Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
I've been writing a PROX calculator that will take a facility code and card number and create all the correct binary, hex and octal outputs with the parity bits. The ProxMark3 will create a TAG ID with the last digits matching the HEX that I calculate, but the first (left) digits of the TAG ID are usually 2004, 2005, 2006 and I can't figure out how Proxmark creates this part of the TAG ID.
I can cludge it and I can guess the tag ID, but there has to be a way PROXMARK calculates it.
Examples...
HID Prox TAG ID: 2005ffffff
--------------------------------------------------
Format: H10301 (HID H10301 26-bit)
Facility Code: 255
Card Number: 65535
Parity: Valid
My program takes the 255 and 65535 and will calculate the binary with parity as 1FFFFFF, if I add the 1 to 2004, it becomes 2005FFFFFF...but that's the cludged way... how does PROXMARK get the 2005 part of 2005FFFFFF? If the FC is 1 and the card # is 12345, HEX is 2026073, it will be 2006026073 as the TAG ID (programs right and reads back as the right FC and Card #.
Thoughts?
TK
Offline
The difference is all in the encoding. Legacy HID credentials are always stored as a block of 37 bits' length. In their encoding, they use a start sentinel immediately prior to the data block to indicate whether the card = 37 bit (sentinel 0) or < 37 bits (sentinel 1). If the card is less than 37 bits' length, you will also have an inner start bit (value 1) immediately prior to the start of the data. Therefore:
Data only: (01 1111 1111 1111 1111 1111 1111) => 0x1FFFFFF
With start bit: (101 1111 1111 1111 1111 1111 1111) => 0x5FFFFFF
With start bit and sentinel: (10 0000 0000 0101 1111 1111 1111 1111 1111 1111) => 0x2005FFFFFF
The inner wrapper is what the Proxmark shows as the raw value.
Offline
Thank you, much appreciated
The difference is all in the encoding. Legacy HID credentials are always stored as a block of 37 bits' length. In their encoding, they use a start sentinel immediately prior to the data block to indicate whether the card = 37 bit (sentinel 0) or < 37 bits (sentinel 1). If the card is less than 37 bits' length, you will also have an inner start bit (value 1) immediately prior to the start of the data. Therefore:
Data only: (01 1111 1111 1111 1111 1111 1111) => 0x1FFFFFF
With start bit: (101 1111 1111 1111 1111 1111 1111) => 0x5FFFFFF
With start bit and sentinel: (10 0000 0000 0101 1111 1111 1111 1111 1111 1111) => 0x2005FFFFFFThe inner wrapper is what the Proxmark shows as the raw value.
Offline