-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cant find script mentioned in presentation #265
Comments
It's on my gist account |
Thank you! Is there a tutorial how to read and emulate the ids of my figurines? I am new to chameleonmini. |
Hi @fptrs, long time no see! |
I tried to run the script (win10 with ubuntu 10.04 as subsystem), installed all requirements (Serial Port is available on COM3) but I get this error
|
Sorry, why are you using WSL when you could run the python script straight on your windows machine? |
I've tried this but hid does not run very well on windows (or I can't get it to work with the dll). I think I have access to the interface (i can access the serial console with ubuntu) via ttyS3 |
Ok I have rewatched the conference video and saw that you are using two types of hardware. I want to achieve two things:
The script is to obtain the uid of a tag and seemed to me to work with the chameleonmini. Maybe I understood something wrong here? Or is it possible to obtain the id while sniffing the communication between the box and the figurine? I dont find some docs how I can emulate a figurine with a given ID and as I understand the regular way would be to write the id to slot 1 and set the mode to the type which corresponds to the tag achitecture. The only available mode I can see is ISO15693_SNIFF which probably wont be able to emulate anything. I know these are much questions and this issue isn't the right place for them but maybe you can help me out :D Thanks in advance |
Hi, ISO15693_SNIFF is not able to sniff bidirectional communication and there is no public implementation of a ISO15693 reader mode for the Chameleon. Your best bet is to buy the ST device or port the python script to whatever other NFC reader with iso15 support you own. Once you have a dump for your tag, to emulate the figurine you should use the firmware @fptrs linked (the ICODE branch in my repo) and use the ICODE config for the Chameleon. |
Ok if I understand you right it's just possible to emulate a figurine with the chameleonmini. But that would statisfy one of my needs ;) Lets focus on this. I have flashed the mentioned firmware and I can activate the config
after that I set the ID of a tonie tag
When I now put the chameleonmini on the box nothing happens. Do I miss something? |
Yes, you understood correctly. Sorry if I can't give you more precise information but I don't own a Tonie and I haven't ever seen one after I left the Congress on 30 December 2019. Also, I didn't get much sleep those days, so everything's a bit blurry :) |
Thank you for your great (and very fast!) support :) I'll order something to read the tags. One last thing: Do you maybe have the payload of one of the tonies you used at the presentation? That would be great to start experimenting. If you dont want to post it publicly you could send me an email at claudio.goetz@gmail.com |
Have a look here https://github.com/toniebox-reverse-engineering/teddy PS eBay is a fine source for that demo board, I bought mine there, shipped from Germany, at a competitive price |
Hi @stappjno, |
After flashing the latest commits on Aug 27, 2020 f62c8fd the ICODE_SLI implementation with UID simulation for my Toniebox doesn't work for me anymore. The firmware version linked above does not work either, in this firmware is no ICODE config mode. I thought there was another ICODE_SLI code base from end of December. Unfortunately I can no longer find these code base which worked for me. I only find commit 22023b7 that doesn't have that ICODE implementation. Please correct me if I am absolutely wrong right now. Unfortunately I don't know what to do next, I am a little surprised that the ICODE only UID simulation with ChameleonMini worked before flashing the latest commits. I tried different owned and already known tonies. I also tried it with and without 32 Byte long memory content. Maybe these informations helps, this is a current comparison. The UID and SYSINFO is the same every time and deliberately hidden, the only difference I find out is the memory layout. original known tonie [=] --- Tag Information --------------------------- with ChameleonMini ` [=] --- Tag Information --------------------------- |
I confirm that recently the UID-only emulation doesn't work with my TonyBox, seems like there has been a firmware upgrade of the box? Probably we have to move forward to "full emulation" of the tags. |
Thanks for the feedback and to the developers so far. |
When I began updating the ICODE fork I was aiming for (mostly) complete emulation, but then I got drifted away by other issues and interrupted development. |
@ceres-c thanks for your response and your work, I appreciate that! Yes you are right, the should have 16 blocks, but i can also confirm that all my own testet tonies have 8 blocks, at least that's what proxmark says. If you could provide sometime an 8 block special implementation, I would be happy to test it with my Chameleon. |
Let's try this out @netvader Could you please also post a log of the communication? It could be related to ICODE_NUMBER_OF_BLCKS_DATASHEET now that I think about it. |
@ceres-c Thanks for the quick help. I just tried it quickly. The block size fits now, but unfortunately it still doesn't work. But I'll try again this week when I have more time and contribute a few LOGs. |
Thanks If you can, send me the log unedited to my email address (you can find it on my gh profile) |
I have Tonie box + Tonies here and can help, also Fabi can help, he is currently busy with holidays et cetera :D :D |
@ceres-c i send you some logs directly via keybase, i hope that works also ... ;) |
Hi folks! My use case is to use old tony figures in my self-built gadget similar to a toniebox. I only want to use the tonies RFID to trigger my own audio, so I just need it to function like a normal/open RFID tag. Is the following possible? "unlock" the tonie using the Chameleon, then read the tag at will using any normal non iso15693 RFID reader that operates at 13,56 MHz (such as the RC522 that implements iso14443)? Or even after being unlocked, can the tag only be read by iso15693 implementing readers? |
Hi @Ramblurr |
You can't unlock the tag with the chameleon since the chameleon is not an iso15693 reader |
Where can I find the script to clone one of the figurines?
https://media.ccc.de/v/36c3-108-hacking-an-nfc-toy-with-the-chameleonmini#t=0
The text was updated successfully, but these errors were encountered: