Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Today I had another go at building a HF antenna. I tried doing it the scientifical way and followed the formulas in documents that rleroy uploaded (I think). I took a macro picture for measuring the diameter of the USB cable and even though I didn't get anywhere close to an acceptable antenna, here is the picture of the cable, for future reference:
The faint gradings on the ruller on top are spaced at 1 mm from each other.
Finally, I got the idea of trying a rectangular antenna the size of the credit card. And it works like wonder. This is the final result:
You can't really see the wires because i covered them with white tape so they are not loose but the coil has 2 windings, like shown in this image:
As for results (on board with C35 = 100pF) , i get
# HF antenna: 11.47 V @ 13.56 MHz
with no tag, which seems modest I know, but when I put the tag (Calypso ISO 14443 B credit card sized) on top it goes like this:
# HF antenna: 2.19 V @ 13.56 MHz
a whole 9.28 V lower. In my ignorance for physics I say that because the coupling with the tag antenna has a high impact, this can only be a good thing.
Where before, with the same ~12V on the antenna with no tag and 8V with tag, I managed to read the tag 2/3 of the times, now it's 100% success.
Last edited by danymag (2010-04-06 22:28:05)
Offline
Hi danymag, can you read a ISO 14443 B credit card with your antenna? 2.19V is very low. I don't understand how to resolved the problem.
Offline
The 2.19V was a result of having the tag in-field. The tag 'absorbed' 9 of the 11V initially measured.
Offline
Thank you proxcat, but with my PM3 last SVN 434, but the problem is also with other versions, I have this:
without tag
# HF antenna: 11.63 V @ 13.56 MHz
with tag ISO14443B
# HF antenna: 3.64 V @ 13.56 MHz
# Your HF antenna is marginal.
and every operation not work, I can't read, I can't sniff data.
Offline
The tuning results you posted are fine. What type of card are you trying to read and how are you trying to read it?
Offline
The card is a ISO14443B I don't have other information on it.
proxmark3> hf 14b list
proxmark3> recorded activity:
time :rssi: who bytes
---------+----+----+-----------
+ 0: -481099776: TAG 00 00 0a 0b 32 a0 e3 43 36 a0 e1 0b 22 **FAIL CRC**
proxmark3> hf 14b read
#db# 2 0 0
proxmark3> hf 14b demod
too weak to sync
Offline
I test a Tag-it HF and I have this result:
without tag
# HF antenna: 11.60 V @ 13.56 MHz
with tag Tag-it HF
# HF antenna: 1.32 V @ 13.56 MHz
# Your HF antenna is unusable.
and when I try with
proxmark3> hf 15 read
proxmark3> hf 15 demod
nothing appear.
EDIT:
proxmark3> hf 15 reader
#db# 12 octets read from IDENTIFY request: 0 0 5b 44
#db# 0 octets read from SELECT request: 13 0 0 ea 9f
#db# 0 octets read from XXX request: 1 30 3 e2 0 0 53
Last edited by andrewt (2010-04-05 12:57:10)
Offline
If you have access to a reader, I would recommend snooping first. Setup your HF antenna between the tag and reader with the prox powered on. Then run
hf 14b snoop
Acknowledge somehow that the reader has read the tag. Then press the proxmark's button to stop reading (if it doesn't stop on its own). Next, run.
hf 14b list
The above commands are guesses as I have not worked with the latest (SVN) code much. I don't think you need a 'hf 14b demod' since the snoop code should be demoding on the fly. With older clients (e.g. 20090905) you could do hi14read and then use hexsamples to view the initial (raw) response from a type-b tag. I don't believe the current code base has complete support for ISO14443B but you should be able to view { command, response } pairs if you snoop comms between a reader and tag and then go from there.
Offline
I just dug up an old 14443B card and tried a read with 20090905. Results are below.
> hi14read
#db# 00000003, 00000000, 00000000
> hi14list
recorded activity:
time :rssi: who bytes
---------+----+----+-----------
+ 0: : 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 **FAIL CRC**
+ 0: : 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 00 03 ff 03 00 03 00 **FAIL CRC**
+-1145128001: : 00 03 ff **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 65280: : 00 03 ff **FAIL CRC**
+ -65280: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 ff **FAIL CRC**
+2130706432: 261891: TAG 00 03 00 **FAIL CRC**
+-2130706432: : 00 03 ff **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 ff **FAIL CRC**
+2130706432: 261891: TAG 00 03 ff **FAIL CRC**
+-2130706432: : 00 03 ff **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 0: : 00 03 00 **FAIL CRC**
+ 65280: : 44 44 44 44 44 44 44 44 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 **FAIL CRC**
+-261891: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
After looking at your original post again, it looks like you may have received a response from the tag.
+ 0: -481099776: TAG 00 00 0a 0b 32 a0 e3 43 36 a0 e1 0b 22 **FAIL CRC**
Offline
The above commands are guesses as I have not worked with the latest (SVN) code much.
Thank you proxcat for you help, so is better downgrade the firmware in my PM3.
I try with this sequence:
proxmark3> hf 14b read
#db# 3 0 0
proxmark3> hf 14b list
proxmark3> recorded activity:
time :rssi: who bytes
---------+----+----+-----------
+ 0: : 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 **FAIL CRC**
+ 0: : 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 ff 04 00 03 ff 03 ff 04 00 03 ff 04 00 03 ff 03 ff 04 ff 03 ff 04 00 03 ff 03 **FAIL CRC**
Are normal all this 44 44 44 44 44 44 44 44 44 44 44 44.... ? Also with last SVN?
So the problem not is the antenna, but the support for ISO14443B. Is it correct?
After hf 14b read if I press the button nothing happens.
Offline
You only need to press the button if you ran 'hf 14b snoop' -- that's how it was in older versions of the code.
To rule out your antenna being the problem you should test on something that is well supported like iso14443a. If you have a reader (e.g. OmniKey 5321) it's easy to verify that your antenna is working.
Check out the section titled "snooping on mifare" in the user guide found here proxmark3.com/dl/PM3-UserGuide-v5.pdf.
Offline
Hi danymag, can you read a ISO 14443 B credit card with your antenna? 2.19V is very low. I don't understand how to resolved the problem.
Proxcat is right, the low voltage reading was after placing the card in the field. And yes, I managed to read B card with that, see http://www.proxmark.org/forum/topic/433 … ypso-card/
In my case, I didn't have much difficulty with the card. I can read it repeatedly even at 5 cm from the antenna. Trying to sniff the reader-card communication however can be problematic, and depending on how you place everything (card & antenna distance and angles), you might get only one side of the communication.
Offline
Pages: 1