Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#101 2015-01-30 18:55:58
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
you need Password to write
Is it possible to run a proxymark reader in sniffing mode?
My cards are active, so i can take backpack with equipment to get the login trace 
(maybe log will be usefully for brute force attack)
Offline
#102 2015-01-30 19:09:05
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
Yes, you need iclass snoop command. Crc will be wrong but this is normal, snooped data will be correct and if you are lucky you can get the password. After the snoop you need to send the list command to see the snooped data.
Please explain this:
(ex. Skipass type: 10 days form 14).
Offline
#103 2015-01-30 21:01:43
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
correct
iclass snoop and you will see the password is in clear text 
Offline
#104 2015-01-30 23:21:54
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
>Yes, you need iclass snoop command. Crc will be wrong but this is normal, snooped data will be correct
As i understand i need to run command
hf iclass snoop>Please explain this:
> (ex. Skipass type: 10 days form 14)
You can buy ski pass which is valid for 14 days, however it can be used for any 10 days in this period (10 from 14) - so if we can reset the days counter then we are The Winner
Offline
#105 2015-01-31 10:12:56
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: Skidata tickets (iso 15693)
It seems to me that you all are ignoring my last post.
1) the snoop command is not versatile cause it is not a real versatile digitizer, so it doesn't allow deep analysis of the problem. Infact in my case it was not able to log anything
2) these systems uses database, and periodic synchronization of it. So whatever you will do it will be valid for limited amount of hours/days. Moreover it's easy to be identified and arrested. Better to stop kidding before to think stupid solutions.
Offline
#106 2015-01-31 13:10:58
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
>Yes, you need iclass snoop command. Crc will be wrong but this is normal, snooped data will be correct
As i understand i need to run command
hf iclass snoop>Please explain this:
> (ex. Skipass type: 10 days form 14)You can buy ski pass which is valid for 14 days, however it can be used for any 10 days in this period (10 from 14) - so if we can reset the days counter then we are The Winner
so you bean tha the byte "40" means "used 4 times"?
Offline
#107 2015-01-31 23:18:39
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
so you bean tha the byte "40" means "used 4 times"?
Yes, this counter is incremented on my cards daily (few other bytes also are changing - but I think bytes are related to first and last use of gate)
Offline
#108 2015-02-01 17:36:57
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
correct
iclass snoop and you will see the password is in clear text
Doesn't work, I tested it today 
Offline
#109 2015-02-01 20:06:47
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
Doesn't work, I tested it today
what you mean when you say doesn´t work:
1º you didn´t get any data (after snoop, you have to execute list command)
2º you get some data but you can´t see the password.
3º .......
I have tried with skydata machines and I can capture the comunication with snoop command
1º snoop and then list commands
reader---proxmark(ant)---card
you need some distance between the reader and the card, because the reader is to strong and sometimes overlap the comunication
Offline
#110 2015-02-01 21:13:33
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
>what you mean when you say doesn´t work:
I didn't get any data after command "proxmark3> hf iclass list"
> 1º you didn´t get any data (after snoop, you have to execute list command)
You mean:
- hf iclass snoop
- go through the gate: reader <- 20 cm-> proxmark <- 10 cm -> card
- hf iclass list
Offline
#111 2015-02-01 21:42:26
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
You mean:
- hf iclass snoop
- go through the gate: reader <- 20 cm-> proxmark <- 10 cm -> card
- hf iclass list
correct, but sometimes you have to play with distances
if the reader read the card, the proxmark should capture comunication, if not, is a antenna, distances...problem
Offline
#112 2015-02-01 22:03:02
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
i found some sample output in this thread http://www.proxmark.org/forum/viewtopic.php?id=1371
proxmark3> hf iclass snoop
#db# COMMAND FINISHED
#db# 3 0 1
#db# 20 bc3 f0
#db# 3 0 1
#db# 20 bc3 f0
proxmark3> hf iclass list
recorded activity:
ETU :rssi: who bytesAs I understand I should see some log after "hf iclass snoop" command (what i did) and before "hf iclass list".
But today I didn't get any outpu like "#db# COMMAND FINISHED" ?
Offline
#113 2015-02-01 23:44:53
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: Skidata tickets (iso 15693)
It is not possible in my opinion, that a turnstile doesn't allow the start of the recording.
The turnstile has a really high signal.
I suppose only 2 solutions:
1) the recording function doesn't work properly (it is not possible to set the trigger level and i'm not sure of what it does)
2) the tag uses fast communication protocol (what is your tag model?)
Offline
#114 2015-02-02 00:02:24
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
> the recording function doesn't work properly (it is not possible to set the trigger level and i'm not sure of what it does)
was tested on pm3-bin-0.0.6, should I try 0.0.7 ?
>the tag uses fast communication protocol (what is your tag model?)
proxmark3> #db# 12 octets read from IDENTIFY request:
proxmark3> #db# NoErr CrcOK
proxmark3> #db# ..Dh..f$ 00 02 yy xx 18 07 66 24
proxmark3> #db# ...6 16 e0 9b 36
proxmark3> #db# UID = E016246607186xxyy
proxmark3> #db# 0 octets read from SELECT request:
proxmark3> #db# 0 octets read from XXX request: proxmark3> hf 15 dumpmem
Reading memory from tag UID=E01624660718xxyy
Tag Info: EM-Marin SA (Skidata)
Block 0 CE 08 0F 77 ...w
Block 1 82 18 60 20 ..`
Block 2 00 38 00 70 .8.pOffline
#115 2015-02-02 00:19:51
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
i have tried on this
http://www.skidata.com/en/parking-management/barriers-columns/parking-column-columngate.html
http://www.skidata.com/en/parking-management/automated-payment-machines/easycash.html
http://www.skidata.com/en/parking-management/automated-payment-machines/powercash.html
and I can record de comunication
Offline
#116 2015-02-02 00:48:05
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
I have two types of cards
SKIDATA keycards (13.56 MHz) Basic (Zell am See)- this one is valid and I'm trying to record the communication
SKIDATA keytix (13.56 MHz) - (SILVAPARK.AT) I can make a card dump, looks like a SKIDATA keycard Basic
http://www.skidata.com/en/mountain-destinations/access-readers-turnstiles/freemotiongate.html#tabs1-2
Offline
#117 2015-02-02 00:58:13
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
mine is EM4233 skidatakeycard because is 01- is from a parking system
Offline
#118 2015-02-02 09:20:06
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
2) the tag uses fast communication protocol (what is your tag model?)
How to check what type of protocol is used ?
I have only 5 days to finish tests (end of holiday).
Last edited by Piorun (2015-02-02 17:57:19)
Offline
#119 2015-02-02 10:18:01
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
You cannot. Simply try different positions while snooping with iclass and be sure all your hardware configuration is ok (no power loss or something like that).
Offline
#120 2015-02-02 10:25:00
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
What is the maximun in fast communication?
I 've been able to snoop 848kbs mifare desfire in fast communication.
I think is not a problem of fast communication i think is an antenna problem.
If you tune the antenna, what you get?
Offline
#121 2015-02-02 11:35:03
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Skidata tickets (iso 15693)
try the r.0.0.7 since there have been a remake of the list command. From 0.0.7 its under "hf list iclass"
Offline
#122 2015-02-02 17:01:47
- tarcisiomerlot
- Member
- Registered: 2015-01-04
- Posts: 3
Re: Skidata tickets (iso 15693)
As I promised, here's 7 reading of my skipass after 7 passages through the turnstile. For each of them I have attached the remaining hours and the hh:mm of the passage timestamp as displayed by the turnstile. The first passage belongs to a previous day, the other 6 are done in the same day.
Only 9 bytes change between passages: block 2 byte 4, block 47 bytes 1-4, block 48 bytes 1-4.
@Asper: I have already understood some bytes: block 2 byte 4=counter of the passage made in one day, block 48 byte 1=couple (!!) of remaining minutes, byte 2=day (coded somehow) of passage?, byte 3+8 bits of byte 4=minutes/seconds of passage (expressed in seconds)?, byte 4 last 8 bits=hour of passage.
@Gaucho: can you share what you have found about the meaning of the other bytes?
CHECK 04/01/2015 ??:?? 6h 52m
C4 08 66 B9 42 18 40 20 00 38 00 F0 1C 48 33 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 80 53 42 1F 90 53 42 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A 13 01 1D 00 04 1B 01 B0 C7 F7 C3 48 FF C8 79 40 77 6B D6 20 0C 20 01 CE 60 98 2D 00 30 90 15 00 00 00 00 00 00 00 00
CHECK 31/01/2015 12:03 6h 48m
C4 08 66 B9 42 18 40 20 00 38 00 10 1C 48 33 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 80 53 42 1F 90 53 42 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A 13 01 1D 00 04 1B 01 B0 C7 F7 C3 48 FF C8 79 40 77 6B D6 A0 06 F8 01 CC 20 20 4C 00 30 90 15 00 00 00 00 00 00 00 00
CHECK 31/01/2015 12:17 6h 36m
C4 08 66 B9 42 18 40 20 00 38 00 20 1C 48 33 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 80 53 42 1F 90 53 42 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A 13 01 1D 00 04 1B 01 B0 C7 F7 C3 48 FF C8 79 40 77 6B D6 70 05 F8 01 C6 20 50 2C 00 30 90 15 00 00 00 00 00 00 00 00
CHECK 31/01/2015 12:25 6h 28m
C4 08 66 B9 42 18 40 20 00 38 00 30 1C 48 33 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 80 53 42 1F 90 53 42 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A 13 01 1D 00 04 1B 01 B0 C7 F7 C3 48 FF C8 79 40 77 6B D6 40 04 F8 01 C2 20 70 2C 00 30 90 15 00 00 00 00 00 00 00 00
CHECK 31/01/2015 12:47 6h 06m
C4 08 66 B9 42 18 40 20 00 38 00 40 1C 48 33 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 80 53 42 1F 90 53 42 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A 13 01 1D 00 04 1B 01 B0 C7 F7 C3 48 FF C8 79 40 77 6B D6 B0 03 F8 01 B7 20 C8 2C 00 30 90 15 00 00 00 00 00 00 00 00
CHECK 31/01/2015 13:02 5h 52m
C4 08 66 B9 42 18 40 20 00 38 00 50 1C 48 33 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 80 53 42 1F 90 53 42 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A 13 01 1D 00 04 1B 01 B0 C7 F7 C3 48 FF C8 79 40 77 6B D6 60 05 F8 01 B0 20 10 2D 00 30 90 15 00 00 00 00 00 00 00 00
CHECK 31/01/2015 13:15 5h 38m
C4 08 66 B9 42 18 40 20 00 38 00 60 1C 48 33 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2A 80 53 42 1F 90 53 42 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4A 13 01 1D 00 04 1B 01 B0 C7 F7 C3 48 FF C8 79 40 77 6B D6 00 04 F8 01 A9 20 48 2D 00 30 90 15 00 00 00 00 00 00 00 00 Offline
#123 2015-02-02 18:27:11
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
I verified these:
block02 byte 4=counter of the passage made in one day
block48 byte 1=remaining minutes/2 -> hex
For the other "guessings" maybe time and hours can be stored as a binary clock format. I am low in time those days and I cannot verify them; I paste there the only 3 changing blocks, maybe someone will find the time to verify how date and time are stored:
CHECK 04/01/2015 ??:?? 6h 52m
blocks: data
02: 00 38 00 F0
47: 20 0C 20 01
48: CE 60 98 2D
CHECK 31/01/2015 12:03 6h 48m
02: 00 38 00 10
47: A0 06 F8 01
48: CC 20 20 4C
CHECK 31/01/2015 12:17 6h 36m
02: 00 38 00 20
47: 70 05 F8 01
48: C6 20 50 2C
CHECK 31/01/2015 12:25 6h 28m
02: 00 38 00 30
47: 40 04 F8 01
48: C2 20 70 2C
CHECK 31/01/2015 12:47 6h 06m
02: 00 38 00 40
47: B0 03 F8 01
48: B7 20 C8 2C
CHECK 31/01/2015 13:02 5h 52m
02: 00 38 00 50
47: 60 05 F8 01
48: B0 20 10 2D
CHECK 31/01/2015 13:15 5h 38m
02: 00 38 00 60
47: 00 04 F8 01
48: A9 20 48 2D Last edited by asper (2015-02-02 18:27:23)
Offline
#124 2015-02-02 23:22:23
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
@Asper: I have already understood some bytes: block 2 byte 4=counter of the passage made in one day
What type of skipass do you use?
I have skipass valid for 14 days, and 'block 2 byte 4=counter' is incremented only ones per day (Kaprun AT).
Offline
#125 2015-02-03 07:45:28
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: Skidata tickets (iso 15693)
i have tried on this
http://www.skidata.com/en/parking-management/barriers-columns/parking-column-columngate.html
http://www.skidata.com/en/parking-management/automated-payment-machines/easycash.html
http://www.skidata.com/en/parking-management/automated-payment-machines/powercash.htmland I can record de comunication
these are parking systems, while we're tring pm on turnstiles with extended operative temperature and bigger antennas
Offline
#126 2015-02-03 07:51:52
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: Skidata tickets (iso 15693)
gaucho wrote:2) the tag uses fast communication protocol (what is your tag model?)
How to check what type of protocol is used ?
I have only 5 days to finish tests (end of holiday).
now i'm not on my pc. looking at the uid you should be able to identify the model. once you know your tag model, you can find the datasheet. on mine it is written that a fast protocol is supported
Offline
#127 2015-02-03 08:19:35
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
tarcisiomerlot wrote:@Asper: I have already understood some bytes: block 2 byte 4=counter of the passage made in one day
What type of skipass do you use?
I have skipass valid for 14 days, and 'block 2 byte 4=counter' is incremented only ones per day (Kaprun AT).
I do not have those tags, i just quickly analyzed your data.
To check the chip inside your tag read it again with pm3 client 0.0.7, it should name it.
Offline
#128 2015-02-03 19:06:17
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
Today I was able to record the data sent by the reader, but not sent by the card ( proxmark antenna was in backpack), maybe this is enough to read the password ?
proxmark3> hf list iclass
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# cancelled_a
#db# 4 0 0
#db# 20 83 f0
Recorded Activity (TraceLen = 131 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Rdr | 13 23 00 03 76 c4 | | ?
0 | 0 | Rdr | 13 23 1c 02 ce e9 | | ?
0 | 0 | Rdr | 13 23 2a 01 27 39 | | ?
0 | 0 | Rdr | 13 23 1f 01 3d f1 | | ?
0 | 0 | Rdr | 13 23 04 02 9f b2 | | ?Offline
#129 2015-02-03 22:28:57
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
distance problem, antenna.....???
what card do you have sle, em......?
that log is incomplete the reader have to sent the password
good progress
Offline
#130 2015-02-03 23:59:03
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
Out of subject: Today I got skipass from Italy
'Dolomity SKIPASS'
04.01.15
(10) Valle Isarco
5 days J
proxmark3> hf 15 dumpmem
Reading memory from tag UID=E004015029720300
Tag Info: NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)
Block 00 D4 08 03 BE ....
Block 01 C2 1D 02 00 ....
Block 02 4E 29 EF 11 N)..
Block 03 12 20 53 42 . SB
Block 04 1B 00 00 00 ....
Block 05 00 00 00 00 ....
Block 06 00 00 00 00 ....
Block 07 00 00 00 00 ....
Block 08 00 00 00 00 ....
Block 09 00 00 00 00 ....
Block 0a 00 00 00 00 ....
Block 0b 00 00 00 00 ....
Block 0c 00 00 00 00 ....
Block 0d 00 00 00 00 ....
Block 0e 00 00 00 00 ....
Block 0f 00 00 00 00 ....
Block 10 00 00 00 00 ....
Block 11 00 00 00 00 ....
Block 12 02 92 30 05 ..0.
Block 13 00 00 00 84 ....
Block 14 3D 82 C8 47 =..G
Block 15 8B B1 EC 03 ....
Block 16 41 61 BC 94 Aa..
Block 17 7B 2F CD 18 {/..
Block 18 43 29 B5 BB C)..
Block 19 F7 80 72 F0 ..r.
Block 1a B6 90 F5 F3 ....
Block 1b D1 0A 6F 7C ..o|
Tag returned Error 15: Unknown error.Offline
#131 2015-02-04 00:12:56
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
what card do you have sle, em......?
ho to check this ?
proxmark3> hf 15 dumpmem
Reading memory from tag UID=E0162466059BC8E6
Tag Info: EM Microelectronic-Marin SA Switzerland (Skidata)
Block 00 { 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)" },
{ 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" },
{ 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" },
{ 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" },
{ 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },Last edited by Piorun (2015-02-04 00:32:10)
Offline
#132 2015-02-04 00:33:49
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
Tag Info: NXP(Philips); IC SL2 ICS20/ICS21(SLI) ICS2002/ICS2102(SLIX)
http://www.nxp.com/documents/data_sheet/SL058030.pdf
http://www.nxp.com/documents/data_sheet/SL2S2002_SL2S2102.pdf
Offline
#133 2015-02-04 09:50:42
- marcogtt
- Member
- Registered: 2015-02-04
- Posts: 4
Re: Skidata tickets (iso 15693)
Hi everyone looks like this is the place to go to deepen the study around this topic. I didn't find such a comphrensive collection of infos anywhere else than here all over the net.
I'm looking at an Italian resort which basically have the same pattern of card issuing as others. They allow online top up of the card by using Te serial to identify it but I realized that they have preactivated serials for one use only cards to be used in stores promotions all over the country. For instance I can be in a store far from the resort with some kind of promotion get a free ski pass which in fact is a card know from the main database which is waiting to be activated from the first passage at the turnstyle . I would like to target those serials which are not yet being activated and are still sitting in some store drawers. The logic behind this should be simple. Right now I'm collecting serials of cards which comes from the same store to see if there is any sub sequentiality which I guess will be. Then I will just need to change the serial of the card on an existing one with other bytes zeroed like a brand new one.....what do you think bout that?
Offline
#134 2015-02-04 10:02:20
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
It is NOT POSSIBLE to modify an UID/Serial for ISO15693 cards/tags (and the above mentioned cards are all ISO15693); no one has ever emulated an ISO15693 tags until now so it will be impossible for you to do what you are trying to do. Also serials are written at the tags factory so even ski resorts have no control on them, they receive them "as is", they can only put the serial in the database and add/remove features to it.
Last edited by asper (2015-02-04 10:06:20)
Offline
#135 2015-02-04 10:11:51
- marcogtt
- Member
- Registered: 2015-02-04
- Posts: 4
Re: Skidata tickets (iso 15693)
So what would be the way to proceed with a not yet activated card?
If we don't have chances to work on uid I dont see any way out as they are the primary key for the card in the activated database....
Offline
#136 2015-02-04 23:11:09
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
Here is full log, but I don't see any password (I removed duplicated response from the tag with the same value - i think it is noice):
proxmark3> hf list iclass
Recorded Activity (TraceLen = 9790 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 0 | Tag | bb d4 bb 0f 0f 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0e 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0c 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 07 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 08 07 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 08 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 01 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 01 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 03 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0e 03 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0c 00 03 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 03 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0c 07 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0c 00 07 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 08 00 04 bb | ok |
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 08 00 04 bb | ok |
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 08 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0e 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0e 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 03 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 07 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 08 07 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 08 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 08 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 00 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 00 01 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0c 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 01 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 27 01 00 2a 50 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 13 23 00 03 76 c4 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 00 04 bb | ok |
0 | 0 | Rdr | 13 23 2a 01 27 39 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0e 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0e 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0c 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0c 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 13 23 2c 03 49 05 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 08 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 01 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0e 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 03 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0c 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0d 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0a 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 08 06 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0d 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0c 09 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 00 0b 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0d 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 05 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0b 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0e 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0d 07 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0b 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0d 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0e 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0b 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0b 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 13 23 2c 03 56 84 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 00 00 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0e 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0c 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 13 21 31 00 11 3c 15 1e 51 | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 02 bb | ok |
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
0 | 0 | Rdr | 13 21 02 00 38 00 b0 8d 0d | | ?
0 | 0 | Tag | bb d4 bb 0f 0f 0f 04 bb | ok |
proxmark3>Offline
#137 2015-02-05 00:14:06
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
I don´t know if that log is ok?
do you have any of that data in your card?
I think the tag answer is different from your card, you don´t have any of that data in your card?
do you find any similarity with the info inside your card??
you card is suposed to be a sl2s2002 or sl2s2102
http://www.nxp.com/documents/data_sheet/SL2S2002_SL2S2102.pdf
and in that log i can´t see any card command discribed in the datasheet
or the log is wrong or is not a philips sl2s2002 or sl2s2102 or proxmark sniffing error, or may be i´m wrong.
Offline
#138 2015-02-05 01:40:21
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
01 is the "inventory" but I don't think that tag answer is good... look at your dumps and see if there are any of those bytes sequences in the tag memory.
23 is the read a range of blocks while 21 is write a block.
Last edited by asper (2015-02-05 08:14:12)
Offline
#139 2015-02-05 08:58:06
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
01 is the "inventory" but I don't think that tag answer is good... look at your dumps and see if there are any of those bytes sequences in the tag memory.
23 is the read a range of blocks while 21 is write a block.
Log: Rdr | 13 21 02 00 38 00 b0 8d 0d
Tag: Block 02 00 38 00 B0 .8..
#2
Log: Rdr | 13 21 31 00 11 3c 15 1e 51
Tag: Block 31 00 11 3C 15 ..<.
Offline
#140 2015-02-05 09:05:09
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
This is correct because 21 02 means write (21) block 2 (02), while 21 31 means write (21) block 49 (31).
23 00 03 means read from block 00 to block 03.
What is strange is the continuous tag answer, can you find "bb d4 bb 0f 0f 0c 04 bb" or other tag-answered bytes in your dump ?
Anyway it seems you were not lucky, no password seems to be sent during your snoop time.
Last edited by asper (2015-02-05 09:07:19)
Offline
#141 2015-02-05 09:44:09
- thefkboss
- Contributor
- Registered: 2008-10-26
- Posts: 198
Re: Skidata tickets (iso 15693)
Thanks asper.
Piorun you lost reader packets because before write you need password command
Offline
#142 2015-02-05 22:56:56
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
I verified these:
block02 byte 4=counter of the passage made in one day
block48 byte 1=remaining minutes/2 -> hexCHECK 31/01/2015 12:03 6h 48m 02: 00 38 00 10 47: A0 06 F8 01 48: CC 20 20 4C
Could you explain this:
Remainig time is 6h 48m
Block#48:byte#1 = CC
CC/2 = 66 Hex -> 102 Dec -> 1h 42m - how to interpret the value ?
Offline
#143 2015-02-05 23:28:45
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
6h 48m = 408m /2 = 204 -> CCh
Offline
#144 2015-02-06 00:59:36
- MiP
- Member
- Registered: 2015-02-06
- Posts: 5
Re: Skidata tickets (iso 15693)
Dear all,
I'm following your topic while trying to test and understand comparable topic for another location, but I'm having some interogation regarding hf 15 functions...
UID of my tag seems to be writen on it but hf15 reader and hf 15 dumpmemory seems to
Offline
#145 2015-02-06 01:09:02
- MiP
- Member
- Registered: 2015-02-06
- Posts: 5
Re: Skidata tickets (iso 15693)
(sorry for the incomplete post...)
...hf 15 seems to reverse UID for example, on a tag writen as : B2F9597E-A0E-BC1
I have following results :
proxmark3> hf 15 reader
#db# ....Y~.. 00 00 b2 f9 59 7e 00 01
#db# ...S 04 e0 fe 53
#db# UID = E00401007E59F9B2
proxmark3> hf 15 dumpmemory
Reading memory from tag UID=E00401007E59F9B2
Did you experienced same behavior ?
On another I was wondering how do you succed snooping with iclass (iso 14443) communication of skipass (iso 15693) isn't it problematical snooping with iclass function ?
Offline
#146 2015-02-06 08:59:12
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
A correct iso15693 UID starts with E0 (iso15693 definition).
icalss is not iso14443 nor iso15693 but it uses a protocol compatible with iso15693 and indeed snoop is working.
Last edited by asper (2015-02-06 09:07:20)
Offline
#147 2015-02-06 09:34:26
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: Skidata tickets (iso 15693)
I missed this one:
thefkboss wrote:what card do you have sle, em......?
ho to check this ?
proxmark3> hf 15 dumpmem Reading memory from tag UID=E0162466059BC8E6 Tag Info: EM Microelectronic-Marin SA Switzerland (Skidata) Block 00{ 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)" }, { 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" }, { 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" }, { 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" }, { 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },
It is an EM4233, it should be correctly identified in the 0.0.7 version (please let us know if it is).
Offline
#148 2015-02-09 10:19:49
- pavlik1
- Contributor
- Registered: 2013-08-22
- Posts: 15
Re: Skidata tickets (iso 15693)
Hello
What are the posibility to write to the tag? I tested with the android app RFID NFC tool and can write only from block 4 to 27. the rest is giving me an error :Action failed.(0x21) 01 0F
the tag is:EM4x3x (for customer 066)
UID e01624660925e3b0
There are interesting changes in blocks 42 to 49
begin
06.02.2015
end
07.02.2015
The first is 50 point, the last is 0 points. first was decreased by 3 points, last two are decreased by 4 points.
42 06289f1e 06289f1e 06289f1e 06289f1e 06289f1e 06289f1e 06289f1e 06289f1e
43 a0051b01 a0051b01 a0051b01 a0051b01 a0051b01 a0051b01 a0051b01 a0051b01
44 e81437ca e81437ca e81437ca e81437ca e81437ca e81437ca e81437ca e81437ca
45 46518647 46518647 46518647 46518647 46518647 46518647 46518647 46518647
46 50131d31 50131d31 50131d31 50131d31 50131d31 50131d31 50131d31 50131d31
47 00000000 60000000 60000000 60000000 60000000 60000000 60000000 80000000
48 e2005906 c280f705 59003a05 5a003a05 4500b903 3200b903 5180bd00 bd801f00
49 00003200 00c83200 00c82c00 00d02600 00e42000 00d01a00 00ec0800 00fc0000
day card after 13h
07.02.2015
0628a61c
c0051b01
d93437c2
066cf244
c0a41e31
00000000
0000c03f
00000000
07.02.2015
before use. day end
after 11h. after 11h
0628a71c 0628a71c
c0051b01 c0051b01
d43437c2 d43437c2
8653f044 8653f044
f0fe5531 f0fe5531
11000000 00000000
000080fc 0000c03f
00f8e937 00000000
block 42 seems to be date
block 47 gate or start-end
block 48-49 points
hoe to interbreed?
Offline
#149 2015-02-09 12:17:34
- pavlik1
- Contributor
- Registered: 2013-08-22
- Posts: 15
Re: Skidata tickets (iso 15693)
to the post above:
day card after 13h is on 06.02.2015
Offline
#150 2015-02-11 10:29:59
- Piorun
- Contributor
- Registered: 2015-01-29
- Posts: 57
Re: Skidata tickets (iso 15693)
I missed this one:
Piorun wrote:thefkboss wrote:what card do you have sle, em......?
ho to check this ?
proxmark3> hf 15 dumpmem Reading memory from tag UID=E0162466059BC8E6 Tag Info: EM Microelectronic-Marin SA Switzerland (Skidata) Block 00{ 0xE016000000000000LL, 16, "EM Microelectronic-Marin SA Switzerland (Skidata)" }, { 0xE016040000000000LL, 24, "EM-Marin SA (Skidata Keycard-eco); EM4034? no 'read', just 'readmulti'" }, { 0xE0160c0000000000LL, 24, "EM-Marin SA; EM4035?" }, { 0xE016100000000000LL, 24, "EM-Marin SA (Skidata); EM4135; 36x64bit start page 13" }, { 0xE016940000000000LL, 24, "EM-Marin SA (Skidata); 51x64bit" },It is an EM4233, it should be correctly identified in the 0.0.7 version (please let us know if it is).
The log is from 0.0.7 version, so isn't correctly recognized
Last edited by Piorun (2015-02-11 10:32:37)
Offline