Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
The listing above.. is that from "hf 14a list" ? It does not look right, both sides of the conversation is marked as "Tag", for one thing, and it mostly appears to be communication failures.
If you have access to the reader, could you please try this 'hf mf sim u 0419ace2972f81 x'. It's a 'reader attack', so issue the command and hold the antenna against the reader. If that does not work, try "hf mf sim x".
Also, you don't have to include screenshots, use instead the code-tag when pasting into the forum posts.
Edit: edited for clarity
Last edited by holiman (2014-06-10 09:22:25)
Offline
hello iceman
this is attack " hf mf sim u 0419ace2972f81 x " in balance reader...
-------------------------------------------------------------------------------
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
uid:04 19 ac e2 97 2f 81 , numreads:0, flags:12 (0x0c)
#db# 7B UID: (88)0419ace2972f81
proxmark3> a: 0.00 V @ 125.00 kHz
proxmark3> a: 0.00 V @ 134.00 kHz
proxmark3> l: 0.00 V @ 12000.00 kHz
proxmark3> a: 7.77 V @ 13.56 MHz
proxmark3> ntenna is unusable.
proxmark3> hf mf sim u 0419ace2972f81 x
proxmark3>
proxmark3>
proxmark3> hf 14a list
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# Failed to obtain two AR/NR pairs!
#db# Emulator stopped. Tracing: 1 trace length: 1727
Recorded Activity
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data
-----------|-----------|-----|--------
0 | 1056 | Rdr | 26
2356 | 4724 | Tag | 44 00
22912 | 25376 | Rdr | 93 20
26932 | 32756 | Tag | 88 04 19 ac 6f
50944 | 53408 | Rdr | 93 20
54964 | 60788 | Tag | 88 04 19 ac 6f
78976 | 81440 | Rdr | 93 20
82996 | 88820 | Tag | 88 04 19 ac 6f
107008 | 109472 | Rdr | 93 20
111028 | 116852 | Tag | 88 04 19 ac 6f
6424342 | 6425398 | Rdr | 26
6426570 | 6428938 | Tag | 44 00
6447140 | 6449604 | Rdr | 93 20
6451160 | 6456984 | Tag | 88 04 19 ac 6f
6475172 | 6477636 | Rdr | 93 20
6479192 | 6485016 | Tag | 88 04 19 ac 6f
6503204 | 6505668 | Rdr | 93 20
6507224 | 6513048 | Tag | 88 04 19 ac 6f
6531364 | 6533828 | Rdr | 93 20
6535384 | 6541208 | Tag | 88 04 19 ac 6f
12849272 | 12850328 | Rdr | 26
12851564 | 12853932 | Tag | 44 00
12872312 | 12874776 | Rdr | 93 20
12876268 | 12882092 | Tag | 88 04 19 ac 6f
12900344 | 12902808 | Rdr | 93 20
12904300 | 12910124 | Tag | 88 04 19 ac 6f
12928376 | 12930840 | Rdr | 93 20
12932332 | 12938156 | Tag | 88 04 19 ac 6f
12956408 | 12958872 | Rdr | 93 20
12960364 | 12966188 | Tag | 88 04 19 ac 6f
19273692 | 19274748 | Rdr | 26
19276048 | 19278416 | Tag | 44 00
19296604 | 19299068 | Rdr | 93 20
19300624 | 19306448 | Tag | 88 04 19 ac 6f
19324636 | 19327100 | Rdr | 93 20
19328656 | 19334480 | Tag | 88 04 19 ac 6f
19352668 | 19355132 | Rdr | 93 20
19356688 | 19362512 | Tag | 88 04 19 ac 6f
19380700 | 19383164 | Rdr | 93 20
19384720 | 19390544 | Tag | 88 04 19 ac 6f
25698304 | 25699360 | Rdr | 26
25700788 | 25703156 | Tag | 44 00
25721216 | 25723680 | Rdr | 93 20
25725236 | 25731060 | Tag | 88 04 19 ac 6f
25749120 | 25751584 | Rdr | 93 20
25753140 | 25758964 | Tag | 88 04 19 ac 6f
25776770 | 25777826 | Rdr | 26
25779126 | 25781494 | Tag | 44 00
25799680 | 25802144 | Rdr | 93 20
25803700 | 25809524 | Tag | 88 04 19 ac 6f
25827840 | 25830304 | Rdr | 93 20
25831860 | 25837684 | Tag | 88 04 19 ac 6f
32145494 | 32146550 | Rdr | 26
32147786 | 32150154 | Tag | 44 00
32168484 | 32170948 | Rdr | 93 20
32172632 | 32178456 | Tag | 88 04 19 ac 6f
32196694 | 32199158 | Rdr | 93 20
32200650 | 32206474 | Tag | 88 04 19 ac 6f
32224726 | 32227190 | Rdr | 93 20
32228682 | 32234506 | Tag | 88 04 19 ac 6f
32252758 | 32255222 | Rdr | 93 20
32256714 | 32262538 | Tag | 88 04 19 ac 6f
38570554 | 38571610 | Rdr | 26
38572910 | 38575278 | Tag | 44 00
38593466 | 38595930 | Rdr | 93 20
38597486 | 38603310 | Tag | 88 04 19 ac 6f
38621498 | 38623962 | Rdr | 93 20
38625518 | 38631342 | Tag | 88 04 19 ac 6f
38649530 | 38651994 | Rdr | 93 20
38653550 | 38659374 | Tag | 88 04 19 ac 6f
38677562 | 38680026 | Rdr | 93 20
38681582 | 38687406 | Tag | 88 04 19 ac 6f
44995294 | 44996350 | Rdr | 26
44997778 | 45000146 | Tag | 44 00
45018334 | 45020798 | Rdr | 93 20
45022354 | 45028178 | Tag | 88 04 19 ac 6f
45046366 | 45048830 | Rdr | 93 20
45050386 | 45056210 | Tag | 88 04 19 ac 6f
45074398 | 45076862 | Rdr | 93 20
45078418 | 45084242 | Tag | 88 04 19 ac 6f
45102430 | 45104894 | Rdr | 93 20
45106450 | 45112274 | Tag | 88 04 19 ac 6f
proxmark3>
Offline
Did anyone successfully gone through a MIFARE Plus (7 Byte UID) 4K, Security level 1 ?
Offline
Hi
there and after reading a little work, I finally found the key, I've taken the dumpkeys and dumpdata.bin and now I would like to know how to convert the dumpdata.bin to. eml file. to pass the data to the Chinese magic.
I'm doing well?
Offline
./client/pm3_mfd2eml.py
Offline
Hi there
I have been unable to convert a dumpdata.bin to dumpdata.eml
I tried in every way and I could not.
I do not run any script.
------------------
pm3 ~$ client/proxmark3.exe com5
proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: /-suspect 2014-06-07 15:46:01
#db# os: /-suspect 2014-06-07 15:46:10
#db# FPGA image built on 2014/03/24 at 21:54:44
uC: AT91SAM7S256 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 256K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> script run dumptoemul -i dumpdata.bin -o cap.eml
--- Executing: ./scripts/dumptoemul.lua, args'-i dumpdata.bin -o cap.eml'
cannot open ./scripts/dumptoemul.lua: No such file or directory
-----Finished
proxmark3>
Offline
C'mon...
pm3 ~$ client/proxmark3.exe com5
You are apparently executing from proxmark3/, not from proxmark3/client/ folder. So, current working directory is pm3 root folder.
cannot open ./scripts/dumptoemul.lua: No such file or directory
It tries to load <currentdir>/scripts/dumptoemul.lua. Did you look for that file? The scripts-folder is located at <pm3-root>/client/scripts/ .
So, go into client-directory and *then* start the client. The same goes for most load/save commands and a few other commands, they expect you to be there.
Offline
i change the <dir>\scripts to pm3 dir and say this..
pm3 ~$ client/proxmark3.exe com5
proxmark3> script run dumptoemul -i dumpdata.bin -o cap.eml
--- Executing: ./scripts/dumptoemul.lua, args'-i dumpdata.bin -o cap.eml'
./scripts/dumptoemul.lua:3: module 'getopt' not found:
no field package.preload['getopt']
no file 'C:\ProxSpace\pm3\client\lua\getopt.lua'
no file 'C:\ProxSpace\pm3\client\lua\getopt\init.lua'
no file 'C:\ProxSpace\pm3\client\getopt.lua'
no file 'C:\ProxSpace\pm3\client\getopt\init.lua'
no file '.\getopt.lua'
no file './lualibs/getopt.lua'
no file 'C:\ProxSpace\pm3\client\getopt.dll'
no file 'C:\ProxSpace\pm3\client\loadall.dll'
no file '.\getopt.dll'
-----Finished
proxmark3>
but into de dir\client no exist the dir\lua. neither getot..
this is the problem.... thanks for your help..
I will reinstall..
Offline
No no.. This is what you should do when starting the client:
$ cd client
$ ./proxmark3.exe com5
That's all.
Regarding your current problems the getopt is here:
[~/tools/proxmark3/client]
#find -name "getopt.*"
./lualibs/getopt.lua
As you can see from the error message, it tries to search ./lualibs/getopt.lua. If your '.'-folder (current working dir) had been client, it would have found it.
Offline
Thanks
is perfect..
-------------->
pm3 ~$ cd client
pm3 ~/client$ proxmark3.exe com5
proxmark3> script ru test
--- Executing: ./scripts/test.lua, args''
This shows how to use some standard libraries
Continue with this operation (y/n)? y
Ok then, whatever
-----Finished
proxmark3>
Offline
Hello
the cloning process was successful ..
authenticates a great ...
Thank you very much to Holiman, midnitesnake and iceman.
I will continue doing my tests and will tell you ...
thanks
Offline
Hello!
I'm trying to find the key to : NXP MIFARE 1k CLASSIC | 2k Plus SL1 high entropy, I have the key "A", but to make a nested 1 0 A,
just gives me zeros to the key "B"
I've tried almost everything, everything I know.
any idea or solution?
Offline
"high entropy" means that you have a card with a fixed random number generator. The card only attacks won't work.
Offline
could be more specific, do not understand
Offline
You can't use hf mf mifare and hf mf nested with these cards.
Offline
ahh yes..i know... but some idea..??
Offline
hf mf sim x would still work...
...but...
proxmark3> a: 7.77 V @ 13.56 MHz
... your antenna most probably needs improvement for successful simulation (and sniffing/snooping). See e.g. http://www.proxmark.org/files/Documents/Antennas/2009.03.01-proxmark_HF_13.56MHz_mifare_antenne.pdf
Offline
pm3 ~$ cd client
pm3 ~/client$ proxmark3.exe com5
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# Measuring complete, sending report back to host
# LF antenna: 0.00 V @ 125.00 kHz
# LF antenna: 0.00 V @ 134.00 kHz
# LF optimal: 0.00 V @ 12000.00 kHz
# HF antenna: 10.28 V @ 13.56 MHz
# Your LF antenna is unusable.
proxmark3>
Offline
Good improvement. Should be enough.
Offline
Good improvement. could be enough. Simply give it a try.
Offline
Hi guys,
G'day!
Just wanna share with you that I have some of these Chinese Magic Cards, which allows you to modify the UID in Block 0. I have tried it on my personal project and it works. Just wanna give a shoutout in case any of you needs some of these Chinese Magic Cards, which I have some in excess.
Feel free to shoot me an email at geekngadgets@live.com
Cheers!
Offline
LaserByte,
Did you retrieved our key "B" using your system ?
I tried to use mfoc/mfcuk on my MIFARE Classic 1K (high entropy) but without any success.
Anybody have a solution? Using Proxmark reader sniffing technic ?
Offline