Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

  • Logged in as ikarus
  • Last visit: Today 11:22:42

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

Post reply

#1 2009-04-09 11:57:31

ereon
Member
Registered: 2009-03-31
Posts: 7

Strange MIFARE trace

Hi,

I'm currently playing with the hi14asnoop and hi14alist tools, trying to log the communication process between a blank Mifare card (sector key all set to FF FF FF FF FF FF) and my OmniKey 5321.

I've read many posts about the subject but I think i'm getting strange logs.

I put my proxmark HF antenna between the card and the reader, started the hi14asnoop command and then started a successful authentication process using key FF FF FF FF FF FF to read the whole sector 0 content. Here is the log i get :

> hi14alist
recorded activity:
 ETU     :rssi: who bytes
---------+----+----+-----------
 +      0:   0: TAG 04    
 +   5672:   0: TAG 04  00    
 +   3280:   0: TAG 64  6a  3b  85  b0    
 +   4848:   0: TAG 08  b6  dd    
 +  91904:   0: TAG 04    
 +   5688:   0: TAG 04  00    
 +   3328:   0: TAG 64  6a  3b  85  b0    
 +   4824:   0: TAG 08  b6  dd    
 +  92004:   0: TAG 04    
 +   5776:   0: TAG 04  00    
 +   3296:   0: TAG 64  6a  3b  85  b0    
 +   4840:   0: TAG 08  b6  dd    
 +  91812:   0: TAG 04    
 +   5664:   0: TAG 04  00    
 +   3184:   0: TAG 64  6a  3b  85  b0    
 +   4744:   0: TAG 08  b6  dd    
 +  92251:   0: TAG 04    
 +   5640:   0: TAG 04  00    
 +   3312:   0: TAG 64  6a  3b  85  b0    
 +   4881:   0: TAG 08  b6  dd    
 +  91899:   0: TAG 04    
 +   5856:   0: TAG 04  00    
 +   3408:   0: TAG 64  6a  3b  85  b0    
 +   4864:   0: TAG 08  b6  dd    
 +  91571:   0: TAG 04    
 +   5664:   0: TAG 04  00    
 +   3297:   0: TAG 64  6a  3b  85  b0    
 +   4848:   0: TAG 08  b6  dd    
 +  92027:   0: TAG 04    
 +   5760:   0: TAG 04  00    
 +   3296:   0: TAG 64  6a  3b  85  b0    
 +   4768:   0: TAG 08  b6  dd    
 +  92002:   0: TAG 04    
 +   5778:   0: TAG 04  00    
 +   3184:   0: TAG 64  6a  3b  85  b0    
 +   4856:   0: TAG 08  b6  dd    
 +  91914:   0: TAG 04    
 +   5672:   0: TAG 04  00    
 +   3296:   0: TAG 64  6a  3b  85  b0    
 +   4864:   0: TAG 08  b6  dd    
 +  91924:   0: TAG 04    
 +   5672:    :     52    
 +     64:   0: TAG 04  00    
 +   3304:   0: TAG 64  6a  3b  85  b0    
 +   4848:   0: TAG 08  b6  dd    
 +  91812:   0: TAG 04    
 +   5664:   0: TAG 04  00    
 +   3288:   0: TAG 64  6a  3b  85  b0    
 +   4864:   0: TAG 08  b6  dd    
 +  92004:   0: TAG 04    
 +   5784:   0: TAG 04  00    
 +   3280:   0: TAG 64  6a  3b  85  b0    
 +   4760:   0: TAG 08  b6  dd    
 +  91915:   0: TAG 04    
 +   5640:   0: TAG 04  00    
 +   3296:   0: TAG 64  6a  3b  85  b0    
 +   4873:   0: TAG 08  b6  dd    
 +  92011:   0: TAG 04    
 +   5664:   0: TAG 04  00    
 +   3288:   0: TAG 64  6a  3b  85  b0    
 +   4880:   0: TAG 08  b6  dd    
 +  75675:    :     60  00  f5  7b    
 +    112:   0: TAG de  d6  04  5f    
 +   3408:   0: TAG ac  4b! c4  c8    
 +   3016:   0: TAG 9c! a8  0a  4a  92  9a  0e  cc! d0  82  86  08  52  89  3c! 01! 07  a8!     !crc
 +   3592:   0: TAG d0  d7! a3  f2  cd! 5c! d3  65! 31! 6a  ac  7c  a1  2f! f6! 91  8a  23!     !crc
 +   3592:   0: TAG 58! 12! 25  97  87  3e! 8c  05! 71  f2! 5c! 5b! 4a! 06! d5! fc! 34! 9e      !crc
 +   9992:    :     52    
 +     64:   0: TAG 04  00    
 +   3393:   0: TAG 64  6a  3b  85  b0    
 +   4872:   0: TAG 08  b6  dd    
 +1702905:   0: TAG 04    
 +   5856:   0: TAG 04  00    
 +   3296:   0: TAG 64  6a  3b  85  b0    
 +   4880:   0: TAG 08  b6  dd    
 +  91707:   0: TAG 04    
 +   5881:   0: TAG 04  00    
 +   3248:   0: TAG 64  6a  3b  85  b0    
 +   4760:   0: TAG 08  b6  dd

Well, i surely recognize the tag's UID and some other parts of the communication process. But I don't really understand why almost all the messages are prefixed with "TAG". Where are the log entries of my reader ?

Could this situation have something to do with my antenna ?

Here is the result of the tune command without then with a Mifare card on the proxmark :

> tune
# LF antenna @   0 mA /   134 mV [1273 ohms] 125Khz
# LF antenna @   0 mA /   134 mV [1187 ohms] 134Khz
# HF antenna @  12 mA /  3029 mV [235 ohms] 13.56Mhz
> tune
# LF antenna @   0 mA /     0 mV [1273 ohms] 125Khz
# LF antenna @   0 mA /     0 mV [1187 ohms] 134Khz
# HF antenna @   5 mA /  1385 mV [235 ohms] 13.56Mhz

If this can help, i'm using the 20081211_prox version of the firmware.

Any clue ?

Last edited by ereon (2009-04-09 11:58:11)

Offline

#2 2009-04-09 12:58:13

touf
Contributor
Registered: 2008-12-11
Posts: 27

Re: Strange MIFARE trace

your antenna is not good !
you should have around 10v to 16v

so you are not getting any signal from your reader

Offline

#3 2009-04-09 16:00:28

ereon
Member
Registered: 2009-03-31
Posts: 7

Re: Strange MIFARE trace

Thanks for your answer,

I somehow tuned my antenna and now i'm having these results :

> tune
# LF antenna @   0 mA /     0 mV [1273 ohms] 125Khz
# LF antenna @   0 mA /   134 mV [1187 ohms] 134Khz
# HF antenna @  54 mA / 12697 mV [235 ohms] 13.56Mhz

But when I process to the same tests as before, i still got this kind of log entries :

 +  90962:   0: TAG 04    
 +   5866:   0: TAG 04  00    
 +   3192:   0: TAG 64  6a  3b  85  b0    
 +   4856:   0: TAG 08  b6  dd    
 +  91674:   0: TAG 04    
 +   5640:   0: TAG 04  00    
 +   3184:   0: TAG 64  6a  3b  85  b0    
 +   4984:   0: TAG 08  b6  dd    
 +  75908:    :     60  00  f5  7b    
 +    112:   0: TAG b2  47  95  14    
 +  29672:   0: TAG 83  57! 38  9d    
 +   3080:   0: TAG ef! 43! 43! 3c  5b! 6d  09! fc! 4e  25! 12! d6  76! 18! 40  41! a6! 96      !crc
 +   3528:   0: TAG b8! db  aa  c4  b9! 8a  d3  31! 86  71! af! b7! e9! 0a  b2  28! b8  e6      !crc
 +   3472:   0: TAG e1! e7! 51! 70! 68  57  27  58! 34  f3  4e  20! e6  39! 19  e5  58! 66      !crc
 +   4288:    :     bf  2d  c6  42      !crc
 +   3138:   0: TAG 04  00    
 +   3168:   0: TAG 64  6a  3b  85  b0    
 +   4656:   0: TAG 08  b6  dd    
 +1693170:   0: TAG 04    
 +   5768:   0: TAG 04  00    
 +   3304:   0: TAG 64  6a  3b  85  b0

There is one thing i don't understand :

Giving this line :

 +  75908:    :     60  00  f5  7b

This is a message sent by the reader. So i apparently can see some reader sent messages. But if you look two lines before :

 +   3184:   0: TAG 64  6a  3b  85  b0    
 +   4984:   0: TAG 08  b6  dd

The second line is a response to the MIFARE SELECT WITH UID command which I can't see on the logs !

What is possibly wrong ?

Offline

#4 2009-04-09 17:14:31

edo512
Contributor
Registered: 2008-10-07
Posts: 103

Re: Strange MIFARE trace

This is possibly due to the relative position of your antenna, reader & tag: I found that desktop readers are low powered and you can place the proxmark antenna about anywhere. When it comes to door readers, this is much more difficult: you have to experiment with the proxmark antenna placement. In my particular case, I had most success placing the antenna not over the tag, not between the tag & reader, but with the antenna next to the tag, facing the reader... (not sure this is clear ?)

Last edited by edo512 (2009-04-09 23:12:47)

Offline

#5 2009-04-09 21:05:02

d18c7db
Contributor
Registered: 2008-08-19
Posts: 292

Re: Strange MIFARE trace

I found I'm getting good results when the card is positioned at 45 degrees to my PM3 antenna. Try adjusting the angle of your reader with respect to the PM3 board.

Last edited by d18c7db (2009-04-09 21:08:45)

Offline

#6 2009-04-09 21:11:58

rule
Member
Registered: 2008-05-21
Posts: 417

Re: Strange MIFARE trace

The best results I got was placing the Proxmark antenna direct on top of the reader and than waving the tag 1cm away from the antenna. If you use a desktop reader in stead of a door-reader you could place bubble-plastic on top of the antenna before laying the tag on it. I hope it helps.

Offline

#7 2009-07-01 15:45:28

ereon
Member
Registered: 2009-03-31
Posts: 7

Re: Strange MIFARE trace

Oh my bad, i managed to make it work and forgot to thank.

Thank you four your advices, it was indeed just an antenna position problem.

Offline

#8 2009-07-03 04:34:59

Sly
Contributor
Registered: 2009-03-02
Posts: 19

Re: Strange MIFARE trace

I'd actually say the best results I've had is while placing the antenna on the oppersite side of the card from the reader... everytime I place it between the tag and reader I got only one side of the comms. Also placing a part of the coil over where I assume the tag is inside the card rather than placing the coils center to the chip.

Offline

Pages: 1

Post reply

Quick reply

Write your message and submit

Board footer

Powered by FluxBB