Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
NOTE: for most recent commands and changes always refer to:
https://github.com/Proxmark/proxmark3/wiki/commands
https://github.com/Proxmark/proxmark3/b … ANGELOG.md
New Commands:
Tag specific demods
lf em 410xdemod [clock] <invert> - em410x demod only, returns 0 if em format not found.
lf gproxii demod -- demodulate a G Prox II tag from GraphBuffer
lf awid demod - demodulate AWID tags
lf hid demod - demodulate hid tags
lf pyramid demod - demodulate Pyramid Farpointe tags
lf paradox demod - demodulate paradox tags
lf io demod. - demodulate ioprox tags (includes cs check)
lf indala demod [clock] [invert] - demodulate a psk1 indala tag and output bits and save to demodbuffer
lf nexwatch demod - demodulate nexwatch tags (including quadrakey and nexkey)
raw demod
data rawdemod [modulation] <options>.... see specific modulation help for options -
modulations: ab=ask/biphase, am=ask/man, ar=ask/raw, fs=FSK, nr=NRZ, p1=PSK1, p2=PSK2
data rawdemod ab [offset] [clock] [invert] [maxErr] [maxLen] [amp] ask demodulate and biphase decode
Note: invert biphase for conditional dephase encoding(CDP) or differential Manchester encoding.
data rawdemod am [clock] [invert] [maxErr] [maxLen] [amp] ask demodulate and manchester decode
also tests for EM410x tags (use option h for help)
data rawdemod ar [clock] [invert] [maxErr] [maxLen] [amp] ask demodulate without decode outputs demoded binary
(use option h for help)
data rawdemod fs [clock] [invert] [rchigh] [rclow] - fsk demodulate and output binary
(args optional, can autodetect) (use option h for help)
data rawdemod nr [clock] [invert] [maxErr] - demodulate nrz/direct wave to binary
(use option h for help)
data rawdemod p1 [clock] [invert] [maxErr] - demodulate psk1 wave to binary (use option h for help)
data rawdemod p2 [clock] [invert] [maxErr] - demodulate psk2 wave to binary (use option h for help)
data manrawdecode [invert] [maxErr] - just manchester decode (need to rawdemod first )
data biphaserawdecode [offset] [invert] [maxErr] - just biphase decode (need to rawdemod ar first)
demod tools
data autocorr [window len] [graph as 'g'] - attempts to auto detect the length of a repeating pattern
of a wave - window default = 4000, 'g' to graph output (overwriting graphbuffer)
data detectclock [modulation] Detect clock rate (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)
data setdebugmode <0|1> - turns on and off debugging or verbose error mode for lf demods
data shiftgraphzero [int] - shift midpoint of waves + or - entered value and normalize
data askedgedetect [threshold] - uses threshold to check jumps in sample values > threshold to
detect edges of ask waves. it then puts the cleaned waves in graphbuffer and refreshes the graph.
(for manual demod) - default threshold = 25
lf search [offline] ['u'] - added new arg to search for unknown tags - 'u' - tests for raw binary of
fsk, ask/man, and psk1.
- will search for hid, em410x, ioprox, indala, awid, pyramid, verex g prox ii, paradox, EM4x50, and NexWatch tags + more.
data printdemodbuf -- [x] prints the demodulated binary (raw ID) in the demodbuffer - x to print in hex
data getbitstream -- converts graph wave to raw binary (based on sample value >=1 or <1)
(used by lf sim)
lf simulation
lf simask -- [c <clock>] ['i'] ['m'|'r'] ['s'] [d <hexdata>] simulate lf ASK tag from demodbuffer or
raw input
lf simfsk -- [c <clock>] ['i'] ['H' <fcHigh>] ['L' <fcLow>] ['d' <hexdata>] simulate lf FSK tag
from demodbuffer or raw input
lf simpsk -- ['1'|'2'|'3'] ['c' <clock>] ['i'] ['r' <carrier>] ['d' <hexdata>] simulate lf PSK tag
from demodbuffer or raw input
lf sim -- takes graphbuffer and attempts to simulate the same wave (no demod necessary - but
only works with strong reads)
See here for Sim
command explanations
the tag specific data commands above may ultimately need to be reorganized to keep the "data" menu cleaner...
the following commands all have a help option 'h' or 'H':
lf em 410xdemod h
data rawdemod h
data rawdemod ab h
data rawdemod am h
data rawdemod ar h
data rawdemod fs h
data rawdemod nr h
data rawdemod p1 h
data rawdemod p2 h
data printdemodbuffer h
lf simask h
lf simfsk h
lf simpsk h
Updated Commands:
lf em 410xdemod - [1] read until button pressed - [1] to read once.
lf em 410xwatch - read until valid tag found
lf em 410xread - demod from graphbuffer
lf em 410xspoof - read until valid tag found then simulate found tag
lf em 4x50read [clock] - demod from graphbuffer (clock can autodetect)
ICEMAN's:
lf t55xx config - Set/Get T55XX configuration (modulation, inverted, offset, rate)
lf t55xx detect - Try detecting the tag modulation from reading the configuration block
lf t55xx read - <block> [password] -- Read T55xx block data (page 0) [optional password]
lf t55xx write - <block> <data> [password] -- Write T55xx block data (page 0) [optional password]
lf t55xx trace - Show T55xx traceability data (page 1/ blk 0-1)
lf t55xx info - Show T55xx configuration data (page 0/ blk 0)
lf t55xx dump - [password] Dump T55xx card block 0-7. [optional password]
Depreciated Commands:
data askdemod
lf indalademod
data bitsample
data amp (for ask tags, replaced with data askedgedetect, or for any tag: data shiftgraphzero +50 then -50 to amplify)
data fskdemod (a good FSK 2 demod, can't do FSK1, and it is specific to HID formats - replaced by data rawdemod fs)
data threshold (replaced by data dirthreshold)
data bitstream (replaced by data rawdemod am)
data mandemod (replaced by data rawdemod am)
data manmod (replaced by lf simask or lf sim)
lf simman (replaced by lf simask)
lf hid demod (replaced by lf hid fskdemod 1 or data fskhiddemod) (didn't work anyway)
lf io demod (replaced by lf io fskdemod or data fskiodemod) (didn't work anyway)
Commands still on the way
lf simnrz -- TBD
Last edited by marshmellow (2017-06-23 16:46:33)
Offline
demodbuffer:
note that all the following tag specific demods load the binary of the read tag to the demodbuffer for future handling:
data askem410xdemod
data askgproxiidemod
data fskawiddemod
data fskhiddemod
data fskpyramiddemod
data fskparadoxdemod
data pskindalademod
data rawdemod
lf search
Last edited by marshmellow (2015-03-10 00:48:33)
Offline
Impressive work, Marshmellow! Really great and much welcomed new functionality for the LF commands!
Offline
Really impressive !
Man can you help me with those commands params: http://proxmark.org/forum/viewtopic.php?id=2259
I am updating the GUI...
Last edited by asper (2015-01-28 21:31:05)
Offline
Perfect
Offline
updated for pending changes
Offline
Is maxErr optional ?
Offline
Yes
Offline
Also note that invert can be used with or without a preceding clock value. Also a clock of 0 will use auto detect
Offline
All arguments for the demods are optional.
Offline
Thank you my friend!
Another question: in the GUI I have left "data detectclock" and "data detectaskclock"... which one of the 2 is a deprecated command ?
Last edited by asper (2015-02-07 14:49:31)
Offline
Well for backwards compatibility I left the command as data detectclock. It probably should have been askdetectclock
Offline
Thank you. I will leave detectclock and delete askdetectclock.
Offline
the more i look at the data detectclock the more i want to change it... i would like it to be data askdetectclock (as we have pskdetectclock, nrzdetectclock, fskfcdetect...)
any complaints if I make this change in my upcoming pull request?
maybe someday we will be able to have one detectclock that would call the needed function for the current wave...
Offline
for consistency, you should make a "askdestectclock" or... a "detectClock" with options (ask/psk/nzr/fsk) to make a compact api.
Offline
good suggestion. i've applied a combined data detectclock command that will use the argument of 'a' to detect ask clock, 'f' to detect fsk, 'n' to detect nrz, 'p' to detect psk.
this is now in my fork and included in my existing pull request. once that is accepted it will be in the main trunk. I will adjust my first post above accordingly once it is in the main.
Offline
Marvelous!,
And when you are at it you could do the same for the new "rawdemod" with option psk1/psk2/nzr/ask etc. well you get the idea
Offline
That one is a bit more challenging, as fskraw takes extra arguments... But it should be possible, just makes the parameter structure fairly complex.
Also not sure how to specify psk1 vs psk2
Offline
you don't need to just have one letter or number. You can have a word..
"rawdemod psk1"
"rawdemod psk2"
"rawdemod ask"
"rawdemod nzr"
Offline
does this make sense?
proxmark3> data rawdemod h
Usage: data rawdemod [modulation] ... <options>
FSK modulation: data rawdemod fs <clock> <invert> <fchigh> <fclow>
<clock> as integer, optional, omit for autodetect.
<invert> as 1|0, optional, 1 for invert output, can be used even if the clock is omitted
<fchigh> as integer, optional, large field clock length
<fclow> as integer, optional, small field clock length
Other modulations: data rawdemod [modulation] <clock> <invert> <maxErr>
[modulation] as 2 char, 'am' for ask/manchester, 'ar' for ask/raw, 'nr' for nrz/direct, 'p1' for psk1, 'p2' for psk2
<clock> as integer, optional, if not set, autodetect.
<invert> as 1|0, optional, 1 for invert output
<maximum allowed errors> as integer, optional, default = 100.
sample: data rawdemod fs = demod GraphBuffer using: fsk - autodetect
: data rawdemod fs 50 0 10 8 = demod GraphBuffer using: fsk2 - clock = RF/50
: data rawdemod fs 50 1 = demod GraphBuffer using: fsk - clock = RF/50 - invert output - autodetect fc
: data rawdemod fs 1 = demod GraphBuffer using: fsk - autodetect - invert output
: data rawdemod am 64 1 = demod GraphBuffer using: ask/manchester - clock = RF/64 - invert output
: data rawdemod am = demod GraphBuffer using: ask/manchester - autodetect
: data rawdemod ar 1 = demod GraphBuffer using: ask/raw - autodetect - invert output
: data rawdemod nr = demod GraphBuffer using: nrz/direct - autodetect
: data rawdemod p1 32 1 0 = demod GraphBuffer using: psk1 - clock = RF/32 - invert output - allow 0 errors
: data rawdemod p2 = demod GraphBuffer using: psk2 - autodetect
Offline
or better still:
proxmark3> data rawdemo
Usage: data rawdemod [modulation] <help>|<options>
[modulation] as 2 char, 'am' for ask/manchester, 'ar' for ask/raw, 'fs' for fsk, 'nr' for nrz/direct, 'p1' for psk1, 'p2' for psk2
<help> as 'h', prints the help for the specific modulation
<options> see specific modulation help for optional parameters
sample: data rawdemod fs h = print help for ask/raw demod
: data rawdemod fs = demod GraphBuffer using: fsk - autodetect
: data rawdemod am = demod GraphBuffer using: ask/manchester - autodetect
: data rawdemod ar = demod GraphBuffer using: ask/raw - autodetect
: data rawdemod nr = demod GraphBuffer using: nrz/direct - autodetect
: data rawdemod p1 = demod GraphBuffer using: psk1 - autodetect
: data rawdemod p2 = demod GraphBuffer using: psk2 - autodetect
proxmark3> data rawde fs h
Usage: data rawdemod fs [clock] <invert> [fchigh] [fclow]
[set clock as integer] optional, omit for autodetect.
<invert>, 1 for invert output, can be used even if the clock is omitted
[fchigh], larger field clock length, omit for autodetect
[fclow], small field clock length, omit for autodetect
sample: data fskrawdemod = demod an fsk tag from GraphBuffer using autodetect
: data fskrawdemod 32 = demod an fsk tag from GraphBuffer using a clock of RF/32, autodetect fc
: data fskrawdemod 1 = demod an fsk tag from GraphBuffer using autodetect, invert output
: data fskrawdemod 32 1 = demod an fsk tag from GraphBuffer using a clock of RF/32, invert output, autodetect fc
: data fskrawdemod 64 0 8 5 = demod an fsk1 RF/64 tag from GraphBuffer
: data fskrawdemod 50 0 10 8 = demod an fsk2 RF/50 tag from GraphBuffer
: data fskrawdemod 50 1 10 8 = demod an fsk2a RF/50 tag from GraphBuffer
Offline
and how is this for the full "data" menu:
proxmark3> data
help This help
amp Amplify peaks
askedgedetect [threshold] Adjust Graph for manual ask demod using length of sample differences to detect the edge of a wave - default = 25
askem410xdemod [clock] [invert<0|1>] [maxErr] -- Attempt to demodulate ASK/Manchester tags and output binary (args optional)
autocorr <window length> -- Autocorrelation over window
biphaserawdecode [offset] [invert<0|1>] Biphase decode bin stream in demod buffer (offset = 0|1 bits to shift the decode start)
bitsamples Get raw samples as bitstring
buffclear Clear sample buffer and graph window
dec Decimate samples
detectclock [modulation] Detect clock rate (options: 'a','f','n','p' for ask, fsk, nrz, psk respectively)
fskawiddemod Demodulate graph window as an AWID FSK tag using raw
fskhiddemod Demodulate graph window as a HID FSK tag using raw
fskiodemod Demodulate graph window as an IO Prox tag FSK using raw
fskpyramiddemod Demodulate graph window as a Pyramid FSK tag using raw
fskparadoxdemod Demodulate graph window as a Paradox FSK tag using raw
grid <x> <y> -- overlay grid on graph window, use zero value to turn off either
hexsamples <bytes> [<offset>] -- Dump big buffer as hex bytes
hide Hide graph window
hpf Remove DC offset from trace
load <filename> -- Load trace (to graph window
ltrim <samples> -- Trim samples from left of trace
rtrim <location to end trace> -- Trim samples from right of trace
manrawdecode Manchester decode binary stream already in graph buffer
manmod [clock rate] -- Manchester modulate a binary stream
norm Normalize max/min to +/-128
plot Show graph window (hit 'h' in window for keystroke help)
pskindalademod [clock] [invert<0|1>] -- Attempt to demodulate psk1 indala tags and output ID binary & hex (args optional)
rawdemod [modulation] ... <options> -see help (h option) - Attempt to demodulate the data in the GraphBuffer and output binary
samples [512 - 40000] -- Get raw samples for graph window
save <filename> -- Save trace (from graph window)
scale <int> -- Set cursor display scale
setdebugmode <0|1> -- Turn on or off Debugging Mode for demods
shiftgraphzero <shift> -- Shift 0 for Graphed wave + or - shift value
dirthreshold <thres up> <thres down> -- Max rising higher up-thres/ Min falling lower down-thres, keep rest as prev.
tune Get hw tune samples for graph window
undec Un-decimate samples by 2
zerocrossings Count time between zero-crossings
Removed (actually just commented out the command in the CommandTable):
data askdemod ----> use data rawdemod ar
data askmandemod ----> use data rawdemod am
data asrawdemod ----> use data rawdemod ar
data bitstream ----> use data rawdemod am
data fskdemod ----> use data rawdemod fs (or data fskhiddemod for hid)
data fskfcdetect ----> use data detectclock f
data fskrawdemod ----> use data rawdemod fs
data mandemod ----> use data rawdemod am
data nrzdetectclock ----> use data detectclock n
data nrzrawdemod ----> use data rawdemod nr
data pskdetectclock ----> use data detectclock p
data psk1rawdemod ----> use data rawdemod p1
data psk2rawdemod ----> use data rawdemod p2
data threshold ----> use data dirthreshold
Offline
not bad at all.
Last edited by iceman (2015-02-09 23:33:00)
Offline
@asper:
the following sections of the settings.xml need adjusting:
<section title="AWID" tooltip="Demodulate samples for AWID FSK tags" uniqueId="awid" >
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate samples for FlexPass" action0="lf fskawiddemod" />
</section>
TO:
<section title="AWID" tooltip="Demodulate samples for AWID FSK tags" uniqueId="awid" >
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate samples for AWID" action0="data fskawiddemod" />
</section>
FROM:
<section title="PARADOX" tooltip="Demodulate samples for Paradox FSK tags" uniqueId="parad" >
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate samples for FlexPass" action0="lf data fskparadoxdemod" />
</section>
TO:
<section title="PARADOX" tooltip="Demodulate samples for Paradox FSK tags" uniqueId="parad" >
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate samples for Paradox" action0="data fskparadoxdemod" />
</section>
FROM:
<section title="PYRAMID" tooltip="Demodulate samples for Pyramid FSK tags" uniqueId="pyram" >
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate samples for FlexPass" action0="lf fskpyramiddemod" />
</section>
TO:
<section title="PYRAMID" tooltip="Demodulate samples for Pyramid FSK tags" uniqueId="pyram" >
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate samples for Pyramic" action0="data fskpyramiddemod" />
</section>
FROM:
<section title="DATA ASK CLOCK DETECT" tooltip="Detect ASK clock rate" uniqueId="askdetectc">
<item type="button" text="DETECT ASK CLOCK" tooltip="Press button to detect clock" action0="data detectclock" />
</section>
<section title="DATA ASK DETECT CLOCK" tooltip="Detect ASK clock rate " uniqueId="datadetctaskclock" >
<item type="button" text="DETECT ASK CLOCK RATE" tooltip="Press button to detect clock rate " action0="data detectaskclock" />
</section>
<section title="DATA PSK DETECT CLOCK" tooltip="Attempt to detect the psk clock" uniqueId="pskdetectc">
<item type="button" text="DETECT PSK CLOCK" tooltip="Press button to detect clock" action0="data pskdetectclock" />
</section>
<section title="DATA NRZ DETECT CLOCK" tooltip="Attempt to detect the NRZ clock" uniqueId="nrzdetectc">
<item type="button" text="DETECT NRZ CLOCK" tooltip="Press button to detect clock" action0="data nrzdetectclock" />
</section>
TO ONLY:
<section title="DATA CLOCK DETECT" tooltip="Detect clock rate" uniqueId="askdetectc">
<item type="drop-down" defaultValue="a" values="a:f:n:p" tooltip="Select to detect ASK, FSK, NRZ, or PSK clock" uniqueId="datadetectarg" label="Modulation to detect is:" width="30" />
<item type="button" text="DETECT CLOCK" tooltip="Press button to detect clock for selected Modulation" action0="data detectclock $datadetectarg" />
</section>
other than that it looks good until my next pull request is adopted. then some more commands are depreciated.
Offline
Ok man, thank you ! As soon as I gat back to my pc I will update them ! It is quite difficult to stay up to date to commands I am not developing
Last edited by asper (2015-02-12 19:14:56)
Offline
More changes got pulled into the master today, I'll try to update the first post above and add a post here for the settings.xml changes in a little bit
Offline
As you whish. I will try to stay up to date
Offline
first post updated. next on to the settings.xml
Offline
settings.xml changes:
REMOVE THE FOLLOWING COMMANDS:
<section title="INDALA DEMODULATOR" tooltip="Demodulate samples of Indala 64bit UID" uniqueId="indalademod">
<item type="checkbox" valueChecked="224" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, 224 bit ID will be used" uniqueId="224" text="Check to use 224bit ID (not checked = 64bit ID)" />
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate samples of Indala TAG" action0="lf indalademod $224" />
</section>
<section title="DATA DEMODULATE ASK/MANCHESTER RAW" tooltip="Attempt to demodulate simple ASK modulated Manchester Encoded tags" uniqueId="dataaskmandem" >
<item type="textbox" defaultValue="" tooltip="Clock Rate" uniqueId="askmanclk" label="Clock Rate (optional: empty = auto-detect):" width="20" />
<item type="textbox" defaultValue="" tooltip="Invert" uniqueId="askmaninv" label="Invert output (optional: empty for no - 1 for invert):" width="15" />
<item type="textbox" defaultValue="" tooltip="maxErr" uniqueId="askmanmaxErr" label="Specify how many errors to allow (optional):" width="30" />
<item type="button" text="DEMODULATE" tooltip="Press button to try to demodulate simple ASK tags" action0="data askmandemod $askmanclk $askmaninv $askmanmaxErr" />
<item type="label" label="
It uses the clock to best align the samples to get the best possible read on the samples in the
graph buffer and outputs the binary to the screen and log. The function then tests the binary for
a match to em410x std format, if a match it will output the em IDs and save the bitstream to the
graph buffer." />
</section>
<section title="DATA DEMODULATE ASK RAW" tooltip="Attempt to demodulate simple ASK modulated Encoded tags" uniqueId="dataaskrawdem" >
<item type="textbox" defaultValue="" tooltip="Clock Rate" uniqueId="askrawclk" label="Clock Rate (optional: empty = auto-detect):" width="20" />
<item type="textbox" defaultValue="" tooltip="Invert" uniqueId="askrawinv" label="Invert output (optional: empty for no - 1 for invert):" width="15" />
<item type="textbox" defaultValue="" tooltip="maxErr" uniqueId="askrawmaxErr" label="Specify how many errors to allow (optional):" width="30" />
<item type="button" text="DEMODULATE" tooltip="Press button to try to demodulate simple ASK tags" action0="data askrawdemod $askrawclk $askrawinv $askrawmaxErr" />
<item type="label" label="
This function will strictly ask demodulate to binary and save it in the graph buffer.
It is possible to then attempt a decoding method to get the final binary with the
spcific decoding functions (Manchester Decode/Biphase Decode). " />
</section>
<section title="DATA DEMODULATE ASK" tooltip="Attempt to demodulate simple ASK tags" uniqueId="dataaskdem" >
<item type="drop-down" defaultValue="0" values="0:1" tooltip="Select if high peak is equal to binary 0 or 1" uniqueId="dataaskdemarg" label="High Modulation is:" width="30" />
<item type="button" text="DEMODULATE" tooltip="Press button to try to demodulate simple ASK tags" action0="data askdemod $dataaskdemarg" />
</section>
<section title="DATA RAW DEMODULATE FSK" tooltip="FSK Demodulate graph window to raw binary " uniqueId="datafskraw" >
<item type="textbox" defaultValue="" tooltip="Clock Rate" uniqueId="fskrawclk" label="Clock Rate (50 for RF/50 - none=autodetect):" width="20" />
<item type="textbox" defaultValue="0" tooltip="Invert" uniqueId="fskrawinv" label="Invert output (0 for no - 1 for invert):" width="20" />
<item type="textbox" defaultValue="10" tooltip="RC High" uniqueId="fskrawrch" label="RC High (Default 10 for RF/10):" width="20" />
<item type="textbox" defaultValue="8" tooltip="RC Low" uniqueId="fskrawrcl" label="RC Low (Default 8 for RF/8):" width="20" />
<item type="button" text="DEMODULATE FSK" tooltip="Press button to demodulate graph window as a FSK RAW Tag " action0="data fskrawdemod $fskrawclk $fskrawinv $fskrawrch $fskrawrcl" />
<item type="label" label="
This command attempts to get demodulated binary from an FSK wave in the graph buffer.
This is for unknown tags. The input options allow for multiple FSK implementations." />
</section>
<section title="DATA DEMODULATE FSK" tooltip="Demodulate graph window as a HID FSK " uniqueId="datafskdem" >
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate graph window as a HID FSK" action0="data fskdemod" />
</section>
<section title="DATA MANCHESTER DEMODULATE" tooltip="Manchester demodulate a binary stream" uniqueId="datamanchdemod" >
<item type="checkbox" valueChecked="i" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, PM3 will invert output" uniqueId="datainvert" text="Invert Output"/>
<item type="textbox" defaultValue="" tooltip="Enter clock rate" uniqueId="dataclockrate" label="Clock Rate:" width="120" />
<item type="button" text="MANCHESTER DEMODULATE" tooltip="Press button to manchester demodulate a binary stream " action0="data mandemod $datainvert $dataclockrate" />
</section>
<section title="DATA PSK1 DEMODULATOR" tooltip="Attempt to demodulate psk1 using wave lengths" uniqueId="psk1demod">
<item type="textbox" defaultValue="" tooltip="Clock" uniqueId="psk1c" label="Clock value (optional - empty = auto-detect):" width="30" />
<item type="checkbox" valueChecked="1" valueUnchecked="" defaultValue="unchecked" tooltip="Invert 0 and 1" uniqueId="psk1inv" label="Invert (optional):" width="40"/>
<item type="textbox" defaultValue="" tooltip="maxErr" uniqueId="psk1maxErr" label="Specify how many errors to allow (optional):" width="30" />
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate" action0="data psk1rawdemod $psk1c $psk1inv $psk1maxErr" />
</section>
<section title="DATA PSK2 DEMODULATOR" tooltip="Demodulate psk2 wave to binary using psk1rawdemod as base" uniqueId="psk2demod">
<item type="textbox" defaultValue="" tooltip="Clock" uniqueId="nrzc" label="Clock value (optional - empty = auto-detect):" width="30" />
<item type="checkbox" valueChecked="1" valueUnchecked="" defaultValue="unchecked" tooltip="Invert 0 and 1" uniqueId="nrzinv" label="Invert (optional):" width="40"/>
<item type="textbox" defaultValue="" tooltip="maxErr" uniqueId="nrzmaxErr" label="Specify how many errors to allow (optional):" width="30" />
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate" action0="data psk2rawdemod $nrzc $nrzinv $nrzmaxErr" />
</section>
<section title="DATA NRZ DEMOD" tooltip="Attempt to demodulate NRZ" uniqueId="nrzdemod">
<item type="textbox" defaultValue="" tooltip="Clock" uniqueId="psk1c" label="(optional - empty = auto-detect):" width="30" />
<item type="checkbox" valueChecked="1" valueUnchecked="" defaultValue="unchecked" tooltip="Invert 0 and 1" uniqueId="psk1inv" label="Invert (optional):" width="40"/>
<item type="textbox" defaultValue="" tooltip="maxErr" uniqueId="psk1maxErr" label="Specify how many errors to allow (optional):" width="30" />
<item type="button" text="DEMODULATE" tooltip="Press button to demodulate" action0="data psk1rawdemod $psk1c $psk1inv $psk1maxErr" />
</section>
<section title="DATA THRESHOLD" tooltip="Maximize/minimize every value in the graph window depending on threshold" uniqueId="datathreshold" >
<item type="textbox" defaultValue="" tooltip="Enter threshold" uniqueId="datathre" label="Threshold (positive or negative):" width="50" />
<item type="button" text="SET THRESHOLD" tooltip="Press button to maximize/minimize every value in the graph window depending on threshold " action0="data threshold $datathre" />
</section>
<section title="DATA BIT STREAM" tooltip="Converts a waveform into a bitstream" uniqueId="databitstream" >
<item type="textbox" defaultValue="" tooltip="Clock value" uniqueId="dataclock" label="Clock:" width="50" />
<item type="button" text="CONVERT" tooltip="Press button to convert waveform into bitstream" action0="data bitstream $dataclock" />
</section>
ADD the following:
<section title="DATA CLOCK DETECT" tooltip="Detect clock rate" uniqueId="askdetectc">
<item type="drop-down" defaultValue="a" values="a,f,n,p" tooltip="Select to detect ASK, FSK, NRZ, or PSK clock" uniqueId="datadetectarg" label="Modulation to detect is:" width="30" />
<item type="button" text="DETECT CLOCK" tooltip="Press button to detect clock for selected Modulation" action0="data detectclock $datadetectarg" />
<item type="label" label="
a for ASK
f for FSK
n for NRZ/Direct
p for PSK" />
</section>
<section title="DATA RAWDEMOD" tooltip="Demodulate wave from buffer" uniqueId="datarawdemod">
<item type="drop-down" defaultValue="am" values="am,ar,fs,nr,p1,p2" tooltip="Select to demod ASK/MAN, ASK/RAW, FSK, NRZ, PSK1, or PSK2 clock" uniqueId="rawdemodmod" label="Select Modulation:"/>
<item type="checkbox" valueChecked="h" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, show modulation demod help" uniqueId="rawdemodhelp" text="Check to show modulation help"/>
<item type="textbox" defaultValue="" tooltip="Enter clock (optional)" uniqueId="rawdemodclk" label="Clock (optional):" width="50" />
<item type="checkbox" valueChecked="1" valueUnchecked="0" defaultValue="unchecked" tooltip="If checked, inverts output binary" uniqueId="rawdemodinvert" text="Check to Invert output"/>
<item type="textbox" defaultValue="" tooltip="Enter Max Errors allowed (optional) - does not apply to FSK" uniqueId="rawdemodmaxerr" label="Max Errors (not for FSK) - (optional):" width="50" />
<item type="textbox" defaultValue="" tooltip="Enter FCHigh(optional) - applies only to FSK" uniqueId="rawdemodfchigh" label="FC High (FSK only) - (optional):" width="50" />
<item type="textbox" defaultValue="" tooltip="Enter FCLow(optional) - applies only to FSK" uniqueId="rawdemodfclow" label="FC Low (FSK only) - (optional):" width="50" />
<item type="button" text="RAW DEMOD" tooltip="Press button to set cursor display scale" action0="data rawdemod $rawdemodmod $rawdemodhelp $rawdemodclk $rawdemodinvert $rawdemodfchigh $rawdemodfclow $rawdemodmaxerr" />
<item type="label" label="
MODULATION:
am for ASK/MANCHESTER demod
fS for FSK demod
nr for NRZ/Direct demod
p1 for PSK1 demod
p2 for PSK2 demod" />
</section>
Offline
Thank you man ! The GUI is getting always better
Offline
updated first post
Offline
UPDATE:
with the next pull to the github trunk we will get these new commands:
data askgproxiidemod -- demodulate a G Prox II tag from GraphBuffer (now also added to lf search)
data printdemodbuf -- [x] prints the demodulated binary (raw ID) in the demodbuffer - x to print in hex
data getbitstream -- converts graph wave to raw binary (based on sample value >=1 or <1) (used by lf sim)
lf simask -- [c <clock>] ['i'] ['b'|'m'|'r'] ['s'] [d <hexdata>] simulate lf ASK tag from demodbuffer or raw input
lf simfsk -- [c <clock>] ['i'] ['H' <fcHigh>] ['L' <fcLow>] ['d' <hexdata>] simulate lf FSK tag from demodbuffer or raw input
lf simpsk -- ['1'|'2'|'3'] ['c' <clock>] ['i'] ['r' <carrier>] ['d' <hexdata>] simulate lf PSK tag from demodbuffer or raw input
lf sim -- takes graphbuffer and attempts to simulate the same wave (no demod necessary - but only works with strong reads)
now the sim commands warrant some explaining on intended usage.
lf sim
the [lf sim] command is intended to run directly after a [lf read] - [data samples] or [lf search]. it will attempt to simulate the wave form from the graphbuffer without knowing what kind of tag or wave it is. this works 80% of the time on ASK and FSK modulated tags if you have a strong antenna.(PSK is hit or miss)
lf simXXX
lf simXXX comands are intended to simulate pre-demodulated data of the specific modulation type. the pre-demodulated data can come from user input [d <hexdata>] (that is d<SPACE><hexdata:0-F>) OR the data can come directly from the DemodBuffer which is automatically set after successfully demodulating a tag. (lf search, or data fskhiddemod for example)
If you choose to sim from the demodbuffer after reading/demodulating a tag the sim command can autodetect the clocks needed for simulation and no other input should be required: just [lf simask]
If you want to enter your raw data to simulate (sometimes given by data rawdemod xx commands) then you will need to also set the clocks needed per modulation type (see the lf simxxx h for help)
lf simask
simask has 3 modes biphase, manchester and raw. Biphase & manchester will automatically unencode the data before simulating. raw mode requires the data to be raw. (note that the data biphasedecode function leaves the raw data in demodbuffer)
Options:
lf simask -- [c <clock>] ['i'] ['b'|'m'|'r'] ['s'] [d <hexdata>] simulate lf ASK tag from demodbuffer or raw input
so for a rf/64 clock enter
lf simask c 64
add an i to invert the data before simulating
b is for biphase, m is for manchester encoding, r for raw or no encoding
s is yet to be implemented [intended for specifying a gap between transmission loops]
to enter your data to sim you are entering the entire transmission hex (must have leading zeros and all digits in transmission)
example trace: modulation-ask-man-32.pm3
lf simask m c 32 d 000102030405060708090A0B
notice it does not matter the order of the options (m came before c 32) (thanks holiman)
lf simpsk
lf simpsk -- ['1'|'2'|'3'] ['c' <clock>] ['i'] ['r' <carrier>] ['d' <hexdata>] simulate lf PSK tag from demodbuffer or raw input
sim psk has 3 modes (2 actually since psk3 is not implemented), PSK1, PSK2, PSK3(future)
specifying 1 or 2 or 3 will set the psk mode
lf simpsk 2
sets it to PSK2
r <carrier> sets the carrier (valid entries for <carrier> are 2,4,or 8)
Example trace: modulation-psk2-32-2.pm3
lf simpsk 2 c 32 r 2 d 000102030405060708090A0B
lf simfsk
lf simfsk -- [c <clock>] ['i'] ['H' <fcHigh>] ['L' <fcLow>] ['d' <hexdata>] simulate lf FSK tag from demodbuffer or raw input
this follows the same principles as the other two simxxx commands, but to specify fsk1 vs fsk2 you need to specify the fcHigh and fcLow (FSK1: fcHigh=8, fcLow=5, FSK2: fcHigh=10, fcLow=8) (in case other fsk methods become needed it is specified this way instead of fsk1 or fsk2)
fsk2 vs fsk2a is just a matter of inverting (i)
Example trace: modulation-fsk1a-50.pm3
lf simfsk c 50 H 8 L 5 i d 000102030405060708090a0b
note: if you do not see the raw data as part of the demod output for your tag, try the [data printdemodbuffer x] command
Last edited by marshmellow (2015-03-21 05:30:03)
Offline
Thanks man !
Here is the updated script:
<section title="SIMULATE LF BIDIRECTIONAL" tooltip="Simulate LF tag (with bidirectional data transmission between reader and tag)" uniqueId="simbid">
<item type="button" text="SIMULATE BIDIRECTIONAL" tooltip="Press button to Simulate LF tag (with bidirectional data transmission between reader and tag) - Press PM3 button to stop simulation!" action0="lf simbidir" />
</section>
<section title="SIMULATE LF ASK" tooltip="Simulate lf ASK tag from demodbuffer or raw input" uniqueId="simask">
<item type="drop-down" defaultValue="" values="m,r" tooltip="Mode can be: 'm'=manchester encoding, 'r'=raw (no encoding)" uniqueId="modesim" label="Encoding type:" width="30"/>
<item type="checkbox" valueChecked="c" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, you can specify clock value in the text field below" uniqueId="c" text="Check to specify 'clock' value in the text field below"/>
<item type="textbox" defaultValue="" tooltip="Clock" uniqueId="clocksim" label="Clock (do not use if 'clock' is not checked above):" width="50" />
<item type="checkbox" valueChecked="i" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, PM3 will invert the data before simulating" uniqueId="siminv" text="Check to invert data"/>
<item type="checkbox" valueChecked="s" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, allows to specify a gap between transmission loops in the text field below" uniqueId="simspecgap" text="Check to specify a 'gap' in the field below"/>
<item type="textbox" defaultValue="" tooltip="GAP time (expressed in microseconds)" uniqueId="simgapvalue" label="GAP (in microseconds - do not use if 'gap' is not checked above):" width="50" />
<item type="textbox" defaultValue="" tooltip="Hex Data to transmit" uniqueId="simhexdata" label="Data to sim in HEX (must have leading zeros and all digits in transmission):" width="200" />
<item type="button" text="SIMULATE" tooltip="Press button to simulate ASK LF tag - Press PM3 button to stop simulation!" action0="lf simask $modesim $c $clocksim $simspecgap $simgapvalue $siminv d $simhexdata" />
<item type="label" label="===============================================================================================================================
lf simask -- [c 'clock'] ['i'] ['m'|'r'] ['s'] [d 'hexdata'] simulate lf ASK tag from demodbuffer or raw input
so for a rf/64 clock enter: lf simask c 64
s is yet to be implemented [intended for specifying a gap between transmission loops]
to enter your data to sim you are entering the entire transmission hex (must have leading zeros and all digits in transmission)
Example trace: modulation-ask-man-32.pm3
lf simask m c 32 d 000102030405060708090A0B"/>
</section>
<section title="SIMULATE LF FSK" tooltip="Simulate lf FSK tag from demodbuffer or raw input" uniqueId="simfsk">
<item type="checkbox" valueChecked="c" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, you can specify clock value in the text field below" uniqueId="c" text="Check to specify 'clock' value in the text field below"/>
<item type="textbox" defaultValue="" tooltip="Clock" uniqueId="clocksim" label="Clock (do not use if 'clock' is not checked above):" width="50" />
<item type="checkbox" valueChecked="i" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, PM3 will invert the data before simulating" uniqueId="siminv" text="Check to invert data"/>
<item type="checkbox" valueChecked="H" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, allows to specify a fcHigh value in the text field below" uniqueId="H" text="Check to specify 'fcHigh' value in the text filed below"/>
<item type="textbox" defaultValue="" tooltip="fcHigh value" uniqueId="Hv" label="as integer, large field clock length (do not use if 'fcHigh' is not checked above):" width="40" />
<item type="checkbox" valueChecked="L" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, allows to specify a fcLow value in the text field below" uniqueId="L" text="Check to specify 'fcLow' value in the text filed below"/>
<item type="textbox" defaultValue="" tooltip="fcLow value" uniqueId="Lv" label="as integer, small field clock length (do not use if 'fcLow' is not checked above):" width="40" />
<item type="textbox" defaultValue="" tooltip="Hex Data to transmit" uniqueId="simhexdata" label="Data to sim in HEX (must have leading zeros and all digits in transmission):" width="200" />
<item type="button" text="SIMULATE" tooltip="Press button to simulate FSK LF tag - Press PM3 button to stop simulation!" action0="lf simfsk $c $clocksim $H $Hv $L $Lv $siminv d $simhexdata" />
<item type="label" label="==============================================================================================
This follows the same principles as the other two simxxx commands, but to specify fsk1 vs fsk2
you need to specify the fcHigh and fcLow (FSK1: fcHigh=8, fcLow=5, FSK2: fcHigh=10, fcLow=8)
(in case other fsk methods become needed it is specified this way instead of fsk1 or fsk2)
fsk2 vs fsk2a is just a matter of inverting (i)
Example trace: modulation-fsk1a-50.pm3
lf simfsk c 50 H 8 L 5 i d 000102030405060708090a0b"/>
</section>
<section title="SIMULATE LF PSK" tooltip="Simulate lf ASK tag from demodbuffer or raw input" uniqueId="simpsk">
<item type="drop-down" defaultValue="" values="1,2,3" tooltip="Mode can be: '1'=PSK1, '2'=PSK2, '3'=PSK3" uniqueId="modesim" label="Encoding type:" width="30"/>
<item type="checkbox" valueChecked="c" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, you can specify clock value in the text field below" uniqueId="c" text="Check to specify 'clock' value in the text field below"/>
<item type="textbox" defaultValue="" tooltip="Clock" uniqueId="clocksim" label="Clock (do not use if 'clock' is not checked above):" width="50" />
<item type="checkbox" valueChecked="i" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, PM3 will invert the data before simulating" uniqueId="siminv" text="Check to invert data"/>
<item type="checkbox" valueChecked="r" valueUnchecked="" defaultValue="unchecked" tooltip="If checked, allows to specify a carrier value in the drop-down field below" uniqueId="r" text="Check to select a 'carrier' value from the drop-down filed below"/>
<item type="drop-down" defaultValue="" values="2,4,8" tooltip="sets the carrier (valid entries for 'carrier' are 2,4,or 8)" uniqueId="carvalue" label="Carrier (do not use if 'carrier' is not checked above):" width="30"/>
<item type="textbox" defaultValue="" tooltip="Hex Data to transmit" uniqueId="simhexdata" label="Data to sim in HEX (must have leading zeros and all digits in transmission):" width="200" />
<item type="button" text="SIMULATE" tooltip="Press button to simulate PSK LF tag - Press PM3 button to stop simulation!" action0="lf simpsk $c $modesim $clocksim $r $carvalue $siminv d $simhexdata" />
<item type="label" label="==============================================================================================
Sim psk has 3 modes (2 actually since psk3 is not implemented), PSK1, PSK2, PSK3(future)
specifying 1 or 2 or 3 will set the psk mode
lf simpsk 2: sets it to PSK2
r 'carrier' sets the carrier (valid entries for 'carrier' are 2,4,or 8)
Example trace: modulation-psk2-32-2.pm3
lf simpsk 2 c 32 r 2 d 000102030405060708090A0B"/>
</section>
Offline
Perfect! Getting better and better.
Offline
It was a good Swiss armyknife for rfid before, but now it's a great one.
Offline
Just for information, can i switch the simxxx params order?
Offline
Yes
Offline
Wow! My best compliments! I will try this asap!
I suspect I will change the label on the PCB from "ProxMark III" to "ProxMark Revolution".
It is a new "product" with the same hardware!
Thanks a lot!
Offline
First post updated.
Offline
first post updated:
data rawdemod ar and data rawdemod am arguments have changed to: [clock] <invert> [maxErr] [maxLen] <amplify> for each
data rawdemod ab args have changed to: [offset] [clock] <invert> [maxErr] [maxLen] <amplify>
(the good news is you rarely ever need to use any of the arguments!!!)
data manrawdecode args have changed to: [invert] [maxErr]
data biphaserawdecode args have changed to: [offset] [invert] [maxErr]
these will be available once the github pull is merged
Last edited by marshmellow (2015-04-09 12:33:56)
Offline
So "biphaserawdecode" command will become "biphrawdecode" ?
Offline
Nope, typo. Thanks
Offline
Merged
Offline
Hi,
I'm trying to use the new srix4k commands (read and write), but the command seems to be broken.
I've tried on both my PM3 with 3 cards that I can read with no problems on a commercial reader.
[== HW VERSION ==]
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: master/v2.0.0-rc2-42-g29a7954-suspect 2015-03-19 15:44:49
#db# os: master/v2.0.0-rc2-42-g29a7954-suspect 2015-03-19 15:44:50
#db# HF FPGA image built on 2015/03/09 at 08:41:42
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
Trying to work with srix4k I get
[== PM3 ==]
proxmark3> hf 14b srix4kread
#db# No response from tag
then I tried with raw command
[== PM3 ==]
proxmark3> hf 14b raw -c -p 0B
received 0 octets
With the "hf tune" command I see that the tag is perfectly coupled because the nominal value without tag "#db# 13045 mV " falls to "#db# 5317 mV" with the tag placed on the antenna.
With worse values ("#db# 9525 mV") I can still work well with mifare cards.
Maybe something on the latest FPGA code version?
Offline
Not sure. This thread only dealt with the LF side. I don't think srix has had any changes in a while tho.
Offline
Not sure. This thread only dealt with the LF side. I don't think srix has had any changes in a while tho.
You're right, sorry.
I've posted here because I saw that the FPGA code was modified and I thought the issue could be connected.
I'll repost that on a different 3d.
Thank you.
Offline
FYI - In preparation for DEF CON 23 'How To Train Your RFID Hacking Tools', I have added 'lf awid' commands using marshmellow's awid demodulation. Since AWID26 tags I have seen all have facility code and card number printed on them, I figured it would be useful to have functions for making/emulating cards based on these numbers.
The changes are in this merge: https://github.com/Proxmark/proxmark3/commit/b067125f98f52d6d33e9dc97a1caa1b4b5bb9cde
Available commands are:
proxmark3> lf awid fskdemod h
Enables AWID26 compatible reader mode printing details of scanned AWID26 tags.
By default, values are printed and logged until the button is pressed or another USB command is issued.
If the ['1'] option is provided, reader mode is exited after reading a single AWID26 card.
Usage: lf awid fskdemod ['1']
Options :
1 : (optional) stop after reading a single card
sample : lf awid fskdemod
: lf awid fskdemod 1
proxmark3> lf awid sim
Enables simulation of AWID26 card with specified facility-code and card number.
Simulation runs until the button is pressed or another USB command is issued.
Per AWID26 format, the facility-code is 8-bit and the card number is 16-bit. Larger values are truncated.
Usage: lf awid sim <Facility-Code> <Card-Number>
Options :
<Facility-Code> : 8-bit value representing the AWID facility code
<Card Number> : 16-bit value representing the AWID card number
sample : lf awid sim 224 1337
proxmark3> lf awid clone
Enables cloning of AWID26 card with specified facility-code and card number onto T55x7.
The T55x7 must be on the antenna when issuing this command. T55x7 blocks are calculated and printed in the process.
Per AWID26 format, the facility-code is 8-bit and the card number is 16-bit. Larger values are truncated.
Usage: lf awid clone <Facility-Code> <Card-Number>
Options :
<Facility-Code> : 8-bit value representing the AWID facility code
<Card Number> : 16-bit value representing the AWID card number
sample : lf awid clone 224 1337
Offline
I have 6 questions could the moderators reply, especially Marshmellow could cover the lf commands part
Q1/ Is it correct that since Proxmark3 v3.0.1 we move the functions intentionally else where Marshmellow
data amplify
data askem410xdemod
data askgproxiidemod
data fskawiddemod
data fskhiddemod
data fskpyramiddemod
data fskparadoxdemod
data pskindalademod
Q2/ Is it also correct that for sector bi-phase we hardly see any sample we cover with 2 functions, in:
data rawdemod ab
data data biphaserawdecode...
what is the different meaning... I knew it exists since 2015 but hardly see its biphasewardecode application anywhere
Q3/ I may be wrong pls correct me in my impression how the HID development history has unfolded. In order to copy
- we start with understanding the HID tag by develop the 26 bit Wiegand excel table for pure HID tags so we could get any wiegand code and produce replicas of HID tags
- we had function lf hid read/demod/clone/sim
- over the year we meet more and more tags, branched off HID, like AWID, INDALA, KANTEC, GPROX, PARADOX, PYRAMID etc ... so we delve in development for tag function in these tag-specific areas to meet demand for cover not only 26bit, but also 32/35/37/40/42/50/64bits because some tags are further developed than the others I remember for a long time Marshmellow and iceman worked together in these area. User can at that time use even Card format code, facility code , card ID number specifically to generate HID or quasi-HID tags
My question is, now that we drop tag-specific function, going back to use only HEX digits UID, I am not a programmer for reading understanding code, and I have no HW for testing if replicas work can I safely assume the cover of longer wiegand raw code is still automatically covert, lf hid <hex uid> automatically see different type/branched off from HID and most important not only 26bit, but also 32/35/37/40/42/50/64bits are covert... How does "lf hid" see the complication, like length of wiegand bits, card format code. card facility code, card ID number etc, from the hex UID alone?
Q4/ could the senior users provide a sector of snoop trace/plot and scope pics for learning the basic reading 1s or 0s for any new user who wish to understand that technique. there were discussion topis and shared pics/traces, but they are no good because expired on time, reading comments without seeing the plot makes very hard to follow.
Q5/ I saw on early sticky thread, pictures somehow are displayed parallel with text, not just as a link. Is it true that with the new forum web page, this function has gone lost? I mean not everyone should plot and clutter the forum with pictures, but in important educational threads like using of revenge, crapto, hardnested, graphic tool, development of "lf read" into raw data etc ...Do you think that would be helpful?
Q6/ where is the appropriated place and how to place these questions in better form, that other would not think, I were a trouble maker or a crazy
Appreciated very much your soon reply on any question/point.
PS:
My ongoing knocking in these areas is because the ongoing work on updating the settings.xml requires it.
I found a way to indicate questionable parts. I have finished it yesterday, I believe.
I like to release the settigns.xml, but before I would have some answers at least to Q1, Q3 for confirmation not that I too hastly release wrong information.
Last edited by ntk (2017-06-23 11:44:41)
Offline
1.
https://github.com/Proxmark/proxmark3/b … ANGELOG.md
https://github.com/Proxmark/proxmark3/wiki/commands
2. The first post here lists the cmds intentions. One demod&decodes one just decodes.
3a. No clue what excel doc you are referring to, any excel object was created last.
3b. You are also confusing different forks. The master implemention of hid cmds has not been adjusted in a long time and they have only ever taken hex input.
3c. AWID, INDALA, KANTEC, GPROX, PARADOX, PYRAMID have nothing to do with hid, they are different formats entirely.
3d. The hid sim and clone cmds don't need to know anything about wiegand or bit length because it uses the raw hex of the entire format. That is the beauty of the original implementation (not done by me btw) they can be used for any and all hid prox formats.
4. I cannot.
5. Not my area. But the wiki is the place for the type of general information you are referring to.
6. Ask one at a time each in the appropriate section for the topic and be patient for a response.
Offline
3a) one of the first things NTK studied was the excelfile "HID blocks calculator.xlsm" (copy found here: http://www.icedev.se/proxmark3/code/HID … ulator.rar ) Based upon the EM4100 Unique blocks calculator.xlsm excel file...
3b) yes, icemanfork has fiddled with "lf hid" commands.
4) Adam laurie made some nice blogs about LF. with descriptive pictures. Just google him and rfidler. You'll find both is his site and the kickstarter.
5) not sure if the forum upgrade messed up linked pictures. It shouldn't.
6) follow the guideline idea of one question - one thread. That way its easy to follow posts and finding answers.
Offline