We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug It looks like Hitag2 simulation doesnt use eload data loaded from file.
eload
To Reproduce Steps to reproduce the behavior:
[usb] pm3 --> lf hitag dump --pwd [=] Authenticating to Hitag 2 in Password mode [=] --- Tag Information --------------------------- [+] UID...... E104C11A [+] TYPE..... PCF 7936 [+] Config... 0x06 [+] 00000110 [+] 0000 ... - RFU [+] ....0 .. - Password mode [+] .....11 - Hitag 2 [+] .......0 - Manchester [=] [=] ---------------------------------------------- [=] # | data | ascii | lck | Info [=] --------+-------------+-------+-----+--------- [=] 0/0x00 | E1 04 C1 1A | ?.?. | L | UID [=] 1/0x01 | 4D 49 4B 52 | MIKR | RW | Pwd [=] 2/0x02 | 00 00 4F 4E | ..ON | RW | Key/Pwd [=] 3/0x03 | 06 AA 48 54 | .?HT | RW | Config [=] 4/0x04 | 00 00 00 00 | .... | RW | User [=] 5/0x05 | 00 00 00 00 | .... | RW | User [=] 6/0x06 | AA AA AA AA | ???? | RW | User [=] 7/0x07 | FF FF FF FF | .... | RW | User [=] --------+-------------+-------+-----+--------- [=] L = Locked, RW = Read Write, R = Read Only [=] FI = Fixed / Irreversible [=] ---------------------------------------------- [+] Saved 32 bytes to binary file `/data/lf-hitag-E104C11A-dump.bin` [+] Saved to json file `/data/lf-hitag-E104C11A-dump.json`
[usb] pm3 --> lf hitag eload -2 -f /data/lf-hitag-E104C11A-dump.bin [+] Loaded 32 bytes from binary file `/data/lf-hitag-E104C11A-dump.bin`
[usb] pm3 --> lf hitag eview [=] Downloading 32 bytes from emulator memory... [=] [=] ---------------------------------------------- [=] # | data | ascii | lck | Info [=] --------+-------------+-------+-----+--------- [=] 0/0x00 | E1 04 C1 1A | ?.?. | L | UID [=] 1/0x01 | 4D 49 4B 52 | MIKR | RW | Pwd [=] 2/0x02 | 00 00 4F 4E | ..ON | RW | Key/Pwd [=] 3/0x03 | 06 AA 48 54 | .?HT | RW | Config [=] 4/0x04 | 00 00 00 00 | .... | RW | User [=] 5/0x05 | 00 00 00 00 | .... | RW | User [=] 6/0x06 | AA AA AA AA | ???? | RW | User [=] 7/0x07 | FF FF FF FF | .... | RW | User [=] --------+-------------+-------+-----+--------- [=] L = Locked, RW = Read Write, R = Read Only [=] FI = Fixed / Irreversible [=] ----------------------------------------------
[usb] pm3 --> lf hitag sim -2 [#] Starting Hitag 2 simulation [#] | 0 | 024e0220 | [#] | 1 | 4d494b52 | [#] | 2 | 20f04f4e | [#] | 3 | 06aa4854 | [#] | 4 | 465f4f4b | [#] | 5 | 55555555 | [#] | 6 | aaaaaaaa | [#] | 7 | 55555555 | [#] | 8 | 00000000 | [#] | 9 | 00000000 | [#] | 10 | 00000000 | [#] | 11 | 00000000 | [#] Sim stopped
Expected behavior Something like that:
[usb] pm3 --> lf hitag sim -2 [#] Starting Hitag 2 simulation [#] | 0 | e104c11a| [#] | 1 | 4d494b52 | [#] | 2 | 00004f4e | [#] | 3 | 06aa4854 | [#] | 4 | 00000000 | [#] | 5 | 00000000 | [#] | 6 | aaaaaaaa | [#] | 7 | ffffffff | [#] | 8 | 00000000 | [#] | 9 | 00000000 | [#] | 10 | 00000000 | [#] | 11 | 00000000 | [#] Sim stopped
Desktop (please complete the following information):
[usb] pm3 --> hw version [ Proxmark3 RFID instrument ] [ Client ] Iceman/master/v4.19552-153-g17338e2a5-suspect 2025-01-03 01:40:57 35ec80281 compiled with............. Clang/LLVM Apple LLVM 15.0.0 (clang-1500.1.0.2.5) platform.................. OSX / aarch64 Readline support.......... present QT GUI support............ present native BT support......... absent Python script support..... present ( 3.13.1 ) Python SWIG support....... present Lua script support........ present ( 5.4.7 ) Lua SWIG support.......... present [ Proxmark3 ] firmware.................. PM3 GENERIC [ ARM ] bootrom: Iceman/master/v4.19552-153-g17338e2a5-suspect 2025-01-03 01:40:54 35ec80281 os: Iceman/master/v4.19552-153-g17338e2a5-suspect 2025-01-03 01:40:57 35ec80281 compiled with GCC 13.3.1 20240614 [ FPGA ] fpga_pm3_hf.ncd image 2s30vq100 2024-02-03 15:12:20 fpga_pm3_lf.ncd image 2s30vq100 2024-02-03 15:12:10 fpga_pm3_felica.ncd image 2s30vq100 2024-02-03 15:12:41 fpga_pm3_hf_15.ncd image 2s30vq100 2024-02-03 15:12:31 [ Hardware ] --= uC: AT91SAM7S512 Rev B --= Embedded Processor: ARM7TDMI --= Internal SRAM size: 64K bytes --= Architecture identifier: AT91SAM7Sxx Series --= Embedded flash memory 512K bytes ( 65% used )
[usb] pm3 --> hw status [#] Memory [#] BigBuf_size............. 41332 [#] Available memory........ 41332 [#] Tracing [#] tracing ................ 1 [#] traceLen ............... 13 [#] Current FPGA image [#] mode.................... fpga_pm3_lf.ncd image 2s30vq100 2024-02-03 15:12:10 [#] LF Sampling config [#] [q] divisor............. 95 ( 125.00 kHz ) [#] [b] bits per sample..... 8 [#] [d] decimation.......... 1 [#] [a] averaging........... no [#] [t] trigger threshold... 0 [#] [s] samples to skip..... 0 [#] [#] LF T55XX config [#] [r] [a] [b] [c] [d] [e] [f] [g] [#] mode |start|write|write|write| read|write|write [#] | gap | gap | 0 | 1 | gap | 2 | 3 [#] ---------------------------+-----+-----+-----+-----+-----+-----+------ [#] fixed bit length (default) | 31 | 20 | 18 | 50 | 15 | n/a | n/a | [#] long leading reference | 31 | 20 | 18 | 50 | 15 | n/a | n/a | [#] leading zero | 31 | 20 | 18 | 40 | 15 | n/a | n/a | [#] 1 of 4 coding reference | 31 | 20 | 18 | 34 | 15 | 50 | 66 | [#] [#] HF 14a config [#] [a] Anticol override.... std ( follow standard ) [#] [b] BCC override........ std ( follow standard ) [#] [2] CL2 override........ std ( follow standard ) [#] [3] CL3 override........ std ( follow standard ) [#] [r] RATS override....... std ( follow standard ) [#] Transfer Speed [#] Sending packets to client... [#] Time elapsed................... 500ms [#] Bytes transferred.............. 353792 [#] Transfer Speed PM3 -> Client... 707584 bytes/s [#] Various [#] Max stack usage......... 3584 / 8480 bytes [#] Debug log level......... 1 ( error ) [#] ToSendMax............... -1 [#] ToSend BUFFERSIZE....... 2308 [#] Slow clock.............. 31457 Hz [#] Installed StandAlone Mode [#] LF HID26 standalone - aka SamyRun (Samy Kamkar) [#]
[usb] pm3 --> hw tune [=] -------- Reminder ---------------------------- [=] `hw tune` doesn't actively tune your antennas. [=] It's only informative. [=] Measuring antenna characteristics... 🕛 9 [=] -------- LF Antenna ---------- [+] 125.00 kHz ........... 21.34 V [+] 134.83 kHz ........... 21.26 V [+] 129.03 kHz optimal.... 23.98 V [+] [+] Approx. Q factor measurement [+] Frequency bandwidth... 6.7 [+] Peak voltage.......... 7.0 [+] LF antenna............ ok [=] -------- HF Antenna ---------- [+] 13.56 MHz............. 30.47 V [+] [+] Approx. Q factor measurement [+] Peak voltage.......... 8.9 [+] HF antenna ( ok ) [=] -------- LF tuning graph ------------ [+] Orange line - divisor 95 / 125.00 kHz [+] Blue line - divisor 88 / 134.83 kHz [=] Q factor must be measured without tag on the antenna
Additional context It is the same behavior regardless of the tag operating mode (pwd/crypto)
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Describe the bug
It looks like Hitag2 simulation doesnt use
eloaddata loaded from file.To Reproduce
Steps to reproduce the behavior:
Expected behavior
Something like that:
Desktop (please complete the following information):
Additional context
It is the same behavior regardless of the tag operating mode (pwd/crypto)
The text was updated successfully, but these errors were encountered: