Interesting thoughts on the c10 capacitor. Isn't this the famous one which everyone with different antennas need to change?
No, the famous one is C35.
C10 and parallel C45 are decoupling capacitors for DC voltage Vmid. Did you check your C45 as well?
]]>And a 8-10 year old hardware has a tendency to break down. Interesting thoughts on the c10 capacitor. Isn't this the famous one which everyone with different antennas need to change? (if I remember it correctly) At least if you had the green pcb and radiowars black one and ppl were building their own antennas.
Nowdays, many buys a elechouse revision, which has good voltage from the start. Not too many posts about building their own antennas anymore.
]]>I replaced it with a good 100nF cap and the board worked a lot better, but not perfect, so I started to investigate other values, and on a whim I just tried without the cap. To my surprise, this improved reading tremendously, to the point where I could reliably read a fancy metal EMV Paypass card that gives trouble even to a lot of commercial readers. Very unexpected!
I am just wondering why removing this cap improved things so much - as far as I can tell, this is simply a decoupling capacitor to give a steady Vmid (2.5V) voltage to the amplifier (IC6C), and should not have a major impact. I'm afraid this is a case of two wrongs cancelling each other, but as long as the reader is working reliably... If anyone can offer a reasonable analysis, I'm interested!
Below are a couple of scope traces, in case anyone cares - I'd be curious if anyone wanted to compare with their own units?
1. Raw RF field at the antenna:
2. The same field, zoomed in, where you can more easily see the reader/antenna communication
3. Trace after envelope detector and amplification, at the ADC_IN point. Note that somehow, the trace before/after removing C10 does not change there, at least I can't find any difference, so I am only attaching the one below, after removing C10:
Anyway, looking forward to doing more with the PM3 now!
]]>As I mentioned in my previous message, it looks like the antenna actually picks up the reader APDUs only, not the tag's, so something's definitely fishy...
]]>Since sniffing works well, I'd still say antenna. Test the strongest antenna, 20-30v is good one. Lesser than that and minor quirks starts to happen like placement and distance between antenna & tag becomes more important. Tags like legic will not read either then.
]]>proxmark3> hf list 14a
Recorded Activity (TraceLen = 3520 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 4768 | Rdr | 30 00 02 a8 | ok | READBLOCK(0)
16112 | 20880 | Rdr | 50 00 57 cd | ok | HALT
43632 | 44624 | Rdr | 52 | | WUPA
59872 | 70336 | Rdr | 93 70 65 00 67 13 11 c2 69 | ok | SELECT_UID
1354912 | 1359680 | Rdr | 30 00 02 a8 | ok | READBLOCK(0)
1371024 | 1375792 | Rdr | 50 00 57 cd | ok | HALT
1398544 | 1399536 | Rdr | 52 | | WUPA
1414784 | 1425248 | Rdr | 93 70 65 00 67 13 11 c2 69 | ok | SELECT_UID
2709824 | 2714592 | Rdr | 30 00 02 a8 | ok | READBLOCK(0)
2725936 | 2730704 | Rdr | 50 00 57 cd | ok | HALT
2753456 | 2754448 | Rdr | 52 | | WUPA
2769696 | 2780160 | Rdr | 93 70 65 00 67 13 11 c2 69 | ok | SELECT_UID
4066016 | 4070784 | Rdr | 30 00 02 a8 | ok | READBLOCK(0)
4082128 | 4086896 | Rdr | 50 00 57 cd | ok | HALT
4109648 | 4110640 | Rdr | 52 | | WUPA
4125888 | 4136352 | Rdr | 93 70 65 00 67 13 11 c2 69 | ok | SELECT_UID
5421184 | 5425952 | Rdr | 30 00 02 a8 | ok | READBLOCK(0)
5437296 | 5442064 | Rdr | 50 00 57 cd | ok | HALT
5464816 | 5465808 | Rdr | 52 | | WUPA
5481056 | 5491520 | Rdr | 93 70 65 00 67 13 11 c2 69 | ok | SELECT_UID
6776096 | 6780864 | Rdr | 30 00 02 a8 | ok | READBLOCK(0)
6792208 | 6796976 | Rdr | 50 00 57 cd | ok | HALT
6819728 | 6820720 | Rdr | 52 | | WUPA
6835968 | 6846432 | Rdr | 93 70 65 00 67 13 11 c2 69 | ok | SELECT_UID
8131008 | 8135776 | Rdr | 30 00 02 a8 | ok | READBLOCK(0)
8147120 | 8151888 | Rdr | 50 00 57 cd | ok | HALT
8174640 | 8175632 | Rdr | 52 | | WUPA
8190880 | 8201344 | Rdr | 93 70 65 00 67 13 11 c2 69 | ok | SELECT_UID
Has the board ever had any significant revision since it was designed?
Below is a picture I took - lighting is not great, but it's in focus. Let me know if you catch anything! The MCU is a 256k and I noticed current boards use 512, but if that was an issue, I would most probably get a hard crash...
]]>
I don't think anyone have tested the source code on an older modell since not many has one. Which model do you have? picture of pcb?
Also, the reading distance between tag and antenna / position for 14a is picky, usually 1-2cm distance is needed. When it comes to HF almost all tag reading distance for the different implementations is different. Rendering the hf search a bit unstable.
The new revisions of the pm3 device hardware has quite good performance.
]]>very long time no post here, but I did contribute to the PM3 a long long time ago. Pretty cool to see everything that's been going on with it over the years!
I recently took my unit out of storage, and updated it to the latest git head, but it behaves strangely:
- LF operations seem to work perfectly
- HF operations all fail - despite the antenna tuning looking fine. I have tried on a bunch of antennas, PCB or self-wound... no luck on any tag kind (iClass, Mifare, Mifare UL, etc)
Looking at the output below, can anyone spot an issue? Are there known problems on older units with current firmware? One thing I noticed - and I don't remember with the old firmware - is whether the relay is used at all. I only hear it click at bootup, but never afterwards.
I have also tried the 3.0.1 release snapshot from github, no luck on that one either. Each time I made sure bootrom, fullimage and corresponding proxmark3 client were used.
parallels@ubuntu:~/Documents/Tools/proxmark3$ sudo ./client/proxmark3 /dev/ttyACM1
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-216-gfeb1bf4-suspect 2017-12-15 05:57:57
os: master/v3.0.1-216-gfeb1bf4-suspect 2017-12-15 05:57:58
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 200515 bytes (76%). Free: 61629 bytes (24%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune h
Measuring antenna characteristics, please wait...
# LF antenna: 0.00 V @ 125.00 kHz
# LF antenna: 0.00 V @ 134.00 kHz
# LF optimal: 0.00 V @ 12000.00 kHz
# HF antenna: 15.10 V @ 13.56 MHz
# Your LF antenna is unusable.
proxmark3> hf 14a info
iso14443a card select failed
Any input appreciated!
]]>