Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"lf em 410x brute" reading on wrong memory location: #2511

Open
sueppchen opened this issue Sep 16, 2024 · 1 comment
Open

"lf em 410x brute" reading on wrong memory location: #2511

sueppchen opened this issue Sep 16, 2024 · 1 comment

Comments

@sueppchen
Copy link

when I start lf em 410x brute with file its output is

usb] pm3 --> lf em 410x brute -f /tmp/ids.txt
[+] Loaded 4096 EM Tag IDs from /tmp/ids.txt, pause delay:1000 ms
[=] Bruteforce 1 / 4096: simulating EM Tag ID AE17110000
[=] ............
[=] Bruteforce 2 / 4096: simulating EM Tag ID AE17110001
[=] ............
[=] Bruteforce 3 / 4096: simulating EM Tag ID AE17110002
[=] ............
[=] Bruteforce 4 / 4096: simulating EM Tag ID AE17110003
[=] ............
[=] Bruteforce 5 / 4096: simulating EM Tag ID AE171100B1
[=] ............
[=] Bruteforce 6 / 4096: simulating EM Tag ID 6E00000000
[=] ............
[=] Bruteforce 7 / 4096: simulating EM Tag ID 0000C00700
[=] ............
[=] Bruteforce 8 / 4096: simulating EM Tag ID 7013720000
[=] ............
[=] Bruteforce 9 / 4096: simulating EM Tag ID C007007013
[=] ............
[=] Bruteforce 10 / 4096: simulating EM Tag ID 72000000BE
[=] ............
[=] Bruteforce 11 / 4096: simulating EM Tag ID 0370137200
[=] ............
[=] Bruteforce 12 / 4096: simulating EM Tag ID 0000BE0370
[=] ............
[=] Bruteforce 13 / 4096: simulating EM Tag ID 137200000C
[=] ............
[=] Bruteforce 14 / 4096: simulating EM Tag ID AE1711000D
[=] ............
[=] Bruteforce 15 / 4096: simulating EM Tag ID AE1711000E
[=] ............
[=] Bruteforce 16 / 4096: simulating EM Tag ID AE1711000F
[=] ............
[=] Bruteforce 17 / 4096: simulating EM Tag ID AE17110010
[=] ............
[=] Bruteforce 18 / 4096: simulating EM Tag ID AE17110011
[=] ............
[!] ⚠️ aborted via keyboard!

but the file contents are

$:/tmp$ head ids.txt -n 20
AE17110000
AE17110001
AE17110002
AE17110003
AE17110004
AE17110005
AE17110006
AE17110007
AE17110008
AE17110009
AE1711000A
AE1711000B
AE1711000C
AE1711000D
AE1711000E
AE1711000F
AE17110010
AE17110011
AE17110012
AE17110013
-- > shorted here < --

sometimes the client crashes with memory access error, sometimes it works, but gives strange output

MCU....... AT91SAM7S512 Rev A
Memory.... 512 KB ( 65% used )

Client.... Iceman/master/v4.18994-65-g805dc99b9-dirty 2024-09-15 22:40:40
Bootrom... Iceman/master/v4.18994-65-g805dc99b9-dirty-suspect 2024-09-15 22:15:06 
OS........ Iceman/master/v4.18994-65-g805dc99b9-dirty-suspect 2024-09-15 22:40:44 
Target.... PM3 GENERIC

OS = ubuntu 22.4

any suggestions how to fix?

greetz sueppchen
@iceman1001
Copy link
Collaborator

Sounds like a bug to me. Haven't run this 4x01 brute in quite some years.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iceman1001 @sueppchen