Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2016-02-20 12:50:25

rrookie
Member
Registered: 2012-12-01
Posts: 8

lf cmdread - switching from write to read too slow ?

Trying to analyze an unknown tag I snooped the communication between a real reader and the tag, which gives.
1455968360_snoop_unknown.jpg

Running lf cmdread wakes up the tag using the snooped sequence as predicted, but the response is missing a couple of samples.
1455968584_cmdread_unknown.jpg
Settings for lf cmdread were:

#db# LF Sampling config:                  
#db#   [q] divisor:           95                  
#db#   [b] bps:               8                  
#db#   [d] decimation:        1                  
#db#   [a] averaging:         1                  
#db#   [t] trigger threshold: 0

I also had a DSO running tracing the signal, when running lf cmdread. The scope shows the same trace as the lf snoop.

Offline

#2 2016-02-20 14:40:57

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: lf cmdread - switching from write to read too slow ?

what parameters did you use in cmdread, you showed lf read config settings not cmdread settings.  did you use a delay?

Offline

#3 2016-02-20 15:03:24

rrookie
Member
Registered: 2012-12-01
Posts: 8

Re: lf cmdread - switching from write to read too slow ?

lf cmdread d 80 z 100 o 200 c 00110

But d (which is 'delay_off' in the code) also influences the mod, as far as I undersatand. If I change d more than 10 the wakeup sequence will not work any more.

  // now modulate the reader field
  while(*command != '\0' && *command != ' ') {
    FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
    LED_D_OFF();
    SpinDelayUs(delay_off);
    FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);

    FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);
    LED_D_ON();
    if(*(command++) == '0')
      SpinDelayUs(period_0);
    else
      SpinDelayUs(period_1);
  }
  FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
  LED_D_OFF();
  SpinDelayUs(delay_off);
  FpgaSendCommand(FPGA_CMD_SET_DIVISOR, sc.divisor);

  FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_ADC | FPGA_LF_ADC_READER_FIELD);

I also changed the pm3 code, setting a smaller value, like 'SpinDelayUs(20)' after the while loop. But then also, the tag will not respond any more.

Offline

#4 2016-02-20 15:22:58

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: lf cmdread - switching from write to read too slow ?

line 127 of lfsampling.c is probably not helping...   the buffer should be cleared outside of time sensitive routines. comment that line and see how much it helps.

Offline

#5 2016-02-20 15:43:05

rrookie
Member
Registered: 2012-12-01
Posts: 8

Re: lf cmdread - switching from write to read too slow ?

GREAT!!! That was the problem. Thanks a lot marshmellow .
After two days of fiddling around with the code and not having any clue what the timing problem is this is really helpfull.

BTW, any idea what this tag/encoding could be ? But I guess I should open a new post for this.

Offline

#6 2016-02-20 15:44:32

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: lf cmdread - switching from write to read too slow ?

I am not sure.  are there any markings on it or on the reader that may help us lookup datasheets?

Offline

#7 2016-02-20 15:45:40

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: lf cmdread - switching from write to read too slow ?

I will adjust the code to make a permanent fix.  thanks for identifying the bug!

Offline

Board footer

Powered by FluxBB