Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2011-09-20 02:13:48

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Starting with LF tags...

hello smart people! I'm now working with LF tags. I'm trying to find out which type of card is the one i use at my building.

by reading https://www.lafargue.name/article2754.html (it's a bit outdated, a lot of commands were changed, anyway...) and trying to follow the steps, my first result is the following image:

unknown tag

I issued:

data samples 2000
data autocorr 2000

and played with the zoom and the markers...

I now want to demod this, but if I issue data askdemod 0 or 1, nothing happens.. I tried also the lf demos commands of the known cards but again, no good results..

The final goal is to simulate this tag with the proxmark.

Any help?

Thanx a lot.

Offline

#2 2011-09-20 14:48:29

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Starting with LF tags...

My first attempt is usually with a hidfskdemod command since most LF tags are HID. Did you try that?

This may bring up the question about the askdemod command. If the modulation is fsk, would you expect the askdemod to work? I think the hidfskdemod command performs an fsk demod plus the manchester decode since the HID tags do not manchester decode.

Offline

#3 2011-09-20 18:05:04

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Re: Starting with LF tags...

Bugman1400, thanx for the reply.

data fskdemod - output:

proxmark3> data fskdemod
actual data bits start at sample 3646
length 50/50
bits: '010100010011010000110111010111101101000000010'
hex: 00000a26 86ebda02
proxmark3> data fskdemod
actual data bits start at sample 4643
length 50/50
bits: '100101001001001010100001000000010001101101110'
hex: 00001292 5420236e
proxmark3> data fskdemod
actual data bits start at sample 1406
length 50/50
bits: '001010110101001011111110000010011001100111010'
hex: 0000056a 5fc1333a

the output is different every time I execute it.. that is after data samples 3000

...

also, if the mod is fsk, ask won't work because it's a different way to encode bin data .. (afaik, correct me if i'm completely and insanely wrong)


I also tried: lf hid fskdemod but nothing happens.. the pmark just blinks and stays in that state.

The tag is like a typical mifare card (no clamshell or similar), 125khz, white, and with: E077,07004 printed in one side.

Any ideas?

Thanks aaaa lot!

Last edited by moebius (2011-09-20 18:05:40)

Offline

#4 2011-09-20 18:47:01

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Starting with LF tags...

First of all, I suppose I should have asked what client you are running. If you are running prox gui on Windows platform then you should be able to type 'help' and get a list of valid commands. Forget the data part and just try a 'hidfskdemod' command. If you are not using Windows platform, I may not be able to help. I didn't think any of the LF tags were anything other than static cards (not Mifare like) but, I'm certainly no expert. Which platform and client are you using?

Offline

#5 2011-09-20 18:55:00

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Re: Starting with LF tags...

Bugman, I'm running Windows client, last rev. so 'hidfskdemod' won't work.. I think the same command in my client is: 'lf hid fskdemod' .. yellow light on, red blinking.. after some minutes.. nothing happens..

When i said "mifare like" i was talking about its size not about its electronics and behavior.

thanks for your help.

Offline

#6 2011-09-20 21:00:58

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Starting with LF tags...

I'm not exactly sure what Rev of client I have.....it maybe a slightly older rev. If you execute the 'lf hid fskdemod' command as you say and the red light blinks fast it is waiting for you to pass the LF tag through the field. As you do that, the red light blink rate should change, which is an indication that it is reading the LF tag. It will then blink fast again when you remove the LF tag from the field.

Exactly, what is your Windows client rev?

Offline

#7 2011-09-20 21:55:54

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Re: Starting with LF tags...

At revision: 498 --> my pm3 folder with client and pmark images.

By issuing that command, and moving the card into the field, nothing happens. same stuff... it's not a hid type i think.

any other ideas?

10x. smile

Offline

#8 2011-09-21 14:18:42

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Starting with LF tags...

I beginning to think you're right about it not being an HID tag. Can you post a screenshot of the data samples?

Offline

#9 2011-09-24 21:06:04

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Re: Starting with LF tags...

Sorry for the delay! I was at the Ekoparty Sec conf in Arg smile

the first sceeenshot is the data samples after an autocorr.

Thanx.

Offline

#10 2011-09-24 21:39:58

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Starting with LF tags...

Where is the screenshot at?

Offline

#11 2011-09-24 21:48:52

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Re: Starting with LF tags...

http://img202.imageshack.us/img202/7465 … owntag.png

is that the screenshot you're looking for? or the output of other command?

Offline

#12 2011-09-25 01:05:32

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Starting with LF tags...

Your snapshot does not seem to show a good autocorrelation for a 4096 samples per period. If you go back and look at the tutorial, you can see the distinct cycle period at the yellow and purple lines (the two very high peak waveforms). Your snapshot does not show this (it only shows one peak waveform). You may need to zoom out or pan left.

Offline

#13 2011-09-25 02:00:09

moebius
Contributor
Registered: 2011-03-10
Posts: 206

Re: Starting with LF tags...

yes, it shows it. look exactly after the purple mark, the same two peaks that are at the beggining.

Right now i'm having some problems to obtain again the above image i posted. Don't know what's going on with my park in lf mode. The antenna is good and other lf functions work just fine.

I'll try to investigate myself and post my results. Thanx.

Offline

#14 2011-09-25 02:15:28

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Starting with LF tags...

Yes, I see it now........you're correct.......I missed that. I've never tried that procedure before just now. I used a known LF HID tag and did not get the expected results. I know that the tag is HID and therefore fsk. So, for me, fskdemod command should work. I tried the askdemod and got a flat line of zero. The fskdemod gave me a waveform but, I could never get any valid bit data with the mandemod command. Since the original tutorial and all the subsequent firmware and os revisions, I wouldn't be surprised if that feature got disabled or corrupted.

Let us know what you discover.

My version is:

>> Started prox, built Sep  5 2009 16:26:21
>> Connected to device
> version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 215 2010-01-14 21:43:26
#db# os: svn 412 2010-02-28 10:50:53
#db# FPGA image built on 2009/12/ 8 at  8: 3:54

Offline

#15 2011-10-19 11:15:26

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Starting with LF tags...

I am going to analyze a new rfid tag using the procedure mentioned above... but Bugman1400 says some commands can be corrupted... can someone please verify that ?

Offline

Board footer

Powered by FluxBB