Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2020-08-27 02:22:26
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
reading SEOS card?
A user over at the discord server sniffed his SEOS card, as seen below, where I extracted the commands send by the reader and make the equivelent for Proxmark3. You can now get the same data out of your card but I have no idea what the command APDU's does.
When I say the same, its the same until the last command. That one gives an error on my card vs the users card.
[usb] pm3 --> hf search
[+] UID: 0x 4x 8x 0x
[+] ATQA: 00 01
[+] SAK: 20 [1]
[+] Possible types:
[+] MIFARE Plus 2K/4K / Plus EV1 2K/4K
[+] MIFARE Plus CL2 2K/4K / Plus CL2 EV1 2K/4K
[+] ATS: 05 78 77 80 02 9C 3A
[+] - TL : length is 5 bytes
[+] - T0 : TA1 is present, TB1 is present, TC1 is present, FSCI is 8 (FSC = 256)
[+] - TA1 : different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
[+] - TB1 : SFGI = 0 (SFGT = (not needed) 0/fc), FWI = 8 (FWT = 1048576/fc)
[+] - TC1 : NAD is NOT supported, CID is supported
[+] Valid ISO14443-A tag found* RRG/Iceman repo based commands *
clear
hf 14a raw -s -c -p d01100
hf 14a apdu -k 00a404000aa000000440000101000100
hf 14a apdu -k 80a504001306112b0601040181e43801010201180101020200
hf 14a apdu -k 00870001047c02810000
hf 14a apdu -k 008700012c7c2a8228ba59c0ace0edc4c550f0053d4857c3ab74153cb7f1e507fcf12437acd30e7eff8bc138a26cd62ef200
hf 14a apdu -d 0ccb3fff168508dce59bd2a233b32d97008e0820f5d036ead124ee
hf 14a listOuputs:
[usb] pm3 --> hf 14a raw -s -c -p d01100
Card selected. UID[4]:
08 D8 E1 93
received 3 bytes
D0 73 87
[usb] pm3 --> hf 14a apdu -k 00a404000aa000000440000101000100
>>>>[keep ] 00 A4 04 00 0A A0 00 00 04 40 00 01 01 00 01 00
<<<< 6F 0C 84 0A A0 00 00 04 40 00 01 01 00 01 90 00
[+] APDU response: 90 00 - Command successfully executed (OK).
[usb] pm3 --> hf 14a apdu -k 80a504001306112b0601040181e43801010201180101020200
>>>>[keep ] 80 A5 04 00 13 06 11 2B 06 01 04 01 81 E4 38 01 01 02 01 18 01 01 02 02 00
<<<< CD 02 09 07 85 40 CD 12 99 54 6D E8 33 BD 73 2B 63 9A 63 C6 DA 14 F5 DF 9C 4E 07 F4 DB BF 4D A7 29 08 E8 A7 94 23 3A E9 94 7B 70 05 55 A2 F9 5E 8A 93 0C 47 01 B0 02 A5 08 0A B2 2E 37 60 D6 69 41 F5 23 85 CB 61 8E 08 9E BA AE 38 15 08 9E 47 90 00
[+] APDU response: 90 00 - Command successfully executed (OK).
[usb] pm3 --> hf 14a apdu -k 00870001047c02810000
>>>>[keep ] 00 87 00 01 04 7C 02 81 00 00
<<<< 7C 0A 81 08 CF 57 F4 A3 59 2C 30 BC 90 00
[+] APDU response: 90 00 - Command successfully executed (OK).
[usb] pm3 --> hf 14a apdu -k 008700012c7c2a8228ba59c0ace0edc4c550f0053d4857c3ab74153cb7f1e507fcf12437acd30e7eff8bc138a26cd62ef200
>>>>[keep ] 00 87 00 01 2C 7C 2A 82 28 BA 59 C0 AC E0 ED C4 C5 50 F0 05 3D 48 57 C3 AB 74 15 3C B7 F1 E5 07 FC F1 24 37 AC D3 0E 7E FF 8B C1 38 A2 6C D6 2E F2 00
<<<< 7C 2A 82 28 71 F8 FE 38 48 66 44 E0 E2 FB 31 55 BC 27 7D 56 D0 48 0E D0 BF A4 42 9A FE 74 04 E7 10 20 E4 23 13 A2 70 74 66 3A 1A CD 90 00
[+] APDU response: 90 00 - Command successfully executed (OK).
[usb] pm3 --> hf 14a apdu -d 0ccb3fff168508dce59bd2a233b32d97008e0820f5d036ead124ee
>>>>[] 0C CB 3F FF 16 85 08 DC E5 9B D2 A2 33 B3 2D 97 00 8E 08 20 F5 D0 36 EA D1 24 EE
[=] APDU: case=0x03 cla=0x0c ins=0xcb p1=0x3f p2=0xff Lc=0x16(22) Le=0x00(0)
<<<< 67 00
[+] APDU response: 67 00 - Wrong length
[usb] pm3 --> hf 14a list
[=] downloading tracelog data from device
[+] Recorded activity (trace len = 575 bytes)
[=] start = start of start frame end = end of frame. src = source of transfer
[=] ISO14443A - all times are in carrier periods (1/13.56MHz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52(7) | | WUPA
2116 | 4484 | Tag |01 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10564 | 16452 | Tag |08 d8 e1 93 a2 | |
19200 | 29664 | Rdr |93 70 08 d8 e1 93 a2 4c 78 | ok | SELECT_UID
30788 | 34372 | Tag |20 fc 70 | |
36096 | 40864 | Rdr |e0 80 31 73 | ok | RATS
42692 | 50820 | Tag |05 78 77 80 02 9c 3a | ok |
63232 | 69088 | Rdr |d0 11 00 52 a6 | ok |
70980 | 74500 | Tag |d0 73 87 | |
390528 | 412576 | Rdr |02 00 a4 04 00 0a a0 00 00 04 40 00 01 01 00 01 00 fe | |
| | |6b | ok |
430660 | 452676 | Tag |02 6f 0c 84 0a a0 00 00 04 40 00 01 01 00 01 90 00 fb | |
| | |e3 | ok |
766848 | 799200 | Rdr |03 80 a5 04 00 13 06 11 2b 06 01 04 01 81 e4 38 01 01 | |
| | |02 01 18 01 01 02 02 00 2a 71 | ok |
878788 | 878788 | Tag |03 cd 02 09 07 85 40 cd 12 99 54 6d e8 33 bd 73 2b 63 | |
| | |9a 63 c6 da 14 f5 df 9c 4e 07 f4 db bf 4d a7 29 08 e8 | |
| | |a7 94 23 3a e9 94 7b 70 05 55 a2 f9 5e 8a 93 0c 47 01 | |
| | |b0 02 a5 08 0a b2 2e 37 60 d6 69 41 f5 23 85 cb 61 8e | |
| | |08 9e ba ae 38 15 08 9e 47 90 00 93 22 | ok |
1293440 | 1308512 | Rdr |02 00 87 00 01 04 7c 02 81 00 00 70 5c | ok |
1332420 | 1352068 | Tag |02 7c 0a 81 08 cf 57 f4 a3 59 2c 30 bc 90 00 73 d8 | ok |
1676160 | 1737312 | Rdr |03 00 87 00 01 2c 7c 2a 82 28 ba 59 c0 ac e0 ed c4 c5 | |
| | |50 f0 05 3d 48 57 c3 ab 74 15 3c b7 f1 e5 07 fc f1 24 | |
| | |37 ac d3 0e 7e ff 8b c1 38 a2 6c d6 2e f2 00 2a cc | ok |
1880132 | 1936644 | Tag |03 7c 2a 82 28 71 f8 fe 38 48 66 44 e0 e2 fb 31 55 bc | |
| | |27 7d 56 d0 48 0e d0 bf a4 42 9a fe 74 04 e7 10 20 e4 | |
| | |23 13 a2 70 74 66 3a 1a cd 90 00 06 9a | ok |
2254208 | 2288864 | Rdr |02 0c cb 3f ff 16 85 08 dc e5 9b d2 a2 33 b3 2d 97 00 | |
| | |8e 08 20 f5 d0 36 ea d1 24 ee 1a 48 | ok |
2297412 | 2303300 | Tag |02 67 00 f1 38 | |Offline
#2 2020-09-01 20:13:57
- higbnua3rwxg
- Contributor
- Registered: 2019-03-07
- Posts: 3
Re: reading SEOS card?
I was looking through a device the other day and found this information in the setup.
Seos Configuration
ADF OID : 2A8570811E1000070000020000
Total Tag : 08
Tag : C0
My knowledge on RFID is limited and i'm not sure how helpful (if at all )this is though.
Offline
#3 2020-09-02 05:03:05
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,536
- Website
Re: reading SEOS card?
Which device is this? You got a picture of it? Tried sniffing some traffic?
Offline
#4 2020-09-02 11:06:18
- higbnua3rwxg
- Contributor
- Registered: 2019-03-07
- Posts: 3
Re: reading SEOS card?
Sorry, it is from an “Invixium TITAN” a non-HID, biometric reader with a configuration page for smart cards. I would hope they wouldn’t auto fill any sensitive information on the default seos configuration but don’t know enough about it to tell.
Offline
Pages: 1