"VIGIK" NFC reader cannot read Flipper's emulation

NFC
#1

Hi everyone,
I have been suggested to make a topic here following the post I made on the subreddit.

My building’s hatch uses a VIGIK NFC reader, and the card that opens it is a Mifare Classic 1K. I have successfully read all the 32 keys using my Flipper, yet I do not know if the information is relevant but when I read the NFC card, it took the Flipper a long time (3~4 minutes) to read the 5 first sectors, and then in less than three seconds it rushes the 9 last sectors, and says “Complete!” in the end. Do you think it is a possibility that the Flipper did not read correctly my card even if it says so?

When I emulate it and try to make the reader detect it, it shows a red light telling me that the emulation is seen but it fails to open the hatch.

You can find more info on their website https://www.vigik.com, tho I am not sure there is much to learn…
Do you think this issue is solvable with a software update? In my country (France) most of casual buildings security and stuff uses VIGIK, apparently, which makes the Flipper Zero useless in my place for this purpose.

Thank you for your time, have a great day!

2 Likes
#2

I have found that there might be some interesting information on the Wikipedia page https://fr.wikipedia.org/wiki/Vigik

A security researcher has shown many weaknesses on the system. The guy summed up all the info about VIGIK system flaws in this document that I have found in the wiki’s references. The document is fully in english

#3

Mifare Classic emulation is not finished yet, as we haven’t implemented the Nested auth and value commands

Please wait for that to finish, then it’ll probably work

4 Likes
#4

Thanks @Astra for the update, will look forward to this :slight_smile:
@leogarithm indeed I also tested up VIGIK readers and same outcome (tracked on this issue : https://github.com/flipperdevices/flipperzero-firmware/issues/1468)

#5

Hello, then what happen today with the emulation of VIGIK NFC ? I can see a lot of new speculations about softwares issues but is it true or simply impossible due to an hadware limit ?
Thanks for your answere and time you allow to answering me :slight_smile:

#6

Even if it’s impossible to emulate because of hardware limitation because we are talking about Mifare classic once WRITE is implemented hopefully you can copy/clone your card to a RW one…

1 Like
#7

Oh you’re right sorry, but yeah it will be nice to can copy on empty tag in 13.56 MHz bc with the ACR122U writer/reader i already make one for VIGIK reader and it work fine. Even the original after tru with my clone. :wink:

1 Like
#8

Hi,
did you make it on your flipper zero or on an other device ?
like our friend said, in france most of the building are on Vigid (or intratone) it would be great to use our flipper on it.
greatings.

1 Like
#9

Any news on this topic? Any chance on using flipper on vigik? I managed to read my vigik building key, all keys, all sectors, but doesn’t seem to work, and the flipper won’t read/detect the reader.

Hoping someone will have some news!

#10

Hi
I have the same issue with some mifare Classic 1k

I tried with reader who only use the “UID” and its working perfectly but when the reader actually use the data stored in the card to authentify it was a failed

I think the flipper don’t send the data with the right “time gap” between each key and that’s why the reader don’t see it as the right card

it seems to be a software problem and not an hardware problem but not sure of that.

#11

This is not the case. The issue is that the reader’s frequency may not exactly match 13.56MHz, and if it doesn’t - it will get out of sync wit the Flipper’s emulation. Flipper Zero has no way to detect the specific frequency of the reader and adapt to it, so it won’t work with some readers just because of that. This cannot be fixed via software.

2 Likes
Copied Mifare Classic 1K with all keys (cracked) and all sectors, but no luck when emulating
NFC Card read but cannot be emulated
#12

Ohh Ok thank you

#13

It looks like the reader does detect the emulated card - it blinks red when presented. But for some reason something doesn’t work afterwards. Proxmark emulation fails the same way for those readers, by the way…

If this can help, here is the start of the badge/reader traffic with a real badge:

  106394128 |  106395184 | Rdr |26(7)                                                                    |     | REQA
  106419856 |  106420912 | Rdr |26(7)                                                                    |     | REQA
  106422084 |  106424452 | Tag |04  00                                                                   |     |
  106429712 |  106432176 | Rdr |93  20                                                                   |     | ANTICOLL
  106433348 |  106439236 | Tag |4e  ac  3c  ab  75                                                       |     |
  106445584 |  106456048 | Rdr |93  70  4e  ac  3c  ab  75  7f  00                                       |  ok | SELECT_UID
  106457284 |  106460804 | Tag |08  b6  dd                                                               |     |
  106465040 |  106469808 | Rdr |50  00  57  cd                                                           |  ok | HALT
  106494736 |  106495728 | Rdr |52(7)                                                                    |     | WUPA
  106496964 |  106499332 | Tag |04  00                                                                   |     |
  106504592 |  106515056 | Rdr |93  70  4e  ac  3c  ab  75  7f  00                                       |  ok | SELECT_UID
  106516292 |  106519812 | Tag |08  b6  dd                                                               |     |
  106529808 |  106534512 | Rdr |60  00  f5  7b                                                           |  ok | AUTH-A(0)
  106536516 |  106541252 | Tag |88  54  9f  91                                                           |     |

Whereas with the Flipper, the reader seems to give up pretty fast:

   31727440 |   31729904 | Rdr |93  20                                                                   |     | ANTICOLL
   31731108 |   31736996 | Tag |4e  ac  3c  ab  75                                                       |     |
   31740624 |   31743088 | Rdr |93  20                                                                   |     | ANTICOLL
   31744292 |   31750180 | Tag |4e  ac  3c  ab  75                                                       |     |
   31756496 |   31766960 | Rdr |93  70  4e  ac  3c  ab  75  7f  00                                       |  ok | SELECT_UID
   31768228 |   31771748 | Tag |08  b6  dd                                                               |     |
   31775952 |   31780720 | Rdr |50  00  57  cd                                                           |  ok | HALT
   31805648 |   31806640 | Rdr |52(7)                                                                    |     | WUPA
   31807908 |   31810276 | Tag |04  00                                                                   |     |
   31815504 |   31825968 | Rdr |93  70  4e  ac  3c  ab  75  7f  00                                       |  ok | SELECT_UID
   31827236 |   31829732 | Tag |08  b6  01                                                               |     |
   32269872 |   32270928 | Rdr |26(7)                                                                    |     | REQA
   32272132 |   32274500 | Tag |04  00                                                                   |     |
   32277168 |   32278224 | Rdr |26(7)                                                                    |     | REQA
   32302896 |   32303952 | Rdr |26(7)                                                                    |     | REQA
   32305156 |   32307524 | Tag |04  00                                                                   |     |

Not sure whether this is because the reader frequency is not tuned to the Flipper and communications are not working properly, or for another reason…

#14

There is a CRC error at some point in the anticollision loop for the Flipper Zero (08 b6 01, should be 08 b6 dd)

my 2 cents

#15

Yes, I think it’s just a capture artifact by the Proxmark…

#16

If that’s the case then, the issue is that currently, there is no way to have the correct frequency for those NFC readers, and the Flipper cannot find the proper frequency hence results in the failure of the emulation.

If so, is there any way with another device, to measure the frequency of an exchange between a Mifare Classic badge that successfully works with the reader, perhaps using any SDR (Software Defined Radio) with such a project perhaps : GitHub - josevcm/nfc-laboratory: NFC signal and protocol analyzer using SDR receiver ? Or would that be useless?

We could measure those exact frequencies and built a database of non-standard frequencies for VIGIK readers.

Hence, blowing away the requirement for the Flipper Zero to detect the specific frequency of the reader (since it cannot) and have the frequencies be measured, available as just a data file in the SD card, just like the Mifare Classic key dictionnary.

But I don’t know if the way that the NFC emulation works at the moment, if it’s possible to tweak the NFC simulation to another frequency that isn’t exactly 13.56MHz or is that frequency not something that can be tweaked in the firmware ?

1 Like
#18

Hi,
Does this clearly mean that we have to wait for a new hardware version of Flipper zero to solve this problem?

#19

Hello there, any news about this ?
I was wondering if writing on a RFID card, badge or something could bypass the frequency problem ?

#20

Yes that should work as a card is a passive element and Flipper is not. It uses its fixed frequency whereas a copy card just reacts “in time” to the reader.

#21

Is someone planning to determine the reader’s pattern? I don’t have an SDR I could use but I would gladly check someone’s capture.