Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2015-10-19 12:54:43
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
[14b] Trying to read data from card
Hello everyone,
I was just playing around with my new PM3 and i did not figured out what kind of card this(see attached image) could be.
Reading the company specs it should be something like Calypso or Tango card, unfortunately i didn't managed to get any infos out of it. PM3 gives me back "no tag detected" with hf search.
Actually with "hf tune" i get changes fo mV when i move the card around (what an obvious thing). Data follows:
#db# 19709 mV
#db# 19284 mV
#db# 18610 mV
#db# 18398 mV
#db# 18327 mV
#db# 18362 mV
#db# 18575 mV
#db# 18717 mV
#db# 18717 mV
#db# 18823 mV
#db# 18965 mV
#db# 19390 mV
#db# 19957 mV
#db# 20206 mV
#db# 21092 mV
#db# 21730 mV
#db# 22013 mV
#db# 22403 mV
#db# 22864 mV
#db# 23431 mV
#db# 23680 mV
#db# 24034 mV
#db# 24282 mV
#db# 24459 mV
#db# 24566 mV
#db# 24353 mV
#db# 24034 mV
#db# 23609 mV
#db# 23112 mV
#db# 22758 mV
#db# 22297 mV
#db# 21553 mV
#db# 20737 mV
#db# 19957 mV
#db# 19532 mV
#db# 19284 mV
#db# 19497 mV
#db# 19036 mV
#db# 18433 mV
#db# 18469 mV
#db# 18575 mV
#db# 18681 mV
#db# 18752 mV
#db# 18752 mV
#db# 18575 mV
#db# 18291 mV
#db# 18079 mV
#db# 18008 mV
#db# 18043 mV
#db# 18114 mV
#db# 18150 mV
#db# 18291 mV
#db# 18327 mV
#db# 18291 mV
#db# 18220 mV
#db# 18150 mV
#db# 18398 mV
#db# 18929 mV
#db# 18965 mV
#db# 18965 mV
#db# 18929 mV
#db# 19036 mV
#db# 19674 mV
#db# 20631 mV
#db# 20844 mV
#db# 20879 mV
#db# 21056 mV
#db# 21127 mV
#db# 21234 mV
#db# 21304 mV
#db# 21553 mV
#db# 21943 mV
#db# 22439 mV
#db# 23006 mV
#db# 24530 mV
#db# 25098 mV
#db# 25204 mV
#db# 25736 mV
#db# 26267 mV
#db# 26799 mV
#db# 27295 mV
#db# 27863 mV
#db# 28217 mV
#db# 28359 mV
#db# 28572 mV
#db# 28713 mV
#db# 28820 mV
#db# 28891 mV
#db# 28855 mV
#db# 28855 mV
#db# 28855 mV
#db# 28855 mV
#db# 28820 mV
#db# 28749 mV
#db# 28713 mV
#db# 28536 mV
#db# 28536 mV
#db# 28536 mV
#db# 28572 mV
#db# 28784 mV
#db# 29068 mV
#db# 29245 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29281 mV
#db# 29245 mV
#db# 28962 mV
#db# 28394 mV
#db# 27650 mV
#db# 26551 mV
#db# 25381 mV
#db# 24318 mV
#db# 23538 mV
#db# 22935 mV
#db# 22439 mV
#db# 21978 mV
#db# 21517 mV
#db# 21021 mV
#db# 20489 mV
#db# 19993 mV
#db# 19709 mV
#db# 19780 mV
#db# 19816 mV
#db# 19887 mV
#db# 19922 mV
#db# 19957 mV
#db# 19887 mV
#db# 19816 mV
#db# 19745 mV
#db# 19497 mV
#db# 18894 mV
#db# 17901 mV
#db# 16412 mV
#db# 15349 mV
#db# 15314 mV
#db# 15491 mV
#db# 15739 mV
#db# 15810 mV
#db# 15845 mV
#db# 16093 mV
#db# 16342 mV
#db# 16625 mV
#db# 16944 mV
#db# 17086 mV
#db# 17086 mV
#db# 17157 mV
#db# 17228 mV
#db# 17228 mV
#db# 17192 mV
#db# 17157 mV
#db# 17192 mV
#db# 17086 mV
#db# 16873 mV
#db# 16838 mV
#db# 16802 mV
#db# 16732 mV
#db# 16696 mV
#db# 16625 mV
#db# 16625 mV
#db# 16661 mV
#db# 16696 mV
#db# 16661 mV
#db# 16448 mV
#db# 16129 mV
#db# 15845 mV
#db# 15384 mV
#db# 15136 mV
#db# 14924 mV
#db# 14640 mV
#db# 14569 mV
#db# 14959 mV
#db# 15243 mV
#db# 15065 mV
#db# 15065 mV
#db# 15384 mV
#db# 15526 mV
#db# 15455 mV
#db# 15349 mV
#db# 14959 mV
#db# 14569 mV
#db# 14711 mV
#db# 14853 mV
#db# 14605 mV
#db# 14392 mV
#db# 14002 mV
#db# 13647 mV
#db# 13222 mV
#db# 12726 mV
#db# 12336 mV
#db# 11840 mV
#db# 11450 mV
#db# 10882 mV
#db# 10670 mV
#db# 10457 mV
#db# 10209 mV
#db# 9890 mV
#db# 9571 mV
#db# 9394 mV
#db# 9464 mV
#db# 9429 mV
#db# 9500 mV
#db# 9500 mV
#db# 9464 mV
#db# 9429 mV
#db# 9429 mV
#db# 9429 mV
#db# 9394 mV
#db# 9358 mV
#db# 9323 mV
#db# 9287 mV
#db# 9181 mV
#db# 9075 mV
#db# 8933 mV
#db# 8755 mV
#db# 8614 mV
#db# 8649 mV
#db# 8685 mV
#db# 8720 mV
#db# 8755 mV
#db# 8968 mV
#db# 8933 mV
#db# 8897 mV
#db# 8968 mV
#db# 9110 mV
#db# 9110 mV
#db# 9323 mV
#db# 9287 mV
#db# 9110 mV
#db# 8791 mV
#db# 8649 mV
#db# 8755 mV
#db# 8968 mV
#db# 9039 mV
#db# 9323 mV
#db# 9429 mV
#db# 9464 mV
#db# 9535 mV
#db# 9394 mV
#db# 9358 mV
#db# 9571 mV
#db# 9890 mV
#db# 10422 mV
#db# 10599 mV
#db# 10989 mV
#db# 10882 mV
#db# 10209 mV
#db# 9925 mV
#db# 9571 mV
#db# 8295 mV
#db# 7869 mV
#db# 8295 mV
#db# 8330 mV
#db# 8436 mV
#db# 8578 mV
#db# 8791 mV
#db# 9004 mV
#db# 9145 mV
#db# 9110 mV
#db# 9004 mV
#db# 8933 mV
#db# 8897 mV
#db# 8933 mV
#db# 8933 mV
#db# 8968 mV
#db# 9039 mV
#db# 9075 mV
#db# 9216 mV
#db# 9358 mV
#db# 9464 mV
#db# 9571 mV
#db# 9748 mV
#db# 9677 mV
#db# 9677 mV
#db# 9783 mV
#db# 9677 mV
#db# 9500 mV
#db# 9571 mV
#db# 9571 mV
#db# 9535 mV
#db# cancelledLast edited by Pummarola (2015-11-18 23:18:19)
Offline
#2 2015-10-19 13:05:08
- meter
- Contributor
- Registered: 2015-07-13
- Posts: 78
Re: [14b] Trying to read data from card
Here is the pic. Black spaces are hidden personal data.
http://postimg.org/image/luab2nkzj/
Hi, can you tell me which is the difference between your image and this:
try to post the result of commands:
hf list 14a
hf list 14b
so we can understand which standard use it.
Offline
#3 2015-10-19 13:16:35
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
well you are right, but unfortunately there is no result out of those commands. Probably i'm missing something
proxmark3> hf list 14a
Recorded Activity (TraceLen = 0 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
|
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
proxmark3> hf list 14b
Recorded Activity (TraceLen = 0 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
|
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
proxmark3>Offline
#4 2015-10-19 13:19:27
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
by the output from his "hf tune" it indicates it is high freq tag.
But without knowing the company name, or tag type, is gonna be hard.
If it is calypso, you would need to try sending some raw commands.. "hf 14b raw..." there is thread about calypso tags,
ref: http://www.proxmark.org/forum/viewforum.php?id=2533
You will have to share more info if you want to get some help.
Offline
#5 2015-10-19 13:23:41
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Actually i can share it, but that's all in Italian language. I did try some raw commands with no result, the link provided gives me "outdated" error.
Here are the company specs for that cards.
Last edited by Pummarola (2015-11-18 01:29:13)
Offline
#6 2015-10-19 13:45:46
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
it mentions Mifare Ultralight and Calypso..
The calypso is strange, you need to have the tag on a precis spot and the tag needs to be initialised of the ticketing system.
Read that thread, you should be able to run the "hf 14b raw" commands with success.
Offline
#7 2015-10-19 14:14:38
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Here is the result of init raw command, i tried many times, with no different behaviour
Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2015-08-16 18:49:55
os: /-suspect 2015-08-16 18:50:03
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/06/22 at 21:47:54
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 166521 bytes (32%). Free: 357767 bytes (68%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf 14b raw -c -p 05 00 08
received 0 octets
proxmark3> hf list raw
Recorded Activity (TraceLen = 14 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
|-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 0 | Rdr | 05 00 08 39 73 | |Actually i have 4 of these cards which are from different "ages" 2012, through 2015, same result for everyone of them.
Thank you.
Offline
#8 2015-10-19 14:57:33
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
there is another startup command for 14b 06..
Have you tried the "Hf 15"? íclass?
Offline
#9 2015-10-19 15:25:35
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: [14b] Trying to read data from card
It probably is a CD21 (a chip from ST Microelectronics) contact/contactelss smartcard using Calypso standard (if it is quite old it can be ISO14443B'). 99.9% it is NOT a mifare, but it can be a mifare-emulate (I don't think so).
Offline
#10 2015-10-19 15:27:46
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Sure i tried befor, with "hf list iclass" and "hf 15 reader" same result with no data at all.
proxmark3> hf 15 reader
#db# -1 octets read from IDENTIFY request:
#db# 0 octets read from SELECT request:
#db# 0 octets read from XXX request:
proxmark3> hf list iclass
Recorded Activity (TraceLen = 0 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
|
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|Don't know what init command 06 is, do you mean "06 00 08"? Anyway same "0 octets received".
I'm just trying and trying, but it seems to be an unreadable card. I will keep trying. 
Offline
#11 2015-10-19 16:56:59
- meter
- Contributor
- Registered: 2015-07-13
- Posts: 78
Re: [14b] Trying to read data from card
You can try with snoop between card and official reader.
hf 14b snoop
hf 14a snoop
and so on...
but if the card is B' as tell asper, you need of "hf snoop", a patch never arrived in official github, so you can understand as decode the comunication between card and reader
Offline
#12 2015-10-19 17:09:26
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
I'll give it a try with various official snoop commands even if it's not easy to access official reader(as you could imagine), unfortunately i think it could be a B' card. Is there any unofficial patch for B'??
Thanks.
Offline
#13 2015-10-21 09:57:22
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
made some progress with "hf 14b snoop" but i receive various "FAIL CRC" errors when i read the data from "hf 14b list".
I will keep trying with 14a and iclass and report back.
Can i post my result data?
Offline
#14 2015-10-21 14:31:11
- meter
- Contributor
- Registered: 2015-07-13
- Posts: 78
Re: [14b] Trying to read data from card
Can i post my result data?
Sure, why not?
Offline
#15 2015-10-22 09:35:49
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
so here it is, the 14b snoop result.
root@flo:/storage/emulated/0 # proxmark3 /dev/ttyACM1
proxmark3> hf 14b snoop
#db# Snooping buffers initialized:
#db# Trace: 39232 bytes
#db# Reader -> tag: 256 bytes
#db# tag -> Reader: 256 bytes
#db# DMA: 256 bytes
#db# blew circular buffer! behindBy=239
#db# Snoop statistics:
#db# Max behind by: 239
#db# Uart State: 1
#db# Uart ByteCnt: 2
#db# Uart ByteCntMax: 256
#db# Trace length: 0
proxmark3> hf 14b list
recorded activity:
time :rssi: who bytes
---------+----+----+-----------
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : (SHORT)
+ 0: : 05 43 01 50 c0 54 30 15 0c 05 43 01 **FAIL CRC**
+542408784: : (SHORT)
+-542408784: : (SHORT)
+1048642: 134291460: TAG (SHORT)
+ 1024: 138477572: TAG (SHORT)
+ -1026: 73732: TAG 00 (SHORT)
+-1048640: : (SHORT)
+539000960: : (SHORT)
+ 0: : (SHORT)
+33554433: : 00 00 00 00 00 45 40 05 60 01 58 00 16 00 05 80 09 60 01 58 00 56 00 15 80 07 60 01 58 00 56 00 15 80 11 00 00 00 00 00 00 c5 40 03 60 00 d8 00 36 00 0d 80 03 60 00 d8 00 36 00 0d 80 01 70 00 c8 00 36 00 0d 80 00 00 00 00 00 00 00 00 00 04 **FAIL CRC**
+-571768657: : 30 01 0c 00 **FAIL CRC**
+1074003731: 134242308: TAG (SHORT)
+ 0: 0: TAG (SHORT)
+-1074790467: : 03 00 00 c0 00 30 00 0c 00 03 00 00 d0 00 24 00 08 00 03 00 00 c0 00 00 00 00 00 00 00 00 05 01 31 40 4c 50 13 14 04 c5 01 31 40 4c 50 13 14 04 45 05 11 00 48 40 13 10 04 c0 00 00 00 00 00 00 00 00 23 05 68 c1 5a 70 56 8c 15 a3 05 68 c1 5a 30 56 8c 15 a3 05 68 c0 5a 30 56 8c 15 80 00 00 **FAIL CRC**
+ 0: : 00 08 00 02 00 00 80 00 20 00 08 80 02 20 00 90 00 24 01 08 00 02 00 00 80 00 00 00 00 00 00 00 **FAIL CRC**
+1648625664: : 11 88 44 62 11 18 04 46 01 11 88 44 60 11 18 84 46 21 11 80 00 00 00 00 00 00 00 00 00 45 50 11 54 **FAIL CRC**
+-1296216828: : 04 55 01 11 40 41 50 11 54 04 55 01 15 80 11 00 00 00 00 00 00 c5 40 03 60 00 d8 00 36 00 0d 80 03 60 00 d8 00 16 00 0d 80 01 70 01 c8 00 36 00 0d 80 00 00 00 00 00 00 00 00 00 04 30 01 0c 00 43 00 10 c0 04 30 01 0c 01 43 00 10 c0 04 60 00 88 00 43 00 **FAIL CRC**
+-352359668: : (SHORT)
+805257200: : (SHORT)
+ 49152: : (SHORT)
+-201322496: : (SHORT)
+-603983872: : (SHORT)
+822101248: : 04 c5 01 31 40 4c 50 13 14 04 c5 05 31 00 48 40 13 10 04 c0 **FAIL CRC**
+-822150400: : 05 68 c1 5a 30 56 8c 15 a3 05 68 c1 5a 30 56 8c 15 a3 05 68 c1 5a 30 56 8c 15 80 00 00 00 00 00 00 00 00 **FAIL CRC**
+2097152: : (SHORT)
+ 128: : (SHORT)
+ 262160: : (SHORT)
+-2359312: : (SHORT)
+291652488: : 88 44 62 11 18 84 46 01 51 88 44 60 11 18 84 46 21 **FAIL CRC**
+-291619831: : (SHORT)
+1346666479: : 11 (SHORT)
+-1056225984: : 40 41 50 10 54 04 55 01 15 40 00 00 00 00 00 00 00 **FAIL CRC**
+818987712: : 85 08 20 42 08 50 82 05 20 85 48 21 42 0c 50 82 14 20 85 00 00 00 00 00 00 00 00 00 0a 01 02 80 **FAIL CRC**
proxmark3>Today i've tried to snoop 14a but something went wrong, when i've launched "hf 14a snoop" proxmark didn't started anything, i think i have also to start "hf list 14a" at the same time. Am i right?
Last edited by Pummarola (2015-10-22 12:02:34)
Offline
#16 2015-10-22 11:55:24
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
yikes, that output was nasty looking. where is Holiman when you need him? 
Offline
#17 2015-10-22 12:01:59
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
what do you think is the problem? do i have to try again?
Last edited by Pummarola (2015-10-22 12:02:19)
Offline
#18 2015-10-22 12:04:09
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
Sorry, I wouldn't know. I never seen a 14b' snoop, and I don't know the protocol either.
However, you would need to search for a 14b' protocol data sheet online and start match it with this output.
Offline
#19 2015-10-22 14:30:33
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
are you sure that's 14b'? how do you can tell that?
Offline
#20 2015-10-22 15:21:27
- meter
- Contributor
- Registered: 2015-07-13
- Posts: 78
Re: [14b] Trying to read data from card
hf 14b list is a deprecated command so you are using an old version of firmware. Try with lastest version from github.
A lot of improvements have been done on 14B lately.
The difference between 14B and 14B' not are bytes but signal as between 14A and 14B, but maybe 14B and 14B' are similar so something PM3 catch some bytes but only for error. With HF Snoop all is different, you can see the signal without problems, as for LF. My friend is working on porting enio's patch to lastest version on github, so you should have more test todo.
Offline
#21 2015-10-22 15:32:31
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
@pummarola,
whats the output of "hw version" ?
And have you downloaded / compiled / flashed the latest sourcecode from GitHub?
That client should have a nicer output for 14b. And the 14b command has been improved as @meter mentions.
Offline
#22 2015-10-22 15:46:38
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
here it is my hw ver, i flashed the version contained in 2.2.0 windows client from forum.
Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2015-08-16 18:49:55
os: /-suspect 2015-08-16 18:50:03
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/06/22 at 21:47:54
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 166521 bytes (32%). Free: 357767 bytes (68%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash MemoryLast edited by Pummarola (2015-10-22 15:46:59)
Offline
#23 2015-10-22 15:48:18
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: [14b] Trying to read data from card
With HF Snoop all is different, you can see the signal without problems, as for LF. My friend is working on porting enio's patch to lastest version on github, so you should have more test todo.
I'd love to see hf snoop finished!
I hope it goes well.
Offline
#24 2015-10-22 23:06:24
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Just compiled and flashed latest git version, btw i tried to snoop 14a and i think proxmark3 intefere with official reader(hf 14a snoop and hf 14a list then moved near reader and card), and card is not read by the reader. When i move the proxmark away, the card is correctly read by the reader. Strange behaviour!
Any other ideas?
How can you confirm it's a 14b'? and not a straight 14b?
Tomorrow i'll try again.
Last edited by Pummarola (2015-10-22 23:07:58)
Offline
#25 2015-10-22 23:14:44
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: [14b] Trying to read data from card
Did you try the 14b snoop with the new firmware? Results?
Offline
#26 2015-10-22 23:29:56
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Tomorrow i will report about it
Offline
#27 2015-10-23 09:23:26
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
the thing is where you write "hf 14a list"... it is a deprecated command.
The command to use is: 'hf list 14a'
This makes me wonder if you are using the latest client together with the latest compiled firmware...
Offline
#28 2015-10-23 17:02:38
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Actually i do think it could be a client version problem, because i'm using the android client 2.0.0 and probably it's now outdated. I think i have to try with a notebook with latest client compiled. Also because with that client version i can't use hf list 14a but only hf 14a list, with as I know now it's deprecated. 
Last edited by Pummarola (2015-10-23 17:03:26)
Offline
#29 2015-10-29 01:50:19
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
proxmark3> hf list 14a
Recorded Activity (TraceLen = 243 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
-----------|-----------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 256 | Tag | 00! | |
20176 | 20368 | Tag | 01 | |
81328 | 81712 | Tag | 01 | |
88128 | 88384 | Tag | 00! | |
156352 | 156544 | Tag | 01 | |
191632 | 191824 | Tag | 01 | |
252032 | 252288 | Tag | 00! | |
279536 | 279792 | Tag | 00! | |
286496 | 286688 | Tag | 01 | |
341584 | 341840 | Tag | 00! | |
355360 | 355552 | Tag | 01 | |
433584 | 433776 | Tag | 01 | |
598208 | 598400 | Tag | 01 | |
2150368 | 2150560 | Tag | 01 | |
2528976 | 2529232 | Tag | 00! | |
3574032 | 3574416 | Tag | 00! | |
3590832 | 3596912 | Tag | fb! ff 7f! dd 9f 03! | !crc|
4259600 | 4263888 | Tag | ed! 6b! fd! 35! | |
7950608 | 7954384 | Tag | f7! fd! fb! 03! | |
7968048 | 7968240 | Tag | 01 | |
8067024 | 8069776 | Tag | ff d7 07 | |
8183936 | 8184256 | Tag | 03! | |
8198576 | 8199536 | Tag | 7d! | |
proxmark3>made some progress with it
got this result from snooping 14a with latest client version, any ideas?
Last edited by Pummarola (2015-10-29 10:22:35)
Offline
#30 2015-11-10 10:41:01
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
again snooped with 14a but can't get how to initialize the card
Prox/RFID mark3 RFID instrument
bootrom: master/v2.2.0-94-g2487dfe-suspect 2015-11-09 19:40:41
os: master/v2.2.0-94-g2487dfe-suspect 2015-11-09 19:40:44
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 171411 bytes (33%). Free: 352877 bytes (67%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hf 14a snoop
proxmark3> hf list 14a
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# cancelled by button
#db# COMMAND FINISHED
#db# maxDataLen=3, Uart.state=0, Uart.len=0
#db# traceLen=1170, Uart.output[0]=00000005
Recorded Activity (TraceLen = 1170 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 480 | Rdr |05! | | ?
86848128 | 86848352 | Rdr | 01 | | ?
88181632 | 88181856 | Rdr | 01 | | ?
88183456 | 88183680 | Rdr | 01 | | ?
88185616 | 88185840 | Rdr | 01 | | ?
89721812 | 89722004 | Tag | 01 | |
89777604 | 89777796 | Tag | 01 | |
89995412 | 89995604 | Tag | 01 | |
90029620 | 90030004 | Tag | 01 | |
90091188 | 90091380 | Tag | 01 | |
90160452 | 90160644 | Tag | 01 | |
90212244 | 90212500 | Tag |00! | |
90218756 | 90218948 | Tag | 01 | |
90348324 | 90348644 | Tag |03! | |
90464580 | 90464836 | Tag |00! | |
90499412 | 90499732 | Tag |03! | |
90525828 | 90526084 | Tag |00! | |
90553492 | 90553684 | Tag | 01 | |
90629156 | 90629476 | Tag |03! | |
90643988 | 90644244 | Tag |00! | |
90655620 | 90655940 | Tag |03! | |
90669188 | 90669380 | Tag | 01 | |
90696644 | 90696836 | Tag | 01 | |
90737364 | 90737556 | Tag | 01 | |
90951892 | 90952212 | Tag |03! | |
91054356 | 91054612 | Tag |00! | |
91157684 | 91157876 | Tag | 01 | |
91171316 | 91171700 | Tag |00! | |
91252148 | 91252340 | Tag | 01 | |
91327460 | 91327652 | Tag | 01 | |
91409348 | 91409540 | Tag | 01 | |
91424004 | 91424196 | Tag | 01 | |
91477700 | 91477956 | Tag |00! | |
91511892 | 91512148 | Tag |00! | |
91588404 | 91588596 | Tag | 01 | |
91634980 | 91635236 | Tag |00! | |
91703748 | 91703940 | Tag | 01 | |
91819412 | 91819604 | Tag | 01 | |
91868180 | 91868436 | Tag |00! | |
91998836 | 91999092 | Tag |00! | |
92113860 | 92114052 | Tag | 01 | |
92205716 | 92205908 | Tag | 01 | |
92307124 | 92307316 | Tag | 01 | |
93131892 | 93132596 | Tag |17! | |
93200916 | 93201748 | Tag |36! | |
93245412 | 93245924 | Tag |03! | |
109699684 | 109699876 | Tag | 01 | |
109719604 | 109719796 | Tag | 01 | |
110016916 | 110017172 | Tag |00! | |
110025044 | 110025236 | Tag | 01 | |
110281476 | 110281668 | Tag | 01 | |
110329796 | 110330052 | Tag |00! | |
110519588 | 110519780 | Tag | 01 | |
110621252 | 110621444 | Tag | 01 | |
110731988 | 110732308 | Tag |03! | |
110739060 | 110739252 | Tag | 01 | |
110852036 | 110852228 | Tag | 01 | |
111313236 | 111313492 | Tag |00! | |
111389540 | 111389796 | Tag |00! | |
111438084 | 111438340 | Tag |00! | |
111507652 | 111507908 | Tag |00! | |
111611556 | 111611812 | Tag |00! | |
111673716 | 111673972 | Tag |00! | |
111935892 | 111936084 | Tag | 01 | |
111943908 | 111944164 | Tag |00! | |
112006308 | 112006500 | Tag | 01 | |
112197956 | 112198212 | Tag |00! | |
112254516 | 112254708 | Tag | 01 | |
112502996 | 112503252 | Tag |00! | |
112538884 | 112539076 | Tag | 01 | |
112580452 | 112580644 | Tag | 01 | |
112733940 | 112734132 | Tag | 01 | |
112766292 | 112766548 | Tag |00! | |
112830948 | 112831204 | Tag |00! | |
112877172 | 112877428 | Tag |00! | |
113306772 | 113307028 | Tag |00! | |
113536932 | 113537124 | Tag | 01 | |
113584260 | 113584516 | Tag |00! | |
113899076 | 113899268 | Tag | 01 | |
113952036 | 113952228 | Tag | 01 | |
114158676 | 114158932 | Tag |00! | |
114214740 | 114214996 | Tag |00! | |
114290084 | 114290340 | Tag |00! | |
114316980 | 114317172 | Tag | 01 | |
114571188 | 114571444 | Tag |00! | |
114620292 | 114620484 | Tag | 01 any advice?
Offline
#31 2015-11-10 22:34:28
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: [14b] Trying to read data from card
have you tried the hf 14b snoop?
post the hf list 14b after?
Offline
#32 2015-11-11 00:47:38
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
actually i did it, first page one of latest posts. Btw will try again tomorrow and report it back
Offline
#33 2015-11-11 01:06:39
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: [14b] Trying to read data from card
I only see two 14a snoops since latest firmware.
Maybe I missed it?
Offline
#34 2015-11-11 14:56:42
- meter
- Contributor
- Registered: 2015-07-13
- Posts: 78
Re: [14b] Trying to read data from card
No miss, he post only 14b snoop with a very old firmware, so pretty useless.
@Pummarola the lastest version is very important on PM3, about every day there are new updates, new improvements, so is very important do test with latest version.
For example now there is hf snoop in official github, you can try it and post the result. My friend has ported in github because I asked to him for you.
Offline
#35 2015-11-12 14:46:03
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: [14b] Trying to read data from card
Marshmellow is specialist on helping noobs.
Thx for the complement. . I try to give back some since I've learned a lot here.
Offline
#36 2015-11-18 01:09:58
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Backing in topic, i have snooped some data and i'm trying to learn from it, probably i will have to go with raw data because it's better for understanding card init command sent from reader. I'm compiling latest versions as soon as there are commits. However "yes" marshmellow is very good in helping proxmark noobs
Regards
Last edited by Pummarola (2015-11-18 20:34:59)
Offline
#37 2015-11-19 11:56:24
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
seems i have got something new. Just snooped twice just to be sure.
proxmark3> hf list 14b
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# cancelled
#db# Snoop statistics:
#db# Max behind by: 141
#db# Uart State: 0
#db# Uart ByteCnt: 0
#db# Uart ByteCntMax: 256
#db# Trace length: 108
Recorded Activity (TraceLen = 108 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 0 | Rdr | 01 0b 1f 80 a1 78 | !crc| ?
20592 | 20592 | Rdr | 01 89 3f 80 a1 78 | !crc| ?
41302 | 41302 | Rdr | 01 89 3f 80 a1 78 | !crc| ?
52952 | 52952 | Rdr | 21 c2 06 94 b2 01 1c 1d 02 9e 59 ad 9c 83 | !crc| ?
76758 | 76758 | Rdr | 21 06 06 94 b2 02 4c 1d fe 2e | ok | ?
115036 | 115036 | Tag | 20 | |
135664 | 135664 | Tag |<empty trace - possible error> | |
proxmark3>proxmark3> hf list 14b
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# cancelled
#db# Snoop statistics:
#db# Max behind by: 164
#db# Uart State: 0
#db# Uart ByteCnt: 0
#db# Uart ByteCntMax: 256
#db# Trace length: 90
Recorded Activity (TraceLen = 90 bytes)
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
iso14443a - All times are in carrier periods (1/13.56Mhz)
iClass - Timings are not as accurate
Start | End | Src | Data (! denotes parity error) | CRC | Annotation |
------------|------------|-----|-----------------------------------------------------------------|-----|--------------------|
0 | 0 | Rdr | 01 0b 3f 80 a1 78 | ok | ?
11502 | 11502 | Rdr | 21 c2 06 94 b2 01 3c 1d 02 be 59 ad 9c 83 | ok | ?
23508 | 23508 | Rdr | 21 04 06 94 b2 01 4c 1d 21 f6 | ok | ?
35320 | 35320 | Rdr | 21 06 06 94 b2 02 4c 1d fe 0e | !crc| ?
114122 | 114122 | Tag | 2c 44 | |
proxmark3>started to play around with that.
Offline
#38 2015-11-19 12:25:15
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: [14b] Trying to read data from card
It seems to be a dual interface smartcard and the data you sniffed are (or seem to be) a smartcard apdu communication transaction (commands that can be send via contact interface embedded inside a rfid commandset); it is good that you managed to sniff.
You should try to sniff the very beginning of the transaction and see if the byte "E0" comes out.
If you have a smartcart (contact!) reader I can give you some commands to be tested.
Last edited by asper (2015-11-19 12:31:59)
Offline
#39 2015-11-19 12:38:03
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
sure, if you mean this kind of reader, i own it. http://www.hicoproduction.com/images/66.jpg
This was first attempt i made, with no luck, indeed.
Last edited by Pummarola (2015-11-19 12:41:55)
Offline
#40 2015-11-19 19:28:52
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: [14b] Trying to read data from card
Do you have a software to send APDUs like Smart Card Toolset Pro ?
Offline
#41 2015-11-20 02:16:52
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Affirmative.
I have also jsmartcard explorer
Last edited by Pummarola (2015-11-20 02:18:10)
Offline
#42 2015-11-21 00:08:22
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: [14b] Trying to read data from card
Ok, so you can try starting the software, put the card in the reader and show the ATR (I suggest you Smart Card Toolset Pro).
Offline
#43 2015-11-21 11:15:22
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Here it is the ATR
3B 6F 00 00 80 5A 08 03 03 00 00 00 02 BE 59 AD 82 90 00Inserting another card here is the ATR
3B 6F 00 00 80 5A 08 03 03 00 00 00 01 E8 30 61 82 90 00Stating on what i've found around google it's a Navigo contact type card. Because of the initial part of the ATR.
Used card peek to analyse content of the cards
<?xml version="1.0" type="UTF-8"?>
<cardpeek>
<version>0.8.4-win32</version>
<node>
<attr name="classname">card</attr>
<attr name="label">CALYPSO</attr>
<node>
<attr name="classname">atr</attr>
<attr name="label">cold ATR</attr>
<attr name="size">19</attr>
<attr name="val" encoding="bytes">8:3B6F0000805A08030300000002BE59AD829000</attr>
<node>
<attr name="classname">item</attr>
<attr name="label">Possibly identified card</attr>
<attr name="val">Card supporting a Calypso application Rev 1
Navigo (France) transport card
ACTV (Italy) transport card</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">ICC</attr>
<attr name="id">0002</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:06C2084998888500FFFFFFFFFFFFFFFF02BE59AD465230383000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">ID</attr>
<attr name="id">0003</attr>
</node>
<node>
<attr name="classname">folder</attr>
<attr name="label">Ticketing</attr>
<attr name="id">2000</attr>
<node>
<attr name="classname">file</attr>
<attr name="label">Environment</attr>
<attr name="id">2001</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0007D00000573E1C533E00000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Event logs</attr>
<attr name="id">2010</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:36800000003683EE92965280010C0190019000000000002B0000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">2</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:36800000003683EE898D3180010C02B002B00000000000190000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">3</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:36800000003683EE73827000010C0190019000000000002B0000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Contracts</attr>
<attr name="id">2020</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:106D01213E1F410E299F7801000A01631F395200000000000000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">2</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">3</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">4</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Contracts</attr>
<attr name="id">2030</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202A</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202B</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202C</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202D</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202E</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:3FFFFF0000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202F</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:3FFFFF0000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2060</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:3FFFFF0000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2061</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:3FFFFF0000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2062</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2069</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000003FFFFF3FFFFF3FFFFF3FFFFF0000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Special events</attr>
<attr name="id">2040</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Contract list</attr>
<attr name="id">2050</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
</node>
</node>
</cardpeek>and second card
<?xml version="1.0" type="UTF-8"?>
<cardpeek>
<version>0.8.4-win32</version>
<node>
<attr name="classname">card</attr>
<attr name="label">CALYPSO</attr>
<node>
<attr name="classname">atr</attr>
<attr name="label">cold ATR</attr>
<attr name="size">19</attr>
<attr name="val" encoding="bytes">8:3B6F0000805A08030300000001E83061829000</attr>
<node>
<attr name="classname">item</attr>
<attr name="label">Possibly identified card</attr>
<attr name="val">Card supporting a Calypso application Rev 1
Navigo (France) transport card
ACTV (Italy) transport card</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">ICC</attr>
<attr name="id">0002</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:8680411082E05100FFFFFFFFFFFFFFFF01E83061465230383000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">ID</attr>
<attr name="id">0003</attr>
</node>
<node>
<attr name="classname">folder</attr>
<attr name="label">Ticketing</attr>
<attr name="id">2000</attr>
<node>
<attr name="classname">file</attr>
<attr name="label">Environment</attr>
<attr name="id">2001</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0007D000004B3E0E4B3E00000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Event logs</attr>
<attr name="id">2010</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:36800000003683278FE9FD00018C02B002B00000000000190000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">2</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:3680000000368327739A7300014C0190019000000000002B0000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">3</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:36800000003683276FD5FA80018C02B002B00000000000190000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Contracts</attr>
<attr name="id">2020</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:106D01193E000007259F6B01A2D0006317444600000000000000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">2</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">3</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">4</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Contracts</attr>
<attr name="id">2030</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202A</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202B</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202C</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202D</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202E</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">202F</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2060</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2061</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2062</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000FFFFFF000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Counters</attr>
<attr name="id">2069</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Special events</attr>
<attr name="id">2040</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
<node>
<attr name="classname">file</attr>
<attr name="label">Contract list</attr>
<attr name="id">2050</attr>
<node>
<attr name="classname">record</attr>
<attr name="label">record</attr>
<attr name="id">1</attr>
<attr name="size">29</attr>
<attr name="val" encoding="bytes">8:0000000000000000000000000000000000000000000000000000000000</attr>
</node>
</node>
</node>
</node>
</cardpeek>you can copy and paste into txt file and save as xml, and open it with cardpeek.
Last edited by Pummarola (2015-11-21 11:47:08)
Offline
#44 2015-11-21 22:56:12
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: [14b] Trying to read data from card
It probably uses Calypso standard (often used in transport systems) which is proprietary and actually undisclosed to public (for what know you need to be a transport service provider and you must pay to have it). If you want to study/reversing it you need to know the command set; you can get some info sniffing transaction but it will be an hard work.
Offline
#45 2015-11-22 03:08:28
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
At least we know what it is, never imagined it would have been simple. I will keep studying it, if anyone has some other hints he's free to post them.
Last edited by Pummarola (2015-11-22 03:08:44)
Offline
#46 2015-11-22 12:20:49
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
there is threads on this forum about calypso...
go for the hf 14b raw commands..
Offline
#47 2015-11-23 01:57:28
- Pummarola
- Contributor
- Registered: 2015-10-19
- Posts: 36
Re: [14b] Trying to read data from card
Hi Ice, I will read better that topic, but as i see every single raw command sent to card gave me 0 octets received.
Last edited by Pummarola (2015-11-23 01:57:43)
Offline
#48 2015-11-23 11:10:59
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
depends if your calypso tag is initialized or not on the transit system. I have a tag which never been used and I also only get nothing from the tag. Someone else did the same on a tag that been used, and got all responds like expected.
Offline
#49 2016-02-23 12:56:33
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,506
- Website
Re: [14b] Trying to read data from card
and I just heard it has a custom anti-collision solution, before it starts to answer normal apdu's
Offline