Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2023-03-01 04:30:26
- rafaz182
- Contributor
- Registered: 2023-02-28
- Posts: 6
hf mf VS. hf 14a simulation
I did my best but unfortunately I couldn't figure out what's happening to my proxmark.
I'm trying to simulate a MIFARE 4k card, but using the card option (hf mf sim) just doesn't work, the reader doesn't connect with the simulator. Sometimes after moving around the antenna have a little effect (detection) but still not working.
On the other side using the ISO-14443A works partially. The proxmark is detected by the reader, but when I try to dump the simulated memory, I receive an error informing the keys are invalid. I can exclude the possibility of be my phone because when I use the card itself, with the same keys, I could dump the content of this card.
Steps to reproduce:
- Reader Side (Android)
Download the MIFARE Classic Tool
Select "Read Tag" option
- Proxmark Side
Load the dumped card file
Enter the simulate mode
This commands are used by me.
hf mf eload --4k -f hf-mf-2F05EC42-dump.eml
hf mf sim --4kOR
hf 14a sim -t 8
Now approximate the simulator to the cellphone.
They will output the following log, respectivelly:
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52(7) | | WUPA
2100 | 4468 | Tag |02 00 | |
12018 | 16786 | Rdr |50 00 57 cd | ok | HALT
874112 | 875104 | Rdr |52(7) | | WUPA
876212 | 878580 | Tag |02 00 | |
886126 | 888590 | Rdr |93 20 | | ANTICOLL
889634 | 895458 | Tag |2f 05 ec 42 84 | |
903020 | 913484 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
914592 | 918176 | Tag |18 37 cd | |
1039462 | 1041670 | Rdr |50! 00! | | HALT
1043034 | 1043674 | Tag |04(4) | |
1117834 | 1120042 | Rdr |50! 00! | | HALT
1121406 | 1122046 | Tag |04(4) | |
1196224 | 1198432 | Rdr |50! 00! | | HALT
1199668 | 1200308 | Tag |04(4) | |
1276680 | 1278888 | Rdr |50! 00! | | HALT
1280252 | 1280892 | Tag |04(4) | |
1690150 | 1691142 | Rdr |52(7) | | WUPA
1692250 | 1694618 | Tag |02 00 | |
1702178 | 1706946 | Rdr |50 00 57 cd | ok | HALT
2564204 | 2565196 | Rdr |52(7) | | WUPA
2566304 | 2568672 | Tag |02 00 | |
2576218 | 2578682 | Rdr |93 20 | | ANTICOLL
2579726 | 2585550 | Tag |2f 05 ec 42 84 | |
2593096 | 2603560 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
2604668 | 2608252 | Tag |18 37 cd | |
2725512 | 2727720 | Rdr |50! 00! | | HALT
2729084 | 2729724 | Tag |04(4) | |
2797890 | 2800098 | Rdr |50! 00! | | HALT
2801334 | 2801974 | Tag |04(4) | |
2864450 | 2866658 | Rdr |50! 00! | | HALT
2867894 | 2868534 | Tag |04(4) | |
2938340 | 2940548 | Rdr |50! 00! | | HALT
2941912 | 2942552 | Tag |04(4) | |
3318636 | 3319628 | Rdr |52(7) | | WUPA
3320736 | 3323104 | Tag |02 00 | |
3330642 | 3335410 | Rdr |50 00 57 cd | ok | HALT
4192620 | 4193612 | Rdr |52(7) | | WUPA
4194720 | 4197088 | Tag |02 00 | |
4204634 | 4207098 | Rdr |93 20 | | ANTICOLL
4208142 | 4213966 | Tag |2f 05 ec 42 84 | |
4221512 | 4231976 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
4233084 | 4236668 | Tag |18 37 cd | |
4319752 | 4321960 | Rdr |50! 00! | | HALT
4323324 | 4323964 | Tag |04(4) | |
4393664 | 4395872 | Rdr |50! 00! | | HALT
4397108 | 4397748 | Tag |04(4) | |
4475528 | 4477736 | Rdr |50! 00! | | HALT
4479100 | 4479740 | Tag |04(4) | |
4548674 | 4550882 | Rdr |50! 00! | | HALT
4552118 | 4552758 | Tag |04(4) | | Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52(7) | | WUPA
2228 | 4596 | Tag |02 00 | |
12012 | 16780 | Rdr |50 00 57 cd | ok | HALT
874146 | 875138 | Rdr |52(7) | | WUPA
876374 | 878742 | Tag |02 00 | |
886128 | 888592 | Rdr |93 20 | | ANTICOLL
889764 | 895588 | Tag |2f 05 ec 42 84 | |
903038 | 913502 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
914738 | 918322 | Tag |18 37 cd | |
1023916 | 1026124 | Rdr |50! 00! | | HALT
1110362 | 1111354 | Rdr |52(7) | | WUPA
1112590 | 1114958 | Tag |02 00 | |
1122360 | 1132824 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
1134060 | 1137644 | Tag |18 37 cd | |
1232348 | 1234556 | Rdr |50! 00! | | HALT
1300406 | 1301398 | Rdr |52(7) | | WUPA
1302634 | 1305002 | Tag |02 00 | |
1312420 | 1322884 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
1324120 | 1327704 | Tag |18 37 cd | |
1442834 | 1447602 | Rdr |60 04 d1 3d | ok | AUTH-A(4)
1449798 | 1454534 | Tag |1a 32 4f 61 | | AUTH: nt
1465692 | 1475068 | Rdr |7b! 39 bf 58 67 f2! 57 1f | | AUTH: nr ar (enc)
1666780 | 1671484 | Rdr |3a! dd! e7 41 | | READ RANGE (221-231) (?)
1862124 | 1866828 | Rdr |79 79! 3c ed | !! |
2056060 | 2060828 | Rdr |3d c9 e6 6c! | !! |
2251500 | 2256268 | Rdr |62! 20! b8 45 | !! |
2453516 | 2458220 | Rdr |34! ea c9! c4! | !! |
2653580 | 2655788 | Rdr |50! 00! | | HALT
2735158 | 2736150 | Rdr |52(7) | | WUPA
2737386 | 2739754 | Tag |02 00 | |
2747172 | 2757636 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
2758872 | 2762456 | Tag |18 37 cd | |
2838412 | 2840620 | Rdr |50! 00! | | HALT
2926114 | 2927106 | Rdr |52(7) | | WUPA
2928342 | 2930710 | Tag |02 00 | |
2938112 | 2948576 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
2949812 | 2953396 | Tag |18 37 cd | |
3061232 | 3066000 | Rdr |60 04 d1 3d | ok | AUTH-A(4)
3068196 | 3072868 | Tag |e2 4e f1 be | | AUTH: nt
3084012 | 3093388 | Rdr |56! 93! c0 38! 98! 62 11 ad | | AUTH: nr ar (enc)
3291740 | 3296444 | Rdr |2f! 30 da 22 | |
3486220 | 3490924 | Rdr |09! 95 84! 86! | !! |
3687996 | 3692700 | Rdr |81 fc! 09! 5e! | !! | MAGIC AUTH-B(252)
3891164 | 3895868 | Rdr |19! c4! 2c! 03 | |
4089628 | 4094332 | Rdr |b9! b6 ad b6! | !! |
4286732 | 4288940 | Rdr |50! 00! | | HALT
4368418 | 4369410 | Rdr |52(7) | | WUPA
4370646 | 4373014 | Tag |02 00 | |
4380416 | 4390880 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
4392116 | 4395700 | Tag |18 37 cd | |
4498060 | 4500268 | Rdr |50! 00! | | HALT
4585126 | 4586118 | Rdr |52(7) | | WUPA
4587354 | 4589722 | Tag |02 00 | |
4597158 | 4607622 | Rdr |93 70 2f 05 ec 42 84 5e a6 | ok | SELECT_UID
4608858 | 4612442 | Tag |18 37 cd | |
6415660 | 6416908 | Rdr |ff | |
6462974 | 6463966 | Rdr |52(7) | | WUPALook's like the mf command is stuck looping, while ISO command try to do a op and fails.
Some information about my environment
[usb] pm3 --> hw version
[ Proxmark3 RFID instrument ]
[ CLIENT ]
Iceman/master/v4.16191-113-g558129c3f 2023-02-27 19:36:29 a91874452
compiled with............. GCC 11.3.0
platform.................. Linux / x86_64
Readline support.......... present
QT GUI support............ present
native BT support......... present
Python script support..... present
Lua SWIG support.......... present
Python SWIG support....... present
[ PROXMARK3 ]
firmware.................. PM3 GENERIC
[ ARM ]
bootrom: Iceman/master/v4.16191-110-g93d7d4677 2023-02-25 15:05:39 a91874452
os: Iceman/master/v4.16191-110-g93d7d4677 2023-02-25 15:05:46 a91874452
compiled with GCC 10.1.0
[ FPGA ]
LF image 2s30vq100 2022-03-23 17:21:05
HF image 2s30vq100 2022-03-23 17:21:16
HF FeliCa image 2s30vq100 2022-03-23 17:21:27
HF 15 image 2s30vq100 2022-03-23 17:21:38
[ Hardware ]
--= uC: AT91SAM7S512 Rev A
--= Embedded Processor: ARM7TDMI
--= Internal SRAM size: 64K bytes
--= Architecture identifier: AT91SAM7Sxx Series
--= Embedded flash memory 512K bytes ( 60% used )
[usb] pm3 --> hw tune
[=] ---------- Reminder ------------------------
[=] `hw tune` doesn't actively tune your antennas,
[=] it's only informative.
[=] Measuring antenna characteristics, please wait...
? 9
[=] ---------- LF Antenna ----------
[+] LF antenna: 26,95 V - 125,00 kHz
[+] LF antenna: 18,30 V - 134,83 kHz
[+] LF optimal: 27,28 V - 123,71 kHz
[+] Approx. Q factor (*): 7,1 by frequency bandwidth measurement
[+] Approx. Q factor (*): 7,9 by peak voltage measurement
[+] LF antenna is OK
[=] ---------- HF Antenna ----------
[+] HF antenna: 15,10 V - 13.56 MHz
[+] Approx. Q factor (*): 4,4 by peak voltage measurement
[+] HF antenna is OK
(*) Q factor must be measured without tag on the antenna
[+] Displaying LF tuning graph. Divisor 88 (blue) is 134,83 kHz, 95 (red) is 125,00 kHz.Bellow are the collection of links I read in hope to fix that. But my knowledge with low level programming is very minimum and I can't read the source code or debug it.
Offline
#2 2023-03-01 20:08:38
- rafaz182
- Contributor
- Registered: 2023-02-28
- Posts: 6
Re: hf mf VS. hf 14a simulation
I uploaded two more logs. This time I tested using the .bin file instead of .eml
hf mf sim --4k
https://pastebin.com/3cV9dcV6
hf 14a sim -t 8
https://pastebin.com/WbF0Qbip
Trying to dump my own emulated card in 14a mode
https://pastebin.com/A4wzEvk7
Last edited by rafaz182 (2023-03-01 20:19:19)
Offline
#3 2023-03-01 20:21:52
- rafaz182
- Contributor
- Registered: 2023-02-28
- Posts: 6
Re: hf mf VS. hf 14a simulation
Offline
Pages: 1