Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
pm3 --> hf search
UID : 16 38 04 DC E7 2F 3D
ATQA : 00 41
SAK : 20 [1]
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41
MANUFACTURER : EM Microelectronic-Marin SA Switzerland
ATS : 05 77 77 81 02 BD 91
- TL : length is 5 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 7 (FSC = 128)
- TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
- TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 8 (FWT = 1048576/fc)
- TC1 : NAD is NOT supported, CID is supported
Answers to magic commands: NO
Valid ISO14443-A Tag Found - Quiting Search
pm3 --> hf mfdes info
-- Desfire Information --------------------------------------
-------------------------------------------------------------
UID : 16 38 04 DC E7 2F 3D
Batch number : 00 00 00 00 00
Production date : week 00, 2000
-----------------------------------------------------------
Hardware Information
Vendor Id : no tag-info available
Type : 0xF3
Subtype : 0xA2
Version : 0.0 (Desfire MF3ICD40)
Storage size : 0x00 (1 bytes)
Protocol : 0x00 (Unknown)
-----------------------------------------------------------
Software Information
Vendor Id : no tag-info available
Type : 0x48
Subtype : 0xBE
Version : 0.0
storage size : 0x00 (1 bytes)
Protocol : 0x00 (Unknown)
-------------------------------------------------------------
CMK - PICC, Card Master Key settings
[0x08] Configuration changeable : NO
[0x04] CMK required for create/delete : YES
[0x02] Directory list access with CMK : YES
[0x01] CMK is changeable : NO
Max number of keys : 243
Master key Version : 0 (0x00)
----------------------------------------------------------
[0x0A] Authenticate : YES
[0x1A] Authenticate ISO : YES
[0xAA] Authenticate AES : YES
----------------------------------------------------------
Available free memory on card : 10679040 bytes
-------------------------------------------------------------
pm3 --> hf 14a reader
UID : 16 38 04 DC E7 2F 3D
ATQA : 00 41
SAK : 20 [1]
TYPE : NXP MIFARE DESFire 4k | DESFire EV1 2k/4k/8k | Plus 2k/4k SL3 | JCOP 31/41
MANUFACTURER : EM Microelectronic-Marin SA Switzerland
ATS : 05 77 77 81 02 BD 91
- TL : length is 5 bytes
- T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 7 (FSC = 128)
- TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
- TB1 : SFGI = 1 (SFGT = 8192/fc), FWI = 8 (FWT = 1048576/fc)
- TC1 : NAD is NOT supported, CID is supported
Answers to magic commands: NO
pm3 --> hf 14a cuid
Collecting 1 UIDs
Start: 1495219069
163804DCE72F3D
End: 1495219070
Last edited by akileos (2017-05-19 20:10:17)
Offline
Legic is not part of hf search. (well, since you are using Iceman's build I'm not certain of that...)
Use legic specific cmds if you know what it is. (But the legic cmds are in early development still.)
Offline
Hi marshmellow,
I know about Legic prime being supported but Advant is the "new" legic technology, as opposed to prime which is working ok-ish in current proxmark (lack of proper protocol support-> bitbanging).
Advant is claimed to be ISO14a compliant ( and supposedly secure ! )
http://www.legic.com/en/products-and-services/smartcard-ic-s/507928/advant-as-chip.html
I'm still working on having mosci's lua working with my advant tags, all CRC are wrong
Offline
Proxmark can not read Leagic advant media. The one u got is a type of advant card based on a DESfire chip. This is special EAL4 certified card. It has nothing to do with the other advant chip types. They are not limited to ISO14441A, the are also support ISO15693 variants.
So in any way the legic LUA script will not work with advant media, since proxmark can not read any data from it.
Offline
Hi Jason,
May I ask you to contact me ? either on IRC or by email. Working on legic.lua ad I'm pretty sure you are one of the knowledgeable persons on this area.
Offline
well, on iceman fork, "hf legic reader" is connected with "hf search".. Nevertheless, the whole Legic Advant documents etc is much sought after.
Offline
I have all documents available, the problem is the watermarking of this documents. Last year I started to remove it and encountered there are watermark fragments inside, so by knowing where the fragments are, someone could reassemble them easily (e.g. Legic).
So I stopped there and thought about createing a thread with advant specifications... but the massive amount of data is really hard work to be written by hand... than I was very busy also, so I dropped that at this point.
If anyone knows how to remove such watermarks from a PDF really completely I try. But the watermark removing of the PDF tool itself is useless. They don't used the embedded function, they added a background text layer with this informations.
Last edited by Jason (2017-06-07 16:46:45)
Offline
I already done it with other Kaba documents that had the "confidential" marking. Open PDF in word, find&replace worked fine for me. Also save as RTF removes most of the formatting if not relevant.
Edit: Not sure if relevant, are you in Switzerland ? Maybe we can meet.
Last edited by akileos (2017-06-07 18:33:19)
Offline
Open PDF in word, find&replace worked fine for me. Also save as RTF removes most of the formatting if not relevant.
That was my first attempt. But by edititing the RTF file in raw format, I noticed the branding-fragments inside. Lets say if the name is "Microsoft" you can find encapsulated text objects names "Mi", "cros", "oft" and so on in different combination. This makes ist simply impossible to do just a quit finde&replace.
And maybe theres more inside (possibly a non visible watermark in pictures). My attemps than was to remove the brandings how are visible, than convert every page to grayscale pictures and than convert it back to PDF with OCR. I tried this for a few pages: Time consuming...
(...) are you in Switzerland ? Maybe we can meet.
No, I'm not from Switzerland.
Offline
Tested works flawlessly here :
Download qpdf - http://qpdf.sourceforge.net/
Run :
\qpdf-6.0.0\bin\qpdf.exe --linearize --stream-data=uncompress source.pdf dest.pdf
Open with notepad, find & replace watermark.
You can repair the file :
\qpdf-6.0.0\bin\qpdf.exe --linearize --stream-data=uncompress dest.pdf repaired.pdf
If now working please provide a sample of your and will do a custom Python script to remove it.
Last edited by akileos (2017-06-08 10:52:10)
Offline
The tool didn't work as well (still fragments)... I used a different way, since I tries to un-brand the files again. It took some time to convert, but now the files are clean.
Some of you got a Mail.
Offline
Thanks, still trying to make a valid badge on my side. The lua isn't of any help keep generating dumps that won't read after.
Edit: Tried with the CRc change in segment Zero. Will try on monday
Last edited by akileos (2017-06-08 21:29:30)
Offline
Pages: 1