Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2014-07-03 11:06:44

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

hf mf sniff

How's the hf mf sniff command supposed to work?

I tried it, but the response was nothing at all:

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: master/v1.0.0-27-g6c0f60c-suspect 2014-06-29 09:33:14                 
#db# os: master/v1.0.0-32-gc7324be-suspect 2014-07-02 05:59:34                 
#db# HF FPGA image built on 2014/ 6/19 at 21:26: 2                 
...
proxmark3> hf mf sniff
-------------------------------------------------------------------------
Executing command. 
Press the key on the proxmark3 device to abort both proxmark3 and client.
Press the key on pc keyboard to abort the client.
-------------------------------------------------------------------------
..............................................#db# cancelled by button                 
#db# COMMAND FINISHED                 
#db# maxDataLen=3, Uart.state=0, Uart.len=0

I had the antenna between the card and the reader and read the whole card content twice with the reader.

Am I just too stupid? I thought the sniff command was fixed (by piwi, if I'm not mistaken). ???

Offline

#2 2014-07-04 08:13:35

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: hf mf sniff

It (still) works for me.  What do you get from hf 14a snoop?

Offline

#3 2014-07-04 11:40:35

zhovner
Contributor
From: Russia, Moscow
Registered: 2014-06-17
Posts: 15
Website

Re: hf mf sniff

I use client on MacOS and I have freezes between real data exchange to reader<->card and data flows to the screen.
So first I place antenna close to reader and card, perform data exchange, then remove antenna and wait few second and only after this I see sniffed data on the screen.

Here how it's looked for me:


proxmark3> hw version 
#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: master/v1.0.0-32-gc7324be-suspect 2014-07-02 13:35:44                 
#db# os: master/v1.1.0-dirty-suspect 2014-07-03 00:35:41                 
#db# LF FPGA image built on 2014/ 6/23 at  9:25:13 


proxmark3> hf mf sniff
-------------------------------------------------------------------------
Executing command. 
Press the key on the proxmark3 device to abort both proxmark3 and client.
Press the key on pc keyboard to abort the client.
-------------------------------------------------------------------------
......>
received trace len: 332 packages: 2          
tag select uid:00 00 00 14 57 9f 69  atqa:04 00 sak:0x08          
RDR(1):60 04 d1 3d           
TAG(2):5b dd           
RDR(3):9e bb 46 2d 27 e1 7a 4c           
TAG(4):67 fe 7a 0d           
RDR(5):0d f7 e7 cd           
TAG(6):47 66 92 17 6b 2d 81 96 ed 3f d2 15 2a 81 4b 18 f9 31           
RDR(7):92 17 b7 1a           
TAG(8):32 c2 b4 fc 92 a4 5f a8 10 b1 f3 ec 80 3d 7a e0 61 a7           
RDR(9):da c2 b8 37           
TAG(10):c1 63 6f 0e           
RDR(11):bc 3b b0 74 26 1d af bb           
TAG(12):11 6a f3 1a           
RDR(13):97 9a 15 84           
TAG(14):02 12 d8 34 26 90 82 cb cb e6 e2 41 4a f5 e5 20 ce 67           
RDR(15):38 36 63 d3           
TAG(16):56 1e 42 01           
RDR(17):1b ed a2 f6 af 7d ce 93           
TAG(18):15 ef c5 33           
RDR(19):ab 4e 73 b4           
TAG(20):01

Offline

#4 2014-07-04 12:25:28

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: hf mf sniff

That's the expected behaviour. The data cannot be transferred in real time over USB. The PM assumes that the transfer is completed after 2 seconds of inactivity and only then sends the sniffed data to the client.

Offline

#5 2014-07-04 12:36:39

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: hf mf sniff

piwi wrote:

It (still) works for me.  What do you get from hf 14a snoop?

proxmark3> hf 14a reader
ATQA : 00 04          
 UID : 33 d7 4b 32           
 SAK : 88 [2]          
TYPE : Infineon MIFARE CLASSIC 1K          
proprietary non iso14443-4 card found, RATS not supported
         
proxmark3> hf 14a snoop
#db# COMMAND FINISHED                 
#db# maxDataLen=1, Uart.state=0, Uart.len=4                 
#db# traceLen=0, Uart.output[0]=00000050
 proxmark3> hf 14a list
Recorded Activity          
          
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer          
All times are in carrier periods (1/13.56Mhz)          
          
     Start |       End | Src | Data          
-----------|-----------|-----|--------

I never used the snoop or sniff functions before. So maybe I am doing something wrong?

Offline

#6 2014-07-04 15:18:28

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: hf mf sniff

You are using the commands correctly. You may try to reposition the antenna - different distance or even swapping antenna and card.

How good is your antenna? Please try hw tune and post the result.

Last edited by piwi (2014-07-04 15:20:57)

Offline

#7 2014-07-04 15:54:42

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: hf mf sniff

The antennas are commercial antennas from xfpga. So far, I have not seen any specific problems with them. But maybe that's only obvious when one does snooping...

proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...                 
#db# Measuring complete, sending report back to host                 
          
# LF antenna: 11.55 V @   125.00 kHz          
# LF antenna: 18.26 V @   134.00 kHz          
# LF optimal: 18.26 V @   133.33 kHz          
# HF antenna:  6.06 V @    13.56 MHz

I will do some testing with different distances.

Offline

#8 2014-07-04 20:03:06

piwi
Contributor
Registered: 2013-06-04
Posts: 704

Re: hf mf sniff

Your HF antenna seems to be the root cause. With a good HF antenna you would get around 13V @ 13,56MHz. If you can't adjust the antenna,  I strongly recommend to build your own. See the forum for instructions.

Sniffing indeed has higher requirements.  The reader's field is loaded by two antennas in this case and therefore weaker.

Last edited by piwi (2014-07-05 14:05:19)

Offline

#9 2014-07-07 08:10:16

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: hf mf sniff

Makes lots of sense.

I have read through most of the forum posts, but did not really find a detailed description for building a good hf antenna. Only reference I found is from the wiki (roels antenna design): https://code.google.com/p/proxmark3/wiki/Antennas

However, there is something unclear to me:
- "Make an antenna coil of 3 windings using the green cable. Connect the green cable with the black one and tape them together so they won’t unwind. ": Ehh, so the 19cm green wire should make three windings (so about 6 cm each??? With a diameter of less than ) and then connect it to the black wire? What happens with the 75cm of the black wire? Or should it rather be something like: "Connect the green and the black wire (gives about 94cm) and then make three windings out of it of about 10 cm diameter?

Thanks

Michael

P.S.: Gonna order the USB-Hirose cable today :-)

P.P.S. or do you recommend a different antenna?

Last edited by Neuer_User (2014-07-07 08:11:26)

Offline

#10 2014-07-07 08:18:30

Neuer_User
Contributor
Registered: 2013-03-26
Posts: 88

Re: hf mf sniff

Uhmm, stupid me. The same question has been asked and answered in the comments on the wiki page :-)

Offline

Pages: 1

Board footer

Powered by FluxBB