Topic: Relay Attack Example

Dear Roel,

I search to established a PoC with your relay attack but unsuccesfully.
As you can see, I started a comversation on the proxmark forum : http://www.proxmark.org/forum/topic/247/relay-attack/
where I explain my issue. Could you help me ?
I copy the piece of conversation that we interested :

"I tested the relay exemple but  I think I have the same problem : the Timing. After the first SEL and the RATS command, when the relaying is done between 2 Touchatag (ACR122U102 Rev 1.4), if I try to SEL a Mifare 1k with my Omnikey 5553, the result is I only see the REQA but never the ATQ of the card.
On a documentation I find the possibility to change a parameter in the register of the reader named "SEL Time Iso 14443A", that I increase from 10ms to 255ms, but unsuccessfully. Do you think it is the good parameter ? Do you think 255ms is not enough ? What the difference with the Omnikey 5121 ?"

Thank you

Re: Relay Attack Example

I'm not sure that I understand your question.

The REQA comes from the reader, the ATQA from the tag. Maybe you can make a little drawing of the setup you have. At the bottom of the relay example page, there are some pictures which show my setup.

It would be nice if you add notes about timing issues and the requests/answers you receive and on which moment, finally you could show which frames you aren't receiving but expecting.

I think that would help me understand your question, so I can better help solving your problem.