Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Adam

About

Username
Adam
Joined
Visits
208
Last Active
Roles
Member, Administrator, Moderator

Comments

  • If you know the crypto key RFIDler can read/write direct to the tag. If you have an external reader, you should also be able to sniff the conversation. Standard blank Hitag2 tags for cloning.
  • The Pic should be able to handle it but the analogue circuit is specifically designed for LF so would need completely replacing. We do not currently have plans to implement HF on the same platform but we're investigating alternatives... Hopefully mo…
  • You need to download and install the XC32 compiler: http://www.microchip.com/mplab/compilers Not sure about the missing files - I'll need to try it on a fresh machine and see if I see the same thing...
  • It's almost certainly not on /dev/tty8 - you should run 'dmesg' after plugging in to see where it ended up, but if you've installed the udev rule then it will be on /dev/RFIDler Make sure you've also switched off hardware handshaking. Run minicom wi…
  • From the readme: "Copy this file to `/etc/udev/rules.d` and run `sudo udevadm control --reload-rules"
  • Reboot in bootloader mode by holding the bootloader button while you power up, then use mphidflash: https://github.com/ApertureLabsLtd/mphidflash
  • BTW, I've set this up and tested it and I found that I2C is way too slow, and although nfc-mfclassic was reliable with SPI at 50k, I had to slow it down to 10k to work with mfcuk. YMMV. device.connstring = "pn532_spi:/dev/spidev0.0:100000"
  • OK, that at least shows it's definitely a Mifare tag, so RFIDler is not the solution. I have a theory that mfcuk may work better using a non-USB interface, but that is as yet unproven. You could try it on an SPI/I2C based PN532 and raspberry pi, suc…
  • I have seen Noralsy tags that are LF (ASK raw data), but it looks like yours must be a newer type and they've switched to HF/Mifare, in which case RFIDler won't help. What is the output of MFOC when you try to crack it?
  • The standard coil is not good at reading small tags, it's true. You may be able to fix it by playing with the POT settings. Try AUTOPOT to see if there is a better value you should be using. Otherwise the only other thing you can do it wind a small…
  • Yes, sure - once I've finished with HDX I'll take a look. I already got this working with the proxmark3 some years ago, so I could look up my notes on timing... From memory HitagS should be very similar to Hitag1... or possibly even the same...?
  • Thanks - I will upgrade to latest version and update README accordingly...
  • Glad you figured it out, but just for clarity your original command was basically back to font. The format is:   COPY [TARGET TAG TYPE] if you omit [TARGET TAG TYPE] it defaults to the same as source if VTAG is not already set. So the correct pro…
  • Can you post the exact sequence and tag format so I can see if I can reproduce it?
  • I agree! :) https://github.com/ApertureLabsLtd/RFIDler/wiki
    in Wiki Comment by Adam September 2015
  • There are several ways to write to the VTAG. You can set it to the type you want:   SET VTAG and then write to it:   VWRITE or have fidler do most of the work for you:   ENCODE [TAGTYPE] You can then overwrite the raw VTAG data if you nee…
  • Yes, you can use the "analogue" command which will return raw samples in XML format. Take a look at the plot function in the rfidler.py support script for an example of analogue data processing.
  • Hi Stefan, You can order them here: http://aperturelabs.com/tools.html cheers, Adam
  • You need to figure out what the underlying modulation scheme really is. ASKRAW is only giving you bit avalue for ASK at a specific data rate so could be completely wrong. Take a look at:   https://github.com/ApertureLabsLtd/RFIDler/wiki/plotting t…
  • HITAG1 sniff decoding is now working: *HITAG1> sniff-pwm                                                              Waiting for PWM (hit any key to abort/report)...                                                                             …
    in Reading Hitag2 Comment by Adam July 2015
  • Yes, there seems to be some memory corruption bug in there somewhere - I've had a few crashes/reboots as well. I'm going to be working on Tamagochi sniffing with Tony later this week, so we'll take a look then...
    in Reading Hitag2 Comment by Adam June 2015
  • Yes, I'm going to write decoders for all the sniffer, but right now I'm chasing down a really weird bug to do with the reader ISR ticking twice after a read error. Very strange!!! I also need to finish off EM4X05. The list keeps growing! :P
    in Reading Hitag2 Comment by Adam June 2015
  • I've updated the decoder for HITAG2 so it now shows the commands and data being passed. Here is a sniff of a blank tag being cloned: *HITAG2> sniff-pwm Waiting for PWM (hit any key to abort/report)... 11000, START_AUTH 11000, START_AUTH 0100110…
    in Reading Hitag2 Comment by Adam June 2015
  • The differences between debug and default can be viewed by flipping between them and viewing the project properties in MPLAB X IDE. It's mostly to do with debugging symbols etc. The physical layout I used for testing was sniffer coil, tag, reader c…
    in Reading Hitag2 Comment by Adam June 2015
  • And I've added Q5, T55X7 and HITAG1 sniffing...
    in Reading Hitag2 Comment by Adam June 2015
  • I compile and commit both whenever I do an update, so it's up to you.
    in Reading Hitag2 Comment by Adam June 2015
  • It is now. I've only created a decoder for HITAG2 so far, but I'll work on adding anything else that uses PWM. I've also changed the name of the command to "SNIFF-PWM" and it takes an optional argument which is the minimum gap size to look for in uS…
    in Reading Hitag2 Comment by Adam June 2015
  • I love it when a plan comes together: *HITAG2> DETECT-PWM                                                             Waiting for PWM (hit any key to abort/report)...                                11000                                        …
    in Reading Hitag2 Comment by Adam June 2015
  • Step 1 is to read the messages being sent by the external reader. That seems to be fundamentally working, I just need to write some decoders now. Here is an example: RFIDler> detect-pwm                                                            …
    in Reading Hitag2 Comment by Adam June 2015
  • The correct way to signal exit from READER mode is to hit any key. I just committed a new version which fixes a potential hang if the tag type selected is using FSK modulation so it might be worth flashing your board to the latest version.