Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#101 2014-10-15 12:17:33

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

Yes, replace the makefile in /client  directory.

Offline

#102 2014-10-15 12:26:29

MilkThief
Contributor
Registered: 2014-04-11
Posts: 104

Re: [Resolved] broken: LF T55xx commands.

Iceman, if with your code I'll be able to recover my 60 T55xx locked tags, making them RW, you'll find a lot of prepaid beers in a lounge bar in Bergdalsgatan (near you!) where a old friend of mine works. Don't tell me you're non-drinker!  wink

Offline

#103 2014-10-15 12:33:27

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

Are you stalking me?  smile
But then, I never say no to free beer smile

I hope you'll have success with your tags. What was wrong with them? (i forgot, i'll re-read this thread)
Btw,  there was another "clone" password found, mentioned in another thread.  http://www.proxmark.org/forum/viewtopic.php?id=2022&p=3

Offline

#104 2014-10-15 12:42:47

MilkThief
Contributor
Registered: 2014-04-11
Posts: 104

Re: [Resolved] broken: LF T55xx commands.

No stalking, your internet site is in this thread. I never miss a promised beer! wink
Recompiled, reflashed, retested, the problem is still there. It exits as in the post #96...
I'll take some time to find an idea... :-)

(a chineese sent me 60 RW tags... but they are preprogrammed and I cannot write them with a PM3. He warranties that they are T55x7 compatible, so they are RW for me. I did not posted about this because I'm trying to do what I found on the forum. A second way would be to "lf snoop" the chinese cloner during the write process, but "lf snoop" is a ghost command)
Thank you!

Offline

#105 2014-10-15 12:51:06

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

Mail me instead,  so we don't have to fudge this thread up.

You still get crash with  "lf t55xx dump"..  tried  individual "lf t55xx rd 0"  commands?

Offline

#106 2014-10-15 16:37:05

MilkThief
Contributor
Registered: 2014-04-11
Posts: 104

Re: [Resolved] broken: LF T55xx commands.

iceman wrote:

Mail me instead,  so we don't have to fudge this thread up.

Absolutely correct. I'm looking for your email address on your forum profile. Nothing.
Is that caused by my forum (low) profile?

iceman wrote:

You still get crash with  "lf t55xx dump"..  tried  individual "lf t55xx rd 0"  commands?

I will try tonight and keep you updated.
Thank you!

Offline

#107 2014-10-15 16:47:04

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

start here:  iceman at iuse se

Offline

#108 2014-10-15 21:26:36

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

I got some help on filtering the t55xx fsk signal

data plot
lf t55xx rd 0

fsk_try2.png

lf t55xx fsk

fsk_try2a.png

data grid 50  0 

fsk_try2b.png

Offline

#109 2014-10-15 21:54:19

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: [Resolved] broken: LF T55xx commands.

looks pretty  smile

Offline

#110 2014-10-16 10:59:16

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

Marshmellow, there is no ST detection in your config 0x00107060 right?

For FSK-2 and  000111 pattern I get, but it the "000111" exists in the binary I try to find (0x00107060) and it never comes back between the 32bits interval..

pm3 --> lf t55xx fsk
FIELD Length: 50
000111 position: 722
BIN: 
0000001100000
00000000000100001110000001100000
00000000000100001110000001100000
00000000000100001110000001100000
00000000000100001110000001100000
00000000000100001110000001100000
00000000000100001110000001100000
000000000001000

//Compare
hex:  0x00107060
bin:  00000000 00000000 100000111000001100000

I think that the data fsk demod will demod correct if there is an  "000111" pattern  and FSK-1

data fskdemod

Offline

#111 2014-10-16 11:20:54

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

..
nop,   I tried:

0x000c40e8 (FSK1, r/40, sst)   sst is really showing,  failed demod
0x001040e8 (FSK1, r/50, sst)  sst is really showing,  failed demod

0x000c7060 (FSK2a, r/40)  ,  success demod.
0x00107060 (FSK2a, r/50)  ,  success demod.

Offline

#112 2014-10-16 11:22:21

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: [Resolved] broken: LF T55xx commands.

there is no ST detection in your config 0x00107060 right?

correct.

Last edited by marshmellow (2014-10-16 11:22:43)

Offline

#113 2014-10-16 12:25:45

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

So many different options...

fsk1 r/40-r/50  (and inverse aka fsk1a)  (4)
fsk2 r/40-r/50  (and inverse aka fsk2a)  (4)

on top of that,  the Sequence terminator marker... 
I'm going nuts here. (well,almost)  4x4x2 = 32 different intpretations.. 

btw  the "data fskdemod"   tries fsk & manchester on top of that,  thats why it doesn't work directly with t55xx tags...

Offline

#114 2014-10-16 13:18:10

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

MilkTheif,   I guess your problems comes from a  call to  "free()"...
The only one that comes to my mind is  in   ui.c  , around row 132  -    free(bitStream);   
try and remove that line and recompile the client.

ok?

Offline

#115 2014-10-16 21:23:28

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

Adde an option to use data from the Graphbuffer in the trace/info commands.
Useful if you have a trace from someone and don't want to decode it.

data load trace.tx

lf t55xx trace 1

lf t55xx info 1

Offline

#116 2014-10-23 20:23:59

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

and the "lf t55xx fsk" works now, decoding fsk2.  However it only prints binary..  and it is not integrated with the other commads "info/trace/dump"..

Decoding Fsk2/a without starting markers is just guessing.  I guess one way would to have n known settings configuration bytes and compare with the decoded bits to see if it matches.

Offline

#117 2015-03-12 15:38:17

app_o1
Contributor
Registered: 2013-06-22
Posts: 247

Re: [Resolved] broken: LF T55xx commands.

I am interested in those sweet commands:
lf t55xx rd 0
lf t55xx dump
lf t55xx info

I am not able to use the last GitHub modification. So I tried the pm3-bin-0.0.7 by asper.
The t55xx commands included in the setting.xml does not seem to have been added to the client.
I only have these commands available:

proxmark3> lf t55xx
help             This help
readblock        <Block> -- Read T55xx block data (page 0)
readblockPWD     <Block> <Password> -- Read T55xx block data in password mode(page 0)

writeblock       <Data> <Block> -- Write T55xx block data (page 0)
writeblockPWD    <Data> <Block> <Password> -- Write T55xx block data in password mode(page 0)

readtrace        Read T55xx traceability data (page 1)

readblock and readtrace do not give any results even after issuing lf read + data samples

proxmark3> lf t55xx readblock 3
Reading block 3
#db# DONE!
proxmark3>

sad

Last edited by app_o1 (2015-03-12 15:40:08)

Offline

#118 2015-03-12 16:04:56

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

yeah,  those are not in the PM3 main trunc.    I was thinking of it but then @Marshmellow started with a total remake of the LF demod commands which I realised was something I've been struggeling when trying to fix the t55x commands.

So right now, there is a minor issue of using the @marshmellows new demod's in the t55xx.    If you want to help out, its in my fork. 

For the old commands to work,  you need

lf read
data samp
data plot
lf t55xx readblock 3

there were some timing issues in the lfops.c for the t55xx commands as well...  So, yeah, well... just saying, that I kind of identified the issues but didnt pushed fix.

Last edited by iceman (2015-03-12 16:05:23)

Offline

#119 2015-03-12 16:21:31

app_o1
Contributor
Registered: 2013-06-22
Posts: 247

Re: [Resolved] broken: LF T55xx commands.

I have never checked out your trunk! I will test that tomorrow.

Offline

#120 2015-03-13 18:36:01

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

I have pushed alot of changes to my fork regarding the remake of T55XX commands.

It seems to work quite well together with @marshmellows  new demods.

However, it needs to be tested a bit.

Can anyone do that?

Offline

#121 2015-03-14 12:25:34

app_o1
Contributor
Registered: 2013-06-22
Posts: 247

Re: [Resolved] broken: LF T55xx commands.

I am trying but I am getting a lot of errors due to QT. it is not linking properly.
Problems appears with proxguiqt.h proxgui.h (It is not finding "QApplication")

You said to use "QT 5.3.1"
mine is located here : C:\Qt\5.3\mingw482_32\include\QtWidgets
what did you use to install QT ? I used to have the Nokia SDK. I couldn't find it. So i am using qt-opensource-windows-x86-1.6.0-8-online

Offline

#122 2015-03-14 16:19:38

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

hm,  did you add the /platforms  folder under the client libarary?  Which Qt5 needs.
The same folder where u put  qwindows.dll  and qwindowsd.dll  ??

Offline

#123 2015-03-17 17:40:07

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

BIPHASE TEST:  T55XX


--BIPHASE RF/8  (FAIL)

pm3 --> lf t55 wr 0 00010040
Writing to T55x7
block : 0
data  : 0x00010040
pm3 --> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

--BIPHASE RF/16  (FAIL)

pm3 --> lf t55 wr 0 00050040
Writing to T55x7
block : 0
data  : 0x00050040
pm3 --> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

--BIPHASE RF/32  (FAIL)

pm3 --> lf t55 wr 0 00090040
Writing to T55x7
block : 0
data  : 0x00090040
pm3 --> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

--BIPHASE RF/40

pm3 --> lf t55 wr 0 000D0040
Writing to T55x7
block : 0
data  : 0x000D0040
pm3 --> lf t55xx detect
Modulation : BIPHASE
Inverted   : No
Offset     : 0
Block0     : 0x000D0040
pm3 --> lf t55xx in

-- T55xx Configuration & Tag Information --------------------
-------------------------------------------------------------
 Safer key                 : 0
 reserved                  : 0
 Data bit rate             : 3 - RF/40
 eXtended mode             : No
 Modulation                : 16 - Biphase
 PSK clock frequency       : 0
 AOR - Answer on Request   : No
 OTP - One Time Pad        : No
 Max block                 : 2
 Password mode             : No
 Sequence Start Terminator : No
 Fast Write                : No
 Inverse data              : No
 POR-Delay                 : No
-------------------------------------------------------------
 Raw Data - Page 0
     Block 0  : 0x000D0040  00000000000011010000000001000000
-------------------------------------------------------------

--BIPHASE RF/50

pm3 --> lf t55 wr 0 00110040
Writing to T55x7
block : 0
data  : 0x00110040
pm3 --> lf t55xx detect
Modulation : BIPHASE
Inverted   : No
Offset     : 0
Block0     : 0x00110040
pm3 --> lf t55xx in

-- T55xx Configuration & Tag Information --------------------
-------------------------------------------------------------
 Safer key                 : 0
 reserved                  : 0
 Data bit rate             : 4 - RF/50
 eXtended mode             : No
 Modulation                : 16 - Biphase
 PSK clock frequency       : 0
 AOR - Answer on Request   : No
 OTP - One Time Pad        : No
 Max block                 : 2
 Password mode             : No
 Sequence Start Terminator : No
 Fast Write                : No
 Inverse data              : No
 POR-Delay                 : No
-------------------------------------------------------------
 Raw Data - Page 0
     Block 0  : 0x00110040  00000000000100010000000001000000
-------------------------------------------------------------

--BIPHASE RF/64

pm3 --> lf t55 wr 0 00150040
Writing to T55x7
block : 0
data  : 0x00150040
pm3 --> lf t55xx detect
Modulation : BIPHASE
Inverted   : No
Offset     : 0
Block0     : 0x00150040
pm3 --> lf t55xx in

-- T55xx Configuration & Tag Information --------------------
-------------------------------------------------------------
 Safer key                 : 0
 reserved                  : 0
 Data bit rate             : 5 - RF/64
 eXtended mode             : No
 Modulation                : 16 - Biphase
 PSK clock frequency       : 0
 AOR - Answer on Request   : No
 OTP - One Time Pad        : No
 Max block                 : 2
 Password mode             : No
 Sequence Start Terminator : No
 Fast Write                : No
 Inverse data              : No
 POR-Delay                 : No
-------------------------------------------------------------
 Raw Data - Page 0
     Block 0  : 0x00150040  00000000000101010000000001000000
-------------------------------------------------------------

--BIPHASE RF/100

pm3 --> lf t55 wr 0 00190040
Writing to T55x7
block : 0
data  : 0x00190040
pm3 --> lf t55xx detect
Modulation : BIPHASE
Inverted   : No
Offset     : 0
Block0     : 0x00190040
pm3 --> lf t55xx in

-- T55xx Configuration & Tag Information --------------------
-------------------------------------------------------------
 Safer key                 : 0
 reserved                  : 0
 Data bit rate             : 6 - RF/100
 eXtended mode             : No
 Modulation                : 16 - Biphase
 PSK clock frequency       : 0
 AOR - Answer on Request   : No
 OTP - One Time Pad        : No
 Max block                 : 2
 Password mode             : No
 Sequence Start Terminator : No
 Fast Write                : No
 Inverse data              : No
 POR-Delay                 : No
-------------------------------------------------------------
 Raw Data - Page 0
     Block 0  : 0x00190040  00000000000110010000000001000000
-------------------------------------------------------------

--BIPHASE RF/128   (FAIL)

pm3 --> lf t55 wr 0 001d0040
Writing to T55x7
block : 0
data  : 0x001D0040
pm3 --> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

Offline

#124 2015-03-17 17:44:29

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

Marshmellows new biphase gives a decent result:

Clock rates       | outcome
40, 50, 64, 100 | pass
8, 16, 32, 128   | fail

Offline

#125 2015-03-18 11:37:29

app_o1
Contributor
Registered: 2013-06-22
Posts: 247

Re: [Resolved] broken: LF T55xx commands.

iceman wrote:

hm,  did you add the /platforms  folder under the client libarary?  Which Qt5 needs.
The same folder where u put  qwindows.dll  and qwindowsd.dll  ??

Yes I did that. But no change.
Are you not on ICQ anymore?

Offline

#126 2015-03-18 12:37:46

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

App_o1,
I had a temp webicq,  but I don't use it normally.

Offline

#127 2015-03-18 12:47:49

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

I can login on to the official IRC-channel

Offline

#128 2015-03-18 17:14:25

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [Resolved] broken: LF T55xx commands.

I enhanced the testsuite,  we can now test  ASK, FSK also.

The new detection detects all of them, but some error occures with RF/8,  RF/16.

-- ASK --
http://pastebin.com/U7j8yvZu

-- FSK --
http://pastebin.com/DS3PFUeu

Last edited by iceman (2015-03-18 18:20:48)

Offline

#129 2015-03-24 12:23:01

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: [Resolved] broken: LF T55xx commands.

In main trunk now

Offline

Board footer

Powered by FluxBB