Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2009-02-19 23:41:28

henrym97
Contributor
From: North America
Registered: 2009-01-23
Posts: 18

14443A Card Emulation

Does anyone know what sideband the PM3 transmits on when doing 1443A card emulation? 12.7 MHz or 14.4 MHz?   

If I understand the HW correctly the '244 drivers modulate the input square wave by toggling the PWR_OE signals.  So a square wave comes in and by turning on/off the '244 drivers, the OOK modulation is added to the signal and sent to the antenna.  So does the FPGA generate a 12.7 MHz or 14.4 MHz signal?  Or am I missing something and the card emulation response is done totally differently?

Any help is greatly appreciated.  I am in the process of trying to measure the input square wave, but this is easier said than done...  especially since it seems like the code only wants to transmit a card response after a reader command is received.

Offline

#2 2009-02-20 16:49:08

henrym97
Contributor
From: North America
Registered: 2009-01-23
Posts: 18

Re: 14443A Card Emulation

OK- so I think I am a LITTLE clearer now... but still confused.

It looks like 'hi14asim' function actually modulates the response message onto a 847.5 kHz carrier in the FPGA, then routes this signal out to PWR_OE4.  Then, this is 'mixed' with the 13.56 MHz field through the '244 drivers.

Does PWR_HI actually output a 13.56 MHz waveform during this mode?  Or, is the mixing accomplished only by turning onn/off the '244 drivers in the presence of the reader field.  This last point is what I cannot quite figure out.  From measurements, it doesn't look like the PM3 sends anything out of PWR_HI during 'hi14asim'.

Help from anyone who has investigated the HW and physical layer before would be greatly appreciated.

Thanks!

Offline

#3 2009-02-23 10:37:17

gerhard
Contributor
Registered: 2008-05-21
Posts: 5

Re: 14443A Card Emulation

In the hi14asim the proxmark 3 will emulate a card.
As is usual in passive RFID the tag produces no carrier but gets powered by the field of a reader. The answers of the tag are then modulated in the 847.5kHz subcarriers. In case of ISO14443-A by manchester encoding.

A card itself produces no carrier. So thats why the proxmark also does not output on PWR_HI in this emulation mode.
Yes, indeed by turning on/off the signal on PWR_OE4 the answer is modulated into the field.
I wrote the FPGA modulation for ISO14443-A but do know very little about the hardware. So, I hope this is clear to you. (I do for example not know what you mean by '244, but I guess it has something to do with PWR_OE4?)

Furthermore, the only mode where the Proxmark 3 generates 13.56MHz itself is when it acts like a reader. Also in eavsdropping mode the device does not power PWR_HI. You can find the possible modes in armsrc/apps.h

Regards,
Gerhard

Offline

#4 2009-02-23 13:24:46

henrym97
Contributor
From: North America
Registered: 2009-01-23
Posts: 18

Re: 14443A Card Emulation

gerhard wrote:

I wrote the FPGA modulation for ISO14443-A but do know very little about the hardware. So, I hope this is clear to you. (I do for example not know what you mean by '244, but I guess it has something to do with PWR_OE4?)

Gerhard,

Thanks for clearing that up- By '244 I just meant the HEX drivers that follow the FPGA to amplify the signal to the antenna.

Offline

Board footer

Powered by FluxBB