flipperzero-firmware
flipperzero-firmware copied to clipboard
flipperdevices
EM4100 RFID issue: Emulation does not work
Describe the bug.
Hello, I've had 3 different EM4100 tags that I could copy without any issues, but when emulating the tag, the reader doesn't detect anything.
I've been told on discord that a reboot might help, but it didn't. What other info can I give?
Reproduction
- Read EM4100 tag
- Emulate EM4100 tag
- Try to open the door with flipper
- Notice it doesn't work.
Target
No response
Logs
No response
Anything else?
No response
I don't have first hand experience, but I've seen at least 3 other people with the same problem
I haven't been able to replicate this issue.
https://drive.google.com/file/d/1fyJLHXRghv-VP-zwfWvneXZ-uCqj5pWQ/view?usp=drivesdk
As I asked in the reddit thread, can you please attach a video of you trying to emulate the card? This sounds like you may be doing something wrong.
Hi, here is a video of the flipper not being able to emulate the RFID tag. https://drive.google.com/file/d/1clRwR54LT4bUGVUxHWEE8aykKtJO0XuV/view?usp=sharing
I will also check with a 2nd flipper as you did above, but that is a totally different case.
I can successfully use the EM4100 emulation on this product: https://www.surepetcare.com/en-gb/pet-doors/microchip-cat-flap-connect
I'm using the dev branch
Although I must say that the detection loop is around the entire door. and probably very strong since the small pet chip implants need to be detected.
Filmed the process as requested: link to onedrivre I've tried rebooting the device + trying the dev version. Same result.
A small update:
I've got my hands on another Flipper and was able to read from the flipper. (One emulates, the other reads) This works. I've tested emulation with beta firmware as well (just in case) and I could still reproduce the issue.
The manufacturer in my case is electra.ro https://electra.ro/ro/produse/videointerfoane-si-interfoane/gama-pass-digital/p4s-a91i
Hello, my issue is pretty straightforward : Emulation of my tag works for the front door of the building, mailbox and other doors it is supposed to open (systematically): https://user-images.githubusercontent.com/61516945/182038788-6b4f807d-abf3-420f-8743-67f710db17f9.mp4
and doesn't work for the door of my own appartment(systematically): https://user-images.githubusercontent.com/61516945/182038791-9f130302-9a54-4a26-adee-ca7a54a4d012.mp4
The same key is supposed to open both. I also tried removing the silicon case.
OK, this may be some kind of emulator protection method, or a hardware problem with concrete reader. I will return to this topic when I finish rewriting LF-RFID core.
Another update: I've tested another tag, on another reader of different make and it works without issues. I do think it might be a security thing then on the electra one.
Hey guys, I had also troubles emulating the tag on an electra reader.
The manufacturer in my case is electra.ro https://electra.ro/ro/produse/videointerfoane-si-interfoane/gama-pass-digital/p4s-a91i
Not sure if it's the exact same model as in this link, but it looks very similar to mine.
I also captured the RAW RFID data. Hope it helps.
@skotopes I just tested on Dev build d1c79a83. I also tested on the stable release 0.66.1. Door still won't open. I have reread the rfid just in case for this test, have not used the saved one (though I did try that as well)
https://drive.google.com/file/d/1l_reeBhEbq9uMtiGM9a-h2UJR6l6ayJF/view?usp=sharing
I had also the same problem with the latest rc today. But with a different reader this time (Flipper identified it as an EM4100 tag as well). Will try tomorrow again with the stable release.
Maybe also worth mentioning, my office has 2 doors, which you can open with the same key. It's a coworking space. The first door is "shared", but the second one can only be opened with my key. I can open the first door (and any "shared" reader in the office) with the Flipper, but the second reader is just refusing to accept the emulated key with the flipper.
OK, it's time to return to this topic. I will try to reset the protocol encoder if field is gone for ?? (10?) clocks. Also, it will help if someone points out the problematic reader model.
Still doesn't work. I saw new data with the last update though. Picture:
EDIT: Oh, interesting. The key fob works on 2 frequencies. The RFID is for the main (shared) entrance, and then it also has NFC, which opens the second door. The NFC is a Mifare classic, which I was able to read and emulate.
Sorry, but this reader is then unrelated to the described issue!
Also, it will help if someone points out the problematic reader model.
At this moment I encountered 2 different readers in 2 different countries that share the described problem. I found the manufacturer for one of them: official page, datasheet
@DrZlo13 The reader described in this bug is an Electra, as can be found in the link above. What other information would you require?
Got the same issue with a different brand of reader. In my case, I even tried proxmark3 cloning to a blank key (besides flipper emulation) and the reader didn't detect. Read somewhere that some readers will try to detect if the key is writable and deny access.
I can confirm the electra keyfob (https://electra.ro/ro/produse/videointerfoane-si-interfoane/gama-touch-line/rezidential/terminale-1/tag-elt-000) issue. Same here using the latest firmware. Altough not the same reader. The builsing has https://electra.ro/ro/produse/videointerfoane-si-interfoane/gama-touch-line/rezidential/terminale-1/vpm-bsr02-elb this reader.
I have a "mizip" key for a coffee machine. When I try to read it, this is what I get.
I don't know if this information is correct or not. Perhaps the key does not have its own id. And inside the key there is other information. After all, this key has a balance that is displayed when taking coffee.
Any update on the Electra readers? Could try sniffing with a proxmark3 if that provides any useful info
After a bit more digging I found some stuff. First, electra.ro is associated with electra-automation.at and they developed their own rfid solution "for maximum security". And according to this thread, this should be the datasheet for the readers.
just compiled some info I could find online, didn't have more time to look into it yet
@DrZlo13 hey there, it seems like a working PoC is already there https://forum.flipperzero.one/t/electra-intercom/6368/65 however it would probably be better to add another protocol to the list. If you could point to some contribution guide for such issues, I could probably open some kind of a PR, however my C skills are really rusty...
@DrZlo13 any chance we could see this in the firmware any time soon? Feels like the issue is somewhat researched and the solution is a couple of steps away for experienced contributors. :pray:
@R1DEN more like everyone is busy with other tasks. We'll come back eventually to this one.
@skotopes thank you for the reply. Just hoping it will be sooner rather than later as this will really help for Romanian and Moldovan users, we have these intercoms almost everywhere in new apartment blocks.
@gherman22 only with that "hacky" way from one of my above posts. Hope a proper way will be incorporated in the firmware some day...
Thank you for your answer, i tried to fallow the steps but i got lost. Mabe we will have a easier way or a video with the steps.