Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device!

You are not logged in.

#1 Re: Questions and Requests » ATS proximity cards » Today 14:54:35

Just write in the bottom line of the chat window and press enter to send the message.

You shoul read the mIRC free software help to see how IRC works.

#2 MIFARE Classic » HID Discontinued products » Today 12:57:02

asper
Replies: 0

HID Global have recently announced they are discontinuing ActivID CMS Appliances & The Crescendo C800 smart card that is designed to work with ActivID CMS Appliance, effective immediately.
4gmmYhD.png

#3 Re: Questions and Requests » ATS proximity cards » Today 12:50:54

Definitely lack of knowledge in IRC and imagination could not help me

http://webchat.freenode.net/?channels=#proxmark3

Just enter your nickname. Cclick on a user name to enter private chat (- query).

#5 Re: Questions and Requests » ATS proximity cards » Today 10:39:52

The post was made in April and no one answered. If help is needed just ask, if an answer will come this will be a good thing, if not probaly no one is interested in the subject.

Info/tags exchange can be done, just think about what you are sharing with the public.

#6 Re: Calypso » REQ: 14b snoop of a calypso communication » 2015-07-05 21:33:19

Stating that Calypso is TypeB you should append CRC-B...

#7 Re: Questions and Requests » Why there is so little complete study about 13.56 mHz entry system? » 2015-07-04 19:30:57

I don't understand what you are trying to tell me.

It is not a question of good and bad peolple, it is about rules: here we do not like people who want to steal/fraud. If we study something is for the sake of challenge/personal knowledge; if someone decide to publish their discoveries here this "someone" deserves a VERY BIG THANK YOU because he does that absolutely  for free. Some people cannot give info because they subscribed NDA acts.

About the possibility to store more bytes into an external storage device this is a wip if I well remember.

#8 Re: Questions and Requests » Why there is so little complete study about 13.56 mHz entry system? » 2015-07-04 14:11:05

If you find a weakness you should uncover it wisely, informing the owner of the intellectual property of the possible damages (responsible disclosure) and not to take advantages; some people here behave this way, some others don't.

#9 Re: Questions and Requests » Why there is so little complete study about 13.56 mHz entry system? » 2015-07-04 10:56:47

LF (earlier technology) uses practically no standard rules to transmit signals but uses standard modulation techniques; once you uderstood the modulation you can replicate it with specific devices such as T55x7 etc. HF (more recent technology) can use standard protocols but also uses proprietary commands so they are far more complex than LF and also breaking their schemes usually break laws (proprietary encryptions).

#12 Re: Calypso » REQ: 14b snoop of a calypso communication » 2015-06-30 13:28:31

Stating to te ATQB datarate is 00 = 106kbit/s in the same direction  and frame size is 00 = 16bytes


mmmmm maybe i am wrong about the bitrate... it should be defined by the 71 value (atqb).

need to understand what app data bytes are inside the atqb...

#13 Re: Calypso » REQ: 14b snoop of a calypso communication » 2015-06-30 10:28:18

Great step forward !

Did you try with a lower Frame size ?
Ex. 1D 26 58 4B 0C 00 05 01 00

Or maybe changing the bitrate ? (1st byte of protocol info)
Mifare_DESFire_EV1_2K_4K_8K_MF3ICD21_MF3ICD40_MF3ICD41_MF3ICD81_98.jpg
Mifare_DESFire_EV1_2K_4K_8K_MF3ICD21_MF3ICD40_MF3ICD41_MF3ICD81_100.jpg
Mifare_DESFire_EV1_2K_4K_8K_MF3ICD21_MF3ICD40_MF3ICD41_MF3ICD81_102.jpg

#14 Re: MIFARE Classic » HF 14B command remake » 2015-06-30 10:16:38

Full working !

proxmark3> hf 14b info
14443-3b ST tag found:          
   UID: *           
   MFG: 02, ST Microelectronics SA France          
  Chip: 03, SRIX4K          
Chip Write Protection Bits:          
   raw: 11111111          
 07/08: not locked          
    09: not locked          
    10: not locked          
    11: not locked          
    12: not locked          
    13: not locked          
    14: not locked          
    15: not locked          
proxmark3> 
proxmark3> hf 14b info
14443-3b ST tag found:          
   UID: *           
   MFG: 02, ST Microelectronics SA France          
  Chip: 00, SRIX4K (Special)          
Chip Write Protection Bits:          
   raw: 11111110          
 07/08: locked          
    09: not locked          
    10: not locked          
    11: not locked          
    12: not locked          
    13: not locked          
    14: not locked          
    15: not locked          
proxmark3>

#15 Re: MIFARE Classic » HF 14B command remake » 2015-06-29 21:14:54

It still crashes with SRIX4K. It works with SRI512 as shown above.

#16 Re: Calypso » REQ: 14b snoop of a calypso communication » 2015-06-29 19:08:03

You should snoop the ats... probably an antenna issue. Can you try to snoop with different antennas positions or different antennas themselves?

Or maybe you don't have the latest github sources compiled ?

#17 Re: MIFARE Classic » HF 14B command remake » 2015-06-29 09:55:55

It works with SRI512 (see below) but the client crashes analyzing a SRIX4k (solid red led); I have to unplug pm3 and replug it.

proxmark3> hf 14b info
14443-3b ST tag found:          
   UID: d0 02 18 24 78 91 74 29           
   MFG: 02, ST Microelectronics SA France          
  Chip: 06, SRI512          
Chip Write Protection Bits:          
   raw: 11111011010101000000001110011110111110110101110000000011100111101111101101011100000000000000000000000011101010111111111111111111          
    00: not locked          
    01: not locked          
    02: not locked          
    03: not locked          
    04: not locked          
    05: not locked          
    06: not locked          
    07: not locked          
    08: not locked          
    09: not locked          
    10: not locked          
    11: not locked          
    12: not locked          
    13: not locked          
    14: not locked          
    15: not locked  

#19 Re: Calypso » REQ: 14b snoop of a calypso communication » 2015-06-27 10:04:46

The smart card commands (apdus divided in CLA-INS...) are defined by  ISO7816 standard.

CLA for Navigo seems to be 94.

Other data in the scripts suggests the "folder" tree structure:

{ "ICC",              "/0002",      "file" },
  { "ID",               "/0003",      "file" },
  { "Ticketing",        "/2000",      "folder" },
  { "Environment",      "/2000/2001", "file" },
  { "Holder",           "/2000/2002", "file" }, 
  { "Event logs",       "/2000/2010", "file" },
  { "Contracts",        "/2000/2020", "file" },
  { "Counters",         "/2000/202A", "file" },
  { "Counters",         "/2000/202B", "file" },
  { "Counters",         "/2000/202C", "file" },
  { "Counters",         "/2000/202D", "file" },
  { "Counters",         "/2000/202E", "file" },
  { "Counters",         "/2000/202F", "file" },
  { "Counters",         "/2000/2060", "file" },
  { "Counters",         "/2000/2061", "file" },
  { "Counters",         "/2000/2062", "file" },
  { "Special events",   "/2000/2040", "file" },
  { "Contract list",    "/2000/2050", "file" },
  { "Counters",         "/2000/2069", "file" },
  { "Holder Extended",  "/3F1C",      "file" }

ex. "folder" /2000 contains many subfolders: /2000/2001 contains environment data, /2000/2002 Holder data etc. They are usually called "records" and contain specific data defined by the "standard" (Calypso, etc).

9000 is the ACK answer from the card (it corresponds to an "Ok, command executed correctly").
6E00 Should be an error answer, specifically "Class not supported" (class (CLA) is the 1st byte of the APDU).

Using RFID the apdus are embedded in a specific tag command, ex:   XX APDU CTRL where:
XX = rfid apdu command
APDU = CLA+INS...
CTRL = Usually some control bytes (CRC, etc)

#20 Re: Windows Client » New commands since 2.1.0 release. » 2015-06-26 09:31:42

Will hf 14b info be the same as hf 14b reader ?

#21 Re: Questions and Requests » REQUESTS - What would you like to see next on proxmark3 ? » 2015-06-26 08:12:29

Unfortunately no info. Subscribing to the protocol datasheets is expensive.

#22 Re: Calypso » REQ: 14b snoop of a calypso communication » 2015-06-26 08:08:42

Good. It seems an ATS. Maybe an ST smartcard?
A tag/reader snoop is necesarry to see if all works well.

Here some available docs:
http://ask-contactless.com/Portals/0/Flyers/Cards/CalypsoCard_flyer.pdf
www.innovatron.fr/CalypsoFuncSpecification.pdf

Best choice is to search for specific chip datasheet insted of Standard datasheets.

#23 Re: Questions and Requests » REQUESTS - What would you like to see next on proxmark3 ? » 2015-06-25 22:31:15

iceman wrote:

it is 14b' ,  but the actual protocol is unknown..

Not publically known... dataseets needed.

#24 Re: Calypso » REQ: 14b snoop of a calypso communication » 2015-06-25 22:29:07

Contacted him recently, still no answer...

#25 Re: Questions and Requests » REQUESTS - What would you like to see next on proxmark3 ? » 2015-06-25 20:56:06

Calypso may be using a different protocol to send (or receive); it can be 14B' and not 14B.

Board footer

Powered by FluxBB