STATUS:
Contact
| ||||
|---|---|---|---|---|
| Day | Events | |||
| 12/10 Tuesday | 2000 meetup | |||
| 12/12 Thursday | ||||
| Day | Events | |||
Sponsors
[[FreakCard]]
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
project:freakcard:start [2019/11/05 23:54] abyssal [High Frequency (HF) card] Magic Desfire |
project:freakcard:start [2019/12/02 02:26] (current) abyssal [High Frequency (HF) card] ISO-15693 magic cards |
||
|---|---|---|---|
| Line 430: | Line 430: | ||
| Proxmark can read them and so can some android phones. | Proxmark can read them and so can some android phones. | ||
| - | They contain UID and 64 bytes of data. Reading with proxmark can be done with: | + | They contain UID and 4-byte blocks of data. Reading with proxmark can be done with: |
| <code> | <code> | ||
| - | hf 15 dumpmemory | + | pm3 --> hf 15 reader |
| + | UID : E0 16 24 66 1E C1 A5 AD | ||
| + | TYPE : EM-Marin SA (Skidata); EM4233 [IC id = 09] 23,5pF CustomerID-102 | ||
| + | pm3 --> hf 15 dump | ||
| + | [=] Using UID as filename | ||
| + | Reading memory from tag UID E0 16 24 66 1E C1 A5 AD | ||
| + | ....................................................[-] Tag returned Error 15: Unknown error. | ||
| + | |||
| + | |||
| + | block# | data |lck| ascii | ||
| + | ---------+--------------+---+---------- | ||
| + | 0/0x00 | 3F 08 1A 4D | 0 | ?..M | ||
| + | 1/0x01 | 82 18 60 20 | 0 | ..` | ||
| + | 2/0x02 | 00 38 00 50 | 0 | .8.P | ||
| + | 3/0x03 | 1C 48 33 00 | 0 | .H3. | ||
| + | 4/0x04 | 1B 00 00 00 | 0 | .... | ||
| + | 5/0x05 | 00 00 00 00 | 0 | .... | ||
| + | 6/0x06 | 00 00 00 00 | 0 | .... | ||
| + | 7/0x07 | 00 00 00 00 | 0 | .... | ||
| + | 8/0x08 | 00 00 00 00 | 0 | .... | ||
| + | 9/0x09 | 00 00 00 00 | 0 | .... | ||
| + | 10/0x0A | 00 00 00 00 | 0 | .... | ||
| + | 11/0x0B | 00 00 00 00 | 0 | .... | ||
| + | 12/0x0C | 00 00 00 00 | 0 | .... | ||
| + | 13/0x0D | 00 00 00 00 | 0 | .... | ||
| + | 14/0x0E | 00 00 00 00 | 0 | .... | ||
| + | 15/0x0F | 00 00 00 00 | 0 | .... | ||
| + | 16/0x10 | 00 00 00 00 | 0 | .... | ||
| + | 17/0x11 | 00 00 00 00 | 0 | .... | ||
| + | 18/0x12 | 00 00 00 00 | 0 | .... | ||
| + | 19/0x13 | 00 00 00 00 | 0 | .... | ||
| + | 20/0x14 | 00 00 00 00 | 0 | .... | ||
| + | 21/0x15 | 00 00 00 00 | 0 | .... | ||
| + | 22/0x16 | 00 00 00 00 | 0 | .... | ||
| + | 23/0x17 | 00 00 00 00 | 0 | .... | ||
| + | 24/0x18 | 00 00 00 00 | 0 | .... | ||
| + | 25/0x19 | 00 00 00 00 | 0 | .... | ||
| + | 26/0x1A | 00 00 00 00 | 0 | .... | ||
| + | 27/0x1B | 00 00 00 00 | 0 | .... | ||
| + | 28/0x1C | 2A 80 53 42 | 0 | *.SB | ||
| + | 29/0x1D | 1F 90 53 42 | 0 | ..SB | ||
| + | 30/0x1E | 33 00 00 00 | 0 | 3... | ||
| + | 31/0x1F | 00 00 00 00 | 0 | .... | ||
| + | 32/0x20 | 00 00 00 00 | 0 | .... | ||
| + | 33/0x21 | 00 00 00 00 | 0 | .... | ||
| + | 34/0x22 | 00 00 00 00 | 0 | .... | ||
| + | 35/0x23 | 00 00 00 00 | 0 | .... | ||
| + | 36/0x24 | 00 00 00 00 | 0 | .... | ||
| + | 37/0x25 | 00 00 00 00 | 0 | .... | ||
| + | 38/0x26 | 00 00 00 00 | 0 | .... | ||
| + | 39/0x27 | 00 00 00 00 | 0 | .... | ||
| + | 40/0x28 | 00 00 00 00 | 0 | .... | ||
| + | 41/0x29 | 00 00 00 00 | 0 | .... | ||
| + | 42/0x2A | 22 00 E1 23 | 0 | "..# | ||
| + | 43/0x2B | C0 05 1B 01 | 0 | .... | ||
| + | 44/0x2C | 4A 5C A0 1D | 0 | J\.. | ||
| + | 45/0x2D | 1A 30 00 12 | 0 | .0.. | ||
| + | 46/0x2E | 50 E7 AB EC | 0 | P... | ||
| + | 47/0x2F | 60 00 00 00 | 0 | `... | ||
| + | 48/0x30 | 00 00 40 7B | 0 | ..@{ | ||
| + | 49/0x31 | 00 68 20 15 | 0 | .h . | ||
| + | 50/0x32 | 00 00 00 00 | 0 | .... | ||
| + | 51/0x33 | 00 00 00 00 | 0 | .... | ||
| </code> | </code> | ||
| - | Latest proxmark 2.3.0 has some basic ISO 15693 simulation functionality, but it's not working properly yet. | + | Rfxsecure.com sells magic ISO-15693 cards with changeable UID. Either you need the iso15_magic from RRG repo or "hf 15 csetuid" from the official repo. The official repo's client segfaults on this right now, although it seems to change UID before segfault (signed/unsigned integer confusion, negative received octet count, etc). Proxmark developers have abysmal code standards and can't even use tags in repos. |
| - | AFAIK there are no "Chinese backdoored clones" that would allow changing of UID. | + | Changing UID, depending on repo (you need iso15_magic from RRG + read15.lua) or the segfaulting official repo with "hf 15 csetuid": |
| + | <code> | ||
| + | proxmark3> hf 15 reader | ||
| + | #db# 12 octets read from IDENTIFY request: | ||
| + | #db# NoErr CrcOK | ||
| + | #db# 00 00 bf a5 c1 1e 66 24 | ||
| + | #db# 16 e0 56 a3 | ||
| + | #db# UID = E01624661EC1A5BF | ||
| + | proxmark3> hf 15 csetuid E01624661EC1A5CA | ||
| + | | ||
| + | new UID | e0 16 24 66 1e c1 a5 ca | ||
| + | Using backdoor Magic tag function | ||
| + | received -1 octets | ||
| + | Thread 4 "WorkerThread" received signal SIGSEGV, Segmentation fault. | ||
| + | </code> | ||
| + | |||
| + | With the magic scripts: | ||
| + | |||
| + | <code> | ||
| + | script run iso15_magic.lua -u E004013344556677 | ||
| + | </code> | ||
| + | Neither will work on the first time likely. Retry at least 3 times. Same with "hf 15 dump" and "hf 15 restore". | ||
| + | Note on cloned skipass ISO-15693 cards - they have counter in sector 2, so as soon as your cloned cards will desync, one of them will stop working. | ||
| ==== Low Frequency card ==== | ==== Low Frequency card ==== | ||
| Emulation in general: http://www.t4f.org/en/projects/open-rfid-tag/55 this looks like a very nice generic emulator for LF, some hw guru could look into assembling it? lukash willing to help :) | Emulation in general: http://www.t4f.org/en/projects/open-rfid-tag/55 this looks like a very nice generic emulator for LF, some hw guru could look into assembling it? lukash willing to help :) | ||
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
