Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi, I am using a PM3 with Winter'10 software/firmware, under WinXP Pro. I have a OmniKey Cardman 5321 reader (USB), some MIFARE Classic 1K tags and use the OmniKey Diagnostic Tool (ODT) to check tags presence on the OmniKey reader ...
When I place a tag over the OmniKey reader, the ODT software shows the TAG UID on the "Smart Card Name" Field, like:
MIFARE Standard 1K UID: 6A 23 0E C7
and the ATR, like:
3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 00 01 00 00 00 00 6A (I know this is not the right one)
It also shows the Protocol (ISO 14443A - Part 3), the frequency (13.56 MHz) and the PICCtoPCD/PCDtoPICC speed (106 kbps)
My PM3 reads the card with no problem at all using "hf 14a reader", like this:
proxmark3> hf 14a reader
#db# 9e98 cc cc
#db# ready..
proxmark3> hf 14a list
proxmark3> recorded activity:
ETU :rssi: who bytes
---------+----+----+-----------
+ 0: : 0b 00 80 07 00 00 00 04 2c fa 33 e4 20 0b 00
00 00 00 00 00 01 52 20 0b 00 00 00 00 00 00 01 52 !crc
+ 3080: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 15 49 3a 40
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 456: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 424: 0: TAG 11 55 5f 90
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 6a a6 0e ae
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 456: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG b5 44 2b a7
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 456: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 8c 6e 8a eb
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 456: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 9f fc cf 83
+ 0: : 52
+ 0: : 52
+ 240: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 304: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 86 e5 7b bf
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 74 36 94 1c
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG d6 05 37 9c
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 456: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 98 cd 21 89
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 456: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 424: 0: TAG 71 e9 48 89
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 456: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 32 75 71 8d
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 3b db 4b 08
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG 54 7a 59 c0
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG f2 1e 67 02
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
+ 0: : 60 00 f5 7b
+ 432: 0: TAG c3 34 cd b6
+ 0: : 52
+ 0: : 52
+ 232: 0: TAG 04 00
+ 0: : 93 20
+ 448: 0: TAG 6a 23 0e c7 80
+ 0: : 93 70 6a 23 0e c7 80 a8 8d
+ 312: 0: TAG 08 b6 dd
proxmark3>I want to simulate that same tag with the PM3, so I use the command "hf 14a sim 6a230ec7" (and all kinds of other UIDs), and proxmark3.exe says it is ok (even though it doesn't show the correct UUID), but when the HF antenna is moved over the OmniKey Cardman reader, the ODT software shows nothing, like there is no tag near by.
It is definitely trying to communicate or something, because the green/red LED on the OmniKey blinks rapidly (forever while the HF antenna is near) like it blinks (for a second) when a real tag is moved near the reader.
Here is what proxmark3.exe shows (wrong UIDs) on different tries:
proxmark3> hf 14a sim 123456
Emulating 14443A TAG with UID 0 1123456
--
proxmark3> hf 14a sim
Emulating 14443A TAG with UID 0 0
--
proxmark3> hf 14a sim 1 2 3
Emulating 14443A TAG with UID 0 112233
--
proxmark3> hf 14a sim 1 2 3 4 5 6
Emulating 14443A TAG with UID 1122 33445566
write failed: usb_reap: timeout error!
Trying to reopen device...
--
proxmark3> hf 14a sim 6a 23 0e c7
Emulating 14443A TAG with UID 66a2 2300ecc7
--
proxmark3> hf 14a sim 6a 23 0e c7
Emulating 14443A TAG with UID 6 6a22300e
--
proxmark3> hf 14a sim 6a230ec7
Emulating 14443A TAG with UID 6 6a230ec7
--
proxmark3> hf 14a sim 060a0203000e0c07
Emulating 14443A TAG with UID 60a0203 e0c07Am I using the "hf 14a sim" command incorrectly ?
The Reference Manual says:
hi14asim : fake ISO 14443a tag
The command hi14asim sets the Proxmark in emulation mode. Until the button is pressed the device will respond as programmed in the firmware. We programmed the Proxmark to act like a mifare Classic 4k card. Contactless readers (such as the Omnikey 5121) run the anticollision and get convinced that they communicate with an mifare Standard 4k card. They also detect the (simulated) card's UID.
Could the problem have something to do with Mifare Classic 1K vs. Mifare Classic 4K ? (Don't think so, since the only thing we are emulating is the UID, right ?)
Any ideas or recommendations are welcome, and any help will be greatly appreciated.
Thanks.
UPDATE (10/05/2010 - 11:43pm): I also checked by reading on the OmniKey Cardman 5321 with RFIDiot v.1.0a, using isotype.py, and it says "No TAG present!" when running "hf 14a sim" and placing the PM3 HF antenna on top of the Cardman ... Once again, Green/Red LED on reader blinks forever as long as the "simulated tag" is on it. Same behavior (as if no card was present, but green/red LED blinking) happens when using readmifare1k.py (shows error) and using readmifaresimple.py (says "waiting for Mifare TAG...").
Last edited by albertoparis (2010-05-11 05:43:25)
Offline
Hi albertoparis,
it seems that we are using exactly the same configuration.
I use also a Omnikey CardMan 5321 and a PM3 with the same firmware.
I try to simulate a tag with a UID with PM3 but it doesn't work.
Have you allready a idea what the problem could be?
Thanks for your reply,
Berni
Offline
albertoparis, I know this is not related to your question but how did you get RFIDIOt to work on your pc? Whenever I import a module, for eg. transit.py, I keep getting =====restart====== in the idle without anything happening. What could be wrong?
Thanks for reading.
Offline
Hi albertoparis and berni
I got almost same problem as yours but the diferences are in diferent versions of firmware of PM3. I have even tried to do the fake tag with readers of 3 types :Omnikey ,STIO10 OF SCM AND ER-R342 OF MINGHUA, and all failed.
I don't know what is wrong with my operation or my PM3.
Offline