Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-09-19 12:14:23

Illdoittomorrow
Contributor
Registered: 2017-08-29
Posts: 2

FDX-B ISO 11784 11785 cloning issue

Hello Guys!
After many attempts to clone my cats microchips using  'lf fdx clone' command on the t5577 tag card without success, I finally succeded.
This is my system:
=========================================
Proxmark3 RFID instrument

[ ARM ]
bootrom: master/v3.0.1-67-gd0067d0-suspect 2017-08-18 09:42:52
      os: iceman/master/v1.1.0-2261-gf96afe0c 2017-09-17 19:31:09
[ FPGA ]
LF image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF image built for 2s30vq100 on 2017/05/17 at 17:48:26

[ Hardware ]
  --= uC: AT91SAM7S512 Rev A
  --= Embedded Processor: ARM7TDMI
  --= Nonvolatile Program Memory Size: 512K bytes, Used: 216491 bytes (41%) Free: 307797 bytes (59%)
  --= Second Nonvolatile Program Memory Size: None
  --= Internal SRAM Size: 64K bytes
  --= Architecture Identifier: AT91SAM7Sxx Series
  --= Nonvolatile Program Memory Type: Embedded Flash Memory

============================================

According to the FDX-B Telegram layout:

    11 Startbits 00000000001,
    38 ID bits
    10 Country code according to ISO 3166,
    1 Extra application bits,
    14 Reserved bits,
    1 Animal bit,
    16 CCITT CRC over the previous bits
    24 Application bits

The problem was because 'lf fdx clone' command writes correctly the country/manufacturer+animal ID upon the tag but sets '1' in the 'Extra application bits' bit (generally set to '0' in common animal microchips because after CCITT CRC there are no significant data) while indeed sets '0' in the Animal bit (always set to '1' in common microchips).
Obviously changing the two bits comport the need to recalculate CCITT CRC bytes, so I had to change page 0 blocks 3 and 4 on atmel t5577 while all other blocks written by 'lf fdx clone' could remain the same.
is this a bug or not? If not I think it would be very useful to add an option to set '1' to the animal bit when using the clone command.

Thanks for your answer.
Antonio

Offline

Board footer

Powered by FluxBB