Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi,
I'm trying to figure out what the format is of data on a Sokymat card, which I know has an EM4102 transponder. From the datasheet of the transponder I can see that the chip will transmit its 64 bits of data after being powered on by the RF field.
I’m able to read the card, which gives me (0xFF83C03286AA4AEA):
1111111110000011110000000011001010000110101010100100101011101010
According to the datasheet, the data is formatted as follows:
| Data |Parity
--------|----------|---
Header | 111111111
--------|----------|---
Version/| 0000 | 0
Cust. ID| 1111 | 0
--------|----------|---
Data | 0000 | 0
Data | 0011 | 0
Data | 0101 | 0
Data | 0001 | 1
Data | 0101 | 0
Data | 1010 | 0
Data | 1001 | 0
Data | 1011 | 1
--------|----------|---
Parity | 0101 | 0
Meaning that:
Version = 00001111
Data = 00000011010100010101101010011011
I make the assumption that the 24 right most (or least significant) bits contain the facility code and card number. I do this assumption based on a reader that returns facility code (decimal 81) and card number (decimal 23195). The decimal card number has also been printed on the card itself, so that is why I made the assumption that the reader is working correctly. If I align the facility code and card number with the data bits, it looks like this:
Data 00000011010100010101101010011011
Fac. Code 01010001
Card number 0101101010011011
Now this makes me really wonder what bit 24 and 25 are (the leading ‘11’). They do not make sense as parity, as a different card (with decimal 22087 printed on in) also has leading ‘11’ bits:
Data 00000011010100010101011001000111
Fac. Code 01010001
Card number 0101011001000111
Removing the assumption of a correctly working reader, I know at least that the format is definitely not the standard 26-bit Wiegand format (H10301), as then the leading and trailing odd and even parity bits don’t add up for the first card. Plus I just think that the printed number on the cards matching with the data is too much of a coincidence. Therefore my question is: does anyone know which format this is? What are bits 24 and 25 doing and can I somehow use them to figure out if a stream of bits has this particular format?
Looking forward to your reply,
Martijn
Offline
I would guess that your reader just ignores the bits prior to the fc/card# they would only mean something to a different reader.
Offline
What brand is the card/reader? I know that HID has a bunch of variations of 34 bit formats, some of the formats have three data fields, and not just two. The third data field is usually a company code, or contains other types of information. Some of these 34 bit formats are created as a company specific specification. HID does use the EM4102.
Last edited by hkplus (2017-03-22 03:02:26)
Offline