Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Does anyone know what sideband the PM3 transmits on when doing 1443A card emulation? 12.7 MHz or 14.4 MHz?
If I understand the HW correctly the '244 drivers modulate the input square wave by toggling the PWR_OE signals. So a square wave comes in and by turning on/off the '244 drivers, the OOK modulation is added to the signal and sent to the antenna. So does the FPGA generate a 12.7 MHz or 14.4 MHz signal? Or am I missing something and the card emulation response is done totally differently?
Any help is greatly appreciated. I am in the process of trying to measure the input square wave, but this is easier said than done... especially since it seems like the code only wants to transmit a card response after a reader command is received.
Offline
OK- so I think I am a LITTLE clearer now... but still confused.
It looks like 'hi14asim' function actually modulates the response message onto a 847.5 kHz carrier in the FPGA, then routes this signal out to PWR_OE4. Then, this is 'mixed' with the 13.56 MHz field through the '244 drivers.
Does PWR_HI actually output a 13.56 MHz waveform during this mode? Or, is the mixing accomplished only by turning onn/off the '244 drivers in the presence of the reader field. This last point is what I cannot quite figure out. From measurements, it doesn't look like the PM3 sends anything out of PWR_HI during 'hi14asim'.
Help from anyone who has investigated the HW and physical layer before would be greatly appreciated.
Thanks!
Offline
In the hi14asim the proxmark 3 will emulate a card.
As is usual in passive RFID the tag produces no carrier but gets powered by the field of a reader. The answers of the tag are then modulated in the 847.5kHz subcarriers. In case of ISO14443-A by manchester encoding.
A card itself produces no carrier. So thats why the proxmark also does not output on PWR_HI in this emulation mode.
Yes, indeed by turning on/off the signal on PWR_OE4 the answer is modulated into the field.
I wrote the FPGA modulation for ISO14443-A but do know very little about the hardware. So, I hope this is clear to you. (I do for example not know what you mean by '244, but I guess it has something to do with PWR_OE4?)
Furthermore, the only mode where the Proxmark 3 generates 13.56MHz itself is when it acts like a reader. Also in eavsdropping mode the device does not power PWR_HI. You can find the possible modes in armsrc/apps.h
Regards,
Gerhard
Offline
I wrote the FPGA modulation for ISO14443-A but do know very little about the hardware. So, I hope this is clear to you. (I do for example not know what you mean by '244, but I guess it has something to do with PWR_OE4?)
Gerhard,
Thanks for clearing that up- By '244 I just meant the HEX drivers that follow the FPGA to amplify the signal to the antenna.
Offline
Pages: 1