Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hello everyone,
I am trying to simulate an access card using the proxmark3. I was able to recover all keys from it and dump it, but when I am trying to emulate it, my android gives me a "NFC read error".
I narrowed this problem down to keyA of the first sector.
When this key equals A0A1A2A3A4A5 (see dump below), I will get the NFC read error. When it equals any other key (like A0A1A2A3A4A5A6), there is no problem at all.
Could someone confirm if this happens to them, too, or how I can fix this problem?
Dump of error producing memory:
04ECD8321C5F80884400C82000000000
00000000000000000000000000000000
00000000000000000000000000000000
A0A1A2A3A4A5787788C1FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFF
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
FFFFFFFFFFFFFF078069FFFFFFFFFFFFtrace after NFC error via Android:
proxmark3> hf list mf
#db# Emulator stopped. Tracing: 1 trace length: 659
Recorded Activity (TraceLen = 659 bytes)
Start = Start of Frame, End = End of Frame. Src = Source of transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data (! denotes parity error, ' denotes short bytes) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 1056 | Rdr | 26' | | REQA
2228 | 4596 | Tag | 44 00 | |
11634 | 16402 | Rdr | 50 00 57 cd | ok | HALT
93716 | 94708 | Rdr | 52' | | WUPA
95944 | 98312 | Tag | 44 00 | |
105380 | 107844 | Rdr | 93 20 | | ANTICOLL
109016 | 114840 | Tag | 88 04 ec d8 b8 | |
121858 | 132386 | Rdr | 93 70 88 04 ec d8 b8 3f 7f | ok | SELECT_UID
133558 | 137078 | Tag | 04 da 17 | |
144130 | 146594 | Rdr | 95 20 | | ANTICOLL-2
147766 | 153654 | Tag | 32 1c 5f 80 f1 | |
160626 | 171090 | Rdr | 95 70 32 1c 5f 80 f1 73 b4 | ok | ANTICOLL-2
172326 | 175846 | Tag | 08 b6 dd | |
291970 | 296738 | Rdr | 50 00 57 cd | ok | HALT
374038 | 375030 | Rdr | 52' | | WUPA
376266 | 378634 | Tag | 44 00 | |
385702 | 396230 | Rdr | 93 70 88 04 ec d8 b8 3f 7f | ok | SELECT_UID
397402 | 400922 | Tag | 04 da 17 | |
407958 | 418422 | Rdr | 95 70 32 1c 5f 80 f1 73 b4 | ok | ANTICOLL-2
419658 | 423178 | Tag | 08 b6 dd | |
468354 | 473122 | Rdr | 50 00 57 cd | ok | HALT
560078 | 561070 | Rdr | 52' | | WUPA
562306 | 564674 | Tag | 44 00 | |
571742 | 582270 | Rdr | 93 70 88 04 ec d8 b8 3f 7f | ok | SELECT_UID
583442 | 586962 | Tag | 04 da 17 | |
593998 | 604462 | Rdr | 95 70 32 1c 5f 80 f1 73 b4 | ok | ANTICOLL-2
605698 | 609218 | Tag | 08 b6 dd | |
641940 | 646644 | Rdr | 60 00 f5 7b | ok | AUTH-A(0)
651080 | 655816 | Tag | 01 02 03 04 | | AUTH: nt
662514 | 671826 | Rdr | 58 09 79 90 84 3e 28 be | | AUTH: nr ar (enc)
680998 | 685734 | Tag | b2 43 34! 38 | | AUTH: at (enc)
730388 | 735156 | Rdr | c4 aa e1 76 | |
| * | key | probable key:a0a1a2a3a4a5 Prng:HARD ks2:a4c6c5e8 ks3:8e68f995 | |
| * | dec |30 03 99 9a | ok | >READBLOCK(3)
750024 | 770888 | Tag | 6f! 59! 37! 36! 23 dd! 65! 6e! 8e! 46 4c 9d f5! 4d! f7! 00 | |
| | | de e3 | |
| * | dec |00 00 00 00 00 00 78 77 88 c1 00 00 00 00 00 00 3e 30 | ok |
796274 | 800978 | Rdr | 23 81 31 e9 | |
| * | dec |30 01 8b b9 | ok | >READBLOCK(1)
815910 | 836710 | Tag | 05! 93 54 45! 72! 0d cd! 12! 4d! 87 58 37! 16 59! 47 10! | |
| | | 8d! f3 | |
| * | dec |00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 49 | ok |
859796 | 864564 | Rdr | 5d a8 05 d2 | |
| * | dec |30 02 10 8b | ok | >READBLOCK(2)
879304 | 900168 | Tag | 61 cd! a2 6b 29! a2! e6! ec! 5e! 40! d2! 5b! e0! 0e 3f 6e! | |
| | | 49! 02 | |
| * | dec |00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 49 | ok |
933186 | 937954 | Rdr | 06 e0 b1 04 | |
| * | dec |50 00 57 cd | ok | >HALT
1015280 | 1016272 | Rdr | 52' | | WUPA
1017508 | 1019876 | Tag | 44 00 | |
1411328 | 1412384 | Rdr | 26' | | REQA
1413556 | 1415924 | Tag | 44 00 | |
1505046 | 1506038 | Rdr | 52' | | WUPA
1507274 | 1509642 | Tag | 44 00 | |
8860966 | 8862022 | Rdr | 26' | | REQA
8863194 | 8865562 | Tag | 44 00 | |
8954716 | 8955708 | Rdr | 52' | | WUPA
8956944 | 8959312 | Tag | 44 00 | | hw version:
proxmark3> hw version
Prox/RFID mark3 RFID instrument
bootrom: master/v3.1.0-204-g555fa19-suspect 2021-03-16 21:09:43
os: master/v3.1.0-204-g555fa19-suspect 2021-03-16 21:09:43
fpga_lf.bit built for 2s30vq100 on 2019/11/21 at 09:02:37
fpga_hf.bit built for 2s30vq100 on 2020/03/05 at 19:09:39
SmartCard Slot: not available
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 207484 bytes (40%). Free: 316804 bytes (60%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory Best regards,
Max
Last edited by maaaaaaaaaaaaaaaaaaaaaaax (2021-03-18 23:22:45)
Offline