Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2018-06-21 15:39:03

ImSchatten360
Contributor
Registered: 2018-06-21
Posts: 2

Simulation of Legic Prime unsegmented user-credential tag

Hello,

I just recently started to analyse RFID tags. One of my current project is the simulation of some Legic Prime tags which are used for access control. I read the content of four tags by doing the following:

proxmark3> hf legic reader
#db# setting up legic card          
#db# MIM 256 card found, reading card ...          
#db# Card read, use 'hf legic decode' or          
#db# 'data hexsamples 256' to view results   

In all cases only the first 16 bytes seem to have any content (see below, some bytes are disguised). Everything else is 0 as far as I can tell. The first two tags and the last two tags look similar and the UIDs of each of those pairs are the same. Probably because they are from the same batches. Byte 13 and Byte 14 hold the ID of the tag that is written on it. So if the ID would be "1234" Byte 13 is "12" and Byte 14 is "34". In another thread it was stated that Byte 15 is the crc8 of Bytes 00-03 + Byte 07 + Bytes 08-14. However, I am not sure about how the perform the calculation in detail and therefore was not able to obtain the required value.

bytes
00 01 02 03 04 05 06 07
08 09 10 11 12 13 14 15

tag 1-1
ss xx xx tt a3 60 ea 09          
02 00 09 c6 00 xx xx 13 

tag 1-2
ss xx xx tt 38 60 ea 09
02 00 09 c6 00 xx xx 08

tag 2-1
uu xx xx vv b5 60 ea 09          
02 00 09 c6 00 xx xx fe

tag 2-2
uu xx xx vv 05 60 ea 09
02 00 09 c6 00 xx xx 71

I tried to simulate the tags but the reader did not respond to my attempts. I assume that the "hf legic sim" function is not working properly. In some posts "timing" issues are mentioned. Did anyone make any progress and did successfully simulate a legic prime tag or can give me any hints how to proceed?

Cheers

ImSchatten360

Offline

Board footer

Powered by FluxBB