PCF7931

mariolino · 2015-10-31 20:14:41

Dear Dake, it just was an example of my audio recording by the sniffer. I'm already able to write the PCF and I know how to convert the recording to password in hex.

Last edited by mariolino (2015-10-31 20:15:26)

marshmellow · 2015-11-04 04:49:39

iceman and I have cleaned up the existing PCF code a little especially the client side inputs (it was creating an annoying compiler warning). could someone with a PCF tag test the changes? https://github.com/marshmellow42/proxmark3

meter · 2015-11-04 12:37:35

I tried read and work without issue, I can't test write because the actual version don't detect PMC for send a pulse.

marshmellow · 2015-11-04 14:22:27

Thx. If I had a tag I'd try to help with the pulse detection, but unfortunately I don't.

iceman · 2015-11-04 14:32:05

I actually have a tag, but its so small my lf antenna is not strong enough. It needs to be centered inside I guess.

meter · 2015-11-04 19:36:33

centered and perpendicular. With antenna of RDV2.0 I haven't problem to read PCF7931. RDV1.0 doesn't work?

iceman · 2015-11-04 21:11:30

well,.. it could be the tag aswell.. I gotten some reads from it but it doesn't look like proper and I need to place it very specific over the antenna.

gelop4 · 2016-12-02 21:25:56

Hello.
I've got a PCF7931 tag.
The actual reference on it is PCF7931AS

Signal seems good, but it always repeat the same dataset.

proxmark3> lf pcf7931 read
#db# (dbg) 00 16 00 16 00 16 00 04 00 5f 50 95 00 00 00 00                 
#db# (dbg) 00 16 00 16 00 16 00 04 00 5f 50 95 00 00 00 00                 
#db# (dbg) 00 16 00 16 00 16 00 04 00 5f 50 95 00 00 00 00                 
...

data don't change and reading of the black fail.
Form my manual decode data are different:

00 00 00 00 4A A8 2F 80 02 00 0B 00 0B 00 0B 00

Any idea what's going on ?

marshmellow · 2016-12-02 21:35:33

just a difference in binary interpretation. a bit or two off and reverse endian. otherwise it is the same binary.

Tatka · 2017-09-13 21:03:35

I have the tag PCF7931AS. I have two antennas: the first is an orginal antenna PM3 rv2. I made the other antenna myself.
Both antennas seem to be OK and PM3 shows the same values in the tag.
I'll use it:

proxmark3> lf pcf7931 read
#db# (dbg) 00 00 00 00 00 00 00 01 00 55 55 55 55 55 55 55
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 01 00 55 55 55 55 55 55 55
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
command execution time out
#db# (dbg) 00 32 00 00 e9 02 00 00 00 00 00 00 19 99 69 01
#db# (dbg) 00 00 00 00 00 00 00 01 00 55 55 55 55 55 55 55
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# (dbg) Max blocks: 1
#db# Error reading the tag
#db# Here is the partial content
#db# -----------------------------------------
#db# Memory content:
#db# -----------------------------------------
#db# 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
#db# -----------------------------------------
proxmark3>

Blocks are listed in different order. I do not know what is 0 block, 1 block, ...
I would like to see block 0 sector 0x07 0x08.
I read the datasheet many times. I still do not know where I'm making a mistake.
Can you help me?

Orginal antenna:

proxmark3> hw tune

Measuring antenna characteristics, please wait.........
# LF antenna: 44.96 V @   125.00 kHz
# LF antenna: 20.21 V @   134.00 kHz
# LF optimal: 46.06 V @   123.71 kHz
# HF antenna: 34.85 V @    13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

proxmark3>

Myself antenna:

proxmark3> hw tune

Measuring antenna characteristics, please wait.......
# LF antenna: 46.34 V @   125.00 kHz
# LF antenna: 23.65 V @   134.00 kHz
# LF optimal: 46.34 V @   125.00 kHz
# HF antenna: 34.88 V @    13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

proxmark3>

Still about my PM3

Prox/RFID mark3 RFID instrument          
bootrom: /-suspect 2015-11-19 10:08:02
os: master/v3.0.1-75-g1dae981-suspect 2017-08-31 15:46:50
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/07/13 at 08:44:13
          
uC: AT91SAM7S512 Rev B          
Embedded Processor: ARM7TDMI          
Nonvolatile Program Memory Size: 512K bytes. Used: 198426 bytes (38%). Free: 325862 bytes (62%).          
Second Nonvolatile Program Memory Size: None          
Internal SRAM Size: 64K bytes          
Architecture Identifier: AT91SAM7Sxx Series          
Nonvolatile Program Memory Type: Embedded Flash Memory

gppt · 2018-12-05 21:17:34

Tatka wrote:

Blocks are listed in different order. I do not know what is 0 block, 1 block, ...
I would like to see block 0 sector 0x07 0x08.
I read the datasheet many times. I still do not know where I'm making a mistake.
Can you help me?

Hey Tatka,
I am having the same issue.
Did you manage to get correct readings? (and writings)?
Thanks.
Cheers!

karma · 2019-04-24 18:09:14

iceman wrote:

well,.. it could be the tag aswell.. I gotten some reads from it but it doesn't look like proper and I need to place it very specific over the antenna.

Hi,
I can read the tag very well, but I can't write on it, I've the PM3 RDV4 and the old version too.
It's working the write feature on pcf7931 for both?

karma · 2019-04-25 09:27:17

mariolino wrote:

This is my PCF audio sniff
http://www.proxmark.org/forum/img/6162/1445971051_immagine_02_.jpg
http://www.proxmark.org/forum/img/6162/1445971072_pw.jpg

can I see these files?

OsciMan · 2022-12-01 09:18:43

meter wrote:

I tried many positions, alls without success. PMC is always bad, other bits are good and easy to decode.
I have already another programmer self-build with PIC microcontroller, I can read and write without problems. It was just a test for read and write also with PM3.
Diameter of my antenna is 23 cm, I'll try a little bigger maybe there are some improvements.

This thread is a little old, but I think it's better to try asking here than opening a new one.

You have been able to write to the PCF7931 using a PIC microcontroller? I successfully sniffed the password of the tag and can read it using my custom antenna, but cannot write to it. I'm trying to modify the existing "lf pcf7931 write" function but wondering if you or anyone has any schematics, code or any other material that could help me make a programmer using an ATmega chip or edit the existing proxmark function? Any help would be appreciated.

fazer · 2023-05-12 14:58:52

Hello, I also have a passwd of a pcf7935 key, I couldn't modify the data with pm3, read ok modify no. I have a gambit where I can read & modify the data that interests me --blk 3. Be careful, just modify not write because otherwise I think you will have problems.
Good day.

Proxmark3 community

Announcement

#51 2015-10-31 20:14:41

Re: PCF7931

#52 2015-11-04 04:49:39

Re: PCF7931

#53 2015-11-04 12:37:35

Re: PCF7931

#54 2015-11-04 14:22:27

Re: PCF7931

#55 2015-11-04 14:32:05

Re: PCF7931

#56 2015-11-04 19:36:33

Re: PCF7931

#57 2015-11-04 21:11:30

Re: PCF7931

#58 2016-12-02 21:25:56

Re: PCF7931

#59 2016-12-02 21:35:33

Re: PCF7931

#60 2017-09-13 21:03:35

Re: PCF7931

#61 2018-12-05 21:17:34

Re: PCF7931

#62 2019-04-24 18:09:14

Re: PCF7931

#63 2019-04-25 09:27:17

Re: PCF7931

#64 2022-12-01 09:18:43

Re: PCF7931

#65 2023-05-12 14:58:52

Re: PCF7931

Board footer