xCF795x activation

pnndra · 2018-02-07 17:05:37

Hi,
i am working on a RKE system using what i think is PCF7953. i sniffed the reader and can see that it is activated using an ASK modulated 125 KHz signal. i was wondering if there is any chance to have Proxmark replicate that activation. i am currently on version 3.0 and tried the various sim and read commands but as far as i undertstand sim commands are passive whereas read command does not seem to modulate amplitude.
is there any way i can do this or is there some development required?
thanks,

pnndra

marshmellow · 2018-02-07 20:13:05

you can look into the command:

lf cmdread

it is made to send a modulated sequence then listen for response. it isn't perfect but it can be tweaked to fit many purposes.

pnndra · 2018-02-07 21:40:42

Hi,
Thanks for the response. As I wrote I tried already lf cmdread but measuring with a scope I can see the carrier but it's not amplitude modulated and there seem to be no option for this... Am I missing something?
Thanks

marshmellow · 2018-02-07 22:02:07

LF ask passive modulation is basically just field on field off.

pnndra · 2018-02-07 22:06:00

Yes, exactly. How to do it in a timed way?cmdread does not seem to do it and can't find a ready made command to do it. Is the only solution modifying code and recompile?
Thanks...

marshmellow · 2018-02-07 22:12:23

cmdread was designed for that. but it is tricky to use and may not take enough input for some lengthy initialize cmds.

lf cmdread <delay period (off period between bits)> <length on period of 0s> <length on period of 1s> <periods to run: binary string (0s and 1s)>

i can't remember the periods but i believe it to be US microseconds.

marshmellow · 2018-02-07 22:14:56

btw 0's = on for 0 period then off delay
and 1's = on for 1 period then off delay.

so on 30 ticks, off 20 (delay), on 60 ticks, off 20, on 60 ticks, off 20 ticks, on 30 ticks, off 20 ticks.

lf cmdread 20 30 60 0110

marshmellow · 2018-02-07 22:20:25

sometimes you need a delay to power the tag up before sending... ( at least i think that was what the delay was for... it has been a while...)

EDIT: delay is not for powering up, but rather it is the off periods between 1 and 0 on bits.

pnndra · 2018-02-08 00:09:38

Ok thanks. Now I see my issue... I was inputting bed data, not binary. I'll give it a go tomorrow.

marshmellow · 2018-02-08 21:51:00

i was incorrect with the information i provided before. (bad memory). i have corrected the descriptions above...

marshmellow · 2018-02-10 06:09:07

In my fork there is a new preliminary bitbang option for lf cmdread that allows you to turn on and off the lf antenna at will (with binary cmd input..) before collecting a response. Once it is pretty I'll get it merged to master. (Edit: it is merged now.)

with it you can:

lf cmdread d 0 z 32 o 32 c 0000000011111111111110000011111000001111100000111110000011111000001111100000

Off 256us, on 416us, off 160us, on 160us, off 160us, on 160us, off 160us, on 160us, off 160us, on 160us, off 160us, on 160us, off 160us.
(t55x7 read block 0 cmd, or close enough...)

iceman · 2018-02-11 14:02:56

+1

Proxmark3 community

Announcement

#1 2018-02-07 17:05:37

xCF795x activation

#2 2018-02-07 20:13:05

Re: xCF795x activation

#3 2018-02-07 21:40:42

Re: xCF795x activation

#4 2018-02-07 22:02:07

Re: xCF795x activation

#5 2018-02-07 22:06:00

Re: xCF795x activation

#6 2018-02-07 22:12:23

Re: xCF795x activation

#7 2018-02-07 22:14:56

Re: xCF795x activation

#8 2018-02-07 22:20:25

Re: xCF795x activation

#9 2018-02-08 00:09:38

Re: xCF795x activation

#10 2018-02-08 21:51:00

Re: xCF795x activation

#11 2018-02-10 06:09:07

Re: xCF795x activation

#12 2018-02-11 14:02:56

Re: xCF795x activation

Board footer