Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#51 2019-11-20 19:44:58
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: MAGIC ISO15693 tags
I suspect the magic iso15 is just magic, ie uid changeable.
Offline
#52 2019-11-20 21:56:33
- Gambrius
- Contributor
- From: germany
- Registered: 2019-10-28
- Posts: 25
- Website
Re: MAGIC ISO15693 tags
The magic card i have is reacting to the commands of the privacy mode. e.g. sending random numbers for the xor generation of the password.
Thats why i think that these cards can handle the privacy mode.
Is there a way that someone could ask the manufactor?
Offline
#53 2019-11-23 12:48:46
- Gambrius
- Contributor
- From: germany
- Registered: 2019-10-28
- Posts: 25
- Website
Re: MAGIC ISO15693 tags
@Iceman: within your iso15_magic.lua script there iss an option "-a" for using it with the official repo. Therefor I copied the iso15_magic.lua script and the read15.lua lib from your Repo into the official Repo, because I couldn't find these in there.
After using the magic script my ISO15693 Magic Card has an UID of "00 00 00 00 00 00 00 00". It looks like that the last two commands of your script do not work in this constellation which should write the two half of the UID.
With your Repo it was not a problem at all to change the UID back to a correct value (if the position of the tag is correct towards the proxmark3, which is kind of a hassle.).
What needs to be done, do get the magic script working within the official Repo?
Regards,
Gambrius
Last edited by Gambrius (2019-11-23 12:50:12)
Offline
#54 2019-11-24 12:57:25
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: MAGIC ISO15693 tags
dunno really, I haven't used that lua-script with offical repo for quite some time.
Its usage is outdated in RRG/Iceman repo since its been incorporated into the client.
Offline
#55 2019-11-24 17:21:23
- Gambrius
- Contributor
- From: germany
- Registered: 2019-10-28
- Posts: 25
- Website
Re: MAGIC ISO15693 tags
@iceman: thanks for your reply. Got the answer (from you) within the other post, that it is done by csetuid now, because of the overheating issue in the RDV4.
Offline
#56 2019-11-24 18:47:13
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: MAGIC ISO15693 tags
almost correct, buggy code on Offical repo leads to unwanted behavior like not shutting off rf power field. As I said, once Piwis code becomes stable, we have a look at what is reusable. Offical repo has been slacking off in being stable the last years.
Offline
#57 2019-12-20 08:46:20
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: MAGIC ISO15693 tags
The "magic" commands are just write block commands to blocks 0x3e, 0x3f, 0x38, 0x39. The latter two write the UID (and the tag responds like to any other write block command). The tag however doesn't answer on the first two write block commands and the UID can be changed without them. Any idea what their purpose is?
Offline
#58 2019-12-21 02:26:25
- Gambrius
- Contributor
- From: germany
- Registered: 2019-10-28
- Posts: 25
- Website
Re: MAGIC ISO15693 tags
@piwi:
Because I am away from home (from my hardware) right now i am not 100% sure, but i think one of the first two comands is zeroing the uid. I had an incident where I ended up with a uid filled just with 00 and my script did not run the ...38 and ...39 comand.
You could give it a try.
Regards,
Gambrius
Offline
#59 2020-01-19 06:39:13
- Gambrius
- Contributor
- From: germany
- Registered: 2019-10-28
- Posts: 25
- Website
Re: MAGIC ISO15693 tags
Hallo,
The magic cards I have tested so far (e.g. from RFx) are all iso15693 SLIX cards. Because SLIX is not supporting PRIVACY MODE at all, i am looking for SLIX2 or SLIX-L cards with changeable UIDs.
Does anyone know wether there are any other cards available?
Regards,
Gambrius
Offline
#60 2021-02-02 14:11:13
- papuaoshi
- Contributor
- Registered: 2018-12-23
- Posts: 5
Re: MAGIC ISO15693 tags
Hallo,
The magic cards I have tested so far (e.g. from RFx) are all iso15693 SLIX cards. Because SLIX is not supporting PRIVACY MODE at all, i am looking for SLIX2 or SLIX-L cards with changeable UIDs.Does anyone know wether there are any other cards available?
Regards,
Gambrius
Hi! I've just received a magic 15693 card from RFxSecure.com which claims to be Sli/Slix.
I was able to change its UID just with 2 blocks (38h for LSB of UID; 39h for MSB of UID). However none of NXP propietary commands worked. I have tried the following:
ABh - get nxp system info
DBh - read signature
A3h - reset EAS
B2h - get random number
For me it looks like generic 15693 card with 28x4 memory
UPD: Ok. It looks like SLI to me with EAS locked from the beginning. Only reponds to A0h
Last edited by papuaoshi (2021-02-04 23:09:08)
Offline
#61 2021-04-06 22:24:15
- zeppi
- Contributor
- Registered: 2021-03-07
- Posts: 36
Re: MAGIC ISO15693 tags
i bought 2 cards sold as "15693 UID changeable" and physically marked as "15693 iCode Sli/Slix Modifiable" at Shop910686014 on AliExpress for a semi-reasonable price of $25 incl shipping.
I was able to change the UID using the "hf 15 csetuid" command and it was possible clone a 15693 card using "hf 15 dump" and "hf 15 restore". The clone card seems to be identical.
Btw, "hf 15 findafi" does nothing, just outputs the help text.
However, I have not enough experience and knowledge about this type of card to know what additional properties it should have.
So let me know what I should test with this card (as the price is better than at other shops), and give the precise commands for that. Note: My macOS client does no have data plot capability.
Offline
#62 2021-04-07 09:11:37
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: MAGIC ISO15693 tags
there was a fix for hf 15 findafi last night. It should run the bruteforce afi now.
Offline
#63 2021-04-07 10:53:24
- zeppi
- Contributor
- Registered: 2021-03-07
- Posts: 36
Re: MAGIC ISO15693 tags
Good call, iceman! I love it! It does this:
[=] click pm3 button or press Enter to exit
[#] NoAFI UID = <redacted>
[#] AFI = 0 UID = <redacted>
[#] AFI Bruteforcing done.
and waits and waits, until the Enter key is pressed.
Is that intentional? If so, maybe it could tell the user to press Enter?
Offline
#64 2021-04-07 11:26:58
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: MAGIC ISO15693 tags
Not intentional. I pushed a fix for it.
Offline
#65 2021-04-07 13:56:15
- zeppi
- Contributor
- Registered: 2021-03-07
- Posts: 36
Re: MAGIC ISO15693 tags
appreciated!
Offline
#66 2022-06-14 13:02:39
- eychei
- Contributor
- Registered: 2018-03-25
- Posts: 5
Re: MAGIC ISO15693 tags
Hi everyone,
just wanted to ask if anyone has a contact where I can get a Magic 15693 in europe.
Would be nice.
Best Wishes
-E
Offline
#67 2022-06-14 18:48:37
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: MAGIC ISO15693 tags
trade / shopping category would be better, however look at lab401.com or ksec if you are in UK
Offline
#68 2022-06-14 20:00:21
- eychei
- Contributor
- Registered: 2018-03-25
- Posts: 5
Re: MAGIC ISO15693 tags
Thx. Will check asap.
Offline