Hi.
I just got my PM3 easy from here and I’m trying to identify my access-card to work.
A little bit of history.
Right now I’m using a Pagopace Payment-Ring together with the Fidesmo/Curve-App and I’m very
pleased in using it.
Using an implant is just the next logical step.
My plans are:
I. Identify my access-card with the PM3 easy
II. Clone the access-card to a card which came with the PM3, just to see if I’m on the right way.
III. Clone the card to a Magic Ring if it has the right chip for it.
IV. Get the correct implant for the access-card.
V. If available switch from the Pagopace-Ring to for example to Vivokey Apex Flex as a second
implant to pay with my other hand.
Ok. I’m right now just with step I.
Here ist what it looks like. Everything is done on a Ubuntu Linux Laptop.
the PM3:
[+] loaded from JSON file /home/cbode/.proxmark3/preferences.json
[=] Using UART port /dev/ttyACM0
[=] Communicating with PM3 over USB-CDC
[ Proxmark3 RFID instrument ]
MCU....... AT91SAM7S512 Rev A
Memory.... 512 Kb ( 60% used )
Client.... Iceman/master/v4.16191-85-g9b331b37a-dirty 2023-02-20 12:16:28
Bootrom... Iceman/master/v4.16191-85-g9b331b37a-dirty-unclean 2023-02-20 12:16:05
OS........ Iceman/master/v4.16191-85-g9b331b37a-dirty-unclean 2023-02-20 12:16:22
Target.... PM3 GENERIC
Looks like its working. So I started to test some of my access-cards.
the first one:
[usb|script] pm3 → hf search
[+] UID: 04 1B 68 82 80 0F 90
[+] ATQA: 03 44
[+] SAK: 20 [1]
[+] MANUFACTURER: NXP Semiconductors Germany
[+] Possible types:
[+] MIFARE DESFire CL2
[+] MIFARE DESFire EV1 256B/2K/4K/8K CL2
[+] MIFARE DESFire EV2 2K/4K/8K/16K/32K
[+] MIFARE DESFire EV3 2K/4K/8K
[+] MIFARE DESFire Light 640B
[+] NTAG 4xx
[=] -------------------------- ATS --------------------------
[+] ATS: 0F 75 77 81 02 53 45 20 44 45 53 46 69 72 65 [ 53 00 ]
[=] 0F… TL length is 15 bytes
[=] 75… T0 TA1 is present, TB1 is present, TC1 is present, FSCI is 5 (FSC = 64)
[=] 77… TA1 different divisors are supported, DR: [2, 4, 8], DS: [2, 4, 8]
[=] 81… TB1 SFGI = 1 (SFGT = 8192/fc), FWI = 8 (FWT = 1048576/fc)
[=] 02… TC1 NAD is NOT supported, CID is supported
[=] -------------------- Historical bytes --------------------
[+] 53452044455346697265
[?] Hint: try hf mfdes info
[+] Valid ISO 14443-A tag found
the second one:
[usb|script] pm3 → hf search
[+] UID: 24 AE 3A 34
[+] ATQA: 00 04
[+] SAK: 08 [2]
[+] Possible types:
[+] MIFARE Classic 1K
[=] proprietary non iso14443-4 card found, RATS not supported
[+] Prng detection: hard
[=]
[=] — Tag Signature
[=] IC signature public key name: NXP Mifare Classic MFC1C14_x
[=] IC signature public key value: [ …signature public key deleted but I get one…]
[=] Elliptic curve parameters: NID_secp128r1
[=] TAG IC Signature: […signature deleted but I get one…]
[+] Signature verification: successful
[?] Hint: try hf mf
commands
[+] Valid ISO 14443-A tag found
the third and interesting one I like to clone:
[usb|script] pm3 → hf search
[!] No known/supported 13.56 MHz tags found
Some more tests:
One NFC-for my home:
[usb|script] pm3 → hf search
[+] UID: E0 07 C5 35 4F AD 89 90
[+] TYPE: Texas Instrument; Tag-it HF-I Pro; 8x23bit; password
[+] Valid ISO 15693 tag found
Apple AirTag:
[usb|script] pm3 → lf search
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags…
[=]
[!] command execution time out
[-] No data found!
[?] Maybe not an LF tag?
[usb|script] pm3 → hf search
[!] No known/supported 13.56 MHz tags found
For me it looks like the PM3 Easy is working but at this point it does not support the interesting
access-card.
Do I need a RDV4 or RDV4.1 to get it identify or are there other tricks to get the needed
information.
I’m just new in the NFC/RFID business and this was just my first test.
Any help will be appreciated.
Regards
Christian