2013-07-03

Very poor replay performance

I've recently dug up my Proxmark3 again and played around with it, this time trying 125kHz replay. Worked, but with extremely poor performance (only about 1 in 30 times it actually works, but even read performance of EM4102 transponders is extremely poor). Trying to figure out why this would be. First off, I'm using the latest FW/FPGA bitstream, SVN rev 752 grabbed from Antenna tuning gives the following results:

proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...                 
#db# Measuring complete, sending report back to host                 
# LF antenna: 19,34 V @   125.00 kHz         
# LF antenna:  8,19 V @   134.00 kHz         
# LF optimal: 20,54 V @   123,71 kHz         
# HF antenna:  5,35 V @    13.56 MHz   

Note that this is the stock 125 kHz antenna (with that USB connector which I soldered off) that I got with the Proxmark, connected not via USB but via RG178 soldered onto the antenna testpoints (both for the 13.56 MHz and 125kHz antenna). Actually tried before with the USB cable, reading were a bit worse but it turned out this wasn't the issue. Side note: the 13.56 MHz antenna is a really good PCB antenna (with my HID reader about 7-10 cm reading distance for DESFire transponders), but it has rather shitty performance when used with the proxmark (tuned already to max amplitude).

Anyways, about simulating EM4102. Reading already turns out to be a problem. When I run "lf em4x em410xwatch" it usually takes 10-20 tries to even *read* the tag, which I have placed directly on the 125kHz PCB antenna. Usually fails with something like

Auto-detected clock rate: 63         
Thought we had a valid tag but failed at word 4 (i=37)         
Thought we had a valid tag but failed at word 4 (i=102)         
Thought we had a valid tag but failed at word 4 (i=167)         
Thought we had a valid tag but failed at word 3 (i=227) 

(i.e. it misdetects the clock rate as 63 instead of 64, manual readout with "em410xread 64" usually works in these cases).

Then, when I finally captured a valid tag and try to "lf sim", in about 1 in 30 cases will this actually work (i.e. with a different reader of mine I'll be able to pick it up as a tag). Usually, with my other 125 kHz reader, I'll pick up nothing at all.

Any ideas on why performance is so shitty with my Proxmark? Am I doing something wrong? Is my hardware broken? Any help is greatly appreciated.


