Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2014-03-31 10:58:09

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

RFID 860-960Mhz?

Is it maybe in plan to develop Proxmark for 860-960Mhz ultra high frequency ranges in future?

If not do you maybe know any project that is running for that frequences and has support for linux?

Than you

Offline

#2 2014-03-31 11:47:04

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 630

Re: RFID 860-960Mhz?

Search for Software Defined Radio.
HackRF
bladeRF
ICOM
USRP
...


Want to contact me? Here's my email address...
modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#3 2014-03-31 12:04:11

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Thank you for your answer,

Yes I know, HackRF seems to be very good, but is there any software developed for RFID 860-960Mhz cards (cracking : ISO18000-6C EPC G2 & ISO18000-6B) for any of these devices you mentioned?

Regards

Offline

#4 2014-03-31 21:39:24

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 630

Re: RFID 860-960Mhz?

Not that I'm aware of but I have not been looking.
If it is a matter of a simple replay attack (I doubt it will be) you can record and play back tags no worries at all. I have done this at 125kHz.


Want to contact me? Here's my email address...
modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#5 2014-04-01 00:38:09

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

About functions UHF tags are similar to HF tags; they have insted longer action range. Look for specific product datasheet if you want to learn more; common standard follows ISO18000.

Offline

#6 2014-04-01 08:40:23

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Do you know maybe some cheap equipment for reading/writing/attacking UHF cards? I sow practical one https://play.google.com/store/apps/details?id=com.mti.rfid.minime but it is little expensive?

Regards

Offline

#7 2014-04-01 10:19:58

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

Well it is a relatively cheap equipment and also provides a very portable solution (hardware+software). Remember that if you want to interact with non-blank UHF tags usually (hopefully) a non-default-password is set so, unless you are also able to sniff a communication, you can't do so much even with the above hardware+software.

If you want to study how UHF works (command layer) you can use the "HF-way" testing (with a pm3 or other HF product) some ISO15693 tags that have quite a lot common things with UHF stuff (look for texas instruments tag-it products). After you will be confident with them maybe you will buy a real UHF hardware or maybe you will desist wink

Last edited by asper (2014-04-01 10:20:25)

Offline

#8 2014-04-01 10:24:23

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Well,

I have one existing UHF card on system that I want to clone(probably password protected) or use MINI ME software for relay attack(I can sniff traffic without problem). Problem is that there is no software for UHF sniff attacks(this one that comes with MINI ME seems not to be suitable for relay attrack)?

Regards

Offline

#9 2014-04-01 10:25:46

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

This is what I want to do: clone card for this China crap system:

http://chinarfid.en.alibaba.com/product/542059345-212828481/Long_range_automated_RFID_car_parking_system.html

Offline

#10 2014-04-01 10:33:13

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Due to this document: http://rfid-handbook.de/downloads/Finkenzeller_Systech-Bremen-2009_v1.0.pdf  Access Password can be read from card only using this MINI ME reader(page 18), am I right?

Regards

Offline

#11 2014-04-01 13:52:50

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

It doesn't seem that the software/hardware is able to sniff so you cannot read password (it would be stupid to provide a password if you can read it from the tag). It seems to be you are out of luck.

Offline

#12 2014-04-01 13:56:41

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

I read again that and several other documents and of course password cannot be read easily.

But I can clone card very easily if system checks only TAG ID(and I am quite sure that it is).

Offline

#13 2014-04-01 14:01:10

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

If you are so sure buy that hardware wink
Remember that usually UIDs are unique and read-only so you will need an hardware/software able to spoof/clone it.

Offline

#14 2014-04-01 14:06:10

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

smile Well, I found some China device with software where I can easily change Tag Id.

Offline

#15 2014-04-01 14:22:22

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

Can you post a link of those?

Offline

#16 2014-04-01 14:38:37

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

http://rfidshop.com.hk/ -- Here you can find software

Hardware on Ebay: http://www.ebay.com/itm/RFID-UHF-860-960Mhz-reader-writer-6-meter-NXP-Chip-SDK-Inlays-RS232-/291077993984?pt=US_Surveillance_Accessories&hash=item43c599b600


Price is about 220$ which is expensive.

Last edited by gdadic (2014-04-01 14:39:06)

Offline

#17 2014-04-01 17:42:02

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

If you refer to this sentence:

read/write UHF Tag ID & Memory

sadly I inform you that it is NOT able to write/change/modify/alter an UHF Tag ID. It only means that supports Tag ID (no memory, only ID) and Tag ID which also has user memory.

Last edited by asper (2014-04-01 17:42:48)

Offline

#18 2014-04-02 13:05:09

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Do you know any reader that can read/write UHF Tag ID?

Regards

Offline

#19 2014-04-02 14:32:05

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

With a price lower than the ones above no, I am sorry (even with expensive programmers you can't write ID).

Last edited by asper (2014-04-03 09:55:17)

Offline

#20 2014-04-03 07:40:59

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Let's say that price is not problem, what would you recomend for UHF reader/writer(TAG ID rewriting)?

Thank you
Regards

Offline

#21 2014-04-03 08:28:16

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

Tag-ID rewriting does not exist/it is not possible at the moment. ID-rewriting is not permitted by the standard so only a chinese-modified card can help you but no one (to my knowledge) ever produced it.

Offline

#22 2014-04-03 09:14:58

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Then how can I clone UHF card?

Offline

#23 2014-04-03 09:53:39

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: RFID 860-960Mhz?

I tried to tell you all the time: actually you can't/it is not possible.

Last edited by asper (2014-04-03 09:55:53)

Offline

#24 2014-04-03 10:02:07

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

You are telling that there is no possible way that I can enter this Parking Ramp (I mentioned) without buying card?

The ramp probably cheks only TAG ID..

Offline

#25 2014-04-04 04:25:17

vivat
Contributor
Registered: 2010-10-26
Posts: 332

Re: RFID 860-960Mhz?

If you are hardcore enough, you can try to design first fake UHF tag simulator yourself. You will have to find some transceiver that have same operating frequency, modulation etc as your real tag. Then connect it to microcontroller that can handle that transceiver, write the software and let us know.
Quick googling showed me Phychips PR9200 SoC and Intel's R500 transceivers.

Last edited by vivat (2014-04-04 04:34:55)

Offline

#26 2014-04-08 08:13:39

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

I found what I need but it is little expensive smile

http://www.iaik.tugraz.at/content/research/rfid/tag_emulators/

Offline

#27 2014-05-12 23:00:04

proxspam
Member
Registered: 2014-05-12
Posts: 1

Re: RFID 860-960Mhz?

hi gdadic, did you find any alternative so far? I'm on a similar search here on a very similar product just on a different brand, saw that tag emulator which is indeed pretty expensive

Offline

#28 2014-05-19 10:59:40

gdadic
Contributor
Registered: 2014-03-31
Posts: 16

Re: RFID 860-960Mhz?

Unfortunately I didn't,


I ordered some cards from Alibaba, when they come i will tell you if UID is rewritable..

Offline

Board footer

Powered by FluxBB