Difference between revisions of "Chameleon Mini RevE rebooted Usage"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
(Added a description of the Chameleon Mini and more about the usage with the GUI in Window)
Line 5: Line 5:
== Requirements ==
== Requirements ==


* Chameleon Mini RevE Rebooted
* Operating systems are referred as:  
* Operating systems are referred as:  
** Linux: Ubuntu 18.04 bionic amd64
** Linux: Ubuntu 18.04 bionic amd64
Line 11: Line 12:


== Description ==
== Description ==
The RFID Multitool ChameleonMini is a powerful and portable RFID emulation and manipulation tool that can emulate RFID tags, read tokens and sniff the radio communication. The credit card-shaped housing and integrated battery make it suitable for mobile use. In addition, transmissions can be read out and all data can be conveniently processed on the computer. Using a freely available open-source application, the ChameleonMini can be conveniently configured via a graphical user interface. Otherwise, it can be connected to a smartphone via USB cable or, in part, via Bluetooth and can thus also be configured on the move. This makes it possible, for example, to read an access card in passing and emulate it directly with the ChameleonMini and thus open a (actually protected) door. The ChameleonMini hardware is capable of emulating various ISO 14443, NFC and ISO 15693 cards, as well as other types of RFID transponders operating at 13.56 MHz. The ChameleonMini hardware consists of a PCB antenna driven by power transistors on the board to generate a 13.56 MHz RFID field. They thus function as an active RFID reader. An integrated Li-Ion battery can be charged via USB and enables stand-alone operation. The core of the hardware is an Atmel ATXMega128A4U microcontroller. The AES and DES hardware engines in the microcontroller enable very fast calculation of the cryptographic algorithms.
[[File:Chameleon-Mini-RevE-Rebooted.jpg|500px]]
=== Functionality of Chameleon Mini RevE rebooted ===
=== Functionality of Chameleon Mini RevE rebooted ===


Line 73: Line 79:


== Usage ==
== Usage ==
===GUI Usage with Chameleon Mini GUI v1.2.2.1 in Windows===
===GUI Usage with Chameleon Mini GUI v1.3.0.5 in Windows===
GUI source code: https://github.com/iceman1001/ChameleonMini-rebootedGUI
First you need to install the software in order to have a GUI to use the Chameleon Mini. The Version 1.3.0.5 can be downloaded here (http://www.icesql.se/download/ChameleonMiniGUI/publish.htm)
Release code: v1.2.2.1
Afterwards connect the Chameleon Mini RevE Rebooted with an USB-Cable to your PC. The first LED with the label "TAG1" now lights up red.
==== Windows Installation  ====


Requirements: Microsoft .NET Framework 4.6.1 (x86 and x64)
==== Device Recognition  ====
Download and execute setup.exe from release page: http://www.icesql.se/download/ChameleonMiniGUI/publish.htm
On start of the Windows GUI the device should be recognized and following lines should appear in the output window


==== Device Recognition  ====
        [=] Connecting to USB Serial Device (COMX) at COMX
On start of the Windows GUI the device should be recognized and following lines should appear in Output: window
        [+] Success, found Chameleon Mini device on 'COMX' with Firmware RevE rebooted installed


        [=] Connecting to USB Serial Device (COM4) at COM4
[[File:ChameleonMiniSuccess.PNG|500px]]
        [+] Success, found Chameleon Mini device on 'COM4' with Firmware RevE rebooted installed


If this is not the case and you are using Windows in a VM verify that the USB device is redirected to the VM and test to connect again in the submenu "Settings"
If this is not the case and you are using Windows in a VM verify that the USB device is redirected to the VM and test to connect again in the submenu "Settings"


==== Use of the Chameleon Mini with the GUI in Window ====
In the first tab "Operation" of the Chameleon Mini GUI, up to eight different memory slots can be freely configured. In order to change an entry, the corresponding box of the entry must first be marked. Then one of four different variants can be selected in the "Mode" selection and any ID can be entered in the UID input field as shown below in the screenshot.
[[File:ChameleonOperation.PNG|500px]]
Below this, you can configure what happens when the button is pressed briefly or for a long time.
[[File:ChameleonButton.PNG|300px]]
To save the changes made, the "Apply" button must be clicked at the bottom. It is possible to edit several entries at the same time. To do this, simply select the corresponding checkboxes.
To emulate an RFID tag, first press the red button on the ChameleonMini RevE Rebooted. Now the memory slot that was marked as active in the software is active. Accordingly, the red LED lights up. Alternatively, ChameleonMini RevE Rebooted is activated when an RFID reader is detected. Then it activates automatically and the corresponding LED lights up. Depending on how the buttons have been configured, it is possible to switch through to RFID emulation through the corresponding memory loads.




Line 139: Line 155:
* Windows GUI: https://github.com/iceman1001/ChameleonMini-rebootedGUI
* Windows GUI: https://github.com/iceman1001/ChameleonMini-rebootedGUI
* Product description: https://lab401.com/products/chameleon-mini-reve-rebooted
* Product description: https://lab401.com/products/chameleon-mini-reve-rebooted
* https://scheible.it/chameleon-mini/


[[Category:Documentation]]
[[Category:Documentation]]

Revision as of 07:48, 27 February 2021

Summary

Functionality and usage of Chameleon Mini RevE rebooted

Requirements

  • Chameleon Mini RevE Rebooted
  • Operating systems are referred as:
    • Linux: Ubuntu 18.04 bionic amd64
    • Windows: Windows 10 (tested in a VM)


Description

The RFID Multitool ChameleonMini is a powerful and portable RFID emulation and manipulation tool that can emulate RFID tags, read tokens and sniff the radio communication. The credit card-shaped housing and integrated battery make it suitable for mobile use. In addition, transmissions can be read out and all data can be conveniently processed on the computer. Using a freely available open-source application, the ChameleonMini can be conveniently configured via a graphical user interface. Otherwise, it can be connected to a smartphone via USB cable or, in part, via Bluetooth and can thus also be configured on the move. This makes it possible, for example, to read an access card in passing and emulate it directly with the ChameleonMini and thus open a (actually protected) door. The ChameleonMini hardware is capable of emulating various ISO 14443, NFC and ISO 15693 cards, as well as other types of RFID transponders operating at 13.56 MHz. The ChameleonMini hardware consists of a PCB antenna driven by power transistors on the board to generate a 13.56 MHz RFID field. They thus function as an active RFID reader. An integrated Li-Ion battery can be charged via USB and enables stand-alone operation. The core of the hardware is an Atmel ATXMega128A4U microcontroller. The AES and DES hardware engines in the microcontroller enable very fast calculation of the cryptographic algorithms.

Chameleon-Mini-RevE-Rebooted.jpg

Functionality of Chameleon Mini RevE rebooted

Chameleon Mini RevE rebooted has 8 card slots to simulate cards/UIDs, each slot can be set in an own configuration mode to

  • simulate cards/UIDs to readers
  • help getting a first auth key from a dialogue with a reader
  • only first slot allows up to 4K dumps/uploads because of memory limitations
  • the default firmware can only configure MIFARE cards
  • RevE does not copy cards

Chameleon Mini RevE rebooted is a stand-alone device powered by CR2032 button battery

Card configurations supported by default firmware

  • NONE: No functionality, ChameleonMini does nothing, the current setting is skipped when cycling through the settings
  • MF_ULTRALIGHT: Emulates a MiFare Ultralight card
  • MF_ULTRALIGHT_EV1_80B: Emulates a MiFare Ultralight EV1 80B card
  • MF_ULTRALIGHT_EV1_164B: Emulates a MiFare Ultralight EV1 164B card
  • MF_CLASSIC_1K: Emulates a MiFare Classic 1k card
  • MF_CLASSIC_4K: Emulates a MiFare Classic 4k card
  • MF_CLASSIC_1K_7B: Emulates a MiFare Classic 1k card with 7b UID
  • MF_CLASSIC_4K_7B: Emulates a MiFare Classic 4k card with 7b UID
  • MF_DETECTION: Emulates a MiFare Classic 1k card and saves nonces which can be used for mfkey32 attack in GUI

(Source: https://github.com/iceman1001/ChameleonMini-rebooted/wiki/Configurations, Feb 2,2020)


Hardware Description

Chameleon Mini RevE rebooted
  • Red Leds on left side:
- 8 red LEDs which indicate the active slot
  • Black Button - "KEY":
- “short press” referred as BUTTON in commands and GUI and let you switch the active slot
- “long press” - BUTTON_LONG
- “long press while plugging USB cable” - BOOTLOADER Mode
  • Red Buttern - "POWER":
- used to power on the device when used stand-alone on battery


Device Recognition

Linux

The linux kernel recognizes a usb device from the idVendor 03eb with the product id 2fe4

   dmesg | grep usb
   [  167.571731] usb 1-3: USB disconnect, device number 3
   [  180.768751] usb 1-3: new full-speed USB device number 11 using xhci_hcd
   [  180.917821] usb 1-3: New USB device found, idVendor=03eb, idProduct=2fe4, bcdDevice= 0.04
   [  180.917829] usb 1-3: New USB device strings: Mfr=0, Product=0, SerialNumber=0
   

The chameleon RevE is seen as a USB modem

   lsusb
   Bus 001 Device 011: ID 03eb:2fe4 Atmel Corp. ATxmega32A4U DFU bootloader
   

Windows

  • in the Windows device manager should appear an Atmel USB Device: ATxmega32A4U

![](EJXyvdJ.png)

Usage

GUI Usage with Chameleon Mini GUI v1.3.0.5 in Windows

First you need to install the software in order to have a GUI to use the Chameleon Mini. The Version 1.3.0.5 can be downloaded here (http://www.icesql.se/download/ChameleonMiniGUI/publish.htm) Afterwards connect the Chameleon Mini RevE Rebooted with an USB-Cable to your PC. The first LED with the label "TAG1" now lights up red.

Device Recognition

On start of the Windows GUI the device should be recognized and following lines should appear in the output window

       [=] Connecting to USB Serial Device (COMX) at COMX
       [+] Success, found Chameleon Mini device on 'COMX' with Firmware RevE rebooted installed

ChameleonMiniSuccess.PNG

If this is not the case and you are using Windows in a VM verify that the USB device is redirected to the VM and test to connect again in the submenu "Settings"

Use of the Chameleon Mini with the GUI in Window

In the first tab "Operation" of the Chameleon Mini GUI, up to eight different memory slots can be freely configured. In order to change an entry, the corresponding box of the entry must first be marked. Then one of four different variants can be selected in the "Mode" selection and any ID can be entered in the UID input field as shown below in the screenshot.

ChameleonOperation.PNG

Below this, you can configure what happens when the button is pressed briefly or for a long time. ChameleonButton.PNG

To save the changes made, the "Apply" button must be clicked at the bottom. It is possible to edit several entries at the same time. To do this, simply select the corresponding checkboxes.

To emulate an RFID tag, first press the red button on the ChameleonMini RevE Rebooted. Now the memory slot that was marked as active in the software is active. Accordingly, the red LED lights up. Alternatively, ChameleonMini RevE Rebooted is activated when an RFID reader is detected. Then it activates automatically and the corresponding LED lights up. Depending on how the buttons have been configured, it is possible to switch through to RFID emulation through the corresponding memory loads.


Command Line Interface

Command return codes

Status numbers beginning with a '1' denote an informational item and those beginning with a '2' denote an error.

Response Description
100:OK The command has been successfully executed
101:OK WITH TEXT The command has been successfully executed and this response is appended with an additional line of information, terminated with CR+LF
110:WAITING FOR XMODEM The Chameleon is waiting for an XMODEM connection to be established
120:FALSE The request is answered with false
121:TRUE The request is answered with true
200:UNKNOWN COMMAND This command is unknown to the Chameleon
201:INVALID COMMAND USAGE This action is not supported by this command
202:INVALID PARAMETER The format or value of the given parameter value is invalid
203:TIMEOUT The timeout of the currently active command has expired
Command response codes

Used Hardware

Chameleon Mini: RevE Rebooted

References