Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.

You are not logged in.

#1 2011-10-09 08:35:00

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Clone HID card to T55x7

Hello,

As it looks like the previous thread on this topic has disappear find here the link to the modified code and binaries supporting this (based on r497):

http://www.proxmark.org/files/index.php … _T55x7.zip

It features a new command to clone HID tags (the T55x7 card must be placed on the antenna before summiting the command):

lf hid clone <ID>, where <ID> is the 44-bit card ID to be cloned in HEX, as retruned by 'lf hid fskdemod'

Regards,
Cex.

Offline

#2 2011-10-09 11:32:52

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

I tried this but it didn't work
please send a command screenshot
thanks

Offline

#3 2011-10-09 11:36:18

vivat
Contributor
Registered: 2010-10-26
Posts: 332

Re: Clone HID card to T55x7

Cex
Contact to Roel and ask him to gain access to SVN, please

Offline

#4 2011-10-09 13:06:55

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

The link worked for me and the clone feature is fantastic!

Offline

#5 2011-10-09 15:10:20

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

img0931so.th.jpg

~/RFID/proxmark3-498/client$ ./proxmark3

Connected units:
    1. SN: ChangeMe [003/003]

proxmark3> hw version
#db# Prox/RFID mark3 RFID instrument                 
#db# bootrom: svn 486-suspect 2011-07-31 00:16:23                 
#db# os: svn 498-unclean 2011-09-29 09:01:36                 
#db# FPGA image built on 2009/12/ 8 at  8: 3:54
proxmark3>

proxmark3> hw tune
#db# Measuring antenna characteristics, please wait.                 
         
# LF antenna: 27,93 V @   125.00 kHz         
# LF antenna: 18,26 V @   134.00 kHz         
# LF optimal: 27,93 V @   125,00 kHz         
# HF antenna: 10,12 V @    13.56 MHz         
proxmark3>

proxmark3> lf em4x em410xwatch
#db# buffer samples: ff ff ff ff ff ff ff ff ...                 
Reading 2000 samples
         
Done!
         
Auto-detected clock rate: 64         
EM410x Tag ID: 0000000001         
proxmark3>

proxmark3> lf hid clone FFFFFFFFF
Cloning tag with ID fffffffff         
#db# DONE!                 

proxmark3> lf hid fskdemod
proxmark3>



The orange LED is on and the red LED flashes but no response ... why ???
thanks

Offline

#6 2011-10-09 15:57:55

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

First of all, why would you try to clone FFFFFFFFF? That ID can't possibly be valid. What kind of blank tag are you using? Also, try reading an HID tag and write down the ID on paper. My HID LF tags have 10 digits, not 9 as you show above.

Offline

#7 2011-10-09 16:22:02

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

I use a T5577 tab, but do not have a HID tags ... you can give me a valid number to try?
thanks

Offline

#8 2011-10-09 16:28:22

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

spinoinside wrote:

I use a T5577 tab, but do not have a HID tags ... you can give me a valid number to try?
thanks

20042ea607


Tell me what decimal number it produces with the proxmark3 after the clone command and I'll let you know if it is right?

Offline

#9 2011-10-09 16:41:38

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

Bugman1400 wrote:
spinoinside wrote:

I use a T5577 tab, but do not have a HID tags ... you can give me a valid number to try?
thanks

20042ea607


Tell me what decimal number it produces with the proxmark3 after the clone command and I'll let you know if it is right?

proxmark3> lf hid clone 20042ea607
Cloning tag with ID 20042ea607         
#db# DONE!                 
proxmark3>
proxmark3> lf hid fskdemod
proxmark3>

The orange LED is on and the red LED flashes but no response

Offline

#10 2011-10-09 18:28:31

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

Are you using the proxmark3.exe that came with the PM3_T55x7 zip file?

How do you know that you have a T5577 and not a T5567?

It appears that the blank tag is not being programmed. Or, it is not a T55x7 lf blank tag. Are you sure the lf tag is blank and can be programmed? I think the tags can be programmed to be protected so, if something went wrong when you tried an invalid ID then, the tag may not be able to be programmed again. I do not know what kind of checking that Cex put into the program.

Also, I do remember having trouble my first few tries. For me, I use the lf antennae that came with my PM3. It is the one that looks like a black CD/DVD. I was able to get results when I laid the blank tag on the antennae and just left it. Before, I was holding it above the antennae like I do when I want to read a tag.

I just tried to reprogram my T55x7 tag with 20042ea777 and it worked great! However, after I did the clone command and went into the lf hid fskdemod command and it did nothing until I picked up the card off of the antennae.

Hope that helps.

Offline

#11 2011-10-10 19:24:56

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

Bugman1400 wrote:

Are you using the proxmark3.exe that came with the PM3_T55x7 zip file?

How do you know that you have a T5577 and not a T5567?

It appears that the blank tag is not being programmed. Or, it is not a T55x7 lf blank tag. Are you sure the lf tag is blank and can be programmed? I think the tags can be programmed to be protected so, if something went wrong when you tried an invalid ID then, the tag may not be able to be programmed again. I do not know what kind of checking that Cex put into the program.

Also, I do remember having trouble my first few tries. For me, I use the lf antennae that came with my PM3. It is the one that looks like a black CD/DVD. I was able to get results when I laid the blank tag on the antennae and just left it. Before, I was holding it above the antennae like I do when I want to read a tag.

I just tried to reprogram my T55x7 tag with 20042ea777 and it worked great! However, after I did the clone command and went into the lf hid fskdemod command and it did nothing until I picked up the card off of the antennae.

Hope that helps.

I'm compiled under linux and tried it but no result, then i tried proxmark3.exe that came with the PM3_T55x7.zip file but nothing.

I'm not sure that the tag is T5577, on the card is printed "FOR HW688". I'm buy the card from the user laser

I'm use this homemade antenna

thanks for the quick response
I will do other tests wink

Offline

#12 2011-10-10 20:07:07

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

You have too many unknowns. The biggest unknown to me is your 'blank tag'. The "FOR HW688" means nothing to me. All my blank T55x7 cards are plain white and have nothing written on either side. Maybe you need to ask Laser what kind of tag it is?
Secondly, your antennae design looks good but, as I said before, the clone command is very picky as to how the tag is positioned next to the antennae. I don't why this is.

Confirm 'blank tag' first.

Offline

#13 2011-10-11 07:43:05

vivat
Contributor
Registered: 2010-10-26
Posts: 332

Re: Clone HID card to T55x7

The "FOR HW688" means nothing

It means that the blank card you are using is Q5 or Hitag2:
http://www.proxmark.org/forum/viewtopic … 4458#p4458

Offline

#14 2011-10-11 14:40:21

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

I'm glad vivat pointed that out. It appears that the Hitag2 is ASK modulation and probably won't work. I'm not sure if the Q5 is the same as an ATMEL T5567 or not. I think the clone feature developed by CEX is probably just for 125KHz, FSK, and the ATMEL T5567. I'm guessing that each manufacturer has its own unique way of programming its tags. However, since he included the source code, I think it would be easy to modify for the other tags as well.

Offline

#15 2011-10-11 20:17:50

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

Bugman1400 wrote:

You have too many unknowns. The biggest unknown to me is your 'blank tag'. The "FOR HW688" means nothing to me. All my blank T55x7 cards are plain white and have nothing written on either side. Maybe you need to ask Laser what kind of tag it is?
Secondly, your antennae design looks good but, as I said before, the clone command is very picky as to how the tag is positioned next to the antennae. I don't why this is.

Confirm 'blank tag' first.

laser told me that the tag is a T5557.

Today i have received a tag HID and the command "lf hid fskdemod" works:

#db# TAG ID: 2004dc9993 (19657)                 
#db# TAG ID: 2004dc9993 (19657)                 
#db# TAG ID: 2004dc9993 (19657)                 
#db# TAG ID: 2004dc9993 (19657)                 
#db# TAG ID: 2004dc9993 (19657)                 
#db# Stopped

Offline

#16 2011-10-11 20:28:44

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

Bugman1400 wrote:

The "FOR HW688" means nothing to me.

FOR HW688

Offline

#17 2011-10-11 20:33:03

spinoinside
Member
From: Italy
Registered: 2010-02-06
Posts: 14

Re: Clone HID card to T55x7

vivat wrote:

The "FOR HW688" means nothing

It means that the blank card you are using is Q5 or Hitag2:
http://www.proxmark.org/forum/viewtopic … 4458#p4458

can i verify if the tag is a Q5 or Htag?

Offline

#18 2011-10-11 22:06:51

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

spinoinside wrote:
vivat wrote:

The "FOR HW688" means nothing

It means that the blank card you are using is Q5 or Hitag2:
http://www.proxmark.org/forum/viewtopic … 4458#p4458

can i verify if the tag is a Q5 or Htag?

If Laser verified that it is a T5557 then the clone command should work. So, the second thing is the antennae. Try clone the HID tag you have now. If it doesn't work then add non-metalic spacers between your blank tag and the antennae until you get results. Obviously, you may have to remove the spacers to read the tag once you programmed it.

Offline

#19 2011-10-13 15:33:21

Raymond
Contributor
Registered: 2011-09-14
Posts: 30

Re: Clone HID card to T55x7

Have anybody encounter this before?

6240835112_30682863b0.jpg
lf hid clone problem by raymond2017

#db# unknown commND:: 0X0210

Offline

#20 2011-10-13 17:05:04

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

Try limiting the ID to just 10 digits.

Raymond wrote:

Have anybody encounter this before?

http://farm7.static.flickr.com/6049/6240835112_30682863b0.jpg
lf hid clone problem by raymond2017

#db# unknown commND:: 0X0210

Offline

#21 2011-10-14 01:13:41

Raymond
Contributor
Registered: 2011-09-14
Posts: 30

Re: Clone HID card to T55x7

Shaved off one digits front & than one digits back.

6241773711_58f7351d4b.jpg
lf hid clone problem 3 by raymond2017

For that HID card.

The hid reader not proxmark3 display:

ID = EDDEEEBBDEF
37-bit 6F775DEF7

I also try to emulating it from proxmark3, the hid reader was not able to detect also.

Arh.......

Offline

#22 2011-10-14 01:29:36

Bugman1400
Contributor
Registered: 2010-12-20
Posts: 132

Re: Clone HID card to T55x7

Could be a Windows 7 issue. Try using ID 20042ea5a0. If that doesn't work, it is a Windows 7 issue. Try again with XP.

Offline

#23 2011-10-14 07:52:38

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

Yes, I got that error sometimes when the card is not read properly.
The SW seems to be interpreting part of the card ID as a command.
Just ignore it.

Offline

#24 2011-10-14 10:52:05

Raymond
Contributor
Registered: 2011-09-14
Posts: 30

Re: Clone HID card to T55x7

Bugman1400, Try using XP.

6242774761_6225205130.jpg
T55x7 by raymond2017

Same result.

I download the zip file T55x7 and when i try to open the proxmark3.exe, it said that i'am missing some file. The files are those in the r486/win32, so i copy them over.
Or am i doing the wrong thing?

6243290952_eae63e4802.jpg
Xp proxmark3 by raymond2017

Cex

I try to clone the card i buy from proxmark3 also have the same error.

2006e23731

Also thanks for replying.

Offline

#25 2011-10-14 11:14:52

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

Yes, the DLLs are the same.
Surely your antenna do not provide enough voltage, but try out this version with programming times modified, that seems to work better (at least for me):

http://www.proxmark.org/files/index.php?dir=Uploads%2F&download=PM3_T55x7_extended_times.zip

EDIT: Also try to program the card from the other side (it should be the same for both sides, but I have noticed that cards tend to work better from one of its sides).


Regards.

Last edited by Cex (2011-10-14 11:21:11)

Offline

#26 2011-10-14 11:35:45

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

Raymond wrote:

Have anybody encounter this before?

http://farm7.static.flickr.com/6049/6240835112_30682863b0.jpg
lf hid clone problem by raymond2017

#db# unknown commND:: 0X0210


WAIT!
I have not realised it was complaining on cloning, not reading.

You have NOT updated the PM3 firmware.
you MUST update the firmware for the command to work. The cloning function requires the new CLIENT and the new OSIMAGE.ELF to work.

Update your firmware (copy osimage.elf to your client folder and type 'flasher osimage.elf' ) or your PM3 won't know how to program the card.

Offline

#27 2011-10-14 15:56:14

moebius
Contributor
Registered: 2011-03-10
Posts: 199

Re: Clone HID card to T55x7

Why don't you put this neat feature into the main SVN?

Offline

#28 2011-10-14 16:41:59

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

I was waiting to make it work with keyfobs.

Finally I found the problem... as the antenna inductance makes the field decrease exponentially when creating a gap, the field ON times must be shorter than those in the datasheet and the gap time a little longer.

Now I have a version that works with keyfobs and ISO cards (don't have a clamshell to test with).

On the other hand there was no need to reset the tag when writting to a new block, so now the whole process takes around 1 second.

Do I have permission to upload to SVN or  shall I ask Roel for it?

Offline

#29 2011-10-14 16:57:54

moebius
Contributor
Registered: 2011-03-10
Posts: 199

Re: Clone HID card to T55x7

Cool! I'll try those features.

Ask Roel for SVN creds.

Thanks for this contribution!

Offline

#30 2011-10-15 07:16:55

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

moebius wrote:

Cool! I'll try those features.

Ask Roel for SVN creds.

Thanks for this contribution!

Ok, I'll send a message to Roel.
In the meantime you can find the working version in:

http://www.proxmark.org/files/index.php?dir=Uploads%2F&download=PM3_T55x7_v2.zip


It seems to work quite well on both ISO cards and keyfobs.
It is also supposed to be compatible with E5550 cards also (I extended programming time), but don't have any to test with.

Regards.

Offline

#31 2011-10-17 17:17:58

Raymond
Contributor
Registered: 2011-09-14
Posts: 30

Re: Clone HID card to T55x7

Cex wrote:
Raymond wrote:

Have anybody encounter this before?

http://farm7.static.flickr.com/6049/6240835112_30682863b0.jpg
lf hid clone problem by raymond2017

#db# unknown commND:: 0X0210


WAIT!
I have not realised it was complaining on cloning, not reading.

You have NOT updated the PM3 firmware.
you MUST update the firmware for the command to work. The cloning function requires the new CLIENT and the new OSIMAGE.ELF to work.

Update your firmware (copy osimage.elf to your client folder and type 'flasher osimage.elf' ) or your PM3 won't know how to program the card.

I got my proxmark3 with the firmware this month.
So where can i download or update my firmware?

6253919791_84938683e0.jpg
T55x7_v2 by raymond2017

By the way for the command , lf emx em410xwatch. Will it go on & on after you run it? Or by pressing the button will stop it? I try to stop it by pressing the button but got error and force close.

Offline

#32 2011-10-18 06:59:17

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

Raymond wrote:

I got my proxmark3 with the firmware this month.
So where can i download or update my firmware?

You got the link in the previous post. Please read before ask...
Alternatively you can get release r499 from SVN repository.

Regards.

Offline

#33 2011-10-18 07:52:10

Raymond
Contributor
Registered: 2011-09-14
Posts: 30

Re: Clone HID card to T55x7

Thank for the reply Cex.

Offline

#34 2011-10-20 14:44:40

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

moebius wrote:

Why don't you put this neat feature into the main SVN?

Done (r499).
Made a stupid mistake when commiting and the Log Message field was empty.
I have asked Roel to fix that, but the version shall be working anyway.

Offline

#35 2011-10-26 11:34:13

o0o0o0o
Contributor
From: Germany
Registered: 2011-10-06
Posts: 64

Re: Clone HID card to T55x7

Can it be possible to implement the following function to the Proxmark :

Write to a R/W T55x7 chip along with a password.
So that any rewriting is impossible unless the password is known...

Offline

#36 2011-10-27 06:40:20

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

It is possible (the T55x7 chip supports password), but it will take quite a huge effort.
You'll need to include commands to program the password (and checking it before enabling it to make sure you don't loose access to the card), to modify it, and to modify the stored ID with password.
It's quite improbable that the card get erased/modified by itself, so I think it's not worth the effort.

Offline

#37 2011-11-25 09:31:34

toneydavy
Member
Registered: 2011-10-21
Posts: 2

Re: Clone HID card to T55x7

Cex wrote:

Hello,

As it looks like the previous thread on this topic has disappear find here the link to the modified code and binaries supporting this (based on r497):

http://www.proxmark.org/files/index.php … _T55x7.zip               iphone 4 case

It features a new command to clone HID tags (the T55x7 card must be placed on the antenna before summiting the command):

lf hid clone <ID>, where <ID> is the 44-bit card ID to be cloned in HEX, as retruned by 'lf hid fskdemod'

Regards,
Cex.

thanks a lot,I'll try it!!

Offline

#38 2011-12-05 21:23:03

ghaber
Member
Registered: 2008-10-26
Posts: 11

Re: Clone HID card to T55x7

Hello all,

Can anybody tell me where I can find a place to buy T55x7 cards?? I only found places in China with a minimum lot of 200 uds for about 230$ shipment included. Anyplace recomendation??

Regards

Offline

#39 2011-12-05 22:37:24

carl55
Contributor
From: Colorado USA
Registered: 2010-07-04
Posts: 112

Re: Clone HID card to T55x7

If you are looking for small quantities in the US you can purchase some T5557 R/W cards from mdfly.com . They work great!!  The cards are $1.59 each and they ship quickly from California.
Here is the link:
http://www.mdfly.com/index.php?main_page=product_info&cPath=16_62&products_id=170

Offline

#40 2011-12-08 20:18:43

ghaber
Member
Registered: 2008-10-26
Posts: 11

Re: Clone HID card to T55x7

Thanks Carl,

I will try them.

Regards

Offline

#41 2012-05-01 18:23:35

urkis
Contributor
Registered: 2012-02-12
Posts: 30

Re: Clone HID card to T55x7

This worked for me with your firmware and a T5567 card, but with the latest svn 528 this doesn't work.

Last edited by urkis (2012-05-01 19:10:20)

Offline

#42 2012-05-16 13:34:23

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

urkis wrote:

This worked for me with your firmware and a T5567 card, but with the latest svn 528 this doesn't work.

Took a look at the new revision and there's an error in file lfopt.c line 1139 introduced in r528.
The correct modulation for HID is FSK2a, not manchester, so replace T55x7_MODULATION_MANCHESTER by T55x7_MODULATION_FSK2a

I'll correct it when possible (I'll also add cloning capabilities for 64/224 bits Indala cards).

Offline

#43 2012-06-25 05:38:50

homer999
Member
Registered: 2012-05-07
Posts: 3

Re: Clone HID card to T55x7

Will this work with T5577 chip which replaces T5567?

Offline

#44 2012-07-02 09:47:48

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

Cex wrote:
urkis wrote:

This worked for me with your firmware and a T5567 card, but with the latest svn 528 this doesn't work.

Took a look at the new revision and there's an error in file lfopt.c line 1139 introduced in r528.
The correct modulation for HID is FSK2a, not manchester, so replace T55x7_MODULATION_MANCHESTER by T55x7_MODULATION_FSK2a

I'll correct it when possible (I'll also add cloning capabilities for 64/224 bits Indala cards).

Fixed bug in r582 (and Indala cloning added).

As far as I know it should also work on T5577, although I do not have any to test.

Offline

#45 2012-07-05 07:25:02

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

nilsja wrote:

Hi Cex,

does this version also work in standalone mode?

I have not modified that part of the code.
If it was working on previous release, it should work in this release.

Offline

#46 2012-07-10 15:31:06

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

nilsja wrote:

Hi Cex,

i meant wether cloning onto another card also works in stand alone mode. As far as i understood the stand alone mode description it does only card emulation, not copying onto another card. Is that right? It would be great to also be able to copy a card in stand alone mode.

I have not implemented that function.
If you are interested just replace the call to simulate tag by a call to clone tag. It should work.

Offline

#47 2013-01-16 11:59:28

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

Added support for long format (up to 84 bits) to clone command in r649.

If when using "lf hid fskdemod" you get an UID like TAG ID: 9exxxxxxxxxxxxxxxxxxxxx
you can clone using "lf hid clone xxxxxxxxxxxxxxxxxxxxx l" (the l specifies long format).

The 9E must NOT be included when cloning as it is part of the header and is automaticly added.

Regards.

Offline

#48 2013-01-20 19:27:35

urkis
Contributor
Registered: 2012-02-12
Posts: 30

Re: Clone HID card to T55x7

Cex wrote:

Added support for long format (up to 84 bits) to clone command in r649.

If when using "lf hid fskdemod" you get an UID like TAG ID: 9exxxxxxxxxxxxxxxxxxxxx
you can clone using "lf hid clone xxxxxxxxxxxxxxxxxxxxx l" (the l specifies long format).

The 9E must NOT be included when cloning as it is part of the header and is automaticly added.

Regards.

Nice, but there seems to be some trouble now when writing the short format

Example:
lf hid clone 2006EA19D2

And when I read the T55x7 using "data fskdemod" it shows:
hex: 00000021 06ea19d2

Seems like the second number always becoming a 1 instead of 0?

Offline

#49 2013-01-21 08:47:46

Cex
Contributor
Registered: 2009-12-14
Posts: 104

Re: Clone HID card to T55x7

urkis wrote:

Nice, but there seems to be some trouble now when writing the short format

Example:
lf hid clone 2006EA19D2

And when I read the T55x7 using "data fskdemod" it shows:
hex: 00000021 06ea19d2

Seems like the second number always becoming a 1 instead of 0?

Functionallity was tested before committing changes. Anyway I tested again with your example and it works fine for me.
Maybe there's a bug in 'data fskdemod' (I did not modify that command). Try 'lf hid fskdemod' instead.
Also try to read/write with the card in another position or with an small spacer between the card and the PM3 as antenna coupling may modify the writing timings and the card may had been written with a wrong value.

Offline

#50 2013-01-24 12:34:07

elliot42
Contributor
From: Australia
Registered: 2013-01-11
Posts: 16

Re: Clone HID card to T55x7

I'm also having problems with "lf hid clone" after commit 649. I can use "lf hid fskdemod" with 648 and 650 and get the same correct read from my HID card. Cloning to a T5557 using 648 works well and the cloned card reads exactly the same as the original.
Cloning to a T5557 using 650, however, has bits missing from the written data. I get bad reads from that card from both 650 and 648. It also takes many seconds to get a read and when it does I get one UID that looks completely wrong and a second that's has the first 4-5 bits correct so that I can see the facility code, but the rest is wrong.

I'm using a Proxmark3 and LF antenna from xfpga.com. Firmware and client have been compiled on Windows 7 using the latest mingw-proxmark.zip env from Google Code and the 20121222 release of the YAGARTO ARM Toolchain.

Offline

Board footer

Powered by FluxBB