Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
I've heard a few comments like "I switched back to firmware 0.0.7, for some reason 2.0.0 wont program my Q5 tags". is there anyone out there that has some (or 1) Q5 tag that is willing to help me with some testing? i have a feeling some streamlined timings for the ata55x7s has broken the code's compatibility with the older tag.
Offline
Could be timings, there is some changes I did in the lfops.c #defines which was tighten up. Could be them.
Wouldn't harm to revert those and see it the Q5 became better
Offline
that is what i expect, but i need someone with a Q5 to help verify.
Last edited by marshmellow (2015-06-01 15:23:36)
Offline
I am very new here and will not complete my learning in LF and HF very soon, hence I have more questions, than advices or supporting ideas.
But recently with very warm-welcome collegial support on this for um I have learnt in project howto read a tag, to check using lf search; lf autodetect; to use lf read; to data samples; data save; data load, data rawdemod nr x; lf lf t55xx wr, I use commands send to serial port, and also the GUI. We have successfully completed that project with the step that pressing that copy to the reader the door, not my door but a friend apartment block, opened..
from that project it clear my intention is to learn to have profit for myself because I have now a working copy of the mysterious tag.
But I intend to do more than that.
I offer that I will use what I have learnt on this tag, to help the Proxmark group with regression work of every beta SW before release. In this way everyone would be informed if any irregularity come into any new SW
I hope in the long run, more people would join me when each newbies chip in a little bit of time, and when you fix the problem with the github's SW release revision number, then we can provide for each BETA SW release very clear test results table, which would be useful for everyone, professional or newbies.
Next I will learn about investigate and copying of EM fob to EM fob;.using Q5 to clone key/tag/fob to Q5 (I have problem here who to confirm that what I created also 100% working)
by using send serial port and GUI in the last few days also I have some ideas I would like to see an area speak out, hopefully some of it may find a way to the SW to improve it.
@Marshmellow, If I had a Q5 and had done work on cloning to Q5 you will see with each beta release and final release the regression result, you cn see where it had starts or wehere the question is simply not necessary
Appropos at the moment
you seem to have problem with
1/ some GUI command in LF, like lf config is not OK
2/ I still don't understand enough but LF snoop from the GUI seems not to work, I need to do ore to tell what is wrong
3/ tune has a bug, I can reproduce it
if we have a regression table we can know immediately with certainty. which release has problem with certain command, who has tested, when we start to have problem with a certain command
Offline
LF config works well here. As does the LF snoop and tune.
...
While I appreciate your enthusiasm and willingness to offer help, this thread is not the place to discuss such items. Please start your own thread.
Offline
I had a play with timings whist trying to figure out what was wrong, whilst i didnt reset them to their old values i did change them in that direction, in particular START_GAP seemed excessive at 50 field clocks which the Q5 data sheet suggests is the maximum allowable value, but i did not have any sucess.
Im off work tue and wed i will try to figure out whats going on and try the original values in the new code.
Offline
Not hard to change those values. The old values should be there also commented out.
Offline
I have had another poke at the timings and got my Q5 tags working again by reverting the timings to to the old values, or for start gap as close as i could get to the old value while expressing it as field clocks of 8us.
The values i used were:
#define START_GAP 31*8 // 10 - 50fc 250
#define WRITE_GAP 20*8 // - 30fc 160
#define WRITE_0 18*8 // 16 - 63fc 54fc 144
#define WRITE_1 50*8 // 48 - 63fc 54fc 432 for T55x7; 448 for E5550 //400
and this seems to have fixed the issue for me, If you'd like me to try some other timings id be happy to but as these are basically the old values which seemed to have worked before reverting to these shouldnt cause problems
Offline
Thanks! I'll verify the ata5577 works good with those timings (should) and commit.
Offline
great,
I change to new timings when the lf t55xx commands didnt work so well.
But after the remake and @marshmellows new demodulation functions it should not be needed.
Offline
@Marshmellow Could you pls look into post #2
http://www.proxmark.org/forum/viewtopic.php?id=2498
I have tried to construct a configuration for block 0 of Q5 tag. Is 0008078 for direct mod, clock 32, RF/2, 4 blocks of data, no inverse and not using Pasword?
a few things are not clear so I leave the setting to 0. I have no Q5 yet. but maybe soon. I like to understand correctly before their arriving.
Pls let us know also this SW for good operation with both Q5 and also T55x7, you iceman and Nezrab fishined with checking, and testing now, is which one in github. Howto get down this Sw with thid modification from Git??
thanks
Last edited by ntk (2015-06-04 15:26:03)
Offline
I have checked out the sw on 07/06/2015, using this Sw version Q5 writing should have no more problem, but It seems I can not change config on Q5
lf t55xx wr 0 00008078. No error reported.
But when I use lf t55xx config
it still shows the previous value "Block0 : 0x00080080 "
Do I make mistake here?
00008078 is telling Q5 to emulate for the case nz/32, 4 data blocks.
Offline
The q5 timings have not been fixed yet. Go back in time before the t55xx update.
Offline
or change the sourcecode... the old values are there, next to the new ones.
Offline
thnaks Iceman and Marshmellow.
I saw a new merge from Piwi recently, so I thought that is the part he fix with you on this thread.
Will do the method "hange the sourcecode... the old values are there, next to the new ones.". Apropos if you do a "make all flash-all", do you still have to hold the button on PM3 pressed?
Offline
Pages: 1