Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1

#1 2017-03-29 09:03:51

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

t5577 problem

hi guys
I'm just wondering why my t5577 was not working at hid reader.
today I cloned hid prox 1346 fob key to t5577.
when I tried to use my t5577 at entrance reader, it didn't work....
but when I used it at elevator and parking lot, it worked well...

so I called an expert who is specialized clone key fob,  and he cloned hid key ...
it worked well...
what's the problem with my t5577??
so I tried to clone his key, I mean I wanted to rewrite his key but it couldn't rewrite...
did he use other key????

Please let me know about this issue if you know about it

Offline

#2 2017-03-29 09:18:11

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: t5577 problem

First check whether the card is a dual card. Meaning it has both low and high frequency chip.

Two. We need some information of your tags, the expert cloned tag and your cloned tag using your proxmark3.

Provide us these two pieces of information and we will try our best to help you with it.

Offline

#3 2017-03-29 09:48:00

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: t5577 problem

..and we would also need to know which firmware/client version you run on proxmark3,  the commands you used,  and the output from lf search afterwards you run the clone command.

Offline

#4 2017-03-29 19:00:50

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

I think the card is not dual card
It is not searched by high frequency antena

how can I get the information from expert cloned tag  ????

my cloned tag , I just bought my t5577 from ebay
http://www.ebay.ca/itm/321727917116?_trksid=p2057872.m2749.l2649&ssPageName=STRK%3AMEBIDX%3AIT



1. This is  my proxmark3 version

proxmark3> hw ver
[[[ Cached information ]]]

Prox/RFID mark3 RFID instrument
bootrom: master/v2.3 2016-09-19 20:28:38
os: master/v2.3 2016-09-19 20:28:38
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at  9: 8: 8

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 183707 bytes (35%). Free: 340581 bytes (65%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory

proxmark3>





2.this is expert cloned tag information



proxmark3> lf search u
#db# DownloadFPGA(len: 42096)
Reading 30000 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:

HID Prox TAG ID: 2006c8641e (12815) - Format Len: 26bit - FC: 100 - Card: 12815

Valid HID Prox ID Found!



3. this is my commands I used cloned



proxmark3> lf search
Reading 30000 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:

HID Prox TAG ID: 2006c8641e (12815) - Format Len: 26bit - FC: 100 - Card: 12815

Valid HID Prox ID Found!
proxmark3> lf hid fsk 1
#db# TAG ID: 2006c8641e (12815) - Format Len: 26bit - FC: 100 - Card: 12815
proxmark3> lf search u
Reading 30000 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:

HID Prox TAG ID: 2006c8641e (12815) - Format Len: 26bit - FC: 100 - Card: 12815

Valid HID Prox ID Found!
proxmark3> lf hid fsk 1
#db# TAG ID: 2006c8641e (12815) - Format Len: 26bit - FC: 100 - Card: 12815
proxmark3> lf hid clone 2006c8641e
Cloning tag with ID 2006c8641e
#db# DONE!
proxmark3> lf search u
Reading 30000 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
NOTE: some demods output possible binary
  if it finds something that looks like a tag
False Positives ARE possible


Checking for known tags:

HID Prox TAG ID: 2006c8641e (12815) - Format Len: 26bit - FC: 100 - Card: 12815

Valid HID Prox ID Found!
proxmark3>

Last edited by Ssany (2017-03-29 19:06:01)

Offline

#5 2017-03-29 19:29:36

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: t5577 problem

Your t5577 clone is good.  Its detected and the same values as original is showing.

Question is why your t5577 doesnt work on reader?

Offline

#6 2017-03-29 19:38:05

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

Can you also post the output of the following commands on the clone and original (or other working clone): 

lf read
data samples
data rawdemod fs

Offline

#7 2017-03-30 04:10:23

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: t5577 problem

I have this case of reader being faulty and not able to read the tags. If we use the cards version for 5577, it will work.

I do not know whether this is the problem. normally it should work as shown in your data.

Offline

#8 2017-03-30 05:12:06

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

@dot.com So just to confirm, you had a keyfob clone that was unable to be read a reader but a card clone could be read?

That is a valid possibility.  Some keyfobs are very weak and if the reader isn't designed for that it might not pick it up.

@ssany what kind of t5577 tag do you have, card or keyfob?

Offline

#9 2017-03-30 05:35:41

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

I hava a keyfob, not card
it is not working only enterance reader.
it is working well the elevator and parking lot reader.

expert also cloned keyfob...
but his fobkey is working well

Offline

#10 2017-03-30 05:38:50

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

Are the keyfobs physically different in any way?  And can you perform the test in post 6

Offline

#11 2017-03-30 05:40:25

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

it looks same....it looks like same keyfob


1.this is expert clone keyfob

proxmark3> lf read
#db# LF Sampling config:
#db#   [q] divisor:           95
#db#   [b] bps:               8
#db#   [d] decimation:        1
#db#   [a] averaging:         1
#db#   [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: 2b 11 39 8d b6 c9 c3 a4 ...
proxmark3> data samples
Reading 39999 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> data rawdemod fs

Using Clock:1, invert:0, fchigh:10, fclow:8
FSK2 decoded bitstream:
1000101010101010
1001101010101010
1010101001011001
0110100110101010
0101101001101010
1010010101011011
1000101010101010
1001101010101010
1010101001011001
0110100110101010
0101101001101010
1010010101011011
1000101010101010
1001101010101010
1010101001011001
0110100110101010
0101101001101010
1010010101011011
1000101010101010
1001101010101010
1010101001011001
0110100110101010
0101101001101010
1010010101011011
1000101010101010
1001101010101010
1010101001011001
0110100110101010
0101101001101010
1010010101011011
1000101010101010
1001101010101010


2.this is my clone fob key that doesn't read

proxmark3> lf read
#db# LF Sampling config:
#db#   [q] divisor:           95
#db#   [b] bps:               8
#db#   [d] decimation:        1
#db#   [a] averaging:         1
#db#   [t] trigger threshold: 0
#db# Done, saved 40000 out of 40000 seen samples at 8 bits/sample
#db# buffer samples: c3 d0 b4 80 57 34 1e 7a ...
proxmark3> data samples
Reading 39999 bytes from device memory

Data fetched
Samples @ 8 bits/smpl, decimation 1:1
proxmark3> data rawdemod fs

Using Clock:50, invert:0, fchigh:10, fclow:8
FSK2 decoded bitstream:
0101010101010010
1100101101001101
0101001011010011
0101010100101010
1101110001010101
0101010011010101
0101010101010010
1100101101001101
0101001011010011
0101010100101010
1101110001010101
0101010011010101
0101010101010010
1100101101001101
0101001011010011
0101010100101010
1101110001010101
0101010011010101
0101010101010010
1100101101001101
0101001011010011
0101010100101010
1101110001010101
0101010011010101
0101010101010010
1100101101001101
0101001011010011
0101010100101010
1101110001010101
0101010011010101
0101010101010010
1100101101001101

Last edited by Ssany (2017-03-30 05:41:30)

Offline

#12 2017-03-30 05:44:14

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

Thx.  I'll look closely at those in the morning.  One more test if you could.

Post the output of
lf t55xx detect
For both tags.

Offline

#13 2017-03-30 05:55:14

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

this is expert keyfob

proxmark3> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'
proxmark3> lf t55xx config
Chip Type  : T55x7
Modulation : FSK2a
Bit Rate   : 4 - RF/50
Inverted   : Yes
Offset     : 31
Seq. Term. : No
Block0     : 0x00107060

proxmark3> lf t55xx detect
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

this is my fobkey which doesn't read

proxmark3> lf t55xx detect
Chip Type  : T55x7
Modulation : FSK2a
Bit Rate   : 4 - RF/50
Inverted   : Yes
Offset     : 31
Seq. Term. : No
Block0     : 0x00107060

Offline

#14 2017-03-30 05:55:55

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

Ok so the bit stream is definitely identical.  So we are left with two options:
The reader verifies something else on the card, or the keyfob is too weak for that reader.

If you plot both tags read the same way what is the min and max values in the graph?

Offline

#15 2017-03-30 06:00:24

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

Ssany wrote:

this is expert keyfob

proxmark3> lf t55xx detect
Could not detect modulation automatically. Try setting it manually

Interesting.  So his keyfob is either password protected or not a t5577

Offline

#16 2017-03-30 06:13:58

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

plot? sorry I don't understand what you mean

when I command lf search u to my keyfob,
max=86 min=108 n=561/30000

when I command lf search u to expery key fob,
max=83 min=112 n=561/30000

Last edited by Ssany (2017-03-30 06:18:25)

Offline

#17 2017-03-30 06:17:41

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

@marshmellow yes before he cloned the keyfob, he used strange machine andthen he used proxmark3

Offline

#18 2017-03-30 06:19:06

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: t5577 problem

marshmellow wrote:

@dot.com So just to confirm, you had a keyfob clone that was unable to be read a reader but a card clone could be read?

That is a valid possibility.  Some keyfobs are very weak and if the reader isn't designed for that it might not pick it up.

@ssany what kind of t5577 tag do you have, card or keyfob?


yes i had it before. Reader too weak for keyfobs. Only happen to me twice in my entire career as a card cloning person. smile

Hmm. it is kind of weird why yours didn't work and he did.

Offline

#19 2017-03-30 06:21:09

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: t5577 problem

It's that AWID tags data ?

I might be wrong. Can someone confirm it ?

Offline

#20 2017-03-30 06:30:02

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

@Dot.Com no it is hid tags data

Offline

#21 2017-03-30 09:54:42

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

@marshmellow when I asked expert what kind of fobkey you use to clone , he said em 4...05???. I'm not sure what he said. He used strange machine to his fob key before using proxmark3. . After using the machine he used proxmark3

Offline

#22 2017-03-30 11:19:19

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: t5577 problem

blue gun like machine ? White colour machine ?

Valid HID Prox ID Found!
pm3 --> lf t55 detect
Chip Type  : T55x7
Modulation : FSK2a
Bit Rate   : 4 - RF/50
Inverted   : Yes
Offset     : 30
Seq. Term. : No
Block0     : 0x00107060

4305 or 5577 should work the same for these cards.

He was probably testing the card with the stranger device to see which kind it is.

Offline

#23 2017-03-30 17:58:56

Ssany
Contributor
Registered: 2017-03-29
Posts: 13

Re: t5577 problem

@Dot.com I couldn't see what machine he used.  When he used the machine, he hide it into his bag. So I didn't see..... Is it possible to clone hid fobkey to  em 4305 by using proxmark3 ??
but I guess he maybe used blue gun machine

Last edited by Ssany (2017-03-30 22:01:45)

Offline

#24 2017-03-31 00:10:12

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

The latest github version of pm3 software can detect em4x05 chips even if they are pwd protected.

Offline

#25 2017-03-31 00:13:05

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: t5577 problem

If it is an em4x05, they can be a little stronger than t55x7s, and it might explain the difference.

Offline

#26 2017-03-31 15:03:49

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: t5577 problem

The blue gun machine sets a password when used on your tag.  Look at defaults_pwd.dic at the top for two known pwd set by blue gun.

Offline

Pages: 1

Board footer

Powered by FluxBB