Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
I've got a card with unknown encoding that appears to be LF, based on hw tune results (reference info at bottom).
Markings on the card are a faded brand name, "DKS" (I believe this to be DoorKing, with an unknown model), and a possible serial / ID number, "050-180-38613" (I've replaced spaces with hyphens for clarity).
I'm using the PM3 with software v2.2.0 on Lubuntu Linux.
'LF Search' doesn't recognize the tag by default, and 'LF search u' says it appears to be a PSK1, or a possible PSK2 / PSK3.
I ran an 'Indalamod' which seemed to fail, then I did a 'data rawdemod p2' against it, and it gives a recurring pattern:
=========================================
= Attempted PSK2 demod: =
=========================================
proxmark3> data rawdemod p2
Using Clock:32, invert:0, Bits Found:937
PSK2 demoded bitstream:
1111011111110101
0011101101111001
1001111110011011
1001000110111111
...repeats the above 4 sequence over and over...
I don't recognize the above pattern?
I hope to decode, and generate a backup clone of the thick card, to a more durable T5577 keyring FOB.
Below, I've included initial steps / results.
Would appreciate any help. :-)
-Kieth
_______________________________________________________________
Reference info (preliminary checks performed):
======================================================
= HW Tune results =
======================================================
proxmark3> hw tune
Measuring antenna characteristics, please wait........
# LF antenna: 11.41 V @ 125.00 kHz
# LF antenna: 14.85 V @ 134.00 kHz
# LF optimal: 14.85 V @ 133.33 kHz
# HF antenna: 0.18 V @ 13.56 MHz
# Your HF antenna is unusable.
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
________________________________________
*** With the unknown Card in place on LF antenna
________________________________________
proxmark3> hw tune
Measuring antenna characteristics, please wait.........
# LF antenna: 5.91 V @ 125.00 kHz
# LF antenna: 6.05 V @ 134.00 kHz
# LF optimal: 7.70 V @ 173.91 kHz
# HF antenna: 0.18 V @ 13.56 MHz
# Your LF antenna is marginal.
# Your HF antenna is unusable.
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
======================================================
= LF Search results =
======================================================
proxmark3> lf search u
Reading 30000 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
No Known Tags Found!
Checking for Unknown tags:
Possible Auto Correlation of 2048 repeating samples
Using Clock:32, invert:0, Bits Found:937
PSK1 demoded bitstream:
0011110110101010
1011010101001100
0101101101011101
1101010111011010
0011110110101010
1011010101001100
0101101101011101
1101010111011010
0011110110101010
1011010101001100
0101101101011101
1101010111011010
0011110110101010
1011010101001100
0101101101011101
1101010111011010
0011110110101010
1011010101001100
0101101101011101
1101010111011010
0011110110101010
1011010101001100
0101101101011101
1101010111011010
0011110110101010
1011010101001100
0101101101011101
1101010111011010
0011110110101010
1011010101001100
0101101101011101
1101010111011010
Possible unknown PSK1 Modulated Tag Found above!
Could also be PSK2 - try 'data rawdemod p2'
Could also be PSK3 - [currently not supported]
Could also be NRZ - try 'data nrzrawdemod
proxmark3>
======================================================
= Indalademod results =
======================================================
proxmark3> lf indalademod
Recovered 937 raw bits, expected: 937
worst metric (0=best..7=worst): 5 at pos 10
nothing to wait for
proxmark3>
Offline
just to confirm it is psk can you either save and post a link to a trace file - data save filename.pm3 (after reading the tag {lf search or lf read - data samples})
or post a screenshot of the data plot window. (trace file is better.)
i don't quickly see a pattern that yields the printed id number in the psk demods
Offline
I've run a Trace (better), and uploaded:
http://s000.tinyupload.com/?file_id=56255754087195615904
Will try more tests against the data locally, but I'm pretty much over my current abilities on this one.
I very much appreciate your taking time to reply.
Offline
I re-read, and discovered a typo in my first posting.
I wrote:
"possible serial / ID number, "050-180-38613" (I've replaced spaces with hyphens for clarity)."
Corrected:
The correct printed ID number is: "050-188-38613" (note the incorrect 180 was corrected to 188).
I suspect I misread it in low light. My apologies.
Offline
try command:
data printdemodbuffer x
Could you provide the output of this command?
Offline
it definitely is psk. it does appear your demod inverted the output compared to the most recent code. i do not find exactly your card number in the bits but it certainly looks like it could be there just scrambled a little. more cards would be needed to identify which bits correspond to the card number/FC for sure.
what are you looking to do?
btw, for PSK1 - data printd x = C2554AB3A4A22A25
Offline
Hi Marshmallow, I hope to decode, and generate a backup clone of the thick card, to a more durable T5577 keyring FOB.
Good to confirm it is PSK1. I'll drop efforts in other directions.
Not sure on next steps, but will research for any known PSK1 types, and run the above command sent by hkplus.
Thank you for your help in confirming is PSK1.
Offline
try command:
data printdemodbuffer x
Could you provide the output of this command?
I tried this command after a 'lf read' command. There was no response.
I cleared buffers, did an 'lf read', then a 'data sample', then 'data printdemodbuffer x'. Again, there was no response.
Thank you for your feedback.
Offline
Pages: 1