Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Topic closed
#1 2021-02-09 18:32:43
- GlennGlenn
- Contributor
- Registered: 2021-02-09
- Posts: 10
Hitag2 query
Hi all
My first post is a real tester.
I am trying to write to the read only page 0 IDE of a Hitag2 device (PCF7936AT).
The datasheet says it is one of 8 pages of EEPROM each holding 32 bits.
Page 0 seems to be written and made read only at manufacture.
My guess is:
1) NXP have a specific password (page 1) to enable page 0 writes.
2) The 2 MSB's of page 2 are used in the page 0 write process.
The 2 MSB's of page 2 (20F0 hex) is deemed unused in the datasheet
but if it is changed to (18F0) it still works but the (18) cannot be overwitten again.
I found this (18F0) config in another version of Hitag2, so these bits do something.
Does anyone have any idea how I could achieve this?.
Thanx
Offline
#2 2021-02-09 20:22:13
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Hitag2 query
Welcome and thank you for reading the introduction post http://www.proxmark.org/forum/viewtopic.php?id=1125.
Your access rights has been updated.
Offline
Pages: 1
Topic closed