Chameleon Mini RevE rebooted Usage

From Embedded Lab Vienna for IoT & Security
Revision as of 13:52, 13 February 2020 by Ikramer (talk | contribs)
Jump to navigation Jump to search

Summary

Functionality and usage of Chameleon Mini RevE rebooted

Requirements

  • Operating systems are referred as:
    • Linux: Ubuntu 18.04 bionic amd64
    • Windows: Windows 10 (tested in a VM)


Description

Functionality of Chameleon Mini RevE rebooted

Chameleon Mini RevE rebooted has 8 card slots to simulate cards/UIDs, each slot can be set in an own configuration mode to

  • simulate cards/UIDs to readers
  • help getting a first auth key from a dialogue with a reader
  • only first slot allows up to 4K dumps/uploads because of memory limitations
  • the default firmware can only configure MIFARE cards
  • RevE does not copy cards

Chameleon Mini RevE rebooted is a stand-alone device powered by CR2032 button battery

Card configurations supported by default firmware

  • NONE: No functionality, ChameleonMini does nothing, the current setting is skipped when cycling through the settings
  • MF_ULTRALIGHT: Emulates a MiFare Ultralight card
  • MF_ULTRALIGHT_EV1_80B: Emulates a MiFare Ultralight EV1 80B card
  • MF_ULTRALIGHT_EV1_164B: Emulates a MiFare Ultralight EV1 164B card
  • MF_CLASSIC_1K: Emulates a MiFare Classic 1k card
  • MF_CLASSIC_4K: Emulates a MiFare Classic 4k card
  • MF_CLASSIC_1K_7B: Emulates a MiFare Classic 1k card with 7b UID
  • MF_CLASSIC_4K_7B: Emulates a MiFare Classic 4k card with 7b UID
  • MF_DETECTION: Emulates a MiFare Classic 1k card and saves nonces which can be used for mfkey32 attack in GUI

(Source: https://github.com/iceman1001/ChameleonMini-rebooted/wiki/Configurations, Feb 2,2020)


Hardware Description

Chameleon Mini RevE rebooted
  • Red Leds on left side:
- 8 red LEDs which indicate the active slot
  • Black Button - "KEY":
- “short press” referred as BUTTON in commands and GUI and let you switch the active slot
- “long press” - BUTTON_LONG
- “long press while plugging USB cable” - BOOTLOADER Mode
  • Red Buttern - "POWER":
- used to power on the device when used stand-alone on battery


Device Recognition

Linux

The linux kernel recognizes a usb device from the idVendor 03eb with the product id 2fe4 

   dmesg | grep usb
   [  167.571731] usb 1-3: USB disconnect, device number 3
   [  180.768751] usb 1-3: new full-speed USB device number 11 using xhci_hcd
   [  180.917821] usb 1-3: New USB device found, idVendor=03eb, idProduct=2fe4, bcdDevice= 0.04
   [  180.917829] usb 1-3: New USB device strings: Mfr=0, Product=0, SerialNumber=0

The chameleon RevE is seen as a USB modem 

   lsusb
   Bus 001 Device 011: ID 03eb:2fe4 Atmel Corp. ATxmega32A4U DFU bootloader

Windows

  • in the Windows device manager should appear an Atmel USB Device: ATxmega32A4U

![](EJXyvdJ.png)

Usage

GUI Usage with Chameleon Mini GUI v1.2.2.1 in Windows

GUI source code: https://github.com/iceman1001/ChameleonMini-rebootedGUI Release code: v1.2.2.1

Windows Installation

Requirements: Microsoft .NET Framework 4.6.1 (x86 and x64) Download and execute setup.exe from release page: http://www.icesql.se/download/ChameleonMiniGUI/publish.htm

Device Recognition

On start of the Windows GUI the device should be recognized and following lines should appear in Output: window 

       [=] Connecting to USB Serial Device (COM4) at COM4
       [+] Success, found Chameleon Mini device on 'COM4' with Firmware RevE rebooted installed

If this is not the case and you are using Windows in a VM verify that the USB device is redirected to the VM and test to connect again in the submenu "Settings"


Command Line Interface

Command return codes

Status numbers beginning with a '1' denote an informational item and those beginning with a '2' denote an error.

Response Description
100:OK The command has been successfully executed
101:OK WITH TEXT The command has been successfully executed and this response is appended with an additional line of information, terminated with CR+LF
110:WAITING FOR XMODEM The Chameleon is waiting for an XMODEM connection to be established
120:FALSE The request is answered with false
121:TRUE The request is answered with true
200:UNKNOWN COMMAND This command is unknown to the Chameleon
201:INVALID COMMAND USAGE This action is not supported by this command
202:INVALID PARAMETER The format or value of the given parameter value is invalid
203:TIMEOUT The timeout of the currently active command has expired
Command response codes

Used Hardware

Chameleon Mini: RevE Rebooted

References

Retrieved from "https://wiki.elvis.science/index.php?title=Chameleon_Mini_RevE_rebooted_Usage&oldid=3040"