Simulate and Sniff Legic Prime

dutzen · 2015-08-11 18:41:57

Hi Everyone,
we have to investigate our university system, which used the Legic Prime chip and is now changing to legic advant. So for our seminar we have to attack the old system which we succeed by writing valid values to the card. The next step would be to emulate "own" cards with the proxmark3 and it would be nice to sniff to the traces.

So first: Emulating: Proxmark has already a function: "hf legic sim" [phase drift [frame drift [req/resp drift]]] Start tag simulator (use after load or read)

Which we used after reading a valid card but it didn't worked. Maybe someone can help us with that.

Second: Sniff traffic: We'd like to sniff the traffic between card and reader. But proxmark has no function to sniff legic traffic. We can only sniff 14a traffic without annotations but that didn't worked neither. I hope someone can help us with that, cause deadline is september

Best regards Dominik

iceman · 2015-08-11 18:54:04

Sadly enough, I don't have access to a legic/legic advant. If I have that, I might be able to help out.

dutzen · 2015-08-17 00:45:03

That is sad
But maybe you have already done something with the proxmark and a legic card in the past?
If you cant help us specificly maybe some hints or tricks?

iceman · 2015-08-17 09:46:26

Sorry, I havn't. Good luck with your thesis.

siffon · 2015-08-25 01:46:27

i had some success with legic prime reader. but simulating the card didnt succed. maybe bad timing... if you have 2 dumps from the original card while you change the writable segment values you can alter the bytes or hex values on the card with the write command successful. but simulating is still an issue.

this goes well for prime cards, the advant card i tested wasnt even recognised. not even with my selfbuild antennas.

if anyone wants to help please update the code to dump the card into a hexfile and not as ascii when using decode, which could then be analysed by normal hexdump toolset.

btw i have a valid prime dump but been aware of publishing it. pm me if you need it.

mosci · 2016-01-20 11:42:17

I can ( at least) provide some decoded tag-data ('hf legic decode' output) or samples
if that helps anyone

mosci · 2016-01-20 11:50:59

^^ legic prime - not legic advant

iceman · 2016-01-20 11:54:16

Sure, that data is always good to have.

The legic sourcecode has some issues with overflows, so remake and testing would be nice.

mosci · 2016-01-20 11:59:49

unfortunately I can not finf the possibility to PM you

iceman · 2016-01-20 12:04:16

you find my email all over this forum.

mosci · 2016-01-20 13:39:05

ok, I have used you github-email

Proxmark developers community

#1 2015-08-11 18:41:57

Simulate and Sniff Legic Prime

#2 2015-08-11 18:54:04

Re: Simulate and Sniff Legic Prime

#3 2015-08-17 00:45:03

Re: Simulate and Sniff Legic Prime

#4 2015-08-17 09:46:26

Re: Simulate and Sniff Legic Prime

#5 2015-08-25 01:46:27

Re: Simulate and Sniff Legic Prime

#6 2016-01-20 11:42:17

Re: Simulate and Sniff Legic Prime

#7 2016-01-20 11:50:59

Re: Simulate and Sniff Legic Prime

#8 2016-01-20 11:54:16

Re: Simulate and Sniff Legic Prime

#9 2016-01-20 11:59:49

Re: Simulate and Sniff Legic Prime

#10 2016-01-20 12:04:16

Re: Simulate and Sniff Legic Prime

#11 2016-01-20 13:39:05

Re: Simulate and Sniff Legic Prime

Board footer