Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2010-05-06 12:28:02

adam@algroup.co.uk
Contributor
From: UK
Registered: 2009-05-01
Posts: 203
Website

Legic write/simulate released

I've just posted code (rev 440) that simulates and writes to legic cards. This was sent to me anonymously and I've only gone as far in testing as to make sure that it builds, flashes and 'seems to work'. I do not have a native legic reader to test it properly against, so I'd be interested to hear if anyone has...

Offline

#2 2010-05-09 13:24:05

adam@algroup.co.uk
Contributor
From: UK
Registered: 2009-05-01
Posts: 203
Website

Re: Legic write/simulate released

OK, to facilitate this I've created a new target 'tarbin' (r441), which produces a tarball with all the Linux binaries in it. It would be good if someone could tweak it to also support windows.

It should also be tweaked to include the svn revision and date in it's name (or something) , but I just don't have time to do anything further today...

Resulting tarball is posted in the downloads section: http://code.google.com/p/proxmark3/downloads/list

Offline

#3 2010-05-10 00:05:00

rumpeltux
Contributor
From: München, Germany
Registered: 2010-02-04
Posts: 18
Website

Re: Legic write/simulate released

I did some testruns with the simulator (modified it for MIM256 though) and also tried with several different values for SHIFT and DIV, but at some point the prng gets out of sync and the reader stops communicating. The basic problem is that after each command the code waits a certain time and forwards the prng by 2 before responding, however sometimes the reader expects another keystream, so this static approach won't work–at least not for the reader I tested.

The chip is really small, so if I had to guess how they implemented the prng-streamer on the chip, I’d say they took the easiest approach: There would be a clk signal all 99.1μs (the code uses 97.66μs (586)) to forward the prng. While sending/receiving this clk is ignored and the prng is forwarded after each bit. I had a similar implementation, but that wouldn't always work either.

Offline

#4 2010-05-12 11:55:16

arcane1978
Member
Registered: 2010-01-23
Posts: 5

Re: Legic write/simulate released

Hi to all. First of all, sorry about my bad english but i will give it a try.

I tried writing  a MIM256 and it works fine. After some testing on a native reader i was able to write some credit to the card :-) . I'm not sure if  simulating a tag  works because my native reader won't recognice any card in field. Maybe my antenna is not that good.

Do anybody know if there is a way to simulate or write the uid as well

Last edited by arcane1978 (2010-05-12 12:37:59)

Offline

#5 2010-06-21 12:01:02

andy999
Contributor
Registered: 2010-01-25
Posts: 9

Re: Legic write/simulate released

And what is your surprise???

Offline

#6 2010-08-05 10:46:08

andy999
Contributor
Registered: 2010-01-25
Posts: 9

Re: Legic write/simulate released

Has anybody fiexd the code so the simulation will work correctly?
At the moment only a few bytes can be simulated before the PRNG isn't synchron to the reader anymore.

Offline

Board footer

Powered by FluxBB