RFID 860-960Mhz?

gdadic · 2014-03-31 10:58:09

Is it maybe in plan to develop Proxmark for 860-960Mhz ultra high frequency ranges in future?

If not do you maybe know any project that is running for that frequences and has support for linux?

Than you

0xFFFF · 2014-03-31 11:47:04

Search for Software Defined Radio.
HackRF
bladeRF
ICOM
USRP
...

gdadic · 2014-03-31 12:04:11

Thank you for your answer,

Yes I know, HackRF seems to be very good, but is there any software developed for RFID 860-960Mhz cards (cracking : ISO18000-6C EPC G2 & ISO18000-6B) for any of these devices you mentioned?

Regards

0xFFFF · 2014-03-31 21:39:24

Not that I'm aware of but I have not been looking.
If it is a matter of a simple replay attack (I doubt it will be) you can record and play back tags no worries at all. I have done this at 125kHz.

asper · 2014-04-01 00:38:09

About functions UHF tags are similar to HF tags; they have insted longer action range. Look for specific product datasheet if you want to learn more; common standard follows ISO18000.

gdadic · 2014-04-01 08:40:23

Do you know maybe some cheap equipment for reading/writing/attacking UHF cards? I sow practical one https://play.google.com/store/apps/details?id=com.mti.rfid.minime but it is little expensive?

Regards

asper · 2014-04-01 10:19:58

Well it is a relatively cheap equipment and also provides a very portable solution (hardware+software). Remember that if you want to interact with non-blank UHF tags usually (hopefully) a non-default-password is set so, unless you are also able to sniff a communication, you can't do so much even with the above hardware+software.

If you want to study how UHF works (command layer) you can use the "HF-way" testing (with a pm3 or other HF product) some ISO15693 tags that have quite a lot common things with UHF stuff (look for texas instruments tag-it products). After you will be confident with them maybe you will buy a real UHF hardware or maybe you will desist

Last edited by asper (2014-04-01 10:20:25)

gdadic · 2014-04-01 10:24:23

Well,

I have one existing UHF card on system that I want to clone(probably password protected) or use MINI ME software for relay attack(I can sniff traffic without problem). Problem is that there is no software for UHF sniff attacks(this one that comes with MINI ME seems not to be suitable for relay attrack)?

Regards

gdadic · 2014-04-01 10:25:46

This is what I want to do: clone card for this China crap system:

http://chinarfid.en.alibaba.com/product/542059345-212828481/Long_range_automated_RFID_car_parking_system.html

gdadic · 2014-04-01 10:33:13

Due to this document: http://rfid-handbook.de/downloads/Finkenzeller_Systech-Bremen-2009_v1.0.pdf Access Password can be read from card only using this MINI ME reader(page 18), am I right?

Regards

asper · 2014-04-01 13:52:50

It doesn't seem that the software/hardware is able to sniff so you cannot read password (it would be stupid to provide a password if you can read it from the tag). It seems to be you are out of luck.

gdadic · 2014-04-01 13:56:41

I read again that and several other documents and of course password cannot be read easily.

But I can clone card very easily if system checks only TAG ID(and I am quite sure that it is).

asper · 2014-04-01 14:01:10

If you are so sure buy that hardware
Remember that usually UIDs are unique and read-only so you will need an hardware/software able to spoof/clone it.

gdadic · 2014-04-01 14:06:10

Well, I found some China device with software where I can easily change Tag Id.

asper · 2014-04-01 14:22:22

Can you post a link of those?

gdadic · 2014-04-01 14:38:37

http://rfidshop.com.hk/ -- Here you can find software

Hardware on Ebay: http://www.ebay.com/itm/RFID-UHF-860-960Mhz-reader-writer-6-meter-NXP-Chip-SDK-Inlays-RS232-/291077993984?pt=US_Surveillance_Accessories&hash=item43c599b600

Price is about 220$ which is expensive.

Last edited by gdadic (2014-04-01 14:39:06)

asper · 2014-04-01 17:42:02

If you refer to this sentence:

read/write UHF Tag ID & Memory

sadly I inform you that it is NOT able to write/change/modify/alter an UHF Tag ID. It only means that supports Tag ID (no memory, only ID) and Tag ID which also has user memory.

Last edited by asper (2014-04-01 17:42:48)

gdadic · 2014-04-02 13:05:09

Do you know any reader that can read/write UHF Tag ID?

Regards

asper · 2014-04-02 14:32:05

With a price lower than the ones above no, I am sorry (even with expensive programmers you can't write ID).

Last edited by asper (2014-04-03 09:55:17)

gdadic · 2014-04-03 07:40:59

Let's say that price is not problem, what would you recomend for UHF reader/writer(TAG ID rewriting)?

Thank you
Regards

asper · 2014-04-03 08:28:16

Tag-ID rewriting does not exist/it is not possible at the moment. ID-rewriting is not permitted by the standard so only a chinese-modified card can help you but no one (to my knowledge) ever produced it.

gdadic · 2014-04-03 09:14:58

Then how can I clone UHF card?

asper · 2014-04-03 09:53:39

I tried to tell you all the time: actually you can't/it is not possible.

Last edited by asper (2014-04-03 09:55:53)

gdadic · 2014-04-03 10:02:07

You are telling that there is no possible way that I can enter this Parking Ramp (I mentioned) without buying card?

The ramp probably cheks only TAG ID..

vivat · 2014-04-04 04:25:17

If you are hardcore enough, you can try to design first fake UHF tag simulator yourself. You will have to find some transceiver that have same operating frequency, modulation etc as your real tag. Then connect it to microcontroller that can handle that transceiver, write the software and let us know.
Quick googling showed me Phychips PR9200 SoC and Intel's R500 transceivers.

Last edited by vivat (2014-04-04 04:34:55)

gdadic · 2014-04-08 08:13:39

I found what I need but it is little expensive

http://www.iaik.tugraz.at/content/research/rfid/tag_emulators/

gdadic · 2014-05-19 10:59:40

Unfortunately I didn't,

I ordered some cards from Alibaba, when they come i will tell you if UID is rewritable..

Proxmark3 community

Announcement

#1 2014-03-31 10:58:09

RFID 860-960Mhz?

#2 2014-03-31 11:47:04

Re: RFID 860-960Mhz?

#3 2014-03-31 12:04:11

Re: RFID 860-960Mhz?

#4 2014-03-31 21:39:24

Re: RFID 860-960Mhz?

#5 2014-04-01 00:38:09

Re: RFID 860-960Mhz?

#6 2014-04-01 08:40:23

Re: RFID 860-960Mhz?

#7 2014-04-01 10:19:58

Re: RFID 860-960Mhz?

#8 2014-04-01 10:24:23

Re: RFID 860-960Mhz?

#9 2014-04-01 10:25:46

Re: RFID 860-960Mhz?

#10 2014-04-01 10:33:13

Re: RFID 860-960Mhz?

#11 2014-04-01 13:52:50

Re: RFID 860-960Mhz?

#12 2014-04-01 13:56:41

Re: RFID 860-960Mhz?

#13 2014-04-01 14:01:10

Re: RFID 860-960Mhz?

#14 2014-04-01 14:06:10

Re: RFID 860-960Mhz?

#15 2014-04-01 14:22:22

Re: RFID 860-960Mhz?

#16 2014-04-01 14:38:37

Re: RFID 860-960Mhz?

#17 2014-04-01 17:42:02

Re: RFID 860-960Mhz?

#18 2014-04-02 13:05:09

Re: RFID 860-960Mhz?

#19 2014-04-02 14:32:05

Re: RFID 860-960Mhz?

#20 2014-04-03 07:40:59

Re: RFID 860-960Mhz?

#21 2014-04-03 08:28:16

Re: RFID 860-960Mhz?

#22 2014-04-03 09:14:58

Re: RFID 860-960Mhz?

#23 2014-04-03 09:53:39

Re: RFID 860-960Mhz?

#24 2014-04-03 10:02:07

Re: RFID 860-960Mhz?

#25 2014-04-04 04:25:17

Re: RFID 860-960Mhz?

#26 2014-04-08 08:13:39

Re: RFID 860-960Mhz?

#27 2014-05-19 10:59:40

Re: RFID 860-960Mhz?

Board footer