Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hi community!
in the last days i was trying to understand the legic prime system in depth to improve the simulator code. reading and writing cards (mim256/1024) works flawlessly (using a nice self-made antenna for my C35=100pF proxmark).
Up to now i found some little flaws and irregularities concerning when using non-mim1024 cards, but now to my main issue.
The reader i am 'using' never sends an IV of 0x55.... really never i wrote some code to log the timing but everything seems to be fine (first transmitted bit of IV always 1; always 7bits long), except i never get 0x55... (not 10%, not 1.5%... 0% of the time)
So i looked at the code: frame_handle_tag(...) is some specific about using 0x55, trying to make it work with any IV failed... so i did a little test and saw where my major problem is.
In the well working reader code i altered the fixed SESSION_IV (0x55) in LegicRfReader(...) to something else and reading a card always now fails. How could that be? The prng-algorithm has to be correct, it is hardwired in the silicon.
LFSR_should be a=IV, LFSR_B=IV<<1|1.
Why isn't the code working for arbitrary IVs? Btw. the first IV used in perform_setup_phase_rwd(...) to get the card type always works fine, but changing the IV in the 2nd perform_setup_phase_rwd(...) fails with crc-mismatches.
Maybe someone has any idea... i really want to get this simulation code finally fixed.
With best regards,
gonzo
Gosh... finally i fixed the simulation code. The reader and writer code had bugs too and only accidentally worked with an IV of 0x55.
I should mention that i did not have a reader on my desk... i had to go 500m to my parking garage every time to test my code
I will post a patch in several days as soon i cleaned it up and removed all my debugging code.