Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-02-07 17:05:37

pnndra
Contributor
Registered: 2018-02-07
Posts: 5

xCF795x activation

Hi,
i am working on a RKE system using what i think is PCF7953. i sniffed the reader and can see that it is activated using an ASK modulated 125 KHz signal. i was wondering if there is any chance to have Proxmark replicate that activation. i am currently on version 3.0 and tried the various sim and read commands but as far as i undertstand sim commands are passive whereas read command does not seem to modulate amplitude.
is there any way i can do this or is there some development required?
thanks,

pnndra

Offline

#2 2018-02-07 20:13:05

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: xCF795x activation

you can look into the command:

lf cmdread

it is made to send a modulated sequence then listen for response.  it isn't perfect but it can be tweaked to fit many purposes.

Offline

#3 2018-02-07 21:40:42

pnndra
Contributor
Registered: 2018-02-07
Posts: 5

Re: xCF795x activation

Hi,
Thanks for the response. As I wrote I tried already lf cmdread but measuring with a scope I can see the carrier but it's not amplitude modulated and there seem to be no option for this... Am I missing something?
Thanks

Offline

#4 2018-02-07 22:02:07

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: xCF795x activation

LF ask passive modulation is basically just field on field off.

Offline

#5 2018-02-07 22:06:00

pnndra
Contributor
Registered: 2018-02-07
Posts: 5

Re: xCF795x activation

Yes, exactly. How to do it in a timed way?cmdread does not seem to do it and can't find a ready made command to do it. Is the only solution modifying code and recompile?
Thanks...

Offline

#6 2018-02-07 22:12:23

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: xCF795x activation

cmdread was designed for that.  but it is tricky to use and may not take enough input for some lengthy initialize cmds.

lf cmdread <delay period (off period between bits)> <length on period of 0s> <length on period of 1s> <periods to run: binary string (0s and 1s)>

i can't remember the periods but i believe it to be  US microseconds.

Offline

#7 2018-02-07 22:14:56

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: xCF795x activation

btw 0's = on for 0 period then off delay
and 1's = on for 1 period then off delay.

so on 30 ticks, off 20 (delay), on 60 ticks, off 20, on 60 ticks, off 20 ticks, on 30 ticks, off 20 ticks.

lf cmdread 20 30 60 0110

Offline

#8 2018-02-07 22:20:25

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: xCF795x activation

sometimes you need a delay to power the tag up before sending...  ( at least i think that was what the delay was for... it has been a while...)

EDIT: delay is not for powering up, but rather it is the off periods between  1 and 0 on bits.

Offline

#9 2018-02-08 00:09:38

pnndra
Contributor
Registered: 2018-02-07
Posts: 5

Re: xCF795x activation

Ok thanks. Now I see my issue... I was inputting bed data, not binary. I'll give it a go tomorrow.

Offline

#10 2018-02-08 21:51:00

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: xCF795x activation

i was incorrect with the information i provided before.  (bad memory).  i have corrected the descriptions above...

Offline

#11 2018-02-10 06:09:07

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: xCF795x activation

In my fork there is a new preliminary bitbang option for lf cmdread that allows you to turn on and off the lf antenna at will (with binary cmd input..) before collecting a response.  Once it is pretty I'll get it merged to master. (Edit: it is merged now.)

with it you can:

lf cmdread d 0 z 32 o 32 c 0000000011111111111110000011111000001111100000111110000011111000001111100000

Off 256us, on 416us, off 160us, on 160us, off 160us, on 160us, off 160us, on 160us, off 160us, on 160us, off 160us, on 160us, off 160us.
(t55x7 read block 0 cmd, or close enough...)

Offline

#12 2018-02-11 14:02:56

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: xCF795x activation

+1

Offline

Board footer

Powered by FluxBB