Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2011-08-29 01:54:41

tjhowse
Contributor
Registered: 2011-08-05
Posts: 24

Stand-alone indalademod?

I'm considering writing something similar to SamyRun() that can read and simulate indala cards without a PC attached, instead of HID. However I noted that CmdIndalaDemod(const char *Cmd) is implemented in the client rather than on the ARM. Is there a good reason this hasn't been done before? Is the indala demodulation particularly resource-hungry?

Offline

#2 2011-09-07 01:06:34

tjhowse
Contributor
Registered: 2011-08-05
Posts: 24

Re: Stand-alone indalademod?

I ended up writing a python script that loads the proxmark3 executable and feeds it commands to automate the process of grabbing an indala card, demodulating it and simulating it. It's very quick and dirty, and will probably only work under windows, with build 486, and even then only most of the time. I don't have a huge amount of time to properly robustify it, but hopefully someone will find it useful.

You start the script and it starts scanning for any card that enters the field. Once it picks something up, it grabs some samples, demodulates and starts simulating the card. Anything that resonates with the LF antenna will trigger the sample/demodulate/sim process, so try to keep it away from metal or other tags. If I have time I'll fix it such that it will resume scanning if it fails to find a UID at the demod stage.

import subprocess,time,winsound

pm3 = subprocess.Popen("C:\ProxSpace\pm3\client\Proxmark3.exe", stdin=subprocess.PIPE, stdout=subprocess.PIPE)
readLine = pm3.stdout.readline().decode('ascii')
print("\"%s\"" % readLine)
#while (readLine != "proxmark3> \r\n"):
while (readLine.find("SN: ChangeMe") < 0):
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print("\"%s\"" % readLine)
print("Starting scan...\n")
pm3.stdin.write(bytes("lf read h\n", "ascii"))
readLine = pm3.stdout.readline().decode('ascii')
readLine = pm3.stdout.readline().decode('ascii')
print("Line: \"%s\"" % readLine)
while ((readLine.find("81") > 0) | (readLine.find("82") > 0) | (readLine.find("83") > 0) | (readLine.find("84") > 0) | (readLine.find("85") > 0)):
  time.sleep(0.1)
  pm3.stdin.write(bytes("lf read h\n", "ascii"))
  readLine = pm3.stdout.readline().decode('ascii')
  readLine = pm3.stdout.readline().decode('ascii')
  print("\"%s\"" % readLine)
print("Card found, pillaging\n")
winsound.Beep(1000,100);
winsound.Beep(500,100);
winsound.Beep(1000,100);
pm3.stdin.write(bytes("data samples 1500\n", "ascii"))
while (readLine.find("Done!") < 0):
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print("\"%s\"" % readLine)
print("Samples taken\n")
pm3.stdin.write(bytes("lf indalademod\n", "ascii"))
while (readLine.find("Occurences:") < 0):
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print("\"%s\"" % readLine)
pm3.stdin.write(bytes("lf sim\n", "ascii"))
while (readLine.find("Starting simulator...") < 0):
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print("\"%s\"" % readLine)
print("Simulating...")
while True:
  time.sleep(1)
  print("Simulating...")
pm3.terminate()

Offline

#3 2016-05-07 17:15:03

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Stand-alone indalademod?

This script does not look that old. Commands seem come from python later version >3.3

What else you need to install for running  this script

Has anyone mangaged to run this for PM with the new CDC serial driver

Last edited by ntk (2016-05-11 19:32:13)

Offline

#4 2016-05-21 13:25:16

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Stand-alone indalademod?

Do we have any python man still reading on the forum? Adam Laurence or Proxcat pls answer could you give me some help here? I know this part is no longer maintained, but my question is about something more general here

Last edited by ntk (2016-05-21 13:29:20)

Offline

#5 2016-06-02 01:29:59

tjhowse
Contributor
Registered: 2011-08-05
Posts: 24

Re: Stand-alone indalademod?

What was it that you were after ntk?

Offline

#6 2016-06-02 04:12:46

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Stand-alone indalademod?

I like to bring your program uptodate with the current form of PM3 (CDC seria port). It runs OK. But I have problem with the print buffer in real time, either it does not print all lines out, or the check on certain criteria is ignored

For example Could you check this and see why it does not
1/ print any report  after doing "lf search"
2/ stuck in the while loop, can not continue to test #2 as it should.

import subprocess,time,winsound

pm3 = subprocess.Popen("C:\Pm3_upd\client\Proxmark3.exe COM4", stdin=subprocess.PIPE, stdout=subprocess.PIPE)
readLine = pm3.stdout.readline().decode('ascii')
print("\"%s\"" % readLine)


while (readLine.find("Embedded Flash Memory") < 0):
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print("\"%s\"" % readLine)

print("Starting scan...\n")

pm3.stdin.write(bytes("hw tu\n"))
readLine = pm3.stdout.readline().decode('ascii')

#while (readLine != "pm3 --> \r\n"):
#while (readLine.find("A sign \n") < 0):
i=0
while (readLine != "\n"):
  i=i+1
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print(i," look:\"%s\"" % readLine )
  #if (readLine.find(" \n") ):    break
  if i == 10 : break
print ("\n\n")
  

pm3.stdin.write(bytes("lf se\n"))
readLine = pm3.stdout.readline().decode('ascii')
i=0
#while (readLine !=" "):
while (readLine != "SG: where am I"):
#while (readLine != "pm3 --> \r\n"):
  i=i+1
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print(i,"line:\"%s\"" % readLine )
  if (i >20 | readLine.find("Found!          \r\n") ):    break

######### template #############
print ("\n\n")
print ("Start of ======>>>>>>>>> test#1 EM41xx print# 0001849837... \n")
pm3.stdin.write(bytes("lf em4x em410xwrite 07001C39ED 1 \n"))
time.sleep(.3)
pm3.stdin.write(bytes("lf se\n"))
readLine = pm3.stdout.readline().decode('ascii')
i=0
#while (readLine.find("My Sign \n") < 0):
while (readLine != "pm3 --> \r\n"):
  i+=i
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print(i,"t1#line:\"%s\"" % readLine )
  if ( i==30 |  ("Found!          \r\n") ):    break
  #if i == 30 : break
print ("End of test#1 ... \n")
print ("\n\n")
################ end of template ###########

######### template #############
print ("Start of test#2 Indala 26bit COMBINATION 1/1... \n")
pm3.stdin.write(bytes("lf t55xx wr b 0 d 0081040\n"))
pm3.stdin.write(bytes("lf t55xx wr b 1 d 00000005\n"))
pm3.stdin.write(bytes("lf t55xx wr b 2 d 02000105\n"))
time.sleep(.3)

pm3.stdin.write(bytes("lf se\n"))
readLine = pm3.stdout.readline().decode('ascii')
i=0
while (readLine.find("My sign \n") < 0):
  i+=i
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print(i,"t2#line:\"%s\"" % readLine )
  if (readLine.find("Found!          \r\n") ):    break
print ("End of test#2 ... \n")
################ end of template ###########

######### template #############
#================= change the clone command betweenn === line only!!!
print ("Start of test#3 AWID 26bit, COMBINATION  13/10333 ... \n")
time.sleep(.1)
pm3.stdin.write(bytes("lf awid clone 26 13 10333\n"))   
time.sleep(.3)
#==================
pm3.stdin.write(bytes("lf se\n"))
readLine = pm3.stdout.readline().decode('ascii')
i=0
while (readLine.find(" \n") < 0):
  i+=i
  time.sleep(0.1)
  readLine = pm3.stdout.readline().decode('ascii')
  print(i,"t2#line:\"%s\"" % readLine )
  if (readLine.find("Found!          \r\n") ):    break
print ("End of test#3 ... \n")
################ end of template ###########


############### Do not write below this line #############
print ("End of Test Suite ... \n")
pm3.stdin.write(bytes("quit\n"))

Last edited by ntk (2016-06-02 20:02:56)

Offline

#7 2016-06-02 04:40:00

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Stand-alone indalademod?

My configuration and my plan is:

i use win7
have python 2.7.1
have installed modules:
pywin32-217,
subprocess,
serial
I like to synchronise the PM3 log window with data plot window, pls see here . after "hw tu" where the report is print out fully as expected; I then run "lf se" it found the tag on the antenna, but report here is ignored I try all different methods like sys.stdout.flush(). python did found the criteria "Found!          \r\n" and moves on to test#1; but at the end of test#1 it can not break out of the loop, although it did  print "Found!          \r\n" so it should match that criteria and move on to test#2. But it did not.

If I do not care about the full report, then I can run more then 1 test; but the result/plot/data are not synchronised

Could you guide me howto to synchronise the log, the plot and verdict of each test I want to run?

I also like to pipe the test verdict result in a .csv file
in the following form
"
test#1 passed/failed/ambiguous
test#2 passed/failed/ambiguous
..." so that later I can import the result in a excel sheet to evaluation the quality

Offline

#8 2016-06-02 04:48:44

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Stand-alone indalademod?

also in your program for indala stand alone what does the line "while ((readLine.find("81") > 0) | (readLine.find("82") > 0) | (readLine.find("83") > 0) | (readLine.find("84") > 0) | (readLine.find("85") > 0)):
"
wait for exactly? What are 81/82/83/84/85 seems to be a msg indicate indala tag is found but I could not find such msg in the current SW...Culd you explain a lttle bit more about that part?

Offline

#9 2016-06-03 02:22:39

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Stand-alone indalademod?

@tjhowse

thank for looking in.I think I have what I want already.

Arrange the code in different way I have managed to run the whole range of tests I want, PLUS, in each test I got the report\the feed backs of the commands what  I want to see in synchronization with the graph. In this way my test runs do not confuse the user.

I still don't understand why with subprocess  I must have a while loop where condition is never fullfill so the stdout seems to loop and prints out all of its datas (basically like when you force it by a sys.stdout.flush() after start printing)

In other word: I should not care to predict and check a condition should be fulfilled before we do the next test. We should just run, see the report flowing in or lead those datas in a pool, then run either a parallel test program or even in serial after all tests required have been run, and all report datas  are available.

a parallel program would face difficulty that while data is written into that log file, access may not be shared.

it would be easier to check the log file after all tests have been run, to evaluate a test run was a pass or fail.So we don't need to concern about how two program can access to a log file. I don't know how to do, but I know that asynchronous access is possible, because a program called Ultra-Editor can access to a text file, and shows actual data in it at the time you hit the refresh button, even during that period an other program still continuously feeds datas into it.

Anyway running thing sequentially, should the same result, and  I think that is clearer/ better, and happens in more natural way 

How to do the sequential check,I still have no clear idea, just a very vague hunch how to do with sed, grep ...

Last edited by ntk (2016-06-03 02:23:33)

Offline

#10 2016-06-03 08:43:14

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Stand-alone indalademod?

hummmmn.... not quite synchronous

why it does mysterious

and later print out all traces of test2 outside the start-stop-marks  out of thin air 

this python thing can really give me heart-attack

Offline

Board footer

Powered by FluxBB