Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2018-09-16 00:55:58

Violet
Contributor
Registered: 2018-09-13
Posts: 3

Hoping to unbrick / rescue a T5577 implant

Hello everyone,

I have a T5577 tag that has had some troubles, and it might be bricked. Might be permanently dead, but I'm hoping there's a chance to save it. It's implanted in my left hand so I'm a bit reluctant to dig it out lol. At least, untill I know it's beyond hope.

It was originally cloned to an EM41xx format, which worked fine. I started experimenting with it using a Proxmark 3 Easy, and with the Iceman fork of the client and firmware. It read ok using lf search and the em read commands, but the t5577 commands gave me a lot of bizzare / nonsensical results.

The lf t5577 info command was telling me that the tag had a password set, and the lf t5577 wipe command wasn't working so I tried running the bruteforce command on the tag. That seemed to have been a mistake, and after that it stopped working as an EM clone. Since then it's only identified as an 'unknown FSK modulated tag'. It produces some data which is consistent, but I can't decypher it, and haven't been able to write anything to the tag.

I got some help on the forum of the place where I bought the tag, but figured I'd come and ask here as well and see if I could get any more advice or assistance. One of the suggestions I got was to switch to the main version instead of a fork, so I've done that. Keeping the firmware and client up to date and in sync.

Finally, I understand the stock antennas are not ideal for small glass tags so I've wound a number of antennas to test with, and have got two now which seem to be working pretty well.

I also got a dozen T5577 keychain tags to experiment with, and I tried running the same process on one of those that I did with the implant. I.e. I cloned it to an EM41xx, then ran the bruteforce, which resulted in the tag getting into the same glitched state as the implant. The difference was, I was able to rescue the keychain tag using a 'testmode' command. That unfortunately doesn't seem to work on the implant.

So, here's where the tag is now:

lf search u
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:


No Known Tags Found!


Checking for Unknown tags:

Possible Auto Correlation of 24960 repeating samples

Using Clock:50, invert:0, fchigh:8, fclow:5
FSK1a decoded bitstream:
1110010101111111
0011111001111110
1100110100111000
0001100010000100
1000011000000000
0000000110101111
1111001010111111
1001111100111111
0110011010011100
0000110001000010
0100001100000000
0000000011010111
1111100101011111
1100111110011111
1011001101001110
0000011000100001
0010000110000000
0000000001101011
1111110010101111
1110011111001111
1101100110100111
0000001100010000
1001000011000000
0000000000110101
1111111001010111
1111001111100111
1110110011010011
1000000110001000
0100100001100000
0000000000011010
1111111100101011
1111100111110011


Unknown FSK Modulated Tag Found!

It is consistent in producing that block of data. I don't know where to go from here though, what else to try.

If anyone has some advice or something I can try, I'd really appreciate it.

Thank you!

Offline

#2 Yesterday 03:46:04

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,232

Re: Hoping to unbrick / rescue a T5577 implant

implants are difficult to talk to without specialized antennas.  try setting the config block (t55xx block 0) to a known good value multiple times from varying positions.  then try setting the other blocks one at a time attempting multiple times from varying positions.  likely you will get your tag to hear at least one of your commands.

Offline

#3 Yesterday 16:52:30

Violet
Contributor
Registered: 2018-09-13
Posts: 3

Re: Hoping to unbrick / rescue a T5577 implant

Thank you marshmellow,

I've been unsuccessful so far, and have tried many many times. smile

I've got a special antenna on order which is said to work very well with small implant tags, hopefully that will do the trick.

Offline

Board footer

Powered by FluxBB