Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2017-10-25 14:02:14

zhuminggang
Contributor
Registered: 2017-09-06
Posts: 46

report a interesting thing

proxmark3> lf t55 wipe

proxmark3> lf t5 br 00000000 00000003
Search password range [00000000 -> 00000003]
..Chip Type  : T55x7
Modulation : DIRECT/NRZ
Bit Rate   : 1 - RF/16
Inverted   : No
Offset     : 34
Seq. Term. : No
Block0     : 0x00040004

Found valid password: [00000001]

proxmark3> lf t5 de
Chip Type  : T55x7
Modulation : DIRECT/NRZ
Bit Rate   : 1 - RF/16
Inverted   : No
Offset     : 30
Seq. Term. : No
Block0     : 0x00040004

proxmark3> lf t5 du
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
  0 | 00040004 | 00000000000001000000000000000100
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
  0 | 00040004 | 00000000000001000000000000000100

once wipe run brute force, find a password and change block 0 to 00040004.

just for fun!

Last edited by zhuminggang (2017-10-26 09:38:12)

Offline

#2 2017-10-25 14:19:37

zhuminggang
Contributor
Registered: 2017-09-06
Posts: 46

Re: report a interesting thing

ask a question:

proxmark3> lf t5 wr b 1 d 00000000
Writing page 0  block: 01  data: 0x00000000
proxmark3> lf t5 read b 1
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
  1 | FFFFFFFF | 11111111111111111111111111111111
proxmark3> lf t5 wr b 1 d ffffffff
Writing page 0  block: 01  data: 0xFFFFFFFF
proxmark3> lf t5 read b 1
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
  1 | 00000000 | 00000000000000000000000000000000

why t55 read write 00000000 ffffffff opposite, other not?

Last edited by zhuminggang (2017-10-26 09:35:41)

Offline

#3 2017-10-29 14:08:00

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: report a interesting thing

Running a t55xx pwd command like bruteforce on a t55xx that isn't password protected is a good way to brick your t55xx.

And reading a trace full of zeros presents no changes that allows the system to determine the phase, so if the timing of your antenna powering your tag fluctuates a microsecond it will read data inverted (out of phase).

Offline

#4 2017-10-30 04:44:48

zhuminggang
Contributor
Registered: 2017-09-06
Posts: 46

Re: report a interesting thing

marshmellow wrote:

Running a t55xx pwd command like bruteforce on a t55xx that isn't password protected is a good way to brick your t55xx.

And reading a trace full of zeros presents no changes that allows the system to determine the phase, so if the timing of your antenna powering your tag fluctuates a microsecond it will read data inverted (out of phase).


haha,thanks!

Offline

Pages: 1

Board footer

Powered by FluxBB