Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2016-09-16 22:11:24

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

bad detection performance of Desfire cards

dear all,

I'm new wit the proxmark3 and have a question regarding reading Desfire cards.
With my Electrohouse Easy I can read Mifare tags quite good. almost every "hf 14a reader" commands reads out card information....

UID : 24 xx xx 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to chinese magic backdoor commands: YES

I tried different Mifare tags and it works relatively good.

Unfortunaty with Desfire cards, detection is only one out of 20-30 tries. sad It seems that different cards and distance to the reader has no influence.

hw tune says the following:

Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)         
.....         
# LF antenna: 28.74 V @   125.00 kHz         
# LF antenna: 33.41 V @   134.00 kHz         
# LF optimal: 37.12 V @   130.43 kHz         
# HF antenna: 28.86 V @    13.56 MHz         
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.


I checked different repros and the original proxmark3 github repro recognizes the Desfire card better then icemans fork.

I there a way that I can improve the stability of detection?

thanks a lot.

Bob

Last edited by spaceteddy (2016-09-16 22:12:00)

Offline

#2 2016-09-18 17:52:11

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

Did you try the  "hf mfdes info"  command in my fork?


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#3 2016-09-20 19:18:53

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

Hi iceman,

thanks a lot for your feedback.

Well, yes I tried this command, but unfortunately the same behaviour. It seems that all commands have an issue with these cards, even if I use hf 14a raw commands.
Proxmark3 HW should be ok, because in sniffer or stand alone mode, the cards are recognized immediately.
i checked the cards with my PN532 reader as well and no issue at all.
So, if there are any settings, or timings I can change, i would be very happy.

thanks a lot

Bob

Offline

#4 2016-09-20 19:39:56

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

How is your antenna voltage?
and have you tried different distances between tag and antenna?  Sweetspot normally 1-2.5cm


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#5 2016-09-21 06:52:42

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

Yes, Antenna voltage is:
Measuring antenna characteristics, please wait...#db# DownloadFPGA(len: 42096)         
.....         
# LF antenna: 28.74 V @   125.00 kHz         
# LF antenna: 33.41 V @   134.00 kHz         
# LF optimal: 37.12 V @   130.43 kHz         
# HF antenna: 28.86 V @    13.56 MHz         
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.


I tied also different distances and different materials under the reader. Wooden table , air, etc. all behaves the same.

I can improve the detection if i put an Mifare Classic card first, and then immideatly after that the desfire card. But this helps only in 30%

,
Chris

Offline

#6 2016-09-21 07:02:35

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

Your HF voltage looks good, 

sometime you need to hold the tag in an angle over the antenna.  How big is the tags that you are trying to read?
A picture of your setup? 

Hm, in sniffer or standalone mode it works,  you could set the debug level to 4,  with "hf mf dbg 4"   and see more detail during the "hf 14a reader" commands


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#7 2016-09-21 20:39:05

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

seems to be an timeout...

pm3 --> hf mf dbg 4
#db# Debug level: 4         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
iso14443a card select failed         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
iso14443a card select failed

Offline

#8 2016-09-21 20:42:29

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

Looks like you don't have a good tag positioning over your antenna...


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#9 2016-09-22 17:54:04

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

mhhh,

but why only by mifire desfire cards?

classic cards work fine:

pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 -->


is there a more advanced debug mode that shows me more bytes during try to read the card?

Offline

#10 2016-09-22 18:16:58

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

Can you post the output for

hf mf dbg 4
hf mf 14a read
hf list 14a            --> this
hf mfdes infor
hf list 14a           --> this

If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#11 2016-09-22 19:06:37

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

--------------------------------- desfire -----------------------------------------------------
pm3 --> hf mf dbg 4
#db# Debug level: 4         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
iso14443a card select failed         
pm3 --> hf list 14a
Recorded Activity (TraceLen = 10 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr |52                                                               |     | WUPA         
pm3 --> hf mfdes info
#db# ISO14443A Timeout set to 1060 (10ms)         
#db# Can't select card         
Command unsuccessful         
pm3 --> hf list 14a
Recorded Activity (TraceLen = 22 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr |52                                                               |     | WUPA         
     158208 |     161760 | Rdr |c2  e0  b4                                                       |  ok | RESTORE(224)         
pm3 -->


-----------------------------------classic -------------------------------------
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 --> hf list 14a
Recorded Activity (TraceLen = 153 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr |52                                                               |     | WUPA         
       2244 |       4612 | Tag |04  00                                                           |     |           
       7040 |       9504 | Rdr |93  20                                                           |     | ANTICOLL         
      10692 |      16516 | Tag |14  d9  f7  06  3c                                               |     |           
      18944 |      29408 | Rdr |93  70  14  d9  f7  06  3c  d9  ee                               |  ok | SELECT_UID         
      30644 |      34164 | Tag |08  b6  dd                                                       |     |           
     465024 |     469792 | Rdr |e0  80  31  73                                                   |  ok | RATS         
     470980 |     471620 | Tag |04                                                               |     |           
     971008 |     972000 | Rdr |40                                                               |     | MAGIC WUPC1         
     973508 |     974084 | Tag |0a!                                                              |     |           
     978048 |     979360 | Rdr |43                                                               |     | MAGIC WUPC2         
     980548 |     981124 | Tag |0a!                                                              |     |           
     985088 |     989856 | Rdr |50  00  57  cd                                                   |  ok | HALT         
pm3 --> hf mfdes info
#db# ISO14443A Timeout set to 1060 (10ms)         
#db# [WCMD <--: :0/5] 0a 00 60 68 b5 00 00 00         
#db# fukked         
Command unsuccessful         
pm3 --> hf list 14a
Recorded Activity (TraceLen = 103 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr |52                                                               |     | WUPA         
       2228 |       4596 | Tag |04  00                                                           |     |           
       7040 |       9504 | Rdr |93  20                                                           |     | ANTICOLL         
      10692 |      16516 | Tag |14  d9  f7  06  3c                                               |     |           
      18944 |      29408 | Rdr |93  70  14  d9  f7  06  3c  d9  ee                               |  ok | SELECT_UID         
      30660 |      34180 | Tag |08  b6  dd                                                       |     |           
      49920 |      55840 | Rdr |0a  00  60  68  b5                                               |  ok |           
     212608 |     216160 | Rdr |c2  e0  b4                                                       |  ok | RESTORE(224)         
pm3 -->


-------------------------------------------------------------------------------------
in the seldom case that a Desfire card can be read:
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 1060 (10ms)         
#db# ISO14443A Timeout set to 131072 (1236ms)         
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf list 14a
Recorded Activity (TraceLen = 152 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr |52                                                               |     | WUPA         
       2244 |       4612 | Tag |04  00                                                           |     |           
       7040 |       9504 | Rdr |93  20                                                           |     | ANTICOLL         
      10692 |      16516 | Tag |d0  1d  8c  8e  cf                                               |     |           
      18944 |      29472 | Rdr |93  70  d0  1d  8c  8e  cf  ed  ef                               |  ok | SELECT_UID         
      30660 |      34244 | Tag |20  fc  70                                                       |     |           
      35840 |      40608 | Rdr |e0  80  31  73                                                   |  ok | RATS         
      41796 |      62660 | Tag |10  78  b3  c0  02  00  31  c0  64  77  e3  03  00  82  90  00   |     |           
            |            |     |d6  4c                                                           |  ok |           
     511744 |     512736 | Rdr |40                                                               |     | MAGIC WUPC1         
   17291136 |   17292448 | Rdr |43                                                               |     | MAGIC WUPC2         
   34071296 |   34076064 | Rdr |50  00  57  cd                                                   |  ok | HALT         
pm3 -->

Last edited by spaceteddy (2016-09-22 19:10:47)

Offline

#12 2016-09-23 06:56:02

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: bad detection performance of Desfire cards

Are your DESFire cards different in size compared to the Mifare Classic cards?

Did you try several DESFire cards or only one?

Offline

#13 2016-09-23 09:37:04

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

Hi,
Most of my desfire cars have the same size and antenna structure like the classic cards.
I tried also an desfire with small form factor, but I see no differences.

Also distance to tag, angle of tag has no influence.

I 'm really wondering, because sniffing hf 14a sniff or detection in standalone mode
Works really good in a distance of around 5 or more cm

Regards,

Bob

Offline

#14 2016-09-23 17:53:12

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

I can now confirm that @OP is indeed right,  in my fork the desfire works, well sometimes...

if you add the  "hf mf dbg 3"  it works all the times. So its a timing issue.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#15 2016-09-23 20:32:43

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

OP, 
I've push some changes to my fork,  if you could try them out and see if the "hf mfdes info" commands and desfire detection in general works better now I'd be grateful.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#16 2016-09-23 21:13:56

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

Hi iceman,

thanks for your effort and willingness to improve my situation.
I updated your fork but unfortunatly there is no improvement sad

Now, I try to downgrade my reader to an really old version. maybe it works better.

---------------------------classic---------------------------
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
UID : 14 D9 F7 06           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): YES         



---------------------desfire------------------------------------

pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
iso14443a card select failed         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
iso14443a card select failed         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
iso14443a card select failed         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
iso14443a card select failed         
pm3 --> hf 14a reader
#db# ISO14443A Timeout set to 2120 (20ms)         
iso14443a card select failed         
pm3 -->

Offline

#17 2016-09-23 21:39:10

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

Now thats odd,  mine worked better with these changes.  recompiled/flashed and the same client from build?

hf mf dbg 2
hf mfdes info

You still need a distance between antenna and tag.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#18 2016-09-23 22:03:02

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

hi,

yes, I do always a make clean all.
tomorrow I will complete reinstall the Proxmark3 easy. and I will do some tried w/o attached LF antenna.

sad
pm3 --> hf search
         

no known/supported 13.56 MHz tags found
         
pm3 --> hf mf dbg 2
#db# Debug level: 2         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 --> hf mfdes info
#db# Can't select card         
Command unsuccessful         
pm3 -->
pm3 --> hf list 14a
Recorded Activity (TraceLen = 35 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr |52                                                               |     | WUPA         
     292608 |     296160 | Rdr |c2  e0  b4                                                       |  ok | RESTORE(224)         
     299648 |     304416 | Rdr |50  00  57  cd                                                   |  ok | HALT

Offline

#19 2016-09-23 22:12:01

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

ok,
do you have a mifare classic 1k/4k tag around? 
Put that one on the antenna and try the "hf 14a read".  When it works,  swap over to your desfire tag and try again


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#20 2016-09-23 22:28:09

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

I think one of my earlier changes removed a  "spindelay(20)" call, needed in the setup function. 
The fix is pushed to my fork,  sorry for making you test it again.  But this one should fix it good.


A 14a  tag needs 5ms of powering up before entering "idle" state where it starts to listen.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#21 2016-09-24 07:10:20

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

Dear Iceman,

thanks a lot for your investigation.

as described in my first posting, it is really a differece if I read a classic card first and then a desfire card.
I tried your last update and can verify that.
This unfortunately works reproducible with one of my cards only.

see below:

-------------------------------snip------------------------------------
pm3 --> hf 14a reader
UID : EC C8 3E 4A           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 05         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a list
Recorded Activity (TraceLen = 152 bytes)         
         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
         
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|         
          0 |        992 | Rdr |52                                                               |     | WUPA         
       2244 |       4612 | Tag |05! 00                                                           |     |           
       7040 |       9504 | Rdr |93  20                                                           |     | ANTICOLL         
      10692 |      16516 | Tag |d0  1d  8c  8e  cf                                               |     |           
      18944 |      29472 | Rdr |93  70  d0  1d  8c  8e  cf  ed  ef                               |  ok | SELECT_UID         
      30660 |      34244 | Tag |20  fc  70                                                       |     |           
      35840 |      40608 | Rdr |e0  80  31  73                                                   |  ok | RATS         
      41796 |      62660 | Tag |10  78  b3  c0  02  00  31  c0  64  77  e3  03  00  82  90  00   |     |           
            |            |     |d6  4c                                                           |  ok |           
     563072 |     564064 | Rdr |40                                                               |     | MAGIC WUPC1         
   17342464 |   17343776 | Rdr |43                                                               |     | MAGIC WUPC2         
   34122624 |   34127392 | Rdr |50  00  57  cd                                                   |  ok | HALT         
pm3 --> hf 14a reader
UID : EC C8 3E 4A           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
UID : EC C8 3E 4A           
ATQA : 00 04         
SAK : 08 [2]         
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1         
proprietary non iso14443-4 card found, RATS not supported         
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 -->
-------------------------------snap--------------------------------------------------------------


with this desfire card, I tried to read the card several times in a row.
Interesting is, that the card could be red only every second attempt!?!?!?!


-------------------------------log--------------------------------------
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
iso14443a card select failed         
pm3 --> hf 14a reader
iso14443a card select failed         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
iso14443a card select failed         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
iso14443a card select failed         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
iso14443a card select failed         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 07 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 07 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
iso14443a card select failed         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 --> hf 14a reader
iso14443a card select failed         
pm3 --> hf 14a reader
UID : D0 1D 8C 8E           
ATQA : 00 04         
SAK : 20 [1]         
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41         
ATS : 10 78 B3 C0 02 00 31 C0 64 77 E3 03 00 82 90 00 D6 4C           
       -  TL : length is 16 bytes         
       -  T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)         
       - TA1 : different divisors are NOT supported, DR: [2, 4], DS: [2, 4]         
       - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 12 (FWT = 16777216/fc)         
       - TC1 : NAD is NOT supported, CID is supported         
       -  HB : 00 31 C0 64 77 E3 03 00 82 90 00           
Answers to magic commands (GEN1): NO         
pm3 -->
----------------------------------------------log-----------------------------------------------------

with an other card behaviour is different and can not read at all sad

very srtange

Bob.

Offline

#22 2016-09-24 08:12:09

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

So there has been a difference in failure rate with these changes?


You can test in my fork to change the following value..
In iso14443a.c  function iso14443a_setup()  row 2005
Try to increase the  spindelay(20)  call  with   40, 60 , 80, 100

You need compile/flash between every change.
and let me know if and which value fixes your problem

thanks,


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#23 2016-09-24 08:34:33

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

hi iceman,

when are you sleeping ????

smile

well, I changed the spindelay already with different values, but there was no success.

BUT, it seems that the hw tune command with the HF voltage made me confuse and put me on the wrong track. I assumed that the antenna must be good because sniffing, classic card, ect works fine.
I disassembled the proxmark easy and pressed the card w/o any air gap direct on the antenna. If I do this in this way, read a desfire card is very stable.
It is not nice, but acceptable now. seems that electrohouse has designed a bad HF antenna, or there is something wring with my PCB.

anyhow, I really appreciate that you have investest a lot of time to improve my situation, but I guess you've found also some bugs smile

I sent you a small Paypal donation for your effort. smile

Bob

Offline

#24 2016-09-24 08:54:00

iceman
Administrator
Registered: 2013-04-25
Posts: 6,654
Website

Re: bad detection performance of Desfire cards

Thanks for the dontation Bro!

And yeah, I got to fix some problems that I introduced myself when changing stuff.  At least it works again smile
Regarding the ElechouseEasy,  you are not the first to have problems with the builtin- HF antenna.  Another user told me aswell,  s/he also put the tag direct to the antenna to get good reads.  The thing is that the voltage 28v is very good , but somehow the signal received into the adc and fpga is not so good anymore.  I think you should send a mail to Mr Shen @ Elechouse and ask about this.  Maybe they find a solution for it in the fpga code etc.

the spindelay call gives time for the antenna to power up and with that also powers up the tag. So longer wait higher chance of the tag is fully powered when queried.

And yeah, just woke up. Kids in the house you know.


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#25 2016-09-24 09:31:39

spaceteddy
Contributor
Registered: 2016-09-10
Posts: 17

Re: bad detection performance of Desfire cards

oh well,
thanks lot for this information iceman.
I'm going to try to get in touch with Mr. Shen to try to find a way to make the performance better. But good to know that I'm not the only person with problem with the build in antenna .)

sun is shining outside, i'll forget about the NFC stuff for a while. Use my donation to enjoy a cold beer.

sers,

Offline

Board footer

Powered by FluxBB