Nedap card very strange results, Iceman read this please.

Kepouick · 2017-04-19 18:45:06

Hi,

I explained my story: I wanted to make a clone of my Nedap access badge, following several posts on the forum so I managed to clone this one on a T5577. After several tests my clone is operational.
When I execute the command: "lf search u" followed by the command "data rawdemod 0 64 1 0", the result on the 2 access cards is not identical, yet this badge works (the door opens ) Could you tell me more? (In fact the result is the same but unpacked several bits).

2nd question: I tried using the t55xx command to read the original nedap. Obviously I'm not back from it.
But the strangest thing is when doing more reading manipulation on the original and the clone I got to read the different block of the original nedap badge (lf t55xx read b0 to 7 and also lf t55xx info)
Is that what happened to you already ?? Can the information be useful to you? How does it happen that I get to read the block while it is not possible?

PS; I use the fork iceman

marshmellow · 2017-04-19 18:59:19

First, rawdemod 0 is not valid.
Second there are improvements made to the t55xx cmds in the master repo that fixes many bugs that are not in Iceman's fork.
Third, things on lf don't have to be the same hex as long as they are the same binary

iceman · 2017-04-19 19:11:53

lets test something fun, lets test the brand new data plot from @marshmellow just merged into PM3 Master today.

And if you can share a trace (lf read/data save) it will also help. Nedap is not fully solved yet. The unencrypted one can be cloned with raw hex, if I remember it correct.

and I think he means "data ra am..."

Kepouick · 2017-04-19 19:12:37

- So I do not have to believe in the values that give it to me when I use my original card?

- i have tested many different bit rates, when changing the block 0 in the t5577, when i do the tests I have the same results without shifting, but I do not know yet if the clone is operational

Kepouick · 2017-04-19 19:15:24

i use data "rawdemod ab 0 64 1 0"

sorry for my poor English.

Kepouick · 2017-04-19 19:17:37

Iceman your remember is correct , the first 64 bit is encrypted

Kepouick · 2017-04-19 20:47:03

-- T55x7 Configuration & Tag Information --------------------
-------------------------------------------------------------
Safer key : 15
reserved : 98
Data bit rate : 6 - RF/100
eXtended mode : No
Modulation : 16 - Biphase
PSK clock frequency : 2
AOR - Answer on Request : Yes
OTP - One Time Pad : Yes - Warning
Max block : 1
Password mode : No
Sequence Start Terminator : Yes
Fast Write : No
Inverse data : Yes
POR-Delay : Yes
-------------------------------------------------------------
Raw Data - Page 0
Block 0 : 0xFC590B2B 11111100010110010000101100101011
-------------------------------------------------------------

iceman · 2017-04-19 22:18:37

that doesnt look like a good config block.

Kepouick · 2017-04-19 23:02:36

i confirm , i have again bricks a t5577 !!!!!!
i waiting many day's for reception my new TT5577

wipe command doesn't work, no no noooooooooo....... RIP

FYI : i don't remake the strange value with the real proxmark git. I hate Iceman ( this is a joke ).

Now i'm going break mifare, lol.
Have a good night

iceman · 2017-04-19 23:38:14

can ppl stop writing abritrary config block 0 values and not understand what can happen...

marshmellow · 2017-04-20 00:48:02

Should I tell him about the testmode cmd?

Ah, but that would require compiling the latest master repo...

iceman · 2017-04-20 00:50:13

You should tell him about the testmode cmd, and he should compile and test the new PM3 master... I did today

marshmellow · 2017-04-20 03:12:03

If you can compile the latest github master code and you don't mind wiping your entire t5577 (including traceability blocks) you can run the new lf t55xx write [testmode] option to write a VALID block 0 and recover your tag(s). You must send a valid block 0 data with it though.

Kepouick · 2017-04-20 11:58:01

marshmellow wrote:

Should I tell him about the testmode cmd?
Ah, but that would require compiling the latest master repo...

It's good I work with new repo, i test writing with testmode but for now i don't save my cards

Proxmark3 community

Announcement

#1 2017-04-19 18:45:06

Nedap card very strange results, Iceman read this please.

#2 2017-04-19 18:59:19

Re: Nedap card very strange results, Iceman read this please.

#3 2017-04-19 19:11:53

Re: Nedap card very strange results, Iceman read this please.

#4 2017-04-19 19:12:37

Re: Nedap card very strange results, Iceman read this please.

#5 2017-04-19 19:15:24

Re: Nedap card very strange results, Iceman read this please.

#6 2017-04-19 19:17:37

Re: Nedap card very strange results, Iceman read this please.

#7 2017-04-19 20:47:03

Re: Nedap card very strange results, Iceman read this please.

#8 2017-04-19 22:18:37

Re: Nedap card very strange results, Iceman read this please.

#9 2017-04-19 23:02:36

Re: Nedap card very strange results, Iceman read this please.

#10 2017-04-19 23:38:14

Re: Nedap card very strange results, Iceman read this please.

#11 2017-04-20 00:48:02

Re: Nedap card very strange results, Iceman read this please.

#12 2017-04-20 00:50:13

Re: Nedap card very strange results, Iceman read this please.

#13 2017-04-20 03:12:03

Re: Nedap card very strange results, Iceman read this please.

#14 2017-04-20 11:58:01

Re: Nedap card very strange results, Iceman read this please.

Board footer