Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#51 2015-01-02 19:04:28

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

should be possible.  yes just need to program blocks 1 and 2 and set the config block to manchester RF/32 and transmit only 2 blocks.  (check the datasheet.)

Offline

#52 2015-01-03 02:31:37

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

marshmellow wrote:

as a group if we are worried about the number of commands in the "data" group we could consider moving or removing some of the following:

Possible to remove:

bitsamples  (another data samples just without the argument for how many samples to get - it gets 12288 samples)
bitstream  (looks like another ask/manchester demod attempt)
fskdemod
askdemod
mandemod
threshold (we now have dirthreshold)

Possible to Move (maybe to data adv ?):

dec (decimate samples)
amp (amplify peaks)
hpf (zeros graph mean)
hexsamples
norm (min/max to +/-500) (note: will break new demod functions - should change to +/-128)
zerocrossings

thoughts?

This item had been buried, any comments?

Offline

#53 2015-01-03 03:08:47

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Ask/Manchester Demod new functions

marshmellow wrote:

should be possible.  yes just need to program blocks 1 and 2 and set the config block to manchester RF/32 and transmit only 2 blocks.  (check the datasheet.)

Thanks, I will try that,
lf t55xx writeblock fcf200000 1
lf t55xx writeblock 000066c0 2
What about block 0 ?

Offline

#54 2015-01-03 03:11:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

I'm looking in the code,  trying to make sense of what the original thought was.  There are some "hardcoded" values like 12288 which doesn't make sense.

Offline

#55 2015-01-03 03:14:07

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

Agreed, however 12000 should be enough samples to demod most tags...  It is possible that value used to be the max buffer size at one time?

Offline

#56 2015-01-03 03:15:29

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

This thread is about Marshmellows new LF demods enhancements.

We can lift the  "clean up the data commands structure" to another thread.

And Joe, I suggest you start another thread for your questions.

Offline

#57 2015-01-03 03:18:57

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

Agreed. I'll  start one for the data restructuring

http://www.proxmark.org/forum/viewtopic … 470#p13470

Last edited by marshmellow (2015-01-03 03:23:08)

Offline

#58 2015-01-03 03:21:09

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

FC 128 gives one bit (of data) every 128th sample. So 1byte = 1024 samples,  64bytes is way over BigBuffer capacity,
FC64, ... 1byte = 512 samples,  64bytes is 32768samples,  just inside the BigBuffer capacity,

Or did I missunderstand it all?

Offline

#59 2015-01-03 03:25:02

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

Except most lf tags are 64 bits or 128 bits with a few at 192 bits.  Not bytes.

Offline

#60 2015-01-03 03:30:49

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

Then it is enough with 6000-8000 samples

Offline

#61 2015-01-03 03:35:55

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

Correct, so it is possible the max used to be around 12000

Offline

#62 2015-01-04 23:11:09

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

I couldn't help but to notice that inside CmdIndalaDemod,  at the end it changes the Graphbuffer.  This will change the outcome for the new "LF SEARCH" command for the commands coming afterwards inside.

Some of the old commands has this kind of logic to them, where they tries to demod/decode/ if succesful then also change the raw data used.

Offline

#63 2015-01-05 12:38:51

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

This effect is desired for cloning and simulating right after reading.    I am working on a new psk demod that has fewer errors and false reads.  It is almost done. 

We could make an argument to "save in buffer" or not for all the demods.  Thoughts?

Offline

#64 2015-01-05 13:58:23

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

As I mentioned before where I suggested that we divide the demod/decode/,   we could add optional step "prepare for sim" where it modifies the graphbuffer with new encoded data.

The original thought of LF commands, where you first do a "LF READ" (read and load data into arm),  "DATA SAMPLES" (transfer data to client)   "DATA PLOT" (visualise data)   and then the testing of the data begins.
Then comes the notion of   DATA ACQUISITION,   from antenna or loaded from file..

This makes the LF Commands more of a testing tool.

Nowdays,  there is a mixture of having fixed demods for certain tags and minimal info of the tag. (taginfo as manufacturing data, etc)

I would like to have the test-bench,   the taginfo bench,  the known tags implentations,  the sim bench all nicely working together.

Offline

#65 2015-01-05 14:32:44

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Ask/Manchester Demod new functions

Regarding the fact that the graphbuffer content is ruined by certain commands has been nagging me a long time. I think someone should implement an undo-functionality. Memorywise, the graphbuffer is not an issue, we could keep a lot of buffers if we want to.

It should be implemented as a pretty generic mechanism, whereby an operation 'checkout' a new version of the graphbuffer, placing the old one in the 'undo-stack'. And a mechanism to pop the undo-stack. I may do it sooner or later myself, but there are a few other things I'm busy with atm.

Offline

#66 2015-01-05 14:43:36

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

it somewhere   raw signal  into demoded signal,   then the decode signal have to be somewhere to go while it goes into decode  and so one to sim..

* raw-array
* Demod-array
* Decode-array
* Sim-array

And a possibility to swap which array that is visualised in the plot window..

Offline

#67 2015-01-05 17:38:26

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

Why don't we just have a new buffer for writing and simulating, and all demoded data goes to that?  I figured the original idea was to keep a minimal memory footprint, which is why there is only one global data array in each section.   But for the client unless you want to run it on your phone it probably doesn't matter if we make a new one for data out buffer.

Offline

#68 2015-01-05 17:39:32

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

Then all the Sim and clone commands can pull from that.  Easier than more arguments, or undo.

Offline

#69 2015-01-06 10:05:01

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Ask/Manchester Demod new functions

marshmellow wrote:

Why don't we just have a new buffer for writing and simulating, and all demoded data goes to that?  I figured the original idea was to keep a minimal memory footprint, which is why there is only one global data array in each section.   But for the client unless you want to run it on your phone it probably doesn't matter if we make a new one for data out buffer.

Yes, but it may be simpler to convert all old operations to just give them a new buffer to do their stuff, than to retrofit them to use one incoming buffer and one outgoing. But either way is fine with me...

Offline

#70 2015-01-06 15:48:54

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

strange thing is i can't find any routines that use the demoded data for a sim or clone command.  it appears a connection it was intended but never made.  so, I guess I'll make one after my pskrawdemod is finished.  i am just going to use a single demod buffer.  I've adjusted my demod functions in my fork to never change the graphbuffer  ...  i'm now going to work to get my fork back in sync with the main...

Offline

#71 2015-01-06 16:17:31

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

If you look into the EM410x commands, you'll see some decode -> sim.
I guess there was some in HID has the individual methods but not "hooked" up in a replay method.

Just to be clear,  how about we use the same notion for all of these commands,  like this:

REPLAY =  scan for a tag, if found start simulating it.
SIMULATE = take a uid and send to PM3 where it begins to act as that uid.
CLONE = take a uid and make a copy to a t55x7 card.

Offline

#72 2015-01-06 18:15:53

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

CmdLFSim (used by EM410x simulate command) appears to pull from the graphbuffer - it also appears this command uses bitstream to demod if the wave in graphbuffer isn't demodulated yet.

this should be fairly easy to adjust.  i don't see many other commands that pull data and write from or sim from the graphbuffer.

Offline

#73 2015-01-06 18:22:09

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

are any of the sim commands functional?  i saw several bug comments lately.  no point connecting them until they work.

Offline

#74 2015-01-06 20:04:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

After spending hours and hours in LF sim commands.. (lf em4x 410xsim)  I advice not to touch all SIM functions until after we gotten your, Holimans  and mine changes in the pm3-master. 
If we do that, we at least don't have to bother figuring out if it was the "demod" that mess it up or not.   The original simulatelftag in lfops.c  was kind of working...  but I've been rewriting it..  Almost there.

Offline

#75 2015-01-06 20:36:23

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

Sounds good.  I'm not sure how to proceed with my psk additions, and a few bug fixes...  If I create a pull request it would just create more conflicts with yours...

Offline

#76 2015-01-06 20:38:54

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Ask/Manchester Demod new functions

iceman wrote:

After spending hours and hours in LF sim commands.. (lf em4x 410xsim)  I advice not to touch all SIM functions until after we gotten your, Holimans  and mine changes in the pm3-master.

I don't have anything much to commit in there.. I also implemented sending larger chunks of data, but that's laying around somewhere and we may just as well use your implementation I guess... So don't let me hold you up

Offline

#77 2015-01-06 20:40:33

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

What will it take to get iceman's pull request ready for accepting?

Offline

#78 2015-01-06 20:58:47

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

I will try one different approach to fix the pull-request aftera tip from Holiman.  After that I give up.

Offline

#79 2015-01-07 14:10:23

joe
Contributor
Registered: 2013-08-15
Posts: 126

Re: Ask/Manchester Demod new functions

joe wrote:
marshmellow wrote:

should be possible.  yes just need to program blocks 1 and 2 and set the config block to manchester RF/32 and transmit only 2 blocks.  (check the datasheet.)

Thanks, I will try that,
lf t55xx writeblock fcf200000 1
lf t55xx writeblock 000066c0 2
What about block 0 ?

Just for your info, the cloned card can't work.

Offline

#80 2015-01-07 17:36:39

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

@joe, if you start a new thread and can post a trace I may be able to help further.  there are a few reasons an ata5577 may not work to clone some tags.

Offline

#81 2015-01-07 21:14:03

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Ask/Manchester Demod new functions

marshmellow wrote:

What will it take to get iceman's pull request ready for accepting?

Today I committed the first of the set of changes. I looked through the changes, made some comments, and iceman made some fixes - then I committed it. Testing is appreciated.

https://github.com/Proxmark/proxmark3/commits/master

So, ready for the next set of changes, @iceman.

Offline

#82 2015-01-07 21:25:52

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

Sweet work Holiman!

question, is the pm3 master ready for openssl??   It's one of the major issues everyone has with my fork to start with.

Offline

#83 2015-01-07 21:27:13

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Ask/Manchester Demod new functions

I don't know. Why not? but then again, perhaps the entire openssl isn't needed ?

Offline

#84 2015-01-07 21:39:35

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Ask/Manchester Demod new functions

The needed openssl files are the following:
meL5Iht.png
Put them in the /client/openssl/ folder. Here they are.
I obtained them while compiling and adding them 1 by 1 until it compiled fine (anyway I also have openssl installed).

Iceman also uses Qt 5.x while the main trunk 4.x so while compiling with the "old" environment, the QTDIR must be updated/changed.

Last edited by asper (2015-01-07 21:43:32)

Offline

#85 2015-01-07 21:56:47

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

I never changed the Qtdir variable, so the old makefile should work but then, never say never.

Offline

#86 2015-01-07 23:52:17

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

are we going to add these files to git?  also I had trouble until I added the libeay32.dll (and added it to the make file).  but might just be me...

Last edited by marshmellow (2015-01-07 23:52:45)

Offline

#87 2015-01-07 23:54:15

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

if we switch to qt 5 will we remake a zipped compile environment for download like was previously able to be downloaded from proxmark.org?

Offline

#88 2015-01-08 00:01:17

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

Depends,   Asper has been maintaining a Pre-compiled Windows binaries distro.  Which enables all of the people who don't know how to set up the development environment.

If Asper is up to making a new working version it would be nice.

Soon I have gotten all my minor changes in the Pm3-master,  then I start with the Ultralight/Desfire stuff, which is where the fun begins.

Offline

#89 2015-01-08 00:02:20

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

We can also start thinking on moving up to Qt 5.x.   The whole dev env is kind of outdated.

Offline

#90 2015-01-08 00:02:38

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

the precompiled binaries is different.
i meant: http://www.proxmark.org/files/Windows-C … vironment/

Offline

#91 2015-01-08 00:07:19

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

I'm going to issue a pull request from my fork to get the new PSK functions in (as well as a few bug fixes to my other functions, and a switch to Tab spacing).. it also has a fix to the tune command i broke in merge 33.

Offline

#92 2015-01-08 00:19:50

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Ask/Manchester Demod new functions

I can maintain the precompiled win and android version.
The compiling environment I am using is the one you can find in the proxmark repostiory: http://code.google.com/p/proxmark3/downloads/list (maybe someone should copy/move it to github and maybe adding some more recent "stable" compiled version). I only updated Qt to 5.3.2. The guide I used is this one: http://code.google.com/p/proxmark3/downloads/list.

Last edited by asper (2015-01-08 00:20:15)

Offline

#93 2015-01-08 23:36:37

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

asper wrote:

proxmark repostiory: http://code.google.com/p/proxmark3/downloads/list (maybe someone should copy/move it to github and maybe adding some more recent "stable" compiled version)

+1 vote  (once openssl is integrated)

Offline

#94 2015-01-10 16:30:17

NeiJPass
Contributor
From: Usa
Registered: 2014-05-14
Posts: 37
Website

Re: Ask/Manchester Demod new functions

Hello everyone. This he has done has worked mars never read me "lf EM4x50" Now allow me to read these cards? can be recorded on these cards (EM4450)

Offline

#95 2015-01-10 16:47:43

iceman
Administrator
Registered: 2013-04-25
Posts: 9,495
Website

Re: Ask/Manchester Demod new functions

Don't know if Marshmellows new lf-demods  fixes the  "lf em4x em4x50" commands.   It does makes a correct decoding of "em410x" tags.

Offline

#96 2015-01-10 17:25:52

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

I don't have any em4450 tags to test those commands, and none of my adjustments affect the lf em4x em4x50 commands.  It might be possible to askraw demod it, though I think it has clocking bit separators that may cause problems in the demod.

Offline

#97 2015-02-07 00:44:49

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

for a summary of the new lf commands see:http://www.proxmark.org/forum/viewtopic.php?id=2260

Offline

#98 2015-04-02 18:42:35

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Ask/Manchester Demod new functions

in my fork i have some new code to demod the em4x50 tags.

i finished off the lf em4x em4x50read command (data must be in graphbuffer first). 
i also added it to the lf search.

i haven't looked at the readword/writeword commands yet.

Offline

#99 2015-04-02 20:02:21

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Ask/Manchester Demod new functions

This is a summary for the EM4150 specs:

PROTECTION WORD (Block1): This block contains 4 bytes, each of which provides a setting for the read/write protection of transponder blocks - if a block is not write-protect it can be written, unless you change block1 settings to make it write-free - if a block is read-protect it can not be read (if you try to read you obtain all 0), unless you change block1 settings and make it read-free; these protections are used to ensure that only those who know the psw can read/write those blocks making them first free and then locking them again. In 4150 it is not possibile to select, block by block, the desired setting, since that function would require many more bits that were "wasted" for the configuration, so you can only seta range of blocks; in practice you must transform the block value in binary (by reading the bits from right to left) - bits from 0 to 7, returned into hex, give the first read-protected block - bits from 8 to 15, returned in to hex, give he last read-protected block - bits from 16 to 23, returned into hex, give the first write-protected block - bits 24 to 31, returned into hex, give the last write-protected block (you
can combine the 2 blocks range to get read-only, write only or both). CONTROL WORD (Block2): its Bit16 (the seventeenth) indicates the presence (1) or not (0) of Password Protection (default pwd: 000000), and the last two bytes indicate the range of write-protected blocks, eg. 00010504 indicates that the password is active for blocks from 04 to 05; when protection is active data can still be read but can only be modified using a valid password login presuming the fact that they write-free; if they are not write-free you must fistly modify the protection word. Bit 17 (the eighteenth), if set to 1, indicates that, once a write operation of a block is made, the block is immediately retransmitted (for confirmation purpose) from the tag to the programmer. Bits 18-31 are not used for configuration but are "user available". It is also possible to ser the word (1 only) that is transmitted from the transponder when it is near the programmer with the command "wordsel"; this allows to set a value between 3 and 31 (or OFF if you want to transmit the ID) that corresponds to the block to be automatically transmitted insted of the UID.

Offline

Board footer

Powered by FluxBB