Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#201 2014-02-18 19:59:47
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
Ouch. Good news, pity you had so much trouble. Is this with 47pf capacitor?
yes, it is.
i will work to change them all on remaining cards.
Offline
#202 2014-02-18 20:03:33
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
Great ! Now it works !! It was "only" a firmware problem !!!
Try with an ISO15693 card, it should works too ! (but it should works also with the latest revision if it was an ISO14443-only problem)... any suggestion about this ?
i understand that you can use the latest FW version but why it happen in my case?
on the second board i first tried to read a mifare 1k, without success, then i flashed the older FW, then i tried again with the same tag and the board started to work. it is not a coincidence.
Offline
#203 2014-02-18 20:37:10
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: proxmark3 gerbers and bill of material
There are some bugs in iso14443a, please try an iso15693 with both firmware revision.
Offline
#204 2014-02-19 05:26:07
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Enio wrote:Ouch. Good news, pity you had so much trouble. Is this with 47pf capacitor?
yes, it is.
i will work to change them all on remaining cards.
You can mount Trimmer / Variable Capacitor for easier tuning.
So, HF tx/rx path is OK?
Did you test LF path?
Offline
#205 2014-02-19 09:19:50
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: proxmark3 gerbers and bill of material
I tested with my "original" (proxmark3.com) pm3 and r844 and it is working, maybe r842 has problems ? (removed r842 and added r844 from Windows Clien thread).
Does anyone know if proxmark3.com sells boards with 47pf or 100pf capacitor ?
I also found a maybe-bug in the autopwn script and I already informed holiman of that.
Last edited by asper (2014-02-19 09:23:52)
Offline
#206 2014-02-19 14:03:10
- RadioWar
- Contributor
- From: China
- Registered: 2012-09-15
- Posts: 96
Re: proxmark3 gerbers and bill of material
I tested with my "original" (proxmark3.com) pm3 and r844 and it is working, maybe r842 has problems ? (removed r842 and added r844 from Windows Clien thread).
Does anyone know if proxmark3.com sells boards with 47pf or 100pf capacitor ?
I also found a maybe-bug in the autopwn script and I already informed holiman of that.
47pf
Offline
#207 2014-02-19 14:43:42
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: proxmark3 gerbers and bill of material
Thanks RadioWar !
Offline
#208 2014-02-21 04:29:05
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
gaucho
Did you test LF path?
Offline
#209 2014-02-22 15:23:01
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
hi vivat,
i'm just a man, i had no time to do it.
i received the capacitors and i started soldering them, but today i can't complete it since i have no access to the lab.
moreover i'm completing the development of 2 apps for android and i'm also paid for them.
Offline
#210 2014-02-24 16:09:44
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
vivat (but even all), 3 boards has the following problem:
when you plug the usb, the leds flashs normally but the relay doesn't make any sound like the working board does. of course tags are not read.
do you have a suggested measure?
I need to download the relay datasheet in order to understand which is the pin where the command to actuate the relay comes from, and how are the outputs supposed to be connected.
From these measures I will understand if the relay is broken.
this idea of group buy is becoming very time consuming for me.. (this was the first and last time that i organize a group buy for free)
Offline
#211 2014-02-24 17:22:44
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
the solderings are made really without quality control. The boards where the relay doesn't work are mounted with the relay in the wrong position.
see the image. You can see a working board and the board with the inverted relay (white item on the upper right side) I will correct them. I also wrote to manufacturer but last week he answered telling me "i apologize, i really sorry, send me the boards and we will try to solve the problem" but it's more expensive to pay the shipment to china than to try to solve the problem on my site.
Last edited by gaucho (2014-02-24 17:38:38)
Offline
#212 2014-02-25 08:17:10
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
You should ask for partial refund from sky-macau. I don't think they have been using automated soldering system. You payed for machine soldering, but they soldered components by hand. The result is flipped relay, dirty pcb. Did you perform other tests?
Offline
#213 2014-02-25 17:59:25
- benoit37000
- Contributor
- From: France
- Registered: 2013-10-10
- Posts: 21
Re: proxmark3 gerbers and bill of material
Hello
I just received my proxmark3 from Gaucho
Thanks for it job to help for solving issue he encountered.
Well at first it did not work : no HF or LF Signals: I forgot to flash 
!
So I Flashed with a different Firmware version the 809 that I use on my working Proxmark.
Bur after this flash still the same
So I tried other revision 756 832 which works with my working proxmark3 ( each time I flashed bootrom, OS and FGPA of course and use the same win client revision )
But still the same HW Tune send 0 …
So I began to checked with my Old Oscilloscope the TX Path
And like gaucho I found no signal on Pin 80 POWER_Hi FGPA
( with my working Proxmark I get signal of course ).
So do you have any idea Hardware soldering issues or Else ?
I spend 2 hours checking solder but I have no magnifier( I will try to make high resoltuin pictures just to check )
I understand Gaucho : not easy to check all those dammed Boards
Offline
#214 2014-02-25 18:06:15
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
yep. i rotated the relay and now boards are working.
now i have another type of problem on one board: zero voltage on HF tune. I used oscilloscope and i finally found that there is a problem in the Hirose connector.
I had to go since the lab was closing.
Tomorrow I'll check it on microscope and correct the problem. It is strange since it seems well soldered. I suppose that the hirose connector is broken. Fortunately I have some spare parts.
I will also request for a refund, but i think it's hard to have back the money, cause they paid operators to do that work.
My colleague (expert on pcba) told me that they were soldered by machine cause the amount of material on each soldering is the same and doing it by hands is not possible. He suppose that there is a machine feeding error (the process where you fill the machine with the components to be soldered).
Offline
#215 2014-02-25 18:52:30
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
Mine arrived too, in good condition. Well packed. Waiting for the 47pf capacitor to arrive, will let you know.
Offline
#216 2014-02-25 22:05:07
- benoit37000
- Contributor
- From: France
- Registered: 2013-10-10
- Posts: 21
Re: proxmark3 gerbers and bill of material
well i have tried to clean the board but it look already clean with no apparent short circuit
when i launch lf read command the red led power on for 10 seconds then the Pm3 reset itself:
so Hardware short circuit or FGPA software problem ?
i have checked the 2.5v ,3.3v and 3.3v FGPA are OK
XT1 and XT2 behave like my working proxmark
i thinks i gave up i can't do more with my tools
here is a full resolution of my Board: at http://imageshack.com/a/img824/766/slzi.jpg
a low resolution of my board:
Benoit
Last edited by benoit37000 (2014-02-25 22:07:50)
Offline
#217 2014-02-26 03:46:07
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
I tested basic functionality just now. No antenna yet and the 100pf capacitor still assembled. I built the pm3 client on HEAD, checked connectivity to find out the flashed version to match the client version. Then recompiled on that rev. and launched the following commands.
[enio@netbook]client $ svn info ..
Pfad: /home/enio/nfc/proxmark3
Wurzelpfad der Arbeitskopie: /home/enio/nfc/proxmark3
URL: http://proxmark3.googlecode.com/svn/trunk
Relative URL: ^/trunk
Revision: 842
[...]
Letzte geänderte Rev: 842
Letztes Änderungsdatum: 2014-01-31 22:24:18 +0100 (Fr, 31. Jan 2014)
[enio@netbook]client $ ./proxmark3 /dev/ttyACM0
proxmark3> hw ver
#db# Prox/RFID mark3 RFID instrument
#db# bootrom: svn 842 2014-02-01 12:49:37
#db# os: svn 842 2014-02-01 12:49:41
#db# FPGA image built on 2013/11/19 at 18:17:10
uC: AT91SAM7S512 Rev A
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# Measuring complete, sending report back to host
# LF antenna: 0,00 V @ 125.00 kHz
# LF antenna: 0,00 V @ 134.00 kHz
# LF optimal: 0,00 V @ 12000,00 kHz
# HF antenna: 0,06 V @ 13.56 MHz
# Your LF antenna is unusable.
# Your HF antenna is unusable.
proxmark3> lf read
#db# buffer samples: 74 93 71 90 76 9b 92 94 ...
proxmark3> Notice the HF measurement always shows some value in the range of 0.1 to 0.06 (NO antenna connected) so its measuring something.
@Benoit37000: I did not touch the flashed version yet and want to read up first to not break anything. Maybe you try this revision (842) too just to be 100% sure its not a revision thing?
Edit: If you are up for it - we could try to narrow the issue down by adding some debug output reading out various register contents on the lf read command. In lfops.c in function DoAcquisition125k() there is a for(;;) loop turning on LED_RED, it could be interesting to find out what makes your board not exit that loop - or maybe something kills the whole execution at that point. Knowing that might give a hint which physical paths could be broken.
Last edited by Enio (2014-02-26 05:07:45)
Offline
#218 2014-02-26 06:02:31
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
well i have tried to clean the board but it look already clean with no apparent short circuit
when i launch lf read command the red led power on for 10 seconds then the Pm3 reset itself:
Double check the board for short circuits. See this marked photo:
Enio
# HF antenna: 0,06 V @ 13.56 MHz
It's OK to get some mV without connected antenna.
Do you try to make antennas yourself?
Last edited by vivat (2014-02-26 06:14:44)
Offline
#219 2014-02-26 11:39:04
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: proxmark3 gerbers and bill of material
Well, in reality it is not so normal to have some mV without antennas; my experience says that if you put the pm3 board over/next/under the pc case this proximity (to the processor?to the power source?) can make interference; another example I can share is this: if I put an SL500F over my pc case it is not able to detect ANY tag anymore so my suggestion is "try to keep the pm3 board away from pc hardware".
Last edited by asper (2014-02-26 11:39:37)
Offline
#220 2014-02-26 15:13:31
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Well, in reality it is not so normal to have some mV without antennas;
Yes, if you live in Faraday's cage, you won't get any RF noise, but there is so much electronics around us.
Offline
#221 2014-02-26 16:13:28
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
Enio
# HF antenna: 0,06 V @ 13.56 MHz
It's OK to get some mV without connected antenna.
Do you try to make antennas yourself?
Yes, probably this weekend.
Offline
#222 2014-02-26 21:32:37
- benoit37000
- Contributor
- From: France
- Registered: 2013-10-10
- Posts: 21
Re: proxmark3 gerbers and bill of material
Bad news for my board i Found it 
Folowing Vivat advice.
After testing with my multimeter continuity between IC's legd component and soldering point.
i found several fgpa legs not soldered at all !! ( you c'ant see it on picture )
si this it not a firwmare problem but FGPA bad soldering
i am sad i can't do nothing not equiped for CMS soldering
Benoit
Offline
#223 2014-02-26 22:48:27
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
Uhh
Try a thin solder tip, add a lil bit solder material on it and make a dirty bridge or get some conducting finish (finish with silver particles similar to this: http://www.maplin.co.uk/p/electrically-conductive-silver-paint-n36ba ) and use a thin brush to connect it. The latter might be easier but probably more prone to failure.
Last edited by Enio (2014-02-26 22:52:17)
Offline
#224 2014-02-27 06:18:19
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Bad news for my board i Found it
Folowing Vivat advice.
After testing with my multimeter continuity between IC's legd component and soldering point.
i found several fgpa legs not soldered at all !! ( you c'ant see it on picture )
Watch QFP iron soldering videos on youtube. Then try it yourself. If you are unable to solder it, take your board to local cell-phone repair workshop. Then triple-check your pcb again with continuity test.
Offline
#225 2014-02-27 20:17:19
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
Just for the record, i built a simple hf antenna (~11.5V on hw tune) and tested hf 14a reader on rev. 842 and it failed with loads of Collision errors ("Multiple tags detected. Collision after Bit [1-8]"). hf 14a list also didnt work.
I then went back on rev 834 on os (dunno if fpga got updated there too, i only flashed fullimage.elf - can someone clarify?) and there it worked flawlessly. Ill dig into it the next days and analyze some diffs.
Edit: The major changes in svn 839 (fpga and manchester decoder in arm, see: http://www.proxmark.org/forum/viewtopic.php?id=1797) introduce the issues.
Last edited by Enio (2014-02-27 22:13:40)
Offline
#226 2014-02-27 22:59:11
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
today i made many measures on the board that i wrote about yesterday. it was not the connector, it's something else, i suppose fpga. i will write more details tomorrow, now i'm really too much tired. But my fear is the following:
flashing different firmware revision the board starts to work (this appened to me on different boards)
i made some assumptions for this:
-the firmware is flashed in a bad way so that the board don't work properly.
-the different arm (bigger memory) introduces something that it's still not clear.
How could i check the flashed firmware after i wrote it? the flasher doesn't allow me to do this check.
@benoit: did you try to flash older firmware revision? did you changed the capacitor? how can you check a bad soldering if you don't have a microscope? if you have a microscope you will have no problem to make that solderings. doing pressure on a pin, you can easily break the soldering, pay attention touching the solderings.
@vivat: some of the points that you highlighted on the picture are shorts that are also reported on the shematic, so it's correct that they are there.
I also need to understand how the mux works cause today on another board i've seen something strange. Tomorrow i'll continue, after finish a damn 300 pages document for work.
Last edited by gaucho (2014-02-27 23:01:21)
Offline
#227 2014-02-28 01:02:49
- benoit37000
- Contributor
- From: France
- Registered: 2013-10-10
- Posts: 21
Re: proxmark3 gerbers and bill of material
Some news
using
2 needles for continuity test between the top of the pin and the track or connected point and
with magnifying glass
and an old soldering iron :
i managed to fix about 4 bad soldered pin between FGPA and ARM.
i checked all the iCs ( about 2 hours , i am 40 years and having just this small magnifying lens
well after this i powered the pm3 the hw tune was OK about 25 Volt on LF and about 5 volts on HF ( because of c35 100 pf )
i managed to decode HID LF tag with lf hid fskdemod command !
i then tried on my mifare ( removing c35 and adjusting HF voltage with other lower value capacitor between 5-30 pf )
but i did not get anything ( was about 9 volt HF ).
I then tried all the firmware which are working on my working proxmark
rev 756
rev 807
rev 839
but nothing more with HF
and the worth now LF hid fskdemdod did not work anymore
lf read give the same data like stuck ... firmware issue ? as Gaucho indicated
i am still wondering
Benoit
Offline
#228 2014-02-28 04:19:06
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Enio
fullimage.elf contains both ARM and FPGA flash images. You are correct, you are doing it right. Did you try to flash HEAD svn revision? What's about LF?
gaucho
AFAIK there is no way to checksum verifying of the firmware image. I didn't see such functionality in proxmark code. Do you also flash fullimage.elf?
MUX is used to select input path of recieved signal from antenna to ADC. The MUX is driven by ARM using function SetAdcMuxFor() in armsrc/appmain.c. There is 4 possible modes - LOPKD, LORAW, HIPKD, HIRAW. HF/LF Peak-detected path or RAW.
benoit37000
Can you show us your log?
Did you try to solder C35 Trimmer / Variable Capacitor?
Last edited by vivat (2014-02-28 04:21:23)
Offline
#229 2014-02-28 13:18:36
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
Enio
fullimage.elf contains both ARM and FPGA flash images. You are correct, you are doing it right. Did you try to flash HEAD svn revision? What's about LF?
Sure, I tested HEAD (848) and it couldnt select card. I then went back on the working rev. 834 which gaucho proved to be functional checked revs up to the first that breaks it - which is 839 as i already mentioned, where piwi added anticollision handling -fpga changes included.
I have not yet checked LF as i dont have an LF tag yet.
Could the bigger space on our arm have impact on it? I will study the anticollision code and fpga changes on rev. 839 next days but i need to learn more about verilog first. Any ideas for troubleshooting?
Offline
#230 2014-02-28 14:00:21
- piwi
- Contributor
- Registered: 2013-06-04
- Posts: 704
Re: proxmark3 gerbers and bill of material
839 and following had issues with sniffing and simulating (fixed in head). hf 14a reader was not affected.
Repeated quite some times in this forum: don't place the card directly on the antenna - allow a distance of 0.5 to 1cm.
Offline
#231 2014-02-28 14:28:38
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
839 and following had issues with sniffing and simulating (fixed in head). hf 14a reader was not affected.
Repeated quite some times in this forum: don't place the card directly on the antenna - allow a distance of 0.5 to 1cm.
I know, i probably read them all. Dont worry, i did that. I got very random results on 839 on the amount of collisions, but whenever it selected a card the printed uid etc are bad. Also, when no card is present it finds endless collisions - could this hint on the source of the issue? I will add logs tonight.
Offline
#232 2014-02-28 15:38:23
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Could the bigger space on our arm have impact on it? I will study the anticollision code and fpga changes on rev. 839 next days but i need to learn more about verilog first. Any ideas for troubleshooting?
No, 512 kb of flash shouldn't be the problem. If you have a reader or another proxmark, can you test tag simulator mode and sniffer mode? Or maybe you have NFC-capable cellphone?
Offline
#233 2014-02-28 15:51:54
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
dear all, a'm going crazy, do you understand crazy? CRAZY!
If i'm not confident with the firmware, i can't do measurements on the hardware.
I have a problem, but first let me write my starting assumptions:
1) MUXEL_HIPKD should be activated to reveal the peak of the High Frequency signal (with a low-pass filter) and it should be activated when on the client you hit the command HF TUNE and HW TUNE
2) MUXEL_HIRAW should be activated to reveal the raw signal coming from the High Frequency antenna and it should be activated when on the client you hit the commands to read HF tags, like HF 14A READ
3) MUXEL_LOPKD should be activated to reveal the peak of the Low Frequency signal (with a low-pass filter) and it should be activated when on the client you hit the command LF READ and HW TUNE
4) MUXEL_LORAW should be activated to reveal the raw signal coming from the Low Frequency antenna and it should be activated when on the client you hit the commands to read LF tags
5) The voltage required on the control pins of the MUX (D4066) IC11 is minimum 3,5Volt
-----------------------------------------------------------------
With this assumption we can measure the commands on the MUX (IC11) on pins 13, 5,6,12.
Since MUXEL_HIPKD is the pin 12 of IC11, i used a multimeter on the pcb via (there is a via near the pin 12 whre we can place the multimeter in order to measure the voltage).
I send the command HF TUNE and i read zero volt on IC11 pin 12, then i reset the board, i send the command HF 14A READ and the voltage goes to 3,5V and stay on.
Then i send again the command HF TUNE and the voltage goes down to zero volt.
Infact the board is not working very well.
I have this problem on some boards.
The actual uploaded FW rev. is 834 (downloaded from radiowar website).
Please give me some hint, some tool, some help to understand. I want to have fixed points in my mind in order to do a good troubleshooting.
roel requested the bigger arm telling me that there was no difference with the old model, but now He didn't answered to my email, so i can't request help to him.
I think that we should find a method to check if the firmware was entirely flashed as expected.
Last edited by gaucho (2014-02-28 16:03:15)
Offline
#234 2014-02-28 16:15:04
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: proxmark3 gerbers and bill of material
Well, with jtag I think you can read it back and compare binaries.
Offline
#235 2014-02-28 16:25:47
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
ok, you are right, but which binary to flash on the JTAG? i flashed only the bootloader with this method but i understood that there is also a unique file containing all the data that i can flash on the JTAG. Please consider that i have the parallel port JTAG and that i will use the armpgm.exe. I suppose that i need to convert the file in some way..
Last edited by gaucho (2014-02-28 16:26:15)
Offline
#236 2014-02-28 17:12:21
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
gaucho
Don't go crazy, we need you alive.
Raw paths: MUXSEL_HIRAW and MUXSEL_LORAW not used in recent svn revisions(r84x-83x). You can test the mux with command
hw setmux <loraw|hiraw|lopkd|hipkd>
MUXEL_HIPKD should be activated to reveal the peak of the High Frequency signal (with a low-pass filter) and it should be activated when on the client you hit the command HF TUNE and HW TUNE
No. you are wrong.
HW TUNE and HF TUNE commands (MeasureAntennaTuning and MeasureAntennaTuningHf respectively in armsrc/appmain.c) don't use SetAdcMuxFor() function to set the ADC path. MeasureAntennaTuningHf() function sets FPGA mode to HF reader receiving mode and reads antenna voltage using AvgAdc(). AvgAdc reads ARMs internal ADC(not TL5540!).
About JTAG read this:
https://code.google.com/p/proxmark3/wiki/Compiling#Flash_sections
Do you flash .s19 or .elf files with JTAG?
Offline
#237 2014-02-28 17:38:08
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
Don't go crazy, we need you alive.
Raw paths: MUXSEL_HIRAW and MUXSEL_LORAW not used in recent svn revisions(r84x-83x).
doh!
You can test the mux with command hw setmux <loraw|hiraw|lopkd|hipkd>
dohhh! there is a specific command!
HW TUNE and HF TUNE commands (MeasureAntennaTuning and MeasureAntennaTuningHf respectively in armsrc/appmain.c) don't use SetAdcMuxFor() function to set the ADC path. MeasureAntennaTuningHf() function sets FPGA mode to HF reader receiving mode and reads antenna voltage using AvgAdc(). AvgAdc reads ARMs internal ADC(not TL5540!).
Do you mean that the antenna voltage is measured by AMPL_HI and AMPL_LO ?
And how is the signal sampled during HF 14A READ operations if the RAW inputs are not used? It seems to me that the HIPKD can not be used because there is a low-pass filter on that way. Am i wrong?
About JTAG read this:
https://code.google.com/p/proxmark3/wiki/Compiling#Flash_sections
Do you flash .s19 or .elf files with JTAG?
I flashed the .s19 file (bootloader). I suppose it is requierd by the tool that i'm using.
But while i have the proxmark3_recovery.bin and fullimage.bin in BIN format, i don't have these files in .S19 format.
I read that link long time ago, i know how the FW is structured.
I followed this in order to flash the bootloader with the parallel port: http://www.proxmark.org/files/Flash/2008.09.20-flash-howto.pdf
Last edited by gaucho (2014-02-28 17:42:38)
Offline
#238 2014-02-28 18:07:59
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Do you mean that the antenna voltage is measured by AMPL_HI and AMPL_LO ?
Probadly, I haven't look at schematics.
And how is the signal sampled during HF 14A READ operations if the RAW inputs are not used? It seems to me that the HIPKD can not be used because there is a low-pass filter on that way. Am i wrong?
Read file doc/system.txt
DETAILS: ANALOG RECEIVE PATH
Offline
#239 2014-02-28 18:45:50
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
sorry Vivat,
i can read only this
For `slow' signals, I use an MCP6294 opamp. This has a GBW of 10 MHz, which is more than enough for the low-frequency stuff, and enough for all of the subcarrier frequencies that I know of at high frequency. In practice, the `slow' signals are all the signals following the peak detector. These signals are usually centred around the generated voltage Vmid. For `fast' signals, I use an AD8052. This is a very fast voltage-feedback amplifier (~100 MHz GBW). I use it immediately after the antenna for both the low- and high-frequency cases, as a sort of an ugly LNA. It is not optimal, but it certainly made the design easy. This is old, there is not the info i need.
This board, in order to sample the signals from HF antenna has only:
- AMPL_HI (connected to arm, you said tht it's used to measure the antenna voltage)
- CROSS_HI (connected to FPGA P87_IO1)
- the line enabled by MUXEL_HIPKD (you said that it is not used by antenna measuring but you didn't said if is it used by HF 14A READ ) that aquires the signal using the analog to digital converter IC8.
- the line enabled by MUXEL_HIRAW (but you said that this line is no more used) that aquires the signal using the analog to digital converter IC8.
Can someone of you check for me which line is enabled on the HF 14A READ in order to allow me to compare the signal sampled by a working board and the one sampled by a not working board ?
Can someone of you give me a single .s19 file of the COMPLETE firmware, included bootloader,fpga and os?
Last edited by gaucho (2014-02-28 18:51:42)
Offline
#240 2014-02-28 21:51:52
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
piwi wrote:839 and following had issues with sniffing and simulating (fixed in head). hf 14a reader was not affected.
Repeated quite some times in this forum: don't place the card directly on the antenna - allow a distance of 0.5 to 1cm.
I know, i probably read them all. Dont worry, i did that. I got very random results on 839 on the amount of collisions, but whenever it selected a card the printed uid etc are bad. Also, when no card is present it finds endless collisions - could this hint on the source of the issue? I will add logs tonight.
Sample of a hf 14a reader log on svn 839:
[...]
#db# Multiple tags detected. Collision after Bit 8, count: 3
#db# Multiple tags detected. Collision after Bit 1, count: 3
#db# Multiple tags detected. Collision after Bit 3, count: 7
#db# Multiple tags detected. Collision after Bit 4, count: 8
#db# Multiple tags detected. Collision after Bit 6, count: 1
#db# Multiple tags detected. Collision after Bit 8, count: 3
#db# Multiple tags detected. Collision after Bit 1, count: 3
#db# Multiple tags detected. Collision after Bit 3, count: 4
#db# Multiple tags detected. Collision after Bit 5, count: 6
ATQA : b5 03
UID : 56 d5 5a d5 00 75 55 55 56 c2 56 b5 03 00 ad aa b6 57 d5 56 db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SAK : 00 [2]
TYPE : NXP MIFARE Ultralight | Ultralight C
proprietary non iso14443a-4 card found, RATS not supported Seemingly random ATQAs, UIDs and SAKs i get, sometimes it just doesnt stop finding collisions until i reset. This is being done with the card being 1.5cm above the antenna. hw tune reads 11,54 V without and 9,73 V with Tag, that should be ok.
Offline
#241 2014-03-01 15:48:05
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
- the line enabled by MUXEL_HIPKD (you said that it is not used by antenna measuring but you didn't said if is it used by HF 14A READ ) that aquires the signal using the analog to digital converter IC8.
Yes, this path(HF peak-detected) is used by hf 14a reader. You can record the signal on TP1 test point. I already posted my screenshots from this command:
http://www.proxmark.org/forum/viewtopic.php?pid=9671#p9671
Do you need another pictures?
Maybe another command, such as hf 15 reader?
Can someone of you give me a single .s19 file of the COMPLETE firmware, included bootloader,fpga and os?
You can compile it yourself, you need Proxspace if you are using windows.
Enio
Can you show your antenna? What is dimensions, cable type and diameter? What is hf 14a list output?
Last edited by vivat (2014-03-01 16:41:41)
Offline
#242 2014-03-01 19:09:06
- asper
- Contributor
- Registered: 2008-08-24
- Posts: 1,409
Re: proxmark3 gerbers and bill of material
Can someone of you give me a single .s19 file of the COMPLETE firmware, included bootloader,fpga and os?
Here it is.
I used this tool.
Revision used is r848. I also tried to convert back the .s19 to .bin but the file size was really bigger than the original one so I don't know if this will work.
Offline
#243 2014-03-01 22:16:14
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
Enio
Can you show your antenna? What is dimensions, cable type and diameter? What is hf 14a list output?
I tested various different dimension HF antennas, the best i got done is the one on this picture, ~45 x 27mm, 5 windings. Cable sticker reads 1x0.2mm² so i guess the core diameter is ~0.2mm.
Hw tune without and with Tag as shown on pic (~10mm distance):
# HF antenna: 11,38 V @ 13.56 MHz
[...]
# HF antenna: 9,51 V @ 13.56 MHz Following tests done with HEAD again (rev. 848).
1. hf 14a sim 1 11223344 on pm3, nfc-list on nfclib enabled reader.
nfc-list reports 16 ISO14443A passive targets found, then lists them all (all same ATQA0004 UID 11223344 SAK 08.
proxmark3> hf 14a sim 1 11223344
Emulating ISO/IEC 14443 type A tag with 4 byte UID (11223344)
#db# Received unknown command (len=1):
#db# 78
#db# Received unknown command (len=1):
#db# 11
#db# Received unknown command (len=1):
#db# 78
#db# Received unknown command (len=1):
#db# 11
#db# Received unknown command (len=1):
#db# 78
#db# Received unknown command (len=1):
#db# 11
proxmark3> hf 14a list
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# Button press
#db# 0 0 48
Recorded Activity
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data
-----------|-----------|-----|--------
0 | 1056 | Rdr | 26
2228 | 4596 | Tag | 04 00
13126 | 15590 | Rdr | 93 20
16826 | 22650 | Tag | 11 22 33 44 44
43978 | 54442 | Rdr | 93 70 11 22 33 44 44 51 9c
55742 | 59262 | Tag | 08 b6 dd
195924 | 200692 | Rdr | 50 00 57 cd
351404 | 352460 | Rdr | 26
353696 | 356064 | Tag | 04 00
364786 | 367250 | Rdr | 93 20
368422 | 374246 | Tag | 11 22 33 44 44
395634 | 406098 | Rdr | 93 70 11 22 33 44 44 51 9c
407334 | 410854 | Tag | 08 b6 dd
548292 | 553060 | Rdr | 50 00 57 cd
719954 | 721010 | Rdr | 26
722182 | 724550 | Tag | 04 00
733256 | 735720 | Rdr | 93 20
736892 | 742716 | Tag | 11 22 33 44 44
764054 | 774518 | Rdr | 93 70 11 22 33 44 44 51 9c
775818 | 779338 | Tag | 08 b6 dd
927140 | 931908 | Rdr | 50 00 57 cd
1097076 | 1098132 | Rdr | 26
1099368 | 1101736 | Tag | 04 00
1110394 | 1112858 | Rdr | 93 20
1114094 | 1119918 | Tag | 11 22 33 44 44
1141244 | 1151708 | Rdr | 93 70 11 22 33 44 44 51 9c
1153008 | 1156528 | Tag | 08 b6 dd
1293204 | 1297972 | Rdr | 50 00 57 cd
1438304 | 1439360 | Rdr | 26
1440596 | 1442964 | Tag | 04 00
1451622 | 1454086 | Rdr | 93 20
1455322 | 1461146 | Tag | 11 22 33 44 44
1482346 | 1492810 | Rdr | 93 70 11 22 33 44 44 51 9c
1494110 | 1497630 | Tag | 08 b6 dd
1632628 | 1637396 | Rdr | 50 00 57 cd
1789000 | 1790056 | Rdr | 26
1791292 | 1793660 | Tag | 04 00
1802190 | 1804654 | Rdr | 93 20
1805890 | 1811714 | Tag | 11 22 33 44 44
1833038 | 1843502 | Rdr | 93 70 11 22 33 44 44 51 9c
1844802 | 1848322 | Tag | 08 b6 dd
1997780 | 2002548 | Rdr | 50 00 57 cd
2155692 | 2156748 | Rdr | 26
2157984 | 2160352 | Tag | 04 00
2169074 | 2171538 | Rdr | 93 20
2172710 | 2178534 | Tag | 11 22 33 44 44
2199860 | 2210324 | Rdr | 93 70 11 22 33 44 44 51 9c
2211624 | 2215144 | Tag | 08 b6 dd
2363844 | 2368612 | Rdr | 50 00 57 cd
2521750 | 2522806 | Rdr | 26
2524042 | 2526410 | Tag | 04 00
2535066 | 2537530 | Rdr | 93 20
2538766 | 2544590 | Tag | 11 22 33 44 44
2565914 | 2576378 | Rdr | 93 70 11 22 33 44 44 51 9c
2577678 | 2581198 | Tag | 08 b6 dd
2730660 | 2735428 | Rdr | 50 00 57 cd
2900602 | 2901658 | Rdr | 26
2902894 | 2905262 | Tag | 04 00
2913920 | 2916384 | Rdr | 93 20
2917620 | 2923444 | Tag | 11 22 33 44 44
2944772 | 2955236 | Rdr | 93 70 11 22 33 44 44 51 9c
2956536 | 2960056 | Tag | 08 b6 dd
3109524 | 3114292 | Rdr | 50 00 57 cd
3267428 | 3268484 | Rdr | 26
3269720 | 3272088 | Tag | 04 00
3280618 | 3283082 | Rdr | 93 20
3284318 | 3290142 | Tag | 11 22 33 44 44
3311470 | 3321934 | Rdr | 93 70 11 22 33 44 44 51 9c
3323234 | 3326754 | Tag | 08 b6 dd
3476228 | 3480996 | Rdr | 50 00 57 cd
3646158 | 3647214 | Rdr | 26
3648450 | 3650818 | Tag | 04 00
3659348 | 3661812 | Rdr | 93 20
3663048 | 3668872 | Tag | 11 22 33 44 44
3690198 | 3700662 | Rdr | 93 70 11 22 33 44 44 51 9c
3701962 | 3705482 | Tag | 08 b6 dd
3855844 | 3860612 | Rdr | 50 00 57 cd
4025782 | 4026838 | Rdr | 26
4028074 | 4030442 | Tag | 04 00
4039100 | 4041564 | Rdr | 93 20
4042800 | 4048624 | Tag | 11 22 33 44 44
4070014 | 4080478 | Rdr | 93 70 11 22 33 44 44 51 9c
4081714 | 4085234 | Tag | 08 b6 dd
4235588 | 4240356 | Rdr | 50 00 57 cd
4405530 | 4406586 | Rdr | 26
4407822 | 4410190 | Tag | 04 00
4418912 | 4421376 | Rdr | 93 20
4422548 | 4428372 | Tag | 11 22 33 44 442. hf 14a snoop of Infineon mifare 1k card with nfclib reader doing multiple nfc-list
proxmark3> hf 14a snoop
#db# cancelled by button
#db# COMMAND FINISHED
#db# maxDataLen=3, Uart.state=0, Uart.len=0
#db# traceLen=1856, Uart.output[0]=00000026
proxmark3> hf 14a list
Waiting for a response from the proxmark...
Don't forget to cancel its operation first by pressing on the button
#db# cancelled by button
#db# COMMAND FINISHED
#db# maxDataLen=2, Uart.state=0, Uart.len=0
#db# traceLen=0, Uart.output[0]=00000026
Recorded Activity
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data
-----------|-----------|-----|--------
proxmark3> hf 14a snoop
#db# cancelled by button
#db# COMMAND FINISHED
#db# maxDataLen=3, Uart.state=0, Uart.len=0
#db# traceLen=1605, Uart.output[0]=00000026
proxmark3> hf 14a list
Recorded Activity
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data
-----------|-----------|-----|--------
0 | 1056 | Rdr | 26
13296 | 15760 | Rdr | 93 20
196224 | 200864 | Rdr | a8 80 2b 66 !crc
367024 | 368080 | Rdr | 26
443040 | 444096 | Rdr | 26
518928 | 519984 | Rdr | 26
5546720 | 5547776 | Rdr | 26
5622304 | 5623360 | Rdr | 26
5697936 | 5698864 | Rdr | 13
10878080 | 10879136 | Rdr | 26
10891248 | 10893712 | Rdr | 93 20
10922080 | 10932544 | Rdr | 93 70 55 cd 67 62 9d 3d aa
11087744 | 11092512 | Rdr | 50 00 57 cd
11243488 | 11244416 | Rdr | 13
11319264 | 11320320 | Rdr | 26
11395344 | 11396400 | Rdr | 26
16478688 | 16479744 | Rdr | 26
16554320 | 16555376 | Rdr | 26
16629888 | 16630944 | Rdr | 26
17884212 | 17884788 | Tag | 0d
23205952 | 23207008 | Rdr | 26
23219248 | 23221712 | Rdr | 93 20
23250080 | 23260544 | Rdr | 93 70 55 cd 67 62 9d 3d aa
23415600 | 23420368 | Rdr | 50 00 57 cd
23572000 | 23573056 | Rdr | 26
23648032 | 23649088 | Rdr | 26
23723984 | 23725040 | Rdr | 26
28821008 | 28822064 | Rdr | 26
28972096 | 28973152 | Rdr | 26
36430976 | 36432032 | Rdr | 26
36444256 | 36446720 | Rdr | 93 20
36475088 | 36485552 | Rdr | 93 70 55 cd 67 62 9d 3d aa
36638960 | 36643728 | Rdr | 50 00 57 cd
36795424 | 36796480 | Rdr | 26
36871440 | 36872496 | Rdr | 26
36947328 | 36948384 | Rdr | 26
42112000 | 42113056 | Rdr | 26
42187520 | 42188576 | Rdr | 26
42263152 | 42264080 | Rdr | 13
53521888 | 53522944 | Rdr | 26
53535056 | 53537520 | Rdr | 93 20
53565968 | 53576432 | Rdr | 93 70 55 cd 67 62 9d 3d aa
53715296 | 53720064 | Rdr | 50 00 57 cd
53859600 | 53860656 | Rdr | 26
53935488 | 53936544 | Rdr | 26
54011520 | 54012576 | Rdr | 26
59038544 | 59039600 | Rdr | 26
59114112 | 59115168 | Rdr | 26
59189616 | 59190672 | Rdr | 26
70378032 | 70379088 | Rdr | 26
70391200 | 70393664 | Rdr | 93 20
70422032 | 70432496 | Rdr | 93 70 55 cd 67 62 9d 3d aa
70744080 | 70745008 | Rdr | 13
70819856 | 70820912 | Rdr | 26
70895936 | 70896864 | Rdr | 13
76005632 | 76006688 | Rdr | 26
76081152 | 76082208 | Rdr | 26
76156848 | 76157776 | Rdr | 13
76618804 | 76619124 | Tag | 02
93163488 | 93164544 | Rdr | 26
93176784 | 93179248 | Rdr | 93 20
93207616 | 93218080 | Rdr | 93 70 55 cd 67 62 9d 3d aa
93372448 | 93377216 | Rdr | 50 00 57 cd
93529664 | 93530720 | Rdr | 26
93605696 | 93606752 | Rdr | 26
93681904 | 93682832 | Rdr | 13
98709952 | 98711008 | Rdr | 26
98785472 | 98786528 | Rdr | 26
98860976 | 98862032 | Rdr | 26
100741940 | 100742260 | Tag | 02
118932000 | 118932928 | Rdr | 13
118945168 | 118947632 | Rdr | 93 20
118976000 | 118986464 | Rdr | 93 70 55 cd 67 62 9d 3d aa
119141648 | 119146288 | Rdr | a8 80 2b 66 !crc
119298816 | 119299744 | Rdr | 13
119374656 | 119375712 | Rdr | 26
119450672 | 119451600 | Rdr | 13
124546672 | 124547728 | Rdr | 26
124622256 | 124623312 | Rdr | 26
124697760 | 124698816 | Rdr | 26 Notice, i dont get any valid TAG responses.
3. hf 14a reader (revision 848)
proxmark3> hf 14a reader
iso14443a card select failed
proxmark3> hf 14a list
Recorded Activity
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data
-----------|-----------|-----|--------
0 | 992 | Rdr | 524. hf mf sim u 11223344 - nfc-anticol on libnfc device
proxmark3> hf mf sim u 11223344
uid:11 22 33 44 , numreads:0, flags:2 (0x02)
#db# 4B UID: 11223344
#db# Emulator stopped. Tracing: 1 trace length: 153
proxmark3> hf 14a list
Recorded Activity
Start = Start of Start Bit, End = End of last modulation. Src = Source of Transfer
All times are in carrier periods (1/13.56Mhz)
Start | End | Src | Data
-----------|-----------|-----|--------
0 | 1056 | Rdr | 26
2292 | 4660 | Tag | 04 00
431826 | 434290 | Rdr | 93 20
435910 | 441734 | Tag | 11 22 33 44 44
549706 | 560170 | Rdr | 93 70 11 22 33 44 44 51 9c
561982 | 566718 | Tag | 08 b6 dd ec
671332 | 676100 | Rdr | 50 00 57 cd
proxmark3>nfc-anticol output:
[enio@netbook]nfc $ nfc-anticol
NFC reader: pn532_uart:/dev/ttyACM1 opened
Sent bits: 26 (7 bits)
Received bits: 04 00
Sent bits: 93 20
Received bits: 11 22 33 44 44
Sent bits: 93 70 11 22 33 44 44 51 9c
Received bits: 08 b6 dd ec
Sent bits: 50 00 57 cd
Found tag with
UID: 11223344
ATQA: 0004
SAK: 08This seems to work as intended.
Edit: Any risk of bricking pm3 with a corrupt fpga image? If i understand it right the arm always uploads it on bootup so it shouldnt be possible to brick it that way (?) Background: I want to test some stuff in fpga code but dont want to test the code on correctness before applying..
Edit2: Im going thru the new ManchesterDecoder, checking where our pm3 rev. fails. I found out that in GetIso14443aAnswerFromTag() where we read AT91C_BASE_SSC->SSC_RHR; we never get any 00s, while the ManchesterDecoding(...) is waiting for 6 consecutive 0 nibbles to sunc with. As seen here
Demod.twoBits = (Demod.twoBits << 8) | bit;
if (Demod.state == DEMOD_UNSYNCD) {
if (Demod.highCnt < 2) { // wait for a stable unmodulated signal
if (Demod.twoBits == 0x0000) {
Demod.highCnt++;
} else {
Demod.highCnt = 0;
}
[...]so my assumtion is that the (new) fpga code (from rev 839 on) puts something wrong into the receive register SSC_RHR in our pm3 revision. Any idea what could cause this?
Last edited by Enio (2014-03-02 01:18:37)
Offline
#244 2014-03-02 11:20:44
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
gaucho wrote:Can someone of you give me a single .s19 file of the COMPLETE firmware, included bootloader,fpga and os?
Here it is.
I used this tool.
Revision used is r848. I also tried to convert back the .s19 to .bin but the file size was really bigger than the original one so I don't know if this will work.
thank you.
I will upload it on a not working board and we will finally check if the FW is wrote in the correct way cause the tool ArmPgm-Win32 allows to read the memory with the "verify" button.
Which one to flash? fullimage.s19 or proxmark3_recovery.s19 ? if i well remember the "recovery" one is the complete file..correct?
EDIT: wait...you are not sure about the result file... Vivat, Enio, can you add you contribute to this point? can i flash that files?
EDIT2: Asper, did you compared the .bin files with ultraedit? in order to check if the content is the same (just different memory size)
Last edited by gaucho (2014-03-02 11:32:56)
Offline
#245 2014-03-02 11:22:20
- gaucho
- Contributor
- From: France
- Registered: 2010-06-15
- Posts: 444
- Website
Re: proxmark3 gerbers and bill of material
- the line enabled by MUXEL_HIPKD (you said that it is not used by antenna measuring but you didn't said if is it used by HF 14A READ ) that aquires the signal using the analog to digital converter IC8.
Yes, this path(HF peak-detected) is used by hf 14a reader. You can record the signal on TP1 test point. I already posted my screenshots from this command:
http://www.proxmark.org/forum/viewtopic.php?pid=9671#p9671
Do you need another pictures?
Maybe another command, such as hf 15 reader?Can someone of you give me a single .s19 file of the COMPLETE firmware, included bootloader,fpga and os?
You can compile it yourself, you need Proxspace if you are using windows.
Enio
Can you show your antenna? What is dimensions, cable type and diameter? What is hf 14a list output?
Thank you. I will compare your result with my result on a working board with my result on a not working board and we will finally know if the analog path is correct.
Offline
#246 2014-03-02 16:17:54
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
EDIT: wait...you are not sure about the result file... Vivat, Enio, can you add you contribute to this point? can i flash that files?
EDIT2: Asper, did you compared the .bin files with ultraedit? in order to check if the content is the same (just different memory size)
I'm sorry i dont have a jtag connector and have no clue about these s19 files. The fullimage.elf contains the full arm image (including the fpga image). Am i right that you want to verify that the fpga image the arm loads onto the fpga on bootup gets successfully sent to the fpga? Or do you want to verify the image flashed on arm is not corrupt?
I noticed my the samples i get from hf 14a read (on the working svn - 838 that is) look odd. The 0-line is always on -60 (h44). This could be the reason the more advanced sample analyzation in the newer svn messes up. 
Q1: What could be the reason for this? Can i "tune" that in some way? (edit: "data hpf" removes the DC offset for the graph and aligns it to the 0 line..) Is the raw DC offset seen in the picture normal? Could it be an issue for functionailty?
Q2: Could anyone with a working pm upload a plot of a single hf 14a read command of a Mifare1K to compare?
Last edited by Enio (2014-03-02 16:53:38)
Offline
#247 2014-03-02 17:51:48
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Enio
I have recorded hf 14a reader with chinese mifare 1k:
http://www.sendspace.com/file/okqep3
Data load path_to_file_mifare12345678
I'm on svn r839.
Notice, i dont get any valid TAG responses.
Did you try to build Roel's antenna?
https://code.google.com/p/proxmark3/wiki/Antennas#Roel%E2%80%99s_Hirose_antenna
Any risk of bricking pm3 with a corrupt fpga image?
I think there is no risk, pm3 just won't work. Yes, ARM uploads FPGA bitstream each time when ARM boots to main OS. You can use Modelsim software and testbenches before testing your code on real FPGA.
Im going thru the new ManchesterDecoder
Contact piwi, you can find his mail in google code.
wait...you are not sure about the result file... Vivat, Enio, can you add you contribute to this point? can i flash that files?
I need to find a JTAG first to try to flash this s19 files. I'll try to find it.
Which one to flash? fullimage.s19 or proxmark3_recovery.s19 ?
AFAIK proxmark3_recovery.s19 is to revert from current CDC USB protocol to old slow HID.
fullimage.s19 contains ARM+FPGA flash without bootrom.
Why don't you compile it yourself? It's so easy to type
make clean&&make all
Last edited by vivat (2014-03-02 17:52:21)
Offline
#248 2014-03-02 19:37:01
- Enio
- Contributor
- Registered: 2013-09-24
- Posts: 175
Re: proxmark3 gerbers and bill of material
Enio
I have recorded hf 14a reader with chinese mifare 1k:
http://www.sendspace.com/file/okqep3
Data load path_to_file_mifare12345678
I'm on svn r839.Notice, i dont get any valid TAG responses.
Did you try to build Roel's antenna?
https://code.google.com/p/proxmark3/wiki/Antennas#Roel%E2%80%99s_Hirose_antennaAny risk of bricking pm3 with a corrupt fpga image?
I think there is no risk, pm3 just won't work. Yes, ARM uploads FPGA bitstream each time when ARM boots to main OS. You can use Modelsim software and testbenches before testing your code on real FPGA.
Im going thru the new ManchesterDecoder
Contact piwi, you can find his mail in google code.
[...]
Thank you! I checked your DC offset and it seems to be the same on your side (-60)!
On the HF antenna, i think my antenna is just fine - on 838 it works well and the voltage is good ( I tested antennas with similar dimensions as roels, i didnt get higher than 11.5V on my tests).
On the LF path: I tried to build a LF antenna, i actually built and tested many different designs, i calculated one for 1000pf with 12.5 diameter for 0.1 enamelled copper wire ~77 turns should be very close to optimal.
Now what i noticed: The voltages found differ greatly whenever i touch anything and 125 & 134 are always very close together. I have the feeling something is wrong in the lf path. Also, i have a LF tag that most likely is a Philips Hitag 2 and i dont get any change in Voltages with it in proximity. The voltages reported by hf tune range from 0.0v (when antenna not connected) over 6.29 (both lf) when ANT_LO directly connected to GND over various voltages with my LF antenna connected -12 to 20 to 40 to even >60V! for both 125&134..
Im adding debug reads on hw tune right now to see what happens there, but any ideas are welcome.
Edit: Some debug output on HW tune:
Antenna shorted to ground.
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# LF: Divisor:255, ADC average: 137365
#db# LF: Divisor:254, ADC average: 137365
#db# LF: Divisor:253, ADC average: 137365
#db# LF: Divisor:252, ADC average: 137365
#db# LF: Divisor:251, ADC average: 137365
#db# LF: Divisor:250, ADC average: 137365
#db# LF: Divisor:249, ADC average: 137365
#db# LF: Divisor:248, ADC average: 137365
#db# LF: Divisor:247, ADC average: 137365
#db# LF: Divisor:246, ADC average: 137365
#db# LF: Divisor:245, ADC average: 137365
#db# LF: Divisor:244, ADC average: 137365
#db# LF: Divisor:243, ADC average: 137365
#db# LF: Divisor:242, ADC average: 137365
#db# LF: Divisor:241, ADC average: 137365
#db# LF: Divisor:240, ADC average: 137365
#db# LF: Divisor:239, ADC average: 137365
#db# LF: Divisor:238, ADC average: 137365
#db# LF: Divisor:237, ADC average: 137365
#db# LF: Divisor:236, ADC average: 137365
#db# LF: Divisor:235, ADC average: 137365
#db# LF: Divisor:234, ADC average: 137365
#db# LF: Divisor:233, ADC average: 137365
#db# LF: Divisor:232, ADC average: 137365
#db# LF: Divisor:231, ADC average: 137365
#db# LF: Divisor:230, ADC average: 137365
#db# LF: Divisor:229, ADC average: 137365
#db# LF: Divisor:228, ADC average: 137365
#db# LF: Divisor:227, ADC average: 137365
#db# LF: Divisor:226, ADC average: 137365
#db# LF: Divisor:225, ADC average: 137365
#db# LF: Divisor:224, ADC average: 137365
#db# LF: Divisor:223, ADC average: 137365
#db# LF: Divisor:222, ADC average: 137365
#db# LF: Divisor:221, ADC average: 137365
#db# LF: Divisor:220, ADC average: 137365
#db# LF: Divisor:219, ADC average: 137365
#db# LF: Divisor:218, ADC average: 137365
#db# LF: Divisor:217, ADC average: 137365
#db# LF: Divisor:216, ADC average: 137365
#db# LF: Divisor:215, ADC average: 137365
#db# LF: Divisor:214, ADC average: 137365
#db# LF: Divisor:213, ADC average: 137365
#db# LF: Divisor:212, ADC average: 137365
#db# LF: Divisor:211, ADC average: 137365
#db# LF: Divisor:210, ADC average: 137365
#db# LF: Divisor:209, ADC average: 137365
#db# LF: Divisor:208, ADC average: 137365
#db# LF: Divisor:207, ADC average: 137365
#db# LF: Divisor:206, ADC average: 137365
#db# LF: Divisor:205, ADC average: 137365
#db# LF: Divisor:204, ADC average: 137365
#db# LF: Divisor:203, ADC average: 137365
#db# LF: Divisor:202, ADC average: 137365
#db# LF: Divisor:201, ADC average: 137365
#db# LF: Divisor:200, ADC average: 137365
#db# LF: Divisor:199, ADC average: 137365
#db# LF: Divisor:198, ADC average: 137365
#db# LF: Divisor:197, ADC average: 137365
#db# LF: Divisor:196, ADC average: 137365
#db# LF: Divisor:195, ADC average: 137365
#db# LF: Divisor:194, ADC average: 137365
#db# LF: Divisor:193, ADC average: 137365
#db# LF: Divisor:192, ADC average: 137365
#db# LF: Divisor:191, ADC average: 137365
#db# LF: Divisor:190, ADC average: 137365
#db# LF: Divisor:189, ADC average: 137365
#db# LF: Divisor:188, ADC average: 137365
#db# LF: Divisor:187, ADC average: 137365
#db# LF: Divisor:186, ADC average: 137365
#db# LF: Divisor:185, ADC average: 137365
#db# LF: Divisor:184, ADC average: 137365
#db# LF: Divisor:183, ADC average: 137365
#db# LF: Divisor:182, ADC average: 137365
#db# LF: Divisor:181, ADC average: 137365
#db# LF: Divisor:180, ADC average: 137365
#db# LF: Divisor:179, ADC average: 137365
#db# LF: Divisor:178, ADC average: 137365
#db# LF: Divisor:177, ADC average: 137365
#db# LF: Divisor:176, ADC average: 137365
#db# LF: Divisor:175, ADC average: 137365
#db# LF: Divisor:174, ADC average: 137365
#db# LF: Divisor:173, ADC average: 137365
#db# LF: Divisor:172, ADC average: 137365
#db# LF: Divisor:171, ADC average: 137365
#db# LF: Divisor:170, ADC average: 137365
#db# LF: Divisor:169, ADC average: 137365
#db# LF: Divisor:168, ADC average: 137365
#db# LF: Divisor:167, ADC average: 137365
#db# LF: Divisor:166, ADC average: 137365
#db# LF: Divisor:165, ADC average: 137365
#db# LF: Divisor:164, ADC average: 137365
#db# LF: Divisor:163, ADC average: 137365
#db# LF: Divisor:162, ADC average: 137365
#db# LF: Divisor:161, ADC average: 137365
#db# LF: Divisor:160, ADC average: 137365
#db# LF: Divisor:159, ADC average: 137365
#db# LF: Divisor:158, ADC average: 137365
#db# LF: Divisor:157, ADC average: 137365
#db# LF: Divisor:156, ADC average: 137365
#db# LF: Divisor:155, ADC average: 137365
#db# LF: Divisor:154, ADC average: 137365
#db# LF: Divisor:153, ADC average: 137365
#db# LF: Divisor:152, ADC average: 137365
#db# LF: Divisor:151, ADC average: 137365
#db# LF: Divisor:150, ADC average: 137365
#db# LF: Divisor:149, ADC average: 137365
#db# LF: Divisor:148, ADC average: 137365
#db# LF: Divisor:147, ADC average: 137365
#db# LF: Divisor:146, ADC average: 137365
#db# LF: Divisor:145, ADC average: 137365
#db# LF: Divisor:144, ADC average: 137365
#db# LF: Divisor:143, ADC average: 137365
#db# LF: Divisor:142, ADC average: 137365
#db# LF: Divisor:141, ADC average: 137365
#db# LF: Divisor:140, ADC average: 137365
#db# LF: Divisor:139, ADC average: 137365
#db# LF: Divisor:138, ADC average: 137365
#db# LF: Divisor:137, ADC average: 137365
#db# LF: Divisor:136, ADC average: 137365
#db# LF: Divisor:135, ADC average: 137365
#db# LF: Divisor:134, ADC average: 137365
#db# LF: Divisor:133, ADC average: 137365
#db# LF: Divisor:132, ADC average: 137365
#db# LF: Divisor:131, ADC average: 137365
#db# LF: Divisor:130, ADC average: 137365
#db# LF: Divisor:129, ADC average: 137365
#db# LF: Divisor:128, ADC average: 137365
#db# LF: Divisor:127, ADC average: 137365
#db# LF: Divisor:126, ADC average: 137365
#db# LF: Divisor:125, ADC average: 137365
#db# LF: Divisor:124, ADC average: 137365
#db# LF: Divisor:123, ADC average: 137365
#db# LF: Divisor:122, ADC average: 137365
#db# LF: Divisor:121, ADC average: 137365
#db# LF: Divisor:120, ADC average: 137365
#db# LF: Divisor:119, ADC average: 137365
#db# LF: Divisor:118, ADC average: 137365
#db# LF: Divisor:117, ADC average: 137365
#db# LF: Divisor:116, ADC average: 137365
#db# LF: Divisor:115, ADC average: 137365
#db# LF: Divisor:114, ADC average: 137365
#db# LF: Divisor:113, ADC average: 137365
#db# LF: Divisor:112, ADC average: 137365
#db# LF: Divisor:111, ADC average: 137365
#db# LF: Divisor:110, ADC average: 137365
#db# LF: Divisor:109, ADC average: 137365
#db# LF: Divisor:108, ADC average: 137365
#db# LF: Divisor:107, ADC average: 137365
#db# LF: Divisor:106, ADC average: 137365
#db# LF: Divisor:105, ADC average: 137365
#db# LF: Divisor:104, ADC average: 137365
#db# LF: Divisor:103, ADC average: 137365
#db# LF: Divisor:102, ADC average: 137365
#db# LF: Divisor:101, ADC average: 137365
#db# LF: Divisor:100, ADC average: 137365
#db# LF: Divisor:99, ADC average: 137365
#db# LF: Divisor:98, ADC average: 137365
#db# LF: Divisor:97, ADC average: 137365
#db# LF: Divisor:96, ADC average: 137365
#db# LF: Divisor:95, ADC average: 137365
#db# LF: Divisor:94, ADC average: 137365
#db# LF: Divisor:93, ADC average: 137365
#db# LF: Divisor:92, ADC average: 137365
#db# LF: Divisor:91, ADC average: 137365
#db# LF: Divisor:90, ADC average: 137365
#db# LF: Divisor:89, ADC average: 137365
#db# LF: Divisor:88, ADC average: 137365
#db# LF: Divisor:87, ADC average: 137365
#db# LF: Divisor:86, ADC average: 137365
#db# LF: Divisor:85, ADC average: 137365
#db# LF: Divisor:84, ADC average: 137365
#db# LF: Divisor:83, ADC average: 137365
#db# LF: Divisor:82, ADC average: 137365
#db# LF: Divisor:81, ADC average: 137365
#db# LF: Divisor:80, ADC average: 137365
#db# LF: Divisor:79, ADC average: 137365
#db# LF: Divisor:78, ADC average: 137365
#db# LF: Divisor:77, ADC average: 137365
#db# LF: Divisor:76, ADC average: 137365
#db# LF: Divisor:75, ADC average: 137365
#db# LF: Divisor:74, ADC average: 137365
#db# LF: Divisor:73, ADC average: 137365
#db# LF: Divisor:72, ADC average: 137365
#db# LF: Divisor:71, ADC average: 137365
#db# LF: Divisor:70, ADC average: 137365
#db# LF: Divisor:69, ADC average: 137365
#db# LF: Divisor:68, ADC average: 137365
#db# LF: Divisor:67, ADC average: 137365
#db# LF: Divisor:66, ADC average: 137365
#db# LF: Divisor:65, ADC average: 137365
#db# LF: Divisor:64, ADC average: 137365
#db# LF: Divisor:63, ADC average: 137365
#db# LF: Divisor:62, ADC average: 137365
#db# LF: Divisor:61, ADC average: 137365
#db# LF: Divisor:60, ADC average: 137365
#db# LF: Divisor:59, ADC average: 137365
#db# LF: Divisor:58, ADC average: 137365
#db# LF: Divisor:57, ADC average: 137365
#db# LF: Divisor:56, ADC average: 137365
#db# LF: Divisor:55, ADC average: 137365
#db# LF: Divisor:54, ADC average: 137365
#db# LF: Divisor:53, ADC average: 137365
#db# LF: Divisor:52, ADC average: 137365
#db# LF: Divisor:51, ADC average: 137365
#db# LF: Divisor:50, ADC average: 137365
#db# LF: Divisor:49, ADC average: 137365
#db# LF: Divisor:48, ADC average: 137365
#db# LF: Divisor:47, ADC average: 137365
#db# LF: Divisor:46, ADC average: 137365
#db# LF: Divisor:45, ADC average: 137365
#db# LF: Divisor:44, ADC average: 137365
#db# LF: Divisor:43, ADC average: 137365
#db# LF: Divisor:42, ADC average: 137365
#db# LF: Divisor:41, ADC average: 137365
#db# LF: Divisor:40, ADC average: 137365
#db# LF: Divisor:39, ADC average: 137365
#db# LF: Divisor:38, ADC average: 137365
#db# LF: Divisor:37, ADC average: 137365
#db# LF: Divisor:36, ADC average: 137365
#db# LF: Divisor:35, ADC average: 137365
#db# LF: Divisor:34, ADC average: 137365
#db# LF: Divisor:33, ADC average: 137365
#db# LF: Divisor:32, ADC average: 137365
#db# LF: Divisor:31, ADC average: 137365
#db# LF: Divisor:30, ADC average: 137365
#db# LF: Divisor:29, ADC average: 137365
#db# LF: Divisor:28, ADC average: 137365
#db# LF: Divisor:27, ADC average: 137365
#db# LF: Divisor:26, ADC average: 137365
#db# LF: Divisor:25, ADC average: 137365
#db# LF: Divisor:24, ADC average: 137365
#db# LF: Divisor:23, ADC average: 137365
#db# LF: Divisor:22, ADC average: 137365
#db# LF: Divisor:21, ADC average: 137365
#db# LF: Divisor:20, ADC average: 137365
#db# Measuring complete, sending report back to host
# LF antenna: 6,29 V @ 125.00 kHz
# LF antenna: 6,29 V @ 134.00 kHz
# LF optimal: 6,29 V @ 46,88 kHz
# HF antenna: 11,34 V @ 13.56 MHz
# Your LF antenna is marginal.
proxmark3> Few traces later with lf antenna (77 turns wire diameter 0.1 antenna diameter 12.5 etc.. doesnt matter i guess)
See:
proxmark3> hw tune
#db# Measuring antenna characteristics, please wait...
#db# LF: Divisor:255, ADC average: 31958
#db# LF: Divisor:254, ADC average: 28735
#db# LF: Divisor:253, ADC average: 22021
#db# LF: Divisor:252, ADC average: 30615
#db# LF: Divisor:251, ADC average: 32897
#db# LF: Divisor:250, ADC average: 25378
#db# LF: Divisor:249, ADC average: 27661
#db# LF: Divisor:248, ADC average: 32629
#db# LF: Divisor:247, ADC average: 29541
#db# LF: Divisor:246, ADC average: 26989
#db# LF: Divisor:245, ADC average: 31689
#db# LF: Divisor:244, ADC average: 32495
#db# LF: Divisor:243, ADC average: 27526
#db# LF: Divisor:242, ADC average: 29272
#db# LF: Divisor:241, ADC average: 32360
#db# LF: Divisor:240, ADC average: 29943
#db# LF: Divisor:239, ADC average: 28332
#db# LF: Divisor:238, ADC average: 31823
#db# LF: Divisor:237, ADC average: 31420
#db# LF: Divisor:236, ADC average: 27258
#db# LF: Divisor:235, ADC average: 30749
#db# LF: Divisor:234, ADC average: 31823
#db# LF: Divisor:233, ADC average: 28063
#db# LF: Divisor:232, ADC average: 29541
#db# LF: Divisor:231, ADC average: 31823
#db# LF: Divisor:230, ADC average: 30749
#db# LF: Divisor:229, ADC average: 29943
#db# LF: Divisor:228, ADC average: 31018
#db# LF: Divisor:227, ADC average: 31286
#db# LF: Divisor:226, ADC average: 29138
#db# LF: Divisor:225, ADC average: 30346
#db# LF: Divisor:224, ADC average: 31152
#db# LF: Divisor:223, ADC average: 30615
#db# LF: Divisor:222, ADC average: 30212
#db# LF: Divisor:221, ADC average: 31420
#db# LF: Divisor:220, ADC average: 30883
#db# LF: Divisor:219, ADC average: 29809
#db# LF: Divisor:218, ADC average: 30480
#db# LF: Divisor:217, ADC average: 31018
#db# LF: Divisor:216, ADC average: 28869
#db# LF: Divisor:215, ADC average: 29541
#db# LF: Divisor:214, ADC average: 30749
#db# LF: Divisor:213, ADC average: 29943
#db# LF: Divisor:212, ADC average: 29675
#db# LF: Divisor:211, ADC average: 30615
#db# LF: Divisor:210, ADC average: 30615
#db# LF: Divisor:209, ADC average: 30078
#db# LF: Divisor:208, ADC average: 30615
#db# LF: Divisor:207, ADC average: 30749
#db# LF: Divisor:206, ADC average: 30346
#db# LF: Divisor:205, ADC average: 30212
#db# LF: Divisor:204, ADC average: 31018
#db# LF: Divisor:203, ADC average: 30749
#db# LF: Divisor:202, ADC average: 29943
#db# LF: Divisor:201, ADC average: 30749
#db# LF: Divisor:200, ADC average: 30749
#db# LF: Divisor:199, ADC average: 29809
#db# LF: Divisor:198, ADC average: 30480
#db# LF: Divisor:197, ADC average: 30749
#db# LF: Divisor:196, ADC average: 30212
#db# LF: Divisor:195, ADC average: 29943
#db# LF: Divisor:194, ADC average: 30480
#db# LF: Divisor:193, ADC average: 30346
#db# LF: Divisor:192, ADC average: 29809
#db# LF: Divisor:191, ADC average: 30749
#db# LF: Divisor:190, ADC average: 30749
#db# LF: Divisor:189, ADC average: 30212
#db# LF: Divisor:188, ADC average: 30480
#db# LF: Divisor:187, ADC average: 30749
#db# LF: Divisor:186, ADC average: 30480
#db# LF: Divisor:185, ADC average: 30212
#db# LF: Divisor:184, ADC average: 30480
#db# LF: Divisor:183, ADC average: 30883
#db# LF: Divisor:182, ADC average: 29943
#db# LF: Divisor:181, ADC average: 30615
#db# LF: Divisor:180, ADC average: 30883
#db# LF: Divisor:179, ADC average: 30615
#db# LF: Divisor:178, ADC average: 30883
#db# LF: Divisor:177, ADC average: 31018
#db# LF: Divisor:176, ADC average: 30883
#db# LF: Divisor:175, ADC average: 30078
#db# LF: Divisor:174, ADC average: 30615
#db# LF: Divisor:173, ADC average: 30346
#db# LF: Divisor:172, ADC average: 30078
#db# LF: Divisor:171, ADC average: 30078
#db# LF: Divisor:170, ADC average: 30212
#db# LF: Divisor:169, ADC average: 30212
#db# LF: Divisor:168, ADC average: 30346
#db# LF: Divisor:167, ADC average: 30615
#db# LF: Divisor:166, ADC average: 30346
#db# LF: Divisor:165, ADC average: 30212
#db# LF: Divisor:164, ADC average: 30212
#db# LF: Divisor:163, ADC average: 29943
#db# LF: Divisor:162, ADC average: 29943
#db# LF: Divisor:161, ADC average: 29943
#db# LF: Divisor:160, ADC average: 30212
#db# LF: Divisor:159, ADC average: 30346
#db# LF: Divisor:158, ADC average: 30346
#db# LF: Divisor:157, ADC average: 30615
#db# LF: Divisor:156, ADC average: 30346
#db# LF: Divisor:155, ADC average: 30346
#db# LF: Divisor:154, ADC average: 30212
#db# LF: Divisor:153, ADC average: 29943
#db# LF: Divisor:152, ADC average: 30346
#db# LF: Divisor:151, ADC average: 29943
#db# LF: Divisor:150, ADC average: 30212
#db# LF: Divisor:149, ADC average: 30212
#db# LF: Divisor:148, ADC average: 30078
#db# LF: Divisor:147, ADC average: 30212
#db# LF: Divisor:146, ADC average: 30346
#db# LF: Divisor:145, ADC average: 29675
#db# LF: Divisor:144, ADC average: 29943
#db# LF: Divisor:143, ADC average: 29675
#db# LF: Divisor:142, ADC average: 29943
#db# LF: Divisor:141, ADC average: 29809
#db# LF: Divisor:140, ADC average: 29943
#db# LF: Divisor:139, ADC average: 30078
#db# LF: Divisor:138, ADC average: 29541
#db# LF: Divisor:137, ADC average: 29943
#db# LF: Divisor:136, ADC average: 29675
#db# LF: Divisor:135, ADC average: 29406
#db# LF: Divisor:134, ADC average: 29272
#db# LF: Divisor:133, ADC average: 29272
#db# LF: Divisor:132, ADC average: 29272
#db# LF: Divisor:131, ADC average: 28869
#db# LF: Divisor:130, ADC average: 29138
#db# LF: Divisor:129, ADC average: 29675
#db# LF: Divisor:128, ADC average: 29406
#db# LF: Divisor:127, ADC average: 29406
#db# LF: Divisor:126, ADC average: 29809
#db# LF: Divisor:125, ADC average: 29675
#db# LF: Divisor:124, ADC average: 29541
#db# LF: Divisor:123, ADC average: 29809
#db# LF: Divisor:122, ADC average: 29809
#db# LF: Divisor:121, ADC average: 29541
#db# LF: Divisor:120, ADC average: 29541
#db# LF: Divisor:119, ADC average: 29809
#db# LF: Divisor:118, ADC average: 29943
#db# LF: Divisor:117, ADC average: 30212
#db# LF: Divisor:116, ADC average: 29943
#db# LF: Divisor:115, ADC average: 29809
#db# LF: Divisor:114, ADC average: 30078
#db# LF: Divisor:113, ADC average: 30212
#db# LF: Divisor:112, ADC average: 29809
#db# LF: Divisor:111, ADC average: 29809
#db# LF: Divisor:110, ADC average: 29809
#db# LF: Divisor:109, ADC average: 30212
#db# LF: Divisor:108, ADC average: 30346
#db# LF: Divisor:107, ADC average: 30480
#db# LF: Divisor:106, ADC average: 30615
#db# LF: Divisor:105, ADC average: 30212
#db# LF: Divisor:104, ADC average: 30346
#db# LF: Divisor:103, ADC average: 30480
#db# LF: Divisor:102, ADC average: 30480
#db# LF: Divisor:101, ADC average: 30212
#db# LF: Divisor:100, ADC average: 30212
#db# LF: Divisor:99, ADC average: 29943
#db# LF: Divisor:98, ADC average: 30078
#db# LF: Divisor:97, ADC average: 30212
#db# LF: Divisor:96, ADC average: 30078
#db# LF: Divisor:95, ADC average: 30212
#db# LF: Divisor:94, ADC average: 30078
#db# LF: Divisor:93, ADC average: 30346
#db# LF: Divisor:92, ADC average: 30346
#db# LF: Divisor:91, ADC average: 30212
#db# LF: Divisor:90, ADC average: 30212
#db# LF: Divisor:89, ADC average: 30078
#db# LF: Divisor:88, ADC average: 30078
#db# LF: Divisor:87, ADC average: 30212
#db# LF: Divisor:86, ADC average: 30346
#db# LF: Divisor:85, ADC average: 30346
#db# LF: Divisor:84, ADC average: 30212
#db# LF: Divisor:83, ADC average: 30212
#db# LF: Divisor:82, ADC average: 30212
#db# LF: Divisor:81, ADC average: 30346
#db# LF: Divisor:80, ADC average: 30346
#db# LF: Divisor:79, ADC average: 30212
#db# LF: Divisor:78, ADC average: 30078
#db# LF: Divisor:77, ADC average: 30480
#db# LF: Divisor:76, ADC average: 30615
#db# LF: Divisor:75, ADC average: 30749
#db# LF: Divisor:74, ADC average: 30749
#db# LF: Divisor:73, ADC average: 30480
#db# LF: Divisor:72, ADC average: 30749
#db# LF: Divisor:71, ADC average: 30749
#db# LF: Divisor:70, ADC average: 30749
#db# LF: Divisor:69, ADC average: 30883
#db# LF: Divisor:68, ADC average: 30749
#db# LF: Divisor:67, ADC average: 31152
#db# LF: Divisor:66, ADC average: 31286
#db# LF: Divisor:65, ADC average: 31555
#db# LF: Divisor:64, ADC average: 31689
#db# LF: Divisor:63, ADC average: 31555
#db# LF: Divisor:62, ADC average: 31823
#db# LF: Divisor:61, ADC average: 31823
#db# LF: Divisor:60, ADC average: 31958
#db# LF: Divisor:59, ADC average: 31958
#db# LF: Divisor:58, ADC average: 32226
#db# LF: Divisor:57, ADC average: 32092
#db# LF: Divisor:56, ADC average: 32360
#db# LF: Divisor:55, ADC average: 32092
#db# LF: Divisor:54, ADC average: 32360
#db# LF: Divisor:53, ADC average: 32495
#db# LF: Divisor:52, ADC average: 32629
#db# LF: Divisor:51, ADC average: 32629
#db# LF: Divisor:50, ADC average: 32360
#db# LF: Divisor:49, ADC average: 32226
#db# LF: Divisor:48, ADC average: 32226
#db# LF: Divisor:47, ADC average: 32092
#db# LF: Divisor:46, ADC average: 32226
#db# LF: Divisor:45, ADC average: 31420
#db# LF: Divisor:44, ADC average: 29138
#db# LF: Divisor:43, ADC average: 30615
#db# LF: Divisor:42, ADC average: 31420
#db# LF: Divisor:41, ADC average: 31958
#db# LF: Divisor:40, ADC average: 32226
#db# LF: Divisor:39, ADC average: 32226
#db# LF: Divisor:38, ADC average: 32360
#db# LF: Divisor:37, ADC average: 32226
#db# LF: Divisor:36, ADC average: 32495
#db# LF: Divisor:35, ADC average: 32495
#db# LF: Divisor:34, ADC average: 32360
#db# LF: Divisor:33, ADC average: 32763
#db# LF: Divisor:32, ADC average: 32629
#db# LF: Divisor:31, ADC average: 33032
#db# LF: Divisor:30, ADC average: 33032
#db# LF: Divisor:29, ADC average: 32629
#db# LF: Divisor:28, ADC average: 32763
#db# LF: Divisor:27, ADC average: 32629
#db# LF: Divisor:26, ADC average: 32763
#db# LF: Divisor:25, ADC average: 32629
#db# LF: Divisor:24, ADC average: 32495
#db# LF: Divisor:23, ADC average: 32763
#db# LF: Divisor:22, ADC average: 32629
#db# LF: Divisor:21, ADC average: 33032
#db# LF: Divisor:20, ADC average: 32897
#db# Measuring complete, sending report back to host
# LF antenna: 30,21 V @ 125.00 kHz
# LF antenna: 30,08 V @ 134.00 kHz
# LF optimal: 33,03 V @ 375,00 kHz
# HF antenna: 11,28 V @ 13.56 MHz It measures almost the same voltage on all divisors (48khz to 600 khz!) - Something is defenitely wrong -.-
The part in appmain.c explains the output:
LED_B_ON();
DbpString("Measuring antenna characteristics, please wait...");
memset(dest,0,sizeof(FREE_BUFFER_SIZE));
/*
* Sweeps the useful LF range of the proxmark from
* 46.8kHz (divisor=255) to 600kHz (divisor=19) and
* read the voltage in the antenna, the result left
* in the buffer is a graph which should clearly show
* the resonating frequency of your LF antenna
* ( hopefully around 95 if it is tuned to 125kHz!)
*/
FpgaWriteConfWord(FPGA_MAJOR_MODE_LF_READER);
for (i=255; i>19; i--) {
WDT_HIT();
FpgaSendCommand(FPGA_CMD_SET_DIVISOR, i);
SpinDelay(20);
// Vref = 3.3V, and a 10000:240 voltage divider on the input
// can measure voltages up to 137500 mV
adcval = ((137500 * AvgAdc(ADC_CHAN_LF)) >> 10);
Dbprintf("LF: Divisor:%d, ADC average: %d", i, adcval); // Enio
if (i==95) vLf125 = adcval; // voltage at 125Khz
if (i==89) vLf134 = adcval; // voltage at 134Khz
dest[i] = adcval>>8; // scale int to fit in byte for graphing purposes
if(dest[i] > peak) {
peakv = adcval;
peak = dest[i];
peakf = i;
//ptr = i;
}
}Last edited by Enio (2014-03-02 19:49:41)
Offline
#249 2014-03-03 00:43:02
- benoit37000
- Contributor
- From: France
- Registered: 2013-10-10
- Posts: 21
Re: proxmark3 gerbers and bill of material
Hello some news
i manage to finish my openocd compile for bus-pirate as a jtag flashing reading Tools
Using the .cfg file found at http://umeahackerspace.se/2013/03/21/bus-pirate-saves-the-day-proxmark3-jtag-flashing/
i managed to burn via jtag the 807 revision ( the one i use on my working pm3).
after this i flashed via the flasher tools the fullimage an bootrom
and made the test nothing in HW tune ( when i burn some other image after 2 or 3or 4 times i manage to make the pm3 work .... so no Hardware problem i think )
Then i made a dump of the flash of both proxmark ( the working one wtih 256k mem:working-pm3-at91sam7S256-rev-c.bin and the group buy one with 512 k: notworking-pm3-at91sam7S512-rev-a.bin)
the Dumps are here http://www.sendspace.com/file/hb7j17
it 'is interesting there are some differences in the image starting at adress 0xd60 ...
i wonder if the memory map organisation could introduce some tricks ....
Benoit
Offline
#250 2014-03-03 05:06:18
- vivat
- Contributor
- Registered: 2010-10-26
- Posts: 332
Re: proxmark3 gerbers and bill of material
Enio
# LF optimal: 6,29 V @ 46,88 kHz
It says that your LF antenna is not well tuned. Try to add/remove few turns. If you can't make your antenna to resonate at 125 or 134 khz, try to re-test LF-peak-detected analog receive path.
And your HF antenna don't "hear" the tag when you sniff it. Try to put in different position. Did you try to crack mifare classic with it?
Also, i have a LF tag that most likely is a Philips Hitag 2 and i dont get any change in Voltages with it in proximity.
Can you show it's photo?
the Dumps are here http://www.sendspace.com/file/hb7j17
I'll try to look at them.
i wonder if the memory map organisation could introduce some tricks ....
There is header file ./include/at91sam7s512.h
I am wondering if it is correct?
Offline