Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2008-09-24 22:28:37

rf_hack
Contributor
Registered: 2008-08-20
Posts: 16

No security in Tag-IT

Tag-IT got no security in it. This is a non secured chip with some options to lock write after personalisation

Secured chip from TI-RFID is name SpeedPass and has already been broken by students 2 or 3 years ago.

Offline

#2 2010-02-02 20:03:09

atrox
Contributor
Registered: 2010-01-08
Posts: 35

Re: No security in Tag-IT

afiak tag-it uses the iso15k standard - is there a way to modify the hi15reader-command so it also reads all the memory banks in the tag-it transponder?

Offline

#3 2010-02-03 02:26:11

iZsh
Contributor
Registered: 2010-01-02
Posts: 95

Re: No security in Tag-IT

During my stay in Berlin for 26c3, the Hotel I was staying at was using a RFID card I couldn't identify using the proxmark. So I brought one back home to identify it. And it was a tag-it one (see http://www.dropbox.com/gallery/4064278/ … 9?h=ae1eb6). So, needless to say, it's my next target (after I complete the code cleaning I'm currently doing) smile

Last edited by iZsh (2010-02-03 02:27:07)

Offline

#4 2010-02-04 21:47:38

iZsh
Contributor
Registered: 2010-01-02
Posts: 95

Re: No security in Tag-IT

I took a look at the Tag-it reference manual. It indeed seems to be using the ISO15693 standard, but with a dual subcarrier. From what I can see in the current proxmark's code, it's only supporting single subcarrier.

Not being a signal processing guy I'm not sure what need to be done to support dual subcarrier. I'll first need to learn some signal processing background I guess.

Offline

#5 2010-02-04 22:26:30

henryk
Contributor
Registered: 2009-07-27
Posts: 99

Re: No security in Tag-IT

IIRC the dual subcarrier should gracefully degrade to single subcarrier on the receiver side, if you correctly filter out the single subcarrier that you support. (It's been some time since I looked into 15693, so I might be wrong.)

Offline

#6 2010-02-04 23:23:10

iZsh
Contributor
Registered: 2010-01-02
Posts: 95

Re: No security in Tag-IT

Actually I take it back. The frames are not the same than ISO15693.

Offline

#7 2010-02-26 22:36:57

atrox
Contributor
Registered: 2010-01-08
Posts: 35

Re: No security in Tag-IT

here http://www.proxmark.org/forum/post/2883/#p2883 I modified the iso15k reader-command to access and print the memory pages. I'll will report back as soon as I know if they work on TagIT transponders.

Offline

#8 2010-09-20 14:04:13

atrox
Contributor
Registered: 2010-01-08
Posts: 35

Re: No security in Tag-IT

Actually there are two TAG-IT Standards:

"Tag-IT HF-I" (released by TI in 2001) which is ISO15693 compatible (64Bit UID)

"Tag-IT HF" is older and uses a proprietary protocol (32Bit UID)

Offline

#9 2010-09-27 01:32:00

atrox
Contributor
Registered: 2010-01-08
Posts: 35

Re: No security in Tag-IT

henryk wrote:

IIRC the dual subcarrier should gracefully degrade to single subcarrier on the receiver side, if you correctly filter out the single subcarrier that you support. (It's been some time since I looked into 15693, so I might be wrong.)

I agree, that should work. But as far as I understand, a full dual-carrier implementation should make transmissions more robust than single subcarrier... ?

I've tried the current  signal processing implementation in the iso15693.c with dual carrier transmissions and it does not cope very well. In fact, the error rate is so high you need quite luck to read something.  If we like to filter a subcarrier, the ideal place for that would be the FPGA, wouldn't it ?

Offline

Board footer

Powered by FluxBB