Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi Everyone,
I'm hoping to get some help / insight on the structure of Indala card data. I've read a lot of posts about the Indala cards, but haven't found (or possibly understood) the answer.
I have an Indala card, that my Proxmark3 seems to be reading and cloning perfectly:
proxmark3> lf read
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [b] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 54 7b 54 7c 56 7f 58 81 ...
Reading 39999 bytes from device memory
Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> lf indala demod
BitLen: 64
Indala UID=1010000000000000
0000000000000 <redacted>
(a0000000<redacted>)I'm able to use the Proxmark3 to clone the card with no issue. But I am trying to understand if there's a way I can figure out the format of the card data. I believe the Indala format can differ between implementations?
I've worked on a project with HID cards previously, using a genuine vendor card reader, with Wiegand output, in order to copy card data at a distance. (https://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/)
You get the Wiegand data, identify the card format, and use it to clone the card. I'm trying to do something similar for Indala.
For the HID project, to grab the right info from the Wiegand output, you need to format the data correctly (http://i.imgur.com/gPMUnay.png) something like the following (in python):
def decodeWiegandData(bits, wiegand):
if bits == "26":
head = "0000000100000000001"
fc = int(wiegand[1:9], 2)
cn = int(wiegand[9:25], 2)
cn2 = int(wiegand[1:25], 2)
elif bits == "35":
head = "0000000101"
fc = int(wiegand[2:14], 2)
cn = int(wiegand[14:34], 2)
cn2 = int(wiegand[2:34], 2)
elif bits == "37":
head = "00000000"
fc = int(wiegand[1:17], 2)
cn = int(wiegand[17:36], 2)
cn2 = int(wiegand[1:36], 2)
else:
head = "0"
fc = -1
cn = -1
cn2 = -1
return str(fc), str(cn), str(cn2), str(head)
# The actual code that runs every time a card is scanned. Grabs data from, formats it appropriately, and writes to CSV file as well as prints the output to console
def callback(bits, value):
bits = str(bits)
wiegand_binary = format(value, '0' + bits + 'b')
fac_code, card_num, card_num_no_fac, hidHeader = decodeWiegandData(bits, wiegand_binary)
wiegand_binary = hidHeader + wiegand_binary
wiegand_hex = "%016X" % int(wiegand_binary, 2)
enc_hex = "FFFFFFFFFFFFFFFF".upper() # To Implement
addCardsToCSV(bits, wiegand_binary, wiegand_hex, enc_hex, fac_code, card_num, card_num_no_fac)I am getting a consistent read on the Indala card from the vendor card reader, and the Wiegand output. But I can't get it to match up with the Proxmark data. I think it's because I need to extract the right information/header from the Wiegand output, but I don't know the format. http://i.imgur.com/ZbjwG7X.jpg
Does anyone have tips on where I could look next? Or how I can find out what the Proxmark is using to identify the card and extract the data.
Cheers,
Josh
Offline
Josh,
The reason why you are not getting the correct card number and FC field is because although you have the correct start bit and length for each field, the bits are scrambled. You can't just decode the value in the traditional sense where you just start at the beginning and take X amount of bits until the end of the field. You have to unscramble the order of the bits and then take the value. Unfortunately, this scrambling is not known to me...you would have to change one bit at a time and see what value each bit represents. This is really only true of the Indala format as far as I know.
Last edited by hkplus (2018-05-07 18:08:33)
Offline
Indala cards are paired with a reader, which means that only the correct reader will read the card correctly with the format that is programmed in it. It may also happen that another Indala reader will read the card, but the output will not be correct - the reader will recreate its bit pattern which is different from the card. Write what access control system and what length is the original format of the card, I will try to help
Offline
Pages: 1