Last bit omitted in rawdemod

[ViRb3]

trafficstars

Following @doegox's commands for manually reading a hitag2 UID:

lf cmdread d 50 z 166 o 116 c 000111
data ltrim 200
data norm
data rawdemod am
data printdemodbuffer o 5 x

Using the hitag2 module:

lf hitag read 26
// or
lf hitag info
// or
if hitag read 21 ... (makes dump)

Will result in the same UID, however, the last bit is 0 using the manual read, while it is a 1 using the hitag2 module. I tested this on two different cards, however, I cannot verify which one is the true UID. I suspect the rawdemod is at fault since the hitag2 module data has worked for me so far.

Potentially related:

• f1a0e57f65fc4715af15c7757d8a26b5df2ebcd
• https://github.com/RfidResearchGroup/proxmark3/issues/124#issuecomment-472800131

[doegox]

Good catch, you're right. I tried on a car key to get another ID and by chance its last bit is a 1. My manual steps return an ID=xxxx4D6A but another reader (ACG-LF) returns xxxx4D6B. Here we see the Manchester decoder stopped before the last weaker "1"(HL) bit: (note that lf hitag read 26 could not see my key)

[iceman1001]

there are most certain same issues with NR demod ..

[iceman1001]

@ViRb3 Some news?

[ViRb3]

I'm afraid I'm not competent enough to fix this, at least not without some research that I can't do right now. I was hoping @doegox has a better clue at what's wrong

[doegox]

😙

[iceman1001]

@doegox what is your output from car key and hitag today?

[doegox]

Manual decoding gets still last bit wrong, but lf hitag reader works fine

[usb] pm3 --> lf cmdread d 50 z 166 o 116 c 000111
[+] Sending command...
[#] Done, saved 42216 out of 0 seen samples at 8 bits/sample

[+] downloading response signal data
[usb] pm3 --> data ltrim 200
[usb] pm3 --> data norm
[usb] pm3 --> data rawdemod am
11111011100110111101001001101011
0101.0
[usb] pm3 --> data printdemodbuffer o 5 x
[+] DemodBuffer: xxxx4D6A[3]

[usb] pm3 --> lf hitag read 26
[+]  UID: xxxx4d6b