Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2016-07-18 05:07:51

cookie
Contributor
Registered: 2016-07-18
Posts: 4

Cloning HITAG2 Card

Hi all,

I am new here so please be gentle.

I have a security engagement coming up where I need to gain physical access to a location. One of the tests is whether I can "bump" into somebody and clone their card.

I am used to doing this with HID type cards but this engagement is using HITAG2.

My question is, am I able to "bump" into somebody to record their card then use T5577 cards like HID to create a new one?

I was hoping somebody could assist with some steps to perform the clone as I cannot get my hands on a demo card prior to the engagement so I really have only one shot at this.

Thank you all for your help!

Offline

#2 2016-07-18 05:48:52

cookie
Contributor
Registered: 2016-07-18
Posts: 4

Re: Cloning HITAG2 Card

I should add that the customer said it was a TECOM/HITAG2 card?

Offline

#3 2016-08-26 09:49:40

Onisan
Contributor
From: London
Registered: 2016-07-18
Posts: 80

Re: Cloning HITAG2 Card

Chances are that if it's a Hitag2 card or fob like the Paxton then you would need to physically have the card and present both your clone a TPX4 chip and the Hitag2 original to the reader a few times as they use a rolling code.
You can clone the fob but you would need to use a different machine.


Hardware: Proxmark RV2,  Elatec TWN4 dev kit / ACS ACR122U / IDTronic LF Reader / OmniKey 5321 / HT108 RW / Custom Read Write 125khz RW and a couple of other RW bits.

Offline

#4 2016-08-27 03:47:07

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: Cloning HITAG2 Card

Onisan wrote:

... then you would need to physically have the card and present both your clone a TPX4 chip and the Hitag2 original to the reader a few times as they use a rolling code...

you mention tpx4 as in tpx4(46) or ID46 as clone in the car industry?

Onisan wrote:

You can clone the fob but you would need to use a different machine.

You mention this as you seem to have experience with the "different machine". Is different one of the JMA or American cloner?

definitely PM3 is unsuitable???

I read there are a lot of unreliable CHINA cloners around which claim to do the job on id46 or hitag2 compatible, but they don't and with a write-once TPXx, experiment could be futile expensive in this direction, if you don't possess original TRS5000, ZED bull cloner

only with such TRS5000 you can use the new TPX5=TPX1(4C)+TPX2(4D)+TPX3+TPX4(ID46) "Clonable multiple times, and it incorporates the sniff function to capture the PHILIPS® data."


modhex(ichbifhkhghuhehghkiehbihhkidifighgebecedfchihthbhkhrduhehvht)

Offline

Board footer

Powered by FluxBB