LF-RFID Support for RadioKey/Securakey #2619
Comments
hedger
added
Feature Request
|
ASK record looks good. Should be totally feasible. |
|
Hello. I was wondering if support for linear 125khz keys an/or securakey/radiokey was still being worked on? |
|
Not really. We are mostly busy with NFC refactoring now, we'll be able to take close look after its completion. |
|
Thanks for responding so quickly. I appreciate all the work you guys do. |
|
Same here, Looking for Securakey support. Proxmark 3 has it. I would figure it would work on flipper as well. |
|
Is there still work being done on this? I am interested in getting this working for my Flipper. Any tips on getting started with adding support for this (or any other raw captured data) into the firmware? I tried looking at previous pull requests for adding support for new LF-RFID devices but couldn't find anything helpful to me. I have several raw captures of my own key I can work with. |
|
@hi-im-vika I'm also looking into this. But I am learning while doing so I'm going slowly. I found this to be potentially useful but I'm no way close to understanding how it works. Flipper's official pulse plotter is also a useful tool. I'm learning by looking through OP's dump with it and looking into the source code. Here's what I've learned so far and I might sound dumb because C, RFID, and Javascript are all new to me:
But that's all that I've learned so far. If you'd like to chat on a more regular basis you can find me on discord @torron0483 (If attaching discord id is prohibited here please let me know and I will delete this). |
|
Thanks @zinongli, I am also learning so I don't mind if it's a slow process! Here are some links on the Proxmark3 forum that I found that could be relevant:
I've seen the Manchester code mentioned a couple times while reading through the threads, but I'm not sure what it means either. The official SecuraKey white paper attached above doesn't mention PWM either, so I'm guessing it's not related? |
|
@hi-im-vika Thank you! These are really helpful. After reading them and some trial and errors, I am suspecting if FZ have automatically performed Manchester demodulation on OP's dump already. My reasoning is below: My understanding of the processing steps as of now is raw radio frequency -> ASK demodulation -> Manchester demodulation -> look for preamble in binary -> parse binary into hex -> done. I assumed Securakey has preamble = So I just looked up the preamble in the .ask.raw in binary and found 14 instances where this sequence was present. And for each instances, the bytes after the preamble would repeat for a lot of times. A sample looks like this: I didn't know what to make out of this. But when I tried to perform this same look up after I performed Manchester demodulation on the .raw binary file, I couldn't find the preamble anywhere. Nothing with the .psk.raw before or after Manchester demod either. So this is why I came to the hypothesis that FZ has already performed Manchester demod on the signal, and that Securakey transmit information by repeating each byte for many times before they resume to the next byte, each repetition sequence leading by a preamble. (I could be wrong about other stuff, but the repetition should be present no matter which stage of decoding/demodulation this dump is at. A wave should always be able to pass through a linear transformation.) This format doesn't conform to the suspected format in the PM3 code at all except the preamble. I don't know what I'm doing wrong here. Please let me know if you have any ideas. By the way, do you mind posting your dump here as well? Some comparison between keys can be really helpful for reverse engineering. |
|
@zinongli Sorry, I don't want to post the dump of my keys, but I really appreciate you working on this. Thanks a lot! I've barely made any progress on my end of things 😅 |
|
@hi-im-vika I totally understand. I highly recommend the flipper-rfid-raw repository and Derek Jamison's youtube channel. The former has a python notebook in there that might require ten minutes of small changes and setting up before you can start analyzing raw signals. It's a very automated script and it shows you the processes with graphs. It works regardless of the modulation or rf clock. Derek has an entire Low Frequency RFID playlist that goes from time sample series to data parsing and rendering. His videos helped me a lot getting started coding for FZ. I might be too dumb to use it, but the only help I got from Flipper lab's pulse plotter is confirming the rf clock. Nothing else. the repo mentioned at the beginning was SO MUCH more helpful and it should've been included in Flipper lab. Also, if you got to my PR and look through my code, I left tons of comments wherever I could, so hopefully it can be a helpful reference to learn FZ developing. And since you have the fobs, might as well compile the commit and give it a try! Please at me with whatever question you have about all these jargons and scripts. It took me a difficult time to learn this with very limited resources, so I know that feeling sucks. |
* Create protocol_securakey.c * decode and render done * Support for Radio Key Securakey Support both 26- and 32-bit format Solves issue #2619 * debugs and improvements * Formatting in response to requested changes * fixed wiegand parity bit calculation * format * debug unnecessary assert * LfRfid: swap vendor and protocol names in securakey * fixed manually generated keys issues * fix bit length render error caused by bit length fix Co-authored-by: あく <alleteam@gmail.com>
|
Hey folks, thanks for the great work! I pulled in e7d0afd via the Development update channel and tried reading my Secura Key without success. I'm wondering if anyone else was able to. |
|
@EricRibeiro Securakey is actually a company name, they you bunch of different technologies and key types. |
That's my bad! I have a Radio Key proximity tag: 
I see on their website they have several models (RKKT-02, RKKTH-02 and RKKT-01), but I can't make out the difference visually. |
|
@EricRibeiro do you have proxmark? Can you share RFID RAW files? |
Unfortunately, I do not own a proxmark 😔. |
You can read raw with flipper. Turn on Debug and go RFID - Extra Actions and you'll see read raw. Edit: also, the main difference between your photo and the RKKT-02 fobs I've tested on is mine have trademark sign next to the Securakey. |
@zinongli, good catch! Looking back on their website, the RKKT-01 also has the trademarked sign. The RKKTH-02 is the only one that matches the tag I own. Thanks! 🙏
Perfect, thank you! @skotopes, can I DM you the raws on Discord? I would rather not upload them to GitHub. |
|
@EricRibeiro sure, but keep in mind that person who actually implemented this protocol is @zinongli |
|
count me in! my discord is @torron0483 |
* Create protocol_securakey.c * decode and render done * Support for Radio Key Securakey Support both 26- and 32-bit format Solves issue #2619 * debugs and improvements * Formatting in response to requested changes * fixed wiegand parity bit calculation * format * debug unnecessary assert * LfRfid: swap vendor and protocol names in securakey * fixed manually generated keys issues * fix bit length render error caused by bit length fix * 1.0 * edit the citation in comments * backward compatibility * debug * debug preamble false positives * temporary fix: writing RKKTH causes second to last byte not encoded. unknown reason * slightly more elegant solution to the weird bug * plausible solution, much more elegant * finally fixed it. stupid mistake * clean up and format. ready for new PR Co-authored-by: あく <alleteam@gmail.com>
Describe the enhancement you're suggesting.
I'm hoping support for SecuraKey/RadioKey can be added to the LF-RFID app.
There was a post was made in the forum here back in September:
https://forum.flipperzero.one/t/securakey/6434
I'm able to provide raw reads of my own keys. (I have 3 of them that can be tested with)
Anything else?
Just a huge thank you to the Flipper team for the consistent firmware updates. This is a great tool.
Edit. Here's a RAW read of one of the tags.
SecuraKey.zip
The text was updated successfully, but these errors were encountered: