Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2010-02-04 14:42:41

rumpeltux
Contributor
From: München, Germany
Registered: 2010-02-04
Posts: 18
Website

Fast Legic Read Code, including prng

As there are several people spending way too much time actually implementing a writer (it took myself one week of full-time commitment), I’ll speed this up a little bit and post some code that implements the prng-cipher and then allows to read legic cards much quicker. It also checks if the CRC matches.
I’m kind of still worried on having everyone being able to write, so there is no actual code for writing, but it’s now trivial to implement and some instructions are provided in the source.

As I didn’t have a MIM1024 card this code is only for MIM256, but nevertheless it’s easy to adopt to the bigger cards (although the crc-iv might change then).
On last hint: the slides mention an ACK being sent 3.6ms after the write command. The time interval is actually different between cards, so a writer should not rely on timing but wait until the ACK is actually received.

You can find the patch here: http://itooktheredpill.dyndns.org/publi … eader.diff

Offline

#2 2010-02-05 10:04:42

adam@algroup.co.uk
Contributor
From: UK
Registered: 2009-05-01
Posts: 203
Website

Re: Fast Legic Read Code, including prng

Nice - I've merged this in as r325...

Offline

#3 2010-02-05 21:29:23

Andreas
Member
Registered: 2010-01-25
Posts: 10

Re: Fast Legic Read Code, including prng

Offline

#4 2010-02-05 21:49:51

rumpeltux
Contributor
From: München, Germany
Registered: 2010-02-04
Posts: 18
Website

Re: Fast Legic Read Code, including prng

Cool smile Have you actually tried reading a MIM1024 card using that method, because if I chose the wrong IV / xorMask for the CRC, then this might yield lots of errors.
Also addr_size is rather cmd_size, might be misleading to new code-readers.

Offline

#5 2010-02-05 22:04:01

Andreas
Member
Registered: 2010-01-25
Posts: 10

Re: Fast Legic Read Code, including prng

Yes MIM1024 is working fine. I also did doublecheck MIM256.

I added an abort statement after the CRC-Error as the key generator is out of sync anyway.
(the usb transfer takes 50ms)

this way removing card during read is detected and trying to read with no legic present does not produce 256 errors

Offline

#6 2010-02-05 22:29:40

Andreas
Member
Registered: 2010-01-25
Posts: 10

Re: Fast Legic Read Code, including prng

rumpeltux wrote:

also addr_size is rather cmd_size, might be misleading to new code-readers.

you are right

2nd try :-): http://codeviewer.org/view/code:bcc

Offline

#7 2010-02-06 11:16:59

adam@algroup.co.uk
Contributor
From: UK
Registered: 2009-05-01
Posts: 203
Website

Re: Fast Legic Read Code, including prng

Excellent! Now in as rev 332/333...

Offline

Board footer

Powered by FluxBB