Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2014-03-12 07:29:52

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Help decoding

Hi

I have been able to run my pm3 finally. I have played a bit with, but i am unable to decode one of my cards neither simulate it.
Here is the info.

The card is from Rosslare as  i know is 125 khz  AT-R14 / AR-R14C.

the number that are printed on the card are 00566945146288 and 144,26032.

I have tried with em4x and more of them i order to try. I tried this one first because it looks like one of them. Anyway i if do after sudo ./proxmark3 ..

proxmark3> lf em4x em410xread
Auto-detected clock rate: 64

if i do
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64         
proxmark3> lf em4x em410xread 64
proxmark3>

i don't get nothing. Probably i making something bad, probably it is not a em4x card i don't know. heres are the results of data samples 16000 and plot

8wMJyzoBaPKEcfTzaRVWKmtpxq_sLrms1UOT1XOymSs=w368-h207-p-no

wHuzCZfjuAkTx83kjTivCUGXRh27SpgATHYekItmgKk=w368-h207-p-no

i have tried all types of demodulation but results are not clear to me.

I have tried to do some research with the graph results but i am so newbie i cannot get anything clear.

Thank you for reading and for any kind of help in advance.

Offline

#2 2014-03-12 08:34:56

midnitesnake
Contributor
Registered: 2012-05-11
Posts: 151

Re: Help decoding

please could you post a link to a saved trace?

Offline

#3 2014-03-12 11:26:50

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

midnitesnake wrote:

please could you post a link to a saved trace?

Of course..  Here it is:

https://mega.co.nz/#!BxQ3zAKC!ta0NVmLH_-5sto8PfhQeM2GNNmUVFWdcXzAjxVTRMcI (sorry i cannot post url)

But please, if you are performing some kind of decoding, i would be very interested if you explain a little how to.

Thanks in advance.

Offline

#4 2014-03-12 11:57:57

midnitesnake
Contributor
Registered: 2012-05-11
Posts: 151

Re: Help decoding

what antenna are you using, and what  is the output of "hw tune" ?

Your trace is a little rough, I'm finding it hard to trace manually; but there may be others on here that can trace the signal better than me.

Offline

#5 2014-03-12 23:02:41

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

midnitesnake wrote:

what antenna are you using, and what  is the output of "hw tune" ?

Your trace is a little rough, I'm finding it hard to trace manually; but there may be others on here that can trace the signal better than me.

I am using de lf antenna that came the proxmark3

these are the results, the first without card:


proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...                 
#db# Measuring complete, sending report back to host                 
         
# LF antenna: 16,25 V @   125.00 kHz         
# LF antenna: 14,37 V @   134.00 kHz         
# LF optimal: 20,81 V @   127,66 kHz         
# HF antenna:  0,26 V @    13.56 MHz         
# Your HF antenna is unusable.         
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...                 
#db# Measuring complete, sending report back to host                 
         
# LF antenna:  5,50 V @   125.00 kHz         
# LF antenna:  6,31 V @   134.00 kHz         
# LF optimal: 10,21 V @   153,85 kHz         
# HF antenna:  0,00 V @    13.56 MHz         
# Your HF antenna is unusable.

Offline

#6 2014-03-13 09:07:23

midnitesnake
Contributor
Registered: 2012-05-11
Posts: 151

Re: Help decoding

Hmm, looks ok to me, maybe the transponder on the card isn't that good?

The tag should be an EM4002 looking at data sheets on Rosslare's website.

Offline

#7 2014-03-13 11:45:48

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

OK thank you.  If you or someone has more info or clues about how the modulation looks like it will be a good help.

Offline

#8 2014-03-13 15:12:14

midnitesnake
Contributor
Registered: 2012-05-11
Posts: 151

Re: Help decoding

According to www.datasheetarchive.com/dl/Datasheet-04/DSA0063818.pdf

its using PSK AM modulation (and might use/need Manchester decoding after that) a phase shift is logic zero, no phase shift is logic 1

Offline

#9 2014-03-18 20:20:48

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: Help decoding

You have alot of distortions in the middle, but it should go ok. You might be able to get some bitstream read off it with

data threshold x (try around 0)
data askdemod 0 (or 1)
data mandemod

However with the distortions around the zerocrossing it will be hard.

Check this post. I have a patch there that allows more flexibility, it will allow you to select more prominent points as distinction.

Offline

#10 2014-03-19 14:17:30

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

Thank you so much.  I am going to give it a try.
I will post on discovering.

Offline

#11 2014-03-19 18:23:19

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

Enio wrote:

You have alot of distortions in the middle, but it should go ok. You might be able to get some bitstream read off it with

data threshold x (try around 0)
data askdemod 0 (or 1)
data mandemod

However with the distortions around the zerocrossing it will be hard.



HI!! can you help me applying the patch? I am very newbie as you can see. it is supposed to be added to cmddata.c?

Offline

#12 2014-03-19 18:56:08

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: Help decoding

dedosoa wrote:
Enio wrote:

You have alot of distortions in the middle, but it should go ok. You might be able to get some bitstream read off it with

data threshold x (try around 0)
data askdemod 0 (or 1)
data mandemod

However with the distortions around the zerocrossing it will be hard.



HI!! can you help me applying the patch? I am very newbie as you can see. it is supposed to be added to cmddata.c?

You apply it in client folder. part goes in cmddata.c and .h

Then just make clean &&  make all in client folder.

Offline

#13 2014-03-20 01:48:43

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

Hi good news!!

Thanks for the guide i didnt pay attention to your code on the post. It was all very clear.
On the other hand, it worked like a charm. At least i think so.

That's the results:

SROPE72AhqGsYIOOWAPWMlo8ApuRfSGhQQ9UVerv1Kk=w338-h190-p-no

EgMDCV3Vz86FRvPjQjI9JLns6Kj0Lmi0o5-RPGCO4DY=w338-h190-p-no

i didn't know what to do next so i put the decode result into http://andrewmohawk.com/EM41X/ and then i had a some results that i have to study and think about. I think this is what has  to be implemented on a t55x7 card in order to clone it? Am i right?

Anyway thank you so much for the patch. i think it would be interesting to introduce this in the next version. My fear is, i managed to decode other prox cards, but why this happened on this card, would it be happening with all cards? is it an issue with this card or with my antenna?

Thank you guys for helping me to learn a bit more.

Offline

#14 2014-03-20 03:58:37

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: Help decoding

Great it helped you!

Im not sure exactly why it doesnt work, must be because of the special waveform.

How to go on with the demodulated signal - i dont know. I have no experience yet.
But you might find hints how to interpret those bits you got in the net.

Let us know what you find,

Best, Enio

Offline

#15 2014-03-20 15:37:54

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: Help decoding

dedosoa wrote:

I have tried with em4x and more of them i order to try. I tried this one first because it looks like one of them. Anyway i if do after sudo ./proxmark3 ..

proxmark3> lf em4x em410xread
Auto-detected clock rate: 64

if i do
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64         
proxmark3> lf em4x em410xread 64
proxmark3>

i don't get nothing. Probably i making something bad, probably it is not a em4x card i don't know. heres are the results of data samples 16000 and plot

Hey there, i have experimented further with my em4100 tag. I also had this issue - not being able to extract ID with this command. I found out that it will fail when the wave is too "weak" - While manually we can still demodulate it, the built in demodulation relies on stronger peaks that are cut off. With my bigger antenna (10cm diameter) i get beautifully shaped waves, but not strong enough for this function, with a small diameter wave and the tag right ontop i get this form:
FcGq6.jpg
and  "lf em4x em410xread" works.

Just to clarify, you need to read and get the samples before using this function, like this:

proxmark3> lf read
#db# buffer samples: b4 a6 9b 94 8d 8a 88 86 ...                 
proxmark3> data samples 40000
Reading 40000 samples
          
Done!
          
proxmark3> lf em4x em410xread
Auto-detected clock rate: 64          
EM410x Tag ID: XXXXXXXXXX
proxmark3>

Offline

#16 2014-03-22 18:35:22

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

Hi.
What do you mean with

with a small diameter wave and the tag right ontop i get this form

This is other antenna you ve got.  Can you provide an image or a schematic?
Thanks for the help.

Offline

#17 2014-03-22 21:55:58

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: Help decoding

dedosoa wrote:

Hi.
What do you mean with

with a small diameter wave and the tag right ontop i get this form

This is other antenna you ve got.  Can you provide an image or a schematic?
Thanks for the help.

Oh sorry i meant antenna, not wave there.
Well i can make a pic tomorrow. The small one is rolled on an empty toilet paper roll. 0.1mm wire, turns im not sure, alot.

Offline

#18 2014-03-23 04:26:40

dedosoa
Contributor
Registered: 2014-02-26
Posts: 12

Re: Help decoding

Enio wrote:
dedosoa wrote:

Hi.
What do you mean with

with a small diameter wave and the tag right ontop i get this form

This is other antenna you ve got.  Can you provide an image or a schematic?
Thanks for the help.

Oh sorry i meant antenna, not wave there.
Well i can make a pic tomorrow. The small one is rolled on an empty toilet paper roll. 0.1mm wire, turns im not sure, alot.


Nice!!

Have you got a manual or guide to make my own? could be nice!!

Offline

Board footer

Powered by FluxBB