Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hello Guys.
I'm trying to read out a MIM1024 card with a TWN3 Legic NFC USB reader.
I actualle get a value when reading the card - it could be:
5720D9AD
Does any one know if this is the "correct" value from that kind of card - or ? Which bytes is the actual UID from the card?
I can read somewhere that sometimes a password token is nessecary to decode the card?
Thanks
Offline
I wouldn't know. Never saw a legic tag so the legic functions may work.
BUt if you can save the samples and upload it here, we could take a look at it.
Offline
Awesome
Samples? Hmm - i only have the script from the TWN and then the "reading" from the COM port... What is it you wanna me to upload?
Thanks
Offline
aha, I thought you had a PM3 since your are posting in this forum...
Offline
https://srlabs.de/blog/wp-content/uploads/2010/07/100616.EUSecWest.LegicPrime.pdf#page=49
There is also a video-recording from a talk held on 26c3
Offline
Yes OK - according to that the first byte is the UID, which should be readable with out any other problems.... It must be my "57" that's the user ID.... Correct?
Offline
no idea, but the UID should always be readable
Offline
No the first 4 bytes are the UID. Byte 5 is the CRC (and also the "encryption key" but that is another story).
Offline
Okay... Thanks @AntiCat - then the reading 57 20 D9 AD must be the 4 bytes read-out... containing the UID - then the reader doesn't read more than that....
Offline
Guess Rasmus wouldn't read it ... but maybe other people also want to know:
The Elatec TWN3 Lecgic reader/writer (the newer model is called TWN4 ) can do much more than just reading the UID
The 'legic-models' do have a Legic-Chipset inside, you can do almost anything with such a reader/writer an a Legic tag - but only with the Legic-Commandset .. which is only available if you sign a NDA with legic and/or sign a license-aggreement.
Elatec is a official Legic partner.
It should also work with the Legic-configuration-software csw-2000 / csw-4000 and/or the development-kit-software DKS-4000 (I would like to have this dev-kit ) - so if anyone has the possibility to get a copy of the csw-4000 or dks-4000 ... let me know
TWN3 Legic USB - Datasheet
TWN3 Legic USB - Supported Transponder
They (Elatec) also sell TWN3/4 without the Legic-Chipset (for half the price) .. but the do not have the name 'Legic' within there name.
You can access them with raw 'legic-commands' through usb-serial - but because it has a legic-chipset -> it also respect all 'legic-security-features' ... unlike the proxmark
Last edited by mosci (2016-02-05 21:28:47)
Offline
Pages: 1