Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2012-09-17 21:01:34

reks13
Contributor
Registered: 2010-12-10
Posts: 16

Simbidir - how to get data from simulated hitag

I used command simbidir, another reader write some data to emulated hitag and changed password and configuration byte.
How i can get data from emulated hitag?
Pls help me, i cant find info about emulate hitag2 on forum.

Offline

#2 2012-09-18 14:56:33

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Simbidir - how to get data from simulated hitag

You should create a binary memory dump of a hitag2 transponder. You can look at the "hitag2.ht2" example  in the client folder.

Offline

#3 2012-09-19 18:05:22

reks13
Contributor
Registered: 2010-12-10
Posts: 16

Re: Simbidir - how to get data from simulated hitag

I know it but where i can see changed data?
It will write back to file hitag.ht2? Or i need use another command to get it?

Offline

#4 2012-09-19 19:32:47

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Simbidir - how to get data from simulated hitag

use a hex-editor to change the transponder image

Offline

#5 2012-09-20 05:57:13

reks13
Contributor
Registered: 2010-12-10
Posts: 16

Re: Simbidir - how to get data from simulated hitag

I know how to change data.
I asking about how i can read data which was changed by reader-writer after work with emulated TAG.

Offline

#6 2012-09-20 13:32:29

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Simbidir - how to get data from simulated hitag

You could add a function to save the dump back to a file. If you look at the functionality to load the memory, it is not hard to add one to save it again. Let us know when you have a patch that implements that, it would be nice to share all development.

Offline

#7 2012-09-24 17:03:12

Thijs
Member
Registered: 2012-09-20
Posts: 5

Re: Simbidir - how to get data from simulated hitag

I did modified the cmdlfhitag.c file so that I can write the list back to a file (with my little know-how about c).

You can use it with the following command:

proxmark3> lf hitag list output.ht2
recorded activity:          
 ETU     :rssi: who bytes          
---------+----+----+-----------          
 +      0:    :     c0             
 +    187:   0: TAG 47! 26  ea  b3             
 +     90:    :     4d  49  4b  52             
 +    187:   0: TAG 00! aa! 48! 54             
 +     90:    :     c1  c0             
 +    187:   0: TAG 47! 26  ea  b3             
 +     90:    :     c9  80             
 +    187:   0: TAG 4d! 49  4b! 52             
 +     90:    :     d1  40             
 +    187:   0: TAG 00! 00! 4f  4e!            
 +     90:    :     d9  00             
 +    187:   0: TAG 00! aa! 48! 54             
 +     90:    :     e0  c0             
 +    186:   0: TAG ff! ff! ff! ff!            
 +     90:    :     e8  80             
 +    187:   0: TAG ff! ff! ff! ff!            
 +     90:    :     f0  40             
 +    186:   0: TAG 00! 00! ff! ff!            
 +     90:    :     f8  00             
 +    187:   0: TAG ff! ff! ff! ff!            
List output succesfully written to file: output.ht2

In your client dir, you will find an file called output.ht2

I don't know if this is useful? Let me know

Offline

#8 2012-10-02 10:02:34

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Simbidir - how to get data from simulated hitag

Hey Thijs,

This would be very useful. Are you willing to commit the changes back into the SVN?
If so, please send me your google account, I'll make sure you get access.

Best regards,

  Roel

Offline

#9 2013-02-04 20:52:44

reks13
Contributor
Registered: 2010-12-10
Posts: 16

Re: Simbidir - how to get data from simulated hitag

It very good for password mode but if reader-writer device change CFG bit to crypto mode i cant read any info from LOG.
Best way is write to file all pages of transponder.

ETU     :rssi: who bytes
--------+----+----+-----------
+      0:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+    910:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+    195:    :     4d  49  4b  52
+      0:   0: TAG 06! aa! 48! 54
+    195:    :     d1  40
+      0:   0: TAG 20  68  4f  4e!
+    193:    :     e0  c0
+      0:   0: TAG 46  5f! 4f  4b!
+    204:    :     e8  80
+      0:   0: TAG 55! 55! 55! 55!
+    204:    :     f0  40
+      0:   0: TAG 00! 00! 00! 22!
+    193:    :     f8  00
+      0:   0: TAG 00! 00! 00! 11!
+    204:    :     c9  80
+      0:   0: TAG 4d! 49  4b! 52
+    910:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+    911:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+    195:    :     4d  49  4b  52
+      0:   0: TAG 06! aa! 48! 54
+    193:    :     d1  40
+      0:   0: TAG 20  68  4f  4e!
+    193:    :     e0  c0
+      0:   0: TAG 46  5f! 4f  4b!
+    172:    :     e8  80
+      0:   0: TAG 55! 55! 55! 55!
+    201:    :     f0  40
+      0:   0: TAG 00! 00! 00! 22!
+    196:    :     f8  00
+      0:   0: TAG 00! 00! 00! 11!
+    202:    :     c9  80
+      0:   0: TAG 4d! 49  4b! 52
+    910:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+    194:    :     4d  49  4b  52
+      0:   0: TAG 06! aa! 48! 54
+    191:    :     9b  00
+      0:   0: TAG 9b  00!
+    187:    :     0e  aa  48  54
+    908:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+   2230:    :     cd  80  b6  ce  14  83  f0  63
+      0:   0: TAG 74! ec  24! 21!
+   3057:    :     ec  c0
+      0:   0: TAG 11! c0!
+   1051:    :     2b  98  36  6a
+    910:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+   2233:    :     d3  9d  1b  56  b5  67  2f  3e
+      0:   0: TAG 63! 3e  88! d8!
+   2977:    :     76  40
+      0:   0: TAG 79  40
+   1063:    :     ca  61  f1  0d
+    910:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+   2213:    :     6c  2d  95  6e  f8  9d  e0  71
+      0:   0: TAG ad  c2  f8  82!
+   3027:    :     8d  00
+      0:   0: TAG 7d! 00!
+   1068:    :     da  98  b1  36
+    910:    :     c0
+      0:   0: TAG ff! c3! 02  1c
+   2223:    :     3d  55  dc  08  1a  bb  d0  20
+      0:   0: TAG da  6a! 04  01
+   3083:    :     4c  c0
+      0:   0: TAG b3  00!
+   1060:    :     74  59  dd  ff

Offline

Board footer

Powered by FluxBB