Help for decoding a FSK trace.

app_o1 · 2013-06-22 08:03:28

Glad to be part of this forum ! !
I am learning slowly.

I am having trouble decoding 2 traces ("130" & "131") which I believe are FSK modulation.

I am using fskdemod but the results given by the PM3 don/t make any sense !
I thought low-to-high transition is a 0 and high-to-low transition a 1.

See bellow screenshot, the 2 traces "131" & "130" on the top are what fskdemod gives... Sometime low-to-high is decoded as 0 but other times as 1... That is why I am very confused...
http://uppix.net/gfbouh.jpg

Also, the PM3 start to decode not where it should I think... Bellow screenshot I can clearly see that the card UID is repeated and doesn't start where the PM3 thinks it does...
http://uppix.net/HzoVUS.jpg (yellow line is where the PM3 start to decode)

Traces can be found here :
http://www.speedyshare.com/2ZGfY/130.pm3
http://www.speedyshare.com/e5R7a/131.pm3

marshmellow · 2013-06-24 22:11:24

are there any markings on the card? it looks similar to one i've seen before.
try a manual look at the raw trace follow this rule:
5 high bars = 1
6 or 7 low bars = 0

This yields :
00000000 00000001 00000001 00000001 00000001 00000001 00000001 00000001 00011001 10010100 00000001 00000001 00000001 00010000 00101111 00001110
1st byte = preamble
8th bit of each following byte = Odd Parity Bit for byte
interpreted data (without parity bits or leading zeros):
11001001010000000000000000000000000100000101110000111

the problem i've found with a card that looks like this is the data read, matched another reader, but doesn't match anything on the card and appears to be encrypted in some fashion.

however if you were looking to clone it this info might help.

Last edited by marshmellow (2013-06-24 22:14:24)

marshmellow · 2013-06-24 22:18:05

this one doesn't look like it has encryption like mine did though.. is the card number 67011?

marshmellow · 2013-06-24 22:22:01

if we can confirm this card modulation does anyone know how to add it to the proxmark firmware? I might just have to re-learn C and get my dev environment set up.

app_o1 · 2013-06-26 15:53:57

Thanks a lot marshmellow !
But I don't get it
What is a low or high "bar".

There are 2 traces from 2 different cards (basic white ISO cards, no logo or brand).
First one (red frame "131") as the following number printed : "2188 131"
Second on (blue frame "130") as the following number printed : "2188 130".
See screenshot : http://s23.postimg.org/hzadpbx2h/gfbouh.jpg

marshmellow · 2013-06-26 15:58:17

Sorry I took just 130 to start with. high bar = larger wave forms low bar = shorter wave forms
and look at the plot without doing a fskdemod.

marshmellow · 2013-06-26 16:02:00

131=
00000000 00000001 00000001 00000001 00000001 00000001 00000001 00000001 00011001 10010100 00000001 00000001 00000001 00010000 00111110 11001101

marshmellow · 2013-06-26 16:18:14

interesting:
131 and 130 are actually card numbers programmed in raw bits from bit 81-116 (remember to remove the odd byte parities)
data without parities:
00011001001010(?) 00000000000000000000000010000010(130) 1110000111(checksum?)
00011001001010(?) 00000000000000000000000010000011(131) 1111100110(checksum?)

o0o0o0o · 2013-06-27 05:11:45

Nothing at all on the card except the numbers ?
No small points for example ?

Last edited by o0o0o0o (2013-06-27 05:12:51)

app_o1 · 2013-06-27 08:30:19

Just 2 sets of numbers...

Thanks a lot marshmellow for the explanation !

I did it with Card No 129 and I am getting :
00011001001010 00000000000000000000000010000001 1111011000

app_o1 · 2013-06-27 09:19:33

I did it with another card but not same facility code/building.
It has number "54790" printed on it.

00000001 00000001 00000001 00000001 00000001 00000001 00000001 00000001 00000001 00000001 01100100 00110010 11001110 00011010 01110000
0000000 0000000 0000000 0000000 0000000 0000000 0000000 0000000 0000000 00000000 0110010 0011001 1100111 0001101 0111000

I can see the card No 1490 = 11100111000110

Last edited by app_o1 (2013-07-03 06:02:38)

app_o1 · 2013-06-27 09:41:17

Similar thing for Card No "54723"

00000001 00000001 00000001 00000001 00000001 00000001 00000001 00000001 00000001 00000001 01100100 00110010 11001101 00001101 00111011
0000000 0000000 0000000 0000000 0000000 0000000 0000000 0000000 0000000 0000000 0110010 0011001 1100110 0000110 0011101

Again I can see the card number 54723.

Last edited by app_o1 (2013-07-03 06:02:14)

marshmellow · 2013-06-27 14:28:59

So it would appear we have the demodulate understood (though the standard fskdemod of the PM3 is way off). what we don't know is what the other bits mean or how they are calculated.

btw your the format of your last example matches a 26bit farpointe data formatted card that I have.
your other samples must also be a farpointe data format that I have not seen.
that format is like this:
1(startbit) 1(Wiegand Even Parity) 00100011(FC:35) 0011100110000011(Card#:14723) 0(wiegand Odd Parity) 0011101(unknown checksum)

my examples are shown at http://www.proxmark.org/forum/viewtopic.php?id=1651

marshmellow · 2013-06-27 14:36:09

BTW you can attempt to clone those cards with any t55x7 card (and possibly a q5) by programming those full bytes to memory blocks 1-4
and changing the config block (block 0) to 0x80107080 (t55x7 only) might work. (standard FSK settings for HID Prox except it outputs 4 blocks instead of 3)

app_o1 · 2013-06-28 14:35:44

When writing to a block, data has to be in HEX. So,
Block 0 = 0x80107080
Block 1 = 0x23
Block 2 = 0x39
Block 3 = 0xC6
Block 4 = 0xB8

All wrong ?

marshmellow · 2013-06-28 15:06:48

not ALL wrong
you will likely need all the 01 blocks in front of the actual data
(each block requires 8 hex characters)

block 1 = 00010101
block 2 = 01010101
block 3 = 19940101
etc...

(example of 130 tag above)

Last edited by marshmellow (2013-06-28 15:10:26)

app_o1 · 2013-06-29 04:20:09

Then for 54723, it should be

00010101
01010101
10101643
02CD0D3B

Correct ? :s

Last edited by app_o1 (2013-07-03 06:01:48)

app_o1 · 2013-06-29 04:30:09

I cannot edit my post

Looks like there is something wrong with block 2 !

marshmellow · 2013-06-29 05:00:33

block 3 & 4 actually

00010101
01010101
01010164
32CD0D3B

marshmellow · 2013-06-29 05:03:38

nice trick is to open windows calc - view - programmer
switch to bin and paste the binary in - then click hex

marshmellow · 2013-06-29 05:05:50

might have to take only half at a time, but always take binary in chunks divisible by 4 when converting to hex

app_o1 · 2013-06-29 05:23:07

Got it now ! (finally...)

Do you have an email address where you can be reached.

marshmellow · 2013-06-29 05:36:30

I did specify form mail here can reach my email, but to be honest i don't know how that works. Possibly click my name - might have link to mail me. If not let me know and we can find another way. Though I am trying to be pretty active on the forum, and can be reached here.

app_o1 · 2013-06-29 06:11:34

Same for me... My email is not showing up. And I can't receive private message...

I have seen somewhere in the forum that you "supply and make all kinds of RFID cards"

Do you also do 13.56 mHz ?

Last edited by app_o1 (2013-07-03 06:01:33)

Proxmark3 community

Announcement

#1 2013-06-22 08:03:28

Help for decoding a FSK trace.

#2 2013-06-24 22:11:24

Re: Help for decoding a FSK trace.

#3 2013-06-24 22:18:05

Re: Help for decoding a FSK trace.

#4 2013-06-24 22:22:01

Re: Help for decoding a FSK trace.

#5 2013-06-26 15:53:57

Re: Help for decoding a FSK trace.

#6 2013-06-26 15:58:17

Re: Help for decoding a FSK trace.

#7 2013-06-26 16:02:00

Re: Help for decoding a FSK trace.

#8 2013-06-26 16:18:14

Re: Help for decoding a FSK trace.

#9 2013-06-27 05:11:45

Re: Help for decoding a FSK trace.

#10 2013-06-27 08:30:19

Re: Help for decoding a FSK trace.

#11 2013-06-27 09:19:33

Re: Help for decoding a FSK trace.

#12 2013-06-27 09:41:17

Re: Help for decoding a FSK trace.

#13 2013-06-27 14:28:59

Re: Help for decoding a FSK trace.

#14 2013-06-27 14:36:09

Re: Help for decoding a FSK trace.

#15 2013-06-28 14:35:44

Re: Help for decoding a FSK trace.

#16 2013-06-28 15:06:48

Re: Help for decoding a FSK trace.

#17 2013-06-29 04:20:09

Re: Help for decoding a FSK trace.

#18 2013-06-29 04:30:09

Re: Help for decoding a FSK trace.

#19 2013-06-29 05:00:33

Re: Help for decoding a FSK trace.

#20 2013-06-29 05:03:38

Re: Help for decoding a FSK trace.

#21 2013-06-29 05:05:50

Re: Help for decoding a FSK trace.

#22 2013-06-29 05:23:07

Re: Help for decoding a FSK trace.

#23 2013-06-29 05:36:30

Re: Help for decoding a FSK trace.

#24 2013-06-29 06:11:34

Re: Help for decoding a FSK trace.

Board footer