search

RfidResearchGroup / proxmark3

Iceman Fork - Proxmark3
http://www.icedev.se
GNU General Public License v3.0
3.65k stars 981 forks source link

Unable to correctly interact with some EM-Marin tags #406

Closed S1yk3r closed 4 years ago

S1yk3r commented 4 years ago

I met a EM-Marin TAG ID which is impossible to correctly detect on iceman proxmark3 firmware, example: 24001AC532. Maybe its value violates some standard range rules, but i met it on are real intercom, and official PM3 firmware works well with it. (I use precompiled PM3 iceman bulids from here: https://drive.google.com/open?id=1mMgdfnSEgFvA77xvbG_VnaLrZJHnvcSP/)

iceman1001 commented 4 years ago

Did you test latest source from here?

The precompiled build links found in forum post http://proxmark.org/forum/viewtopic.php?id=3975 say RDV40, but you can flash and run it on other Proxmark3 devices aswell.

S1yk3r commented 4 years ago

Yes, i use latest iceman precompiled build (iceman-64-20190828) from your link above. And i can't use this (rdv40-64-20190918) build on my device: https://aliexpress.com/item//32808141763.html USB\VID_9AC4&PID_4B8F&REV_0001

After successful flashing "bootrom.elf" device starting correctly, but flashing "fullimage.elf" will brick device ("Device Descriptor Request Failed" etc.)

doegox commented 4 years ago

you have to compile it with PLATFORM=PM3_OTHER

iceman1001 commented 4 years ago

If you don't use this repo, then there is little to be done here. Iceman repo is deprecated. As mentioned, you can compile and use this repo on your non-rdv4 device. If you do, I think your tag will work again.

However until you do, you can do one thing more. Save a read trace and upload here.

lf read
data save  s1yk3r_em_24001AC532.pm3
iceman1001 commented 4 years ago

ping!

S1yk3r commented 4 years ago

Reading (on iceman builds) T5577 flashed as "lf em 410x_write 24001AC532 1" will show the next output in console:

pm3 --> lf search NOTE: some demods output possible binary if it finds something that looks like a tag False Positives ARE possible

Checking for known tags:

NEDAP ID Found - Raw: ff805fb0009d4794ff805fb0009d4794

[+] Valid NEDAP ID Found!

s1yk3r_em_24001AC532.zip

On command "lf em 410x_read" it displays reliable information for the tag. Looks like claims are only addressed to the (lf search) automatic detection mechanism.

It is a sad that there are no precompiled RDV4 builds for my device (i wanted to respond when i compile the RDV4 firmware - but i was busy). Sorry for such delay in answer.

iceman1001 commented 4 years ago

You can test the improved nedap commands instead of writing hex.

lf nedap clone
lf nedap read

Glad to see your issue is resolved.