Support for Legic Prime

[nfc232]

Legic Prime is currently not supported. It would be nice, if it were possible to emulate Legic Cards.

[david-oswald]

Yes, it certainly would - to my knowledge Legic Prime uses an own standard, which they actually tried to standardise as ISO14443 F, see https://events.ccc.de/congress/2009/Fahrplan/attachments/1506_legic-slides.pdf. You will need to write a corresponding codec to sniff or emulate, which is a relatively low-level coding task.

[simplysoft]

Hi. We are fairly new to this project and have interest in Legic Prime emulation. Given that proxmark3 has working implementation of an emulator, is it doable to implement legic prime emulation for Chameleon? Or are there any limitations (e.g. in terms of hardware) that would make it more difficult to implement it with chameleon compared to proxmark3? If there are no known road blocks, we might be able to invest some time into this.

[david-oswald]

@simplysoft that would be really great, a long awaited improvement. Would be great if you could contribute something to the project in this regard.

I don't think there are fundamental issues, see here for the RF layer of Legic Prime:

The Chameleon HW should be able to pick up the 10% load mod and generate the reader modulation, however as usual the devil will be in the detail getting the timings right etc.

[simplysoft]

@david-oswald is there any documentation or other resources that helps getting started with development for the chameleon HW? We did glance though the code and we are still a bit in the dark how to interact with the hardware.

[ceres-c]

There was a workshop at the 36C3, I don't know whether it was recorded, but the slides are available here

Also, take a look at ISO14443-2A and ISO15693 codecs, they're well documented and you should be able to understand how data is de/modulated. I've improved ISO15 documentation, but the PR is not yet merged since I still have to fix a compilation error

[simplysoft]

Thanks for the pointers so far. Any tips on development setup you use for testing / debugging or other tools you wouldn't not want to miss when writing code for Chameleon?

[david-oswald]

you will definitely need an oscilloscope to check the waveforms on the demod pin etc I'd say. Doesn't have to be high-spec, something like a Rigol DS1054Z (or even cheaper ones) should do.

[ceres-c]

I thought you might also want to have these Atmel application notes/manuals at hand while reading the code/developing your own

• 8045A-AVR-02/08
• 8071A-AVR-02/08
• 8331F–AVR–04/2013
• DS40002166A

The first two files are specific to interrupts/event system, 8331F is the manual for Xmega AU MCUs (handy to understand ports/interrupts registers) and the last one is the datasheet with all the stuff you'd expect to find in a datasheet and might need.

You'll need:

• An oscilloscope, as David sad. Being a student (≈ poor) I bought an OWON VDS1022I which proved to be sufficient for my needs. Of course a better scope would give better readings and probably simplify debugging. You'll probably need to use PORTE (see SniffISO14443-2A.c)
• I found myself in need of a programmer to recover a bricked chameleon and opted for a Atmel ICE which does double duty as a debugger. Again, being a student, I bought the bare PCB version of the debugger. Beware, it does not come with cables, so a you'll need a IDC cable (10 pins, 1,27mm pitch) to breakout your own connection board
• A reader/writer compatible with Legic cards, of course

[street-grease-coder]

Why would a logic analyzer fall short here, compared to an oscilloscope? Asking because they're obviously orders of magnitudes cheaper (and because noob). Thanks for this great code repo.

[timokasper]

a logic analyzer cannot display analogue signals; you need to see the real voltages at the pins of ChameleonMini in order to set up parameters such as threshold of the comparator, etc.