Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hello,
the 8bit CRC cheksum of the answer to the Challenge request is not build the same way as every other CRC in the protocol.
Its not known which Bytes/bits goes into to the CRC i tried every possible combination and still didnt get it right. The Challenge request is the only packet that the reader sends without a CRC so i think the CRC of the response could use them.
The CRC-Function and protocol is in http://www.proxmark.org/files/Documents/125%20kHz%20-%20Hitag/HitagS.V11.pdf and here
are some traces:
+ 90: 45: 01 15 c1 14 65 38 00000 22b8228c a7
+ 209: 44: TAG fc! a9! 34 0f! fc! 60! 1111 ca9340ff c6
+ 90: 64: 44 33 22 11 ba e9 e7 9f 4byte rnd + 4byte
+ 209: 44: TAG f0! 6a! d2! b1! ef 70 06ad2b1e f7(CRC)
+ 90: 45: 01 15 c1 14 65 38
+ 209: 44: TAG fc! a9! 34 0f! fc! 60!
+ 90: 64: 55 44 33 22 22 e6 80 d6
+ 209: 44: TAG f6! c6! 43 10 31 60! 16(CRC)
+ 90: 45: 01 15 c1 14 65 38
+ 209: 44: TAG fc! a9! 34 0f! fc! 60!
+ 90: 64: 66 55 44 33 bf 58 64 2c
+ 193: 44: TAG f2 bd! 23 ba 85 c0! 5c(CRC)
Can someone please help me out on how the CRC's 0xf7, 0x16 and 0x5c are calculated?
*edit*: i found out that the 4 bytes of the last message are the last bytes that are calculated to the crc and that the first 4 byte of the message befor doesnt matter
Last edited by Sixkay (2015-08-03 23:03:41)
Offline
Pages: 1