xSIID - Memory layout

Support
1

Hey all,

I’m after some info on the xSIID and was wondering if someone on here could point me in the right direction.

I’m looking to write a script for the proxmark and play around with the config pages (might also write soemthing in lua for the pm3 to write to sector 1) but I’m a bit confused with the config pages when I dump my xSIID:

[=] 224/0xE0 | 00 00 00 00 | 0 | ....
[=] 225/0xE1 | 53 69 69 44 | 0 | SiiD
[=] 226/0xE2 | 00 00 FF 00 | 0 | ....
[=] 227/0xE3 | 00 00 00 E2 | 0 | ....
[=] 228/0xE4 | 00 00 00 00 | 0 | ....
[=] 229/0xE5 | 00 00 00 00 | 0 | ....
[=] 230/0xE6 | 00 00 00 00 | 0 | ....
[=] 231/0xE7 | 00 00 00 00 | 0 | ....
[=] 232/0xE8 | 44 4E 47 52 | 0 | DNGR
[=] 233/0xE9 | 00 00 00 00 | 0 | ....
[=] ---------------------------------

I expected the PWD would be in E5 according to the datasheet, I asked on the Discord and I’ve since learnt this can be changed to a different page because it’s an i2c chip?

Does anyone know the layout for the xSIID config pages? I don’t want to accidentally flip one of the dynamic lock bits.

2

I cant help directly, but hoping tgere is something in the links below that can

Scroll to the bottom of this one

1 Like
3

Thanks, maybe the pm3 output is off. I did a full scan with taginfo and it looks, how I expected it to. Just not sure why the pm3 is putting the PWD into E8.

[0DF] . 00 00 00 00 |....|
[0E0] . 00 00 00 00 |....|
[0E1] . 53 69 69 44 |SiiD|
[0E2] . 00 00 FF 00 (LOCK2-LOCK4, CHK)
[0E3] . 00 00 00 E2 (RFU-RFU, AUTH0)
[0E4] . 00 00 00 00 (ACCESS, RFU-RFU)
[0E5] . 00 00 00 00 (PWD)
[0E6] . 00 00 00 00 (PACK,PACK,RFU,RFU)
[0E7] . 00 00 00 00 (PT_I2C, RFU-RFU)
[100] . 00 00 00 00 |....|
[101] . 00 00 00 00 |....|

Configuration registers:
[0E8] w 01 00 F8 48 (NC, LD, SM, WDT0)
[0E9] w 08 01 00 -- (WDT1, CLK, LOCK)

Session registers:
[0EC] r 01 00 F8 48 (NC, LD, SM, WDT0)
[0ED] r 08 01 01 -- (WDT1, CLK, NS)
1 Like
4

probably this.

1 Like