Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-01-05 14:42:30

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Recent changes ('hf 14 list', 'hf iclass list') and loclass

I've changed the way 'list' works, previously it was two very large and very similar functions within iclass and iso1443, now it's instead a more generic function in 'hf'.

So, 'hf list 14a' and 'hf list iclass' are the new replacements. In addition, I added a 'annotation' column, so the user can more easily understand what commands are sent. I picked the most common commands (apdus) from the codebase, but I haven't added all existing commands, so if anyone has a more comprehensive list of commands, please let me know (or add them youselves).

Also, I added loclass functionality to pm3, so now loclass operations can be invoked directly from within pm3. Please let me know if it builds and works ok, someone mentioned that the stat-operation is unavailable on windows (renamed), so we may have to add some preprocessing there.

Offline

#2 2015-01-05 14:45:45

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

And more changes: the 'hf iclass dump' is now fairly stable. And here's an example of the annotated listing:

     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
         0 |       992 | Rdr | 52                                                              |     | WUPA
      2228 |      4596 | Tag | 02  00                                                          |     | 
      7040 |      9504 | Rdr | 93  20                                                          |     | SELECT_ALL
     10676 |     16500 | Tag | 00  00  00  00  00                                              |     | 
     18688 |     29216 | Rdr | 93  70  00  00  00  00  00  9c  d9                              |     | SELECT_UID
     30388 |     33972 | Tag | 18  37  cd                                                      |     | 
    462848 |    467616 | Rdr | e0  80  31  73                                                  |     | RATS
    470836 |    483572 | Tag | 09  78  00  91  02  da  bc  19  10  f0  05                      |     | 
Recorded Activity

Last edited by holiman (2015-01-05 14:45:58)

Offline

#3 2015-01-05 15:00:07

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Can you try and see if this is working on your linux?  It works on my win7 64..

#ifdef _WIN32
	struct _stat fileStat;
	int result = _stat(filename, &fileStat);
#else
	struct stat fileStat;
	int result = stat(filename, &fileStat);
#endif

Offline

#4 2015-01-05 15:11:26

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

ISO14443A (usually NFC tags)

26(7bits) = REQA
30 = Read (usage: 30+1byte block number+2bytes ISO14443A-CRC - answer: 16bytes)
A2 = Write (usage: A2+1byte block number+4bytes data+2bytes ISO14443A-CRC - answer: 0A [ACK] or 00 [NAK])
52(7bits) = WUPA (usage: 52(7bits) - answer: 2bytes ATQA)
93 20 = Anticollision (usage: 9320 - answer: 4bytes UID+1byte UID-bytes-xor)
93 70 = Select (usage: 9370+5bytes 9320 answer - answer: 1byte SAK)
95 20 = Anticollision of cascade level2 (if SAK bit3 [counting from bit0] is 1)
95 70 = Select of cascade level2 (if SAK bit3 is still 1)
97 20 = Anticollision of cascade level3
97 70 = Select of cascade level3
50 00 = Halt (usage: 5000+2bytes ISO14443A-CRC - no answer from card)

NTAG213/215/216 (NFC compatible tag)
60 = Get product version (8 bytes answer)
3A = Fast Read (read a range of memeory blocks)
A0 = Compatibility Write (to accomodate MIFARE commands)
39 = Read Counter
1B = Password Authentication (password is 4 bytes)
3C = Read ECC Signature (32 bytes answer)

Mifare
60 = Authenticate with KeyA
61 = Authenticate with KeyB
40(7bits) = Used to put Chinese Changeable UID cards in special mode (must be followed by 43 (8bits) to enter in backdoor mode - answer: 0A)
41 = Used to wipe Chinese Changeable UID cards (all zeroes)
43 = See 40 (7 bits)
A0 = Write
C0 = Decrement
C1 = Increment
C2 = Restore
B0 = Transfer

Mifare Magic 1st gen
40(7bits) = WUP part1
41 = Wipe
43 = WUP part2

Ultralight C
A0 = Compatibility Write (to accomodate MIFARE commands)
1A = Step1 Authenticate
AF = Step2 Authenticate

Ultralight EV1
3E = CHECK TEARING EVENT
4B = VCSL
A5 = INCREMENT COUNTER

ISO14443B
05 = REQB
1D = ATTRIB
50 = HALT

SRIX4K (tag does not respond to 05)
06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID)
0B = Get UID
08 yy = Read Block (yy = block number)
09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
0C = Reset to Inventory
0F = Completion
0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)

NFC TYPE 1 (ex. Jewel/Topaz)
78(7bit) = Read ID (usage: 78+000000000000+2bytes ISO14443A-CRC - answer: 8bytes - used to read the metal-mask ROM and UID0-3 from block 0)
00(7bit) = Read All
01(7bit) = Read single byte
53(7bit) = Write with Erase Single Byte
1A(7bit) = Write with NO Erase Single Byte
10(7bit) = Read Segment
02(7bit) = Read (8 bytes)
54(7bit) = Write with Erase 8 bytes
1B(7bit) = Write with NO Erase 8 bytes


ISO15693

MANDATORY COMMANDS (all ISO15693 tags must support those)
01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
02 = Stay Quiet

OPTIONAL COMMANDS (not all tags support them)
20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
22 = Lock Block
23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
24 = Write Multiple Blocks (?up to 2 blocks max?)
25 = Select
26 = Reset to Ready
27 = Write AFI
28 = Lock AFI
29 = Write DSFID
2A = Lock DSFID
2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read+1byte last block security to read+2bytes ISO15693-CRC)


EM Microelectronic CUSTOM COMMANDS
A2 = Set EAS
A3 = Reset EAS
A4 = Lock EAS
A5 = Active EAS
A6 = Protect EAS
A7 = Write EAS ID
A8 = Write EAS Cfg
B4 = Write Password
B6 = Protect Memory Page
B8 = Get Protection Status for a specific block
B9 = Destroy
BA = Enable Privacy
BB = Disable Privacy
BC = Enable Low Security
C3 = Fast Read Multiple Blocks
E4 = Login

NXP/Philips CUSTOM COMMANDS
A0 = Inventory Read
A1 = Fast Inventory Read
A2 = Set EAS
A3 = Reset EAS
A4 = Lock EAS
A5 = EAS Alarm
A6 = Password Protect EAS/AFI
A7 = Write EAS ID
A8 = Read EPC
B0 = Inventory Page Read
B1 = Fast Inventory Page Read
B2 = Get Random Number
B3 = Set Password
B4 = Write Password
B5 = Lock Password
B6 = Bit Password Protection
B7 = Lock Page Protection Condition
B8 = Get Multiple Block Protection Status
B9 = Destroy SLI
BA = Enable Privacy
BB = 64bit Password Protection
40 = Long Range CMD (Standard ISO/TR7003:1990)

Texas Instruments CUSTOM COMMANDS
A2 = Write 2 Blocks
A3 = Lock 2 Blocks
A4 = Kill
A5 = Write Single Block Password

ST Microelectronics
B1 = Write-sector Password
B2 = Lock-sector Password
B3 = Present-sector Password
C0 = Fast Read Single Block
C1 = Fast Inventory Initiated
C2 = Fast Initiate
C3 = Fast Read Multiple Block
D1 = Inventory Initiated
D2 = Initiate

Fujitsu
A0 = Read EAS
A1 = Write EAS
A6 = Kill
B1 = Fast Inventory
C3 = Fast Read Multiple Blocks
C4 = Fast Write Multiple Blocks


ISO14443B

05 = REQB: that is 05, followed by the Application Family Identifier (AFI), that usually is 00 in AFI is not set inside the tag (different from 00 it is set); those 2 bytes are then followed by 1byte parameter and 2bytes ISO14443B CRC.
50 = HALT
xx = SLOT-MARKER: must be coded looking at bits (par. 7.8.1 ISO14443B-3 datasheet)
yy = ATTRIB: must be coded looking at bits (par. 7.10 ISO14443B-3 datasheet)

St Microelectronics
0600 = INITIATE
0E = SELECT
0B = GET UID
08 = READ BLOCK
09 = WRTIE BLOCK

Last edited by asper (2015-09-27 10:20:08)

Offline

#5 2015-01-07 21:51:55

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Thanks asper!

A few questions. In the code (iso14443a.c), the following block is defined:

if(receivedCmd[0] == 0x30 // read block
		|| receivedCmd[0] == 0xA0 // write block
		|| receivedCmd[0] == 0xC0 // inc
		|| receivedCmd[0] == 0xC1 // dec
		|| receivedCmd[0] == 0xC2 // restore
		|| receivedCmd[0] == 0xB0) { // transfer

In the codeblock, write block is 0xA0, but you specify it as 0xA2. Can you verify which is correct?

And another thing:

20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)

What is the first byte of the command, is it 02 in that case? And e.g inventory, is that 26,01, and if so, what about stay quiet, is that also prepended by 26?

Last edited by holiman (2015-01-07 21:52:22)

Offline

#6 2015-01-07 23:31:08

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

A0 is a proprietary command for write mifare (I forgot to add it), A2 is used to write with NFC standard tags (ex. my-d move or NTAG); inside the ISO14443-3 standard a "universal" write command is not specified but I found that A2 is used for NFC-compliant tags (even from different manufacturers ex. NXP and Infineon).

In ISO15693-3 [Chapter 7.3.1] commands need flags to work; 1st byte (1st 8 bits) represent the flags, the second byte of the command is the "real" command. Here is the full request-flag description:
9CnI87T.png

VICC = Tags/Cards [Vicinity Card]

Here it is the description of the main used ISO15693 commands and their flag:
01 = Inventory (usage: 260100+2bytes ISO15693-CRC - answer: 12bytes)
2B = Get_System_Info (usage: 022B+2bytes ISO15693-CRC - answer: 14 or more bytes)
20 = Read Block (usage: 0220+1byte block number+2bytes ISO15693-CRC - answer: 4bytes)
21 = Write Block (usage: 0221+1byte block number+4bytes data+2bytes ISO15693-CRC - answer: 4bytes)
23 = Read Multiple Blocks (usage: 0223+1byte 1st block to read+1byte last block to read+2bytes ISO15693-CRC)
2C = Read Multiple Block Security Status (usage: 022C+1byte 1st block security to read 1byte last block security to read+2bytes ISO15693-CRC)

Again, each command need a "prepending" flag. You can only read the 2nd command byte to identify the real command or you can also add a flag "decryption" function.

Also the answers (responses) have a prepending flag, which is far easier to decrypt than the commands one (below you can also find the standard error codes):
ql9TCa5.png

Last edited by asper (2015-01-07 23:50:19)

Offline

#7 2015-01-07 23:57:23

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Are you planning on rewriting the "hf 14b list" and move it to "hf list", Holiman ??

Offline

#8 2015-01-08 00:21:15

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

So all the "list" commands will be inside one simple hf list ? This will be fantastic !

Offline

#9 2015-01-16 11:11:22

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

iceman wrote:

Are you planning on rewriting the "hf 14b list" and move it to "hf list", Holiman ??

Yes, however I don't have any good way to test that. Anyone to help out?

Offline

#10 2015-01-16 11:57:11

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Ask Asper.  I think he has 14b tags laying around.

Offline

#11 2015-01-16 18:41:15

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

I can test iso14443b, link me the branch to compile->test.

Offline

#12 2015-01-16 21:57:53

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

I'll implement the changes in main, add 'hf list 14b', but not remove the old one until you've confirmed it's ok. I'll let you know when you can start testing

Offline

#13 2015-01-16 23:35:57

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

I've pushed some changes now, 'hf list 14b' and 'hf list raw' should work, the latter without any annotations nor CRC-checks.
My idea for CRC texts is that:

* No CRC expected: "    "
* CRC ok: " ok "
* CRC error: "!crc"

Offline

#14 2015-01-17 14:15:23

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Sweet!   And when you at it,  can you move the  "hf list" commands into their own file? ie: cmdhflist.c

Offline

#15 2015-01-18 13:11:54

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

The hf list 14b seems not to work correctly:

proxmark3> #db# Randomly generated UID from tag (+ 2 byte CRC): 2e 4 38                 
proxmark3> #db# Now SELECT tag:                 
proxmark3> #db# Tag UID (64 bits): xxxxxxxxxxxxxxxxx                 
proxmark3> #db# Tag memory dump, block 0 to 127                 
proxmark3> #db# Address=0, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=1, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=3, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=4, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5, Contents=fffffffe, CRC=fc13                 
proxmark3> #db# Address=6, Contents=ffffff6b, CRC=6493                 
.......             
proxmark3> #db# Address=28, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=29, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2a, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2b, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2c, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2d, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2e, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2f, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=30, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=31, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=32, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=33, Contents=ffffffff, CRC=470f                 
........
proxmark3> #db# Address=57, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=58, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=59, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5a, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5b, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5c, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5d, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5e, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5f, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=60, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=61, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=62, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=63, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=64, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=65, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=66, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=67, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=68, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=69, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=6a, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=6b, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=6c, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=6d, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=6e, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=6f, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=70, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=71, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=72, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=73, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=74, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=75, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=76, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=77, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=78, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=79, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7a, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7b, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7c, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7d, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7e, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7f, Contents=ffffffff, CRC=470f                 
proxmark3> #db# System area block (0xff):                 
proxmark3> #db# Address=ff, Contents=feffffff, CRC=ce1e                 
proxmark3>  hf list 14b

I sent the built-in command to read the whole tag and it worked (log had been cut); after sending the hf list 14b command the clinet crashed (windows error message). I tested it a second time and the result was this (no crash but it doesn't work):

proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
         0 |      7886 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
  16777217 |  16777217 | Rdr |                                                                 |     | ?          
    196609 |    196612 | Rdr | 03  00  03                                                      | !crc| ?          
  16973828 |  16973831 | Rdr | 03  00  03                                                      | !crc| ?          
  17039108 |  17104391 | Rdr | 03  ff  03                                                      | !crc| ?          
  17039108 |  17039111 | Rdr | 03  ff  03                                                      | !crc| ?          
    196612 |    261895 | Rdr | 03  00  03                                                      | !crc| ?          
proxmark3> 

Then I tested the old hf 14b list:

proxmark3>  hf 14b list
recorded activity:          
 time  :rssi: who bytes          
---------+----+----+-----------          
 +      0: 7886: TAG  (SHORT)          
 +-2130706431:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +2130903040: 196611: TAG 00 03 00   **FAIL CRC**          
 +-2130706429:    :     00 03 00   **FAIL CRC**          
 +  65280:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +2130641152: 261891: TAG 00 03 00   **FAIL CRC**          
 +  65280: -16580605: TAG ff 03 ff   **FAIL CRC**          
 +-2130771712:    :     00 03 00   **FAIL CRC**          
 +  65280:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 + -65280:    :     00 03 00   **FAIL CRC**          
 +2130706432: -16580605: TAG ff 03 00   **FAIL CRC**          
 +      0: 196611: TAG 00 03 00   **FAIL CRC**          
 +-2130641152:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 + -65280:    :     00 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +  65280:    :     00 03 ff   **FAIL CRC**          
 + -65280:    :     ff 03 ff   **FAIL CRC**          
 +  65280:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 + -65280:    :     00 03 ff   **FAIL CRC**          
 +2130706432: 196611: TAG 00 03 00   **FAIL CRC**          
 +-2130706432:    :     00 03 00   **FAIL CRC**          
 +2130706432: 261891: TAG 00 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +  65280:    :     00 03 00   **FAIL CRC**          
 + -65280:    :     ff 03 00   **FAIL CRC**          
 +  65280:    :     ff 03 00   **FAIL CRC**          
 + -65280:    :     00 03 00   **FAIL CRC**          
 +  65280:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 ff   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 ff   **FAIL CRC**          
 +-2130771712:    :     00 03 ff   **FAIL CRC**          
 +2130706432: 261891: TAG 00 03 00   **FAIL CRC**          
 +-2130641152:    :     ff 03 ff   **FAIL CRC**          
 + -65280:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 ff   **FAIL CRC**          
 +2130771712: 261891: TAG 00 03 00   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 + -65280:    :     00 03 00   **FAIL CRC**          
 +  65280:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     00 03 ff   **FAIL CRC**          
 +2130641152: -16580605: TAG ff 03 00   **FAIL CRC**          
 +-2130641152:    :     00 03 ff   **FAIL CRC**          
 +2130706432: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: 261891: TAG ff 03 00   **FAIL CRC**          
 +-2130771712:    :     ff 03 00   **FAIL CRC**          
 +2130771712: 196611: TAG ff 03 ff   **FAIL CRC**          
 +-2130771712:    :     ff 03 00   **FAIL CRC**          
 +  65280:    :     ff 03 00   **FAIL CRC**          
 +2130706432: 196611: TAG 00 03 ff   **FAIL CRC**          
 +-2130771712:    :     00 03 ff   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +  65280:    :     00 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 00   **FAIL CRC**          
 +2130641152: -16515325: TAG 00 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG 00 03 00   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +  65280:    :     00 03 00   **FAIL CRC**          
 +      0:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 ff   **FAIL CRC**          
 + -65280:    :     ff 03 00   **FAIL CRC**          
 +  65280:    :     ff 03 00   **FAIL CRC**          
 + -65280:    :     00 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
proxmark3> 

Then I tryed to ged UID and it worked but listing the results i obtained this:

proxmark3> hf 14b raw -c -p 0B
received 10 octets          
XX XX XX XX XX XX XX XX XX XX           
CRC OK          
proxmark3> 
proxmark3> hf 14b list
recorded activity:          
 time  :rssi: who bytes          
---------+----+----+-----------          
proxmark3> 
proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
proxmark3> 

Another test after succesfully reading 1 single block:

proxmark3> hf 14b raw -c -p 08 04
received 6 octets          
FF FF FF FF 47 0F           
CRC OK          
proxmark3> 
proxmark3> hf 14b list
recorded activity:          
 time  :rssi: who bytes          
---------+----+----+-----------          
 +      0: 3911: TAG  (SHORT)          
 +-2147483647:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +2130903040: -16515325: TAG ff 03 00   **FAIL CRC**          
 +  65283: -16580605: TAG ff 03 00   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: -16515325: TAG ff 03 ff   **FAIL CRC**          
 + -65280: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +2130771712: -16515325: TAG ff 03 00   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: 261891: TAG ff 03 00   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     00 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +2130706432: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: -16580605: TAG 00 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 00   **FAIL CRC**          
 + -65280:    :     ff 03 ff   **FAIL CRC**          
 +2130771712: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130771712:    :     ff 03 ff   **FAIL CRC**          
 +2130771712: 261891: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 + -65280: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130641152:    :     ff 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +2130706432: 261891: TAG 00 03 00   **FAIL CRC**          
 +      0: -16580605: TAG 00 03 ff   **FAIL CRC**          
 + -65280: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130641152:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: 196611: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +      0:    :     ff 03 00   **FAIL CRC**          
 +2130706432: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: -16515325: TAG 00 03 ff   **FAIL CRC**          
 + -65280: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130641152:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: 261891: TAG 00 03 00   **FAIL CRC**          
 +-2130706432:    :     00 03 ff   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 00   **FAIL CRC**          
 +      0: -16580605: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 00   **FAIL CRC**          
 +      0:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 00   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: 261891: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 00   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG 00 03 00   **FAIL CRC**          
 +      0: -16580605: TAG ff 03 ff   **FAIL CRC**          
 +      0: 261891: TAG ff 03 00   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +2130706432: -16515325: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: 261891: TAG ff 03 ff   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: -16515325: TAG ff 03 00   **FAIL CRC**          
 +-2130706432:    :     ff 03 ff   **FAIL CRC**          
 +2130641152: 261891: TAG ff 03 00   **FAIL CRC**          
 +  65280: -16515325: TAG ff 03 00   **FAIL CRC**          
 +      0: 261891: TAG ff 03 ff   **FAIL CRC**          
 +-2130706432:    :     ff 03 00   **FAIL CRC**          
 +2130706432: 261891: TAG ff 03 ff   **FAIL CRC**          
 +      0: 261891: TAG ff 03 ff   **FAIL CRC**          
proxmark3> 
proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
         0 |      3911 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
         1 |         1 | Rdr |                                                                 |     | ?          
proxmark3> 

In the last 2 tests I tested the new and the old list command. PM3 os, fpga and clien were the ones in the holiman trunk.

Last edited by asper (2015-01-18 13:19:29)

Offline

#16 2015-01-18 16:21:46

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Sorry if I was unclear, the code is in main, that it, pm3 proper. Not my branch, which contains iceman-stuff

Offline

#17 2015-01-18 16:48:40

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Hm, maybe it doesn't matter. I think the iso14443b-stuff does not use the same raw format for traces, judging by https://github.com/Proxmark/proxmark3/blob/master/armsrc/iso14443.c . I'll have to fix that first, on the arm-side, I guess.

Offline

#18 2015-01-18 18:15:21

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Ok, waiting for your "go" to further test.

Offline

#19 2015-01-18 18:41:05

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

The raw doesn't even trace, but what was the first command you executed ?

Offline

#20 2015-01-18 19:52:57

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Dump all data from srix tag ("hf 14b srix4kread" client command).

Last edited by asper (2015-01-18 19:57:04)

Offline

#21 2015-01-18 21:51:51

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

I've added proper tracing to iso14443b-things now. Since I may have broken things, I put it in it's own branch: https://github.com/Proxmark/proxmark3/tree/GenericTracing .

The things that would be good to test are:
- iso14443b raw
- hf 14b snoop
- SRI512 reading
- Srix4k read

Thanks!

Offline

#22 2015-01-20 20:32:31

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

It does not work at all (raw commands, srix reading - no rensponse from tag); snoop not tested.

Last edited by asper (2015-01-20 21:02:48)

Offline

#23 2015-01-20 21:33:43

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

What happens if you do 'hf list 14b' after such a raw or srix-reading ?

Offline

#24 2015-01-20 23:20:16

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

hf list 14b does not exist (14b param is missing), the other one (hf 14b list) all 0.
I used this branch: https://github.com/Proxmark/proxmark3/tree/GenericTracing

proxmark3> hf 14b srix4kread
proxmark3> 
proxmark3> #db# No response from tag                 
proxmark3> hf 14b srix4kread
proxmark3> 
proxmark3> #db# No response from tag                 
proxmark3>  hf list 14b
List protocol data in trace buffer.          
Usage:  hf list [14a|iclass] [f]          
    14a    - interpret data as iso14443a communications          
    iclass - interpret data as iclass communications          
    f      - show frame delay times as well          
example: hf list 14a f          
example: hf list iclass          
proxmark3> 
proxmark3>  hf 14b list
recorded activity:          
 time  :rssi: who bytes          
---------+----+----+-----------          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
 +      0:    :      (SHORT)          
proxmark3> 

Offline

#25 2015-01-20 23:47:20

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

I think you're somehow not using that code. Look at https://github.com/Proxmark/proxmark3/blob/master/client/cmdhf.c, the help-text there - it's not the same as you're seeing. Do git status

Offline

#26 2015-01-21 00:09:00

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

And don't you need to do a fpga update?

Offline

#27 2015-01-21 00:10:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Asper,  it should look like this.

pm3 --> hf list
List protocol data in trace buffer.
Usage:  hf list [14a|14b|iclass] [f]
    14a    - interpret data as iso14443a communications
    14b    - interpret data as iso14443b communications
    iclass - interpret data as iclass communications
    raw    - just show raw data
    f      - show frame delay times as well

Offline

#28 2015-01-21 00:45:35

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

I downloaded the zip file from that link because svn was not working.
I will delete and retry tomorrow.

Offline

#29 2015-01-21 08:06:19

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Fpga update not necessary, only for iclass tagsim

Offline

#30 2015-01-21 19:06:17

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Deleted all the folders, redownloaded via svn and flashed fpga+os:


Read all blocks -> list

proxmark3> hf 14b srix4kread
proxmark3>
proxmark3> #db# Randomly generated UID from tag (+ 2 byte CRC): 3c 97 b                 
proxmark3> #db# Now SELECT tag:                 
proxmark3> #db# Tag UID (64 bits): xxxxxxxxxxxxx                 
proxmark3> #db# Tag memory dump, block 0 to 127                 
proxmark3> #db# Expected 6 bytes from tag, got less...                 
proxmark3> hf 14b srix4kread
proxmark3>
proxmark3> #db# Randomly generated UID from tag (+ 2 byte CRC): ff 0 ff                 
proxmark3> #db# Now SELECT tag:                 
proxmark3> #db# Tag UID (64 bits): xxxxxxxxxxxxxx             
proxmark3> #db# Tag memory dump, block 0 to 127                 
proxmark3> #db# Address=0, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=1, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=3, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=4, Contents=ffffffff, CRC=470f                 
.......       
proxmark3> #db# Address=28, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=29, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2a, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2b, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2c, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2d, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2e, Contents=ffffffff, CRC=470f                 
.........   
proxmark3> #db# Address=58, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=59, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5a, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5b, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5c, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5d, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5e, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5f, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=60, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=61, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Expected 6 bytes from tag, got less...                 
proxmark3>  hf list 14b
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
         0 |         0 | Rdr |                                                                 |     | ?         
proxmark3>


Raw request UID -> list:

proxmark3> hf 14b raw -c -p 0B
received 10 octets         
63 1C 88 39 9F 00 02 D0 B5 C6           
CRC OK         
proxmark3>
proxmark3>  hf list 14b
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|         
proxmark3>
proxmark3>  hf 14b list
recorded activity:         
time  :rssi: who bytes         
---------+----+----+-----------         
proxmark3>

Last edited by asper (2015-01-21 19:08:06)

Offline

#31 2015-01-22 01:06:42

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Thanks for testing. Ive now made some major modifications, and also understood how the tracing worked. Remember I said that it wasn't even implemented ? Actually. they had pointed the Demodulation-buffer directly to the trace-memory. Kind of clever, but also means that all data is 'raw data', without timestamps and directions and stuff like that. I've now changed it to be more 'standard'. As far as the tracing is concerned, I'm pretty certain it works now. I just hope that I haven't destroyed any underlying functionality, the actual communications.

I tested it myself using raw iso14443b-writes to a mifare-tag and got expected results (trace results), but of course no actual verification of the comms. So, please test again.

Offline

#32 2015-01-22 19:11:27

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

proxmark3> hf 14b raw -c -p 0B
received 10 octets         
xxxxxxxxxxxxxxxxxxx           
CRC OK         
proxmark3>
proxmark3>  hf list 14b
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|         
proxmark3>
proxmark3>  hf 14b list
recorded activity:         
time  :rssi: who bytes         
---------+----+----+-----------         
proxmark3>

Then, after reading all blocks with the srix command, i have those:

proxmark3> hf 14b list
recorded activity:         
time  :rssi: who bytes         
---------+----+----+-----------         
+      0: 7886: TAG  (SHORT)         
+-2130706431:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
proxmark3>
proxmark3>  hf list 14b

But when I run hf list 14b the client crashes with a windows error referring to an event name problem called BEX, application name proxmark.exe (module error name StackHash_e98d). The error seems not to appear if the amount of data is small (ex after a ged uid command the client never crash).


Also the snoop command:

proxmark3> hf 14b snoop
proxmark3>
proxmark3> #db# Snooping buffers initialized:                 
proxmark3> #db#   Trace: 4096 bytes                 
proxmark3> #db#   Reader -> tag: 2048 bytes                 
proxmark3> #db#   tag -> Reader: 2048 bytes                 
proxmark3> #db#   DMA: 1024 bytes                 
proxmark3> #db# Snoop statistics:                 
proxmark3> #db#   Max behind by: 419                 
proxmark3> #db#   Uart State: 3                 
proxmark3> #db#   Uart ByteCnt: 4                 
proxmark3> #db#   Uart ByteCntMax: 100                 
proxmark3> #db#   Trace length: 1009                 
proxmark3> hf 14b list
recorded activity:         
time  :rssi: who bytes         
---------+----+----+-----------         
+      0:    :     06 00 97 5b             
+  52686:    :     0b ab 4e             
+1818580:    :     06 00 97 5b             
+  52446:    :     0b ab 4e             
+1282278:    :     06 00 97 5b             
+  59384:    :     0b ab 4e             
+2634666:    :     06 00 97 5b             
+    346: 130: TAG 72 ed a0             
+    630:    :     0e 72 c2 c5             
+    346: 132: TAG 72 ed a0             
+  58312:    :     0b ab 4e             
+    624: 139: TAG 63 1c 88 39 9f 00 02 d0 b5 c6             
+  58688:    :     08 00 87 c1             
+    466: 148: TAG ff ff ff ff 47 0f             
+  13504:    :     08 01 0e d0             
+    466:  96: TAG ff ff ff ff 47 0f             
+  12476:    :     08 02 95 e2             
+    466: 161: TAG ff ff ff ff 47 0f             
+  12782:    :     08 03 1c f3             
+    464: 155: TAG ff ff ff ff 47 0f             
x       
proxmark3>

there are some problems (the log is cut) but it seems to work.

This is the list with the new hf list 14b:

proxmark3>  hf list 14b
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|         
         0 |         0 | Rdr |                                                                 |     | ?         
1533963214 | 1533988308 | Rdr | 00  00  00  00  03  0b  ab  4e  da  21  45  00  00  00  00  00  |     |           
           |           |     | 04  06  00  97  5b  b8  ee  45  00  00  00  00  00  03  0b  ab  |     |           
           |           |     | 4e  9e  7f  59  00  00  00  00  00                              | !crc| ?         
  -2636241 |  -2636241 | Rdr | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx 7  |     |           
           |           |     | c1  b4  6d  84  80  94  00  00  00  06  ff  ff  ff  ff  47  0f  |     |           
           |           |     | 74  a2  84  00  00  00  00  00  04  08  01  0e  d0  46  a4  84  |     |           
           |           |     | 80  60  00  00  00  06  ff  ff  ff  ff  47  0f  02  d5  84  00  |     |           
           |           |     | 00  00  00  00  04  08  02  95  e2  d4  d6  84  80  a1  00  00  |     |           
           |           |     | 00  06  ff  ff  ff  ff  47  0f  c2  08  85  00  00  00  00  00  |     |           
           |           |     | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | 00  06  69  ff  ff  ff  12  aa  da  d6  85  00  00  00  00  00  |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | 80  83  00  00  00  06  ff  ff  ff  ff  47  0f  da  72  86  00  |     |           
           |           |     |  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx   |     |           
           |           |     | 20  20  30  30  20  20  30  30  20  20  30  30  20  20  30  30  |     |           
           |           |     | 20  20  30  30  20  20  30  34  20  20  30  38  20  20  30  39  |     |           
           |           |     | 20  20  34  36  20  20  35  63  20  20  35  36  20  20  34  30  |     |

but data seems not to be all correct (last bytes... dunno what they are).

Last edited by asper (2015-01-22 19:27:54)

Offline

#33 2015-01-22 19:42:53

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Another snoop test with a different sri tag (512):

proxmark3> hf 14b snoop
proxmark3>
proxmark3> #db# Snooping buffers initialized:                 
proxmark3> #db#   Trace: 4096 bytes                 
proxmark3> #db#   Reader -> tag: 2048 bytes                 
proxmark3> #db#   tag -> Reader: 2048 bytes                 
proxmark3> #db#   DMA: 1024 bytes                 
proxmark3> #db# blew circular buffer! behindBy=0x3ff                 
proxmark3> #db# Snoop statistics:                 
proxmark3> #db#   Max behind by: 1023                 
proxmark3> #db#   Uart State: 0                 
proxmark3> #db#   Uart ByteCnt: 0                 
proxmark3> #db#   Uart ByteCntMax: 100                 
proxmark3> #db#   Trace length: 496                 
proxmark3> hf 14b list
recorded activity:         
time  :rssi: who bytes         
---------+----+----+-----------         
+      0:    :     06 00 97 5b             
+    342:  73: TAG d7 4a 52             
+    622:    :     0e d7 65 37             
+    340:  82: TAG d7 4a 52             
+ 247398:    :     0b ab 4e             
+    620:  91: TAG 29 74 91 78 24 18 02 d0 85 b0             
+ 216502:    :     0b ab 4e             
+ 276234:    :     08 00 87 c1             
+    460:  83: TAG ff ff ff ff 47 0f             
+  17826:    :     08 01 0e d0             
+    460:  94: TAG ff ff ff ff 47 0f             
+  19414:    :     08 02 95 e2             
+    460:  96: TAG ff ff ff ff 47 0f             
+  19520:    :     08 03 1c f0   **FAIL CRC**         
+    462:  74: TAG ff ff ff ff 47 0f             
+  19324:    :     08 04 a3 87             
+    462:  55: TAG ff ff ff ff 47 0f             
+  19540:    :     08 04 2a 96   **FAIL CRC**         
+    462:  78: TAG 01 8c 80 1b b4 6b             
+  19324:    :     08 06 b1 a4             
+    460:  90: TAG ff ff ff ff 47 0f             
+  19326:    :     08 07 38 b5             
+    460:  77: TAG 01 00 42 03 28 a7             
+  19716:    :     08 08 cf 4d             
+    462: 104: TAG 09 0a 5e 5a ff c2             
+  19324:    :     08 08 46 5c   **FAIL CRC**         
+  19918:    :     08 0a dd 6e             
+    462:  42: TAG 00 ff 6b 04 f4 fd             
+  19256:    :     08 08 54 7f   **FAIL CRC**         
+    460:  88: TAG 5e 5c 60 00 9f c4             
+  19478:    :     08 0c eb 08   **FAIL CRC**         
+    460:  87: TAG 00 00 00 00 de fc             
+  19414:    :     08 0d 62 1a             
+    460:  81: TAG 01 d9 c8 c9 d3 ac             
+  19432:    :     08 0e f8 28   **FAIL CRC**         
+  19894:    :     08 0f 70 39             
proxmark3>
proxmark3>  hf list 14b
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|         
         0 |         0 | Rdr |                                                                 |     | ?         
1535415494 | 1535443292 | Tag | 49! 00  00! 00  03! d7  4a! 52! 04  6f  12  00! 00! 00  00! 00  |     |           
           |           |     | 04  0e                                                          | !crc|           
-2147482344 | -2147482262 | Rdr | 49! 00  00! 00  03! d7  4a! 52! 04  6f  12  00! 00! 00  00! 00  |     | ?         
-1103110249 | -1103104563 | Rdr | 49! 00  00! 00  03! d7  4a! 52! 04  6f  12  00! 00! 00  00! 00  |     | ?         
proxmark3>

This is the read:

proxmark3> hf 14b sri512read
proxmark3>
proxmark3> #db# Randomly generated UID from tag (+ 2 byte CRC): ce a df                 
proxmark3> #db# Now SELECT tag:                 
proxmark3> #db# Tag UID (64 bits): d0021824 78917429                 
proxmark3> #db# Tag memory dump, block 0 to 15                 
proxmark3> #db# Address=0, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=1, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=3, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=4, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5, Contents=1b808c01, CRC=b46b                 
proxmark3> #db# Address=6, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7, Contents=3420001, CRC=28a7                 
proxmark3> #db# Address=8, Contents=5a5e0a09, CRC=ffc2                 
proxmark3> #db# Address=9, Contents=15, CRC=2851                 
proxmark3> #db# Address=a, Contents=46bff00, CRC=f4fd                 
proxmark3> #db# Address=b, Contents=605c5e, CRC=9fc4                 
proxmark3> #db# Address=c, Contents=0, CRC=defc                 
proxmark3> #db# Address=d, Contents=c9c8d901, CRC=d3ac                 
proxmark3> #db# Address=e, Contents=0, CRC=defc                 
proxmark3> #db# Address=f, Contents=0, CRC=defc                 
proxmark3> #db# System area block (0xff):                 
proxmark3> #db# Address=ff, Contents=ffff7fff, CRC=ab03

Last edited by asper (2015-01-22 19:46:23)

Offline

#34 2015-01-22 22:01:46

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

You're still somehow not getting the right code. You shouldn't be able to run ' hf 14b list' - it should tell you it's deprecated.

See here: https://github.com/Proxmark/proxmark3/c … 5e7074bc9e

Last edited by holiman (2015-01-22 22:03:37)

Offline

#35 2015-01-23 00:00:17

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Hey @asper, I made this branch for you: https://github.com/Proxmark/proxmark3/tree/lf_recorder . It'll enable you to set quantization and decimation of sampling, so you can instead choose to sample e.g. only 4 bits, and only every third sample.  (2 * 3 = 6 times longer sample trace). It's only on ARM yet, needs some more code  before it can be tested (send to client, unpack into graphbuffer as normal samples)

Offline

#36 2015-01-23 00:36:04

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

holiman wrote:

You're still somehow not getting the right code. You shouldn't be able to run ' hf 14b list' - it should tell you it's deprecated.

See here: https://github.com/Proxmark/proxmark3/c … 5e7074bc9e

I am using the branch you linked some post above updating via svn... dunno why the old command is still working.

Tell me when i must test the code in th newer link wink

Offline

#37 2015-01-23 00:43:56

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

By svn you mean git, no?
It is generictraces-branch of the main proxmark account... Are you using zipped download from github or git repo pull/update direct?

Offline

#38 2015-01-23 08:14:19

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Direct updated (using svn software). I used the zipped one just 1 time becauseautomatic update was not working. Should i re-test with the new branch or you need to make some modifications?

Last edited by asper (2015-01-23 08:39:00)

Offline

#39 2015-01-23 09:03:27

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

UPDATE:
I used this: C:\pmholitest\proxmark3.git\branches\lf_recorder
hf 14b list is still available (it doesn't says "deprecated").
I read all tag blocks -> send hf list 14b -> client crashes.
It also crashes if i send for example: hf 14b raw -c -p 0E FF (where FF is the byte received from the INITIATE command).


EDIT:
Sometimes it seems to work and this is the result:

proxmark3> hf 14b raw -c -p 06 00
received 3 octets         
EF 81 EF           
CRC OK         
proxmark3>
proxmark3> hf 14b raw -c -p 0E EF
received 3 octets         
EF 81 EF           
CRC OK         
proxmark3>
proxmark3> hf 14b raw -c -p 0B
received 3 octets         
29 74 91           
CRC failed         
proxmark3>
proxmark3>  hf list 14b
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|         
proxmark3>

It seems to crash if I send commands too quickly...

Another test (no crashing this time after 512read command):

proxmark3> hf 14b sri512read
proxmark3>
proxmark3> #db# Randomly generated UID from tag (+ 2 byte CRC): ce a df                 
proxmark3> #db# Now SELECT tag:                 
proxmark3> #db# Tag UID (64 bits): d0021824 78917429                 
proxmark3> #db# Tag memory dump, block 0 to 15                 
proxmark3> #db# Address=0, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=1, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=3, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=4, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5, Contents=1b808c01, CRC=b46b                 
proxmark3> #db# Address=6, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7, Contents=3420001, CRC=28a7                 
proxmark3> #db# Address=8, Contents=5a5e0a09, CRC=ffc2                 
proxmark3> #db# Address=9, Contents=15, CRC=2851                 
proxmark3> #db# Address=a, Contents=46bff00, CRC=f4fd                 
proxmark3> #db# Address=b, Contents=605c5e, CRC=9fc4                 
proxmark3> #db# Address=c, Contents=0, CRC=defc                 
proxmark3> #db# Address=d, Contents=c9c8d901, CRC=d3ac                 
proxmark3> #db# Address=e, Contents=0, CRC=defc                 
proxmark3> #db# Address=f, Contents=0, CRC=defc                 
proxmark3> #db# System area block (0xff):                 
proxmark3> #db# Address=ff, Contents=ffff7fff, CRC=ab03                 
proxmark3>  hf list 14b
Recorded Activity         
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer         
iso14443a - All times are in carrier periods (1/13.56Mhz)         
iClass    - Timings are not as accurate         
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |         
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|         
         0 |       939 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
     32769 |     32769 | Rdr |                                                                 |     | ?         
proxmark3>
proxmark3> hf 14b list
recorded activity:         
time  :rssi: who bytes         
---------+----+----+-----------         
+      0: 939: TAG  (SHORT)         
+-2147450879:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+2130903040: -16580605: TAG 00 03 00   **FAIL CRC**         
+  65283: 196611: TAG ff 03 ff   **FAIL CRC**         
+-2130706432:    :     00 03 00   **FAIL CRC**         
+2130706432: -16515325: TAG ff 03 ff   **FAIL CRC**         
+-2130706432:    :     ff 03 ff   **FAIL CRC**         
+2130706432: 261891: TAG 00 03 00   **FAIL CRC**         
+-2130706432:    :     ff 03 ff   **FAIL CRC**         
+2130641152: -16515325: TAG ff 03 ff   **FAIL CRC**         
+      0: 261891: TAG 00 03 ff   **FAIL CRC**         
+  65280: 261891: TAG ff 03 ff   **FAIL CRC**         
+-2130771712:    :     00 03 00   **FAIL CRC**         
+2130771712: -16515325: TAG ff 03 00   **FAIL CRC**         
+-2130706432:    :     ff 03 00   **FAIL CRC**         
+2130641152: -16515325: TAG ff 03 00   **FAIL CRC**         
+  65280: 261891: TAG ff 03 ff   **FAIL CRC**         
+-2130771712:    :     ff 03 00   **FAIL CRC**         
+2130706432: 196611: TAG 00 03 00   **FAIL CRC**         
+      0: 196611: TAG 00 03 00   **FAIL CRC**         
+  65280: 261891: TAG 00 03 00   **FAIL CRC**         
+      0: -16515325: TAG ff 03 00   **FAIL CRC**         
+-2130706432:    :     ff 03 ff   **FAIL CRC**         
+      0:    :     ff 03 ff   **FAIL CRC**         
+      0:    :     00 03 00   **FAIL CRC**         
+2130641152: -16580605: TAG ff 03 00   **FAIL CRC**         
+      0: -16580605: TAG 00 03 00   **FAIL CRC**         
+-2130706432:    :     00 03 ff   **FAIL CRC**         
+      0:    :     ff 03 00   **FAIL CRC**         
+  65280:    :     ff 03 ff   **FAIL CRC**         
+2130641152: -16580605: TAG ff 03 ff   **FAIL CRC**         
+-2130641152:    :     00 03 ff   **FAIL CRC**         
+2130641152: -16515325: TAG ff 03 00   **FAIL CRC**         
+  65280: 261891: TAG ff 03 00   **FAIL CRC**         
+-2130771712:    :     00 03 00   **FAIL CRC**         
+      0:    :     00 03 00   **FAIL CRC**         
+  65280:    :     00 03 ff   **FAIL CRC**         
+2130641152: 196611: TAG 00 03 ff   **FAIL CRC**         
+-2130706432:    :     00 03 00   **FAIL CRC**         
+2130706432: 196611: TAG ff 03 ff   **FAIL CRC**         
+      0: 196611: TAG 00 03 ff   **FAIL CRC**         
+-2130706432:    :     ff 03 00   **FAIL CRC**         
+  65280:    :     00 03 ff   **FAIL CRC**         
+      0:    :     ff 03 ff   **FAIL CRC**         
+2130706432: -16515325: TAG ff 03 ff   **FAIL CRC**         
+      0: 196611: TAG 00 03 ff   **FAIL CRC**         
+      0: 196611: TAG 00 03 00   **FAIL CRC**         
+-2130771712:    :     ff 03 00   **FAIL CRC**         
+  65280:    :     ff 03 00   **FAIL CRC**         
+2130641152: -16515325: TAG ff 03 00   **FAIL CRC**         
+  65280: 196611: TAG ff 03 ff   **FAIL CRC**         
+ -65280: -16580605: TAG ff 03 ff   **FAIL CRC**         
+-2130706432:    :     00 03 ff   **FAIL CRC**         
+2130771712: 261891: TAG 00 03 00   **FAIL CRC**         
+      0: 261891: TAG 00 03 00   **FAIL CRC**         
+-2130771712:    :     00 03 00   **FAIL CRC**         
+  65280:    :     ff 03 00   **FAIL CRC**         
+      0:    :     00 03 00   **FAIL CRC**         
+      0:    :     00 03 00   **FAIL CRC**         
+      0:    :     00 03 ff   **FAIL CRC**         
+      0:    :     ff 03 00   **FAIL CRC**         
+2130641152: -16515325: TAG ff 03 ff   **FAIL CRC**         
+  65280: 196611: TAG ff 03 ff   **FAIL CRC**         
+-2130771712:    :     ff 03 00   **FAIL CRC**         
+  65280:    :     ff 03 ff   **FAIL CRC**         
+      0:    :     00 03 ff   **FAIL CRC**         
+ -65280:    :     00 03 00   **FAIL CRC**         
+2130706432: -16580605: TAG 00 03 00   **FAIL CRC**         
+-2130706432:    :     00 03 ff   **FAIL CRC**         
+  65280:    :     ff 03 00   **FAIL CRC**         
+      0:    :     00 03 ff   **FAIL CRC**         
+2130641152: 196611: TAG ff 03 00   **FAIL CRC**         
+-2130641152:    :     ff 03 00   **FAIL CRC**         
+2130706432: 196611: TAG 00 03 ff   **FAIL CRC**         
+-2130706432:    :     00 03 ff   **FAIL CRC**         
+2130706432: -16580605: TAG ff 03 00   **FAIL CRC**         
+-2130771712:    :     ff 03 00   **FAIL CRC**         
+  65280:    :     ff 03 00   **FAIL CRC**         
+2130706432: 261891: TAG ff 03 ff   **FAIL CRC**         
+      0: -16580605: TAG 00 03 ff   **FAIL CRC**         
+-2130706432:    :     ff 03 00   **FAIL CRC**         
+2130641152: -16515325: TAG 00 03 ff   **FAIL CRC**         
+  65280: 196611: TAG 00 03 00   **FAIL CRC**         
+-2130706432:    :     ff 03 00   **FAIL CRC**         
+      0:    :     ff 03 00   **FAIL CRC**         
+ -65280:    :     ff 03 ff   **FAIL CRC**         
+2130706432: 261891: TAG 00 03 00   **FAIL CRC**         
+      0: 65283: TAG  (SHORT)         
+-2130903043:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+   8192:    :      (SHORT)         
+  -8192:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+     16:    :      (SHORT)         
+    -16:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+    128:    :      (SHORT)         
+   -128:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+67108864:    :      (SHORT)         
+-67108864:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+1048576:    :      (SHORT)         
+-1048576:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   **FAIL CRC**         
+      0:    :      (SHORT)         
+      0:    :     00 00   (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+     16:    :      (SHORT)         
+    -16:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+    512:    :      (SHORT)         
+   -512:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+  16384:    :      (SHORT)         
+ -16384:    :      (SHORT)         
+      0:    :      (SHORT)         
+1073741824:    :      (SHORT)         
+-1073741824:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+     64:    :      (SHORT)         
+    -64:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+ 131072:    :      (SHORT)         
+-131072:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   **FAIL CRC**         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+33554432:    :      (SHORT)         
+-33554432:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   **FAIL CRC**         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+     64:    :      (SHORT)         
+    -64:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :     00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   **FAIL CRC**         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
+      0:    :      (SHORT)         
proxmark3>

Last edited by asper (2015-01-23 09:10:20)

Offline

#40 2015-01-23 09:28:38

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Sorry if I confused you. The things to test are in generictracing. Thd recorder is work in progress, not yet testable.

Offline

#41 2015-01-23 09:48:46

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Using zipped dl should be fine (but *not* releases). If you just clone, you need to explicitly checkout the right branch, otherwise you end up using main branch.

Offline

#42 2015-01-24 09:07:44

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Finally I got it ! Sorry for the confusion about branches...
It seems to work perfectly with spceific srix client commands ! Last 2 bytes are crc. The only "issue" are reversed bytes from the tag but the communication tag<->reader works this way:

proxmark3> #db# Randomly generated UID from tag (+ 2 byte CRC): 0 78 f0                 
proxmark3> #db# Now SELECT tag:                 
proxmark3> #db# Tag UID (64 bits): d0021824 78917429                 
proxmark3> #db# Tag memory dump, block 0 to 15                 
proxmark3> #db# Address=0, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=1, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=2, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=3, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=4, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=5, Contents=1b808c01, CRC=b46b                 
proxmark3> #db# Address=6, Contents=ffffffff, CRC=470f                 
proxmark3> #db# Address=7, Contents=3420001, CRC=28a7                 
proxmark3> #db# Address=8, Contents=5a5e0a09, CRC=ffc2                 
proxmark3> #db# Address=9, Contents=15, CRC=2851                 
proxmark3> #db# Address=a, Contents=46bff00, CRC=f4fd                 
proxmark3> #db# Address=b, Contents=605c5e, CRC=9fc4                 
proxmark3> #db# Address=c, Contents=0, CRC=defc                 
proxmark3> #db# Address=d, Contents=c9c8d901, CRC=d3ac                 
proxmark3> #db# Address=e, Contents=0, CRC=defc                 
proxmark3> #db# Address=f, Contents=0, CRC=defc                 
proxmark3> #db# System area block (0xff):                 
proxmark3> #db# Address=ff, Contents=ffff7fff, CRC=ab03                 
proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
         0 |         0 | Rdr | 06! 00! 97! 5b!                                                 |  ok | ?          
         0 |         0 | Tag | 00! 78! f0!                                                     |  ok |           
         0 |         0 | Rdr | 0e! 00! 57! 95!                                                 |  ok | ?          
         0 |         0 | Tag | 00! 78! f0!                                                     |  ok |           
         0 |         0 | Rdr | 0b! ab! 4e!                                                     |  ok | ?          
         0 |         0 | Tag | 29! 74! 91! 78! 24! 18! 02! d0! 85! b0!                         |  ok |           
         0 |         0 | Rdr | 08! 00! 87! c1!                                                 |  ok | ?          
         0 |         0 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
         0 |         0 | Rdr | 08! 01! 0e! d0!                                                 |  ok | ?          
         0 |         0 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
         0 |         0 | Rdr | 08! 02! 95! e2!                                                 |  ok | ?          
         0 |         0 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
         0 |         0 | Rdr | 08! 03! 1c! f3!                                                 |  ok | ?          
         0 |         0 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
         0 |         0 | Rdr | 08! 04! a3! 87!                                                 |  ok | ?          
         0 |         0 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
         0 |         0 | Rdr | 08! 05! 2a! 96!                                                 |  ok | ?          
         0 |         0 | Tag | 01! 8c! 80! 1b! b4! 6b!                                         |  ok |           
         0 |         0 | Rdr | 08! 06! b1! a4!                                                 |  ok | ?          
         0 |         0 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
         0 |         0 | Rdr | 08! 07! 38! b5!                                                 |  ok | ?          
         0 |         0 | Tag | 01! 00! 42! 03! 28! a7!                                         |  ok |           
         0 |         0 | Rdr | 08! 08! cf! 4d!                                                 |  ok | ?          
         0 |         0 | Tag | 09! 0a! 5e! 5a! ff! c2!                                         |  ok |           
         0 |         0 | Rdr | 08! 09! 46! 5c!                                                 |  ok | ?          
         0 |         0 | Tag | 15! 00! 00! 00! 28! 51!                                         |  ok |           
         0 |         0 | Rdr | 08! 0a! dd! 6e!                                                 |  ok | ?          
         0 |         0 | Tag | 00! ff! 6b! 04! f4! fd!                                         |  ok |           
         0 |         0 | Rdr | 08! 0b! 54! 7f!                                                 |  ok | ?          
         0 |         0 | Tag | 5e! 5c! 60! 00! 9f! c4!                                         |  ok |           
         0 |         0 | Rdr | 08! 0c! eb! 0b!                                                 |  ok | ?          
         0 |         0 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
         0 |         0 | Rdr | 08! 0d! 62! 1a!                                                 |  ok | ?          
         0 |         0 | Tag | 01! d9! c8! c9! d3! ac!                                         |  ok |           
         0 |         0 | Rdr | 08! 0e! f9! 28!                                                 |  ok | ?          
         0 |         0 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
         0 |         0 | Rdr | 08! 0f! 70! 39!                                                 |  ok | ?          
         0 |         0 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
         0 |         0 | Rdr | 08! ff! ff! ce!                                                 |  ok | ?          
         0 |         0 | Tag | ff! 7f! ff! ff! ab! 03!                                         |  ok |           
proxmark3> 
proxmark3>  hf 14b list
Deprecated command, use 'hf list 14b' instead          
proxmark3> 

It also works with raw commands:

proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
         0 |         0 | Rdr | 06! 00! 97! 5b!                                                 |  ok | ?          
         0 |         0 | Tag | 8c! 1c! be!                                                     |  ok |           
         0 |         0 | Rdr | 06! 00! 97! 5b!                                                 |  ok | ?          
         0 |         0 | Tag | e7! c9! 63!                                                     |  ok |           
         0 |         0 | Rdr | 0e! e7! e6! 06!                                                 |  ok | ?          
         0 |         0 | Tag | e7! c9! 63!                                                     |  ok |           
         0 |         0 | Rdr | 0b! ab! 4e!                                                     |  ok | ?          
         0 |         0 | Tag | 29! 74! 91! 78! 24! 18! 02! d0! 85! b0!                         |  ok |           
         0 |         0 | Rdr | 0b! ab! 4e!                                                     |  ok | ?          
         0 |         0 | Tag | 29! 74! 91! 78! 24! 18! 02! d0! 85! b0!                         |  ok |           
proxmark3> 

This is another snoop test:
(this time only tag answers are identified)

proxmark3> hf 14b snoop
proxmark3> 
proxmark3> #db# Snooping buffers initialized:                 
proxmark3> #db#   Trace: 4096 bytes                 
proxmark3> #db#   Reader -> tag: 2048 bytes                 
proxmark3> #db#   tag -> Reader: 2048 bytes                 
proxmark3> #db#   DMA: 1024 bytes                 
proxmark3> #db# cancelled                 
proxmark3> #db# Snoop statistics:                 
proxmark3> #db#   Max behind by: 160                 
proxmark3> #db#   Uart State: 0                 
proxmark3> #db#   Uart ByteCnt: 0                 
proxmark3> #db#   Uart ByteCntMax: 100                 
proxmark3> #db#   Trace length: 0                 
proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
         0 |         0 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
     20910 |     20910 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
     40782 |     40782 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
     60656 |     60656 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
     80506 |     80506 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
    100374 |    100374 | Tag | 01! 8c! 80! 1b! b4! 6b!                                         |  ok |           
    120250 |    120250 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
    140078 |    140078 | Tag | 01! 00! 42! 03! 28! a7!                                         |  ok |           
    160214 |    160214 | Tag | 09! 0a! 5e! 5a! ff! c2!                                         |  ok |           
    179976 |    179976 | Tag | 15! 00! 00! 00! 28! 51!                                         |  ok |           
    199848 |    199848 | Tag | 00! ff! 6b! 04! f4! fd!                                         |  ok |           
    219720 |    219720 | Tag | 5e! 5c! 60! 00! 9f! c4!                                         |  ok |           
    239634 |    239634 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
    259488 |    259488 | Tag | 01! d9! c8! c9! d3! ac!                                         |  ok |           
    279978 |    279978 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
    299828 |    299828 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   1298374 |   1298374 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1316572 |   1316572 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1336448 |   1336448 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1356316 |   1356316 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1376190 |   1376190 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1396038 |   1396038 | Tag | 01! 8c! 80! 1b! b4! 6b!                                         |  ok |           
   1415890 |   1415890 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1435762 |   1435762 | Tag | 01! 00! 42! 03! 28! a7!                                         |  ok |           
   1455832 |   1455832 | Tag | 09! 0a! 5e! 5a! ff! c2!                                         |  ok |           
   1475638 |   1475638 | Tag | 15! 00! 00! 00! 28! 51!                                         |  ok |           
   1495534 |   1495534 | Tag | 00! ff! 6b! 04! f4! fd!                                         |  ok |           
   1515650 |   1515650 | Tag | 5e! 5c! 60! 00! 9f! c4!                                         |  ok |           
   1535322 |   1535322 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   1555150 |   1555150 | Tag | 01! d9! c8! c9! d3! ac!                                         |  ok |           
   1575594 |   1575594 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   1595490 |   1595490 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   2241726 |   2241726 | Tag | 00! 78! f0!                                                     |  ok |           
   2242688 |   2242688 | Tag | 00! 78! f0!                                                     |  ok |           
   2996638 |   2996638 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   3015500 |   3015500 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   3035350 |   3035350 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   3055350 |   3055350 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   3075182 |   3075182 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   3094966 |   3094966 | Tag | 01! 8c! 80! 1b! b4! 6b!                                         |  ok |           
   3114818 |   3114818 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   3134710 |   3134710 | Tag | 01! 00! 42! 03! 28! a7!                                         |  ok |           
   3154822 |   3154822 | Tag | 09! 0a! 5e! 5a! ff! c2!                                         |  ok |           
   3174546 |   3174546 | Tag | 15! 00! 00! 00! 28! 51!                                         |  ok |           
   3194438 |   3194438 | Tag | 00! ff! 6b! 04! f4! fd!                                         |  ok |           
   3214308 |   3214308 | Tag | 5e! 5c! 60! 00! 9f! c4!                                         |  ok |           
   3234422 |   3234422 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   3254098 |   3254098 | Tag | 01! d9! c8! c9! d3! ac!                                         |  ok |           
   3274522 |   3274522 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   3294438 |   3294438 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
proxmark3> 

If you have time you can add those annotations:
06 00 = INITIATE
0E xx = SELECT ID (xx = Chip-ID)
0B = Get UID
08 yy = Read Block (yy = block number)
09 yy dd dd dd dd = Write Block (yy = block number; dd dd dd dd = data to be written)
0C = Reset to Inventory
0F = Completion
0A 11 22 33 44 55 66 = Authenticate (11 22 33 44 55 66 = data to authenticate)


EDIT:


ANTENNA POSITIONING
The problems related to not complete snooped commands and/or answers it is dued to antenna positioning;
after a few tests I obtained this:

proxmark3> hf 14b snoop
proxmark3> 
proxmark3> #db# Snooping buffers initialized:                 
proxmark3> #db#   Trace: 4096 bytes                 
proxmark3> #db#   Reader -> tag: 2048 bytes                 
proxmark3> #db#   tag -> Reader: 2048 bytes                 
proxmark3> #db#   DMA: 1024 bytes                 
proxmark3> #db# cancelled                 
proxmark3> #db# Snoop statistics:                 
proxmark3> #db#   Max behind by: 458                 
proxmark3> #db#   Uart State: 0                 
proxmark3> #db#   Uart ByteCnt: 0                 
proxmark3> #db#   Uart ByteCntMax: 100                 
proxmark3> #db#   Trace length: 0                 
proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
         0 |         0 | Rdr | 06! 00! 97! 5b!                                                 |  ok | ?          
       340 |       340 | Tag | 7b! 2c! 3d!                                                     |  ok |           
       964 |       964 | Rdr | 0e! 7b! 03! 58!                                                 |  ok | ?          
      1304 |      1304 | Tag | 7b! 2c! 3d!                                                     |  ok |           
    303978 |    303978 | Rdr | 0b! ab! 4e!                                                     |  ok | ?          
    304600 |    304600 | Tag | 29! 74! 91! 78! 24! 18! 02! d0! 85! b0!                         |  ok |           
   1109274 |   1109274 | Rdr | 08! 00! 87! c1!                                                 |  ok | ?          
   1109736 |   1109736 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1130624 |   1130624 | Rdr | 08! 01! 0e! d0!                                                 |  ok | ?          
   1131084 |   1131084 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1150472 |   1150472 | Rdr | 08! 02! 95! e2!                                                 |  ok | ?          
   1150936 |   1150936 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1170366 |   1170366 | Rdr | 08! 03! 1c! f3!                                                 |  ok | ?          
   1170826 |   1170826 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1190260 |   1190260 | Rdr | 08! 04! a3! 87!                                                 |  ok | ?          
   1190724 |   1190724 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1210158 |   1210158 | Rdr | 08! 05! 2a! 96!                                                 |  ok | ?          
   1210618 |   1210618 | Tag | 01! 8c! 80! 1b! b4! 6b!                                         |  ok |           
   1229940 |   1229940 | Rdr | 08! 06! b1! a4!                                                 |  ok | ?          
   1230402 |   1230402 | Tag | ff! ff! ff! ff! 47! 0f!                                         |  ok |           
   1249790 |   1249790 | Rdr | 08! 07! 38! b5!                                                 |  ok | ?          
   1250250 |   1250250 | Tag | 01! 00! 42! 03! 28! a7!                                         |  ok |           
   1269946 |   1269946 | Rdr | 08! 08! cf! 4d!                                                 |  ok | ?          
   1270406 |   1270406 | Tag | 09! 0a! 5e! 5a! ff! c2!                                         |  ok |           
   1289668 |   1289668 | Rdr | 08! 09! 46! 5c!                                                 |  ok | ?          
   1290130 |   1290130 | Tag | 15! 00! 00! 00! 28! 51!                                         |  ok |           
   1309562 |   1309562 | Rdr | 08! 0a! dd! 6e!                                                 |  ok | ?          
   1310022 |   1310022 | Tag | 00! ff! 6b! 04! f4! fd!                                         |  ok |           
   1329412 |   1329412 | Rdr | 08! 0b! 54! 7f!                                                 |  ok | ?          
   1329874 |   1329874 | Tag | 5e! 5c! 60! 00! 9f! c4!                                         |  ok |           
   1349306 |   1349306 | Rdr | 08! 0c! eb! 0b!                                                 |  ok | ?          
   1349766 |   1349766 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   1369246 |   1369246 | Rdr | 08! 0d! 62! 1a!                                                 |  ok | ?          
   1369710 |   1369710 | Tag | 01! d9! c8! c9! d3! ac!                                         |  ok |           
   1389688 |   1389688 | Rdr | 08! 0e! f9! 28!                                                 |  ok | ?          
   1390150 |   1390150 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   1409538 |   1409538 | Rdr | 08! 0f! 70! 39!                                                 |  ok | ?          
   1409998 |   1409998 | Tag | 00! 00! 00! 00! de! fc!                                         |  ok |           
   1429764 |   1429764 | Rdr | 08! 10! 06! d1!                                                 |  ok | ?          

Perfect snoop now.

Last edited by asper (2015-01-25 23:54:22)

Offline

#43 2015-01-24 09:50:54

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

IMPORTANT:
After a while testing the snoop command I always had one of those 2 snooping errors:

proxmark3> data buffclear
proxmark3> 
proxmark3> #db# Buffer cleared (40000 bytes)                 
proxmark3> hf 14b snoop
proxmark3> 
proxmark3> #db# Snooping buffers initialized:                 
proxmark3> #db#   Trace: 4096 bytes                 
proxmark3> #db#   Reader -> tag: 2048 bytes                 
proxmark3> #db#   tag -> Reader: 2048 bytes                 
proxmark3> #db#   DMA: 1024 bytes                 
proxmark3> #db# blew circular buffer! behindBy=0x3ff                 
proxmark3> #db# Snoop statistics:                 
proxmark3> #db#   Max behind by: 1023                 
proxmark3> #db#   Uart State: 3                 
proxmark3> #db#   Uart ByteCnt: 4                 
proxmark3> #db#   Uart ByteCntMax: 100                 
proxmark3> #db#   Trace length: 0      

or this:

proxmark3> hf 14b snoop
proxmark3> 
proxmark3> #db# Snooping buffers initialized:                 
proxmark3> #db#   Trace: 4096 bytes                 
proxmark3> #db#   Reader -> tag: 2048 bytes                 
proxmark3> #db#   tag -> Reader: 2048 bytes                 
proxmark3> #db#   DMA: 1024 bytes                 
proxmark3> #db# Reached trace limit                 
proxmark3> #db# Snoop statistics:                 
proxmark3> #db#   Max behind by: 463                 
proxmark3> #db#   Uart State: 0                 
proxmark3> #db#   Uart ByteCnt: 0                 
proxmark3> #db#   Uart ByteCntMax: 100                 
proxmark3> #db#   Trace length: 0                 
proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
proxmark3> 

And snoop was not working anymore (always one of the 2 errors above)
The only way to solve and make snoop working again was to reflash OS... there must be a bug somewhere.

Last edited by asper (2015-01-24 09:56:21)

Offline

#44 2015-01-25 23:24:13

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Added other NTAG commands to the specific post.

Offline

#45 2015-01-25 23:32:57

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Thanks. I'll look into it. Re snoop, reboot the device should fix it, sounds extremely strange that you would have to reflash the os. I wont say impossible... How certain are you?

Offline

#46 2015-01-25 23:36:07

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Almost 100% sure; I don't remember if disconnect/reconnect usb can be considered "reset" (I tryed it lot of time before reflashing OS); if so reflashing OS was the only way to make it (snoop) to a working state again.

Offline

#47 2015-01-25 23:36:25

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

And what are reversed bytes? Is it ba instead of ab? Or bitwise-reverse? Or abcd instead of cdab?

Offline

#48 2015-01-25 23:44:02

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

When you read a block you have 1b808c01, while when you snoop you have 01! 8c! 80! 1b! b4! 6b! but I don't think this should be modified because snooping consist in recording what is passing by during the communication...

EDIT:
I solved the missing "List" using raw comamnds: I just realized I tested the list after the pm3 got stuck (befor reflashing OS); so raw commands listing is working:

proxmark3>  hf list 14b
Recorded Activity          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
iso14443a - All times are in carrier periods (1/13.56Mhz)          
iClass    - Timings are not as accurate          
     Start |       End | Src | Data (! denotes parity error)                                   | CRC | Annotation         |          
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|          
         0 |         0 | Rdr | 06! 00! 97! 5b!                                                 |  ok | ?          
         0 |         0 | Tag | 8c! 1c! be!                                                     |  ok |           
         0 |         0 | Rdr | 06! 00! 97! 5b!                                                 |  ok | ?          
         0 |         0 | Tag | e7! c9! 63!                                                     |  ok |           
         0 |         0 | Rdr | 0e! e7! e6! 06!                                                 |  ok | ?          
         0 |         0 | Tag | e7! c9! 63!                                                     |  ok |           
         0 |         0 | Rdr | 0b! ab! 4e!                                                     |  ok | ?          
         0 |         0 | Tag | 29! 74! 91! 78! 24! 18! 02! d0! 85! b0!                         |  ok |           
         0 |         0 | Rdr | 0b! ab! 4e!                                                     |  ok | ?          
         0 |         0 | Tag | 29! 74! 91! 78! 24! 18! 02! d0! 85! b0!                         |  ok |           
proxmark3> 

I Updated the previous post.

Last edited by asper (2015-01-25 23:57:28)

Offline

#49 2015-01-27 10:03:26

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

Thanks. I noticed that I had neglected to change few memory locations where demodding took place, I don't know if that could cause the issues you noted. I have made some changes, but haven't tested it myself yet. You can either test it, or wait a bit and I can do the "preliminary" testing myself.

Offline

#50 2015-01-27 10:07:42

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Recent changes ('hf 14 list', 'hf iclass list') and loclass

I noticed that start and end are always 0, is this an issue?

Offline

Board footer

Powered by FluxBB