5/15/2023 0 Comments Dymo stamps activation code hackall use SLIX2) (in a magic SLIX2 tag you just need to set the UID + SIGNATURE (taken from original tag)) - spoofing the complete RFID reader PCB (simple I2C) seems to be a trivial task. for sure they will come soon (Toniebox, Dymo, variuos ticketing systems. ![]() "magic SLIX" tags do exist (where you can set UID yourself), however magic "SLIX2 tags" are not available YET. If they would, there is no reason to implement the counter inside of the tag. Spoofing of tags is still possible, one just needs to read UID + SIGNATURE from a valid dymo tag) - it is UNLIKELY that they track used UIDs in firmware of the STM32 main MCU. (the signature is just signing the UID of the tag, it is static for every UID. Meanwhile I read all the spec and have some more insights: - the SLIX2 tags used from DYMO do NOT have the NXP factory "Originality Signature" embedded, instead a CUSTOM signature from DYMO is used. The tag increment command needs the READ-Password to be set (which is 0x179AADEF !!!FOR MY TAG!!!, looks like they read the application note to derive passwords from UID). The tag gets a COUNTER INCREMENT whenever a tag feed is issued.
0 Comments
Leave a Reply. |