Closed jacopo-j closed 4 years ago
joanbono
commented
5 years ago Interested on that also. I found a while ago Navigoat, an android application which was taking information from the Navigo card (last stations and so on), maybe it;s possible to use that information to decode some of the obtained data somehow (can be found here )
I should have one or two navigos at home, but I'm not living in Paris :/
iceman1001
commented
5 years ago Indeed interesting to get calypso support. The calypso lua script was thought of getting the cardpeek apdu's as a base to operate it. As you noticed the 14B wasn't good and 14B' non-existent. The need to implement signal modulation/demodulatio , encoding / decoding of 14B' protocol, and client support..
I would say start with getting 14B better. There is a fix for fpga signaling in offical repo that is on my todo list to implement in this repo. That will increase the 14a/14b/15 communications. And could most likely be uses for FeliCa and 14B' protocols.
Old issues I did over at Iceman fork. https://github.com/iceman1001/proxmark3/issues/41 https://github.com/iceman1001/proxmark3/issues/39
doegox
commented
5 years ago FTR modulations are the same as for typeB, typeB' has just a different "anticollision" phase. (and latest Navigo Easy are pure typeB, not typeB' anymore)
doegox
commented
5 years ago You can find an example how to talk to typeB' here: https://github.com/nfc-tools/libnfc/blob/master/examples/pn53x-tamashell-scripts/ReadNavigo.sh For newer Navigo typeB, it looks more like Mobib: https://github.com/nfc-tools/libnfc/blob/master/examples/pn53x-tamashell-scripts/ReadMobib.sh
iceman1001
commented
4 years ago I am not sure how to read the anticollision phase from those tamashell scripts.
doegox
commented
4 years ago Very first command equivalent is
hf 14b raw -c -p 010b3f80
but it seems the Proxmark3 doesn't see the answer.
Here are (decimated) captures from another proxmark with hf sniff
First: sniffing libnfc tamashell 42:010b3f80
Then sniffing pm3 hf 14b raw -c -p 010b3f80
Note also the two extra signals at end of pm3 command ?!
doegox
commented
4 years ago So after bugfix and addition of 14b' framing support, here we are:
iceman1001
commented
4 years ago Remarkable!
Now we just need higher level commands for 14b'
iceman1001
commented
4 years ago What is the select / anti collision for 14b' ?
ghost
commented
3 years ago So after bugfix and addition of 14b' framing support, here we are:
hello, sorry for the reopening... But I am facing this problem and with the latest relase and an rdv4 proxmark the command is not running (an in sniffing mode also, i didnt view the reponse of the tag but uniquely a command from the reader). Did you publish your changes or did you just do it "locally" If so, your modification will interest me :)
iceman1001
commented
3 years ago yes, it was all commited.
ghost
commented
3 years ago yes, it was all commited.
it's strange because I do not have the return of the order on a calypso card... ( and with hf sniff, i have a modulation)
doegox
commented
3 years ago Are you sure your Calypso is 14b' ? All modern Calypso are 14b nowadays
ghost
commented
3 years ago Are you sure your Calypso is 14b' ? All modern Calypso are 14b nowadays
I don' know, if the card repond to 14b select (05 00 00), it can't be 14b 'at the same time? (I don't know I can't find any documentation on this subject)
doegox
commented
3 years ago No it can't be both. If it replies to 14b select, it is 14b. Read the specs for more info.
Hello. I'm interested in reading ISO 14443B' (Innovatron pre-ISO 14443B) Calypso cards, which at the current state of things don't seem to be supported – or even detected – by the Proxmark client.
I am willing to implement at least some basic features for getting information and/or reading those tags myself, however I'm struggling to find any sort of documentation about how to communicate with the tags. Communication sniffing in 14b mode seems to produce unreliable results, and I still weren't able to have the card respond to raw 14b commands.
libnfc can at least select ISO 14443B' cards and is able to print the ATS and UID, but I couldn't find any information about how to select the card myself and send raw APDU commands.
Calypso cards (Navigo cards in particular) were previously discussed on Proxmark forums here and here. A calypso.lua script exists in this repository but only works with standard 14443B cards.
Does anybody have further information about this topic?