Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2010-05-11 03:42:23

albertoparis
Member
Registered: 2010-05-06
Posts: 6

MIFARE Classic Question ... ("hf 14a sim" not working?)

Hi, I am using a PM3 with Winter'10 software/firmware, under WinXP Pro. I have a OmniKey Cardman 5321 reader (USB), some MIFARE Classic 1K tags and use the OmniKey Diagnostic Tool (ODT) to check tags presence on the OmniKey reader ...

When I place a tag over the OmniKey reader, the ODT software shows the TAG UID on the "Smart Card Name" Field, like:
        MIFARE Standard 1K UID: 6A 23 0E C7
and the ATR, like:
        3B 8F 80 01 80 4F 0C A0 00 00 03 06 03 00 01 00 00 00 00 6A (I know this is not the right one)
It also shows the Protocol (ISO 14443A - Part 3), the frequency (13.56 MHz) and the PICCtoPCD/PCDtoPICC speed (106 kbps)

My PM3 reads the card with no problem at all using "hf 14a reader", like this:

proxmark3> hf 14a reader
#db# 9e98 cc cc
#db# ready..
proxmark3> hf 14a list
proxmark3> recorded activity:
 ETU     :rssi: who bytes
---------+----+----+-----------
 +      0:    :     0b  00  80  07  00  00  00  04  2c  fa  33  e4  20  0b  00
00  00  00  00  00  01  52  20  0b  00  00  00  00  00  00  01  52     !crc
 +   3080:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 15  49  3a  40
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    456:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    424:   0: TAG 11  55  5f  90
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 6a  a6  0e  ae
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    456:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG b5  44  2b  a7
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    456:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 8c  6e  8a  eb
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    456:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 9f  fc  cf  83
 +      0:    :     52
 +      0:    :     52
 +    240:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    304:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 86  e5  7b  bf
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 74  36  94  1c
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG d6  05  37  9c
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    456:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 98  cd  21  89
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    456:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    424:   0: TAG 71  e9  48  89
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    456:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 32  75  71  8d
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 3b  db  4b  08
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG 54  7a  59  c0
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG f2  1e  67  02
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
 +      0:    :     60  00  f5  7b
 +    432:   0: TAG c3  34  cd  b6
 +      0:    :     52
 +      0:    :     52
 +    232:   0: TAG 04  00
 +      0:    :     93  20
 +    448:   0: TAG 6a  23  0e  c7  80
 +      0:    :     93  70  6a  23  0e  c7  80  a8  8d
 +    312:   0: TAG 08  b6  dd
proxmark3>

I want to simulate that same tag with the PM3, so I use the command "hf 14a sim 6a230ec7" (and all kinds of other UIDs), and proxmark3.exe says it is ok (even though it doesn't show the correct UUID), but when the HF antenna is moved over the OmniKey Cardman reader, the ODT software shows nothing, like there is no tag near by.

It is definitely trying to communicate or something, because the green/red LED on the OmniKey blinks rapidly (forever while the HF antenna is near) like it blinks (for a second) when a real tag is moved near the reader.

Here is what proxmark3.exe shows (wrong UIDs) on different tries:

proxmark3> hf 14a sim 123456
Emulating 14443A TAG with UID 0         1123456
--
proxmark3> hf 14a sim
Emulating 14443A TAG with UID 0               0
--
proxmark3> hf 14a sim 1 2 3
Emulating 14443A TAG with UID 0          112233
--
proxmark3> hf 14a sim 1 2 3 4 5 6
Emulating 14443A TAG with UID 1122        33445566
write failed: usb_reap: timeout error!
Trying to reopen device...
--
proxmark3> hf 14a sim 6a 23 0e c7
Emulating 14443A TAG with UID 66a2        2300ecc7
--
proxmark3> hf 14a sim 6a 23 0e c7
Emulating 14443A TAG with UID 6        6a22300e
--
proxmark3> hf 14a sim 6a230ec7
Emulating 14443A TAG with UID 6        6a230ec7
--
proxmark3> hf 14a sim 060a0203000e0c07
Emulating 14443A TAG with UID 60a0203           e0c07

Am I using the "hf 14a sim" command incorrectly ?

The Reference Manual says:

hi14asim : fake ISO 14443a tag
The command hi14asim sets the Proxmark in emulation mode. Until the button is pressed the device will respond as programmed in the firmware. We programmed the Proxmark to act like a mifare Classic 4k card. Contactless readers (such as the Omnikey 5121) run the anticollision and get convinced that they communicate with an mifare Standard 4k card. They also detect the (simulated) card's UID.

Could the problem have something to do with Mifare Classic 1K vs. Mifare Classic 4K ? (Don't think so, since the only thing we are emulating is the UID, right ?)

Any ideas or recommendations are welcome, and any help will be greatly appreciated.

Thanks.

UPDATE (10/05/2010 - 11:43pm): I also checked by reading on the OmniKey Cardman 5321 with RFIDiot v.1.0a, using isotype.py, and it says "No TAG present!" when running "hf 14a sim" and placing the PM3 HF antenna on top of the Cardman ... Once again, Green/Red LED on reader blinks forever as long as the "simulated tag" is on it. Same behavior (as if no card was present, but green/red LED blinking) happens when using readmifare1k.py (shows error) and using readmifaresimple.py (says "waiting for Mifare TAG...").

Last edited by albertoparis (2010-05-11 05:43:25)

Offline

#2 2010-06-07 19:04:04

berny
Member
Registered: 2010-03-27
Posts: 4

Re: MIFARE Classic Question ... ("hf 14a sim" not working?)

Hi albertoparis,

it seems that we are using exactly the same configuration.

I use also a Omnikey CardMan 5321 and a PM3 with the same firmware.

I try to simulate a tag with a UID with PM3 but it doesn't work.

Have you allready a idea what the problem could be?

Thanks for your reply,

Berni

Offline

#3 2010-06-08 12:40:23

XEROEFFECT
Contributor
From: Sydney Australia
Registered: 2009-07-20
Posts: 132

Re: MIFARE Classic Question ... ("hf 14a sim" not working?)

albertoparis, I know this is not related to your question but how did you get RFIDIOt to work on your pc? Whenever I import a module, for eg. transit.py, I keep getting =====restart====== in the idle without anything happening. What could be wrong?

Thanks for reading.

Offline

#4 2010-12-22 12:03:29

fang
Member
Registered: 2010-12-22
Posts: 3

Re: MIFARE Classic Question ... ("hf 14a sim" not working?)

Hi albertoparis and berni
I got almost same problem as yours but the diferences are in diferent versions of firmware of PM3. I  have even tried to do the fake tag with  readers of 3 types :Omnikey ,STIO10 OF SCM AND ER-R342 OF MINGHUA, and all failed.
I don't know what is wrong with my operation or my PM3.

Offline

Board footer

Powered by FluxBB