Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2011-10-20 15:24:59
- moebius
- Contributor
- Registered: 2011-03-10
- Posts: 206
13.56Mhz Sielox tags...
Hello you smart boys (and girls?? any?)
I'm trying to understand the tags being used by Sielox http://www.sielox.com/.
Specifically, Sielox's Performa® Proximity Plus® and Mirage.
I have one Enroll USB reader from RFIDEAS that is able o read both tags and write in a notepad the tag ID. That's all.
I'll upload some images later of both tags and reader.
As these tags are 13.56mhz, the typical approach using lf read, lf smaples .. bla bla won't work.. so I'm looking for new ideas...
I'm going to post all my little research here. Any help will be veeeery appreciated.
thanks!
Offline
#2 2011-10-22 18:18:04
- moebius
- Contributor
- Registered: 2011-03-10
- Posts: 206
Re: 13.56Mhz Sielox tags...
Ok, two photos here:
http://img26.imageshack.us/img26/9615/photo1dnt.jpg
http://img225.imageshack.us/img225/2199/photoag.jpg
This is an example of an output of a Proximity Plus Checkpoint badge: 204900130
This is an example of an output of a Sielox Mirage badge: 1332156
It has to be possible to exactly copy a waveform and repeat it.. maybe using some microcontroller...
I contacted the president of Sielox company, but she refuses to send any info, stating that the protocol is private.
Also, the guys from RFIDeas, they answered my emails, but as soon as I asked for some low level data, they just dissapeared.
I don't know where to start... I tried every command inside the proxmark but none of them output some interesting info.
Ideas?? Thanks!
Offline
#3 2011-10-26 11:27:11
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: 13.56Mhz Sielox tags...
Another example of "security through obscurity".
moebius
What do you want-to read this cards or simulate them? What you can do is:
Disassemble your reader(s), post here photos, ICs names, values etc. Maybe you will find some popular chip like PN53x.
There was command like hisamlpes on old(2009.09.05) pm3 f/ware release, so you need only to write some code(Which is hard because you don't know modulation, bitrate,etc)
Download the API(if it exists)and do some research
Offline
#4 2011-10-29 16:26:01
- moebius
- Contributor
- Registered: 2011-03-10
- Posts: 206
Re: 13.56Mhz Sielox tags...
Hey Vivat! sorry for the delay in my response.
The final goal is to simulate these tags.
There's no PM53X inside the reader. I'll post some pics of the PCB later. There's no API, It's an enrollment reader, just outputting the UID like a HID does.
thanks.
Offline
#5 2011-11-08 17:34:28
- moebius
- Contributor
- Registered: 2011-03-10
- Posts: 206
Re: 13.56Mhz Sielox tags...
Vivat! Yes, I'm alive, but a little busy! That's why I'm not posting anything.
I believe that in two weeks I'm going to be a little more relaxed thus participate in the forum.
Thanks!!
Offline
#6 2014-10-15 15:31:35
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: 13.56Mhz Sielox tags...
I'm guessing this went nowhere. 
Offline
#7 2015-09-21 14:42:00
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
Hi, I have photo of sielox chip, I could not get anything out of this tag,
photo is https://www.sendspace.com/file/xy8wbw
[== Undefined ==]
proxmark3> hf search
UID : 01 00 00 00
ATQA : 00 01
SAK : 01 [2]
TYPE : NXP TNP3xxx Activision Game Appliance
proprietary non iso14443-4 card found, RATS not supported
#db# halt error. response len: 1
Answers to chinese magic backdoor commands: NO
Valid ISO14443A Tag Found - Quiting SearchOffline
#8 2015-09-21 14:53:15
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
@go_tus,
What does your tag look like on the outside? Some markings, numbers, text?
And did you try the other HF commands? Since "hf search" quits when it finds a match.. It could be a false positive in this case..
Offline
#9 2015-09-21 15:14:47
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
Hi, here is the tag photo, https://www.sendspace.com/file/nsboyu
I don't know what command to try out, I am sure it's 13.56Mhz tag.
that was all I know about it. There is no number on the tag.
I tried hf 15 commands nothing happened.
Last edited by Go_tus (2015-09-21 15:27:46)
Offline
#11 2015-09-21 18:10:36
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
@asper thank you 
@iceman
I hooked up acr reader on computer and snoop the communication between tag and reader, look different from S50
[== Undefined ==]
proxmark3> hf 14a snoop
#db# cancelled by button
#db# COMMAND FINISHED
#db# maxDataLen=3, Uart.state=0, Uart.len=0
#db# traceLen=561, Uart.output[0]=00000026
proxmark3> hf list 14a
Recorded Activity (TraceLen = 561 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 256 | Tag | 00! | |
61888 | 62144 | Tag | 00! | |
3074492 | 3075548 | Rdr | 26 | | REQA
3150380 | 3151436 | Rdr | 26 | | REQA
3649196 | 3650252 | Rdr | 26 | | REQA
3724844 | 3725900 | Rdr | 26 | | REQA
7281356 | 7282412 | Rdr | 26 | | REQA
7357260 | 7358316 | Rdr | 26 | | REQA
7856060 | 7857116 | Rdr | 26 | | REQA
7931708 | 7932764 | Rdr | 26 | | REQA
8139920 | 8142160 | Tag | df! fd | |
11488236 | 11489292 | Rdr | 26 | | REQA
11496012 | 11497068 | Rdr | 26 | | REQA
15430604 | 15431340 | Rdr | 12! | | ?
15868508 | 15869564 | Rdr | 26 | | REQA
23193676 | 23194732 | Rdr | 26 | | REQA
27655728 | 27656816 | Tag | f7 | |
27721120 | 27722208 | Tag | e5 | |
38702860 | 38703916 | Rdr | 26 | | REQA
43065212 | 43066268 | Rdr | 26 | | REQA
48879952 | 48880144 | Tag | 01 | |
48882720 | 48883040 | Tag | 02 | |
49033936 | 49034128 | Tag | 01 | |
50522668 | 50523724 | Rdr | 26 | | REQA
50530476 | 50531532 | Rdr | 26 | | REQA
50968700 | 50969756 | Rdr | 26 | | REQA
54457004 | 54458060 | Rdr | 26 | | REQA
54464300 | 54465356 | Rdr | 26 | | REQA
54606012 | 54606236 | Rdr | 01 | | ?
54894396 | 54895452 | Rdr | 26 | | REQA
54902924 | 54903980 | Rdr | 26 | | REQA
58390876 | 58391932 | Rdr | 26 | | REQA
58398540 | 58399596 | Rdr | 26 | | REQA
58828620 | 58829676 | Rdr | 26 | | REQA
58836796 | 58837852 | Rdr | 26 | | REQA
62325388 | 62326444 | Rdr | 26 | | REQA
62401292 | 62402348 | Rdr | 26 | | REQA
62899964 | 62901020 | Rdr | 26 | | REQA
62975484 | 62976540 | Rdr | 26 | | REQA
66531996 | 66533052 | Rdr | 26 | | REQA
66554748 | 66555804 | Rdr | 26 | | REQA
66862124 | 66863180 | Rdr | 26 | | REQA
66869212 | 66870268 | Rdr | 26 | | REQA
67338368 | 67339328 | Tag | 6c! | |
67347872 | 67348128 | Tag | 00! | |
67360416 | 67360608 | Tag | 01 | |
68645536 | 68645728 | Tag | 01 | |
68647376 | 68647696 | Tag | 03! | |
70357420 | 70358476 | Rdr | 26 | | REQA
70365980 | 70367036 | Rdr | 26 | | REQA
70752364 | 70752972 | Rdr | 09! | | ?
74395728 | 74396304 | Tag | 0a! | |
74421840 | 74422160 | Tag | 02 | |
74579708 | 74580636 | Rdr | 13 | | ?
74787436 | 74788428 | Rdr | 69! | | ?
82239996 | 82241052 | Rdr | 26 | | REQA
proxmark3> hf 14a snoop
#db# cancelled by button
#db# COMMAND FINISHED
#db# maxDataLen=3, Uart.state=0, Uart.len=0
#db# traceLen=381, Uart.output[0]=00000013
proxmark3> hf list 14a
Recorded Activity (TraceLen = 381 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 1056 | Rdr | 26 | | REQA
7808 | 8864 | Rdr | 26 | | REQA
438064 | 439120 | Rdr | 26 | | REQA
444976 | 446032 | Rdr | 26 | | REQA
1927620 | 1928964 | Tag | fe! 01 | |
1933588 | 1934292 | Tag | 1e! | |
1940756 | 1940948 | Tag | 01 | |
2909684 | 2909940 | Tag | 00! | |
3932752 | 3933808 | Rdr | 26 | | REQA
3940832 | 3941888 | Rdr | 26 | | REQA
4285280 | 4286336 | Rdr | 26 | | REQA
4292432 | 4293488 | Rdr | 26 | | REQA
6001492 | 6001812 | Tag | 02 | |
6026404 | 6026660 | Tag | 00! | |
7780960 | 7782016 | Rdr | 26 | | REQA
8041204 | 8042292 | Tag | be! | |
8314660 | 8315364 | Tag | 1f | |
8460004 | 8460324 | Tag | 03! | |
9246260 | 9246516 | Tag | 00! | |
9290692 | 9291140 | Tag | 06! | |
9299172 | 9299364 | Tag | 01 | |
9339972 | 9340292 | Tag | 03! | |
9382548 | 9383252 | Tag | 1f | |
9390468 | 9390660 | Tag | 01 | |
9395188 | 9395956 | Tag | 0e | |
9399204 | 9399588 | Tag | 00! | |
9451940 | 9452196 | Tag | 00! | |
9458100 | 9458292 | Tag | 01 | |
9492484 | 9493316 | Tag | 2e! | |
9673236 | 9674196 | Tag | 7e! | |
9690868 | 9691700 | Tag | 3a! | |
9699140 | 9699332 | Tag | 01 | |
9751588 | 9751844 | Tag | 00! | |
9757844 | 9758164 | Tag | 02 | |
12181904 | 12182960 | Rdr | 26 | | REQA
16115744 | 16116800 | Rdr | 26 | | REQA
19611568 | 19612624 | Rdr | 26 | | REQA
31377360 | 31378288 | Rdr | 13 | | ? Offline
#12 2015-09-21 18:26:10
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
@asper, could it be like the topaz? The pdf you liked, looks like @go_tus tag.
@go_tus, can you try snooping 14b, 15 aswell?
"It boasts a 64bit key".. hm sounds like 125khz tag behavior but on HF. It just sends this 8bytes over and over, (my guess)
It looks to be a 26bit wiegand over 13.56mHz, how do we read that one with the PM3?
Last edited by iceman (2015-09-21 18:41:11)
Offline
#13 2015-09-21 18:43:12
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
@iceman I tried 14b and 15 nothing happen. Maybe I did something wrong, I will try again.
@asper could it be em4006 then?
Offline
#14 2015-09-21 18:58:45
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
tried the iclass snoop? or the hf topaz?
Offline
#15 2015-09-21 21:22:40
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: 13.56Mhz Sielox tags...
Topaz is not read only while this one is stated to be. Look at the tag specs summary list I built in that page and look for similarities. I remember some EM and ST tags like those. EM4006? It can be. I am not on my pc now to look for datasheets in a "comfortable" way 
.
Offline
#16 2015-09-21 21:23:14
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: 13.56Mhz Sielox tags...
we aren't likely going to get anything useful out of the current modes of the PM3 for Sielox. we need HF Snoop finished. or a good oscilloscope, or other tool to listen to the unknown protocol and see if it can be identified, or figured out so it can be added to the PM3 HF modes.
Offline
#17 2015-09-21 21:34:19
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: 13.56Mhz Sielox tags...
Surely marshmellow but there is a chance it is a know documented tag, just a bit "rare" in the wild. Another way is decapping the chip.
Offline
#18 2015-09-22 08:49:08
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
Maybe some try sending some raw bytes will make the tag respond its 8bytes response?
"hf 14a raw -p 01"
Offline
#19 2015-09-22 09:31:40
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: 13.56Mhz Sielox tags...
Possible candidates: EM4006 (as you suggested), EM4022 (not much probable), EM4033. Datasheets.
Offline
#20 2015-09-22 13:36:05
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
@iceman I tried the raw command
[== Undefined ==]
proxmark3> hf 14a raw -p 01
timeout while waiting for reply. I have a very little knowledge on this but I will do anything you tell me to do
sometimes tag doesn't respond even with the hf search command.
Maybe I broke it
Last edited by Go_tus (2015-09-22 14:01:36)
Offline
#21 2015-09-22 18:47:59
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
hm,
"hf 14a raw -s -c 01"
Offline
#22 2015-09-23 05:33:00
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
@iceman sorry about late reply, tag sometimes not respond
[== Undefined ==]
proxmark3> hf 14a reader
UID : 01 00 00 00
ATQA : 00 00
SAK : 01 [2]
TYPE : NXP TNP3xxx Activision Game Appliance
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
proxmark3> hf 14a raw -p 01
received 0 octets
proxmark3> hf 14a raw -s -c 01
received 0 octets
received 0 octets
proxmark3> Offline
#23 2015-09-23 05:55:50
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
run the
"hf 14a reader"
"hf list 14a"
and print the output?
Offline
#24 2015-09-23 12:30:39
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
@iceman
[== Undefined ==]
roxmark3> hf 14a reader
UID : 02 00 00 00
ATQA : 00 01
SAK : 01 [2]
TYPE : NXP TNP3xxx Activision Game Appliance
proprietary non iso14443-4 card found, RATS not supported
Answers to chinese magic backdoor commands: NO
proxmark3> hf list 14a
Recorded Activity (TraceLen = 146 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 992 | Rdr | 52 | | WUPA
30964 | 31156 | Tag | 01 | |
32384 | 34848 | Rdr | 93 20 | | ANTICOLL
68836 | 69156 | Tag | 02 | |
71552 | 82080 | Rdr | 93 70 02 00 00 00 02 06 ec | | SELECT_UID
86036 | 86228 | Tag | 01 | |
517376 | 522144 | Rdr | e0 80 31 73 | | RATS
558820 | 559140 | Tag | 02 | |
988800 | 989792 | Rdr | 40 | | MAGIC WUPC1
1096244 | 1096436 | Tag | 01 | |
1097728 | 1099040 | Rdr | 43 | | MAGIC WUPC2
1132228 | 1132484 | Tag | 00! | |
1133952 | 1138720 | Rdr | 50 00 57 cd | | HALT
proxmark3> Offline
#25 2015-09-23 12:38:39
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
if we remove the reader entries,
tag answers; 01 02 01 02 01 00
try
"hf 14a raw -s -p 52"
and its "hf list 14a" output..
Offline
#26 2015-09-23 15:43:25
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
I don't know why it changes sometimes
[== Undefined ==]
proxmark3> hf 14a reader
UID : 01 00 00 00
ATQA : 00 00
SAK : 00 [2]
Tag is not Ultralight | NTAG | MY-D [ATQA: 00 01 SAK: 00]
TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proprietary non iso14443-4 card found, RATS not supported
#db# halt error. response len: 1
Answers to chinese magic backdoor commands: NO
proxmark3> hf 14a raw -s -p 52
received 0 octets
received 0 octets
proxmark3> hf 14a raw -s -p 52
received 4 octets
00 00 00 00
received 1 octets
01
proxmark3> hf list 14a
Recorded Activity (TraceLen = 90 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 992 | Rdr | 52 | | WUPA
7316 | 7508 | Tag | 01 | |
8832 | 11296 | Rdr | 93 20 | | ANTICOLL
17140 | 17396 | Tag | 00! | |
19712 | 30240 | Rdr | 93 70 00 00 00 00 00 9c d9 | | SELECT_UID
61780 | 62036 | Tag | 00! | |
73472 | 74784 | Rdr | 52 | | WUPA
79588 | 79780 | Tag | 01 | |
proxmark3> hf 14a raw -s -p 52
received 4 octets
01 00 00 00
received 1 octets
02
proxmark3> hf 14a reader
iso14443a card select failed
proxmark3> hf 14a reader
UID : 02 00 00 00
ATQA : 00 01
SAK : 00 [2]
Tag is not Ultralight | NTAG | MY-D [ATQA: 00 19 SAK: 01]
TYPE : MIFARE Ultralight (MF0ICU1) <magic>
proxmark3> hf list 14a
Recorded Activity (TraceLen = 31 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 992 | Rdr | 52 | | WUPA
2964 | 3220 | Tag | 00! | |
7040 | 9504 | Rdr | 93 20 | | ANTICOLL
proxmark3> hf 14a reader
UID : 00 00 00 00
ATQA : 00 00
SAK : 01 [2]
TYPE : NXP TNP3xxx Activision Game Appliance
proprietary non iso14443-4 card found, RATS not supported
#db# halt error. response len: 1
Answers to chinese magic backdoor commands: NO
proxmark3> hf list 14a
Recorded Activity (TraceLen = 156 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 992 | Rdr | 52 | | WUPA
28004 | 28260 | Tag | 00! | |
29568 | 32032 | Rdr | 93 20 | | ANTICOLL
62772 | 63028 | Tag | 00! | |
65280 | 75808 | Rdr | 93 70 00 00 00 00 00 9c d9 | | SELECT_UID
94068 | 94260 | Tag | 01 | |
547712 | 552480 | Rdr | e0 80 31 73 | | RATS
599732 | 599988 | Tag | 00! | |
1029760 | 1030752 | Rdr | 40 | | MAGIC WUPC1
1058180 | 1058436 | Tag | 00! | |
1059712 | 1061024 | Rdr | 43 | | MAGIC WUPC2
1177700 | 1177892 | Tag | 01 | |
1179520 | 1184288 | Rdr | 50 00 57 cd | | HALT
1205476 | 1205732 | Tag | 00! | |
proxmark3> Offline
#27 2015-09-26 19:19:33
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
@iceman Do you think that was the UID ?
Tags became non-respond.
it might be a Mifare Ultralight which can be clone with Mifare Utralight Magic but 64bit UID ???
I don't think I will be able to get another tag
Last edited by Go_tus (2015-09-26 19:20:53)
Offline
#28 2015-09-27 07:21:23
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
If we again take only the tag responses
01 00 00 01
01 00 00 00 02
00 00 01 00 00 01 00
I don't see a repeating pattern and it could be static noice, try without -s
"hf 14a raw -p 26"
If you can, you should try iterate the inital 255 bytes.
loop (I 0 < 256)
"hf 14a raw -p i "
"hf list 14a"
endloop
Last edited by iceman (2015-09-27 07:21:39)
Offline
#29 2015-09-27 08:49:01
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: 13.56Mhz Sielox tags...
In theory the tag should start answering with something like an UID while just entering the magnetic field (if it does not want any specific wake-up command).
The answer must be in ISO14443 format to be shown in pm3; if it is ISO14443A, as iceman said, you need to test all the 256 bytes possibilities using the following commands:
hf 14a raw -p 00
hf 14a raw -p 01
hf 14a raw -p 02
hf 14a raw -p 03
hf 14a raw -p 04
hf 14a raw -p 05
hf 14a raw -p 06
hf 14a raw -p 07
hf 14a raw -p 08
hf 14a raw -p 09
hf 14a raw -p 0A
hf 14a raw -p 0B
hf 14a raw -p 0C
hf 14a raw -p 0D
hf 14a raw -p 0E
hf 14a raw -p 0F
hf 14a raw -p 10
hf 14a raw -p 11
hf 14a raw -p 12
hf 14a raw -p 13
hf 14a raw -p 14
....
and so on until FF value (=256).
Last edited by asper (2015-09-27 09:59:35)
Offline
#30 2015-09-27 09:57:03
- Go_tus
- Contributor
- Registered: 2015-06-03
- Posts: 81
Re: 13.56Mhz Sielox tags...
@iceman & asper I'll try, thank u
Offline
#31 2015-11-12 15:24:23
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: 13.56Mhz Sielox tags...
This forum is getting populated by I-want-to-fraud people (from experience italians to fraud, chinese people to make money) because too many good people here are kind enough to answer almost every question; my help will not be given anymore to them anyway each user is responsible for the help given so, siop, you can try to explain how stuff seems to be going on but you cannot force people not to giving help, you can only "suggest".
Offline
#32 2015-11-12 16:00:16
- osaka
- Member
- Registered: 2010-02-12
- Posts: 9
Re: 13.56Mhz Sielox tags...
All this should go in another section of the forum... Please stop polluting existing topic with unrelated content.
Go_tus is Gusto-the-bun by the way... Just saying...
http://www.proxmark.org/forum/search.php?action=show_user_posts&user_id=6724
Offline
#33 2016-08-02 23:41:14
- ntk
- Contributor
- Registered: 2015-05-24
- Posts: 701
Re: 13.56Mhz Sielox tags...
If you can, you should try iterate the inital 255 bytes.
loop (I 0 < 256)
"hf 14a raw -p i "
"hf list 14a"
endloop
this is a very interesting way, much more efficient compared to
hf 14a raw -p 00
hf 14a raw -p 01
hf 14a raw -p 02
hf 14a raw -p 03
hf 14a raw -p 04
...it looks like a batch file. Could you tell me where to put the loop..endloop code ... not a lua script?
Offline
#34 2016-08-03 06:57:43
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,538
- Website
Re: 13.56Mhz Sielox tags...
...in a lua-script
Offline
Pages: 1