Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
HI I hope in one thread I have got already infos on the 50 bit RHB format, I search around and see sale data sheet where 50bit and 64 bit RHB stand on one page, but I could not retrieve 64 bit RHB format by googling anywhere.
Could you help me with info on the 64 bit RHB?
Also do you have a a 50 bit and/or 64bit real tag and legitimate reader, so we could make a clone and test to make sure a tool for mapping raw data calculates correctly. Information about which region use those tag/card and what for would be very great (Just for the sake of common knowledge, personally I haven see many real tag/card, that I would have to wish having more fingers on my hand to count...only for general knowledge. )
Last edited by ntk (2016-05-15 20:00:00)
Offline
Many Thanks to iceman and FrancoisM, we know how AWID 50bit RBH format operates, also thank to iceman fast action the tag can be recognised correctly by lf search, we can also demod its signal.
For cloning of the AWID 50bit RBH format, this is the first time (and a half) we put a simple conventional excel tool into real field trial test. During next week we should get confirmation if the clone operates perfectly on real target.
The tool for AWID is part of an excel work book which intends to deal with many formats like Wiegand/HID/AWID/Indala.etc The excel tool is not considered as an independent tool, but a nice complementary part to the PM3, and should be supportive to user who not only wants a clone, but also like to have an better insight how it works. We still have some work to do, several users are working together for field test, bug finding, testing and to get it to a certain useful level, and a better presentable state. Soon it will be released on the Proxmark3 forum.
if you have interest in testing the tool, here is the introduction link , New complementary Excel tool to the proxmark3
If you have information, proposal, you have got real tag\card and equipment and idea to enrich the tool further, welcome on board
AWID 50 bit RHB is considered completed waiting only con trial confirmation, AWID 64 bit RHB is still open if you have data to share trace data sheet how it works then we like to make coding tool for AWID 64bit RBH format available in this excel tool too. for all of us
Offline
indeed, I added the 50 format to 'lf awid clone', 'lf awid sim', so @ntk you should be able to test and verify using the clone command. See if the excel tool and clone generates same t55xx blocks.
No news about the 64bit format.
Offline
Thank you for the release, iceman. I shall empty my t55x7 tag and card and fill them with AWID, with new life; and report back by the end of today.
Only a small wish to the tooth fairy... and LOL I have so many small wishes .... Currently to have the best and latest standard of SW in LF is use Marshmellow's fork, to study in HF sector I use iceman's fork ... As if learning about a new tag not hard complicate enough, I often moving between the two worlds ... but having only one proxmark... that is not a complaint. In fact in hinsight it was better so:
In the stream of learning I swam in and out several worlds. At begin I appreciated to have the pre-built version "The Windows client", managed by Asper, it took away many hindrances, then I swam further in the window world leaned on Proxspace and enjoyed the best the newest wind from Marshmellow brand, learning making mistakes in GUI, make my first step in sticking my nose in the XML, HTML world... Learnt to be spoiled with the vast source of knowledge in the forum, and the google internet never content with what already there, ... Why being satisfied with today, while I have touched the beast, have tasted the new wind. Leaving the shiny bright lighted window world behind, I occasionally also dig in to the dark world of linux, then came MinGW, be confident with iceman SW stream, moving deeper sometimes in the darker world of the internet learning about Tor, Anonym surfing for information ...
Not much luck there , but it does not disturb me, that is also not my point ... There is a Jungle out there calling for new adventure, intense pounding, deep rumbling invite you to make a new step with each day, each awakening. In and out of the worls, the light the easy, also the dark, the unlimited ... I guess I feel multicultural In your head a swirl of ideas, calling, seeing, wishing, joining commilitone step over the invisible boundary , pulled from the vibe, the craze , the swirl ... that is RFID to me
Of the adventures, some ... I don't know don't want to call them a product ... anyhow "some" will soon available for your eyes t see
- the T55x& configuration tool
- The Q5 Sokymat T5555 configuration check
- the exel book of the learning of magic ... where some of my commilitoni already tasted the blood, and yes they like it
and yes there is a lot more often I asked has my commilitone this, have my commilitoni that ... Moving in and out of the worlds with a swirl of callings in your head and yes there are more
- give the team a hand in xml, improved the GUI created by Gaucho
- will you bring light to the darker net, the linux world, would a linux GUI useful, swing python scripty language, any language, would that be possible ...has my commilitone thought ...
- why stop there what about a cross-world GPL free GUI, easy maintenance graphical menu interface, united the forum users of both work window and linux ... Can you already taste that blood ...
- auto tool for searching with each SW release whether the GUI menu is up-to-date, out-of-date put missing tool commands on release plan ... Could you feel the vibe
- Think of SW like lego stones where the window, the unix, the linux, the HF, the LF, the HID, the AWID are like LEGO stones ... have my commilitoni thought of... Could you hear the calling ...
and the list is still long ... I could read my tooth fairy to sleep ...
... for the time being I wish if the fairy could tell me how to bring the two SW branches in one so I do not have to reload reflash the PM3 when testing the fruits for both worlds Marshmellow's and Iceman's ... have my commilitoni (why net does not like this word... My brother in Arms ... my BiA then.
Tonight I shall report about
- AWID clone blocks, LF search
- Simulation result hopefully my commilitone could do oversea next week.
Soon I will release the update of the AWID command in the window GUI menu, so at least user of half of the worlds could enjoy the Re-making in AWID, as thank for your work Iceman.
I didn't like my "soon" ... to many soons... but I have only one head, my fingers are slow, and moving in and outs of the worlds ... started making me dizzy ... I guess Im getting old .... Something about LEGO LEGO LEGO think about that. Can you hear the jungle rumbling calling for new blood, new adventurer ...
Last edited by ntk (2016-05-15 12:49:43)
Offline
you can change your title for this thread to "partly solved".. since its not abandoned. just lacking awid 64 samples.
Offline
Test report for the new AWID combined cover for 26bit/50bit command.
Points of test
- stability
- consistency
- function:
checking help function; check cloning with lf aw command; check cloning method with datas from excel tool alone
- extreme condition test: alternate value for CF, CN, FC value either wrong (not 26/50) very small or very big, SW is test on the limit, assist with the excel tool the content of data blocks can be checked
Way of test:
- Test Material: I use card and also a tag T55x7
- Test Method:
- test SW: Ice man fork https://github.com/iceman1001/proxmark3 last commit 14 may 2016
Test results:
- Tag and card are for cloning equally good using the "lf aw clone" command or using direct t55xx clone method from the excel tool.
- tag first is cloned with info CF=26, FC=1, CN=1. Command lf aw clone 26 1 1, test with "lf search" AWID is confirmed
- Same tag then is upgraded with info CF=50, FC=1, CN=1, test with "lf search" AWID change is confirmed,
- All extreme tests working satisfactory: " lf awid clone 26 255 65535" works fine; lf se report correctly; "lf awid clone 50 65535 4294967295" works fine; lf se report correctly;(with some small recommendations)
- content of data blocks between "lf aw clone" command, "lf search" command and datas from the excel tool always matched. Robustness in all three tools.
Small recommendations:
- if call "lf aw" the SW displays the previous implementation help, if call "lf aw clone h" the new updated help is dipslayed. Help should be consistent, in one place for easy maintenance. non consistent help
- an old bug there is a problem with ack not coming back from writing data to tag/card. That happen when use tt55xx write and also "lf aw clone". Just do double write; then clone is OK. first write err
- "lf aw" does not understand, if FC or CN has value 0, so a possible "master tag" could not possibly be created. PM3 should warn, but playing not understand.
- if use "lf awid clone 26 65535 4294967295" OR "lf awid clone 58 65535 4294967295", PM3 will truncate numbers automatically and create a 26bit version with FC=255 CN=65535; PM3 should warn, or not let it through. auto truncate
Positive surprise (or is it a bug...):
The Wiegand Sequence in the AWID 50 bit RBH version also matched between the tools PM and Excel Definitely should be pinned on the big wall, for @iceman not even mention it...
Last edited by ntk (2016-05-15 21:15:55)
Offline
Nice,
As for your recommendations,
1) 'lf awid' - gives the commands available under it, while
'lf awid clone h' - gives specific helptext for command.
So they never gonna be the same.
2) write errors is always possible, thats why we recommend that you test your clone with "lf search" to se if it gets detected correct. The dual write, well, you can always run the command twice instead.
3) Auto-truncate was actually there in the earlier version aswell, it notifies user that specific parts got truncated, ie the warning you want is already there.
Last last item wiegand sequence matched between tools, what is the problem ?
Offline
Nice,
last item wiegand sequence matched between tools, what is it the problem ?
It is ... it never matched before,iceman, not for AWID, not for HID, and I suspect for indala or anything use FC and CN principle too... But because I has not got the mapping index or other info, I could not do the coding raw data in excel yet, to confirm that.
Last edited by ntk (2016-05-15 22:49:01)
Offline
Still very much interested in info on the AWID 64bit RBH.
It is about solving a puzzle. As we know the knowledge on AWID 26bit mapping index, structure was the base for implementation of AWID commands in PM3, and since last week also the AWID commands for the 50bit RBH format chip/card. In their memory structure. 58 bits are reserved for parity, FC and CN coding.
Now with only 8 reserve bits left the AWID 64bit RBH can not fit in the usual memory structure of 26bit/50bit anymore... AWID invented a totally new structure only for 1 type of cards/tags? How do they fit an elefant into a room? Who can enlighten us?
... Unless there is an unspoken convention:"if there were no info on card format code, then assume that is a 64bit", in this case you can do it.
Offline