Proxmark3 community

xr4ti

Member

Registered: 2012-09-18

Posts: 5

fdx support?

Hi, I'm new here. I'm from Spain, I borrowed a proxmark 3 and I'm doing a little study of the RFID technology security we've on our university environment.

I've tested a Mifare Classic (no too much problem).

In future I will check also a card 14443-B from transport card we have. I think It will not be as easy as the mifare as aren't dump commands.

Now, as in my house are a lot of dogs, I'd like to read their RFID tags to put the example of a dog robbery and spoof of its identity. In Europe pet id rfid tags should be  compatibles with ISO 11784/11785, I think in Spain are mostly FDX-B type

I read that the trace em4x05 is of this type, FDX. But I think is not implemented in proxmark firmware, am I right?

I'm not sure, but I think that only biphase encoding support is needed with all is now. As FSK and ASK are supported. 

Do you think I could use manmod functions as base to modify them to be biphase ??

regards.

Cex

Contributor

Registered: 2009-12-14

Posts: 104

Re: fdx support?

Indala cards use BPSK, so you better use indalademod as a base.

xr4ti

Member

Registered: 2012-09-18

Posts: 5

Re: fdx support?

Hi again, I was checking the indalademod and other functions and got something that "works". Currently I was using SVN version.

First did a method similar to mandemod to demodulate biphase. I tried it with the following traces:
 
    - modulation-biphase.pm3
    - em4x05.pm3

And it seemed to work (not very well the firsts times but after some patching started to work better). It needs a very good quality signal. I had many problems with signal from our dogs as is very noise.

Here trying to demodulate signal of modulation-biphase.pm3

Then I did a method to find the header and extract data conformly to ISO 11784/11785 FDX-B and I can show Country code and National code.

The biggest problem is that i cound't get working the CRC calculation to compare it with the transmitted CRC and then determine if data is or not valid.

You can see here the structure of the data.
http://www.priority1design.com.au/fdx-b_animal_identification_protocol.html

The only check I'm doing now is to check for the 1's control bits.

I also 've problems with the auto clock detector, so it's better to manual indicate it

At first instance i named it em4x05read as I started to develop with this trace, but then I readed the datasheet of that cards and found that are more complex and have more options than i though, so I think is a very simple FDX reader, so don't know wich name could be ok for that method i did. maybe fdxread  ?

screenshots:

Here using the new method to extract data of the trace: em4x05.pm3

When some error is detected in control bits is shown. If i can get CRC working with also this when an error would be detected the data don't should be show.

signal of a dog:

after decimate, normalized and edited with a threshold

reading it:

there are more errors than with the trace from the em4x05 from the repository as this don't have the same signal quality, but anyway give a lot of good results!

It's curious that were I live don't use standard country codes in tags :S, Spain code should be 724, but this is correct as in the dog papers is shown the same code I read.