-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect encoding for C1k48s with HID preamble #1791
Comments
Interesting... we should not add bit 37 header for formats larger than 36 bits... |
Hi! thank you for pointing out the issue. I have commented out the lines, recompiled, and it works, no error during cloning like before. but if I read my neXt implant after this its a false positive Indala ID, and always changing the data. chip is t55xx. here is the output: [usb] pm3 --> lf search [=] NOTE: some demods output possible binary [=] raw: 09e000000001XXXXXXXXXXXX [+] Valid HID Prox ID found! [=] Couldn't identify a chipset [usb] pm3 --> lf hid clone -w C1k48s --fc 2XX --cn 53XXXX [usb] pm3 --> lf search [=] NOTE: some demods output possible binary [+] Valid Indala ID found! [=] Couldn't identify a chipset [=] NOTE: some demods output possible binary [+] Valid Indala ID found! [=] Couldn't identify a chipset [+] Valid Indala ID found! If I clone an EM410x the output is this: [=] NOTE: some demods output possible binary [+] Valid EM410x ID found! Cannot figure out the problem. raw clone also end up with the same weird indala card |
[usb] pm3 --> lf t55xx detect this is the output after hid clone |
Hypothetically a person should be able to use When an HID C1k48s encoded card encounters a reader, the message it repeats is a total of 96 bits, including the 9e header. |
feel free to find a solution and make a PR |
I'm using a Proxmark 3 easy to read, simulate, brute and write cards for a HID Corporate 1000 48 bit system using the Wiegand C1k48s format. I can correctly write and simulate a known card when I input a raw data string to the sim and clone commands.
Using the wiegand encode command to encode a fc and cn into the C1k48s format with the modifier --pre to add HID preamble results in a string of data that is too long for use. The --pre command does add the necessary preceding "1" on the raw data.
Example for C1k48s Facility code 1245, card number 1235
What we get without the HID header added: 803039006072
What we get with HID Header added: 09e00000001803039006072 (note the 1 added before the 8)
What we want: 1803039006072
To fix this I commented out the following lines in wiegand_formatutils.c from the add_HID_header function.
Line 200: // data->Top |= 0x09e00000; // Extended-length header
Line 203: // data->Top |= 0x09e00000; // Extended-length header
Line 208: // data->Mid |= 0x20; // Bit 37; standard header
Line 211: // data->Mid |= 0x20; // Bit 37; standard header
After commenting out those lines and recompiling I had no issues simulating cards. The correct fix would be to identify that when the format is C1k48s do not add the full 0x09e00000 preamble for HID rather just add a preceding 1.
The text was updated successfully, but these errors were encountered: