HF 15 Sim doesn't work

[mubix]

{"sim", CmdHF15Sim, 0, "Fake an ISO15693 tag"},

But

// Simulation is still not working very good
int CmdHF15Sim(const char *Cmd)
{
        UsbCommand c = {CMD_SIMTAG_ISO_15693, {strtol(Cmd, NULL, 0), 0, 0}};
        SendCommand(&c);
        return 0;
}

I get weird results, like it'll out put something like the following (3 different runs):

1K08080000*
4K04000400*
4K00100010*

[mubix]

Forum info pages:

• "ISO15693 tag simulator not working!" - http://www.proxmark.org/forum/viewtopic.php?id=1164
• "Simulate 15693" - http://proxmark.org/forum/viewtopic.php?id=1828

[holiman]

Another related topic: http://www.proxmark.org/forum/viewtopic.php?pid=11279#p11279 , and my blog post about it http://martin.swende.se/blog/Elite-Hacking.html .

Basically, when I was fixing iclass, which uses iso15693, I found that the modulation carrier was wrong. Also, I noticed that iclass, despite depending on iso15693, these two features (iclass sim and 15693 sim) did not have much code in common, as one would expect them to have, but instead were quite separate things.

Since I only needed iclass at the time, I didn't focus on bringing 15693 to life, but I wouldnt be surprised if it suffers from the same issue. To resolve it, you'd need to apply the same patch, use another mode when configuring the FPGA.

FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);

Unfortunately, I don't have any 15693 tags to test with, but if you read the related forum and blog posts, I'm sure you can figure it out. I'd be glad to help out in any way I can.

[buggii]

I can test on many iso15693 tags if you tell me which commands/parameters and consequent behaviour i must check/test.

-----Original Message----- From: Martin Holst Swende notifications@github.com To: Proxmark/proxmark3 proxmark3@noreply.github.com Sent: gio, 11 set 2014 10:01 Subject: Re: [proxmark3] HF 15 Sim doesn't work (#20)

Another related topic: http://www.proxmark.org/forum/viewtopic.php?pid=11279#p11279 , and my blog post about it http://martin.swende.se/blog/Elite-Hacking.html .

Basically, when I was fixing iclass, which uses iso15693, I found that the modulation carrier was wrong. Also, I noticed that iclass, despite depending on iso15693, these two features (iclass sim and 15693 sim) did not have much code in common, as one would expect them to have, but instead were quite separate things.

Since I only needed iclass at the time, I didn't focus on bringing 15693 to life, but I wouldnt be surprised if it suffers from the same issue. To resolve it, you'd need to apply the same patch, use another mode when configuring the FPGA. FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR|FPGA_HF_SIMULATOR_MODULATE_424K);

Unfortunately, I don't have any 15693 tags to test with, but if you read the related forum and blog posts, I'm sure you can figure it out. I'd be glad to help out in any way I can.

---

Reply to this email directly or view it on GitHub: https://github.com/Proxmark/proxmark3/issues/20#issuecomment-55232119

[iceman1001]

I'm curious now. Is the "Hf 15 sim" command simulating a reader or a tag? I thought it was simulating a tag, then you don't need a tag to check it. You need one reader trying to read the pm3 simulation? right?

[buggii]

For what I can remember (cannot test right now) it simulates a reader not a tag; tag simulation is not available. Speaking with jonor there seem to be specific problems simulating ISO15693 because of various differences (baudrate?) in the standard that are not (yet) supported by pm3 firmware.

Date: Thu, 30 Oct 2014 04:50:56 -0700 From: notifications@github.com To: proxmark3@noreply.github.com CC: buggii@hotmail.com Subject: Re: [proxmark3] HF 15 Sim doesn't work (#20)

I'm curious now. Is the "Hf 15 sim" command simulating a reader or a tag?

I thought it was simulating a tag, then you don't need a tag to check it. You need one reader trying to read the pm3 simulation? right?

— Reply to this email directly or view it on GitHub. =

[iceman1001]

May I suggest we rename the command to "hf 15 reader" which I have seen on other commands when simulating a reader.

[iceman1001]

Look at the hf 15, i see already a "reader"
and in the client-side code it says hf 15 reader - CMD_READER_ISO_15693 hf 15 sim - CMD_SIMTAG_ISO_15693

So I think the "hf 15 sim" is trying to simulate a tag...

[buggii]

You are correct, it is a simulate tag command but it has big limits. There is a thread in the forum called "ISO15693 tag simulator not working!" explaining some stuff.

-----Original Message----- From: Iceman notifications@github.com To: Proxmark/proxmark3 proxmark3@noreply.github.com Cc: buggii buggii@hotmail.com Sent: gio, 30 ott 2014 13:08 Subject: Re: [proxmark3] HF 15 Sim doesn't work (#20)

Look at the hf 15, i see already a "reader"
and in the client-side code it says hf 15 reader - CMD_READER_ISO_15693 hf 15 sim - CMD_SIMTAG_ISO_15693

So I think the "hf 15 sim" is trying to simulate a tag...

---

Reply to this email directly or view it on GitHub: https://github.com/Proxmark/proxmark3/issues/20#issuecomment-61081668

[iceman1001]

Well, I have change some stuff in the "hf 15 sim"... in my fork, I will push it soon.. It now takes an UID from the client and uses that to send to the pm3 device. However I don't have a iso15693 reader, so I can't test it.. :(

[iceman1001]

Looking at the iso15693.c code, I realise that it needs to be fix to handle @pwpiwi 's new BigBuff management.

[douniwan5788]

Just in case, I hope this helps . I have successfully simulated a 15693tag identical with NXP ICODE2 , but messed up all the other functions. https://github.com/douniwan5788/proxmark3/commits/newWorking15693sim

[sahilsaini65]

Hello everyone. I am pretty new to this stuff. I am trying to simulate an ISO15693 tag. I tried @douniwan5788's code from https://github.com/douniwan5788/proxmark3/commits/newWorking15693sim, however i wasn't able to simulate an ISO15693 tag. I am trying to simulate a SL2S5402 tag from nxp. Also i have started using the latest release that is V2.3.0, but it is not even able to dumpmemory from the tag in ISO15693 mode. Please help. Also i did a "hw tune" & i got a voltage of 17.58v. Is it normal?

[stackpivot]

are there any news of a working ISO15693 simulation? i can't get it to work :(

[iceman1001]

Haven't heard of someone working on it. Have you tried @douniwan5788 's fork?

[stackpivot]

Yes, i have a bootloop with his image though :/ used an old 4.8 gcc to compile it. code breaks with newer compilers

[iceman1001]

if you compare the crapto code that breaks with the new code, you can see what you'll need to change to make it compile.

[douniwan5788]

Please use this commit https://github.com/douniwan5788/proxmark3/commit/01c9af3f7420593c7a45affb6e3ee143213e3fcd

Sorry for mentioned that two subcarrier is not working at all.

[iceman1001]

@douniwan5788 Which xilinix version do you use to compile the FPGA code?

[stackpivot]

@douniwan5788 @iceman1001 Thanks guys. works now.

1. used an old 4.8 gcc to compile
2. flashed bootloader and image
3. works (simulating doesnt work, i'm currently writing my block modifications on the card with hf 15 cmd write)

Thanks for the help!

[m2otech]

@douniwan5788

I used your commit linked above to try to emulate 15693 tags. It compiled fine but when running:

hf 15 sim E0xxxxxx (all 16 bytes)

I get the error "vicc_memory_map.bin"

Do I need to read a tag first and save it in this file?

Any other hint where I could look to fix this? Has anyone been able to emulate 15693?

EDIT I figured out how to input the "bin" file and the other parameters. Still it does not emulate, instead a list of values is printed in the console when approaching the HF antenna with a tag reader

[iceman1001]

Does hf1 15 sim work now with @pwpiwi fix to iso15693 commands?

[pwpiwi]

Should be unrelated. My fix was for the FPGA code used by the PM when acting AS reader.

[iceman1001]

then we keep this issue open.

[hduarte]

I've tried it with iceman version: [ ARM ] bootrom: iceman/master/ice_v3.1.0-949-gdb7cb418 2018-07-17 19:57:26 os: iceman/master/ice_v3.1.0-949-gdb7cb418 2018-07-17 19:57:28 [ FPGA ] LF image built for 2s30vq100 on 2017/10/25 at 19:50:50 HF image built for 2s30vq100 on 2017/11/10 at 19:24:16

and after running:

pm3 --> hf 15 sim E016240000000000 Starting simulating UID E0 16 24 00 00 00 00 00

db# ISO-15963 Simulating uid: E016240000000000

nothing is picked up but the reader

[pwpiwi]

Fixed with PR #696. Please note that hf 15 sim functionality is still limited to the inventory command response yet.