search

emsec / ChameleonMini

The ChameleonMini is a versatile contactless smartcard emulator compliant to NFC. The ChameleonMini was developed by https://kasper-oswald.de. The device is available at https://shop.kasper.it. For further information see the Getting Started Page https://rawgit.com/emsec/ChameleonMini/master/Doc/Doxygen/html/_page__getting_started.html or the Wiki tab above.
Other
1.75k stars 392 forks source link

Get dump from ISO15693 and emulate. #257

Open AngelSotomayor opened 4 years ago

AngelSotomayor commented 4 years ago

Hello,

I was watching the video posted in the #244 issue and I saw that @ceres-c and @fptrs did break a NFC Toy that uses the ISO15693, and that is exactly that I need to do, but as a beginner using the chameleon I'm a bit lost with the proccess. I'm capable of sniffing the comunication between a reader and the tag, but I'm kinda lost with the next steps. How can I read the data inside the tag with the chameleon? How can I extract a dump of the content of the ISO15693 tag? Once I gat this dump I will only need to upload it to one slot of the Chameleon and I will be emulating the tag right?

Many thanks for any help you can provide!

I will continue looking through the guides, this github and toying with the chameleon mini in case that I found the answers myself.

fptrs commented 4 years ago

Hi @AngelSotomayor,

the FW does not feature an ISO15693 reader yet. We used another reader to extract the content of the tag. But we did not need this content to emulate the toy, we just used the UID recorded with the sniffer. Once you have the UID and/or the content you can upload it to the chameleon and emulate a ISO15693 tag. Do you know the type/manufacturer of your tag? Can you upload a log of the sniffed communication?

AngelSotomayor commented 4 years ago

Thank you so much for your quick answer.

The tag is a custom Texas Instrument based on the RF430FRL152H. I can post the log in a while. Regards

AngelSotomayor commented 4 years ago

Sorry for being late, yesterday I didn't have a mobile with NFC to scan the tag. This is the lof of the sniffed data. What I'm doing is read the entire memory with tha app NFC TagInfo. Here is the result:

[24414] CODEC RX DATA: 26 01 00 F6 0A [24444] CODEC RX DATA: 22 2B EE DC 6C 00 00 A0 07 E0 45 B7 [24467] CODEC RX DATA: 22 20 EE DC 6C 00 00 A0 07 E0 00 26 F8 [24515] CODEC RX DATA: 22 2B EE DC 6C 00 00 A0 07 E0 45 B7 [24532] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 00 23 35 [24546] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 01 AA 24 [24563] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 02 31 16 [24580] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 03 B8 07 [24596] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 04 07 73 [24611] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 05 8E 62 [24627] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 06 15 50 [24647] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 07 9C 41 [24667] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 08 6B B9 [24679] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 09 E2 A8 [24692] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 0A 79 9A [24710] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 0B F0 8B [24725] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 0C 4F FF [24740] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 0D C6 EE [24754] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 0E 5D DC [24767] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 0F D4 CD [24779] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 10 A2 25 [24801] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 11 2B 34 [24813] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 12 B0 06 [24832] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 13 39 17 [24851] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 14 86 63 [24864] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 15 0F 72 [24877] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 16 94 40 [24892] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 17 1D 51 [24912] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 18 EA A9 [24923] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 19 63 B8 [24936] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 1A F8 8A [24948] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 1B 71 9B [24967] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 1C CE EF [24979] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 1D 47 FE [24990] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 1E DC CC [25011] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 1F 55 DD [25027] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 20 21 14 [25038] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 21 A8 05 [25050] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 22 33 37 [25062] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 23 BA 26 [25073] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 24 05 52 [25085] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 25 8C 43 [25096] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 26 17 71 [25109] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 27 9E 60 [25120] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 28 69 98 [25136] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 29 E0 89 [25277] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 2A 7B BB [25299] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 2B F2 AA [25328] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 2C 4D DE [25340] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 2D C4 CF [25351] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 2E 5F FD [25364] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 2F D6 EC [25375] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 30 A0 04 [25387] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 31 29 15 [25398] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 32 B2 27 [25412] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 33 3B 36 [25423] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 34 84 42 [25435] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 35 0D 53 [25446] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 36 96 61 [25504] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 37 1F 70 [25518] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 38 E8 88 [25529] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 39 61 99 [25544] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 3A FA AB [25559] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 3B 73 BA [25570] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 3C CC CE [25581] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 3D 45 DF [25595] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 3E DE ED [25607] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 3F 57 FC [25621] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 40 27 77 [25638] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 41 AE 66 [25649] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 42 35 54 [25660] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 43 BC 45 [25676] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 44 03 31 [25687] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 45 8A 20 [25705] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 46 11 12 [25719] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 47 98 03 [25732] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 48 6F FB [25744] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 49 E6 EA [25757] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 4A 7D D8 [25768] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 4B F4 C9 [25788] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 4C 4B BD [25803] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 4D C2 AC [25814] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 4E 59 9E [25827] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 4F D0 8F [25842] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 50 A6 67 [25859] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 51 2F 76 [25871] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 52 B4 44 [25885] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 53 3D 55 [25900] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 54 82 21 [25914] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 55 0B 30 [25929] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 56 90 02 [25941] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 57 19 13 [25955] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 58 EE EB [25972] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 59 67 FA [25988] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 5A FC C8 [26004] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 5B 75 D9 [26015] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 5C CA AD [26027] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 5D 43 BC [26039] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 5E D8 8E [26051] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 5F 51 9F [26062] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 60 25 56 [26074] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 61 AC 47 [26085] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 62 37 75 [26097] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 63 BE 64 [26108] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 64 01 10 [26119] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 65 88 01 [26130] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 66 13 33 [26142] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 67 9A 22 [26154] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 68 6D DA [26166] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 69 E4 CB [26178] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 6A 7F F9 [26189] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 6B F6 E8 [26200] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 6C 49 9C [26215] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 6D C0 8D [26227] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 6E 5B BF [26240] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 6F D2 AE [26253] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 70 A4 46 [26271] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 71 2D 57 [26285] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 72 B6 65 [26297] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 73 3F 74 [26308] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 74 80 00 [26324] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 75 09 11 [26335] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 76 92 23 [26359] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 77 1B 32 [26377] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 78 EC CA [26391] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 79 65 DB [26402] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 7A FE E9 [26414] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 7B 77 F8 [26425] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 7C C8 8C [26442] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 7D 41 9D [26457] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 7E DA AF [26468] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 7F 53 BE [26483] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 80 2B B1 [26497] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 81 A2 A0 [26509] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 82 39 92 [26520] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 83 B0 83 [26532] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 84 0F F7 [26543] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 85 86 E6 [26555] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 86 1D D4 [26568] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 87 94 C5 [26580] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 88 63 3D [26591] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 89 EA 2C [26605] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 8A 71 1E [26617] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 8B F8 0F [26630] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 8C 47 7B [26644] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 8D CE 6A [26657] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 8E 55 58 [26670] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 8F DC 49 [26682] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 90 AA A1 [26699] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 91 23 B0 [26713] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 92 B8 82 [26724] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 93 31 93 [26736] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 94 8E E7 [26747] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 95 07 F6 [26761] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 96 9C C4 [26776] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 97 15 D5 [26787] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 98 E2 2D [26798] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 99 6B 3C [26809] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 9A F0 0E [26821] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 9B 79 1F [26833] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 9C C6 6B [26844] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 9D 4F 7A [26855] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 9E D4 48 [26867] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 9F 5D 59 [26878] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A0 29 90 [26889] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A1 A0 81 [26903] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A2 3B B3 [26914] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A3 B2 A2 [26926] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A4 0D D6 [26937] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A5 84 C7 [26952] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A6 1F F5 [26965] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A7 96 E4 [26982] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A8 61 1C [26994] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 A9 E8 0D [27005] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 AA 73 3F [27018] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 AB FA 2E [27030] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 AC 45 5A [27044] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 AD CC 4B [27058] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 AE 57 79 [27070] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 AF DE 68 [27082] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B0 A8 80 [27093] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B1 21 91 [27106] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B2 BA A3 [27117] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B3 33 B2 [27129] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B4 8C C6 [27140] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B5 05 D7 [27151] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B6 9E E5 [27162] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B7 17 F4 [27174] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B8 E0 0C [27186] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 B9 69 1D [27200] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 BA F2 2F [27212] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 BB 7B 3E [27225] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 BC C4 4A [27237] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 BD 4D 5B [27248] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 BE D6 69 [27260] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 BF 5F 78 [27272] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C0 2F F3 [27285] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C1 A6 E2 [27296] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C2 3D D0 [27308] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C3 B4 C1 [27319] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C4 0B B5 [27331] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C5 82 A4 [27343] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C6 19 96 [27355] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C7 90 87 [27367] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C8 67 7F [27378] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 C9 EE 6E [27390] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 CA 75 5C [27401] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 CB FC 4D [27414] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 CC 43 39 [27427] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 CD CA 28 [27439] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 CE 51 1A [27450] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 CF D8 0B [27461] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D0 AE E3 [27474] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D1 27 F2 [27485] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D2 BC C0 [27500] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D3 35 D1 [27512] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D4 8A A5 [27525] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D5 03 B4 [27537] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D6 98 86 [27548] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D7 11 97 [27560] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D8 E6 6F [27571] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 D9 6F 7E [27583] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 DA F4 4C [27594] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 DB 7D 5D [27609] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 DC C2 29 [27620] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 DD 4B 38 [27632] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 DE D0 0A [27643] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 DF 59 1B [27654] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E0 2D D2 [27666] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E1 A4 C3 [27677] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E2 3F F1 [27692] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E3 B6 E0 [27704] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E4 09 94 [27716] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E5 80 85 [27727] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E6 1B B7 [27739] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E7 92 A6 [27751] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E8 65 5E [27762] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 E9 EC 4F [27773] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 EA 77 7D [27785] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 EB FE 6C [27796] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 EC 41 18 [27808] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 ED C8 09 [27820] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 EE 53 3B [27832] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 EF DA 2A [27844] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 F0 AC C2 [27856] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 F1 25 D3 [27868] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 F2 BE E1 [27879] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 F3 37 F0 [27891] CODEC RX DATA: 62 20 EE DC 6C 00 00 A0 07 E0 F4 88 84 [28047] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [28205] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [28365] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [28524] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [28682] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [28841] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [28999] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [29158] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [29317] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [29475] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [29635] CODEC RX DATA: 26 01 40 EE DC 6C 00 00 A0 07 E0 5F AC [29821] CODEC RX DATA: 26 01 00 F6 0A

Regards

fptrs commented 4 years ago

Hi @AngelSotomayor, the app reads each block of the tag with 6220<UID><Block number><CRC>. You can use the information shown in the app to emulate this tag with the EM4233 config as a starting point.

  1. Create a binary dump containing the data you read with the app.
  2. Set the config.
  3. Upload the dump.
  4. Set the UID.

One remaining difference between the emulation of the EM4233 config and your tag is the answer to the GetSystemInformationCommand (22 2B EE DC 6C 00 00 A0 07 E0 45 B7). This command expects for instance the number of content blocks, the block width and the DSFID. These values are also shown in the NFC TagInfo App. A first step is to adjust these values in the EM4233 config. Then you compare the emulation of the chameleon and your tag. Finally you could create a new configuration for your tag that uses these explicit values. Keep me updated on your progress and have fun.

stappjno commented 4 years ago

Have you done any progress here? I found this issue and think this is similar to my questions: https://github.com/emsec/ChameleonMini/issues/265

alvarotorijano commented 1 year ago

hi @AngelSotomayor did you achieved to emulate the 15693 tag?