Saturday, January 2, 2010

Annotating a Proxmark 3 mifare classic trace

Proxmark 3s hi14areader command seems to initialise a card and send a request for block 0 using key A. It does this repeatedly a few times. I've annotated a trace from a mifare classic card.

 +      0:    :     52                                    # No idea, part of anti-collision from Koning thesis...
+ 68: 0: TAG 04 00 # No idea, part of anti-collision from Koning thesis...
+ -68: : 93 20 # Card UID request (READER)
+ 136: 0: TAG eb 5c 96 69 48 # Card UID
+ -136: : 93 70 eb 5c 96 69 48 15 d4 # 93 70 followed by UID, followed by 2 CRC bytes (READER)
+ 212: 0: TAG 08 b6 dd # No idea, part of anti-collision from Koning thesis...
+ -212: : 60 00 f5 7b # Authentication request. 60 means auth with key A. (61 means key B). Use block 00. Last 2 bytes CRC (READER)
+ 337: 0: TAG a0 f4 b9 78 # No idea * mifarecrack tries to parse data from here 1
+ -337: : 52 # No idea - All starts again! * mifarecrack tries to parse data from here 2
+ 0: : 52 # No idea * mifarecrack tries to parse data from here 3
+ 405: 0: TAG 04 00 # No idea
+ -405: : 93 20 # Card UID request (READER)
+ 481: 0: TAG eb 5c 96 69 48 # Card ID
+ -481: : 93 70 eb 5c 96 69 48 15 d4 # Reader sends UID again

No comments: