proxmark3
proxmark3 copied to clipboard
RfidResearchGroup
Hitag2 simu
Description
After to have started the hitag2 simulation through the following command lf hitag sim 2 j car.json, I can see the configured EEPROM displayed on the console and simulation is well started. However, impossible to decode correctly the signal in order to be able to detect/see the START_AUTH command despite the fact that I can see the signal with the commands: data plot and lf sniff -s 3000 -@ in oscilloscope mode.
There may be some adjustments to be made. Any idea ?
[+] loaded from JSON file car.json
[#] Starting Hitag2 simulation
[#] Loading hitag2 memory...
[#] | 0 | a9323533 |
[#] | 1 | 301823bd |
[#] | 2 | 2acc5821 |
[#] | 3 | 0ec91792 |
[#] | 4 | 00000000 |
[#] | 5 | 00000000 |
[#] | 6 | 00000000 |
[#] | 7 | 00000000 |
[#] | 8 | f3e2bdc7 |
[#] | 9 | 000009c2 |
[#] | 10 | 10640206 |
[#] | 11 | ba817571 |
[#] Detected unexpected number of manchester decoded samples [2]
[#] Detected unexpected number of manchester decoded samples [2]
[#] Detected unexpected period count: 123
[#] Detected incorrect header, the bit [0] is zero instead of one
[#] Detected incorrect header, the bit [2] is zero instead of one
[#] Detected incorrect header, the bit [4] is zero instead of one
[#] Reader password is wrong
[#] Detected unexpected number of manchester decoded samples [2]
[#] Detected unexpected number of manchester decoded samples [2]
[#] Detected unexpected number of manchester decoded samples [2]
[#] Detected incorrect header, the bit [1] is zero instead of one
[#] Detected incorrect header, the bit [3] is zero instead of one
[#] Reader password is wrong
[+] loaded from JSON file /home/seb/.proxmark3/preferences.json
[=] Using UART port /dev/ttyACM2
[=] Communicating with PM3 over USB-CDC
██████╗ ███╗ ███╗█████╗
██╔══██╗████╗ ████║╚═══██╗
██████╔╝██╔████╔██║ ████╔╝
██╔═══╝ ██║╚██╔╝██║ ╚══██╗
██║ ██║ ╚═╝ ██║█████╔╝ Iceman ☕
╚═╝ ╚═╝ ╚═╝╚════╝ ❄️ bleeding edge
https://github.com/rfidresearchgroup/proxmark3/
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman/master/v4.9237-3423-g924a8163d 2021-04-02 17:54:45
compiled with GCC 9.3.0 OS:Linux ARCH:x86_64
[ PROXMARK3 ]
device.................... RDV4
firmware.................. RDV4
external flash............ present
smartcard reader.......... present
FPC USART for BT add-on... absent
[ ARM ]
bootrom: RRG/Iceman/master/v4.9237-3423-g924a8163d 2021-04-02 17:55:12
os: RRG/Iceman/master/v4.9237-3423-g924a8163d 2021-04-02 17:55:27
compiled with GCC 9.2.1 20191025 (release) [ARM/arm-9-branch revision 277599]
[ FPGA ]
LF image built for 2s30vq100 on 2020-07-08 at 23: 8: 7
HF image built for 2s30vq100 on 2020-07-08 at 23: 8:19
HF FeliCa image built for 2s30vq100 on 2020-07-08 at 23: 8:30
[ Hardware ]
--= uC: AT91SAM7S512 Rev A
--= Embedded Processor: ARM7TDMI
--= Internal SRAM size: 64K bytes
--= Architecture identifier: AT91SAM7Sxx Series
--= Embedded flash memory 512K bytes ( 59% used )
Expected behavior
Be able to emulate a hitag2 tag in order to replace the hitag2 keyfob.
#124 #240 #878 #889 #551 #764
The lf hitag commands needs more love. I am currently looking into the lf hitag sniff
If you go back to an older version of the repo like two years, or rather before I did some refactoring of the hitag2 stuff you find simulation working.
HITAG in general seems to be a mistery :) Quite hard to start playing with it without at least some basic tools...
#124 #240 #878 #889 #551 #764
The
lf hitagcommands needs more love. I am currently looking into thelf hitag sniffIf you go back to an older version of the repo like two years, or rather before I did some refactoring of the hitag2 stuff you find simulation working.
I have been looking the versions around April 2019 but it is no clear to me identify a working version of lf hitag sim. @iceman1001 Could you tell me a working commit of tag sim?
I have no clue, try git bisect, from 2018 to 2020 in order to find a working hitag sim.