From 0f6a1cd8c3673c6b1050f1af95f32dd52e34d0a6 Mon Sep 17 00:00:00 2001 From: Uli Heilmeier Date: Tue, 31 Mar 2020 17:54:51 +0200 Subject: [PATCH] Doc: Update trace notes First draft of some informations regarding trace command. --- README.md | 4 +- ...race_wireshark_notes.md => trace_notes.md} | 37 +++++++++++++++++++ 2 files changed, 39 insertions(+), 2 deletions(-) rename doc/{trace_wireshark_notes.md => trace_notes.md} (62%) diff --git a/README.md b/README.md index 6192c23cd..d183309b4 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ |[Notes on frame format](/doc/new_frame_format.md)||[More cheat sheets](https://github.com/RfidResearchGroup/proxmark3/wiki/More-cheat-sheets)| |[Notes on external flash](/doc/ext_flash_notes.md)||[EMV](/doc/emv_notes.md)| |[Notes on Termux / Android](/doc/termux_notes.md)||[Troubleshooting](/doc/md/Installation_Instructions/Troubleshooting.md)| -|[Notes on wireshark / tracedata](/doc/trace_wireshark_notes.md)||[JTAG](/doc/jtag_notes.md)| +|[Notes on tracedata / wireshark](/doc/trace_notes.md)||[JTAG](/doc/jtag_notes.md)| |[Notes on loclass](/doc/loclass_notes.md)||[Complete client command set](/doc/commands.md)| |[Notes on paths](/doc/path_notes.md)||| |[Developing standalone mode](/armsrc/Standalone/readme.md)|[Wiki about standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode) || @@ -67,7 +67,7 @@ We usually merge your contributions fast since we do like the idea of getting a - notes on [external flash](/doc/ext_flash_notes.md) - notes on [standalone mode](https://github.com/RfidResearchGroup/proxmark3/wiki/Standalone-mode) - notes on [Termux / Android](/doc/termux_notes.md) -- notes on [Wireshark / tracedata](/doc/trace_wireshark_notes.md) +- notes on [tracedata / Wireshark](/doc/trace_notes.md) - notes on [loclass](/doc/loclass_notes.md) - notes on [EMV](/doc/emv_notes.md) - notes on [Paths](/doc/path_notes.md) diff --git a/doc/trace_wireshark_notes.md b/doc/trace_notes.md similarity index 62% rename from doc/trace_wireshark_notes.md rename to doc/trace_notes.md index 50dd9d082..a126a238f 100644 --- a/doc/trace_wireshark_notes.md +++ b/doc/trace_notes.md @@ -4,6 +4,43 @@ The `trace` command lists the data exchange by the proxmark3 and a tag or a read With `trace list` a table is shown which gives timing information, the src of the data bytes, the transmitted/received bytes itself, a check if the CRC was correct and some decoding of the command. +## Timing + +The Start and the End coloumn lists timestamps when the transmission of the shown data started (time of first bit) and when it ended (end of last modulation). + +The unit for this time information depends on the protocol in use: + +* ISO14443A and Thinfilm: all times are in carrier periods (1/13.56MHz) +* For Legic timing information depends also on direction: + * Reader Mode: Timings are in ticks (1us == 1.5ticks) + * Tag Mode: Timings are in sub carrier periods (1/212 kHz == 4.7us) +* Hitag1 / Hitag2 / HitagS: Elementary Time Unit (ETU) is 8µs +* iClass, ISO15693, ISO18092 and FeliCa have no accurate timing information at the moment +* For others timing is not available + +By specifing the option ```f``` (e.g. ```trace list 14a f```) the frame delay times are shown. (So you don't have to do the math by your own). + +## Sources + +If the data is marked as a response the source is shown as Tag. Otherwise it is marked as Reader (Rdr). + +## Data + +This coloumn show the raw bytes trasmitted over the air. With option ```c``` CRC bytes are marked in square brackets. + +## CRC + +Marks if the transmitted CRC matches with the calculated CRC. + +## Annotation + +Annotations provide a rough decoding of the transmitted data. For ISO14443A a more detailed decoding is available with Wireshark (s. next chapter) + + +-- + +# Trace and Wireshark + To get a more detailed explanation of the transmitted data for ISO14443A traces the output can be converted to a pcapng file to read it with [Wireshark](https://www.wireshark.org/). To do so