Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2015-01-11 21:30:46
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
HF 14A SNOOP -- missing a anticoll?
Snooped via "hf 14a snoop"... and it missing one "93 20" call I think..
pm3 --> hf 14a snoop
#db# COMMAND FINISHED
#db# maxDataLen=3, Uart.state=0, Uart.len=1
#db# traceLen=2997, Uart.output[0]=00000052
pm3 --> hf list 14a
Recorded Activity
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 992 | Rdr | 52 | | WUPA
2244 | 4612 | Tag | 01 0f | |
13216 | 23680 | Rdr | 93 70 46 b8 77 b1 38 c2 35 | | ANTICOLL
24916 | 28500 | Tag | 01 77 40 | |
34688 | 39456 | Rdr | 50 00 57 cd | | HALT
176272 | 177328 | Rdr | 26 | | REQA
448512 | 449504 | Rdr | 52 | | WUPA
450756 | 453124 | Tag | 01 0f | |
461712 | 472176 | Rdr | 93 70 46 b8 77 b1 38 c2 35 | | ANTICOLL
473412 | 476996 | Tag | 01 77 40 | |
483472 | 488240 | Rdr | 50 00 57 cd | | HALT
625008 | 626064 | Rdr | 26 | | REQA
897152 | 898144 | Rdr | 52 | | WUPA
899396 | 901764 | Tag | 01 0f | |
910480 | 920944 | Rdr | 93 70 46 b8 77 b1 38 c2 35 | | ANTICOLL
922196 | 925780 | Tag | 01 77 40 | |
931904 | 936672 | Rdr | 50 00 57 cd | | HALT
1073520 | 1074576 | Rdr | 26 | | REQABECAUSE:
i did a "hf 14a sim" before and got this from the reader:
hf 14a sim 5 00000003
7270966 | 7272022 | Rdr | 26 | | REQA
7273194 | 7275562 | Tag | 01 0f | |
7282798 | 7285262 | Rdr | 93 20 | | ANTICOLL
7286434 | 7292258 | Tag | 00 00 00 03 03 | |
7302602 | 7313130 | Rdr | 93 70 00 00 00 03 03 6f c1 | | ANTICOLL
7314302 | 7317886 | Tag | 01 77 40 | |
7324062 | 7328830 | Rdr | 50 00 57 cd | | HALT
7461540 | 7462532 | Rdr | 52 | | WUPA
7463768 | 7466136 | Tag | 01 0f | |
7475052 | 7485580 | Rdr | 93 70 00 00 00 03 03 6f c1 | | ANTICOLL
7486752 | 7490336 | Tag | 01 77 40 | |
Offline
#2 2015-01-11 22:43:45
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: HF 14A SNOOP -- missing a anticoll?
Preamble:
26 -> asks all tags that are new in the field to respond (new = they have not responded before)
52 -> wakes up all tags that are in the field (newer or not)
Based on the ATQA value the reader is able to detect if it is a single or multiple (double/triple - bit7+bit8 starting numbering from bit1) uid tag.
9320 is the anticollision command to see if there are other tags in the field.
9370 selects a specific uid.
Maybe this explains better (taken from ISO14443-3 datasheet):
In the 2ndt case I cannot see the UID sent by the tag after 9320... the 9320 is not present... maybe it was sent before logging ? Otherwise it is impossible for the reader to know "46 b8 77 b1" if not requested before with a 93 20.
Last edited by asper (2015-01-12 11:38:45)
Offline
#3 2015-01-11 22:52:21
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: HF 14A SNOOP -- missing a anticoll?
ok. Good. bon.
@ asper, however, this isn't the response we wanted to get out from the specific device, It never continues to read block 0...
Offline
#4 2015-01-11 23:38:46
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: HF 14A SNOOP -- missing a anticoll?
There is the possibility that the reader has an uid filter; try to change the uid with a value nearer to the ones you already got, if only one is "accepted" (you see an auth) so a filter is present (bad for research purpose but still good).
Can you make a snoop with an original tag?
Is it possible that it reads blocks only if it s working with the software?
Last edited by asper (2015-01-12 11:40:09)
Offline