Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2014-08-16 21:07:13

blogfish
Contributor
Registered: 2013-06-05
Posts: 17

Help Cloning Paradox 125khz Cards

Hello all and thank you in advance for your help. I need help cloning 3 125khz cards from the manufacturer Paradox.

I have the traces of 3 cards available here:
http://yourfilelink.com/get.php?fid=957619

The numbers on each card are in the filename for each trace.
Paradox--96:40426-APJN08.pm3
Paradox--108:01827-APOC11.pm3
Paradox--112:10262-APOC13.pm3

There was someone else who working with a paradox card on the forum here:
http://www.proxmark.org/forum/viewtopic.php?id=1844

What steps are necessary to decode / clone these suckers?

Thanks!

Offline

#2 2014-08-18 15:38:32

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

as discussed in http://www.proxmark.org/forum/viewtopic.php?id=1844 the proxmark's current programming can't decode the bitstream directly without code changes.  but it can plot the wave and you can manually decode the fsk waveform (apply a 50 x grid over it and line it up).  once you get a bit stream you can then program a ATA55xx chip card to match.

as far as your bitstreams, because you uploaded a trace I will decode 2 of the 3 for you:

108_01827:
Raw FSK Demod:
00001111010101010101010101010110100110100101  01010101011010100101100101011010  10101010101001011010
Manchester demod: 
         0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 0 0   0 0 0 0 0 1 1 1 0 0 1 0 0 0 1 1   1 1 1 1 1 1 0 0 1 1
Bit Interpretation:
  			FC	108			Card	01827              Checksum/Parity?

96_40426:
00001111010101010101010101010110100101010101  10010110101001101010100110011001  10011010010110011010
         0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0   1 0 0 1 1 1 0 1 1 1 1 0 1 0 1 0   1 0 1 1 0 0 1 0 1 1
				96				40426		

the 00001111 appears to be the prefix or start of data (instead of HID's 00011101)

to clone, take hex of raw FSK Demod and program a ATA55xx blocks 1-3 and program the configuration block the same as an HID standard card (refer to other topics for details on these)

Last edited by marshmellow (2014-08-26 02:12:55)

Offline

#3 2014-08-18 17:09:06

blogfish
Contributor
Registered: 2013-06-05
Posts: 17

Re: Help Cloning Paradox 125khz Cards

Thanks for your help!

So can you tell me where I am going wrong?

I cant get it to output the manchester decoding.

Here are the commands I have used:

lf read
data samples 16000
data fskdemod
data grid 50 0
data hpf
data threshold 0

At this point my plot has gone from analog to digital between -1 and 1 with a grid. How do I output the raw fsk?

Also, when I try to "data mandemod" or "data mandemod 50" the data I get: dozens of "Warning: Manchester decode error for pulse width detection. (too many of those messages mean either the stream is not Manchester encoded or the closk is wrong). What am I missing Marshmellow?

Offline

#4 2014-08-18 20:55:56

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

marshmellow wrote:

the proxmark's current programming can't decode the bitstream directly without code changes.  but it can plot the wave and you can manually decode the fsk waveform (apply a 50 x grid over it and line it up).


by manually decode I meant look at the wave plot and MANUALLY decode it by hand.  then manually decode the Manchester data.  or if you are good at coding, you could look to adjust the fskdemod to work properly.

So:
lf read
data samples 16000
data plot
data grid 50 0

then left and right arrows (or trim grid) to line up the grid to your waveform.

Last edited by marshmellow (2014-08-18 20:58:52)

Offline

#5 2014-08-18 21:21:30

blogfish
Contributor
Registered: 2013-06-05
Posts: 17

Re: Help Cloning Paradox 125khz Cards

Oh you meant MANUALLY manually decode it. smile

Thank you very much for your help.

Send me a private message if you want a free case of beer.

Offline

#6 2014-08-18 21:26:35

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

smile

Last edited by marshmellow (2014-08-18 21:27:07)

Offline

#7 2015-01-20 02:07:01

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

I am a total newbie. Is there a set of commands or script to clone Paradox FOBs automatically? I don't understand enough to decode manually! Or, is there another system (other than Proxmark 3) that would do it automatically? I have used ProxClone to easily clone HID FOBs, but Paradox are not possible with it... Any recommendation appreciated! Thanks!

Offline

#8 2015-01-20 02:10:05

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

The new fskrawdemod can demod these but you will need to learn a bit to clone.  But all the info is on the forum

Offline

#9 2015-01-23 22:37:30

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Thanks!

Offline

#10 2015-01-24 00:53:22

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Actually, in my github fork there is a auto demod command for this and other FSK tags..  I'm still working on others so I haven't pushed it to the main...   The output from the demod could be used to write a copy.   If you have a lot to copy I suggest you learn some code.

Offline

#11 2015-01-28 01:24:37

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

The new "data fskparadoxdemod" can demod these.  Cloning is an extra few steps.

Offline

#12 2015-02-01 04:03:09

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

marshmellow wrote:

The new "data fskparadoxdemod" can demod these.  Cloning is an extra few steps.

Thanks for your help!

Offline

#13 2015-02-12 02:57:57

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

marshmellow wrote:

The new "data fskparadoxdemod" can demod these.  Cloning is an extra few steps.

I received my Proxmark3 a week ago and flashed it to CDC and the latest version I found for windows (756).

I cloned a few HID and Indala.

To try reading and cloning, if I am lucky, a Paradox I would love to use the fskparadoxdemod command.
Where can I get the proper patch file and where can I find instructions on how to patch the file into the version I have (Windows 7)? I Googled it but could not find the answer...

Also, probably another stupid question: to stop reading I can press the Proxmark3 button. Is there a keyboard shortcut in the GUI that would do the same thing (like Ctrl Break or ESC...), I did not see anything like that in the doc I read...

Thanks for your time!

Offline

#14 2015-02-12 03:08:42

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

You need the github code, or aspers compiled windows client files.

There is no keyboard key that mimics the proxmark button

Offline

#15 2015-02-12 03:55:58

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Thank you so much Marshmellow!

Offline

#16 2015-02-12 05:16:13

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Well I guess I did something wrong sad

I downloaded Asper's 0.0.7 and flashed the full FPGA then the OS. Both flashes went smoothly and indicated they succeeded. However the Proxmark is now stuck with both yellow and red light s lit! Unplugging and waiting a while did not change anything. I tried re-flashing both  and it succeeded again but did not fix the problem... I did not touch the bootrom.

Even though I did not flash the bootrom, do I need to flash it with the bootrom included in 0.0.7? I thought the bootrom rarely needed to be changed... I don't want to risk screwing the Proxmark more than it is as I don't have a JTAG...

Any suggestion on what I can do ? Thanks!

Last edited by Earman (2015-02-12 05:23:27)

Offline

#17 2015-02-12 05:20:17

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Should have flashed the bootrom first.  Might still be able to

Last edited by marshmellow (2015-02-12 05:20:35)

Offline

#18 2015-02-12 05:24:17

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Just read your reply. I did not realize that the bootrom had to be flashed. So, for each new bin the bootrom needs to be flashed?

Offline

#19 2015-02-12 05:27:13

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Just flashed bootrom and everything OK now. A HUGE thanks for your help! I thought of trying it but was afraid to make it worse... Can you confirm that bootrom must be flashed first for each revision? Thanks.

Offline

#20 2015-02-12 05:29:20

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

From the old 756 to the new code the bootrom has changed.  It doesn't change often but 756 is hundreds of commits behind.

Offline

#21 2015-02-12 05:39:40

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

It isn't usually changed often, but shouldn't hurt to flash it when in doubt.  If you keep up with github it is mentioned in an update if a bootrom change happened.

Offline

#22 2015-02-12 05:44:22

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

OK. Thanks! I just tried the fskparadoxdemod which is in bin 0.0.7 GUI but it does not seem to work. I only get the Help list (like if the command is not recognized). It may not be the latest version for that parameter...

Offline

#23 2015-02-12 05:47:26

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

data fskparadox
Should work

Offline

#24 2015-02-12 05:51:28

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Is it in the data menu?

Offline

#25 2015-02-12 05:55:27

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

data fskparadox is not in this version of GUI. I tried direct lf data fskparadox but that was not recognized either. I may have to wait for next version.

Offline

#26 2015-02-12 05:58:22

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Hmmm.  I thought I had that in before 0.0.7 was made...  I'll check tomorrow, when I'm at my pc

Offline

#27 2015-02-12 06:00:21

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Thanks!

Offline

#28 2015-02-12 06:10:38

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Are you using the GUI or the command line?

Offline

#29 2015-02-12 06:14:26

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

It appears the GUI has some issues with the settings.xml file.   At the top of the GUI window it should let you type a command in.  Try typing just data   and look through the list of commands.   It should be there.   I hope to get some time tomorrow to go through the settings.xml file to see what other errors exist

Offline

#30 2015-02-12 09:28:44

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Help Cloning Paradox 125khz Cards

I put the paradox demod under LF -> TAGs (I would like to separate specific cards/tags commands form generic commands and in the GUI I can do that wink ).
Anyway the command is "lf data fskparadoxdemod" (it can be not working in the 0.0.7, maybe I forgot to add "data" between lf and fskparadoxdemod).

I hope to get some time tomorrow to go through the settings.xml file to see what other errors exist

Great ! Please use this file to test, it is my latest with new lf and hf additions (this file is not fully compatible with 0.0.7 because some stuff was not yet implemented in that version). It only misses the very latest lf modifications (I updated it almost 2-3 days ago).

Last edited by asper (2015-02-12 10:05:18)

Offline

#31 2015-02-12 10:00:33

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Help Cloning Paradox 125khz Cards

or you download the latest source from GitHub and run the command prompt instead.

Offline

#32 2015-02-12 10:36:32

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

I was using the GUI but I also tried lf data fskparadox and lf data fskparadoxdemod from the command line (in DOS window) and that was not recognized.

Offline

#33 2015-02-12 10:44:32

iceman
Administrator
Registered: 2013-04-25
Posts: 9,497
Website

Re: Help Cloning Paradox 125khz Cards

"lf data fskparadoxdemod" ?? 

Usually its:

lf read
data samples
data fskparadoxdemod

Offline

#34 2015-02-12 15:40:24

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

I'm going to post a few changes needed to the settings.xml file in this post: http://www.proxmark.org/forum/viewtopic.php?id=2260

Offline

#35 2015-02-12 19:32:22

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

marshmellow wrote:

I'm going to post a few changes needed to the settings.xml file in this post: http://www.proxmark.org/forum/viewtopic.php?id=2260

Thanks for your work! Does the paradox command work on your Proxmark3? On mine the command is not recognized even when I use the proper command "lf data fskparadoxdemod" directly in line command mode... so I am wondering if it's not only the XML file which has some errors but the flashed code also as it does not recognize the command, at least with the 0.0.7 version I flashed. I am assuming that the flashed ode must match the commands set... The other commands I tries (HID and INDALA) work fine.

Offline

#36 2015-02-12 19:46:45

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

lf data fskparadoxdemod is not the proper command. 

It should be as iceman said
data fskparadoxdemod

But you need to do either an lf search or lf read - data samples first

Offline

#37 2015-02-12 19:56:38

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

I applied  all your corrections to the xml settings file... (should I upload the updated file?) and the tags Paradox command is now recognized. However, it does not start reading the paradox fob I tried. It just shows: proxmark3> data fskparadoxdemod and stops.

Offline

#38 2015-02-12 19:57:36

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Did you try a lf search?

Offline

#39 2015-02-12 20:06:20

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Yes, it says valid Paradox ID found

Offline

#40 2015-02-12 20:07:15

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Congrats

Offline

#41 2015-02-12 20:08:59

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

So, why is it not starting reading with the fskparadoxdemod command if it recognizes it as a proper Paradox? Anything I should do differently?

Last edited by Earman (2015-02-12 20:10:50)

Offline

#42 2015-02-12 20:10:00

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

When I try an HID or  INDALA it does start reading immediately...

Last edited by Earman (2015-02-12 20:10:26)

Offline

#43 2015-02-12 20:12:04

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

The "data" demod commands require (as we've said) two other commands to be sent before using them
lf read
data samples

Or else a data load... To load from a saved trace.
Without one of those there is no data to demod.

Offline

#44 2015-02-12 20:13:15

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

OK, I get it! Thanks a lot, sorry for asking stupid questions!!! I really appreciate the help you gave me. I hope I will learn fast! Thanks again.

Offline

#45 2015-02-12 20:13:56

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

If you got the lf search to demod it why are you still trying to demod it again?

Offline

#46 2015-02-12 20:17:37

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

I did not realize the search would give the tag id so easily and I thought I needed the fskparadoxdemod to get the full information... My bad!

Offline

#47 2015-02-12 20:19:24

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Now I am going to try writing one. Any keyword I should search for of this board?

Offline

#48 2015-02-12 20:20:54

Earman
Contributor
From: Vancouver, BC Canada
Registered: 2015-01-20
Posts: 45

Re: Help Cloning Paradox 125khz Cards

Have to go now, I'll continue  trying to learn this afternoon. Thanks again!

Offline

#49 2015-02-12 20:25:40

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Carl's post should give you an idea if you have an ata5577 http://www.proxmark.org/forum/viewtopic … 9379#p9379

Offline

#50 2015-02-12 20:26:54

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: Help Cloning Paradox 125khz Cards

Just have to split the 96 bit or 12 digit id over blocks 1-3

Offline

Board footer

Powered by FluxBB