Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#51 2016-03-30 11:37:00

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

Before any further understanding in this sector even what I have learnt is only a small scratch on the surface of this sector, I like to thank the people on this forum who has done formidable jobs in pioneering, programming, sharing,archiving information regarding Wiegand format, HID, T55x7 commands etc. particularly the shared knowledge on the two threads,

http://www.proxmark.org/forum/viewtopic.php?id=1767
http://www.proxmark.org/forum/viewtopic.php?id=1653

and many more.

appreciated.

Last edited by ntk (2016-03-30 11:51:19)

Offline

#52 2016-04-01 22:26:15

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

Have learnt recently that HID have large format nowadays one of the AWID thread. I have not seen 0xFFF, Marshmellow, Asper or Iceman add this format in
http://www.proxmark.org/forum/viewtopic … 1767#p1767
So I try to display the tag in the compact form

AWID 50 bit RBH standard (introduced by HKplus)
SC    2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,16,17
CN   18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49
E  1  2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25
O 50 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49

the purpose of such a development is to avoid duplikates like in the 26 bits wiegand security card sector ( Low numbers are repeated more often and usually given to VIPs, which caused security breaches.) Therefore they develop 50bits and 64 bits RBH format.

What interesting about the new format is its economy. The card/tag cost in range of $3 compare to conventional HID 14$/each.

Price

Last edited by ntk (2016-04-01 22:27:51)

Offline

#53 2016-04-01 22:49:20

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

A REPEATED PETITION

I am still learning the 26, 27, 34, 35, 37, 40, 42 bits and longer wiegand format. It is boring coding raw coding stuff for most of you and you would not understand why I retrace all of it. But I need a lot of traces, real PM3 traces to retracing and confirm the coding, the calculation I want to see that one day forwards and backwards calcu confirmed. This is all boring elementary stuffs, but I need to go through it.

I hope in interest of general RFID study of one beginner who has not even the lowest, least grade in electronic study, you could share your traces. You wont have future competition, you don't lose chance of promotion in your profession, your carreer, so pls share your HID/Wiegand trace.

I wont use your stuff your id for anything, I have interest only in traces.

my email: PatienceIsAVirtue102@gmail.com

Offline

#54 2016-04-03 04:57:34

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

although there are still some small unanswered issues I am positive it will be clear one day and what not at all presents something which absolutely stops one coming forwards.

So I enjoy seeing Wiegand format in the form I never know a week before.

Do you ever hear of 37 bit Wiegand paxton format? Or ever know there is a Keri system 26-Bit Wiegand Format (Oh, I know you would say it's so simple, hardly earn any attention) You are right, but Keri system 39 bit wiegand format... Now would you say how does it work\WTF is that? that seems to be the answer why some of the Keri tags causing problem on the PM3 .

Life is unexpectable beautiful ... Life is not bored\old\dead\f**ked\P***ed\stoned\hard rocked... Life full of new things if you really want to discover...

I will slowly introduce them put them together in the system some other times.

Offline

#55 2016-04-03 14:52:34

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

edit: remove mistaken bit

As I have promised earlier

Keri System Pyramid series Wiegand data 39-bit format

FC    2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,16,17,18
CN   19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38
E  1  2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,16,17,18,19
O 39 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38

http://kerisys.com/migrated-media/techd … cument.pdf

Last edited by ntk (2016-04-03 18:25:56)

Offline

#56 2016-04-03 15:07:55

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

and here is an other one....

You may have got some real traces for this system ...  Or if you coincidentally have a real tag of this system, pls look real closer! There is something I am surprised that in all the HID\Wiegand discussions on the forum nobody has posed the question about it? Noone has spoted it maybe?

Keri System Pyramid series Custom Wiegand data 44-bit format

OEM code   2, 3, 4, 5, 6, 7, 8, 9
FC         10,11,12,13,14,15,16,17,18,19,20,21
CN           22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
E          1  2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22
O        44 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43

http://kerisys.com/migrated-media/techd … cument.pdf

Last edited by ntk (2016-04-03 15:31:32)

Offline

#57 2016-04-03 17:56:00

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved...NO BUG] it seems HID section has a new bug....

There seem to be a miss in your KERI 39 definition.
Bit 19 is in both the FacilityCode and CardNumber.
And the same for the partity calc.

Offline

#58 2016-04-03 18:24:01

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

thanks Iceman. I re-checked and have corrected mistake

Offline

#59 2016-04-03 18:43:08

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

one more strange 36-bit Wiegand data format

from one company, don't remember where I got it, don't know why but it has "Confidential" printed across its page
Dat aformat is like this:
EFFFFFFFFWWWWWWWWWWWWWWWWWWWWWWWWIIO

FC   2, 3, 4, 5, 6, 7, 8,
CN   9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32
IL   33,34
E  1 2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
O 36 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35

I dont bragg/rat or doing anything illegal. Printed up this format structure, because ii ts just related to the question which keeps seize my thought since I made myself more familiar with HID\Wiegand data frmt

Last edited by ntk (2016-04-03 18:47:26)

Offline

#60 2016-04-03 20:10:28

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

If using this system in post #59, according to the document we will have a card with 151 12345678 2 printed on back of card. Somehow the company uses a fixed value so FC=151. So we will get this HEX code from transmission 97BC614E2. converted in decimal Code is 151 12345678 2

If we manually mapping the raw datas then we will end up with binary Code: 1001011110111100011000010100111010
or with spaces are put in for easy reading, Wiegand Code will be
0 10010111 101111000110000101001110 10 1, or EP=1, OP=0; facility = 151; CD 12345678; Issue level=2

Offline

#61 2016-04-26 23:51:44

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

Iceman is correct in thinking if anyone can download the mystic exel sheet for HID, existed once on this forum, one will turn lazy and wont learn properly this Wiegand mapping syntax. I don't now how old he is, but I do believe he is right, he is wise.  very wise

On the other hand,  when learning manual mapping of raw data sometime you make mistake, it is helpful if you have a independent solution sheet nearby for checking, comparing whether you are still on the right path

Or you can turn this boring mapping into a game, let chose in excel any FC, CN for a random HID emulation, and try after wards manually if you can get that result too,... What a dumm excel sheet can do, you will do a lot better.

For those scenarios this tools may have a purpose

Wiegand 26bits
https://www.dropbox.com/s/u4nwqdmwrndpg … p.jpg?dl=0

Wiegand 35bits
https://www.dropbox.com/s/sdb0ap2jfzyub … p.jpg?dl=0

Offline

#62 2016-04-27 07:15:45

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved...NO BUG] it seems HID section has a new bug....

Good work, Ntk!   You know now a lot about the wiegand format. Now we only need to put it into the pm3 code aswell

Offline

#63 2016-04-27 16:41:24

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

Thank you Iceman. I still have to learn and still need a lot more help. I havn't finish the tools for Indala, AWID 50bit, 64bits Tecom 27bit. There are still some propriety RFID type hard to get information on. If we coud get some infos on Bewator Siemens access system it would be very good.

With starting to code its a different matter. I like to learn that too, and actively contribute one day something to PM3, if for us greenies s.o can give us a single but good chonological tutorial about the art of solving RFID issue on the most simple RFID tag, I think definitely in a few months (years?) you will welcome a lot more programming helps then you like.

without any good tutorial the code is like flowing all over the place, where is the first step where is the end ... When Shanti proposed the coding for EM 43xx I had hoped he would do and merge it logically chronologically, so that us greenies could secretly extract programming datas date by date; week by week, to understand how a new code appear from the base the reference reference SW, seeing the flow chart, seeing where\what happens, et. But, it was not as I hope, ...  If you could hand us just a single string, but a golden string through your coding ... Enlighten us with that knowledge... that would be a wonderful life experience.

Last edited by ntk (2016-04-27 16:42:04)

Offline

#64 2016-04-27 17:37:26

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved...NO BUG] it seems HID section has a new bug....

I don't think there is a process for merging a PullRequest on GitHub.  Nor is there a time schedule for when it happens.

But once you get the hang of it,  you can easliy merge other peoples changes into your own fork and test it out.

The PM3 master is updated slowly.

Offline

#65 2016-04-27 20:27:01

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

Pls, show us only one time the golden thread through the coding in PM3 Iceman ... 

Appropos there is something I like to ask you regarding using fork SW, when I use Marshmellow or trunk of SW tree, GUI script command like in INVESTIGATE eg. action0="lf read" waitFor0="proxmark3>" action1="data sample" work flawlessly.

When I merge your fork into mine current version, or maybe when I fully run PM in your SW directory, then "waitFor0" can not be released. You build SW for linux so you may not realise this bug, I would like to know which part in the SW and where is the cause of this behaviour.

Offline

#66 2016-04-27 20:45:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved...NO BUG] it seems HID section has a new bug....

I do build for Mingw and Linux.  I also mentioned in my Readme on GitHub that my fork breaks the GUI-Tool by Gaucho.

And there latest talk form Craig on Defcon (I think) gives the golden thread to the PM3 code quite well

Offline

#67 2016-04-27 22:25:59

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

Thanks for the Interesting article I did not know it. Craig gives us a golden thread in usage of PM3.

What I mean is the golden thread in the Proxmark SW creating process. Take the example also with AWID 26bit like in Craig presentation, we start also our presentation but much different

"Once up on a time, I sat looking out of the window, gosh Norway is so white, so peaceful ... and I am so bored

Dad in the army
Mum off to Las Vegas
Sisters snikered somewhere on dating apps

Sat there
man, out there nothing
no white bear, no reindeer nor even a tiny rabbit
all hybernated...

what to do to kill the whiteness
bored...bored...bored
not even wanted to move an eye lid

what bothering me ass
stop stressed my ass
what in my back pocket
an AWID!

hah that would be the thing to kill in this infinitive boredom and whiteness (I recovered the little near-end of the golden thread)
What can do with it? Eat,sniff,rapport,rape it ...throw out of window ... or reading, writing, identifying,cloning,simulating ...  !
what about HAL, layer1, layer2 (Golden thread started to wiggle) what should I need

.... hummm (... follow the golden thread) maybe create SW to work with this AWID piece of junk

sat at the table open the laptop I open two new files called AWID.h and AWID.c....  blank, infinitive whiteness .... what should I put in one and what in the other ... Did Iceman made a beautiful tutorial somewhere

(... step stetp step and follow the Golden thread ....)

after 3 units of time (years!?) I can hook the AWID to the antenna and see the fruit of following the Golden thread .... The AWID is read, is plot, and and and Hah ... what a beauty of golden thread.

"


That little thread I mean, Iceman.

That Golden Thread.


how can I add AWID

Offline

#68 2016-04-27 22:37:48

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved...NO BUG] it seems HID section has a new bug....

If you want to read a french book, you better understand french otherwise you will not be able to read it.

If you want to know how to code in C,  you better start learning C.

And as with all threads you start with reading the source code to learn.  As with your understanding the Wiegand code, it takes effort and time.

To answer your question, no, I will not write a guide how to code for the PM3. 
Ref: https://www.youtube.com/watch?v=kVMAgiJlQkI  craig young's speak on defcon.
His notes will also give you a good start.  Look at what he did, then you do the same.

About your question regarding AWID,
you look at the current implementation and you see how to make it better.

Offline

#69 2016-04-28 10:06:08

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: [Resolved...NO BUG] it seems HID section has a new bug....

thank you, Iceman. I am still trying to absorb information from the speak.

Offline

Board footer

Powered by FluxBB