Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2015-02-14 13:47:06
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
ISO 15693 - Help, with some identification values
To start with, it would be nice if there was a seperate forumthread on the start page for ISO15693. If some moderator could make it happen, then it would be good.
Over to my call for help, I found some EM tags identification list in the sourcecode which needs to be more specific, 0xE016 is the starting bytes and it is the usually the first or second byte afterwards that is needed to specifically identify a tag.
The original list of tag identification comes from Asper.
{ 0xE016 000000000000LL, 16, "EM4033 [IC id = 08] 23,5pF (Read Only - no AFI / no DSFID / no security blocks)" },
{ 0xE016 000000000000LL, 16, "EM4034 [IC id = 01] (Read/Write - no AFI) UID: E016040116006204" },
{ 0xE016 000000000000LL, 16, "EM4035 [IC id = 03] (Read/Write - replaced by 4233) UID: E0160C0108117FFD" },{
{ 0xE016 000000000000LL, 16, "EM4036 [IC id = 05] 28pF" },
{ 0xE016 000000000000LL, 16, "EM4036 [IC id = 37] 95pF" },
{ 0xE016 000000000000LL, 16, "EM4133 [IC id = 07] 23,5pF (Read/Write)" },
{ 0xE016 000000000000LL, 16, "EM4133 [IC id = 39] 95pF (Read/Write)" },
{ 0xE016 000000000000LL, 16, "EM4135 [IC id = ??] (Read/Write - replaced by 4233)" },
{ 0xE016 000000000000LL, 16, "EM4006 [IC id = 06] (Read Only)" },
{ 0xE016 000000000000LL, 16, "EM4233 [IC id = 09] 23,5pF Old EM4233 V2 CustomerID-02 (Read/Write) UID: 6C4E1C06662416E0" },
{ 0xE016 000000000000LL, 16, "EM4233 [IC id = 09] 23,5pF CustomerID-102" },
{ 0xE016 000000000000LL, 16, "EM4233 [IC id = 31] 95pF" },
{ 0xE016 000000000000LL, 16, "EM4233 SLIC [IC id = 10] 23,5pF (1Kb flash memory - not provide High Security mode and QuietStorage feature)" },
{ 0xE016 000000000000LL, 16, "EM4233 SLIC [IC id = 42] 97pF" },
{ 0xE016 000000000000LL, 16, "EM4237 [IC id = 15] 23,5pF" },
{ 0xE016 000000000000LL, 16, "EM4237 [IC id = 47] 97pF" },Last edited by iceman (2015-02-14 16:51:26)
Offline
#2 2015-02-14 14:17:36
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: ISO 15693 - Help, with some identification values
E0 16 .. .. . .
16 = Manufacturer Code (EM Microelectronic)
IC id is represented by bits from 42 to 46 (starting from bit0)
EXAMPLE: UID = E0162466061C4E6C -> 11100000 00010110 0[01001]00 01100110 00000110 00011100 01001110 01101100
IC id is between [].
You can remove 1 of the 2 "EM4233 [IC id = 09]"
I agree with a new ISO15693 section.
Last edited by asper (2015-02-14 14:21:03)
Offline
#3 2015-02-14 15:05:17
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: ISO 15693 - Help, with some identification values
aha! i see.
I'm on it. I saw that one IC id is 37, which is 100101 (bin) which doesn't fit in your suggested space...
EXAMPLE: UID = E0162466061C4E6C -> 11100000 00010110 0[01001]00 01100110 00000110 00011100 01001110 01101100
Offline
#4 2015-02-14 15:24:32
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: ISO 15693 - Help, with some identification values
The new updated list looks like this. Thanks Asper!
{ 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)"},
{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034 [IC id = 01] (Read/Write - no AFI)"},
{ 0xE0160C0000000000LL, 24, "EM-Marin SA (Skidata); EM4035 [IC id = 03] (Read/Write - replaced by 4233)"},
{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13"},
{ 0xE016140000000000LL, 24, "EM-Marin SA (Skidata); EM4036 [IC id = 05] 28pF"},
{ 0xE016180000000000LL, 24, "EM-Marin SA (Skidata); EM4006 [IC id = 06] (Read Only)"},
{ 0xE0161C0000000000LL, 24, "EM-Marin SA (Skidata); EM4133 [IC id = 07] 23,5pF (Read/Write)"},
{ 0xE016200000000000LL, 24, "EM-Marin SA (Skidata); EM4033 [IC id = 08] 23,5pF (Read Only - no AFI / no DSFID / no security blocks)"},
{ 0xE016240000000000LL, 24, "EM-Marin SA (Skidata); EM4233 [IC id = 09] 23,5pF CustomerID-102"},
{ 0xE016280000000000LL, 24, "EM-Marin SA (Skidata); EM4233 SLIC [IC id = 10] 23,5pF (1Kb flash memory - not provide High Security mode and QuietStorage feature)" },
{ 0xE0163C0000000000LL, 24, "EM-Marin SA (Skidata); EM4237 [IC id = 15] 23,5pF"},
{ 0xE0167C0000000000LL, 24, "EM-Marin SA (Skidata); EM4233 [IC id = 31] 95pF"},
{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit"},1110 0000 0001 0110 0[000 00]00
E 0 1 6
These ones has a IC id which is bigger than the alloted bit space. Suggestions?
{ 0xE016 000000000000LL, 16, "EM4036 [IC id = 37] 95pF" }, 0 100101 00
{ 0xE016 000000000000LL, 16, "EM4133 [IC id = 39] 95pF (Read/Write)" }, 0 100111 00
{ 0xE016 000000000000LL, 24, "EM4135 [IC id = ??] (Read/Write - replaced by 4233)" },
{ 0xE016 000000000000LL, 24, "EM4233 SLIC [IC id = 42] 97pF" },
{ 0xE016 000000000000LL, 24, "EM4237 [IC id = 47] 97pF" },Offline
#5 2015-02-14 15:35:19
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: ISO 15693 - Help, with some identification values
They will probably use also bit47 (not confirmed, no offical doc available).
Offline
#6 2015-02-14 17:00:47
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: ISO 15693 - Help, with some identification values
Final form.
{ 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)"},
{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034 [IC id = 01] (Read/Write - no AFI)"},
{ 0xE0160C0000000000LL, 24, "EM-Marin SA (Skidata); EM4035 [IC id = 03] (Read/Write - replaced by 4233)"},
{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135 [IC id = 04] (Read/Write - replaced by 4233) 36x64bit start page 13"},
{ 0xE016140000000000LL, 24, "EM-Marin SA (Skidata); EM4036 [IC id = 05] 28pF"},
{ 0xE016180000000000LL, 24, "EM-Marin SA (Skidata); EM4006 [IC id = 06] (Read Only)"},
{ 0xE0161C0000000000LL, 24, "EM-Marin SA (Skidata); EM4133 [IC id = 07] 23,5pF (Read/Write)"},
{ 0xE016200000000000LL, 24, "EM-Marin SA (Skidata); EM4033 [IC id = 08] 23,5pF (Read Only - no AFI / no DSFID / no security blocks)"},
{ 0xE016240000000000LL, 24, "EM-Marin SA (Skidata); EM4233 [IC id = 09] 23,5pF CustomerID-102"},
{ 0xE016280000000000LL, 24, "EM-Marin SA (Skidata); EM4233 SLIC [IC id = 10] 23,5pF (1Kb flash memory - not provide High Security mode and QuietStorage feature)" },
{ 0xE0163C0000000000LL, 24, "EM-Marin SA (Skidata); EM4237 [IC id = 15] 23,5pF"},
{ 0xE0167C0000000000LL, 24, "EM-Marin SA (Skidata); EM4233 [IC id = 31] 95pF"},
{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); EM4036 [IC id = 37] 95pF 51x64bit "},
{ 0xE0169c0000000000LL, 24, "EM-Marin SA (Skidata); EM4133 [IC id = 39] 95pF (Read/Write)" },
{ 0xE016A80000000000LL, 24, "EM-Marin SA (Skidata); EM4233 SLIC [IC id = 42] 97pF" },
{ 0xE016BC0000000000LL, 24, "EM-Marin SA (Skidata); EM4237 [IC id = 47] 97pF" },Offline
#7 2015-02-14 17:02:13
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: ISO 15693 - Help, with some identification values
looking at the number, we can guess some IC ID's:
00, 04, 0c,
10, 14, 18, 1c,
20, 24 28
3c
7c
94, 9c
a8
bcOffline
#8 2015-02-14 21:28:57
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: ISO 15693 - Help, with some identification values
EM seems not to have a spacific way to "name" his ICs... it seems to be a random naming/numbering system (I tryed to check date-time ralation, release year relation, but I was out of luck..)
Offline
#9 2015-02-15 14:13:22
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: ISO 15693 - Help, with some identification values
Fill in the gaps? Just a wild idea.
08
2C
30, 34, 38
70, 74, 78
A0, A4, AC
B0, B4, B8
These are "available"..
Offline