Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
Hi guys,
I have a strange issue with the simulation of an ISO14443 type A card. The anti-collision procedure works including the RATS without any problems. (At least from my point of view.)
But now I would like to use the simulated card using the PC/SC interface on my linux machine. But as I can see from the out of the PC/SC daemon, the card seems to be removed immediately after detection and the anti-collision procedure.
00421987 ifdhandler.c:1119:IFDHPowerICC() action: PowerUp, usb:072f/2200:libudev:0:/dev/bus/usb/006/017 (lun: 0)
00001994 eventhandler.c:372:EHStatusHandlerThread() powerState: POWER_STATE_POWERED
00000025 eventhandler.c:387:EHStatusHandlerThread() Card inserted into ACS ACR122U PICC Interface 00 00
00000026 Card ATR: 3B 88 80 01 4A 43 4F 50 76 32 34 31 5E
00127973 eventhandler.c:325:EHStatusHandlerThread() Card Removed From ACS ACR122U PICC Interface 00 00
00419990 ifdhandler.c:1119:IFDHPowerICC() action: PowerUp, usb:072f/2200:libudev:0:/dev/bus/usb/006/017 (lun: 0)
00002000 eventhandler.c:372:EHStatusHandlerThread() powerState: POWER_STATE_POWERED
00000026 eventhandler.c:387:EHStatusHandlerThread() Card inserted into ACS ACR122U PICC Interface 00 00
00000026 Card ATR: 3B 88 80 01 4A 43 4F 50 76 32 34 31 5E
00129913 eventhandler.c:325:EHStatusHandlerThread() Card Removed From ACS ACR122U PICC Interface 00 00I already disabled the auto power on/off feature [1] of the PC/SC daemon and tried different readers (ACR 122U, SCM SDI010, Reiner SCT cyberJack RFID) - but unfortunately without success.
Using the 'nfc-tools' and the ACR 122U I could at least verify that the anti-collision really works.
NFC reader: ACS / ACR122U PICC Interface opened
Sent bits: 26 (7 bits)
Received bits: 04 00
Sent bits: 93 20
Received bits: ca fe ba be 30
Sent bits: 93 70 ca fe ba be 30 ef 6f
Received bits: 28 b4 fc
Sent bits: e0 50 bc a5
Received bits: 0d 78 f7 b1 02 4a 43 4f 50 76 32 34 31 27 cc
Sent bits: 50 00 57 cd
Found tag with
UID: cafebabe
ATQA: 0004
SAK: 28
ATS: 0d 78 f7 b1 02 4a 43 4f
fth@kamikaze:~/scsh3.7.1364$ sudo nfc-list
nfc-list uses libnfc 1.6.0-rc1 (r1469)
NFC device: ACS / ACR122U PICC Interface opened
1 ISO14443A passive target(s) found:
ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00 04
UID (NFCID1): ca fe ba be
SAK (SEL_RES): 28
ATS: 78 f7 b1 02 4a 43 4f 50 76 32 34 31 Any clues why this happens? The 'Real' cards are not directly removed after insertion.
Thanks for your support.
Bye,
Frank
[1] http://ludovicrousseau.blogspot.de/2010/10/card-auto-power-on-and-off.html
Offline
Some additional hints:
I already figured out that the reader tries to check the presence of the card by using the method 2-a (before first I-block exchange) as defined by ISO1443-4. That means the reader/simulator exchange a couple of R-blocks.
I adjusted the simulation code to issue those R-blocks as a response to the reqders request. Here is some debugging output from my simulator:
#db# Reader:
#db# b2 67 c7
#db# Got R-Block
#db# Simulator:
#db# a3 6f c6
#db# Reader:
#db# b2 67 c7
#db# Got R-Block
#db# Simulator:
#db# a3 6f c6
#db# Reader:
#db# b2 67 c7
#db# Got R-Block
#db# Simulator:
#db# a3 6f c6 I compared the flow of my simulator to a 'real' card (retreived using 'hf 14a snoop') - and the exchanged R-blocks are identical.
Any hints?
Offline
Pages: 1