Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2019-10-21 22:41:44

ebodyyy
Contributor
Registered: 2019-10-02
Posts: 14

[Solved] Page 1 Not copying, how to obtain RAW data for page 1?

Hey guys, thank you for your help on the last fob it worked great. (http://www.proxmark.org/forum/viewtopic.php?pid=36885#p36885)

I got another fob this time and had a similar issue to the one above where block 2 of page 0 was not copying. So I used the raw data from the lf search and fixed that issue.

Now, page 1, block 1&2 are not copied properly. How would I be able to obtain raw data for page 1 blocks? Is there any other alternatives?

This is this original Fob:

blk | hex data | binary          
  0 | 80107060 | 10000000000100000111000001100000          
  1 | 00913A42 | 00000000100100010011101001000010          
  2 | 81B81B28 | 10000001101110000001101100101000          
  3 | 90888888 | 10010000100010001000100010001000          
  4 | 00000000 | 00000000000000000000000000000000          
  5 | 00000000 | 00000000000000000000000000000000          
  6 | 00000000 | 00000000000000000000000000000000          
  7 | 00000000 | 00000000000000000000000000000000          
Reading Page 1:          
blk | hex data | binary          
  0 | 80107060 | 10000000000100000111000001100000          
  1 | F00A80AB | 11110000000010101000000010101011          
  2 | 49888295 | 01001001100010001000001010010101          
  3 | 00000000 | 00000000000000000000000000000000

This is the output of the t55xx card:

proxmark3> lf t55xx dump
Reading Page 0:          
blk | hex data | binary          
  0 | 80107060 | 10000000000100000111000001100000          
  1 | 00913A42 | 00000000100100010011101001000010          
  2 | 81B81B28 | 10000001101110000001101100101000          
  3 | 90888888 | 10010000100010001000100010001000          
  4 | 00000000 | 00000000000000000000000000000000          
  5 | 00000000 | 00000000000000000000000000000000          
  6 | 00000000 | 00000000000000000000000000000000          
  7 | 00000000 | 00000000000000000000000000000000          
Reading Page 1:          
blk | hex data | binary          
  0 | 80107060 | 10000000000100000111000001100000          
  1 | F00A8542 | 11110000000010101000010101000010          
  2 | 0CF218E8 | 00001100111100100001100011101000          
  3 | 00000000 | 00000000000000000000000000000000

Thanks in advance!

Last edited by ebodyyy (2019-11-26 06:53:33)

Offline

#2 2019-10-22 15:51:56

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: [Solved] Page 1 Not copying, how to obtain RAW data for page 1?

Not all tags allow for writing of Page 1 block1,2...

Offline

#3 2019-10-23 03:39:47

mwalker
Moderator
Registered: 2019-05-11
Posts: 318

Re: [Solved] Page 1 Not copying, how to obtain RAW data for page 1?

As per iceman's comment, sometimes those blocks are locked.  The Real T5577 have the tractability data stored on those blocks and locked at factory.
The data looks to be the tractability data (out by one bit) i.e. starting with E015 on both.  The second (target card) looks to be a ATA5577M1  ID (if correct).

I would test the card and if it works, ignore those blocks (as a normal reader read should not see that data).

If the do need to match for some reason (readers are reading those blocks), you could try to unlock the target card with a test write.
NOTE: this will completely wipe the card (so you will need to clone again).

lf t55xx write b 0 d 000880E0 t
lf t55xx detect
lf t55xx dump

If the test command worked (it may not for some cards) then you should have a blank looking card (post the results of the dump)
If the blocks 1 and 2 of page 1 are now all 0 or all F then you should be able to write data to those blocks.

i.e.
lf t55xx write b 1 1 d E0150157
lf t55xx write b 2 1 d 9311052A

Note: I have made an assumption with the data.  It looked to be one bit out, so I left shifted (and wrapped) the data.  Since it give the E015 it seems more likely to be the correct data.
that said, test and try and see of the new dumps look the same.

Offline

#4 2019-11-04 02:21:51

ebodyyy
Contributor
Registered: 2019-10-02
Posts: 14

Re: [Solved] Page 1 Not copying, how to obtain RAW data for page 1?

Iceman, Mwalker,

Thank you for your responses.

I re-read the datasheet for t5577 cards and found that that block isn't even used. (you were right). I just used the RAW data as before because the "Dump" files are not right. I think this is a software issue that i flashed a different bootrom/os for the proxmark the first day i got it lol. Anyways, using the RAW data did work even though those 2 blocks weren't copied too.

I'll make note to try that the next time i copy a fob and will see if im able to erase pg1 block1&2.

Thank you for your help.

Offline

#5 2019-11-04 17:58:25

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: [Solved] Page 1 Not copying, how to obtain RAW data for page 1?

if your question is answered,   please edit your first post and add the prefix [solved] to your title

Offline

Pages: 1

Board footer

Powered by FluxBB