ChameleonMini
ChameleonMini copied to clipboard
emsec
DESFire testing equipment for development (input needed)
Hello all. I mentioned in #302 that I have received funding from GT to work more on the DESFire emulation support this spring. I am looking to purchase more hardware (readers, proxmark, etc.) to help with testing and development. I already have a ACR-122 reader that I know works with my Mac. Can you all please suggest additional good hardware to enumerate and collect for my work on this project? I want the end result to be as seamlessly debugged and feature full as possible. It's also important to note that I am on a budget, so suggestions towards working within that (i.e., hardware that gets the "best bang for the buck") are appreciated here as well.
For me the 14443 part is the more difficult part. Debugging will require a chameleon or PC532 , or proxmark ..
Personally I use omnikey 5022CL, 5127CK. They are handling the 14443A automatically, but so is your ACR-122. I also ordered a TWN4 reader from elatec. The latter contains a SDK with a higher C Api ( which is free) . The 14443A is handled in background, so we can concentrate on the Desfire EV1 itself Also nice is the free “NXP TagInfo” App on Android. It gives a quick overview of the Desfire EV1 Card, conform the NXP standards.
I wrote the client side, using PC/SC, in a badge rollout application. some apps on the card containing encrypted files, some public apps and one NFC app. The apps use AES, the PICC uses 2KDes for authentication.
It would be nice to use the Chameleon as a real card..
From: Maxie D. Schmidt @.> Sent: zondag 19 december 2021 22:39 To: emsec/ChameleonMini @.> Cc: Subscribed @.***> Subject: [emsec/ChameleonMini] DESFire testing equipment for development (input needed) (Issue #310)
Hello all. I mentioned in #302https://github.com/emsec/ChameleonMini/issues/302 that I have received funding from GT to work more on the DESFire emulation support this spring. I am looking to purchase more hardware (readers, proxmark, etc.) to help with testing and development. I already have a ACR-122 reader that I know works with my Mac. Can you all please suggest additional good hardware to enumerate and collect for my work on this project? I want the end result to be as seamlessly debugged and feature full as possible. It's also important to note that I am on a budget, so suggestions towards working within that (i.e., hardware that gets the "best bang for the buck") are appreciated here as well.
— Reply to this email directly, view it on GitHubhttps://github.com/emsec/ChameleonMini/issues/310, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAXQJ7SFRLGOANWD3ZCPS33URZGIFANCNFSM5KMKMKTQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you are subscribed to this thread.Message ID: @.@.>>
@ lvandenb Thanks for the helpful suggestions. I am going to order a PM3, the Omnikey 5022CL, and most likely a TWN4 to do testing. When it all arrives, I should be able to give better responses on the Omnikey reader problems you had in #302 as I will be able to debug locally.
I just wanted to mention that I might have less time for this project in the Spring than anticipated. I am planning to graduate and defend this Spring (or possibly worst case in the Summer). My GT math advisor issued me a "Get thy thesis to me [NOW!]" mandate this week when I asked him to fund the hardware for the DESFire project. That's my top priority. Nonetheless, I am supposed to be working around 8 hours a week on DESFire (on paper)...
@Ivandenb I am looking at ordering this version of the Elastec device. It is listed as operating at 125KHz. Is the Chameleon actually capable of transmitting over that frequency?
@Ivandenb I am looking at ordering this version of the Elastec device. It is listed as operating at 125KHz. Is the Chameleon actually capable of transmitting over that frequency?
No the chameleon is only HF (13.56 MHz)
there is a slightly more expensive version, doing 13MHz mifare and desfire. also having 2 sam slots. The one you show is the stripped down version. I ll get mine at beginning jan 22. I ll let you know the Desfire ev1 test results. (client side to real nxp desfire ev1)
From: E.Nigma @.***> Sent: Thursday, December 23, 2021 12:53:28 PM To: emsec/ChameleonMini Cc: Vandenbroucke Luc; Comment Subject: Re: [emsec/ChameleonMini] DESFire testing equipment for development (input needed) (Issue #310)
@Ivandenb I am looking at ordering this version of the Elastec devicehttps://www.tme.com/us/en-us/details/t4bt-fb2bel4/rfid-modules-and-readers/elatec/twn4-multitech-2-lf-125khz/?brutto=1¤cy=USD. It is listed as operating at 125KHz. Is the Chameleon actually capable of transmitting over that frequency?
No the chameleon is only HF (13.56 MHz)
— Reply to this email directly, view it on GitHubhttps://github.com/emsec/ChameleonMini/issues/310#issuecomment-1000252679, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAXQJ7WBQJ2KVTZUE5VSFSLUSMETRANCNFSM5KMKMKTQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you commented.Message ID: @.***>
Ik guess the crc is missing in the SAK. The omnikey reader is strict..
Met vriendelijke groeten, Luc Vandenbroucke
From: Maxie D. Schmidt @.> Sent: Wednesday, December 22, 2021 7:09:31 PM To: emsec/ChameleonMini @.> Cc: lvandenb @.>; Comment @.> Subject: Re: [emsec/ChameleonMini] DESFire testing equipment for development (input needed) (Issue #310)
@ lvandenb Thanks for the helpful suggestions. I am going to order a PM3, the Omnikey 5022CL, and most likely a TWN4 to do testing. When it all arrives, I should be able to give better responses on the Omnikey reader problems you had in #302https://github.com/emsec/ChameleonMini/issues/302 as I will be able to debug locally.
I just wanted to mention that I might have less time for this project in the Spring than anticipated. I am planning to graduate and defend this Spring (or possibly worst case in the Summer). My GT math advisor issued me a "Get thy thesis to me [NOW!]" mandate this week when I asked him to fund the hardware for the DESFire project. That's my top priority. Nonetheless, I am supposed to be working around 8 hours a week on DESFire (on paper)...
— Reply to this email directly, view it on GitHubhttps://github.com/emsec/ChameleonMini/issues/310#issuecomment-999770326, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAXQJ7TZSTCV7EW5HUW6ZR3USIH5XANCNFSM5KMKMKTQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you commented.Message ID: @.***>
It is the slightly more expensive version. With 13.xxMhz and 2 Sam slots The SDK is easily requested from elatec. I' ll let you know feedback of our Desfire ev1 testing in januari
Met vriendelijke groeten, Luc Vandenbroucke
From: Maxie D. Schmidt @.> Sent: Thursday, December 23, 2021 12:34:03 PM To: emsec/ChameleonMini @.> Cc: lvandenb @.>; Comment @.> Subject: Re: [emsec/ChameleonMini] DESFire testing equipment for development (input needed) (Issue #310)
@Ivandenb I am looking at ordering this version of the Elastec devicehttps://www.tme.com/us/en-us/details/t4bt-fb2bel4/rfid-modules-and-readers/elatec/twn4-multitech-2-lf-125khz/?brutto=1¤cy=USD. It is listed as operating at 125KHz. Is the Chameleon actually capable of transmitting over that frequency?
— Reply to this email directly, view it on GitHubhttps://github.com/emsec/ChameleonMini/issues/310#issuecomment-1000242731, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAXQJ7U4QYWNKAEEAG4PRBTUSMCKXANCNFSM5KMKMKTQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you commented.Message ID: @.***>
I think we can safely close this issue now. Thanks for the helpful suggestions. The equipment I purchased helped in making a (to be filed sometime soon) pull request to resolve #302 and #313. 😸
I just tested the TWN4 multitech (HF+LF). for the reader side
It is a nice platform for developing ( also with gcc compiler), and there ( free SDK) is a director app, to test most RFID card functions. ( and SAM AV or other 7816 contact) Like scriptor ' advanced', allowing desfire (and other technology) authentication, encrypted or cmac'ed files, ...
I was implementing the SAM AV with Desfire, these needed custom developement using 14443-4 commands for contact and 7816 for contact card ( SAM). So this finally works. (The tested badges had dual technology, so I also get the LF and HF Serial number in one job.) There is also an api-call voor 14443 anticollision : get all UID, select one UID...
The TWN4 readers works as USB CDC ( serial com port simulation), USB HID keyboard , USB CCID (pc/sc), Just choose the appropriate firmware, and add your source code (or use the quick config for stanard tasks.)
The standard test and flash tools are windows based. (even if the compiler is gcc) but after flashing, the commands can be send from any system, using usb serial.
I am trying to acquire a Proxmark3 RDV4 device here. Which of the optional add-ons will I need for Chameleon DESFire testing? Both antennas, or just one?
You won't need any additional antennas. The device is already compatible with 13.56MHz.
