightforward to add it to the OSI code, but I went for python first to visualize the wave forms on Linux. (p.s they're also annotated to show f/8, f/10 and start of frames)

Offline

#6 2011-12-19 14:56:08

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: rfkit: analysing and cloning proximity cards

hani wrote:

It will spit out some commands that you can use directly on an AGC writer. You can most probably do that on a proxmark3. The only command I used was the write command: W01ffffffff means write ffffffff to block 0.

Should be straightforward to add it to the OSI code, but I went for python first to visualize the wave forms on Linux. (p.s they're also annotated to show f/8, f/10 and start of frames)

What is AGC writer? I am sure that those commands wont work with the PM3. For the PM3 to accept those commands, you would need to write some OSI code, compile, then flash the PM3.

Offline

#7 2011-12-20 20:51:30

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: rfkit: analysing and cloning proximity cards

Bugman1400 wrote:
hani wrote:

It will spit out some commands that you can use directly on an AGC writer. You can most probably do that on a proxmark3. The only command I used was the write command: W01ffffffff means write ffffffff to block 0.

Should be straightforward to add it to the OSI code, but I went for python first to visualize the wave forms on Linux. (p.s they're also annotated to show f/8, f/10 and start of frames)

What is AGC writer? I am sure that those commands wont work with the PM3. For the PM3 to accept those commands, you would need to write some OSI code, compile, then flash the PM3.

I think he means ACG R/W ... You can buy it here http://www.rfidiot.org/   or make it yourself wink

in the link below the explanation of the protocol:
http://www.rfid-webshop.com/shop/download/Reader/LF%20125_134.2%20kHz/ACG/TAGnology_UserManual_LF_MultiTag_RW_Module.pdf

page 49 for explanation of the Write block command

Offline

#8 2011-12-21 15:19:41

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: rfkit: analysing and cloning proximity cards

More than likely, you will need to buy the device with the software and drivers. Building one yourself would not be prudent and you would not have the firmware, the drivers, or the software. Regardless, none of it will work with the PM3. Furthermore, you cannot take the firmware from the ACG and use it on the PM3.......it is different hardware. Therefore, the drivers won't work either. Therefore, the software won't work either. Get the picture?

Offline

#9 2011-12-21 18:56:30

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: rfkit: analysing and cloning proximity cards

Bugman1400 wrote:

More than likely, you will need to buy the device with the software and drivers. Building one yourself would not be prudent and you would not have the firmware, the drivers, or the software. Regardless, none of it will work with the PM3. Furthermore, you cannot take the firmware from the ACG and use it on the PM3.......it is different hardware. Therefore, the drivers won't work either. Therefore, the software won't work either. Get the picture?

img0934kr.th.jpg

it is obviously not compatible with PM3.
Requires no SW, just a serial terminal.
tongue

Offline

Board footer

Powered by FluxBB