Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2017-06-19 08:25:20

addy
Contributor
Registered: 2016-09-19
Posts: 16

HID Clone Error

HI,

I ran into an issue cloning an HID tag. The original tag has HID Proximity engraved at the bottom right of the card. When read it gave the following 

 HID Prox TAG ID: 835d1a25570 (10936) - Format Len: 36bit - FC: 0 - Card: 0

I cloned the card and read the card data back and it matched; however it did not work at the reader.

I tried wiping the card, wiping the buffer and multiple cards.

Has anyone else encountered this before?

Offline

#2 2017-06-19 10:01:40

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: HID Clone Error

@addy
version pls.

Last edited by ntk (2017-06-19 10:06:44)

Offline

#3 2017-06-19 10:56:38

addy
Contributor
Registered: 2016-09-19
Posts: 16

Re: HID Clone Error

@ntk

my bad for not not including the version info..

Proxmark3 RFID instrument
bootrom: iceman/master/v1.1.0-2051-ge82496ca 2017-06-17 15:11:42
os: iceman/master/v1.1.0-2051-ge82496ca 2017-06-17 15:11:47
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S256 Rev C
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 216650 bytes (83%). Free: 45494 bytes (17%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

Offline

#4 2017-06-19 12:27:39

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: HID Clone Error

Couple questions:
Does the original tag have other technology in it? (A duel tech card)
Was the original card a thick clamshell style?
Is the reader used for std access control or some longer range application?
Did you compare the full raw hex of the original and the clone?

Offline

#5 2017-06-19 13:06:01

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: HID Clone Error

Gentlemen

Working on updating the PM3 command in the GUI, I found the new HID command also breaks the r3.01 main repo.

The reason was . the fault sleaks in since the confusion in the format of input,  I think since our study with AWID,  IOprox, XFS or Kantech...where the imprint on the label is HEX and the real FC actually in DEC so how to interpret them we have to be careful. @Jason or @Iceman pointed out at that time.


Using the basic excel calculation table I knew for FC 118 (in DEC) and Card ID 2348
lf t55xx wr b 0 d   00107060
lf t55xx wr b 1 d   1D555955
lf t55xx wr b 2 d   5569A9A5
lf t55xx wr b 3 d   56596695

so if having done that to t55x7 I can check

proxmark3> lf sea
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:

HID Prox TAG ID: 2006ec1258 (2348) - Format Len: 26bit - FC: 118 - Card: 2348
Valid HID Prox ID Found!

this is correct, as expected.

Now using direct clone command

proxmark3> lf hid clone 118 2348
Cloning tag with ID 011822348
#db# DONE!
proxmark3> 
proxmark3> lf hid dem
HID Prox TAG ID: 011822348 (4516) - Format Len: 37bit - FC: 280 - Card: 70052

proxmark3>lf sea
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

HID Prox TAG ID: 011822348 (4516) - Format Len: 37bit - FC: 280 - Card: 70052

Valid HID Prox ID Found!

that is wrong. definitely not what I want.

... and  the cause is:

Because the command thought we give it the HEX 118 equal 280 in DEC so it interprets that "wrong way round" and pull everything following in wiegand sequence aparted.

Last edited by ntk (2017-06-19 13:17:31)

Offline

#6 2017-06-19 13:12:54

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: HID Clone Error

@ntk, stop guessing And cluttering up the forum.

Allow @addy to respond, then we can identify the real problem, as there are multiple possibilities.

Offline

#7 2017-06-20 11:20:14

addy
Contributor
Registered: 2016-09-19
Posts: 16

Re: HID Clone Error

marshmellow wrote:

Couple questions:
Does the original tag have other technology in it? (A duel tech card)
Was the original card a thick clamshell style?
Is the reader used for std access control or some longer range application?
Did you compare the full raw hex of the original and the clone?

1. I check the card the card to see if it was a dual frequency card. It seems to only work on 125 kHz. Running the lf search command, it only finds an  HID card. On the card itself it does not mention any other type of formats or brands.

2. Thick camshell style

3. The reader is housed in a plastic all weather housing, I can not tell if it is a std or long range application.

4. I did not compare the full hex. Going to do that right now. Thanks .. I did not thing of that.

I will come back with updates.

Offline

#8 2017-06-20 13:01:39

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: HID Clone Error

The full hex is dumped if you run a 'data printdemod x' after the 'lf search'.

In case you didn't already know that.

Offline

#9 2017-06-20 14:52:54

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: HID Clone Error

for #3, do you have to get the original tag very close to the reader or can it pick it up from a foot away or more?

also if you are having trouble with Iceman's fork you may want to try the pm3 master repository.

Offline

Pages: 1

Board footer

Powered by FluxBB