Just received a JTAG (probably clone); used SEGGER J-Flash ARM V4.50 version.
I followed the following steps:
01 - Plugged the Proxmark and the Segger J-LINK in to the computer
02 - Attached the J-LINK to the Proxmark JTAG port
03 - Opened J-Flash ARM V4.50 software
04 - Created a new project by selecting File > New project
05 - Changed the project settings by going to Options > Project settings
06 - Clicked on the Target Interface tab
07 - Changed the "JTAG speed before init" to 200 kHz
08 - Clicked on the CPU tab
09 - Selected the "Device" radio button and selected "Atmel AT91SAM7S256" from the drop-down list
10 - Changed the Clock speed to "Auto detection"
11 - Applyed the changes -> OK
12 - Tested connectivity to the Proxmark by selecting Target > Connect
13 - Target -> Read back -> Entire chip
I got the same dump as proxmark3_recovery.bin until offset 0x00032047 (in the SEGGER software interface the address is 0x132047)... what are the following dumped bytes (~56Kb) ? EEPROM bytes ?
try to cut the chip out and insert it in a working card (soldering the 2 tips of the antenna): maybe the tag coil is damaged; if this is the case it will work again;
also try to put the surely-good chip in the bad-tag antenna and see if it is still working; if so you will be sure the bad-tag chip is damaged.
To eliminate the plastic part of the card you can dissolve it in aceton - submerge it and cover it to avoid evaporation - only the metal parts will remain [chip+antenna]
You have to look at a 125kHz tag with 4bytes password feature and a ROM-programmed UID of "4-billion combinations" (it should be a 32bit UID). The possibilities, to my knowlwdge, are very limited and they point out to T55x7 or AT88RF256 chips (I am inclined to think about the T55x7 because of the limited user area available bytes [the unknownk tag above tech specs says "4 user memory areas"] and the because they are more common).
I rewrote this code long time ago and actually implemented the programming mode. Unfortunately I never got the time to actually commit it (this is the blog post part3 I said I was going to write long time ago on f0f's blog). Maybe this summer, hopefully ;-)
BTW, as a side comment, the programming mode for the PCF IC doesn't actually really work properly/reliably with the proxmark because the antenna signal is weak, and the pulse length is limited by the hardware design. It is therefore near impossible to have short sharp pulses as required by the programming mode for the PCF.
I'll let you know once I have time to commit the code and write this damn blog post part3
Thank you for your previous work iZsh ! It will be great to have your code updated !!