Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Once you have a 64bit UID from performing the Indalademod function, can you create a copy using a Q5 or T55x7 card?
I read some slides from crypto.hyperlink.cz listing for Indala:
Q5 configuration word: 60 00 F0 A4
No further details on the configuration was listed.
http://crypto.hyperlink.cz/files/rosa_soom_v1a.pdf (slide 25)
http://crypto.hyperlink.cz/files/ST_2008_07_22_23.pdf
Offline
Added Indala cloning feature (only for T55x7 at the moment) in r582.
The card must be in antenna before issuing the command.
I haven't be able to test on a real Indala reader myself, so the configuration may be not good enough, altough it has been tested by one of the members in the forum with success.
To clone use the new command:
indalaclone <UID in HEX> ['l'] (option 'l' for 224 UID)
The UID must be written in HEX as returned now by 'indalademod' command
For long UID (224 bit) add an 'l' (for Long) after the UID, for example:
'indalaclone 3C4A42F2BBA7FF45388AB25D73243D45F0EBA2038CA1778AB l'
If you find any bug, please reply to this thread.
Regards,
Cex.
Offline
Worked perfect! Thank you!
Offline
How do I go about getting r582 version to be able to use this command?
Offline
How do I go about getting r582 version to be able to use this command?
Go to http://code.google.com/p/proxmark3 and follow instructions (you'll need SVN to get a copy of the code).
Offline
Added Indala cloning feature (only for T55x7 at the moment) in r582.
The card must be in antenna before issuing the command.
I haven't be able to test on a real Indala reader myself, so the configuration may be not good enough, altough it has been tested by one of the members in the forum with success.To clone use the new command:
indalaclone <UID in HEX> ['l'] (option 'l' for 224 UID)
The UID must be written in HEX as returned now by 'indalademod' command
For long UID (224 bit) add an 'l' (for Long) after the UID, for example:
'indalaclone 3C4A42F2BBA7FF45388AB25D73243D45F0EBA2038CA1778AB l'If you find any bug, please reply to this thread.
Regards,
Cex.
Do I understand correctly that in order to do an Indala clone, I need to perform normal lf read, then with pskindalademod I would get a 64 or 224 bits UID, which will be used in indala clone to write on At55x7 chip.
How can I figure the exact configuration the clone command exercise on the chip, in order not to be bound by only one chip? Can I use tag/at55xx/detect or readinfo or config to get the real configuration mask indala clone command has used here? if not, what was exactly hard coded in the command? PSk modulation yes v1 or 2? which data rate, how many data block etc? "lf search" can investigat the indala tag and spit out the data rate/ modulation precisely?
Is this "indala clone" writing a cover of "lf t55xx wr"?
under cover I mean for example if I have UID='0000000000000000000000000000010100000000000000010000000100001101'
or in HEX '50001010D'
to write I do
lf t55xx wr 0 <hardcoding>
then following by 2x "lf t55xx wr" of 2 data blocks like this
50001010
D0000000
or this
00000005
0001010D
? Or the idea is non-sense?
Last edited by ntk (2015-07-08 22:31:11)
Offline
Pages: 1