Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2015-08-03 14:42:52

kristian1991
Member
Registered: 2015-06-21
Posts: 8

Cant identify TAG

I have a separate issue with a tag that i cannot identify i have put below some of the replies back for PM3
proxmark3> lf search u
Reading 30000 bytes from device memory
         
Data fetched         
Samples @ 8 bits/smpl, decimation 1:1           
NOTE: some demods output possible binary
  if it finds something that looks like a tag         
False Positives ARE possible
         
Checking for known tags:
         
No Known Tags Found!
         
Checking for Unknown tags:
         
Possible Auto Correlation of 3840 repeating samples         
Using Clock:40, Invert:0, Bits Found:750         
ASK/Manchester decoded bitstream:         
0000000000000000
0000111111111001
1000000000000000
1000100000000101
0001010011000111
1010110111110111
0000000000000000
0000111111111001
1000000000000000
1000100000000101
0001010011000111
1010110111110111
0000000000000000
0000111111111001
1000000000000000
1000100000000101
0001010011000111
1010110111110111
0000000000000000
0000111111111001
1000000000000000
1000100000000101
0001010011000111
1010110111110111
0000000000000000
0000111111111001
1000000000000000
1000100000000101
0001010011000111
1010110111110111
0000000000000000
0000111111111001

Offline

#2 2015-08-03 17:16:07

rbubba1911
Contributor
Registered: 2014-08-14
Posts: 86

Re: Cant identify TAG

Hi,

you should give us more info about the tag,

I'm not expert in decoding (yet!), but I see :

96 bit pattern:
111111111001100000000000000010001000000001010001010011000111101011011111011100000000000000000000

which I decode as 12 x 8bit :

11111111
10011000
00000000
00001000
10000000
01010001
01001100
01111010
11011111
01110000
00000000
00000000

in hex : FF 98 00 08 80 51 4C 7A DF 70 00 00

look on your tag if it make sense. (engraved/printed value , etc..)

Offline

#3 2015-08-05 13:54:04

kristian1991
Member
Registered: 2015-06-21
Posts: 8

Re: Cant identify TAG

There is no information on the Tag, it is a clear white tag, it is coded on a T55xx because i accidentally wiped the original card with HID. I have tried to use the lf t55xx dump and detect commands to try and copy the blocks to another t55xx but the problem is that the blocks on the dump are constantly changing and so is block 0

Any help on this, below is an example of the changes.

proxmark3> lf t55xx detect
clk 255         
Modulation : ASK         
Bit Rate   : 3 - RF/40         
Inverted   : No         
Offset     : 0         
Block0     : 0xF00C8060         
         
proxmark3> lf t55xx dump
[0] 0xF00C8060  11110000000011001000000001100000         
[1] 0x7FCC0004  01111111110011000000000000000100         
[2] 0x2014531F  00100000000101000101001100011111         
[3] 0x21280000  00100001001010000000000000000000         
[4] 0x00000000  00000000000000000000000000000000         
[5] 0xFFFFFFFF  11111111111111111111111111111111         
[6] 0x04093302  00000100000010010011001100000010         
[7] 0x00000000  00000000000000000000000000000000         
proxmark3> lf t55xx detect
clk 255         
Modulation : ASK         
Bit Rate   : 3 - RF/40         
Inverted   : No         
Offset     : 1         
Block0     : 0xF00C8060         
         
proxmark3> lf t55xx dump
[0] 0xF00C8060  11110000000011001000000001100000         
[1] 0x7FCC0004  01111111110011000000000000000100         
[2] 0x80514C7C  10000000010100010100110001111100         
[3] 0x42500000  01000010010100000000000000000000         
[4] 0xFFFFFFFF  11111111111111111111111111111111         
[5] 0x00000000  00000000000000000000000000000000         
[6] 0x04093302  00000100000010010011001100000010         
[7] 0x00000000  00000000000000000000000000000000

Offline

#4 2015-08-05 13:55:30

kristian1991
Member
Registered: 2015-06-21
Posts: 8

Re: Cant identify TAG

another example of changes is below:

proxmark3> lf t55xx info
         
-- T55xx Configuration & Tag Information --------------------         
-------------------------------------------------------------         
Safer key                 : 7         
reserved                  : 64         
Data bit rate             : 1 - RF/16         
eXtended mode             : Yes - Warning         
Modulation                : 4 - FSK 1 RF/8  RF/5         
PSK clock frequency       : 0         
AOR - Answer on Request   : No         
OTP - One Time Pad        : No         
Max block                 : 1         
Password mode             : Yes         
Sequence Start Terminator : No         
Fast Write                : No         
Inverse data              : No         
POR-Delay                 : No         
-------------------------------------------------------------         
Raw Data - Page 0         
     Block 0  : 0x78064030  01111000000001100100000000110000         
-------------------------------------------------------------         
proxmark3> lf t55xx info
         
-- T55xx Configuration & Tag Information --------------------         
-------------------------------------------------------------         
Safer key                 : 15         
reserved                  : 0         
Data bit rate             : 3 - RF/40         
eXtended mode             : No         
Modulation                : 8 - Manchester         
PSK clock frequency       : 0         
AOR - Answer on Request   : No         
OTP - One Time Pad        : No         
Max block                 : 3         
Password mode             : No         
Sequence Start Terminator : No         
Fast Write                : No         
Inverse data              : No         
POR-Delay                 : No         
-------------------------------------------------------------         
Raw Data - Page 0         
     Block 0  : 0xF00C8060  11110000000011001000000001100000         
-------------------------------------------------------------

Offline

#5 2015-08-05 14:24:53

rbubba1911
Contributor
Registered: 2014-08-14
Posts: 86

Re: Cant identify TAG

strange indeed !

look like a defective tag or reading perturbation ..

do you have same experience with another t55 tag ?

Offline

#6 2015-08-05 16:48:05

kristian1991
Member
Registered: 2015-06-21
Posts: 8

Re: Cant identify TAG

No, i have successfully tested many T55xx cards and they are all working perfectly fine, i even accidentally deleted a copy of the same card as i had two, I wiped it with a HID UID and therefor can't restore it back, i have the second card with the same data and can't get around to understanding how to clone it.

Thanks in advance

Offline

#7 2015-08-05 17:17:23

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Cant identify TAG

If the t55xx with hid uid isn't password protected, then you could write the read t55xx blocks back to the overwritten tag from the second tag...
e.g.  lf t55 detect
lf t55 dump
-swap tags
lf t55 write .....

Offline

#8 2015-08-20 12:40:07

kristian1991
Member
Registered: 2015-06-21
Posts: 8

Re: Cant identify TAG

hi iceman thank your for your reply,

i have indeed tried this method, however the blocks are always changing

it is very strange. even the modulation changes at random times

any idea of any tags that act like this?

Offline

#9 2015-08-20 14:47:07

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: Cant identify TAG

if the blocks always change, then something is wrong. smile

it could be the offset or the strength of your LF antenna, or a bad tag. or..or..or..

Offline

#10 2015-08-20 17:23:12

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Cant identify TAG

i've seen this and it is a timing issue.  the reader/tag is not always in sync depending partially on the actual data coded on the tag, (since this seems to change the starting time of the data waves).  there are things that can be done to help this situation but i have not identified a true fix for it. 
varying antenna strength and/or tag position can help. 

but ultimately you cannot trust the t55xx read is going to be accurate.  the raw demodded binary is mostly correct, but the starting position varies, and therefore, the encoding may even invert occasionally.   (your all 00's then all 11's blocks)

mainly this is due to how the t55xx communicates, and the fact that we are trying to be modulation and bitrate agnostic.  there is no marker transmitted to the reader to identify the start sequence of the incoming data.  so we have to rely on timing.  there are multiple issues with this (including using a time measurement with a large error window) especially since the time between the reader command and the tags response varies slightly with each modulation/bitrate.  add that to the demod adjusting it's start position automatically for best demod, and you get inconsistent results.  which is better than it was, which was NO results...

Last edited by marshmellow (2015-08-20 17:25:29)

Offline

#11 2015-08-20 17:34:41

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Cant identify TAG

btw, your tag blocks 1 - 3 are:
7FCC0004
4028A63D
6FB80000

those are the only blocks transmitted so blocks 4-7 can be ignored.

this was taken from the original lf search u results you posted.
@rbubba1911's demod probably would have worked as well as we have the same binary, just different starting points.

Offline

#12 2015-08-20 17:58:52

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Cant identify TAG

i believe this is a securakey format

Offline

#13 2015-08-20 18:01:55

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Cant identify TAG

your badge number is likely 10654

Offline

Board footer

Powered by FluxBB