Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2020-05-28 17:49:00

iceman
Administrator
Registered: 2013-04-25
Posts: 6,688
Website

hf legic advant

Legic Advant 1024 seems to be ISO15693-based. 
10KBit matches the 1024 byte size by far.

[usb] pm3 --> hf 15 reader
[+]  UID: E0 05 10 00 01 5F 7B 7C
[+] TYPE: Infineon; SRF55V10S [IC id = 16]  secure mode 10KBit

And the dump command fails, seems like the tag is waiting for a password?  That secure mode seems to be used.

[usb] pm3 --> hf 15 du
[=] Using UID as filename
[+] Reading memory from tag UID E0 05 10 00 01 5F 7B 7C
[-] ⛔ Tag returned Error 16: The specified block is not available (doesn't exist).

block#   | data         |lck| ascii
---------+--------------+---+----------

[+] saved 0 bytes to binary file hf-15-7C7B5F01001005E0-dump.bin
[+] saved 0 blocks to text file hf-15-7C7B5F01001005E0-dump.eml
[+] saved to json file hf-15-7C7B5F01001005E0-dump.json

Now,


The dilemma on in which category to post this in....


If you feel the love,  https://www.patreon.com/iceman1001

modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#2 2020-05-29 14:06:33

Jason
Contributor
Registered: 2016-07-21
Posts: 49

Re: hf legic advant

iceman wrote:

Legic Advant 1024 seems to be ISO15693-based.

If I remember correctly I said this few times!? I also mentioned Legic advant is a combination of a whole bunch of different chip technologies.

ATC128-MV210 -> ISO 15693
ATC256-MV210 -> ISO 15693
ATC512-MP110 -> ISO 14443A
ATC1024-MV110 -> ISO 15693
ATC2048-MP110 -> ISO 14443A
ATC4096-MP310 -> ISO 14443A
........

All chips are different technologies. For Example the 4096er uses DESfire as underlying chip technology.
So basicly you can't put this in any specific part of the forum. You must put it in nearly all sections.
Even more: The Legic CTC-Chips combine Legic advant even available in both ISO 14443A and ISO 15693 with the Legic RF standard for Legic prime. This is one single chip, able to communicate in both worlds: Advant and Prime. This again is another chip technology (I don't know the manufacturer, but I would guess NXP).

This makes it hard to talk about "Legic advant" on a technical level. Advant is a "system" not a technical "thing" in terms of chip technology.

By the way, a sniff with such a media and a working reader:

Recorded Activity (TraceLen = 22 bytes)

Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
ISO15693 - Timings are not as accurate

      Start |        End | Src | Data (! denotes parity error)
                         | CRC | Annotation
------------+------------+-----+------------------------------------------------
-------------------------+-----+--------------------
          0 |         16 | Rdr |13  a0  05  10  7d  00  66  c2  4e  d6  4a  26
                         |  ok | Cust IC MFG dependent

This is one with a valid segment:

Recorded Activity (TraceLen = 88 bytes)

Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
ISO15693 - Timings are not as accurate

      Start |        End | Src | Data (! denotes parity error)
                         | CRC | Annotation
------------+------------+-----+------------------------------------------------
-------------------------+-----+--------------------
          0 |         16 | Rdr |27  01  00  2a  50
                         |  ok | INVENTORY
      34414 |      39882 | Tag |bb! d4! bb! 0f! 0f! 0f! 04  bb!
                         | !crc|
      80463 |      89124 | Tag |bb! d4! bb! 0f! 0f! 0f! 04  bb!
                         | !crc|
     135405 |     139788 | Tag |bb! d4! bb! 0f! 0c! 00! 04  bb!
                         | !crc|
     187973 |     194501 | Tag |bb! d4! bb! 0f! 0c! 00! 04  bb!
                         | !crc|
     251004 |     257512 | Tag |bb! d4! bb! 0f! 0f! 0c! 04  bb!
                         | !crc|
     313373 |     322843 | Tag |bb! d4! bb! 0f! 0c! 07  04  bb!
                         | !crc|
     376448 |     386833 | Tag |bb! d4! bb! 0f! 08  07  04  bb!
                         | !crc|
     432811 |     442900 | Tag |bb! d4! bb! 0f! 08  00! 04  bb!
                         | !crc|
     492054 |     500811 | Tag |bb! d4! bb! 0f! 08  00! 04  bb!
                         | !crc|
     566328 |     576365 | Tag |bb! d4! bb! 0f! 08  0f! 04  bb!
                         | !crc|
     642748 |     642761 | Rdr |13  a0  05  10  79  00  ac  5a  6f  f9  34  7d
                         |  ok | Cust IC MFG dependent
     675986 |     676004 | Tag |bb! d4! bb! 0c! 00! 00! 02  bb!
                         | !crc|
     704383 |     709845 | Tag |bb! 33! bb! 00! 00! 0f! 04  bb!
                         | !crc|
     799574 |     808419 | Tag |bb! d4! bb! 0f! 0f! 0f! 04  bb!
                         | !crc|
     869885 |     878689 | Tag |bb! d4! bb! 0f! 0f! 0f! 04  bb!
                         | !crc|
     939706 |     948643 | Tag |bb! d4! bb! 0f! 0f! 0f! 04  bb!
                         | !crc|
     998480 |     998498 | Tag |bb! 33! bb! 01  0c! 00! 04  bb!
                         | !crc|
    1142032 |    1142048 | Rdr |13  a0  05  10  0c  00  7b  c9  15  0f  fb  fa
                         |  ok | Cust IC MFG dependent
    1182280 |    1187656 | Tag |bb! d4! bb! 03! 0f! 0f! 04  bb!
                         | !crc|
    1226908 |    1236894 | Tag |bb! d4! bb! 03! 0f! 0f! 04  bb!
                         | !crc|
    1290940 |    1293382 | Tag |bb! d4! bb! 03! 0f! 0f! 04  bb!
                         | !crc|

(is hard to get a working sniff in this mode)

Last edited by Jason (2020-05-29 14:42:57)

Offline

Board footer

Powered by FluxBB