FM11RF005SH support #875

doegox · 2019-09-12T08:39:28Z

It looks like hf 14a sim t 9 u 0a000000 could simulate FM11RF005SH but this is flawed.
Actually FM11RF005SH does not support anticollision, only WUPA/REQA.
High level:

[usb] pm3 --> hf 14a reader
 UID : 0A 00 00 00           
ATQA : 00 03          
 SAK : 0a [2]          
[+] field dropped.

Simulated:

          0 |        992 | Rdr |52                                                                       |     | WUPA          
       2228 |       4596 | Tag |03  00                                                                   |     |           
       7040 |       9504 | Rdr |93  20                                                                   |     | ANTICOLL          
      10676 |      16500 | Tag |0a  00  00  00  0a                                                       |     |           
      19584 |      30112 | Rdr |93  70  0a  00  00  00  0a  6e  3a                                       |  ok | SELECT_UID          
      31284 |      34868 | Tag |0a  a4  fe

Real:

          0 |        992 | Rdr |52                                                                       |     | WUPA          
       2228 |       4596 | Tag |03  00                                                                   |     |           
       7040 |       9504 | Rdr |93  20                                                                   |     | ANTICOLL          
      10676 |      11252 | Tag |0a!                                                                      |     |           
      14336 |      24800 | Rdr |93  70  0a  00  00  00  0a  6e  3a                                       |  ok | SELECT_UID          
      26036 |      26612 | Tag |0a!

The text was updated successfully, but these errors were encountered:

iceman1001 · 2019-09-12T08:57:10Z

Cool. Getting proper support for Fudan tags would be nice. Really nice.

doegox · 2019-09-12T09:24:12Z

To read the first 8 blocks which are accessible freely in read-only:

hf 14a raw -a -b 7 -p 26
hf 14a raw -p -c 3000
hf 14a raw -p -c 3001
hf 14a raw -p -c 3002
hf 14a raw -p -c 3003
hf 14a raw -p -c 3004
hf 14a raw -p -c 3005
hf 14a raw -p -c 3006
hf 14a raw -c 3007

Example:

[usb] pm3 --> hf 14a raw -a -b 7 -p 26
received 2 bytes          
03 00           
[usb] pm3 --> hf 14a raw -p -c 3000
received 6 bytes          
03 00 02 90 F4 D4           
[usb] pm3 --> hf 14a raw -p -c 3001
received 6 bytes          
26 7D 4E 30 9B 00           
[usb] pm3 --> hf 14a raw -p -c 3002
received 6 bytes          
02 90 14 B2 67 82           
[usb] pm3 --> hf 14a raw -p -c 3003
received 6 bytes          
00 16 12 01 E4 B2           
[usb] pm3 --> hf 14a raw -p -c 3004
received 6 bytes          
EC BF 35 18 E8 E1           
[usb] pm3 --> hf 14a raw -p -c 3005
received 6 bytes          
18 15 9F 84 E8 94           
[usb] pm3 --> hf 14a raw -p -c 3006
received 6 bytes          
FF FF FF 00 E1 AA           
[usb] pm3 --> hf 14a raw -c 3007
received 6 bytes          
00 01 00 00 DC 0C

iceman1001 · 2022-04-30T16:41:50Z

I added some improvements based on issue #1599
If you have a fudan card to test with?

doegox changed the title ~~FM11RF005SH simulation flawed~~ FM11RF005SH support Sep 12, 2019

doegox transferred this issue from another repository Jun 25, 2020

doegox transferred this issue from another repository Jul 11, 2020

iceman1001 mentioned this issue Feb 15, 2022

FM11RF005M reading/cloning problem #1599

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FM11RF005SH support #875

FM11RF005SH support #875

doegox commented Sep 12, 2019

iceman1001 commented Sep 12, 2019

doegox commented Sep 12, 2019

iceman1001 commented Apr 30, 2022

FM11RF005SH support #875

FM11RF005SH support #875

Comments

doegox commented Sep 12, 2019

iceman1001 commented Sep 12, 2019

doegox commented Sep 12, 2019

iceman1001 commented Apr 30, 2022