Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2014-01-28 22:25:35

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Bit "scrambling" patterns

40bit TAGs

===============
SCRAMBLE PATTERN 1
===============
(2 bits are always 1 so I cannot determine where to put them but there are only 2 possibilities):

So, if you have a decoded Hex ID to bin like:
0x0F00887882 (hex) => 0000111100000000-100010000111100010000010 (bin);

you need to remove 1st 16bis obtaining a 24-bits only value: 100010000111100010000010

Now label these 24 bits from b0 do b23:
b0 b1 b2 b3 - b4 b5 b6 b7 - b8 b9 b10 b11 - b12 b13 b14 b15 - b16 b17 b18 b19 - b20 b21 b22 b23

now scramble bits this way (I am not sure for x and y [b10-b11] but they can be easily switched):

b1 b3 b0 b2 - b6 b4 b7 b5 - b9 b11 b8 b10 - b18 b20 b23 b17 - b14 b12 b22 b21 - b19 b13 b15 b16

finally convert the scrambled bits to decimal and you should obtain the numebr printed on the card.


If someone is able to do a small software to elaborate bytes that way we can have a confirmation.
_____________________________________________________________________________________________________________


===============
SCRAMBLE PATTERN 2
===============

This one was found with an EM4100

ID = 140156c3ef

Steps to decode:
1 - Read ID
2 - convert in binary
3 - remove 1st 17 bits
4 - take 7 bits and convert in decimal = 3-value code printed on card
5 - take next 16 bits and convert in decimal = 5-value code printed on card
6 - take bits of step 4 & 5 together, convert in decimal, and you will get the 10-value code printed on card

In practice:
- If card id (read with a reader, es. proxmark3) is 140156c3ef:
- decode in binary: 00010100000000010(17bits) 1010110(7bits) 1100001111101111(16bits)
- remove 1st 14 bits: 1010110(7) 1100001111101111(16)  convert in decimal  -->  86  50159
- all together  -->  10101101100001111101111(7+16bits)  -->  5686255
so the final number printed on tag will be: 5686255 86,50159 (maybe 1st "unused" 17 bits are used for some other kind of checks).
_____________________________________________________________________________________________________________


32bit TAGs

===============
SCRAMBLE PATTERN 3
===============

1) decode 0x01301949 to bin -> 1001100000001100101001001
2) remove bit 9, 15, 20 and 23 (starting from 1) from the step 1 bit sequence and "concatenate" the result -> 100110000001101010101
3) convert the prevuois bin value to decimal -> 1246037 <-- BINGO!

Of course this must be confirmed with another "sister" tag.
_____________________________________________________________________________________________________________


64bit Kantech XSFTAGs

===============
SCRAMBLE PATTERN 4
===============

Numbering bits from 1 to 64:

(b19-b26) -> hex

(b37-b45)concatenate(b47-b53) -> dec
_____________________________________________________________________________________________________________


MOTOROLA TAGs

G0bt0B.png
for 26bit table:
1   always one (1)
29  always zero (0)
30  always zero (0)
31  CSUM 1 or 0
32  CSUM 1 or 0
33  always one (1)
34  always zero (0)
35  always one (1)
NU = Not Used

Example for 26bit:

x79288B08D x020 x2355 09045
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
1 1 1 1 0 0 1 0 0 1   0   1  0   0   0  1   0   0   0   1   0   1  1   0  0   0   0   1   0   0  0   1   1   0  1
Y1=0 (11)
Y2=0 (14)
Y3=1 (12)
Y4=0 (9)
Y5=0 (21)
Y6=0 (5)
Y7=1 (4)
Y8=1 (20)
Y9=0 (15)
Y10=1(2)
Y11=0(6)
Y12=1(23)
Y13=0(25)
Y14=1(28)
Y15=0(19)
Y16=1(10)
0010001101010101 = 0x2355

_____________________________________________________________________________________________________________


OTHER VARIOUS TAGs (mainly HIDs)

HERE

Last edited by asper (2014-02-19 08:59:08)

Offline

#2 2014-09-11 12:30:41

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Bit "scrambling" patterns

Offline

Board footer

Powered by FluxBB