Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2020-07-27 22:54:22

Ten
Contributor
Registered: 2020-07-27
Posts: 3

[hf 14a/mfc] Proxmark only sees tag and not reader

Hello,

I'm having issues with the sniffing and sim functions of the Proxmark.
I'm using a non-rdv4 PM3 with latest - or pretty much - RRG firmware (flashed on my Linux, properly compiled with PM3OTHER, using the android RfidTools app).
(This was the model, not in sale anymore. https://www.aliexpress.com/item/32956474910.html?spm=a2g0s.9042311.0.0.5d2b4c4dMQzXVB)

 [ CLIENT ]
  client: RRG/Iceman/master/v4.9237-529-gb5b55205-dirty-unclean 2020-06-29 17:24:47
  compiled with Clang/LLVM 4.2.1 Compatible Android (5900059 based on r365631c) Clang 9.0.8 (https://android.googlesource.com/toolchain/llvm-project 207d7abc1a2abf3ef8d4301736d6a7ebc224a290) OS:Android ARCH:aarch64

 [ PROXMARK3 ]

 [ ARM ]
  bootrom: RRG/Iceman/master/v4.9237-618-g84a49bf0 2020-07-25 23:57:34
       os: RRG/Iceman/master/v4.9237-618-g84a49bf0 2020-07-25 23:57:52
  compiled with GCC 10.1.0

 [ FPGA ]
  LF image built for 2s30vq100 on 2020-02-22 at 12:51:14
  HF image built for 2s30vq100 on 2020-01-12 at 15:31:16

 [ Hardware ]
  --= uC: AT91SAM7S512 Rev B
  --= Embedded Processor: ARM7TDMI
  --= Nonvolatile Program Memory Size: 512K bytes, Used: 226912 bytes (43%) Free: 297376 bytes (57%)
  --= Second Nonvolatile Program Memory Size: None
  --= Internal SRAM Size: 64K bytes
  --= Architecture Identifier: AT91SAM7Sxx Series
  --= Nonvolatile Program Memory Type: Embedded Flash Memory

I'm trying to discuss with some Mifare Classic reader, and I'm having issues with both sim and sniffing, where it seems the Proxmark is unaware of the reader.
I however able to do the same with my phone's reader (though I have to get on a veeery precise spot before my phone sees anything and the green led stays on). I seem to have no issues with the other functionality of the Proxmark (talking to cards, talking to LF tags, nested, hardnested,...). A while ago, with the old (official) PM3 software, I've successfully emulated the LF tag of my flat's door (though I had to pass it close quite a lot of times before it accepts to unlock, it seems to not be very easy to detect when emulating LF).

Here's what happens with the reader I'm currently trying to discuss with:
- In sim mode (the reader does not show any reaction, and the PM3's green led keeps flashing, indicating that a reader is pinging if I understand it correctly):

[usb] pm3 --> hf mf sim i x e
[=] Mifare  |  UID  N/A
[=] Options [ numreads: 0, flags: 49 (0x31) ]
[=] Press pm3-button or send another cmd to abort simulation
[#] 4B UID: deadbeef
[#] ATQA  : 00 04
[#] SAK   : 88
[#] Emulator stopped. Tracing: 1  trace length: 0
[usb] pm3 --> hf mf list
[=] downloading tracelog from device
[+] Recorded activity (trace len = 0 bytes)

The green led is even when the PM3 is not perfectly flat on the reader, and it can also read the card when it's not perfectly flat on the reader, which I feel means the reader has a reasonably long range.

- In sniff mode (uid-writable card properly detected by the reader)

[usb] pm3 --> hf 14a sniff
[#] Starting to sniff
[#] maxDataLen=3, Uart.state=0, Uart.len=0
[#] traceLen=2325, Uart.output[0]=00000000
[usb] pm3 --> hf mf list
[=] downloading tracelog from device
[+] Recorded activity (trace len = 2325 bytes)
[=] Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
[=] ISO14443A - All times are in carrier periods (1/13.56MHz)

      Start |        End | Src | Data (! denotes parity error)                                           | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
          0 |        256 | Tag |00!                                                                      |     | 
      37872 |      38128 | Tag |00!                                                                      |     | 
    1218400 |    1220768 | Tag |04  00                                                                   |     | 
    1263952 |    1269776 | Tag |de  ad  be  ef  22                                                       |     | 
    1354416 |    1357936 | Tag |08  b6  dd                                                               |     | 
    1639424 |    1641792 | Tag |04  00                                                                   |     | 
    1684976 |    1690800 | Tag |de  ad  be  ef  22                                                       |     | 
    1775440 |    1778960 | Tag |08  b6  dd                                                               |     | 
...
    5867104 |    5869472 | Tag |04  00                                                                   |     | 
    5912656 |    5918480 | Tag |de  ad  be  ef  22                                                       |     | 
    6003120 |    6006640 | Tag |08  b6  dd                                                               |     | 
    6060576 |    6065248 | Tag |96  70  25  a9                                                           |     | 
    6321152 |    6323520 | Tag |04  00                                                                   |     | 
    6366704 |    6372528 | Tag |de  ad  be  ef  22                                                       |     | 
    6457184 |    6460704 | Tag |08  b6  dd                                                               |     | 
    6742176 |    6744544 | Tag |04  00                                                                   |     | 
    6787728 |    6793552 | Tag |de  ad  be  ef  22                                                       |     | 
    6878080 |    6881600 | Tag |08  b6  dd                                                               |     | 
...

However:
- Detect reader seems to see something:

[usb] pm3 --> hw detectreader H
[#] HF 13.56MHz Baseline: 16mV
[#] HF 13.56MHz Field Change:  4145mV
[#] HF 13.56MHz Field Change:  5291mV
[#] HF 13.56MHz Field Change:  6490mV
[#] HF 13.56MHz Field Change:  4724mV
[#] HF 13.56MHz Field Change:    16mV
[#] HF 13.56MHz Field Change:  4282mV
[#] HF 13.56MHz Field Change: 12557mV
[#] HF 13.56MHz Field Change: 13719mV
[#] HF 13.56MHz Field Change:  3191mV
[#] HF 13.56MHz Field Change:    16mV
[#] HF 13.56MHz Field Change: 12003mV
[#] HF 13.56MHz Field Change: 19425mV
[#] HF 13.56MHz Field Change: 20568mV
[#] HF 13.56MHz Field Change: 21720mV

- HW tune is OK:

[usb] pm3 --> hw tune
...
[=] ---------- LF Antenna ----------
...
[=] ---------- HF Antenna ----------
[+] HF antenna: 36.28 V - 13.56 MHz
[+] HF antenna is O

This is somewhat the same symptoms I get when my phone is a bit far from the Proxmark and card and I try to sniff communication between card and phone.

However with that reader I've tried lots of positions of the card/reader/proxmark with always the same consistent non-working results.

I'm wondering whether this is a frequency issue where the PM3 maybe is not calibrated at the exact right frequency.

Could this be a reason? What could be the reasons why it has these symptoms? How can I diagnose which one it is exactly? And what could make my Proxmark either hear what's going on between the reader and the card, or hear what's going on between the reader and its own emulator (which should be the same as the card)?

If you think you may have the answer to any of these questions, I'd be very grateful for any hint! smile

Thanks in advance,

Last edited by Ten (2020-07-27 23:03:17)

Offline

#2 2020-07-28 10:39:55

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: [hf 14a/mfc] Proxmark only sees tag and not reader

Repo is currently unstable,  so I suggest using the release version from a month ago instead.  Things should work with it.

ref
https://github.com/RfidResearchGroup/proxmark3/releases

Offline

#3 2020-07-30 14:47:10

Ten
Contributor
Registered: 2020-07-27
Posts: 3

Re: [hf 14a/mfc] Proxmark only sees tag and not reader

The android app seems to not be compatible with that version ("Capabilities structure version sent by the Proxmark3 is not the same as the one used by the client" ). Is there anywhere I can get the android app's version with a client that matches that of the release you suggested? Or should I just flash the firmware that corresponds to the android version and it would be as stable as the release version?

Offline

#4 2020-07-30 14:57:46

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: [hf 14a/mfc] Proxmark only sees tag and not reader

questions best asked to the app repo.

Offline

#5 2022-07-23 22:05:44

ISO7816
Contributor
Registered: 2022-07-22
Posts: 3

Re: [hf 14a/mfc] Proxmark only sees tag and not reader

Hello,

I have the same issue as described above: "hf 14a sniff" only sees the tag but no reader frames.
I tried different distances and different orders (reader - PM3 - card, reader - card - PM3)


[#] Starting to sniff. Press PM3 Button to stop.
[#] trace len = 937
[usb] pm3 --> trace list
[=] downloading tracelog data from device
[+] Recorded activity (trace len = 937 bytes)
[=] start = start of start frame end = end of frame. src = source of transfer

      Start |        End | Src | Data (! denotes parity error)                                           | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
          0 |       4736 | Tag |aa  01  a6  5d                                                           |     |
    1433728 |    1438464 | Tag |aa  01  a6  5d                                                           |     |
    2874928 |    2879664 | Tag |aa  01  a6  5d                                                           |     |
    4300576 |    4305312 | Tag |aa  01  a6  5d                                                           |     |
    5749104 |    5753840 | Tag |aa  01  a6  5d                                                           |     |
    7191440 |    7196176 | Tag |aa  01  a6  5d                                                           |     |
    8625184 |    8629920 | Tag |aa  01  a6  5d                                                           |     |
   10044384 |   10049120 | Tag |aa  01  a6  5d                                                           |     |
   11480192 |   11484928 | Tag |aa  01  a6  5d                                                           |     |
   12925536 |   12930272 | Tag |aa  01  a6  5d                                                           |     |
   14356544 |   14361280 | Tag |aa  01  a6  5d                                                           |     |
   15789360 |   15794096 | Tag |aa  01  a6  5d                                                           |     |
   17225360 |   17230096 | Tag |aa  01  a6  5d                                                           |     |
   18661648 |   18666384 | Tag |aa  01  a6  5d                                                           |     |
   20094032 |   20098768 | Tag |aa  01  a6  5d                                                           |     |
   21511728 |   21514352 | Tag |aa  01  02                                                               |     |
   22956208 |   22960944 | Tag |aa  01  a6  5d                                                           |     |
   24362128 |   24366864 | Tag |aa  01  a6  5d                                                           |     |
   25805488 |   25810224 | Tag |aa  01  a6  5d                                                           |     |
   27243328 |   27248064 | Tag |aa  01  a6  5d                                                           |     |
   28691760 |   28696496 | Tag |aa  01  a6  5d                                                           |     |
   30120096 |   30124832 | Tag |aa  01  a6  5d                                                           |     |
   31565792 |   31570528 | Tag |aa  01  a6  5d                                                           |     |
   33017216 |   33021952 | Tag |aa  01  a6  5d                                                           |     |
   34456688 |   34461424 | Tag |aa  01  a6  5d                                                           |     |
   35882544 |   35887280 | Tag |aa  01  a6  5d                                                           |     |
   37311904 |   37316640 | Tag |aa  01  a6  5d                                                           |     |
   38740656 |   38745392 | Tag |aa  01  a6  5d                                                           |     |
   40180928 |   40185664 | Tag |aa  01  a6  5d                                                           |     |
   41629744 |   41634480 | Tag |aa  01  a6  5d                                                           |     |
   43068032 |   43072768 | Tag |aa  01  a6  5d                                                           |     |
   44483632 |   44488368 | Tag |aa  01  a6  5d                                                           |     |
   45915216 |   45919952 | Tag |aa  01  a6  5d                                                           |     |
   47346432 |   47351168 | Tag |aa  01  a6  5d                                                           |     |
   48791728 |   48796464 | Tag |aa  01  a6  5d                                                           |     |
   50225360 |   50230096 | Tag |aa  01  a6  5d                                                           |     |
   51676256 |   51680992 | Tag |aa  01  a6  5d                                                           |     |
   53111616 |   53116352 | Tag |aa  01  a6  5d                                                           |     |
   54553056 |   54557792 | Tag |aa  01  a6  5d                                                           |     |
   55978768 |   55983504 | Tag |aa  01  a6  5d                                                           |     |
   57419040 |   57423776 | Tag |aa  01  a6  5d                                                           |     |
   58853856 |   58858592 | Tag |aa  01  a6  5d                                                           |     |
   60291248 |   60295984 | Tag |aa  01  a6  5d                                                           |     |
   61733984 |   61738720 | Tag |aa  01  a6  5d                                                           |     |
   63172128 |   63176864 | Tag |aa  01  a6  5d                                                           |     |
   64601216 |   64605952 | Tag |aa  01  a6  5d                                                           |     |
   66030432 |   66035168 | Tag |aa  01  a6  5d                                                           |     |
   67477696 |   67482432 | Tag |aa  01  a6  5d                                                           |     |
   68900128 |   68904864 | Tag |aa  01  a6  5d                                                           |     |
   69463296 |   69482944 | Tag |0b  01  08  a0  00  00  01  51  00  00  00  01  9e  90  00  4a  5a       |     |
   69763024 |   69770064 | Tag |0a  01  6a  88  17  40                                                   |     |
   70101024 |   70109216 | Tag |0b  01  07  a0  00  00  01                                               |     |
   70743120 |   70747664 | Tag |0a  01  10  a0!                                                          |     |
   81495536 |   81515184 | Tag |0b  01  08  a0  00  00  01  51  00  00  00  01  9e  90  00  4a  5a       |     |
   81794400 |   81801440 | Tag |0a  01  6a  88  17  40                                                   |     |
...

My setup is proxmark3 rdv3 (clone ?) with the latest iceman branch firmware:


    MCU....... AT91SAM7S512 Rev B
    Memory.... 512 Kb ( 48% used )

    Client.... Iceman/master/v4.14831-825-g3001e2edc 2022-07-23 22:55:39
    Bootrom... Iceman/master/v4.14831-825-g3001e2edc 2022-07-23 22:54:15
    OS........ Iceman/master/v4.14831-825-g3001e2edc 2022-07-23 22:54:40
    Target.... PM3 GENERIC

the reader is a OmnyKey 5421 (dual interface) working with a generic Java Card with MifareClassic Emulation

In the FAQ I read about different modulations for reader and card described on the opposite problem: PM3 only sees the reader, not the tag.
Does someone have (solved ?) this issue ?

Thank You.

Offline

#6 2022-07-24 09:49:18

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: [hf 14a/mfc] Proxmark only sees tag and not reader

hw tune,   to see if your hf antenna is ok.   Otherwise it might be your device that is sub-par.

Offline

#7 2022-07-24 11:33:35

ISO7816
Contributor
Registered: 2022-07-22
Posts: 3

Re: [hf 14a/mfc] Proxmark only sees tag and not reader

thanks for the reply.
This is what I get from tuning:

[usb] pm3 --> hw tune
[+] HF antenna: 32.75 V - 13.56 MHz
[+] Approx. Q factor (*): 9.5 by peak voltage measurement
[+] HF antenna is OK
[usb] pm3 --> hf tune
[=] Measuring HF antenna, click pm3 button or press Enter to exit
[=] 32609 mV / 32 V / 33 Vmax

also the reader filed seems to be recognized

...
[#] HF 13.56MHz Field Change: 25363mV
[#] HF 13.56MHz Field Change: 26494mV
[#] HF 13.56MHz Field Change: 27586mV
[#] HF 13.56MHz Field Change: 28629mV
[#] HF 13.56MHz Field Change: 29687mV
[#] HF 13.56MHz Field Change: 30700mV
[#] HF 13.56MHz Field Change: 31702mV
[#] HF 13.56MHz Field Change: 32721mV
[#] HF 13.56MHz Field Change: 31676mV
[#] HF 13.56MHz Field Change: 30624mV
[#] HF 13.56MHz Field Change: 29602mV
[#] HF 13.56MHz Field Change: 28600mV
[#] HF 13.56MHz Field Change: 27499mV
[#] HF 13.56MHz Field Change: 26409mV
[#] HF 13.56MHz Field Change: 25407mV
[#] HF 13.56MHz Field Change: 24324mV
[#] HF 13.56MHz Field Change: 23300mV
[#] HF 13.56MHz Field Change: 22293mV
[#] HF 13.56MHz Field Change: 23321mV
[#] HF 13.56MHz Field Change: 24381mV
[#] HF 13.56MHz Field Change: 25491mV
[#] HF 13.56MHz Field Change: 26621mV
[#] HF 13.56MHz Field Change: 27663mV
...

anything else I can try ?

Currently I removed the LF part from the ICEMAN firmware to make it fitting into the flash (fuse problem)

What do You mean by "sub-par." ?

Thanks.

Offline

#8 2022-07-24 12:17:03

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: [hf 14a/mfc] Proxmark only sees tag and not reader

Looks ok.
sniffing isn't clear cut,   you need to test different ways with card,  pm3 and reader. 
It should found after a couple of tries.

however if it never work,  then the hardware might be not up to standard.  Especially if its an cheap clone.

try swapping reader and see if you can sniff your phone etc..

Offline

Board footer

Powered by FluxBB