Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2010-01-09 04:25:03

danymag
Contributor
Registered: 2010-01-01
Posts: 17

Credit card size antenna

Today I had another go at building a HF antenna. I tried doing it the scientifical way and followed the formulas in documents that rleroy uploaded (I think). I took a macro picture for measuring the diameter of the USB cable and even though I didn't get anywhere close to an acceptable antenna, here is the picture of the cable, for future reference:

20100108img7335.jpg
The faint gradings on the ruller on top are spaced at 1 mm from each other.

Finally, I got the idea of trying a rectangular antenna the size of the credit card. And it works like wonder. This is the final result:
ccantenna.jpg

You can't really see the wires because i covered them with white tape so they are not loose but the coil has 2 windings, like shown in this image:
ccantennadesign.jpg

As for results (on board with C35 = 100pF) , i get

# HF antenna: 11.47 V @    13.56 MHz

with no tag, which seems modest I know, but when I put the tag (Calypso ISO 14443 B credit card sized) on top it goes like this:

# HF antenna:  2.19 V @    13.56 MHz

a whole 9.28 V lower. In my ignorance for physics I say that because the coupling with the tag antenna has a high impact, this can only be a good thing.

Where before, with the same ~12V on the antenna with no tag and 8V with tag, I managed to read the tag 2/3 of the times, now it's 100% success.

Last edited by danymag (2010-04-06 22:28:05)

Offline

#2 2010-04-05 10:49:46

andrewt
Member
Registered: 2010-04-05
Posts: 7

Re: Credit card size antenna

Hi danymag, can you read a ISO 14443 B credit card with your antenna? 2.19V is very low. I don't understand how to resolved the problem.

Offline

#3 2010-04-05 11:32:40

proxcat
Contributor
Registered: 2008-11-28
Posts: 62
Website

Re: Credit card size antenna

The 2.19V was a result of having the tag in-field. The tag 'absorbed' 9 of the 11V initially measured.

Offline

#4 2010-04-05 12:26:50

andrewt
Member
Registered: 2010-04-05
Posts: 7

Re: Credit card size antenna

Thank you proxcat, but with my PM3 last SVN 434, but the problem is also with other versions, I have this:

without tag
# HF antenna: 11.63 V @    13.56 MHz

with tag ISO14443B
# HF antenna:  3.64 V @    13.56 MHz
# Your HF antenna is marginal.

and every operation not work, I can't read, I can't sniff data.

Offline

#5 2010-04-05 12:31:37

proxcat
Contributor
Registered: 2008-11-28
Posts: 62
Website

Re: Credit card size antenna

The tuning results you posted are fine. What type of card are you trying to read and how are you trying to read it?

Offline

#6 2010-04-05 12:41:32

andrewt
Member
Registered: 2010-04-05
Posts: 7

Re: Credit card size antenna

The card is a ISO14443B I don't have other information on it.

proxmark3> hf 14b list
proxmark3> recorded activity:
time  :rssi: who bytes
---------+----+----+-----------
+      0: -481099776: TAG 00 00 0a 0b 32 a0 e3 43 36 a0 e1 0b 22   **FAIL CRC**
proxmark3> hf 14b read
#db# 2 0 0
proxmark3> hf 14b demod
too weak to sync

Offline

#7 2010-04-05 12:53:41

andrewt
Member
Registered: 2010-04-05
Posts: 7

Re: Credit card size antenna

I test a Tag-it HF and I have this result:

without tag
# HF antenna: 11.60 V @    13.56 MHz

with tag Tag-it HF
# HF antenna:  1.32 V @    13.56 MHz
# Your HF antenna is unusable.

and when I try with

proxmark3> hf 15 read
proxmark3> hf 15 demod

nothing appear.

EDIT:

proxmark3> hf 15 reader
#db# 12 octets read from IDENTIFY request: 0 0 5b 44
#db# 0 octets read from SELECT request: 13 0 0 ea 9f
#db# 0 octets read from XXX request: 1 30 3 e2 0 0 53

Last edited by andrewt (2010-04-05 12:57:10)

Offline

#8 2010-04-05 14:04:10

proxcat
Contributor
Registered: 2008-11-28
Posts: 62
Website

Re: Credit card size antenna

If you have access to a reader, I would recommend snooping first. Setup your HF antenna between the tag and reader with the prox powered on. Then run

hf 14b snoop

Acknowledge somehow that the reader has read the tag. Then press the proxmark's button to stop reading (if it doesn't stop on its own). Next, run.

hf 14b list

The above commands are guesses as I have not worked with the latest (SVN) code much. I don't think you need a 'hf 14b demod' since the snoop code should be demoding on the fly. With older clients (e.g. 20090905) you could do hi14read and then use hexsamples to view the initial (raw) response from a type-b tag. I don't believe the current code base has complete support for ISO14443B but you should be able to view { command, response } pairs if you snoop comms between a reader and tag and then go from there.

Offline

#9 2010-04-05 15:52:09

proxcat
Contributor
Registered: 2008-11-28
Posts: 62
Website

Re: Credit card size antenna

I just dug up an old 14443B card and tried a read with 20090905. Results are below.

> hi14read
#db# 00000003, 00000000, 00000000

> hi14list
recorded activity:
time    :rssi: who bytes
---------+----+----+-----------
+      0:    :     44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44   **FAIL CRC**
+      0:    :     44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 ff 03 00 03 00   **FAIL CRC**
+-1145128001:    :     00 03 ff   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+  65280:    :     00 03 ff   **FAIL CRC**
+ -65280:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 ff   **FAIL CRC**
+2130706432: 261891: TAG 00 03 00   **FAIL CRC**
+-2130706432:    :     00 03 ff   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 ff   **FAIL CRC**
+2130706432: 261891: TAG 00 03 ff   **FAIL CRC**
+-2130706432:    :     00 03 ff   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+      0:    :     00 03 00   **FAIL CRC**
+  65280:    :     44 44 44 44 44 44 44 44 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   **FAIL CRC**
+-261891:    :      (SHORT)
+      0:    :      (SHORT)
+      0:    :      (SHORT)
+      0:    :      (SHORT)
+      0:    :      (SHORT)
+      0:    :      (SHORT)

After looking at your original post again, it looks like you may have received a response from the tag.

+      0: -481099776: TAG 00 00 0a 0b 32 a0 e3 43 36 a0 e1 0b 22   **FAIL CRC**

Offline

#10 2010-04-05 16:45:08

andrewt
Member
Registered: 2010-04-05
Posts: 7

Re: Credit card size antenna

proxcat wrote:

The above commands are guesses as I have not worked with the latest (SVN) code much.

Thank you proxcat for you help, so is better downgrade the firmware in my PM3.

I try with this sequence:

proxmark3> hf 14b read
#db# 3 0 0
proxmark3> hf 14b list
proxmark3> recorded activity:
time  :rssi: who bytes
---------+----+----+-----------
+      0:    :     44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44   **FAIL CRC**
+      0:    :     44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 ff 04 00 03 ff 03 ff 04 00 03 ff 04 00 03 ff 03 ff 04 ff 03 ff 04 00 03 ff 03   **FAIL CRC**

Are normal all this  44 44 44 44 44 44 44 44 44 44 44 44.... ? Also with last SVN?
So the problem not is the antenna, but the support for ISO14443B. Is it correct?

After hf 14b read if I press the button nothing happens.

Offline

#11 2010-04-05 19:10:34

proxcat
Contributor
Registered: 2008-11-28
Posts: 62
Website

Re: Credit card size antenna

You only need to press the button if you ran 'hf 14b snoop' -- that's how it was in older versions of the code.

To rule out your antenna being the problem you should test on something that is well supported like iso14443a. If you have a reader (e.g. OmniKey 5321) it's easy to verify that your antenna is working.

Check out the section titled "snooping on mifare" in the user guide found here proxmark3.com/dl/PM3-UserGuide-v5.pdf.

Offline

#12 2010-04-06 22:35:31

danymag
Contributor
Registered: 2010-01-01
Posts: 17

Re: Credit card size antenna

andrewt wrote:

Hi danymag, can you read a ISO 14443 B credit card with your antenna? 2.19V is very low. I don't understand how to resolved the problem.

Proxcat is right, the low voltage reading was after placing the card in the field. And yes, I managed to read B card with that, see http://www.proxmark.org/forum/topic/433 … ypso-card/

In my case, I didn't have much difficulty with the card. I can read it repeatedly even at 5 cm from the antenna. Trying to sniff the reader-card communication however can be problematic, and depending on how you place everything (card & antenna distance and angles), you might get only one side of the communication.

Offline

Board footer

Powered by FluxBB