Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device!

You are not logged in.

#1 Re: Unknown tags » [solved] AZTEK iso14443a compliant tag » 2017-02-01 14:43:02

asper

Reader is probably this one (Modulo+, not Modulo): http://www.aztek.lu/en/products/modulo
Software can be found here: http://www.lmcontrol.com/systemes-paiement/lecteur-privatif-mifare/188-soft-modulo.html
Here you can find useful pdf about how to use software: http://www.lmcontrol.com/images/stories/produits/pdf/

Encryption can be managed by reader firmware but maybe can be decoded by the software, if not we are ou of luck.

#2 Re: Unknown tags » [solved] AZTEK iso14443a compliant tag » 2017-01-30 12:14:10

asper

"Solution of private payment (Aztek)", this should be our case. If not this can also be an example of the "mysterious" calypso standard (claimed to be supported in the datasheets found on the previous link) but i don't think so.

#3 Re: Unknown tags » [solved] AZTEK iso14443a compliant tag » 2017-01-27 18:02:01

asper

It doesn't answer to mifare commands. UID is 65 93 7f d1.

#4 Re: Unknown tags » [solved] AZTEK iso14443a compliant tag » 2017-01-27 13:57:05

asper

It seems to be a non-crypto iso14443a tag with just basic commands (read/write).

#5 Re: Windows Client » Compiled Windows clients - always up to date » 2016-12-16 20:08:46

asper

Good job gator96100, thank you for you work.

#7 Re: Questions and Requests » Do you recognise these types, are they RFIDs .... » 2016-04-14 07:53:14

asper

They seems to be programmable UHF remote controls, you cannot use pm3 for them.

They usually comes in 3 frequencies: 315, 433.92 and 868.3 MHz but the most common one is 433MHz (you can open it and look at the internal oscillator frequency to be sure).

You need to know how to program them; usually you need to hold 1 or 2 buttons at the same time to "erase" the memory and then keep pressed a button while at the same time pressing the button you want to clone in the originale remote.

You can "analyze" them if you have something like this.

#9 Re: Calypso » 14B' » 2016-03-22 12:41:51

asper

Great work !

#10 Re: Proxmark Board Innovations » New PM3 with newer chip? » 2016-03-05 23:53:36

asper

What do you think about an hackrf implementation/expansion ?

#11 Re: Proxmark Board Innovations » New PM3 with newer chip? » 2016-02-19 16:51:30

asper

I will be interested!
Kickstarter campaign?

#12 Re: MIFARE Classic » A popular toy, Disney Infinity » 2016-02-16 13:26:09

asper
junglipar wrote:
iceman wrote:

hm, did you change your DI base firmware?!? or do you call it with one of those node.js-usb projects I've seen and tested on Lego?

No. The DI firmware (STM32F102) calculates the key and gives it to the NFC frontend (MFRC630) which handles the MIFARE authentication. I simply attached my own microcontroller (STM32F103) to the SPI bus and wrote a small program that outputs the key via UART.

Very good P.O.C. ! Did you test some STM32F vulnerabilities ? If so can you share them even if they won't work with DI base ?

#15 Re: Questions and Requests » Is it possible to hack a SKIPASS ? » 2015-12-23 09:29:36

asper

Wrong place, wrong subject and wrong way to ask. Go study before asking those idiot questions.

#16 Re: Questions and Requests » Unknown 13.56MHz tag in toy, not found by hf search, suggestions? » 2015-12-14 15:56:30

asper

It is not ISO standard, probably a simple modulated 13.56MHz interface. You will need an oscilloscope or maybe the new pm3 function but i never used that because it is too recent.

#17 Re: Questions and Requests » Unknown 13.56MHz tag in toy, not found by hf search, suggestions? » 2015-12-09 17:21:57

asper

Do you see a voltage drop before and after positioning the toy over the antenna ? Can you show it ?

#18 Re: MIFARE Ultralight » [FINISHED] a popular toy Lego Dimensions » 2015-12-03 12:21:07

asper

Great sim ! Can you start with 00000000000000 and not 0400000000000 ? Thank you for your support !

#19 Re: MIFARE Ultralight » [FINISHED] a popular toy Lego Dimensions » 2015-12-01 12:52:06

asper

It probably uses a pseudorandom generation algo; collectiong UIDs from ...00000, 00001, 00002, 00003 and correspective password is the only way to try to find it.

#20 Re: MIFARE DESFire » Desfire uid magic card? » 2015-11-26 14:14:03

asper

Icode1 is NOT ISO15693-standard compatible !
I think it will not be the right product for uid-changing purpose.

#21 Re: Questions and Requests » [14b] Trying to read data from card » 2015-11-21 22:56:12

asper

It probably uses Calypso standard (often used in transport systems) which is proprietary and actually undisclosed to public (for what know you need to be a transport service provider and you must pay to have it). If you want to study/reversing it you need to know the command set; you can get some info sniffing transaction but it will be an hard work.

#22 Re: Questions and Requests » [14b] Trying to read data from card » 2015-11-21 00:08:22

asper

Ok, so you can try starting the software, put the card in the reader and show the ATR (I suggest you Smart Card Toolset Pro).

#23 Re: Questions and Requests » [14b] Trying to read data from card » 2015-11-19 19:28:52

asper

Do you have a software to send APDUs like Smart Card Toolset Pro ?

#24 Re: Questions and Requests » [14b] Trying to read data from card » 2015-11-19 12:25:15

asper

It seems to be a dual interface smartcard and the data you sniffed are (or seem to be) a smartcard apdu communication transaction (commands that can be send via contact interface embedded inside a rfid commandset); it is good that you managed to sniff.

You should try to sniff the very beginning of the transaction and see if the byte "E0" comes out.

If you have a smartcart (contact!) reader I can give you some commands to be tested.

#25 Re: Windows Client » Compiled Windows Client - Download » 2015-11-19 12:07:31

asper

Added the new rev 2.5.0 to the 1st post.

Board footer

Powered by FluxBB