Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-10-31 02:44:26

minivan
Contributor
Registered: 2018-08-30
Posts: 6

Project Trying to Learn - Chinese reader Snooping

So... I'm attempting to increase my skills with the Proxmark.  Before ordering, I was cloning using a chinese multifrequency reader.  I've been trying to snoop and see if I can get the password that is set by the chinese reader with no luck.  I have adjusted my LF config to the specs below and attached a trace from the reader.  I'm looking for some help here... I set the LF config settings, snooped the programming process, brought up my samples on the trace, and then.... I get lost.  Looking for any advice or hints of where to go from here.

Trace Located At:
https://drive.google.com/open?id=1pbD5g … IHcdBOM-7r

Settings:
zY6qMRonOnSnwbLkPiZCl-ArjkOOLxlUvpgzQRHuPT84QtNzkFd6JJsRvNtHz-T-saoziCo9WT0EEXG0phPG=w1920-h983
https://drive.google.com/open?id=1EeZ5H … YE7dw76LTJ

HW Tune:
Ql-xOVWk-LTVBMJNNpD3d2hGDMHRYQSiaGUBCt83TGTbh8jSqs8roOdrGUEydPgwsl_Cxtpeqkj-uKpxuBSg=w1920-h983
https://drive.google.com/open?id=1pycYE … ocAS_ph5Gd


Didn't really know where else to post up some of the data so GDrive it is.  Do I take the samples, trim them up and try to decode?  Do I need to adjust settings on the "lf configure" to get something better?  Any help would be appreciated!

Last edited by minivan (2018-10-31 02:46:07)

Offline

#2 2018-10-31 19:40:45

anybody
Contributor
Registered: 2016-12-20
Posts: 36

Re: Project Trying to Learn - Chinese reader Snooping

write commands
blk1: 44 B4 4C AE (pwd) - FF 80 00 00 (data)
blk2: 44 B4 4C AE (pwd) - 00 60 1A 52 (data) (EM4100: 00 00 00 30 39)
blk7: 44 B4 4C AE (pwd) - 00 01 2B 2B (data (new pwd))
blk1: ...
blk2: ...
blk7: ...

Last edited by anybody (2018-11-01 06:31:44)

Offline

#3 2018-10-31 21:35:51

minivan
Contributor
Registered: 2018-08-30
Posts: 6

Re: Project Trying to Learn - Chinese reader Snooping

Do you mind helping out on how you came up with that?  Looks like this device programs with multiple passwords... I'm looking to see if I can possibly find a pattern or algorithm.  Card I programmed with it does not work with that password.  I'm guessing it's alternating.  Thank You!

Last edited by minivan (2018-10-31 21:38:25)

Offline

#4 2018-11-01 06:29:39

anybody
Contributor
Registered: 2016-12-20
Posts: 36

Re: Project Trying to Learn - Chinese reader Snooping

I do not see the configuration block in your trace.
Can you attach another trace from your Chinese reader, for comparison?

Offline

#5 2018-11-01 13:01:50

minivan
Contributor
Registered: 2018-08-30
Posts: 6

Re: Project Trying to Learn - Chinese reader Snooping

I can attempt when getting home.  So, the writer writes for a good bit of time (lets roughly say 8 seconds).  The snoop command seems to grab the first half'ish if the programming.  This could be why I'm not getting it, but I'll give it another shot.

Offline

#6 2018-12-10 22:43:37

minivan
Contributor
Registered: 2018-08-30
Posts: 6

Re: Project Trying to Learn - Chinese reader Snooping

I'm attempting to get some of the information you were able to extract from that... All I'm getting is random bits or errors.  The only think I can rawdemod is FSK?  What other work do I need to put in?

Offline

Board footer

Powered by FluxBB