Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2009-03-22 23:27:02

edo512
Contributor
Registered: 2008-10-07
Posts: 103

125kHz snoop ?

Hi all,

   As far as I can see, at the moment the proxmark would not be able to snoop on 125kHz communications between tags & readers: am I missing something there? I'd like to be able to do this to better understand some weird 125kHz tags I have... Do you think it would be possible to implement this type of feature without touching the FPGA code ?

Ed

Offline

#2 2009-03-22 23:53:32

touf
Contributor
Registered: 2008-12-11
Posts: 27

Re: 125kHz snoop ?

i'm just starting here so everything i'm gonna say can be far away from the truth :

the point of snooping is to get all the part of a communication between a tag and a reader.
i'm not sure that 125Khz are having any kind of 'communication'.
the tag is only seending his id when he gets powered up by a reader.

so there would be nothing to snoop.

Offline

#3 2009-03-23 07:07:58

edo512
Contributor
Registered: 2008-10-07
Posts: 103

Re: 125kHz snoop ?

Hmm, not necessarily quite true: just getting raw samples of the communication between the tag & reader can be useful to determine what type of modulation the tag & reader use. I agree, though, most 125kHz tags just send their ID, but a lot of LF tags can still be programmed using proprietary commands.

Offline

#4 2009-03-23 09:13:12

rule
Member
Registered: 2008-05-21
Posts: 417

Re: 125kHz snoop ?

It can be more than only the ID, take for example the hitag2 product. It communicates over LF, but still uses an encrypted communication. The cipher is very similar to the MIFARE Classic. More info about this can be found here.

Offline

#5 2009-12-05 11:22:40

adam@algroup.co.uk
Contributor
From: UK
Registered: 2009-05-01
Posts: 203
Website

Re: 125kHz snoop ?

touf wrote:

i'm just starting here so everything i'm gonna say can be far away from the truth :

the point of snooping is to get all the part of a communication between a tag and a reader.
i'm not sure that 125Khz are having any kind of 'communication'.
the tag is only seending his id when he gets powered up by a reader.

so there would be nothing to snoop.

actually, things like 125khz hotel keys have stored data blocks, so snooping the  reader commands that are used to access those blocks when the key is presented would be very useful...

Offline

#6 2010-03-18 17:50:54

CardSaysMoops
Contributor
Registered: 2010-03-07
Posts: 19

Re: 125kHz snoop ?

Has anyone made any progress on snooping 125khz?  I know this would be very handy for things like Henryk and Karsten do.

Thanks,
CSM

Offline

Board footer

Powered by FluxBB