i want to read the UID of a Legic Prime Card (MIM256). The Problem i see, doesn't matter what address i'm sending, i always get the same first 8 bits. Just the last 4 vary.
Sending Rand: 1 000 000 (ALL Lowest bit first)
Receive: 100110 ^(from KeySteamGenerator) 001000 = d1
Sending: 6 bit Acknowledgment 100111 ^(from KeyStream)011011 = 111100
Now my command is 1 0000 0000 which should mean read byte 00 (first one from UID)
But i get for the first 8 bits the same answer doesn't matter what address i'm sending..
My read command is again x-ored with values from the KeySteamGenerator
Any ideas or is tehre any mistake?
unfortunately I'm not that competent to support here now ... but I would if I could ;-)
- I do have a proxmark3
- and a reader with a SM-4500 chip (so-called 'official reader')
- and plenty of MIM256 Tags
but I do have also a very very small knowledge about C programming.
if everything is correct (timing and rand)
sending a '1 0000 0000' should result in a 12 bit long answer ... 8 bit => uid-byte0 +4 bit transport-crc
sending a '1 1000 0000' should result in 12 bit ... 8 bit => uid-byte1 + 4 bit transport-crc
... and so on
so your 'vary' nibble should be the transport-crc, which differs because of the difference in the address.
but even if you always get the same answer ... is this first uid-byte correct?
then, this could maybe be a lead to a timing problem for the request of the second uid-byte?!