[solved] [RDV4] HF not working

d34db33f42 · 2018-08-06 15:46:47

Hi,

I'am the guy who want to upgrade firmware whenever this is possible and did it also with my brand new and shiny Proxmark3 RDV4.
I have also a Proxmark3 Easy and have some experience in building new firmware and also building FPGA code.

I us the code from the PM3RDV40 repo. Building, flashing and booting with the new firmware went fine.
When I try to use the Proxmark3 RDV4 with the new firmware and do a "hf search" the Proxmark3 is rebooting.
This is not the case with " lf search" the LF part is working fine. HF is not ok.

I want to use my proxmark3 at DefCon. But.....

[ CLIENT ]
client: iceman build for RDV40 with flashmem; smartcard;

[ ARM ]
bootrom: iceman/master/ 2018-08-04 09:31:03
os: iceman/master/ 2018-08-05 22:56:45

[ FPGA ]
LF image built for 2s30vq100 on 2018/ 8/ 5 at 22:24:47
HF image built for 2s30vq100 on 2018/ 8/ 5 at 22:25: 8

[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 238596 bytes (46%) Free: 285692 bytes (54%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory

pm3 --> hf search
UART:: write time-out
sending bytes to proxmark failed
UART:: write time-out
sending bytes to proxmark failed
UART:: write time-out
sending bytes to proxmark failed
[!] timeout while waiting for reply.
Sending bytes to proxmark failed - offline
Sending bytes to proxmark failed - offline
Sending bytes to proxmark failed - offline
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button

To use the proxmark3 again I have to kill the client en start again.

What can I do to fix this problem?

Greetz,
Karl

Last edited by d34db33f42 (2018-08-06 23:35:41)

iceman · 2018-08-06 16:47:15

On which OS ?

And the output from:

hw version
hw status 
hw tune

And have you tried using a different usb cable?

d34db33f42 · 2018-08-06 17:07:37

This is the output:
pm3 --> hw version

Proxmark3 RFID instrument

[ CLIENT ]
client: iceman build for RDV40 with flashmem; smartcard;

[ ARM ]
bootrom: iceman/master/ 2018-08-04 09:31:03
os: iceman/master/ 2018-08-05 22:56:45

[ FPGA ]
LF image built for 2s30vq100 on 2018/ 8/ 5 at 22:24:47
HF image built for 2s30vq100 on 2018/ 8/ 5 at 22:25: 8

[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 238596 bytes (46%) Free: 285692 bytes (54%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory

pm3 --> hw status
#db# Memory
#db# BIGBUF_SIZE.............40000
#db# Available memory........40000
#db# Tracing
#db# tracing ................1
#db# traceLen ...............0
#db# Currently loaded FPGA image
#db# mode.................... HF image built for 2s30vq100 on 2018/ 8/ 5 at 22:25: 8
#db# Flash memory
#db# init....................OK
#db# Memory size.............2 mbits / 256kb
#db# Unique ID...............0xd567a882a724a226
#db# Smart card module (ISO 7816)
#db# version.................v2.06
#db# LF Sampling config
#db# [q] divisor.............95 (125 KHz)
#db# [] bps.................8
#db# [d] decimation..........1
#db# [a] averaging...........Yes
#db# [t] trigger threshold...0
#db# USB Speed
#db# Sending USB packets to client...
#db# Time elapsed............1500ms
#db# Bytes transferred.......816640
#db# USB Transfer Speed PM3 -> Client = 544426 Bytes/s
#db# Various
#db# MF_DBGLEVEL.............1
#db# ToSendMax...............-1
#db# ToSendBit...............0
#db# ToSend BUFFERSIZE.......2308
#db# Installed StandAlone Mods
#db# LF HID26 standalone - aka SamyRun (Samy Kamkar)

pm3 --> hw tune

[=] measuring antenna characteristics, please wait...

....

[+] LF antenna: 71,24 V - 125.00 kHz
[+] LF antenna: 38,38 V - 134.00 kHz
[+] LF optimal: 71,24 V - 125,00 kHz
[+] LF antenna is OK

[!] HF antenna is UNUSABLE

[+] Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

pm3 --> quit

And the proxmark3 reboots

Last edited by d34db33f42 (2018-08-06 17:10:24)

iceman · 2018-08-06 17:25:14

Seems to be some issue with your HF antenna part. Did you swap antennas? You need to fit all screws back in order for it to work.

d34db33f42 · 2018-08-06 17:32:04

No I haven't touch the antenna. Have only the black one. So that could not be problem.

iceman · 2018-08-06 18:10:41

There is no way the LF will work without the HF working.

Someone else ran following command.

hw fpgaoff

I will ask my partners to test it and give u a reply on this. Our hardware guy is guessing after you type some read commands on the HF, the fpga will be on continuous read mode so when you hw tune, the voltage will not work.
After reseting it, it clears the read mode.
Let us know if the problem still arise. We want the device for exchange so we can troubleshoot and see what the issue is.

*edit: wrong command

d34db33f42 · 2018-08-06 18:33:42

That command does not exists..... should be hw fpgaoff

pm3 --> hw fpgaoff
pm3 --> hf search
UID : XX XX XX XX
ATQA : 00 04
SAK : 08 [2]
TYPE : NXP MIFARE CLASSIC 1k | Plus 2k SL1 | 1k Ev1
[=] proprietary non iso14443-4 card found, RATS not supported
[=] Answers to magic commands: NO
[+] Prng detection: HARD

[+] Valid ISO14443-A Tag Found

Now it works.

hw tune still complains that the HF antenna is unusable.......

What is causing this problem?

I will be at DefCon26 and happily to exchange the proxmark3 with a different one.

Last edited by d34db33f42 (2018-08-06 18:59:41)

iceman · 2018-08-06 19:06:08

The hardware seems to work fine. The firmware might have something to be fixed.

Given 'hw fpgaoff', from which commands do you run to end up with a bad 'hw tune' ?

d34db33f42 · 2018-08-06 19:31:45

I do not understand what you exacly mean.
But after reading the card with hf search I typed the hw tune command to see whether the error is still there.

Is there anything else I can do to help you to pinpoint the problem?

And what is the difference in usability when the fpga being not used.

iceman · 2018-08-06 19:37:47

Your hardware is fine. You can test it with running offical pm3 repo on it. You shouldn't have the same issue there.

Which leads to its a firmware issue, there seem to be something when swapping between fpga images on ARM. Some changes was done recently, could be the cause of it.

Since I'm trying to figure it out and I can't replicate your problem on my rdv40, I do need more details in exact what you did, was there a tag on antenna, which if so, and on what OS do you run the client on? etc ... Basically everything that would be of assistance.

d34db33f42 · 2018-08-06 20:05:50

Since I'm trying to figure it out and I can't replicate your problem on my rdv40, I do need more details in exact what you did,

was there a tag on antenna, which if so,
There is no tag on the antenna when I flashed the proxmark3. And I tried the hf search with and without a tag on the antenna. No difference.

and on what OS do you run the client on?
I'am running Ubuntu 18.04.1 64 bit.

The fgpa I build with the Xilinx Webpack:
Thu Apr 01 12:34:56 MDT 1999:: version=10.1
And patched with patch 10_1_03_lin64

Are you interested in the build log?

iceman · 2018-08-06 20:10:20

Would you mind testing the offical repo? Just to make sure that one works.

d34db33f42 · 2018-08-06 20:12:58

What's is in your opinion the official repo? There are so many repo's ,,,,,

iceman · 2018-08-06 20:28:16

There is only one official repo.

the rest are forks and offsprings..

d34db33f42 · 2018-08-06 21:17:51

Haha, tried the proxmark3 repo.

Build the firmware and fpga.

Results:

proxmark3> hw ver
Prox/RFID mark3 RFID instrument
bootrom: Missing/Invalid version information
os: master/v3.0.1-388-gdfdca20-dirty-suspect 2018-08-06 20:09:08
fpga_lf.bit built for 2s30vq100 on 2018/ 8/ 6 at 13: 7:44
fpga_hf.bit built for 2s30vq100 on 2018/ 8/ 6 at 13: 7:58
uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 195008 bytes (37%). Free: 329280 bytes (63%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

BOOTROM missing version information?????

proxmark3> hw status
#db# Memory
#db# BIGBUF_SIZE.............40000
#db# Available memory........40000
#db# Tracing
#db# tracing ................1
#db# traceLen ...............92
#db# Currently loaded FPGA image:
#db# fpga_lf.bit built for 2s30vq100 on 2018/ 8/ 6 at 13: 7:44
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [X] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 0
#db# USB Speed:
#db# Sending USB packets to client...
#db# Time elapsed: 1500ms
#db# Bytes transferred: 921088
#db# USB Transfer Speed PM3 -> Client = 614058 Bytes/s
#db# Various
#db# MF_DBGLEVEL......2
#db# ToSendMax........13
#db# ToSendBit........8

proxmark3> hw tune

Measuring antenna characteristics, please wait.........
# LF antenna: 69,44 V @ 125.00 kHz
# LF antenna: 37,12 V @ 134.00 kHz
# LF optimal: 69,44 V @ 125,00 kHz
# HF antenna: 36,26 V @ 13.56 MHz
Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.

proxmark3> hf search

UID : XX XX XX XX XX XX
ATQA : 00 44
SAK : 00 [2]
TYPE : NTAG 216 888bytes (NT2H1611G0DU)
MANUFACTURER : NXP Semiconductors Germany
proprietary non iso14443-4 card found, RATS not supported
No chinese magic backdoor command detected

Valid ISO14443A Tag Found - Quiting Search

My Blackhat badge.....

Seems to be ok. But the specific RDV4 functions are missing now.

proxmark3> help
help This help. Use '<command> help' for details of a particular command.
data { Plot window / data buffer manipulation... }
hf { High Frequency commands... }
hw { Hardware commands... }
lf { Low Frequency commands... }
script { Scripting commands }
quit Exit program
exit Exit program

iceman · 2018-08-06 21:29:47

I suggest you edit your first post and add the prefix [solved] to the title.

d34db33f42 · 2018-08-06 22:04:41

I have still one question. In the firmware I'am using the new features of de RDV4 cannot be used.
Any idea when I can use the PM3RDV4 firmware which includes the specific RDV4 features?

iceman · 2018-08-06 22:34:56

For the new features, you can use the RDV40 firmware. The cause of the firmware issue is unknown. No available useful information to hunt it down either.
Until further debug information is available there is not much to go with.

d34db33f42 · 2018-08-06 22:52:32

ok. thanks for the help :-)

iceman · 2018-08-06 22:54:28

How about you open a issue on github?

d34db33f42 · 2018-08-06 22:57:05

I will do tonight. I cannot change the title of the article to [solved]. Permission problem?

iceman · 2018-08-06 23:01:45

you should have the rights needed.

Proxmark3 community

Announcement

#1 2018-08-06 15:46:47

[solved] [RDV4] HF not working

#2 2018-08-06 16:47:15

Re: [solved] [RDV4] HF not working

#3 2018-08-06 17:07:37

Re: [solved] [RDV4] HF not working

#4 2018-08-06 17:25:14

Re: [solved] [RDV4] HF not working

#5 2018-08-06 17:32:04

Re: [solved] [RDV4] HF not working

#6 2018-08-06 18:10:41

Re: [solved] [RDV4] HF not working

#7 2018-08-06 18:33:42

Re: [solved] [RDV4] HF not working

#8 2018-08-06 19:06:08

Re: [solved] [RDV4] HF not working

#9 2018-08-06 19:31:45

Re: [solved] [RDV4] HF not working

#10 2018-08-06 19:37:47

Re: [solved] [RDV4] HF not working

#11 2018-08-06 20:05:50

Re: [solved] [RDV4] HF not working

#12 2018-08-06 20:10:20

Re: [solved] [RDV4] HF not working

#13 2018-08-06 20:12:58

Re: [solved] [RDV4] HF not working

#14 2018-08-06 20:28:16

Re: [solved] [RDV4] HF not working

#15 2018-08-06 21:17:51

Re: [solved] [RDV4] HF not working

#16 2018-08-06 21:29:47

Re: [solved] [RDV4] HF not working

#17 2018-08-06 22:04:41

Re: [solved] [RDV4] HF not working

#18 2018-08-06 22:34:56

Re: [solved] [RDV4] HF not working

#19 2018-08-06 22:52:32

Re: [solved] [RDV4] HF not working

#20 2018-08-06 22:54:28

Re: [solved] [RDV4] HF not working

#21 2018-08-06 22:57:05

Re: [solved] [RDV4] HF not working

#22 2018-08-06 23:01:45

Re: [solved] [RDV4] HF not working

Board footer