skotopes
commented
1 year ago Sounds interesting. May be a slight challenge since we delegate anti-collision to st25
Open bettse opened 1 year ago
skotopes
commented
1 year ago Sounds interesting. May be a slight challenge since we delegate anti-collision to st25
dzienisz
commented
1 year ago Qi2 will be made of Apple Magsafe https://www.youtube.com/watch?v=m-wWln9DA3Q he explain it!
ezhevita
commented
9 months ago I’ve implemented MagSafe emulation for proxmark: https://github.com/ezhevita/proxmark3/tree/magsafe
However iPhone can’t read the emulation and my guess is that magnets in the case enable the NFC field and thus emulation will be useless without magnetic activation
skylarrgrey
commented
8 months ago I’ve implemented MagSafe emulation for proxmark: https://github.com/ezhevita/proxmark3/tree/magsafe
However iPhone can’t read the emulation and my guess is that magnets in the case enable the NFC field and thus emulation will be useless without magnetic activation
Could you put some MagSafe magnets on the iPhone and then test emulation ?
ihrapsa
commented
7 months ago I’ve implemented MagSafe emulation for proxmark: https://github.com/ezhevita/proxmark3/tree/magsafe
However iPhone can’t read the emulation and my guess is that magnets in the case enable the NFC field and thus emulation will be useless without magnetic activation
Hey @ezhevita I played with your fork and managed to emulate some data, however the phone does not react even with magnetic activation. below are the trace and commands I used. What am I doing wrong? As far as I could understand only the last 4 bytes differ in the capability container (CC).
hf 14a sim -t 13 --data 57030390
the data string I got is from Iceman's Discord server (@tcprst's message from 3 years ago) that corresponds to a blue leather wallet:
Orange Leather Case 12 Pro Max (Legit):
001D20010000FF0406E104030000000506E105008082830F044C01059B
Black Leather Case 12 Mini (Legit):
001D20010000FF0406E104030000000506E105008082830F044C01019F
White Case:
001D20010000FF0406E104030000000506E105008082830F0453010396
Black Case:
001D20010000FF0406E104030000000506E105008082830F0453010198
Blue Leather Wallet (Legit):
001D20010000FF0406E104030000000506E105008082830F0457030390
Black Leather Wallet (Legit):
001D20010000FF0406E104030000000506E105008082830F0457030192Provided that the pm3 is positioned properly and then activated with a magnet over it (a 3rd party MagSafe wallet for example), I get a trace. However no animation from the phone. Here is the trace:
[usb] pm3 --> hf 14a sim -t 13 --data 57030390
[=] Press pm3 button to abort simulation
[#] Emulator stopped. Trace length: 489
[=] Done!
[usb] pm3 --> trace list -t 14a
[+] Recorded activity ( 489 bytes )
[=] start = start of start frame. end = end of frame. src = source of transfer.
[=] ISO14443A - all times are in carrier periods (1/13.56MHz)
Start | End | Src | Data (! denotes parity error) | CRC | Annotation
------------+------------+-----+-------------------------------------------------------------------------+-----+--------------------
0 | 992 | Rdr |7a(7) | | MAGSAFE WUPA
2228 | 4596 | Tag |04 03 | |
11762 | 16530 | Rdr |50 00 57 cd | ok | HALT
39076 | 40068 | Rdr |7d(7) | | MAGSAFE WUPA
41304 | 43672 | Tag |04 03 | |
50836 | 53300 | Rdr |93 20 | | ANTICOLL
54472 | 60296 | Tag |00 00 00 00 00 | |
67476 | 78004 | Rdr |93 70 00 00 00 00 00 9c d9 | ok | SELECT_UID
79176 | 82760 | Tag |20 fc 70 | ok |
90466 | 95234 | Rdr |50 00 57 cd | ok | HALT
117340 | 118332 | Rdr |7a(7) | | MAGSAFE WUPA
119568 | 121936 | Tag |04 03 | |
129116 | 131580 | Rdr |93 20 | | ANTICOLL
132752 | 138576 | Tag |00 00 00 00 00 | |
145756 | 156284 | Rdr |93 70 00 00 00 00 00 9c d9 | ok | SELECT_UID
157456 | 161040 | Tag |20 fc 70 | ok |
168146 | 172914 | Rdr |50 00 57 cd | ok | HALT
184192 | 185184 | Rdr |7d(7) | | MAGSAFE WUPA
186420 | 188788 | Tag |04 03 | |
195952 | 206480 | Rdr |93 70 00 00 00 00 00 9c d9 | ok | SELECT_UID
207652 | 211236 | Tag |20 fc 70 | ok |
218902 | 223670 | Rdr |e0 80 31 73 | ok | RATS - FSDI=8, CID=0
224842 | 234122 | Tag |06 77 77 71 02 80 be 6a | ok |
246730 | 264106 | Rdr |02 00 a4 04 00 07 d2 76 00 00 85 01 01 a6 09 | ok |
265342 | 271166 | Tag |02 90 00 f1 09 | |
278474 | 290090 | Rdr |03 00 a4 00 0c 02 e1 03 d2 af | ok |
291326 | 297150 | Tag |03 90 00 2d 53 | |
304458 | 313770 | Rdr |02 00 b0 00 00 0f 8e a6 | ok |
315006 | 338174 | Tag |02 00 1d 20 01 00 00 ff 04 06 e1 04 03 00 00 00 90 00 | |
| | |a9 9e | ok |
345416 | 354728 | Rdr |03 00 b0 00 0f 0e e4 30 | ok |
355964 | 377916 | Tag |03 05 06 e1 05 00 80 82 83 0f 04 57 03 03 90 90 00 24 | |
| | |36 | ok |
385174 | 388726 | Rdr |c2 e0 b4 | ok |
390986 | 395722 | Tag |ca e0 74 ce What am I doing wrong?
@ihrapsa I have no idea, I couldn’t make it work as well. I hope someone can take it from here since I am kinda busy with getting a job 😅
Description of the feature you're suggesting.
Very low priority, but I was thinking it would be fun to have an NFC menu item for emulation an Apple magsafe device like a phone case or wallet. Or maybe also a format so one could scan existing, save, emulate, etc. Lots of options, very minor benefit. The magsafe devices appear as a type 4 tag with an NDEF record, the CC file contains bytes that indicate the specific color, device type (wallet/case), etc. They use an unusual anti-collision, in theory to prevent overlap with regular 14a NFC. Proxmark has lots of the anti-col details (https://github.com/RfidResearchGroup/proxmark3/blob/97e394c58a649d5f74d101202a76214e5e70d596/include/protocols.h#L163), and iceman rfid discord has some example CC in the back history.
Anything else?
No response