Y’all have managed to solve my past RFID issues so figured I’d come back again. Currently trying to simulate an LF card (Kantech IoProx) with the Proxmark3 but not getting any response from the reader when I do. Normally, when I present an ioprox card to the reader (even an invalid one) it will beep indicating something has been detected, however, in this case no indication that the card has been detected.
I’ve been successfully able to clone cards to a T5577 chip and my NeXT implant so I know the LF functions on the Promark are working.
The command I’m running is:
lf io sim --vn 2 --fc 88 --cn 33190
Appreciative if there any Proxmark wizards out there who can help.
Hello, (Not a certified wizard sorry) I note that the ioProx section of the Proxmark guide includes read and clone commands, but not sim, whereas other card types do include a sim section.
So I’d suggest it may not be supported
Edit:
Here is the post of the team who first added the support for that card in 2014 - Given the elapsed time since then and the fact that it’s a propietry format I’d say the sim functionality is too difficult to implement or it would be there.
Well I’m no programmer, but from what I interperate;
The help function of some cards contains a line to “clear buffer” before display the help options,
see line 2218 below
Weird, when I run lf io help I get a totally different set of options:
[usb] pm3 --> lf io help
help this help
demod demodulate an ioProx tag from the GraphBuffer
reader attempt to read and extract tag data
clone clone ioProx tag to T55x7 or Q5/T5555
sim simulate ioProx tag
watch continuously watch for cards. Reader mode
and running the sim command results in it actually trying to do something:
usb] pm3 --> lf io sim --vn 2 --fc 01 --cn 22899
[+] Simulating ioProx version: 2 FC: 1 (0x01) CN: 22899
[+] Press pm3-button to abort simulation or run another command
[+] IO raw bits:
[+] 0000000001111000010000000110000001010101100110111001110100000011
[#] FSK simulating with rf/64, fc high 10, fc low 8, STT 1, n 4100
[=] You can cancel this operation by pressing the pm3 button
[=] Done
Wonder if I’ve cloned down a different repository or something. Mine was cloned from https://github.com/RfidResearchGroup/proxmark3.git
I don’t think hardware version will have anything to do with it… commands run the same on each if the firmware is compiled for the right hw version… but… I mean… you are holding the LF antenna to the reader right? hahh sorry, had to ask
I’m holding the Proxmark directly in front of the reader, and slowly moving it up and down but not getting any response from the reader itself. The reader is a Kantech P225 if it makes a difference. The range on the reader is pretty good with my NeXT - I can basically hold my hand a couple inches away in any orientation and get a read, winder if the Proxmark is significantly more finnicky?
When running the simulation I’m using values identical to the values I used when cloning to a T5577 card, so I believe they should be correct.
@Zwack not sure what you mean by shorting out the Proxmark? I’ve been holding it by the edges of the PCB, should I be grabbing it in a different position?
Holding it by the edge should be good. The LF antenna is attached to the main board by the metal pillars in the middle. If you were bridging across there it has the potential to short out the antenna.
Just to tag on to my own thread here, I had a chance to do a bit of experimenting today and validated I was able to simulate HID cards no issue (tested against a ProxPro II reader), however, it seems there may be a coupling issue with the IOProx readers.
I did manage to get a successful simulation to a P325W26 reader at the office (which is a Wiegand version), however, no such luck getting a read on the P225XSF reader I have at home. Not sure if the difference has to do with the Wiegand vs XSF data format or if it has to do with the antenna differences (the 325 is physically larger and rated for 20cm read distance vs 16cm on the 225). I’ll try and track down a P325XSF to rule out one possibility.
Even on the 325 it’s extremely finicky to get the Proxmark to couple, needs to be in exactly the right position at exactly the right angle. Definitely more difficult then I was expecting it to be.
Did some more testing at work today and simulating with the Proxmark does indeed work on the 325 XSF readers we have, so it seems it doesn’t want to couple with the smaller 225 readers.
Has anyone experimented with making a different LF antenna for the Proxmark? Wonder if it’s possible to make something with a bit more gain.