Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Ive tried this with many different tags and thresholds and always get the same result. This was tested with a good ioprox.
pm3 --> lf config t 40
#db# LF Sampling config:
#db# [q] divisor: 95
#db# [] bps: 8
#db# [d] decimation: 1
#db# [a] averaging: 1
#db# [t] trigger threshold: 40
pm3 --> lf se
#db# DownloadFPGA(len: 42096)
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
command execution time out
Reading 30000 bytes from device memory
Data fetched
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
Samples @ 0 bits/smpl, decimation 1:0
Unpacking...
Unpacked 30000 samples
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
No Known Tags Found!
pm3 -->
hmmm looks like someone added a timeout in the lf search ...
it appears you'd have to run:
lf read
once tag was read:
data samples
lf search 1
for the threshold to work currently...
add it to the list...
Last edited by marshmellow (2016-02-24 00:09:09)
For the next hardware version, i like to see..
* On/off power button, so i dont have to pull out the usb kabel when it locksup or just dont work
* Some input/output pins to add external sensors there can be used by the proxmark3 lua code, like be able to connect color light sensors to the pins for detecting when external rfid kaypad it having an red/green led, sound sensor for beeps
* UHF range 8xxmhz(or some thing) for both the US and EU range
just some ideas....
EM4x05 full read/write/password can be crossed off..
That is fully possible. As long as you can manually demod the snoop.
@lohcm88, if you look at my fork, I've a timestamp part commented out from the code. The logfile looks like crap when its enabled but thats what you are looking for. I think it was in client/util.c "addtologfile"
Hello,
I was curious that just by using send command., can we perform below communication?
R: 26 => Welcome (REQA) (or use WUPA = 0x52)
T: 44 03 => Respond (ATQA)
R: 93 20 => Select cascade 1 (SEL)
T: 88 04 34 74 cc => CT, UID(byte 1,2,3), BCC
R: 93 70 88 04 34 74 cc 0e 05 => Select available tag (SEL)
T: 24 d8 36 => Select Acknowledge (SAK)
R: 95 20 => Select cascade 2 (SEL)
T: e1 e3 1c 80 9e => UID(byte 4,5,6,7), BCC
R: 95 70 e1 e3 1c 80 9e b9 e1 => Finish select (SEL)
T: 20 fc 70 => SAK without cascade bit set
R: e0 50 bc a5 => Request Answer to Select (RATS)
T: 06 75 77 81 02 80 => ATS (DESFire EV1)
R: 50 00 57 cd => Disable (HALT)
If not, It would be great to see that in proxmark3 by just having simple command to send above communication.
Regards,
Jk123
@Jk123 Please don't double post. The hf 14a raw cmd is what you are looking for.
A standalone keyring- The ability to program a number of UIDs in via the console that can then later be used in standalone mode, and the ability to save all the UIDs read in standalone mode into the onboard memory for later use from the console.
Last edited by cds333 (2019-04-19 22:16:40)
I would like to see some more banking releated cards(EMF Specification): Card Scheme, Card Number, Card Expiration Date:
the full public readable part. i wonder because my mobile app can read this, i could not get this information with proxmark.
the girogo card was fine too, i believe it is the same like above, but not sure. i can provide sample-datasets if needed.
@iceman did not tried them right now, will do so :-D haven't realized that they are available
Two things:
An "until-terminated" long time search flag
lf search F (F is for FOREVER, or at least until someone halts it with ctrl+C/ctrl+D/pressing pm3 button)
The "hf search" wish listed above.
A combined "search" command that cycles through lf search and hf search.
The FOREVER flag on a combined "search" command would be so useful.
For example:
pm3 > sea F
And now my proxmark3 just searches and searches, sometimes finding valid cards and never stopping until I tell it to.
A command line argument to prevent the client from logging anything (log or history, or creating a .proxmark3 directory in the home directory) would be nice. The only way to do that now is to unset HOME, so it doesn't know where to create the files/directory.
Last edited by Rosco (2020-05-21 02:48:36)