-
Notifications
You must be signed in to change notification settings - Fork 912
Walkthrough of a EM4102 tag
Iceman edited this page Jan 26, 2019
·
1 revision
This page will walk new users through the process of analysing EM410X cards/tags.
Open proxmark:
cd proxmark3 proxmark3 <com port | tty >Loading a previous trace:
proxmark3> data load traces/EM4102-1.pm3 loaded 16000 samplesTo display the wave form use the following command
proxmark3> data plotEM410X cards use ASK modulation, so use the askdemod command to demodulate to low(0) or high(1) signals, depending on which one you use you either end up with a pattern or an inverted pattern of bits:
- Update -
use instead the 'data rawdemod am' command
and you are done...proxmark3> data askdemod 1Lastly EM4100 tags additionally use Manchester modulation, use the following command to demodulate the Manchester Encoding:
proxmark3> data mandemod 64 Warning: Manchester decode error for pulse width detection. (too many of those messages mean either the stream is not Manchester encoded, or clock is wrong) Unsynchronized, resync... (too many of those messages mean the stream is not Manchester encoded) Manchester decoded bitstream 0 0 1 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 1 1 1 1 0 0 0 1 1 1 0 0 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 1 0 1 1 1 1 0 0 1 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 1 1 1 1 0 0 0 1 1 1 0 0 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 1 0 1 1 1 1 0 0 1 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 1 1 1 1 0 0 0 1 1 1 0 0 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 0 0 1 0 1 1 1 1 0 0 1 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 1 1 1 1 0 0 0 1 1 1 0 0 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 1You should see the following repetitive pattern, starting from the Header sequence (nine 1's):
1111111110000000011000001000101111001011110101111011111100011100Remove the Header bits (9x 1's) and note every 4th bit is a Parity bit
1 1 1 1 1 1 1 1 1 0 0 0 0| 0| 0 0 0 1| 1| 0 0 0 0| 0| 1 0 0 0| 1| 0 1 1 1| 1| 0 0 1 0| 1| 1 1 1 0| 1| 0 1 1 1| 1| 0 1 1 1| 1| 1 1 0 0| 0| column parity & stop bit 1 1 1 0| 0Translating the 4-bit codes should result in the following id:
0x010872E77C
Struggling with this manual? Do you miss some explanation or found something wrong or ambigious? Then please post in the Manual Feedback section of the forum. Any feedback is appreciated.