Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2013-09-10 22:05:03
- ver1oren
- Member
- Registered: 2013-09-02
- Posts: 2
Problems with LF card
Hi guys,
I'm trying to decipher an LF card of mine, but am having some frustrations. My initial reaction from looking at the trace is that it is psk modulation, but I lack experience in the matter, so am coming here.
Could anyone please take a look and point me in the right direction?
Trace:
http://speedy.sh/gFB9d/trace.pm3
Number on the card:
69346
Offline
#2 2013-09-10 23:17:45
- midnitesnake
- Contributor
- Registered: 2012-05-11
- Posts: 151
Re: Problems with LF card
proxmark3> data load trace.pm3
loaded 40000 samples
proxmark3> lf hid demod
proxmark3> data askdemod 1
proxmark3> data mandemod 32
Warning: Manchester decode error for pulse width detection.
(too many of those messages mean either the stream is not Manchester encoded, or clock is wrong)
Unsynchronized, resync...
(too many of those messages mean the stream is not Manchester encoded)
Unsynchronized, resync...
(too many of those messages mean the stream is not Manchester encoded)
Unsynchronized, resync...
(too many of those messages mean the stream is not Manchester encoded)
Manchester decoded bitstream
0 0 1 0 0 0 1 1 0 1 1 0 0 0 1 0
1 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0
0 1 1 1 1 1 1 1 1 1 0 0 0 1 1 0
0 1 0 1 1 0 1 1 1 0 0 0 0 0 1 0
0 0 1 0 0 0 1 1 0 1 1 0 0 0 1 0
1 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0
0 1 1 1 1 1 1 1 1 1 0 0 0 1 1 0
0 1 0 1 1 0 1 1 1 0 0 0 0 0 1 0
http://andrewmohawk.com/EM41X/#
0x12b08165a0
So I think its one of those EM4100 tags clocked at 32-cycles, not sure how this relates to the card number?
Does the number printed on the card look like a manufacturer stamp/printed number, or possibly self printed (using a card printer)?
What happens if you issue either of the following commands with the tag on the reader?
"lf em4x em410xread 32" or "lf em4x em410xread 16" ?
Offline
#3 2013-09-11 01:34:31
- ver1oren
- Member
- Registered: 2013-09-02
- Posts: 2
Re: Problems with LF card
Wow, now I feel silly for even asking for help. Yup, "lf em4x em410xread 32" gets the same value.
proxmark3> lf em4x em410xread 32
EM410x Tag ID: 12b08165a0
Thanks a bunch for stepping through that and pointing me to the website for decoding the bitstream!
Offline
#4 2013-09-11 07:43:41
- midnitesnake
- Contributor
- Registered: 2012-05-11
- Posts: 151
Re: Problems with LF card
Dont worry, sometimes I get stuck on stuff to.
I had a similar card that was odd. It wouldn't initially be read by the em41xread, or em41xwatch. After a power-down and reboot, it would then be read first time.
Glad we figured it out.
Dont be afraid to ask for help.
Last edited by midnitesnake (2013-09-11 07:46:16)
Offline
#5 2013-09-11 10:49:26
- adam@algroup.co.uk
- Contributor
- From: UK
- Registered: 2009-05-01
- Posts: 203
- Website
Re: Problems with LF card
The shape of the trace indicates that the read may be at the wrong frequency... For example, here is an EM4102 tag read at 125 kHZ ('lf read'):
and here is the exact same tag read at 134 kHZ ('lf read h'):
Since we're dealing with ASK Manchester, the second trace looks much more correct.
I'd be curious to see what your traces look like if you check the tuning of your antenna and try both normal and 'h' reads...
Offline
Pages: 1