pwpiwi
commented
5 years ago Sensitivity has increased since the very old versions. Results in clipping at low distances. Leave a distance of 2 cm between antenna and card and it should work again.
Closed ralik closed 5 years ago
pwpiwi
commented
5 years ago Sensitivity has increased since the very old versions. Results in clipping at low distances. Leave a distance of 2 cm between antenna and card and it should work again.
marshmellow42
commented
5 years ago pwpiwi probably nailed it, but make sure you flash the bootrom and the fullimage when changing between such different versions. And use the client that matches the firmware..
and nothing in the code could cause something irreversible, are you sure the device is taking the flashing?
ralik
commented
5 years ago I did try every possible angle, distance (as I used to before anyway), but this time, it just fails after like 5 s then there is no angle/position that will help. Device is being flashed (at least according to ./flasher). Also tried on linux with old github repo. hw version shows the difference.
I went from a r839 to a V3.x.x, went back to r839 and lost all "normal" functioning of my old PM3.
marshmellow42
commented
5 years ago I assume you checked the obvious like antenna connections, hw tune?
ralik
commented
5 years ago Yes, all good here. I have a PCB printed antenna and a couple of handmade ones.
pwpiwi
commented
5 years ago Please let us see some output:
ralik
commented
5 years ago ~/proxmark3$ sudo '/home/t/proxmark3/client/flasher' /dev/ttyACM0 -b '/home/t/proxmark3/bootrom/obj/bootrom.elf'
Loading ELF file '/home/t/proxmark3/bootrom/obj/bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00000c8c->0x00000c8c) [R X] @0x298
Waiting for Proxmark to appear on /dev/ttyACM0 .
Found.
Entering bootloader...
(Press and release the button only to abort)
Waiting for Proxmark to appear on /dev/ttyACM0 ....................
Found.
Flashing...
Writing segments for file: /home/t/proxmark3/bootrom/obj/bootrom.elf
0x00100000..0x001001ff [0x200 / 1 blocks]. OK
0x00100200..0x00100e8b [0xc8c / 7 blocks]....... OK
Resetting hardware...
All done.
Have a nice day!
~/proxmark3$ sudo '/home/t/proxmark3/client/flasher' /dev/ttyACM0 -b '/home/t/proxmark3/armsrc/obj/fullimage.elf'
Loading ELF file '/home/t/proxmark3/armsrc/obj/fullimage.elf'...
Loading usable ELF segments:
0: V 0x00102000 P 0x00102000 (0x0002c398->0x0002c398) [R X] @0x94
1: V 0x00200000 P 0x0012e398 (0x00001938->0x00001938) [RW ] @0x2c42c
Note: Extending previous segment from 0x2c398 to 0x2dcd0 bytes
Waiting for Proxmark to appear on /dev/ttyACM0 ...........
Found.
Entering bootloader...
(Press and release the button only to abort)
Waiting for Proxmark to appear on /dev/ttyACM0 .........
Found.
Flashing...
Writing segments for file: /home/t/proxmark3/armsrc/obj/fullimage.elf
0x00102000..0x0012fccf [0x2dcd0 / 367 blocks]............................................................................................................................................................................................................................................................................................................................................................................... OK
Resetting hardware...
All done.
Have a nice day!
~/proxmark3$ sudo /home/t/proxmark3/client/proxmark3 /dev/ttyACM0
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-382-gab20cc3-suspect 2018-08-04 02:53:21
os: master/v3.0.1-382-gab20cc3-suspect 2018-08-04 02:53:23
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 195790 bytes (75%). Free: 66354 bytes (25%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw ve
[[[ Cached information ]]]
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-382-gab20cc3-suspect 2018-08-04 02:53:21
os: master/v3.0.1-382-gab20cc3-suspect 2018-08-04 02:53:23
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 195790 bytes (75%). Free: 66354 bytes (25%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory PCB ANTENNA:
proxmark3> hw tune
Measuring antenna characteristics, please wait...
# LF antenna: 0.00 V @ 125.00 kHz
# LF antenna: 0.00 V @ 134.00 kHz
# LF optimal: 0.00 V @ 12000.00 kHz
# HF antenna: 11.77 V @ 13.56 MHz
# Your LF antenna is unusable.
HOMEMADE ANTENNA:
proxmark3> hw t
Measuring antenna characteristics, please wait...
# LF antenna: 0.00 V @ 125.00 kHz
# LF antenna: 0.00 V @ 134.00 kHz
# LF optimal: 0.00 V @ 12000.00 kHz
# HF antenna: 19.46 V @ 13.56 MHz
# Your LF antenna is unusable. Here is an example of a simple block read (without changing the distance/angle between reads)
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# rand tag nonce len: 4
#db# auth uid: 8f237915 nt: 75a0c162
#db# Cmd CRC response error.
#db# Read block error
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Multiple tags detected. Collision after Bit 12
#db# Can't select card
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# rand tag nonce len: 4
#db# auth uid: 8f237915 nt: caa01618
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Multiple tags detected. Collision after Bit 27
#db# Can't select card
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# rand tag nonce len: 4
#db# auth uid: 8f237915 nt: 3074dace
#db# Authentication failed. Card timeout.
#db# Auth error
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Can't select card
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Multiple tags detected. Collision after Bit 32
#db# Can't select card
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Can't select card
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# Multiple tags detected. Collision after Bit 4
#db# Can't select card
#db# READ BLOCK FINISHED
isOk:00
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF
--block no:0, key type:A, key:ff ff ff ff ff ff
#db# ISO14443A Timeout set to 1060 (10ms)
#db# ISO14443A Timeout set to 10 (0ms)
#db# ISO14443A Timeout set to 1060 (10ms)
#db# rand tag nonce len: 4
#db# auth uid: 8f237915 nt: c02ad681
#db# READ BLOCK FINISHED
isOk:01 data:8f 23 79 15 c0 28 04 00 00 00 00 00 21 27 20 00
proxmark3You have set debug level to 4.
Usage: hf mf dbg <debug level>
0 - no debug messages
1 - error messages
2 - plus information messages
3 - plus debug messages
4 - print even debug messages in timing critical functions
Note: this option therefore may cause malfunction itselfTry with the default please.
ralik
commented
5 years ago Sorry, my bad.
Here it is:
pm3 --> hf mf dbg 0
#db# Debug level: 0
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
#db# Multiple tags detected. Collision after Bit 28
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
#db# Multiple tags detected. Collision after Bit 22
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:00
pm3 --> hf mf rdbl 0 A 9c06d18d39e4
--block no:0, key type:A, key:9C 06 D1 8D 39 E4
isOk:01 data:C2 B8 C0 19 A3 08 04 00 62 63 64 65 66 67 68 69Now it appears you are using icemans client...
ralik
commented
5 years ago Yes, I have tried a few distro to see if there were any differences. But I get pretty much the same poor results. Also I went back to an old rev I have on my PC (ProxSpace from 2012), that is the first one I used when I purchased my PM3, it has a few traces in the client's folder. At this time I don't believe the wording "Multiple tags detected" or "Collision after Bit" existed in the code. I have a 6.6MB proxmark3.log in that folder which only contains this wording from when I used it yesterday. Everything else is from back in 2012 and never showed that sentence. Maybe I should JTAG-flash to fully revert back to the original version where I had no issue with HF MF
pwpiwi
commented
5 years ago Don't mix client and firmware version. Iceman client must go with Iceman firmware. Official client must go with official firmware. And both client and firmware must be of the same version.
Flashing the firmware is reversible. No need to use JTAG-flash when flasher still worls.
ralik
commented
5 years ago In the last output, I flashed with iceman's firmware and was using iceman's firmware from the same commit. When I tested with an old ProxSpace from 2012, I flashed bootroom, fpgaimage, fullimage, osimage from the same 2012 version and I was using the client from the same 2012 version. Yet, I am still seeing "Multiple tags detected" or "Collision after Bit" even though this does not appear to be in the source code from 2012. Meaning that it appears to be some leftover from newer 2018 revisions that was not erased after flashing to a 2012 older version.
marshmellow42
commented
5 years ago I cannot speak for icemans repo, as it says, use at your own risk.
iceman1001
commented
5 years ago I see you are using linux.. try ./update.sh
pwpiwi
commented
5 years ago Issue fixed using ./update.sh?
iceman1001
commented
5 years ago ...this issue is a bit inconsistent.
For testing purposes,
if hw tune reports bad values from antenna, then check your connection with antenna. The client should report back values in order for the pm3 to function normal.
Barmallini
commented
5 years ago Same issue. PM3 easy (black) Prox/RFID mark3 RFID instrument bootrom: master/v3.0.1-382-gab20cc3-suspect 2018-07-31 11:46:17 os: master/v3.0.1-382-gab20cc3-suspect 2018-07-31 11:46:30 LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04 HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S256 Rev D Embedded Processor: ARM7TDMI Nonvolatile Program Memory Size: 256K bytes. Used: 194936 bytes (74%). Free: 672 08 bytes (26%). Second Nonvolatile Program Memory Size: None Internal SRAM Size: 64K bytes Architecture Identifier: AT91SAM7Sxx Series Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune
Measuring antenna characteristics, please wait......... LF antenna: 23.92 V @ 125.00 kHz LF antenna: 18.84 V @ 134.00 kHz LF optimal: 23.65 V @ 122.45 kHz HF antenna: 14.57 V @ 13.56 MHz Displaying LF tuning graph. Divisor 89 is 134khz, 95 is 125khz.
proxmark3> hf mf rdbl 0 A FFFFFFFFFFFF --block no:0, key type:A, key:ff ff ff ff ff ff
isOk:00
iceman1001
commented
5 years ago ok, so different distance between tag and antenna... and pm3 easy have a lot of cheap clones out on aliexpress etc, they (the clones) have been known to be problematic
Barmallini
commented
5 years ago Yes, i have aliexpress clone.
It snoop something, but not as shown at https://code.google.com/archive/p/proxmark3/wikis/RunningPM3.wiki section "Get the UID of a Mifare card using ’snooping’ capabilities"
P.S. Something changed and it looks better today with a14. Will check hf mf later...
ralik
commented
5 years ago Issue fixed using ./update.sh?
Yes Old board (green one from 2011-2012)
Distance/angle/position doesn't have much effect (except from what you would expect) after that. Even hf mf hard runs smoothly with whatever acceptable distance/angle/position you try.
hackcrypto
commented
2 years ago Sensitivity has increased since the very old versions. Results in clipping at low distances. Leave a distance of 2 cm between antenna and card and it should work again.
Thanks bro it WORK !
Hi all, I've always been working with a proxmark loaded with a version from July 2014. Today, I thought it would be a good idea to check newer commands. I flashed with latest GitHub repo and have lost the ability to (on cards with which I never had any problem):
I just keep getting a massive amount of error messages, "Can't select card" or "Multiple tags detected. Collision after Bit xx" with whatever card<->antenna positions until the PM3 crashes.
I tried to go a few commits back and re-flash but same problem. I was thinking mehhh just forget about it and go back to my cave ¯_(ツ)_/¯ But flashing with my good old 2014 Bootrom+fullimage, did not help at all... The hf mf commands are not back! Looks like flashing a newer version has made some irreversible changes to my PM3.
Any idea what happened here? And what can I try to fix that issue. Any help would be highly appreciated...