Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2018-03-11 05:25:34

joshua1808
Contributor
Registered: 2018-03-10
Posts: 2

Understanding Indala Format

Hi Everyone,

I'm hoping to get some help / insight on the structure of Indala card data.  I've read a lot of posts about the Indala cards, but haven't found (or possibly understood) the answer.

I have an Indala card, that my Proxmark3 seems to be reading and cloning perfectly:

 proxmark3> lf read
#db# LF Sampling config:
#db#   [q] divisor:           95
#db#   [b] bps:               8
#db#   [d] decimation:        1
#db#   [a] averaging:         1
#db#   [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 54 7b 54 7c 56 7f 58 81 ...
Reading 39999 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf indala demod
BitLen: 64
Indala UID=1010000000000000
0000000000000 <redacted>
 (a0000000<redacted>)

I'm able to use the Proxmark3 to clone the card with no issue. But I am trying to understand if there's a way I can figure out the format of the card data. I believe the Indala format can differ between implementations?

I've worked on a project with HID cards previously, using a genuine vendor card reader, with Wiegand output, in order to copy card data at a distance. (https://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/)

You get the Wiegand data, identify the card format, and use it to clone the card. I'm trying to do something similar for Indala.

For the HID project, to grab the right info from the Wiegand output, you need to format the data correctly (http://i.imgur.com/gPMUnay.png) something like the following (in python):

  def decodeWiegandData(bits, wiegand):
        if bits == "26":
            head = "0000000100000000001"
            fc = int(wiegand[1:9], 2)
            cn = int(wiegand[9:25], 2)
            cn2 = int(wiegand[1:25], 2)
        elif bits == "35":
            head = "0000000101"
            fc = int(wiegand[2:14], 2)
            cn = int(wiegand[14:34], 2)
            cn2 = int(wiegand[2:34], 2)
        elif bits == "37":
            head = "00000000"
            fc = int(wiegand[1:17], 2)
            cn = int(wiegand[17:36], 2)
            cn2 = int(wiegand[1:36], 2)
        else:
            head = "0"
            fc = -1
            cn = -1
            cn2 = -1
        return str(fc), str(cn), str(cn2), str(head)

    # The actual code that runs every time a card is scanned. Grabs data from, formats it appropriately, and writes to CSV file as well as prints the output to console
    def callback(bits, value):
        bits = str(bits)
        wiegand_binary = format(value, '0' + bits + 'b')
        fac_code, card_num, card_num_no_fac, hidHeader = decodeWiegandData(bits, wiegand_binary)
        wiegand_binary = hidHeader + wiegand_binary
        wiegand_hex = "%016X" % int(wiegand_binary, 2)
        enc_hex = "FFFFFFFFFFFFFFFF".upper()  # To Implement
        addCardsToCSV(bits, wiegand_binary, wiegand_hex, enc_hex, fac_code, card_num, card_num_no_fac)

I am getting a consistent read on the Indala card from the vendor card reader, and the Wiegand output. But I can't get it to match up with the Proxmark data. I think it's because I need to extract the right information/header from the Wiegand output, but I don't know the format. http://i.imgur.com/ZbjwG7X.jpg

Does anyone have tips on where I could look next? Or how I can find out what the Proxmark is using to identify the card and extract the data.

Cheers,
Josh

Offline

#2 2018-05-07 18:07:52

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Understanding Indala Format

Josh,
The reason why you are not getting the correct card number and FC field is because although you have the correct start bit and length for each field, the bits are scrambled.  You can't just decode the value in the traditional sense where you just start at the beginning and take X amount of bits until the end of the field.  You have to unscramble the order of the bits and then take the value.  Unfortunately, this scrambling is not known to me...you would have to change one bit at a time and see what value each bit represents.  This is really only true of the Indala format as far as I know.

Last edited by hkplus (2018-05-07 18:08:33)

Offline

#3 2018-05-13 19:12:09

Radee
Contributor
Registered: 2017-10-11
Posts: 5

Re: Understanding Indala Format

Indala cards are paired with a reader, which means that only the correct reader will read the card correctly with the format that is programmed in it. It may also happen that another Indala reader will read the card, but the output will not be correct - the reader will recreate its bit pattern which is different from the card. Write what access control system and what length is the original format of the card, I will try to help

Offline

Board footer

Powered by FluxBB