Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2014-05-04 19:21:18

iceman
Administrator
Registered: 2013-04-25
Posts: 4,070
Website

antenna 125 khz success

Well,   successfull making several LF antennas,

0.1mm cupper emanelled

proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# Measuring complete, sending report back to host

# LF antenna: 22.56 V @   125.00 kHz
# LF antenna: 15.44 V @   134.00 kHz
# LF optimal: 22.83 V @   123.71 kHz
# HF antenna:  0.68 V @    13.56 MHz
# Your HF antenna is unusable.


[img]http://www.isqlsql.net/proxmark3/antenna 125 setup.jpg[/img]
[img]http://www.isqlsql.net/proxmark3/antenna 125 success.jpg[/img]

The round one works but seems to be to big to load a card but the rectangular one works like a charm.
The max reading distance for the rectangular one is just below 4cm.  Not what I expected, I thought it would be possible to get up to 10cm at least.


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#2 2014-05-04 20:08:55

iceman
Administrator
Registered: 2013-04-25
Posts: 4,070
Website

Re: antenna 125 khz success

Some might wonder, why even bother to make your own antenna since you can buy them online.  Well,  I had an idea of consealing the antenna in a rugsack or even in the arm of a jacket. 
If you seen some pentesting videos on youtube,  they are really sticking out, walking to a reader with a hug antenna and stand there for a while..  Not smooth at all.


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#3 2014-05-14 11:14:38

gaucho
Contributor
From: France
Registered: 2010-06-15
Posts: 444
Website

Re: antenna 125 khz success

i'm not able to see your images.
anyway, i want to make a LF antenna for small tag.
So i used this online calculator: http://www.coolcircuit.com/tools/multi_layer_coil_calculator/

Considering that:
C39 is 1nF capactor
f is 125kHz

the formula for L calculation starts from the RLC resonant frequency formula:

2*PI*f=1/(SQRT(L*C))

note: SQRT= square root
then the formula to calculate the inductance L is:

L=1/((2*PI*f)^2*C)

then L=1,62mH

let's suppose to use a wire diameter of 0,1mm
let's suppose to use a inner diameter of the coil of 11,5mm
let's suppose to use a length of the coil of 23mm

we obtain a number of coils of 584 equals to 21,5m

this is a really hard to manufacture antenna since the wire is really long and fragile.

how to do it?

EDIT: my suggestion is instead to purchase a ready to use inductance.
I found this one, (1.6mH), but it is out of stock. http://www.digikey.it/product-detail/it … ND/2521674
Can someone of you suggest another seller?

EDIT: i also found this one, but its tollerance is 15% http://it.mouser.com/ProductDetail/Bour … 252bUTE%3d

the question is also: is it ok a toroid as rfid antenna?

EDIT: the answer is yes, it is ok, for what i read on the web.

anyway i also found this inductor, may be it is ok, cause it's cheap and the tollerance is 10% : http://it.mouser.com/ProductDetail/Fast … mfGfmhc%3d

Last edited by gaucho (2014-05-14 13:20:06)


Imagination is more important than knowledge.

Offline

#4 2014-05-14 13:39:37

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: antenna 125 khz success

I tried with already made (1-component-only with 2 pins) coils but they are very small and coupling with small tags (ex pcf transponders) is extremely difficult to obtain (millimetric positioning is necessary).

Offline

#5 2014-05-14 13:50:04

iceman
Administrator
Registered: 2013-04-25
Posts: 4,070
Website

Re: antenna 125 khz success

Hmm,  looks like I ruined my links.. 

antenna125setup.jpg
antenna125success.jpg


The antennas almost matches the results from the multilayercoil calculator you used.

Since I have two different PM3s (one old model, one radiowars rev) were I suppose the C39 is different which would explain some voltage differenses.


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#6 2014-05-14 13:56:22

iceman
Administrator
Registered: 2013-04-25
Posts: 4,070
Website

Re: antenna 125 khz success

So basically, 

one of these babies, would do the trick aswell?

https://www.elfa.se/elfa3~se_sv/elfa/in … orer+1.6mH


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#7 2014-05-14 13:58:20

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: antenna 125 khz success

Good antenna iceman but it is "big" for small transponders, at least for my experience. 2-3cm (diameter) should be good for very small tags.

Offline

#8 2014-05-14 14:08:03

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: antenna 125 khz success

the High diameter antennas give very nice waves, even on small tags BUT those demod functions i tested rely on highs and lows clipping to max/min - thus dont function well.


Proxmark IRC channel can easily be joined off this official webchat applet: [url] http://webchat.freenode.net/?channels=#proxmark3[/url]
You can start a private chat with /msg <nickname> <text>

Offline

#9 2014-05-14 14:11:18

iceman
Administrator
Registered: 2013-04-25
Posts: 4,070
Website

Re: antenna 125 khz success

Thanks Asper,


The cd jewel case is too big,  doesnt power up a tag so its kind of useless. 
The square one works, but doesnt drop in voltage as you would expect when powering up a tag either.

I'm thinking of using the cut-out board as a antenna instead. Should work.


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#10 2014-05-14 15:47:03

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: antenna 125 khz success

iceman wrote:

Thanks Asper,


The cd jewel case is too big,  doesnt power up a tag so its kind of useless.

I have one and it works for me (with mentioned restrictions).

Empty toiletpaper diameter works bettet for pm3 though.


Proxmark IRC channel can easily be joined off this official webchat applet: [url] http://webchat.freenode.net/?channels=#proxmark3[/url]
You can start a private chat with /msg <nickname> <text>

Offline

#11 2014-05-14 16:26:29

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: antenna 125 khz success

Have you ever tried to read/write a pcf with such a "big" diameter (empty toilet paper) Enio ?

Offline

#12 2014-05-14 18:11:07

gaucho
Contributor
From: France
Registered: 2010-06-15
Posts: 444
Website

Re: antenna 125 khz success

iceman wrote:

So basically, 

one of these babies, would do the trick aswell?

https://www.elfa.se/elfa3~se_sv/elfa/in … orer+1.6mH

someone should purchase one of these toroids and test it.
the size seems to be fine for the small tags that asper is talking about.

if you also consider the price of the time needed to manufacture it, i think it's really cheap.

Moreover to do a perfect inductor, you need to don't overlap wires while wrapping it. If we talk about 0,1mm wires, it's really really hard to do.

the purchased inductor instead is perfect cause they do it with a winder device (google translated).

I think that we should try also the inductors posted by me.

EDIT: another solution could be to purchase a 1,8 or 2,2 mH inductor (also those for audio scopes) and then unwire the required number of rounds. Anyway it should be better to find the correct inductor, without the need of manual work (apart the connector's soldering)

Last edited by gaucho (2014-05-14 18:23:22)


Imagination is more important than knowledge.

Offline

#13 2014-05-14 19:48:36

iceman
Administrator
Registered: 2013-04-25
Posts: 4,070
Website

Re: antenna 125 khz success

So the demod functions is what I used for trying the cd-jewelcase antenna...  Hmm, then I should try it with som lf sim command instead I guess..


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#14 2014-05-14 20:07:51

vivat
Contributor
Registered: 2010-10-26
Posts: 332

Re: antenna 125 khz success

A used car immo antenna should work for reading small tags(PCF793x).

Offline

#15 2014-05-14 22:31:19

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: antenna 125 khz success

Car immo antennas are "small" wink

Offline

#16 2014-05-14 23:30:22

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: antenna 125 khz success

iceman wrote:

So the demod functions is what I used for trying the cd-jewelcase antenna...  Hmm, then I should try it with som lf sim command instead I guess..

You need just do a lf read and see if the wave is "fine" - thebigger diameter antennas give less powerful butmore steady results. For current pm3 demod functions the signal is probably too weak. The point i try to make is that these antennas dont lose information, just those functions interpreting the data are not sophisticated enough (right now) to extract the information needed.


Proxmark IRC channel can easily be joined off this official webchat applet: [url] http://webchat.freenode.net/?channels=#proxmark3[/url]
You can start a private chat with /msg <nickname> <text>

Offline

#17 2014-05-14 23:34:22

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: antenna 125 khz success

asper wrote:

Have you ever tried to read/write a pcf with such a "big" diameter (empty toilet paper) Enio ?

I (manually) extracted uid of an em 57xx diameter 2.5cm tag with that cd case antenna, how small tags do you want to read?


Proxmark IRC channel can easily be joined off this official webchat applet: [url] http://webchat.freenode.net/?channels=#proxmark3[/url]
You can start a private chat with /msg <nickname> <text>

Offline

#18 2014-05-15 07:00:41

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: antenna 125 khz success

Enio wrote:
asper wrote:

Have you ever tried to read/write a pcf with such a "big" diameter (empty toilet paper) Enio ?

I (manually) extracted uid of an em 57xx diameter 2.5cm tag with that cd case antenna, how small tags do you want to read?

A smaller tag than 2.5 cm as i stated before (PCF family):
KY4I624.png
Coil is probably smaller than 1 cm.

Last edited by asper (2014-05-15 07:02:24)

Offline

#19 2014-11-30 15:45:21

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: antenna 125 khz success

I recently began playing with my pm3 again and was tuning my lf antennas noticing how limited the output of hw tune actually is. I was checking the code again as i remember a while back i did some debugprints of values obtained on hw tune, which helped me back then to easily spot which "side" my antenna is off for my aimed frequency, to see if i have to add or remove turns.

Turns out the samples are even written into our buffer, at an offset of 7256. So if you do a hw tune and a data samples 1000 you can see the nice courve of 255 samples starting at 7256.
By issuing the following commands you can see the nice courve obtained by hw tune, each value is the Voltage in mV divided by 256 (a >> 8 is done on the actual mV).

data buffclear // Theres a small error that prevents zeroing the used part of buffer for the tune samples, so I do that manually
hw tune
data samples 8000
data ltrim 7256
(data plot)

bPEegHM.png

Moving the markers to 89 (Voltage at ~134khz) and 95 (Voltage at ~125khz) you can easily see how you have to tune your antenna to match both into the maximum.
When you want to "move" the courve towards the right, you have to add rounds, to move it towards the left you have to remove a rounds.

As i found this quite cool and made it very easy and fun to tune my lf antennas, I added a new command "data tune" simplifying the procedure (and also fixed the initialization error of the used buffer).

Git patch: http://pastebin.com/NtmPS8ar

You only have to issue these to have the plot update the samples after changing the antenna:

hw tune
data tune
(data plot)

Edit: THe beautiful courve of my jewelcase antenna!
owOpcDx.png

Last edited by Enio (2014-11-30 16:14:08)


Proxmark IRC channel can easily be joined off this official webchat applet: [url] http://webchat.freenode.net/?channels=#proxmark3[/url]
You can start a private chat with /msg <nickname> <text>

Offline

#20 2014-11-30 17:29:11

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: antenna 125 khz success

Great finding Enio !

Can you describe the antenna size and tunrs numbers ? Any picture ?

Offline

#21 2014-11-30 18:02:20

iceman
Administrator
Registered: 2013-04-25
Posts: 4,070
Website

Re: antenna 125 khz success

That a nice feature Enio!
Just for the fun of it, I added a  "p" parameter to the "hw tune" command.  Which calls the "ShowGraphWindow" and "CmdTuneSamples"..


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#22 2014-11-30 22:23:49

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: antenna 125 khz success

Cool! Pushed to github!

Offline

#23 2014-11-30 22:54:59

Enio
Contributor
Registered: 2013-09-24
Posts: 175

Re: antenna 125 khz success

Nice idea to hav it added to the hw tune too smile

asper wrote:

Great finding Enio !

Can you describe the antenna size and tunrs numbers ? Any picture ?

As i built them quite a while ago i dont remember the turns i used. The first courve is from my toilet paper roll antenna, 2nd from the jewelcase one. Enammelled  wire 0.1mm diameter:
o0AEnG2.jpg

The jewelcase gives really smooth waves even from bigger distances, however its hard to use the built in functions for i.e. manchester demod as they heavily rely on the values "clipping" to the min/max.


Proxmark IRC channel can easily be joined off this official webchat applet: [url] http://webchat.freenode.net/?channels=#proxmark3[/url]
You can start a private chat with /msg <nickname> <text>

Offline

Board footer

Powered by FluxBB