Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2021-06-05 20:41:37

mnemarchon
Contributor
Registered: 2019-08-30
Posts: 18

Emulating NFC passport chip - what should be correct MRZ here?

Not sure if this is best section, since there is none for passports, but I think it fits best.

There is an old NFC passport emulator, https://is.muni.cz/th/tc83s/proxmark3_e … ulator.zip

To build it, you'll need older gcc-arm-none-eabi toolchain and turn of -Werror.

Prebuilt ELF binaries: https://brmlab.cz/_media/project/freakc … ulator.zip

WARNING: you absolutely need working JTAG adapter for this, otherwise you'll brick your proxmark otherwise.

Use gdb+openocd (or other tool like JLink commander/Ozone) to flash both bootrom.elf and fullimage.elf in one session, only then resume execution (hint - use "file" command in gdb).

Question

The code lists MRZ as

const char mrz_info[] = "L898902C<369080619406236"

.

However that does not seem to be the full MRZ, just kmrz.

I tried to fill in the blanks to get full MRZ, got

L898902C<36908061940619406286<<<<<<<<<<<<<26

which does not seem correct.

Turning emulation on proxmark is done via:

hf 14a sim 5 01020304

The RFIdiot does not seem to agree on key with this (there is 3 flipped for 8):

python2 mrpkey.py -g -R READER_LIBNFC 'L898902C<36908061940619406286<<<<<<<<<<<<<26'

Any idea how to generate correct full MRZ for RFIdiot?

Last edited by mnemarchon (2021-06-05 20:43:53)

Offline

#2 2021-06-05 21:56:06

mnemarchon
Contributor
Registered: 2019-08-30
Posts: 18

Re: Emulating NFC passport chip - what should be correct MRZ here?

OK in short it seems that the author deliberately made the key (MRZ) unusable:

Date Of Birth: 806194
Expiry: 194062

So either the key is screwed completely which means the data need to be regenerated or just some digits are flipped which means you could maybe bruteforce it. Fresh data seems as simpler option.

Offline

#3 2021-06-19 17:22:51

iceman
Administrator
Registered: 2013-04-25
Posts: 9,530
Website

Re: Emulating NFC passport chip - what should be correct MRZ here?

RRG/Iceman has a nice support for eMRTD documents.   You can compare both.

You can also make a PR for that simulator but working on present source code instead.

Offline

#4 2021-12-24 14:20:34

kosgguy
Contributor
Registered: 2021-12-18
Posts: 56

Re: Emulating NFC passport chip - what should be correct MRZ here?

iceman wrote:

RRG/Iceman has a nice support for eMRTD documents.   You can compare both.

You can also make a PR for that simulator but working on present source code instead.

Interested, you mean the iceman standalone mode?

Thanks

Offline

#5 2021-12-24 14:44:42

iceman
Administrator
Registered: 2013-04-25
Posts: 9,530
Website

Re: Emulating NFC passport chip - what should be correct MRZ here?

no.

Offline

Board footer

Powered by FluxBB