Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2010-02-04 14:42:41
- rumpeltux
- Contributor
- From: München, Germany
- Registered: 2010-02-04
- Posts: 18
- Website
Fast Legic Read Code, including prng
As there are several people spending way too much time actually implementing a writer (it took myself one week of full-time commitment), I’ll speed this up a little bit and post some code that implements the prng-cipher and then allows to read legic cards much quicker. It also checks if the CRC matches.
I’m kind of still worried on having everyone being able to write, so there is no actual code for writing, but it’s now trivial to implement and some instructions are provided in the source.
As I didn’t have a MIM1024 card this code is only for MIM256, but nevertheless it’s easy to adopt to the bigger cards (although the crc-iv might change then).
On last hint: the slides mention an ACK being sent 3.6ms after the write command. The time interval is actually different between cards, so a writer should not rely on timing but wait until the ACK is actually received.
You can find the patch here: http://itooktheredpill.dyndns.org/publi … eader.diff
Offline
#2 2010-02-05 10:04:42
- adam@algroup.co.uk
- Contributor
- From: UK
- Registered: 2009-05-01
- Posts: 203
- Website
Re: Fast Legic Read Code, including prng
Nice - I've merged this in as r325...
Offline
#3 2010-02-05 21:29:23
- Andreas
- Member
- Registered: 2010-01-25
- Posts: 10
Re: Fast Legic Read Code, including prng
http://codeviewer.org/view/code:bca
Fixes MIM1024 support
Offline
#4 2010-02-05 21:49:51
- rumpeltux
- Contributor
- From: München, Germany
- Registered: 2010-02-04
- Posts: 18
- Website
Re: Fast Legic Read Code, including prng
Cool 
Have you actually tried reading a MIM1024 card using that method, because if I chose the wrong IV / xorMask for the CRC, then this might yield lots of errors.
Also addr_size is rather cmd_size, might be misleading to new code-readers.
Offline
#5 2010-02-05 22:04:01
- Andreas
- Member
- Registered: 2010-01-25
- Posts: 10
Re: Fast Legic Read Code, including prng
Yes MIM1024 is working fine. I also did doublecheck MIM256.
I added an abort statement after the CRC-Error as the key generator is out of sync anyway.
(the usb transfer takes 50ms)
this way removing card during read is detected and trying to read with no legic present does not produce 256 errors
Offline
#6 2010-02-05 22:29:40
- Andreas
- Member
- Registered: 2010-01-25
- Posts: 10
Re: Fast Legic Read Code, including prng
also addr_size is rather cmd_size, might be misleading to new code-readers.
you are right
2nd try :-): http://codeviewer.org/view/code:bcc
Offline
#7 2010-02-06 11:16:59
- adam@algroup.co.uk
- Contributor
- From: UK
- Registered: 2009-05-01
- Posts: 203
- Website
Re: Fast Legic Read Code, including prng
Excellent! Now in as rev 332/333...
Offline
Pages: 1