Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Well, I am reversing data exchanged between the proxmark3.exe client and the PM3 using the new COM port communication (thanx roel!!!) and this is what I found:
commands, (as explained there: http://proxmark3.googlecode.com/svn/tru … /usb_cmd.h) must be sent in reverse order through a pure serial communication (hyperterminal or whatever).
For example, if in the source code you read command 0107 you must send 0701.
Tested and working:
-----------------------------------------------------------------------------------------------
0004 -> hw tune
-----------------------------------------------------------------------------------------------
0701 -> hw version
-----------------------------------------------------------------------------------------------
8503 -> Act like an ISO14443 Type A reader
-----------------------------------------------------------------------------------------------
0606 -> get sector X of a chinese mifare card
example:
command arg0 arg1 arg2
0606000000000000 0A00000000000000 0000000000000000 000000000000000000
0606000000000000 0000000000000000 0100000000000000 000000000000000000 ---\ Get sector 0 of a chinese mifare card (blocks from 0 to 3); 1 command = read block of the arg2 specified sector (from 0 to 15)
0606000000000000 0000000000000000 0200000000000000 000000000000000000 ---/ 4 commands SENT WITHOUT SPACES (I added spaces for clarity); wait some milliseconds (ex.300) after each one
0606000000000000 1400000000000000 0300000000000000 000000000000000000
in my opinion that command (0606) has 3 arguments (parameters): arg0 = some fpga setting, arg1 = ??? (always 0), arg2 = block to read
When you read sectors from a specific block it seems that you MUST add arg0=0A in the first command and arg0=14 in the last read command, like 0A = activate something (backdoor?) and 14 = deactivate something else; more info there (green part at the end of the page): https://code.google.com/p/proxmark3/sou … ifarecmd.c
-----------------------------------------------------------------------------------------------
Last edited by asper (2012-12-11 19:18:56)
Offline
Other progresses ! Look at first post !
Last edited by asper (2012-12-11 18:53:40)
Offline