Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

  • Logged in as ikarus
  • Last visit: Today 11:22:42

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

Post reply

#1 2017-02-13 17:19:46

daboemann
Contributor
Registered: 2017-02-13
Posts: 2

Identifying the data format on a Sokymat card (EM4102 transponder).

Hi,

I'm trying to figure out what the format is of data on a Sokymat card, which I know has an EM4102 transponder. From the datasheet of the transponder I can see that the chip will transmit its 64 bits of data after being powered on by the RF field.
I’m able to read the card, which gives me (0xFF83C03286AA4AEA):

1111111110000011110000000011001010000110101010100100101011101010

According to the datasheet, the data is formatted as follows:

        | Data     |Parity
--------|----------|---
Header  | 111111111	
--------|----------|---
Version/| 0000     | 0   
Cust. ID| 1111     | 0
--------|----------|---
Data    | 0000     | 0
Data    | 0011     | 0
Data    | 0101     | 0
Data    | 0001     | 1
Data    | 0101     | 0
Data    | 1010     | 0
Data    | 1001     | 0
Data    | 1011     | 1
--------|----------|---
Parity  | 0101     | 0


Meaning that:
Version = 00001111
Data    = 00000011010100010101101010011011

I make the assumption that the 24 right most (or least significant) bits contain the facility code and card number. I do this assumption based on a reader that returns facility code (decimal 81) and card number (decimal 23195). The decimal card number has also been printed on the card itself, so that is why I made the assumption that the reader is working correctly. If I align the facility code and card number with the data bits, it looks like this:

Data          00000011010100010101101010011011
Fac. Code             01010001
Card number                   0101101010011011

Now this makes me really wonder what bit 24 and 25 are (the leading ‘11’). They do not make sense as parity, as a different card (with decimal 22087 printed on in) also has leading ‘11’ bits:

Data          00000011010100010101011001000111
Fac. Code             01010001
Card number                   0101011001000111

Removing the assumption of a correctly working reader, I know at least that the format is definitely not the standard 26-bit Wiegand format (H10301), as then the leading and trailing odd and even parity bits don’t add up for the first card. Plus I just think that the printed number on the cards matching with the data is too much of a coincidence. Therefore my question is: does anyone know which format this is? What are bits 24 and 25 doing and can I somehow use them to figure out if a stream of bits has this particular format?

Looking forward to your reply,

Martijn

Offline

#2 2017-02-13 19:12:14

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Identifying the data format on a Sokymat card (EM4102 transponder).

I would guess that your reader just ignores the bits prior to the fc/card#   they would only mean something to a different reader.

Offline

#3 2017-03-22 03:01:05

hkplus
Contributor
Registered: 2015-01-07
Posts: 127

Re: Identifying the data format on a Sokymat card (EM4102 transponder).

What brand is the card/reader?  I know that HID has a bunch of variations of 34 bit formats, some of the formats have three data fields, and not just two.  The third data field is usually a company code, or contains other types of information.  Some of these 34 bit formats are created as a company specific specification.  HID does use the EM4102.

Last edited by hkplus (2017-03-22 03:02:26)

Offline

Pages: 1

Post reply

Quick reply

Write your message and submit

Board footer

Powered by FluxBB