Closed lily-mara closed 10 months ago
Hi, I may add some more context as I experienced the same problem.
Just emulating a saved Ultralight card works without freeze. But this sequence triggers the problem:
Fw dev 8D8481B1 of today
So it seems "reading an actual card" leaves the reader in a state not properly cleaned by "emulating a card towards an actual reader". A workaround is the following sequence:
At this point everything works as expected.
Hello @lily-mara . Thanks for the report. Unfortunately I can't reproduce the freeze. I repeated the steps you wrote, but my flipper's emulation works just fine with my readers. Flipper is not writing logs on SD card yet (will be added soon), but I need full communication with reader to better understand what is going on. I think that at some point flipper handles reader requests incorrectly. Can you sniff communication with proxmark or other capable tool?
Hello @doegox , thanks for more context! Am I right that Flipper passes anticollision and doesn't reply to read command 30 XX ? Do you have a full log? As I said, I reproduces you steps, but flipper emulates fine on tested readers. Need more context to fix the issue
Hi @gornekich As I wrote you've first to read a card with the Flipper before entering emulation mode, in order to trigger the issue. Here is a log of a proxmark trying to read the emulated MFU by Flipper. As you see the Flipper doesn't reply to the 30F0 command (and it's true for any 30xx read command).
[usb] pm3 --> hf mfu dump
[usb] pm3 --> hf 14a list
[=] downloading tracelog data from device
[+] Recorded activity (trace len = 435 bytes)
[=] start = start of start frame end = end of frame. src = source of transfer
[=] ISO14443A - all times are in carrier periods (1/13.56MHz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |52(7) | | WUPA
2116 | 4484 | Tag |44 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10564 | 16452 | Tag |88 04 2d e4 45 | |
19200 | 29728 | Rdr |93 70 88 04 2d e4 45 11 1c | ok | SELECT_UID
30788 | 34308 | Tag |04 da 17 | |
35712 | 38176 | Rdr |95 20 | | ANTICOLL-2
39236 | 45060 | Tag |32 e3 10 91 50 | |
47872 | 58336 | Rdr |95 70 32 e3 10 91 50 da 05 | ok | SELECT_UID-2
59460 | 63044 | Tag |00 fe 51 | |
0 | 992 | Rdr |40(7) | | MAGIC WUPC1
0 | 992 | Rdr |52(7) | | WUPA
2116 | 4484 | Tag |44 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10564 | 16452 | Tag |88 04 2d e4 45 | |
19200 | 29728 | Rdr |93 70 88 04 2d e4 45 11 1c | ok | SELECT_UID
30788 | 34308 | Tag |04 da 17 | |
35712 | 38176 | Rdr |95 20 | | ANTICOLL-2
39236 | 45060 | Tag |32 e3 10 91 50 | |
47872 | 58336 | Rdr |95 70 32 e3 10 91 50 da 05 | ok | SELECT_UID-2
59460 | 63044 | Tag |00 fe 51 | |
64768 | 69536 | Rdr |e0 80 31 73 | ok | RATS
0 | 992 | Rdr |52(7) | | WUPA
2116 | 4484 | Tag |44 00 | |
7040 | 9504 | Rdr |93 20 | | ANTICOLL
10564 | 16452 | Tag |88 04 2d e4 45 | |
19200 | 29728 | Rdr |93 70 88 04 2d e4 45 11 1c | ok | SELECT_UID
30788 | 34308 | Tag |04 da 17 | |
35712 | 38176 | Rdr |95 20 | | ANTICOLL-2
39236 | 45060 | Tag |32 e3 10 91 50 | |
47872 | 58336 | Rdr |95 70 32 e3 10 91 50 da 05 | ok | SELECT_UID-2
59460 | 63044 | Tag |00 fe 51 | |
64640 | 69344 | Rdr |30 f0 8d 5f | ok | READBLOCK(240)
Note that I don't have many cards to test here and the card I have is password-protected from block 16 on. So when the Flipper reads the card, at some point (3010) it's facing an error from the card, maybe that follows another code path than for unprotected cards that can be fully dumped. Here is the end of the trace when the Flipper reads the card:
4252636 | 4257404 | Rdr |30 0c 6e 62 | ok | READBLOCK(12)
4258592 | 4279456 | Tag |0c 9e b1 68 91 71 83 1d 84 fc ac 94 b4 13 a6 16 48 8a | ok |
4333996 | 4338700 | Rdr |30 10 83 b8 | ok | READBLOCK(16)
4339952 | 4340592 | Tag |00(4) | |
4401772 | 4406540 | Rdr |39 00 1a 7f | ok | READ CNT(0)
5074332 | 5079100 | Rdr |3e 00 12 32 | ok | CHK TEARING(0)
@doegox thank you! Now I think I understand where is the problem, will try to fix it soon
Thank you for providing the extra context @doegox! I would not have known how to gather this deeper information.
I've just encountered a similar issue when emulating another type of tag, a Viking tag to be more precise, I was stuck in the reader and couldn't do anything but reset. I was not plugged in serial or had any logs of the issue. I was on firmware Version: 0.69.0 commit: 747e81fe radio: 1.13.3
Is this still present in the latest release build?
Yes, I tested dev build of yesterday, still same behavior
The card I was testing was a Ultralight21 password-protected from block 17 and the Flipper could only 16/41 pages
Now I tried a simple old Ultralight. The Flipper can read all 16 pages. Then emulation works fine and I can exit the emulation mode.
So it seems when the read of a block is facing an error, it does not exit as cleanly as when all reads succeed, and emulation just after that state is failing.
Should be fixed and cannot be reproduced on latest release
reopen if issue persists
Describe the bug.
I'm getting a UI freeze in 0.65.2 while trying to emulate a Mifare Ultralight 11 card. The emulation screen pops up, light starts flashing, I hold the flipper up to the reader, and the buttons stop responding to input. At this point I am stuck on the emulation screen and need to reboot.
I was connected via the serial interface to watch the debug logs coincidentally, and the last message I got was
[D][MfUltralight] Prepare emulation
before the buttons stopped working. Interestingly the serial interface works just fine at this point, so the issue may be related to the ui/button systems specifically.This issue persists across reboots but it only occurs after holding the flipper up to the reader. Entering and quickly exiting the emulation screen does not cause this issue.
UPDATE: I have attempted a few more times to reproduce the issue and have been able to get the UI to not freeze. And to get a more interesting log line:
Reproduction
Target
No response
Logs
Anything else?