Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2018-06-24 01:14:19
- mic_hkhk
- Contributor
- Registered: 2018-06-23
- Posts: 3
a popular toy Snack World datafig
I am new to this forum.
I am trying to dump the data of the Switch Game Snack World nfc datafig
http://www.takaratomy.co.jp/products/sn … eup/#anc06
Toy token is
1. Mifare NTAG213
2. 144 bytes
I got 2 problems
1. I use "hf mfu info", but no Tag configuration can be read.
How can I read it out?
--- Tag Information ---------
-------------------------------------------------------------
TYPE : NTAG 213 144bytes (NT2H1311G0DU)
UID : 04 93 44 3A ED 4C 80
UID[0] : 04, NXP Semiconductors Germany
BCC0 : 5B, Ok
BCC1 : 1B, Ok
Internal : 48, default
Lock : 30 00 - 40
OneTimePad : E1 10 12 00 - 2110
--- NDEF Message
Capability Container: E1 10 12 00
E1 : NDEF Magic Number
10 : version 1.0 supported by tag
12 : Physical Memory Size: 152 bytes
12 : NDEF Memory Size: 144 bytes
00 : Read access granted without any security / Write access granted without any security
--- Tag Signature
IC signature public key name : NXP NTAG21x (2013)
IC signature public key value : 04 49 4E 1A 38 6D 3D 3C FE 3D C1 0E 5D E6 8A 49 9B 1C 20 2D B5 B1 32 39 3E 89 ED 19 FE 5B E8 BC 61
Elliptic curve parameters : secp128r1
Tag ECC Signature : DD CD 68 10 01 8E F4 DA A1 98 86 FD 96 E7 D8 C4 47 26 15 11 4C FD 5F 8A 76 31 C8 1B 7A FA 2A 5E
--- Tag Version
Raw bytes : 00 04 04 02 01 00 0F 03
Vendor ID : 04, NXP Semiconductors Germany
Product type : 04, NTAG
Product subtype : 02, 50pF
Major version : 01
Minor version : 00
Size : 0F, (256 <-> 128 bytes)
Protocol type : 03 (ISO14443-3 Compliant)
2. When use command "hf 14a sniff", I got the record from tag only. No matter what reader i use (Smartphone / Switch/ 3ds)
I tried:
card - proxmark - reader
proxmark - card - reader
But no luck
pm3 --> hf 14a sniff
#db# Starting to sniff
#db# maxDataLen=207, Uart.state=0, Uart.len=0
#db# traceLen=506, Uart.output[0]=00000000
pm3 --> hf 14a list
trace pointer not allocated
Recorded Activity (TraceLen = 506 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 2368 | Tag |44 00 | |
917872 | 920240 | Tag |44 00 | |
936784 | 942672 | Tag |88 04 93 44 5b | |
968144 | 971664 | Tag |04 da 17 | |
988032 | 993856 | Tag |3a ed 4c 80 1b | |
1018464 | 1022048 | Tag |00 fe 51 | |
3998112 | 4000480 | Tag |44 00 | |
4916256 | 4918624 | Tag |44 00 | |
4935168 | 4941056 | Tag |88 04 93 44 5b | |
4966512 | 4970032 | Tag |04 da 17 | |
4986400 | 4992224 | Tag |3a ed 4c 80 1b | |
5016800 | 5020384 | Tag |00 fe 51 | |
6111984 | 6132848 | Tag |04 93 44 5b 3a ed 4c 80 1b 48 30 00 e1 10 12 00 05 57 | ok |
9489072 | 9491440 | Tag |44 00 | |
10407152 | 10409520 | Tag |44 00 | |
10426048 | 10431936 | Tag |88 04 93 44 5b | |
10457408 | 10460928 | Tag |04 da 17 | |
10477296 | 10483120 | Tag |3a ed 4c 80 1b | |
10507712 | 10511296 | Tag |00 fe 51 | |
11599568 | 11604240 | Tag |04 17 fe 1d | |
13022560 | 13034144 | Tag |c0 00 04 91 00 00 00 00 d4 de | ok |
27992304 | 27994672 | Tag |44 00 | |
28910336 | 28912704 | Tag |44 00 | |
28929248 | 28935136 | Tag |88 04 93 44 5b | |
28960592 | 28964112 | Tag |04 da 17 | |
28980480 | 28986304 | Tag |3a ed 4c 80 1b | |
29010880 | 29014464 | Tag |00 fe 51 | |
43648144 | 43650512 | Tag |44 00 | |
44565712 | 44568080 | Tag |44 00 | |
44584624 | 44590512 | Tag |88 04 93 44 5b | |
44615968 | 44619488 | Tag |04 da 17 | |
44635840 | 44641664 | Tag |3a ed 4c 80 1b | |
44666256 | 44669840 | Tag |00 fe 51 | |
59305568 | 59307936 | Tag |44 00 | |
60223552 | 60225920 | Tag |44 00 | |
60242464 | 60248352 | Tag |88 04 93 44 5b | |
60273808 | 60277328 | Tag |04 da 17 | |
60293680 | 60299504 | Tag |3a ed 4c 80 1b | |
60324080 | 60327664 | Tag |00 fe 51 | |Here is my hw ver:
Proxmark3 RFID instrument
[ ARM ]
bootrom: iceman/master/ice_v3.1.0-881-g28a4260e 2018-06-19 14:08:01
os: iceman/master/ice_v3.1.0-881-g28a4260e 2018-06-19 14:08:07
[ FPGA ]
LF image built for 2s30vq100 on 2017/10/25 at 19:50:50
HF image built for 2s30vq100 on 2017/11/10 at 19:24:16
[ Hardware ]
--= uC: AT91SAM7S512 Rev A
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 238952 bytes (46%) Free: 285336 bytes (54%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash MemoryI know this too long, but i have try to search in this forum, but still cannot find out the solution
Thanks and forgive my poor english.
Offline
#2 2018-06-24 06:38:17
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: a popular toy Snack World datafig
Your sniff trace indicates you didnt get the reader communications.
Antenna voltages:
hw tune
Sniffing is a delicate question on finding a good spot with the pm3 antenna to pick up all communications.
Offline
#3 2018-06-24 06:51:42
- mic_hkhk
- Contributor
- Registered: 2018-06-23
- Posts: 3
Re: a popular toy Snack World datafig
Your sniff trace indicates you didnt get the reader communications.
Antenna voltages:
hw tuneSniffing is a delicate question on finding a good spot with the pm3 antenna to pick up all communications.
Thanks for your reply
Here is the result of hw tune
is it not sensitive to detect the signal from reader?
pm3 --> hw tune
[=] measuring antenna characteristics, please wait...
...
[+] LF antenna: 38.81 V - 125.00 kHz
[+] LF antenna: 32.57 V - 134.00 kHz
[+] LF optimal: 39.23 V - 126.32 kHz
[+] LF antenna is OK
[+] HF antenna: 30.16 V - 13.56 MHz
[+] HF antenna is OK
[+] Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.Offline
#4 2019-02-23 13:05:30
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: a popular toy Snack World datafig
looks like a ok hf antenna.
try different position / distances to get a proper sniff with both reader and tag communications in it.
Offline
Pages: 1