Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
My friends
I'm trying to write a t55 tag without a password on page 1 block 2, but I can not do the writing. Do you have an idea of the possible solution?
Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-301-gc839fa2-suspect 2018-02-01 14:56:56
os: master/v3.0.1-301-gc839fa2-suspect 2018-02-01 14:57:00
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59
uC: AT91SAM7S256 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 199376 bytes (76%). Free: 62768 bytes (24%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> lf t55 detect
Modulation : ASK
Bit Rate : 2 - RF/32
Inverted : No
Offset : 31
Block0 : 0x00088080
proxmark3> lf t55 info
-- T55xx Configuration & Tag Information --------------------
-------------------------------------------------------------
Safer key : 0
reserved : 0
Data bit rate : 2 - RF/32
eXtended mode : No
Modulation : 8 - Manchester
PSK clock frequency : 0
AOR - Answer on Request : No
OTP - One Time Pad : No
Max block : 4
Password mode : No
Sequence Start Terminator : No
Fast Write : No
Inverse data : No
POR-Delay : No
-------------------------------------------------------------
Raw Data - Page 0
Block 0 : 0x00088080 00000000000010001000000010000000
-------------------------------------------------------------
proxmark3> lf t55 dump
Reading Page 0:
blk | hex data | binary
0 | 00088080 | 00000000000010001000000010000000
1 | E695AAA1 | 11100110100101011010101010100001
2 | 48911136 | 01001000100100010001000100110110
3 | 11111111 | 00010001000100010001000100010001
4 | 11111189 | 00010001000100010001000110001001
5 | FFFFFFFF | 11111111111111111111111111111111
6 | FFFFFFFF | 11111111111111111111111111111111
7 | FFFFFFFF | 11111111111111111111111111111111
Reading Page 1:
blk | hex data | binary
0 | 00088080 | 00000000000010001000000010000000
1 | E0150A70 | 11100000000101010000101001110000
2 | 3CB317B1 | 00111100101100110001011110110001
3 | FFFFFFFF | 11111111111111111111111111111111
proxmark3> lf t55 wr b 2 d 79662F62 1
Writing to page: 1 block: 2 data : 0x79662F62
proxmark3> lf t55 dump
Reading Page 0:
blk | hex data | binary
0 | 00088080 | 00000000000010001000000010000000
1 | E695AAA1 | 11100110100101011010101010100001
2 | 48911136 | 01001000100100010001000100110110
3 | 11111111 | 00010001000100010001000100010001
4 | 11111189 | 00010001000100010001000110001001
5 | FFFFFFFF | 11111111111111111111111111111111
6 | FFFFFFFF | 11111111111111111111111111111111
7 | FFFFFFFF | 11111111111111111111111111111111
Reading Page 1:
blk | hex data | binary
0 | 00088080 | 00000000000010001000000010000000
1 | E0150A70 | 11100000000101010000101001110000
2 | 3CB317B1 | 00111100101100110001011110110001
3 | FFFFFFFF | 11111111111111111111111111111111
after the dump it is seen that the writing was not carried out....
Offline
Block 2 of page 1 is normally a locked block from the factory. (As is block 1 of page 1)
Offline
Why this Block change after use?
Offline
It cannot be changed under normal conditions.
Offline
Pages: 1