Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-11-06 23:14:05

osbock
Contributor
Registered: 2018-04-23
Posts: 9

Guidance on sniffing NFC/NDEF

Hi,
I've developed a javacard program to simulate NDEF type 4 tags, and it works, but some phones aren't reading it.
i have a proxmark3-easy, and tried sniffing both successful and failed reads.

The problem is, I can't consistently capture both the reader and the tag info.
I managed to get one fairly complete log of a successful read, but I think there are commands missing. (I can't see the capabilities file read, but I see the response from the card)

Here's the info from startup. (I'm not sure when I built the firmware that's on there, but it's not super recent
Prox/RFID mark3 RFID instrument         
bootrom: master/v3.0.1-361-ge069547-suspect 2018-04-16 17:19:40
os: master/v3.0.1-361-ge069547-suspect 2018-04-16 17:19:42
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59

The Questions:
1. Are there specific alignments/methods for capturing the communications between a creditcard sized device and a mobile phone. Note, I have removed the riser and the low frequency coil to get better proximity. Currently, I've tried card under the pm3, phone on top and phone and card on top.
2.  Should I try different/more recent firmware, and should I expect better results
3. Would I experience better/acceptable performance on the newer Proxmark3 RDV4? I'm willing to buy, but only if I can expect better results. The other uses I've put the Easy to have been great, and it's been a great learning platform, but for this project I need to specifically justify the expense around this problem.

Thanks in advance!
Kevin

Offline

#2 2018-11-06 23:19:33

osbock
Contributor
Registered: 2018-04-23
Posts: 9

Re: Guidance on sniffing NFC/NDEF

One clarification:
Most of my reads have all src labeled as Tag, and there aren't any Selector other APDU's I can identify from the reader.
Here is my most complete snoop, which I haven't been able to replicate more than this first time:

Recorded Activity (TraceLen = 810 bytes)          
          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
          
      Start |        End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|          
          0 |      46176 | Rdr | f0  25  d4  00  9f  45  fc  50  18  96  bb  35  bc  0c  00  00  |     |           
            |            |     | 00  32  46  66  6d  01  01  12  02  02  07  ff  03  02  00  13  |     |           
            |            |     | 04  01  64  07  01  03  50  78                                  |  ok | ?          
     201620 |     203988 | Tag | 04  00                                                          |     |           
     214564 |     219108 | Tag | 08  9f  1d  c8                                                  |     |           
     239028 |     242612 | Tag | 20  fc  70                                                      |     |           
     260212 |     266484 | Tag | 10  78  80  70  02 00!                                          | !crc|           
     443620 |     447140 | Tag | c2  e0  b4                                                      |     |           
    3236656 |    3239120 | Rdr | 93  20                                                          |     | ANTICOLL          
    3390112 |    3393728 | Rdr | b2  67  c7                                                      |  ok | ?          
    5535796 |    5541620 | Tag | 02  90  00  f1  09                                              |     |           
    5869092 |    5874916 | Tag | 03  90  00  2d  53                                              |     |           
    6106244 |    6129348 | Tag | 02  00  0f  20  00  80  00  80  04  06  e1  04  00  45  00  ff  |     | Capability container contents          
            |            |     | 90  00  26  fc                                                  |  ok |           
    6174288 |    6185904 | Rdr | 03  00  a4  00  0c  02  e1  04  6d  db                          |  ok | Select NDEF Data          
    6675252 |    6679988 | Tag | f2  01  91  40                                                  |     |           
    6706116 |    6711940 | Tag | 03  90  00  2d  53                                              |     |           
    6744464 |    6746288 | Rdr | 02 00!                                                          |     | ?          
    7239412 |    7244148 | Tag | f2  01  91  40                                                  |     |           
    7740308 |    7745044 | Tag | f2  01  91  40                                                  |     |           
    7752032 |    7756800 | Rdr | f2  01  91  40                                                  |  ok | ?          
    8250052 |    8254788 | Tag | f2  01  91  40                                                  |     |           
    8750820 |    8755556 | Tag | f2  01  91  40                                                  |     |           
    9251460 |    9256196 | Tag | f2  01  91  40                                                  |     |           
    9777204 |    9781940 | Tag | f2  01  91  40                                                  |     |           
   10299364 |   10304100 | Tag | f2  01  91  40                                                  |     |           
   10799876 |   10804612 | Tag | f2  01  91  40                                                  |     |           
   11301812 |   11306548 | Tag | f2  01  91  40                                                  |     |           
   11806420 |   11811156 | Tag | f2  01  91  40                                                  |     |           
   12006260 |   12014452 | Tag | 02  00  43  90  00  91  e6                                      |  ok |           
   12553620 |   12558356 | Tag | f2  01  91  40                                                  |     |           
   13060292 |   13065028 | Tag | f2  01  91  40                                                  |     |           
   13560804 |   13565540 | Tag | f2  01  91  40                                                  |     |           
   14080532 |   14085268 | Tag | f2  01  91  40                                                  |     |           
   14581044 |   14585780 | Tag | f2  01  91  40                                                  |     |           
   14594112 |   14597536 | Rdr | 7f  93 cf!                                                      | !crc| ?          
   15103332 |   15108068 | Tag | f2  01  91  40                                                  |     |           
   15605764 |   15610500 | Tag | f2  01  91  40                                                  |     |           
   15617488 |   15622256 | Rdr | f2  01  91  40                                                  |  ok | ?          
   16108596 |   16113332 | Tag | f2  01  91  40                                                  |     |           
   16617300 |   16622036 | Tag | f2  01  91  40                                                  |     |           
   16828532 |   16846068 | Tag | 03  d1  01  3f  54  02  65  6e  30  31  30  30  30  30  31  35  |     |ndef file contents           
            |            |     | 33  39  39  35  35  35  33  36  30  30  38  38  30  30  30  30  |     |           
            |            |     | 30  30  31  30  32  38  34  44  43  42  42  37  30  34  30  42  |     |           
            |            |     | 36  37  39  35  42  41  45  34  41  44  32  34  33  32  37  45  |     |           
            |            |     | 37  44  33  44  90  00  76  9e                                  |  ok |           
   17016756 |   17020276 | Tag | a3  6f  c6                                                      |     |           
   20152992 |   20156608 | Rdr | b2  67  c7                                                      |  ok | ?          
   20161764 |   20165284 | Tag | a3  6f  c6                                                      |     |           
   23282544 |   23283792 | Rdr | b2                                                              |     | ?          
   23291316 |   23294836 | Tag | a3  6f  c6                                                      |     |           
   26398432 |   26399168 | Rdr |12!                                                              |     | ?          
   26407204 |   26410724 | Tag | a3  6f  c6                                                      |     |           
   29508820 |   29512340 | Tag | a3  6f  c6                                                      |     |           
   32616948 |   32620468 | Tag | a3  6f  c6                                                      |     |           
   35736532 |   35740052 | Tag | a3  6f  c6                                                      |     |           
   38973236 |   38976756 | Tag | a3  6f  c6                                                      |     |           
   42166096 |   42169712 | Rdr | b2  67  c7                                                      |  ok | ?          
   42174852 |   42178372 | Tag | a3  6f  c6                                                      |     |           
   45394708 |   45398228 | Tag | a3  6f  c6                                                      |     |     

Offline

#3 2019-07-18 16:48:41

hfmfsniff
Contributor
Registered: 2019-07-07
Posts: 19

Re: Guidance on sniffing NFC/NDEF

My recent post and piwi's reply may be helpful to you. Hope my late reply is still relevant.
http://www.proxmark.org/forum/viewtopic … 861#p35861

Last edited by hfmfsniff (2019-07-18 16:49:07)

Offline

Board footer

Powered by FluxBB