PR: EM4x05/EM4x69 LF Reader for #ChameleonUltra

I’ve been working on adding support for reading EM4x05 and EM4x69 tags, the reader-talk-first (RTF) 125kHz protocol used in some access control cards, parking fobs, and animal microchips.
What’s implemented:
∙ lf em 4x05 read, reads config, UID and detects EM4x69 64-bit UIDs
∙ Automatic UID block detection via LWR field (works in EM UNIQUE/PAXTON mode)
∙ Gap encoding infrastructure (lf_gap.h/c) used to send RTF commands
∙ PSK demodulator bug fixes (3 bugs fixed)

Current status:
The command works (clean timeout, no crashes) but haven’t confirmed a successful read from a real EM4x05/EM4x69 tag yet. Hardware testing has been the bottleneck, T5577 cards can’t emulate RTF protocol.

How you can help:
∙ Have an EM4x05, EM4x69, or EM4305 tag? Flash the PR build and run lf em 4x05 read, make sure RTF is enabled on the tag first (lf em 4x05 info on PM3 should show “R.T.F. Reader talk first enabled”)
∙ Have a logic analyser? Capture the LF field while running lf em 4x05 read and check if the gap command is being sent correctly
∙ Know the EM4x05 protocol well? Review the timing and gap encoding in lf_em4x05_data.c and lf_gap.h

PR: https://github.com/RfidResearchGroup/ChameleonUltra/pull/386

#rfid #hacking

I couldn't resist! Say hello to my little RF hacking toy. Took out this Christmas gift for a test spin today, and it worked like a charm.

#RF #hacking #pentesting #chameleonultra #NFC #RFID #gadgets