[+] PAC/Stanley - Card: AE4D3B36, Raw: FF2049906D075145911D9B21D9B36C03
[+] PAC/Stanley - Card: AE4D5B36, Raw: FF2049906D075145911D5B21D9B36CC3
[+] PAC/Stanley - Card: AE5D1B36, Raw: FF2049906D075155B11D1921D9B36D83
Otherwise yes I had already seen this manipulation with the button & the "abcd" LEDs however I am no longer sorry.
]]>When Simulating em410x tags, the red LED A also lights up from the beginning and everything works fine.
I have been looking for Documentation about the LDEs but did not find any. Is there documentation about the LEDs?
I am working with a Proxmark 3 RDV4
]]>Thank you very much.
SAS
Currently, the FPGA is firstly setup for gathering samples with this command:
LFSetupFPGAForADC(LF_DIVISOR_125, true);
After that the code listens to the data and when the right timeframe comes it switches to writing mode and sends a pulse (the setup below is copy/paste from the PCF7931 writing function):
FpgaDownloadAndGo(FPGA_BITSTREAM_LF);
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, LF_DIVISOR_125); //125kHz
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_PASSTHRU);
//if (ledcontrol) LED_A_ON();
// steal this pin from the SSP and use it to control the modulation
AT91C_BASE_PIOA->PIO_PER = GPIO_SSC_DOUT;
AT91C_BASE_PIOA->PIO_OER = GPIO_SSC_DOUT;
// modulate antenna
HIGH(GPIO_SSC_DOUT);
while (tempo != tab[u]) {
tempo = AT91C_BASE_TC0->TC_CV;
}
// stop modulating antenna
LOW(GPIO_SSC_DOUT);
while (tempo != tab[u + 1]) {
tempo = AT91C_BASE_TC0->TC_CV;
}
But the problem is that the Proxmark reboots itself rather than sending a pulse, so the configuration must be incorrect. There is little FPGA specific documentation, so I'm pulling my hair out trying to get this working. What's the right setup for this use case?
I plan on committing the code when finished to complete the PCF7931 functions.
Thank you both. RFID.consultant, the reason is "just in case", meaning I'm making sure to replicate the target environment as much as possible to avoid any potential issues, regardless of whether the readers parse the data the same way.
That said, it sounds like the P300 AWID reader module is actually what I'm after since I assume that module would be included were I to buy a CanProx One reader, according to their brochure (https://www.cansec.com/downloads/send/42-proximity-readers/77-canprox-one-installation-guide). I assumed CanSec had their own AWID reader embedded in the CanProx one, but this seems to be not the case.
Batman, when you manually wrote the blocks on the new t55xx card, which pages and blocks did you write? I am getting that error with the trailing "1" on the wiegand number as well.
]]>Here are some tests I did, but that failed.
If someone can advise me, I will appreciate.
[usb] pm3 --> lf t55 sniff -1 --zero 7 --one 32
[=] T55xx command detection
[+] Downlink mode | password | Data | blk | page | 0 | 1 | raw
[+] ----------------------+----------+----------+-----+------+-----+-----+-------------------------------------------------------------------------------
[+] -----------------------------------------------------------------------------------------------------------------------------------------------------
[usb] pm3 --> lf t55 sniff --zero 9 --one 32
[=] T55xx command detection
[+] Downlink mode | password | Data | blk | page | 0 | 1 | raw
[+] ----------------------+----------+----------+-----+------+-----+-----+-------------------------------------------------------------------------------
[+] -----------------------------------------------------------------------------------------------------------------------------------------------------
[usb] pm3 --> lf t55 sniff
[=] T55xx command detection
[+] Downlink mode | password | Data | blk | page | 0 | 1 | raw
[+] ----------------------+----------+----------+-----+------+-----+-----+-------------------------------------------------------------------------------
[+] -----------------------------------------------------------------------------------------------------------------------------------------------------
[usb] pm3 --> lf t55xx sniff -1 -t 2
[=] T55xx command detection
[+] Downlink mode | password | Data | blk | page | 0 | 1 | raw
[+] ----------------------+----------+----------+-----+------+-----+-----+-------------------------------------------------------------------------------
[+] -----------------------------------------------------------------------------------------------------------------------------------------------------
[usb] pm3 --> lf t55xx sniff -1 --zero 7 --one 14
[=] T55xx command detection
[+] Downlink mode | password | Data | blk | page | 0 | 1 | raw
[+] ----------------------+----------+----------+-----+------+-----+-----+-------------------------------------------------------------------------------
[+] -----------------------------------------------------------------------------------------------------------------------------------------------------
I have been using my proxmark3 device from Ryscc.com on Windows. But now I switched to MAC platform.
I am attaching a listing of the "hw version" command, to clarify my device version:
[ Proxmark3 RFID instrument ]
[ CLIENT ]
Iceman/master/v4.14831-972-g3e7c0f4c4 2022-10-04 08:18:20 180bffbf5
compiled with............. Clang/LLVM Apple LLVM 14.0.0 (clang-1400.0.29.201)
platform.................. OSX / aarch64
Readline support.......... present
QT GUI support............ present
native BT support......... absent
Python script support..... present
Lua SWIG support.......... present
Python SWIG support....... present
[ PROXMARK3 ]
firmware.................. PM3 GENERIC
[ ARM ]
bootrom: Iceman/master/v4.14831-972-g3e7c0f4c4 2022-10-04 08:18:06 180bffbf5
os: Iceman/master/v4.14831-972-g3e7c0f4c4 2022-10-04 08:18:17 180bffbf5
compiled with GCC 10.2.1 20201103 (release)
[ FPGA ]
LF image 2s30vq100 2022-03-23 17:21:05
HF image 2s30vq100 2022-03-23 17:21:16
HF FeliCa image 2s30vq100 2022-03-23 17:21:27
HF 15 image 2s30vq100 2022-03-23 17:21:38
[Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Internal SRAM size: 64K bytes
--= Architecture identifier: AT91SAM7Sxx Series
--= Embedded flash memory 512K bytes ( 59% used )
I was previously using proxmark3 for Windows. I mainly make copies of Indala chips. But now I have a problem with the UID length provided by the Windows version for proxmark3.
For understanding, I am giving an example of the difference as now I have to copy Indala chips:
Windows:
"lf indala clone 4eeeee11d"
mac:
"lf indala clone a00000009ddddc23"
If I try the command on mac "lf indala altdemod":
[=] Recovered 937 raw bits, expected: 937
[=] Worst metric (0=best..7=worst): 7 at pos 110
[+] UID | 0000000000000000000000000000010011101110111011101110000100011101 (4eeeee11d)
But now I have a problem that I am keeping the Indala UID database in the format 4eeeee11d not but a00000009ddddc23. My problem now is that I don't know where I can convert the shorter format to the longer one to use the "lf indala clone" command on mac. Is there any converter or command to clone chips in shorter format ??? My only option now is to load it to get the shorter version.
I hope this is understandable.
Thank you very much for your time and have a nice day.
EDIT :
I solved it on Discord. The solution was bit shifting, so I converted the whole database. I was probably using a very old version of proxmark3 from 2019.
https://circuitdigest.com/calculators/bit-shift-calculator
]]>