Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-02-20 16:27:33

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

LF transmission power is limited, anyway to boost?

i'm running up against what appears to be a limitation on the hardware side, that of the LF transmission power.  small tags often don't respond to transmissions as they cannot receive it.  larger card size tags work fine.

i've snooped the transmission with another pm3 and the transmission power of the pm3 is significantly lower than snoops of valid readers, especially when it comes to maintaining long high peaks. (low peaks don't seem to be a problem...)

(this affects lf simulations, hitag, em4x05, and other lf tags that require two way comms.)

is there a way to add a component to help this issue or some software work-around someone has done?

Thanks!

(btw, i'm running standard (old) pm3 stock boards mainly from proxmark3.com)


[edit] additional info:
place a em4x05 card on the antenna (40v) and issue a new lf em 4x05info cmd and it works fine. 
pull that card a cm away and it fails to receive the command to get into the command mode of the chip.

keyfobs never are able to go into command mode despite verifying the command sent matches that of another reader that is able to get the fob in command mode.

Offline

#2 2018-08-25 14:07:40

robots01
Contributor
Registered: 2018-08-25
Posts: 6

Re: LF transmission power is limited, anyway to boost?

I have been trying to figure out this same thing. I got proxmark3-easy yesterday. Stock lf antenna tunes fine. And i can read keyfob tags (em4305). Very consistently.

I also have glass packaged tags that are 134kHz. Reading this kind is almost impossible with the stock antenna! I had to position the tag little bit off centre - still the reading would succeed only 1in 10 tries.

Digging through the internet of RFID readers I found this: http://cq.cx/vchdiy.pl

I dug up old radio antenna stick, with wire already attached. Unwound about half of it to get the resonance right for 134kHz. Antenna works. The reading distance is about... ZERO. Glass tag needs to be right next to the antenna. Slightly off and it would not read at all.

Em4x05 commands didn't work, as those are hardcoded to 125kHz.

One thing that comes to my mind is the driving circuit for antenna. Verichip cloner uses 2 transistors (3904 and 3906, max I=200mA) with no limiting resistors while proxmark is using 8 drivers from 74hct244  (max I = 8x35mA=280mA) and limiting resistors (R28, R22, R43)

Any more ideas ?

Offline

#3 2018-08-31 22:11:39

robots01
Contributor
Registered: 2018-08-25
Posts: 6

Re: LF transmission power is limited, anyway to boost?

I removed those 3 resistors and replaced them by wire. The power on antenna seems to be higher. I get better reads (higher success rate) on 134.2kHz small glass tag with ferrite antenna. But i loose ability to talk to 125kHz em4305 chips. Wonder why is that?

Offline

#4 2018-09-01 08:12:41

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: LF transmission power is limited, anyway to boost?

Removing the resistors has two effects:

  1. The current drawn from the the driver IC is no longer limited by the resistors. This is what you wanted to achieve. And this may blow your driver IC sooner or later.

  2. The Q factor of the RLC antenna circuit is higher. The lf tuning graph should show a higher but narrower peak. Meaning that you have to tune your antenna to either 128kHz or 134kHz. You may no longer be able to cover both.

Offline

#5 2018-09-01 09:06:42

robots01
Contributor
Registered: 2018-08-25
Posts: 6

Re: LF transmission power is limited, anyway to boost?

I should have been more specific. I always used "hw tune" before switching frequencies. I have long enough wire coming from the antenna so i can add and remove few turns to switch between frequencies.

I can read the 125kHz em4305 tag, but not talk to it - send command/receive answer.

Blowing IC is part of the learning process wink

Offline

#6 2018-09-01 16:22:28

robots01
Contributor
Registered: 2018-08-25
Posts: 6

Re: LF transmission power is limited, anyway to boost?

I have found the answer to my question from em4095 - an403:

Question:   The   Q   factor   has   been   calculated   as follows: Q=34.9=2*π*Fo*Lr/Rl where  Fo=125Khz,  Lr=410uH,  Rl=9Ω  (Given from  the coil  resistance).  In  the  application  note,  coil  with  air core  usually  has  Q=15;  however,  our  design,  which also has an air coil, the Q factor is calculated at 34.9. Is this ok, given that EM's recommendation is to take Q value as high as possible?
Answer:  A  quality  factor  of  35  should  give  you  improved detection distance, while affecting the data transfer rate. The  recovery  time  to  switch  from  one  state  to  another  is higher   due   to   the   increased   time   to   dampen   the oscillation.

Offline

#7 2018-09-11 21:25:26

AntiCat
Contributor
Registered: 2010-01-01
Posts: 22

Re: LF transmission power is limited, anyway to boost?

@robots01 On GitHub is a discussion on a similar issue:https://github.com/Proxmark/proxmark3/issues/656

Last edited by AntiCat (2018-09-11 21:25:55)

Offline

Board footer

Powered by FluxBB