Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2010-04-23 19:42:29

atrox
Contributor
Registered: 2010-01-08
Posts: 35

iso15693 sniffer

I'd like to sniff into some communication between a iso15693 reader and tag. therefor i build a RecordRawAdcSamplesIso15693() function. since i could not find a documentation of the FPGA-interface I had to guess the right initialization sequence - below is what I have so far, but it does not seem to work - causing reboots of the proxmarkIII.

int c = 0;
uint8_t *dest = (uint8_t *)BigBuf;

FpgaSetupSsc();
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
SpinDelay(200);
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
SpinDelay(100);
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);

      for(;;) {
                if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_TXRDY)) {
                        AT91C_BASE_SSC->SSC_THR = 0x43;
                }
                if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
                        int8_t b;
                        b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
                        // ....
                       // b now holds a sample
                       // ....
                       dest[c++] = b;

                       if(c >= 7000) {
                                       break;
                       }

                 }
                WDT_HIT();
       }

is there a reason, why most of the other code only reads every second byte using the getNext-toggle-variable ?

Last edited by atrox (2010-04-23 19:45:30)

Offline

#2 2012-01-28 00:47:56

manuxio
Member
Registered: 2012-01-28
Posts: 1

Re: iso15693 sniffer

hello atrox,
have you managed to "sniff" a session?

I mean: did you succeed in listening (and dumping?) a conversation between a reader and a tag?

Thank you

Offline

#3 2012-01-28 07:34:10

rule
Administrator
Registered: 2008-05-21
Posts: 416

Re: iso15693 sniffer

You could try to use the iclass snoop function in the recent proxmark firmware.
It uses the same modulation and encoding, although the protocol/crc is different, in principle it should be possible to capture (raw) frames.

Offline

#4 2013-04-24 18:34:42

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: iso15693 sniffer

It works with I-CODE and and:
hf iclass snoop
command !

Thank you roel !!!

Offline

#5 2014-03-10 18:59:49

makhco
Member
Registered: 2014-03-10
Posts: 4

Re: iso15693 sniffer

asper wrote:

It works with I-CODE and and:
hf iclass snoop
command !

Thank you roel !!!

Hi Asper

may you explain more?
is this means we can emulate an Icode-sli tag?

and

HI
I saw an Icode-sli tag yesterday that its UID was changeable!
I tested it myself even.after writing on block78! then Icode-sli UID change (UID blocks change by block 78& 79 changing ) just I don't know its source.
did you hear/see about changeable UID(iso-15693) tag before?

Offline

#6 2014-03-10 19:47:31

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: iso15693 sniffer

No iso15693 emulation is possible with pm3.

You can snoop iso15693 supported communication with "hf iclass snoop" command no more things to explain; try to test/read forum/documentation before posting.

Offline

Board footer

Powered by FluxBB