Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi, I got my RDV4 today, nice unit.
I have updated the boot and flash to the latest that I downloaded from git and compiled.
The issue I have is more with the T5577 detection.
It seems that the card needs to be in the right location, the slightest move will upset it (see below for an example).
I would point out that my easy has no issue with the card and i have the same issue with all T5577 used/tested.
Before we get into the tech spec side, I would like to point out that I see the RDV as a field unit and the need for the cards to be held off the unit a little is better for the field, so I don't have an issue with a gap between the unit and card.
Antenna looks good to me
[+] LF antenna: 71.80 V - 125.00 kHz
[+] LF antenna: 42.20 V - 134.00 kHz
[+] LF optimal: 72.94 V - 126.32 kHz
[+] LF antenna is OK
[+] HF antenna: 51.55 V - 13.56 MHz
[+] HF antenna is OK
[+] Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
[usb] pm3 --> hw ver
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman
[ PROXMARK RDV4 ]
external flash: present
smartcard reader: present
[ PROXMARK RDV4 Extras ]
FPC USART for BT add-on support: absent
[ ARM ]
bootrom: RRG/Iceman/master/ade858b4-dirty-unclean 2019-05-26 14:14:30
os: RRG/Iceman/master/ade858b4-dirty-unclean 2019-05-26 14:14:46
[ FPGA ]
LF image built for 2s30vq100 on 2019/ 4/18 at 9:35:32
HF image built for 2s30vq100 on 2018/ 9/ 3 at 21:40:23
[ Hardware ]
--= uC: AT91SAM7S512 Rev A
--= Embedded Processor: ARM7TDMI
--= Nonvolatile Program Memory Size: 512K bytes, Used: 249203 bytes (48%) Free: 275085 bytes (52%)
--= Second Nonvolatile Program Memory Size: None
--= Internal SRAM Size: 64K bytes
--= Architecture Identifier: AT91SAM7Sxx Series
--= Nonvolatile Program Memory Type: Embedded Flash Memory
Example of lf t55 detect
[usb] pm3 --> lf t55 detect
[!] Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'
[usb] pm3 --> lf t55 detect
[!] Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'
[usb] pm3 --> lf t55 detect
[!] Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'
[usb] pm3 --> lf t55 detect
Chip Type : T55x7
Modulation : ASK
Bit Rate : 5 - RF/64
Inverted : No
Offset : 32
Seq. Term. : Yes
Block0 : 0x00148040
[usb] pm3 --> lf t55 detect
Chip Type : T55x7
Modulation : ASK
Bit Rate : 5 - RF/64
Inverted : No
Offset : 32
Seq. Term. : Yes
Block0 : 0x00148040
[usb] pm3 --> lf t55 detect
Chip Type : T55x7
Modulation : ASK
Bit Rate : 5 - RF/64
Inverted : No
Offset : 32
Seq. Term. : Yes
Block0 : 0x00148040
[usb] pm3 --> lf t55 detect
Chip Type : T55x7
Modulation : ASK
Bit Rate : 5 - RF/64
Inverted : No
Offset : 32
Seq. Term. : Yes
Block0 : 0x00148040
When the T5577 is working as an EM4100 tag, the lf search found the EM tag id, no issues (at different distances from the unit)
When the T5577 is working as an HID tag, again no issues with the HID tag.
As such I think the unit is working ok (I had a play with the hf mf side and as long as the card is a little bit off the unit, it seems fine, could read write and hardnested attacked worked. Even used the RD4v as a mifare sim and the easy as the reader, all good).
When trying to use the RDV4 as a HID sim, the easy could not read it. The RDV4 did flash an led when it come into the field of the easy, but nothing detected on the easy.
I note in the hw status on the RDV4
#db# LF T55XX config
#db# [a] startgap............29*8 (232)
#db# [ b] writegap............17*8 (136)
#db# [c] write_0.............15*8 (120)
#db# [d] write_1.............47*8 (376)
#db# [e] readgap.............15*8 (120)
I set those to match the ones from the easy firmware, but no change.
If I take the cover off the RDV4 and place the card closer to the antenna, it seems to be a better read.
I did remove the hf/lf antenna from the head and place it back to ensure all the connections were good.
I have not touched the 4 LF antenna screws as the look to be holding the LF coil in place.
Any ideas ?
Is this just a limit of the physically smaller LF coil?
Offline
Quick update.
A bit more playing. It seems that when the RDV4 is sitting over the easy LF antenna, the T5577 is detected more often and many positions.
i.e. Card on the RDV4, the RDV4 on the Easy.
This happens if even with the easy is off. Could the RDV4 be over driving and the easy coil "sinking" some of that power (or reflecting some power)?
As a test, I got some foil and placed it under the RDV4 and that gave better results (similar to when the easy was under the unit)
I would also like to add the the hf sniff works ok.
Looking the the plot window on a lf t55 detect, both the working one and not working one look solid, just incorrect samples when not detected.
Two hw tune results - first one when sitting on foil and HF works better the second when not.
We can see that when the voltage on the HF antenna drops it seems to be better for the cards I am testing on
[usb] pm3 --> hw tune
[=] Measuring antenna characteristics, please wait...
...
[+] LF antenna: 27.62 V - 125.00 kHz
[+] LF antenna: 41.07 V - 134.00 kHz
[+] LF optimal: 53.68 V - 141.18 kHz
[+] LF antenna is OK
[+] HF antenna: 3.07 V - 13.56 MHz
[!] HF antenna is UNUSABLE
[+] Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
[usb] pm3 --> hw tune
[=] Measuring antenna characteristics, please wait...
...
[+] LF antenna: 71.95 V - 125.00 kHz
[+] LF antenna: 42.20 V - 134.00 kHz
[+] LF optimal: 72.94 V - 126.32 kHz
[+] LF antenna is OK
[+] HF antenna: 51.41 V - 13.56 MHz
[+] HF antenna is OK
[+] Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
Last edited by mwalker (2019-05-27 13:06:07)
Offline
I found the issue on github.
https://github.com/RfidResearchGroup/proxmark3/issues/182
So seems like a known issue to get better read performance.
Do we know when the new lf antenna will be available?
Offline
Pages: 1