Wiegand 26 bit (Page 1 of 4)

xeroeffect,

This should be a trivial tag to read, replay, simulate, and clone. In fact, the HID functions *may* already work on this (hidfskdemod and hidsimtag). By "trivial", it may require some coding if the HID functions don't already work, but nothing too complex.

Learn more about the format here:
http://www.hidglobal.com/documents/unde … _wp_en.pdf

In fact, you won't really need to even understand the format if you just want to simulate the tag with the proxmark3. Just using "loread + losamples + losim" will replay the tag for you. It will take some code to make it replay when not connected to a PC, though.

If you have any tags that you know the ID of (or if it has some ID printed on it), then it should be easy to confirm. In fact, if you had that information, you're welcome to send me a tag and I can implement the functions into the proxmark3 for you, or you could send a few traces of the tag from the proxmark3 and I could try with those, as well.

xero,

It's a bit pricy, but at least it has read/write functionality on a bunch of tag types.

If you can though, I would return it and get the proxmark3 instead -- pre-built, it's cheaper, too.

You should also check out http://rfidiot.org as it may have functionality to read/clone the type of tag you have, but I'm not sure about that. It also has various devices that might be helpful.

I stumbled upon the proxmark3 after both readers failed and I was getting desperate.....

Yes, i got SHAFTED..... I thought the more pricey the product... the more it does..... wrong!
I needed something that was convieinient.... like D18c7db stated...

Samy... I took a look at rfidiot... and thats exactly how i feel!

I think i need to buy a proxmark3 and join you guys. I have no idea how this python thing works Samy. im running vista 64 bit and i think its having trouble loading the dll for the reader. Im gonna try on my xp machine.

at least if I buy this proxy3 we will all be on the same page right..... i hope you guys will help me crack this tag.

I'm determined to succeed people!!

i'm off to buy my proxy3 for $449...... wish me luck... cause if it doesn't work... im gonna play tennis with it.

xero,

Cool, when you get it, you'll want to do a:
loread
losamples 6000
save psk

Also, read https://www.lafargue.name/article2754.html

Just reading through the manual starting here will help too.

If you send us the 'psk' file created, we can take a look, or send a tag if you have a spare to one of us to create the code to decode it.

NZ here too.

Guys.... what do the numbers printed on most proximity cards mean??? if i was to copy those exact numbers using my reader/writer on a new card, would the reader grant me access??

Sammy, I've been familirising myself with the documentation link that you provided......
https://www.lafargue.name/article2754.html
Do i have to go through the same process in order to get the card to spit out the key I need for the KERI key fob??
I also have another card to the same building similar to the picture in the documentation which i cannot read with my hopeless reader..... but... this card has numbers which i presume must be the key..... do i make sense??

I was hoping if I take those numbers and programme them on another card it might work??

what is your instinct?

Xeroeffect, I'm not sure if you can achieve what you want to do with the reader / writers you have.

For most access control systems, access is granted based upon the card ID.  The card ID cannot however be written to a new card (for the large majority of access control systems).  The cards that allow you to write data to them, write to a data area that's seperate to the ID.  This can be used, for example, to store a value e.g. a value to represent money to pay a train fare.

There are some access card systems that use the data and not the ID. These are however far and few between in my experience. 

You can however write the ID of an EM4x02 card / keyfob to another card / keyfob (not exactly the same card, but the outcome is the same).  If you google "125KHz RFID Card Copier/Duplicator" you'll see the device I've got to do this. This cost about  $AUD 80.  This will work with very simple access control systems, which potentially you have.  I've not seen these in use with any corporates, but have with a few smaller businesses.

Xeroeffect, the earthquake was the largest recorded earthquake in the world this year so far, however it was in a very isolated area, and only caused very minor damage luckily.

There was a tsunami generated - it measured 20 cm (8 inches).

The reader / writer I have has the ability to read the ID value of one specific type of 125 Khz card (that is not commonly used), and write the ID to one specific type of card.

"The Proxmark3 is a powerful generic purpose RFID tool designed to snoop, listen and emulate everything from LF to HF tags (125kHz to 13.56MHz).".   I'm sure it can be configured to write to the same card the Chinese reader / writer can, but no one has had the need to do it.

There's really no comparison - one is a simple tool for doing one purpse, the other a multi-function tool that can do a a range of tasks.

Cool Samy, im inspired by your work...... soon as i get my PM3 ill be sure to post the trace! The reader/writer I bought from uk allows me to write to those q5 cards..... i have 6 of them lying around..... i have no idea how to program them cause there are so many different fileds i have to fill in. Originally I had 10, I stuffed 4 while i was playing around with what i believe was the modulation type...... psk1, psk2, psk3 and so on. It would be a bonus if you could emulate cards or fobs. The building i'm living in now only allows 4 swipes/appartment. I need to get some more people living in here cause the rent keeps going up! Landlords keep taking advantage of the rental situation we have here and keep pupming the prices. It's getting harder and harder people. I'm so glad I found you guys. Samy....... you have a mission to complete.

Kind of but you don't need one that expensive. This post has some links to some suggested JTAG dongles. Ideally it needs to be USB based as parallel ports have become obsolete and don't exists on most new laptops or desktops. Another recent (cheap) option is the Bus Pirate though I'm not 100% sure what it would take to use that to program a PM3, it probably won't just work with the standard software we use the other dongles with.