Hey all
I am new to RFID hacking and the like so bare with me. I recently bought the Magic Ring (Magic Mifare 1k + T5577).
I got the Proxmark3 Easy + Access kit bundle…
I managed to get pm3 up and running on my Mac (Big Sur), and the proxymark3 Easy seems to work… I was able to read and identify and read an work id for example. But I don’t seem to be able to do anything with my Magic Ring.
Heres my ‘hw version’ output
[usb] pm3 --> hw version
[ Proxmark3 RFID instrument ]
[ CLIENT ]
client: RRG/Iceman/master/v4.14434 2021-09-18 21:44:55
compiled with Clang/LLVM Apple LLVM 13.0.0 (clang-1300.0.29.3) OS:OSX ARCH:x86_64
[ PROXMARK3 ]
firmware.................. PM3 GENERIC
[ ARM ]
bootrom: RRG/Iceman/master/v4.9237-2027-g177fcbe4 2020-11-19 14:12:28
os: RRG/Iceman/master/v4.9237-2027-g177fcbe4 2020-11-19 14:13:02
compiled with GCC 9.2.1 20191025 (release) [ARM/arm-9-branch revision 277599]
[ FPGA ]
LF image built for 2s30vq100 on 2020-07-08 at 23: 8: 7
HF image built for 2s30vq100 on 2020-07-08 at 23: 8:19
HF FeliCa image built for 2s30vq100 on 2020-07-08 at 23: 8:30
[ Hardware ]
--= uC: AT91SAM7S512 Rev B
--= Embedded Processor: ARM7TDMI
--= Internal SRAM size: 64K bytes
--= Architecture identifier: AT91SAM7Sxx Series
--= Embedded flash memory 512K bytes ( 52% used )
[usb] pm3 -->
Heres when i attempt to read the Mifare side of Ring – I have tried a dozen+ different positions on the platform.
[usb] pm3 --> hf search
🕓 Searching for ISO14443-A tag...
[+] UID: 01 50 2D 50
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[#] Auth error
[?] Hint: try `hf mf` commands
[+] Valid ISO 14443-A tag found
🕓 Searching for FeliCa tag...[=] You can cancel this operation by pressing the pm3 button
[usb] pm3 -->
Lurking around the forum, that ‘# Auth error’ seems to be problem? Mind you have did absolutely nothing to the ring since i took it out of the box, put it on, or set it on the pm3.
If i try the LF (RFID side of the Ring i get the following:
[usb] pm3 --> lf search
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags...
[=]
[=] # | word (msb) | word (lsb) | desc
[=] ----+-------------+-------------+--------------------
[=] 32 | 00 00 00 00 | 00 00 00 00 | device serial number (read only)
[=] ----+-------------+-------------+--------------------
[=] Serial: 00 00 00 00
[+] Valid EM4x50 ID found!
[usb] pm3 -->
Now you would thing that ‘[+] Valid EM4x50 ID found’ would be a good thing, but I basically get that same output if i run the ‘lf search’ with out anything on the platform, or anything electronic near, on a wood cabinet…
Finally to help with diag if anyone chooses to help… I have also run ‘hw tune’ and its seems to come out ok…
[usb] pm3 --> hw tune
[=] ---------- Reminder ------------------------
[=] `hw tune` doesn't actively tune your antennas,
[=] it's only informative.
[=] Measuring antenna characteristics, please wait...
🕔 9
[=] ---------- LF Antenna ----------
[+] LF antenna: 26.61 V - 125.00 kHz
[+] LF antenna: 20.86 V - 134.83 kHz
[+] LF optimal: 26.93 V - 126.32 kHz
[+] Approx. Q factor (*): 7.0 by frequency bandwidth measurement
[+] Approx. Q factor (*): 7.8 by peak voltage measurement
[+] LF antenna is OK
[=] ---------- HF Antenna ----------
[+] HF antenna: 15.31 V - 13.56 MHz
[+] Approx. Q factor (*): 4.5 by peak voltage measurement
[+] HF antenna is OK
(*) Q factor must be measured without tag on the antenna
[+] Displaying LF tuning graph. Divisor 88 (blue) is 134.83 kHz, 95 (red) is 125.00 kHz.
[!] ⚠️ You appear to be on a MacOS device without XQuartz.
[!] ⚠️ You may need to install XQuartz (https://www.xquartz.org/) to make the plot work.
I did install qt5 from brew before i installed proxmark3, it took forever, but it installed… So graph aside, things look good…
Lastly…
I recognize 2 of the cards in the box with ‘IC-UID’ stamp on the back, and they get recognized as ISO14443-A (MIFARE cards) as well but similar output as my ring. including the Auth Error, but in their case, as ‘Gen 1a’ cards.