Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi, I'm new here. I'm from Spain, I borrowed a proxmark 3 and I'm doing a little study of the RFID technology security we've on our university environment.
I've tested a Mifare Classic (no too much problem).
In future I will check also a card 14443-B from transport card we have. I think It will not be as easy as the mifare as aren't dump commands.
Now, as in my house are a lot of dogs, I'd like to read their RFID tags to put the example of a dog robbery and spoof of its identity. In Europe pet id rfid tags should be compatibles with ISO 11784/11785, I think in Spain are mostly FDX-B type
I read that the trace em4x05 is of this type, FDX. But I think is not implemented in proxmark firmware, am I right?
I'm not sure, but I think that only biphase encoding support is needed with all is now. As FSK and ASK are supported.
Do you think I could use manmod functions as base to modify them to be biphase ??
regards.
Offline
Indala cards use BPSK, so you better use indalademod as a base.
Offline
Hi again, I was checking the indalademod and other functions and got something that "works". Currently I was using SVN version.
First did a method similar to mandemod to demodulate biphase. I tried it with the following traces:
- modulation-biphase.pm3
- em4x05.pm3
And it seemed to work (not very well the firsts times but after some patching started to work better). It needs a very good quality signal. I had many problems with signal from our dogs as is very noise.
Here trying to demodulate signal of modulation-biphase.pm3
Then I did a method to find the header and extract data conformly to ISO 11784/11785 FDX-B and I can show Country code and National code.
The biggest problem is that i cound't get working the CRC calculation to compare it with the transmitted CRC and then determine if data is or not valid.
You can see here the structure of the data.
http://www.priority1design.com.au/fdx-b_animal_identification_protocol.html
The only check I'm doing now is to check for the 1's control bits.
I also 've problems with the auto clock detector, so it's better to manual indicate it
At first instance i named it em4x05read as I started to develop with this trace, but then I readed the datasheet of that cards and found that are more complex and have more options than i though, so I think is a very simple FDX reader, so don't know wich name could be ok for that method i did. maybe fdxread ?
screenshots:
Here using the new method to extract data of the trace: em4x05.pm3
When some error is detected in control bits is shown. If i can get CRC working with also this when an error would be detected the data don't should be show.
signal of a dog:
after decimate, normalized and edited with a threshold
reading it:
there are more errors than with the trace from the em4x05 from the repository as this don't have the same signal quality, but anyway give a lot of good results!
It's curious that were I live don't use standard country codes in tags :S, Spain code should be 724, but this is correct as in the dog papers is shown the same code I read.
Offline
Pages: 1