Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi.
I tried to snoop iclass card without success:
1. I run hf iclass snoop
2. I placed the antenna between the reader and the card and read a few cards.
3. I pressed the BUTTON to stop the operation.
4. I run hf iclass list but did not receive anything ...
Any help would be greatly appreciated
Thanks
c:\prox>proxmark3 COM7
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: /-suspect 2015-04-02 15:12:04
#db# os: /-suspect 2015-04-02 15:12:11
#db# HF FPGA image built on 2015/03/09 at 08:41:42
Prox/RFID mark3 RFID instrument
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 0 bytes ( 0%). Free: 262144 b
ytes (100%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune
Measuring antenna characteristics, please wait.......
# LF antenna: 39.74 V @ 125.00 kHz
# LF antenna: 32.31 V @ 134.00 kHz
# LF optimal: 39.74 V @ 125.00 kHz
# HF antenna: 17.65 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
proxmark3> hf iclass snoop
#db# cancelled_a
#db# a 0 0
#db# 20 14f0 f0
proxmark3> hf list iclass
Recorded Activity (TraceLen = 5360 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transf
er
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error)
| CRC | Annotation |
------------|------------|-----|------------------------------------------------
-----------------|-----|--------------------|
Offline
#db# bootrom: /-suspect 2015-04-02 15:12:04
#db# os: /-suspect 2015-04-02 15:12:11
Update to the latest firmware and try again.
Offline
Thanks for the answer but it's already flashed with the latest firmware 2.4.0 (2.5.0 is not available)
http://www.proxmark.org/forum/viewtopic.php?id=1562
Offline
The link you provide is outdated here are the up to date versions: Compiled Windows clients - always up to date
Offline
Works like a charm - thanks!
1. I cancelled the snoop operation after reading the card by pressing the BUTTON on the Proxmark: is it the right way to do it or can it be cancelled by command ?
2. The Source of Transf is allways the Tag - is there a way to snoop the reader as well ?
Thanks
c:\prox\win32>go
c:\prox\win32>proxmark3 COM9
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-392-g315e18e-suspect 2018-08-15 13:12:50
os: master/v3.0.1-392-g315e18e-suspect 2018-08-15 13:12:52
fpga_lf.bit built for 2s30vq100 on 2015/03/06 at 07:38:04
fpga_hf.bit built for 2s30vq100 on 2018/08/13 at 21:22:51
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 194110 bytes (74%). Free: 680
34 bytes (26%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune
Measuring antenna characteristics, please wait.........
# LF antenna: 40.15 V @ 125.00 kHz
# LF antenna: 32.86 V @ 134.00 kHz
# LF optimal: 40.15 V @ 125.00 kHz
# HF antenna: 23.32 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
proxmark3> hf iclass snoop
proxmark3> hf list iclass
#db# cancelled_a
#db# 9 0 0
#db# 20 8a 17
Recorded Activity (TraceLen = 138 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transf
er
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error)
| CRC | Annotation |
------------|------------|-----|------------------------------------------------
-----------------|-----|--------------------|
0 | 0 | Tag | 0f
| |
0 | 0 | Tag | bb 33 bb 00 00 00 04 bb
| ok |
0 | 0 | Tag | 95 59 63 01 fb ff 12 e0 e8 f6
| ok |
0 | 0 | Tag | fe ff ff ff ff ff ff ff
| ok |
0 | 0 | Tag | bb 33 bb 00 00 00 04 bb
| ok |
0 | 0 | Tag | bb 33 bb 00 00 00 04 bb
| ok |
0 | 0 | Tag | 2a d4 c8 21 1f 99 68 71 52 99
| ok |
0 | 0 | Tag | 2a d4 c8 21 1f 99 68 71 52 99
| ok |
proxmark3> hf list iclass
Recorded Activity (TraceLen = 138 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transf
er
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 0 | Tag | 0f
| |
0 | 0 | Tag | bb 33 bb 00 00 00 04 bb
| ok |
0 | 0 | Tag | 95 59 63 01 fb ff 12 e0 e8 f6
| ok |
0 | 0 | Tag | fe ff ff ff ff ff ff ff
| ok |
0 | 0 | Tag | bb 33 bb 00 00 00 04 bb
| ok |
0 | 0 | Tag | bb 33 bb 00 00 00 04 bb
| ok |
0 | 0 | Tag | 2a d4 c8 21 1f 99 68 71 52 99
| ok |
0 | 0 | Tag | 2a d4 c8 21 1f 99 68 71 52 99
| ok |
proxmark3>
Offline
to stop a snoop, yes typically you press the button.
also if you are only seeing the tag then the reader is not being heard by the pm3, (which is unusual).. try getting the pm3 closer to the reader (holding the pm3 antenna between the reader and tag, this becomes difficult if you have a pm3 that has the antenna built-in as the pm3 circuits often interfere with the reader)
Offline