Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi,
I'm currently playing with the hi14asnoop and hi14alist tools, trying to log the communication process between a blank Mifare card (sector key all set to FF FF FF FF FF FF) and my OmniKey 5321.
I've read many posts about the subject but I think i'm getting strange logs.
I put my proxmark HF antenna between the card and the reader, started the hi14asnoop command and then started a successful authentication process using key FF FF FF FF FF FF to read the whole sector 0 content. Here is the log i get :
> hi14alist
recorded activity:
ETU :rssi: who bytes
---------+----+----+-----------
+ 0: 0: TAG 04
+ 5672: 0: TAG 04 00
+ 3280: 0: TAG 64 6a 3b 85 b0
+ 4848: 0: TAG 08 b6 dd
+ 91904: 0: TAG 04
+ 5688: 0: TAG 04 00
+ 3328: 0: TAG 64 6a 3b 85 b0
+ 4824: 0: TAG 08 b6 dd
+ 92004: 0: TAG 04
+ 5776: 0: TAG 04 00
+ 3296: 0: TAG 64 6a 3b 85 b0
+ 4840: 0: TAG 08 b6 dd
+ 91812: 0: TAG 04
+ 5664: 0: TAG 04 00
+ 3184: 0: TAG 64 6a 3b 85 b0
+ 4744: 0: TAG 08 b6 dd
+ 92251: 0: TAG 04
+ 5640: 0: TAG 04 00
+ 3312: 0: TAG 64 6a 3b 85 b0
+ 4881: 0: TAG 08 b6 dd
+ 91899: 0: TAG 04
+ 5856: 0: TAG 04 00
+ 3408: 0: TAG 64 6a 3b 85 b0
+ 4864: 0: TAG 08 b6 dd
+ 91571: 0: TAG 04
+ 5664: 0: TAG 04 00
+ 3297: 0: TAG 64 6a 3b 85 b0
+ 4848: 0: TAG 08 b6 dd
+ 92027: 0: TAG 04
+ 5760: 0: TAG 04 00
+ 3296: 0: TAG 64 6a 3b 85 b0
+ 4768: 0: TAG 08 b6 dd
+ 92002: 0: TAG 04
+ 5778: 0: TAG 04 00
+ 3184: 0: TAG 64 6a 3b 85 b0
+ 4856: 0: TAG 08 b6 dd
+ 91914: 0: TAG 04
+ 5672: 0: TAG 04 00
+ 3296: 0: TAG 64 6a 3b 85 b0
+ 4864: 0: TAG 08 b6 dd
+ 91924: 0: TAG 04
+ 5672: : 52
+ 64: 0: TAG 04 00
+ 3304: 0: TAG 64 6a 3b 85 b0
+ 4848: 0: TAG 08 b6 dd
+ 91812: 0: TAG 04
+ 5664: 0: TAG 04 00
+ 3288: 0: TAG 64 6a 3b 85 b0
+ 4864: 0: TAG 08 b6 dd
+ 92004: 0: TAG 04
+ 5784: 0: TAG 04 00
+ 3280: 0: TAG 64 6a 3b 85 b0
+ 4760: 0: TAG 08 b6 dd
+ 91915: 0: TAG 04
+ 5640: 0: TAG 04 00
+ 3296: 0: TAG 64 6a 3b 85 b0
+ 4873: 0: TAG 08 b6 dd
+ 92011: 0: TAG 04
+ 5664: 0: TAG 04 00
+ 3288: 0: TAG 64 6a 3b 85 b0
+ 4880: 0: TAG 08 b6 dd
+ 75675: : 60 00 f5 7b
+ 112: 0: TAG de d6 04 5f
+ 3408: 0: TAG ac 4b! c4 c8
+ 3016: 0: TAG 9c! a8 0a 4a 92 9a 0e cc! d0 82 86 08 52 89 3c! 01! 07 a8! !crc
+ 3592: 0: TAG d0 d7! a3 f2 cd! 5c! d3 65! 31! 6a ac 7c a1 2f! f6! 91 8a 23! !crc
+ 3592: 0: TAG 58! 12! 25 97 87 3e! 8c 05! 71 f2! 5c! 5b! 4a! 06! d5! fc! 34! 9e !crc
+ 9992: : 52
+ 64: 0: TAG 04 00
+ 3393: 0: TAG 64 6a 3b 85 b0
+ 4872: 0: TAG 08 b6 dd
+1702905: 0: TAG 04
+ 5856: 0: TAG 04 00
+ 3296: 0: TAG 64 6a 3b 85 b0
+ 4880: 0: TAG 08 b6 dd
+ 91707: 0: TAG 04
+ 5881: 0: TAG 04 00
+ 3248: 0: TAG 64 6a 3b 85 b0
+ 4760: 0: TAG 08 b6 dd Well, i surely recognize the tag's UID and some other parts of the communication process. But I don't really understand why almost all the messages are prefixed with "TAG". Where are the log entries of my reader ?
Could this situation have something to do with my antenna ?
Here is the result of the tune command without then with a Mifare card on the proxmark :
> tune
# LF antenna @ 0 mA / 134 mV [1273 ohms] 125Khz
# LF antenna @ 0 mA / 134 mV [1187 ohms] 134Khz
# HF antenna @ 12 mA / 3029 mV [235 ohms] 13.56Mhz
> tune
# LF antenna @ 0 mA / 0 mV [1273 ohms] 125Khz
# LF antenna @ 0 mA / 0 mV [1187 ohms] 134Khz
# HF antenna @ 5 mA / 1385 mV [235 ohms] 13.56MhzIf this can help, i'm using the 20081211_prox version of the firmware.
Any clue ?
Last edited by ereon (2009-04-09 11:58:11)
Offline
your antenna is not good !
you should have around 10v to 16v
so you are not getting any signal from your reader
Offline
Thanks for your answer,
I somehow tuned my antenna and now i'm having these results :
> tune
# LF antenna @ 0 mA / 0 mV [1273 ohms] 125Khz
# LF antenna @ 0 mA / 134 mV [1187 ohms] 134Khz
# HF antenna @ 54 mA / 12697 mV [235 ohms] 13.56MhzBut when I process to the same tests as before, i still got this kind of log entries :
+ 90962: 0: TAG 04
+ 5866: 0: TAG 04 00
+ 3192: 0: TAG 64 6a 3b 85 b0
+ 4856: 0: TAG 08 b6 dd
+ 91674: 0: TAG 04
+ 5640: 0: TAG 04 00
+ 3184: 0: TAG 64 6a 3b 85 b0
+ 4984: 0: TAG 08 b6 dd
+ 75908: : 60 00 f5 7b
+ 112: 0: TAG b2 47 95 14
+ 29672: 0: TAG 83 57! 38 9d
+ 3080: 0: TAG ef! 43! 43! 3c 5b! 6d 09! fc! 4e 25! 12! d6 76! 18! 40 41! a6! 96 !crc
+ 3528: 0: TAG b8! db aa c4 b9! 8a d3 31! 86 71! af! b7! e9! 0a b2 28! b8 e6 !crc
+ 3472: 0: TAG e1! e7! 51! 70! 68 57 27 58! 34 f3 4e 20! e6 39! 19 e5 58! 66 !crc
+ 4288: : bf 2d c6 42 !crc
+ 3138: 0: TAG 04 00
+ 3168: 0: TAG 64 6a 3b 85 b0
+ 4656: 0: TAG 08 b6 dd
+1693170: 0: TAG 04
+ 5768: 0: TAG 04 00
+ 3304: 0: TAG 64 6a 3b 85 b0 There is one thing i don't understand :
Giving this line :
+ 75908: : 60 00 f5 7b This is a message sent by the reader. So i apparently can see some reader sent messages. But if you look two lines before :
+ 3184: 0: TAG 64 6a 3b 85 b0
+ 4984: 0: TAG 08 b6 dd The second line is a response to the MIFARE SELECT WITH UID command which I can't see on the logs !
What is possibly wrong ?
Offline
This is possibly due to the relative position of your antenna, reader & tag: I found that desktop readers are low powered and you can place the proxmark antenna about anywhere. When it comes to door readers, this is much more difficult: you have to experiment with the proxmark antenna placement. In my particular case, I had most success placing the antenna not over the tag, not between the tag & reader, but with the antenna next to the tag, facing the reader... (not sure this is clear ?)
Last edited by edo512 (2009-04-09 23:12:47)
Offline
I found I'm getting good results when the card is positioned at 45 degrees to my PM3 antenna. Try adjusting the angle of your reader with respect to the PM3 board.
Last edited by d18c7db (2009-04-09 21:08:45)
Offline
The best results I got was placing the Proxmark antenna direct on top of the reader and than waving the tag 1cm away from the antenna. If you use a desktop reader in stead of a door-reader you could place bubble-plastic on top of the antenna before laying the tag on it. I hope it helps.
Offline
Oh my bad, i managed to make it work and forgot to thank.
Thank you four your advices, it was indeed just an antenna position problem.
Offline
I'd actually say the best results I've had is while placing the antenna on the oppersite side of the card from the reader... everytime I place it between the tag and reader I got only one side of the comms. Also placing a part of the coil over where I assume the tag is inside the card rather than placing the coils center to the chip.
Offline
Pages: 1