[solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

marshmellow · 2015-03-06 19:49:38

if for some reason the demod doesn't provide a "Raw ID" to use as entry into the sim commands (for use at another time) use data printdemodbuf after demoding and it will give the binary of the Raw ID (convert to hex before using in sim commands)

marshmellow · 2015-03-10 02:49:18

Fixes now in master trunk.

MilkThief · 2015-03-13 10:51:29

Wow again!
I did'nt imagine to have to change the title on this thread...

marshmellow · 2015-03-13 18:20:11

only took 5 months

iceman · 2015-03-13 18:44:24

That is like yesterday, bro

MilkThief · 2015-03-19 18:58:03

Guys... I've tried today the new PM3... I'm enthusiastic! The sim works like a charm!
I renew my best compliments for the wonderful job!
The lf search is a real swiss-knife!

I was telling myself: now that the sim works, the best thing would be that the simulator/cloner in STANDALONE mode act as em4x instead as HID, because the most widespread lf system for access control is em4x.
Honestly I ever found a HID system in my life...

I'm interested in your opinion about that!

P.S.: and what about the "pcf7931 write"? It would be more useful than using the raw command for writing...

Last edited by MilkThief (2015-03-19 19:00:52)

iceman · 2015-03-19 19:02:06

Feel free to start programming
I have too many other things like the ul-ev1, ul-c (missing pwd), pcf9731, to think about this.

marshmellow · 2015-03-19 20:33:14

MilkThief wrote:

STANDALONE mode act as em4x instead as HID, because the most widespread lf system for access control is em4x.
Honestly I ever found a HID system in my life...

Maybe where you live. I've actually never seen an em access system. It is all hid here.

Anyway it is easy to adjust the calls for your personal situation, but be warned, the ask/Manchester demod takes wicked long on the arm. (20-30 secs) so plan accordingly.

P.S.: and what about the "pcf7931 write"? It would be more useful than using the raw command for writing...

What is a pcf7931 used for? Anyone want to send one to the US?

Last edited by marshmellow (2015-03-19 20:35:07)

iceman · 2015-03-19 20:38:54

pcf7931, is used for cars / vending machines.

MilkThief · 2015-03-19 21:22:31

marshmellow wrote:

MilkThief wrote:
STANDALONE mode act as em4x instead as HID, because the most widespread lf system for access control is em4x.
Honestly I ever found a HID system in my life...
Maybe where you live. I've actually never seen an em access system. It is all hid here.

Ok, I did not know that. Central Europe uses EM (I mean Italy, Germany, France, Swiss, Slovenia, Croatia, Austria). I see a great market proposal from China about EM (attendance tracking and access control), I thought it was the most used worldwide.

marshmellow wrote:

Anyway it is easy to adjust the calls for your personal situation, but be warned, the ask/Manchester demod takes wicked long on the arm. (20-30 secs) so plan accordingly.

Unfortunately can't figure out the way... I don't know C so good.

marshmellow wrote:

MilkThief wrote:
P.S.: and what about the "pcf7931 write"? It would be more useful than using the raw command for writing...
What is a pcf7931 used for? Anyone want to send one to the US?

Maybe I can provide one to you. Let me search for.

iceman wrote:

Feel free to start programming
I have too many other things like the ul-ev1, ul-c (missing pwd), pcf9731, to think about this.

Unfortunately I'm not a C programmer... Thank you for your honest opinion ;-)

marshmellow · 2015-03-20 05:13:34

Heh, I'm not a c programmer either (as holiman and others have noticed. . ). But we make due.

marshmellow · 2015-03-22 20:02:44

can i assume the pcf9731 read works well? it looks like an inverse biphase (or conditional dephase encoding) with some special bits between the output of each block. can someone post a trace?

the timing is pretty critical for the write mode it looks like, i don't think i could accomplish it without a tag to test with. (plus i'm still working on other items)

iceman · 2015-03-23 10:19:45

I can post some.

https://www.sendspace.com/file/zqfped

asper · 2015-03-23 12:57:12

Here are some recorded wave traces.

Password bits can be decoded like the following example:

As you can see tghe write procedure is done using Pulse Position Modulation [PPM].

Last edited by asper (2015-03-23 13:15:20)

Proxmark3 community

Announcement

#51 2015-03-06 19:49:38

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#52 2015-03-10 02:49:18

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#53 2015-03-13 10:51:29

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#54 2015-03-13 18:20:11

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#55 2015-03-13 18:44:24

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#56 2015-03-19 18:58:03

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#57 2015-03-19 19:02:06

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#58 2015-03-19 20:33:14

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#59 2015-03-19 20:38:54

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#60 2015-03-19 21:22:31

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#61 2015-03-20 05:13:34

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#62 2015-03-22 20:02:44

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#63 2015-03-23 10:19:45

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

#64 2015-03-23 12:57:12

Re: [solved] lf em4x em410xsim NOT WORKING for me. Is it broken?

Board footer