Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

EM4x02 Emulation problem

Hey guys,

This might be a noob question, but im trying to emulate an EM4102 card. I have a reader and the cards/fobs that are valid for it. Running the latest firmware (updated today), iirc its 0056.

So firstly just start off with autotag to see if it can identify the UID (so i dont need to manually do it), works like a charm:

*RFIDler> autotag

ASKRAW: 5555AA9A96659A9A959A5AAAA955AA555555AA9A96659A9A959A5AAAA955AA55
FSK1RAW:
FSK2RAW:
PSK1RAW: 5555555555555555555555555555555555555555555555555555555555555555
PSK2RAW:
PSK3RAW:
HITAG1:
HITAG2:
EM4X02: 0F007B22D8

Next I want to emulate the cards so i am using the ASK command, which is:
ASK

I have no idea what the fc is (prev used the proxmark and this was obv hidden away somewhere), so i used "set tag em4x02" and then "config" to get the em4x02 default config:

Current config:

TAG Type: EM4X02
Frame Clock uS/100: 800
Modulation: ASK/OOK
Manchester: On
BiPhase: Off
Invert: Off
Data Rate RF/n: 64

I figured it should be easy from here, just use the ASK command and I am away:

ASK
ASK 0F007B22D8 800 64 100

my reader that I am testing with notifies with a horrible screeching sound if the tag uid is incorrect, so I can at least narrow down its not that, the rate should be 64 as per my proxmark and the repeat shouldnt matter too much. I've been halving and doubling that FC to try and get a tag that at least is incorrect but im getting to a dead end now.

Anyone want to shed some light on this for me please?

-AM

Comments

  • The data reported by autotag for EM4X02 is the interpreted UID, not the raw ASK. To see the raw ASK, do:

    RFIDler> set tag em4x02
    OK

    *EM4X02> encode 0F007B22D8
    FF83C003EE52EE2C

    An easier sequence is to set the tag type, then copy a real tag to a VTAG. This will take care of all the other details like sync bits etc.

    RFIDler> set tag em4x02
    OK   
                                 
    *EM4X02> copy  
    OK

    *EM4X02> vtag
              Type: EM4X02
         Emulating: NONE
           Raw UID: FF8C60047C532AF0
               UID: 11008F235B

    *EM4X02> emulator
    OK

    If you want to modify the data being sent, or sent arbitrary UIDs,  you can encode any valid length UID:

    *EM4X02> encode 1234567890 em4x02
    OK
                                                                                    
    *EM4X02> vtag
              Type: EM4X02
         Emulating: NONE
           Raw UID: FF8CA64A98F8C802
               UID: 1234567890

    cheers,
    Adam

  • edited July 2014
    and you can just emulate direct from the command line:

    *EM4X02> emu 0F007B22D8                                                        
    OK  


  • Adam,

    Thanks for response, I actually knew that since it was covered in one of the first video's too >_<

    Is there a place i'd find references to these commands so I don't post any more noob questions :)

    -AM
  • Ideally, we'd be creating a manual on the wiki...

      https://github.com/ApertureLabsLtd/RFIDler/wiki

    but in the meantime, just hitting <ENTER> to the CLI will give you a command list with some hints...

    Noob questions are fine, since pretty much everyone but me is a noob to RFIDler as I'm the only one that's been exposed to it for any significant period, and everything's evolved as I go along...

    As above, what would help is if/when anything like this comes up, someone takes the time to add it to the Wiki... :)




  • Okay, well I'll get out the kit again sometime in the next week or so (things are hectic with BH/DC coming up) and test doing EM4x tags and write up the various steps

    -AM
Sign In or Register to comment.