Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

Pages: 1 2

#51 2015-07-20 04:48:28

Upgrade
Contributor
Registered: 2014-12-14
Posts: 36

Re: RadioKey ( Secura key) Tags ??

@Iceman, my apologies for the confusion.

I meant how to clone this tag.

Offline

#52 2016-10-21 04:38:36

phiber
Contributor
Registered: 2016-10-11
Posts: 37

Re: RadioKey ( Secura key) Tags ??

joe wrote:

Anyway,I just managed to clone it successfully, it works well.

Block 1 fxxxxxxx
Block 2 4xxxxxxx
Block 3 1xxxxxxx

Hi Joe,

mind sharing how you copied the secura successfully?
If not, can you mail me at phiber@hostcalls.com?

Offline

#53 2017-04-28 07:26:24

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

I'm trying to decode this key, but don't have the fob until the weekend so cant test or post the trace. 

proxmark3> lf search u
Reading 30000 bytes from device memory
          
Data fetched          
Samples @ 8 bits/smpl, decimation 1:1           
NOTE: some demods output possible binary
  if it finds something that looks like a tag          
False Positives ARE possible
        
Checking for known tags:          
No Known Tags Found!
Checking for Unknown tags:
          
Possible Auto Correlation of 2560 repeating samples          

Using Clock:40, Invert:0, Bits Found:513          
ASK/Manchester - Clock: 40 - Decoded bitstream:

0000000000000000
0000110100111011
1001011110001111
1111100000000000
0000000000000000
0000110100111011
1001011110001111
1111100000000000
0000000000000000
0000110100111011
1001011110001111
1111100000000000
0000000000000000
0000110100111011
1001011110001111
1111100000000000
0000000000000000
0000110100111011
1001011110001111
1111100000000000
0000000000000000
0000110100111011
1001011110001111
1111100000000000
0000000000000000
0000110100111011
1001011110001111
1111100000000000
0000000000000000
0000110100111011
1001011110001111
1111100000000000

Repeating Pattern
11111111100000000000000000000000
00000000110100111011100101111000

Block 0: 000C8060
Block 1: FF800000
Block 2: D3B978

Does that look correct?

Offline

#54 2017-04-28 10:40:19

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: RadioKey ( Secura key) Tags ??

well.. block two needs one more byte,  but the preamble looks familiar and so do the configblock.

Offline

#55 2017-04-28 12:49:46

marshmellow
Contributor
From: US
Registered: 2013-06-10
Posts: 2,302

Re: RadioKey ( Secura key) Tags ??

See http://www.proxmark.org/forum/viewtopic.php?id=4683 for what we know on this format.

Offline

#56 2017-05-04 21:47:01

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

Still working on this issue... though I'm even more confused now. I didn't get the same fob back but did get another one and it scans the same???

proxmark3> lf search u
Reading 30000 bytes from device memory
          
Data fetched          
Samples @ 8 bits/smpl, decimation 1:1           
NOTE: some demods output possible binary
  if it finds something that looks like a tag          
False Positives ARE possible
          
Checking for known tags:
         
No Known Tags Found!
          
Checking for Unknown tags:
          
Possible Auto Correlation of 2560 repeating samples          

Using Clock:40, Invert:0, Bits Found:513          
ASK/Manchester - Clock: 40 - Decoded bitstream:          
0000000000000000
0001111000010100
1010011001011111
1111000000000000
0000000000000000
0001111000010100
1010011001011111
1111000000000000
0000000000000000
0001111000010100
1010011001011111
1111000000000000
0000000000000000
0001111000010100
1010011001011111
1111000000000000
0000000000000000
0001111000010100
1010011001011111
1111000000000000
0000000000000000
0001111000010100
1010011001011111
1111000000000000
0000000000000000
0001111000010100
1010011001011111
1111000000000000
0000000000000000
0001111000010100
1010011001011111
1111000000000000
         
Unknown ASK Modulated and Manchester encoded Tag Found!

Same repeating pattern as the first fob.

Here is the trace of the second fob

https://pastebin.com/9DTQuaR5

number on the tag was - 1706562

Any tips on what I should try would be greatly appreciated.

Last edited by Charlie (2017-05-04 21:51:02)

Offline

#57 2017-05-04 22:05:07

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

marshmellow wrote:

See http://www.proxmark.org/forum/viewtopic.php?id=4683 for what we know on this format.

Hi Marshmellow,

I had read over the preample's but didn't quiet follow it as i didn't think mine matched, do I need to run a demod on it?

I really appreciate all the help!

Offline

#58 2017-05-05 00:00:39

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: RadioKey ( Secura key) Tags ??

Alow me to mix in here. @Chalie, I think you Securakey is not what the other have in previous posts. Also things in Secura are not 100% certain, so that is very good that you can bring not only data of one but 2 new keys.

Do you have access to the reader for testing too, Charlie?

Offline

#59 2017-05-05 04:05:15

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

Sorry, don't have access to the wall reader. You're correct, i believe they are a different style fob, these two were either a RKKT-01 or RKKT-02.  I think the ones in the earlier messages were the clam shell versions.

Last edited by Charlie (2017-05-10 20:57:23)

Offline

#60 2017-05-10 19:49:39

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

found my errors i believe...

The two signals after closer look were actually different(not sure how I missed that) and Block 0 should have been...

Block 0: 000C8040

Offline

#61 2017-05-10 20:56:44

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

ntk wrote:

Alow me to mix in here. @Chalie, I think you Securakey is not what the other have in previous posts. Also things in Secura are not 100% certain, so that is very good that you can bring not only data of one but 2 new keys.

Do you have access to the reader for testing too, Charlie?


I do have access to the reader now for testing

Offline

#62 2017-05-10 23:29:14

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: RadioKey ( Secura key) Tags ??

these should be all recognised by the reader as Secura keys. (reader blinks but not open for three C D E) but should open for your fob A and B)

fob A/
lf t55xx wr b 0 d 000C8040
lf t55xx wr b 1 d 1E14A65F
lf t55xx wr b 2 d F0000000

fob B/
lf t55xx wr b 0 d 000C8040
lf t55xx wr b 1 d D02884FF
lf t55xx wr b 2 d 80000000

fob C/
lf t55xx wr b 0 d 000C8060
lf t55xx wr b 1 d 1E14A65F
lf t55xx wr b 2 d F0000000
lf t55xx wr b 3 d 1E14A65F

fob D/
lf t55xx wr b 0 d 000C8060
lf t55xx wr b 1 d 1E14A65F
lf t55xx wr b 2 d F0000000
lf t55xx wr b 3 d 1E14A65F

Fob E/
lf t55xx wr b 0 d 000C8060
lf t55xx wr b 1 d FCB40000
lf t55xx wr b 2 d 01084003
lf t55xx wr b 3 d DA000007

Offline

#63 2017-05-11 05:31:20

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

Here are two more that work....

fob F/
lf t55xx wr b 0 d 000C8040
lf t55xx wr b 1 d FF800000
lf t55xx wr b 2 d 00D3B978

fob G/
lf t55xx wr b 0 d 000C8040
lf t55xx wr b 1 d FF800000
lf t55xx wr b 2 d 00F0A532

Last edited by Charlie (2017-05-11 05:31:41)

Offline

#64 2017-05-11 08:28:55

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: RadioKey ( Secura key) Tags ??

So that has proved there are 2 different types of secura. Would be good if you note down the fob number for later development.

the fob A is 1706562 (I use your trace.)

Offline

#65 2017-05-11 16:20:25

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

ntk wrote:

So that has proved there are 2 different types of secura. Would be good if you note down the fob number for later development.

the fob A is 1706562 (I use your trace.)

hmm. I had Fob G/ as fob # 1706562

Offline

#66 2017-05-11 16:24:20

ntk
Contributor
Registered: 2015-05-24
Posts: 701

Re: RadioKey ( Secura key) Tags ??

the offset could be different that why the HEX looks not the same,  use data print x o 1,2,3 etc you' ll see.

Offline

#67 2017-11-21 19:41:06

lockakey
Contributor
Registered: 2015-10-10
Posts: 22

Re: RadioKey ( Secura key) Tags ??

iceman wrote:

if you take these blocks (as a starting point in your repeating output

0000000000000011
0110010100000010
0001101111111110
0000000000000000

You'll get:

1790019 ( 0x1B5043 ) ( 110110101000001000011 )
-              110110   10100000   1000011
 00000000000000110110 0 10100000 0 1000011 0 1111111110 0000000000000000

So I hope this isn't a stupid question.
Is the physical card # printed on the fob present in the demod.

Ive successfully cloned them.
I get the blocks, on some of them I can even directly dump the data.
Im just trying to learn how to extract/convert the hex into the decimal physical card ID?

Offline

#68 2017-11-24 11:12:29

iceman
Administrator
Registered: 2013-04-25
Posts: 9,537
Website

Re: RadioKey ( Secura key) Tags ??

Your questions needs to be more specific and less guessing.   Or should I write that?

Offline

#69 2018-01-14 21:57:12

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

Have an issue with a fob...

0000000000000000
0000110110010001
0100110011101111
1111100000000000
0000000000000000
0000110110010001
0100110011101111
1111100000000000
0000000000000000
0000110110010001
0100110011101111
1111100000000000
0000000000000000
0000110110010001
0100110011101111
1111100000000000
0000000000000000
0000110110010001
0100110011101111
1111100000000000
0000000000000000
0000110110010001
0100110011101111
1111100000000000
0000000000000000
0000110110010001
0100110011101111
1111100000000000
0000000000000000
0000110110010001
0100110011101111
1111100000000000

lf t55xx wr b 0 d 000C8040
lf t55xx wr b 1 d FF800000
lf t55xx wr b 2 d 00D914CE

but when i program that lf search after i get...

proxmark3> lf sea u
NOTE: some demods output possible binary
  if it finds something that looks like a tag          
False Positives ARE possible
Checking for known tags:
No Known Tags Found!
Checking for Unknown tags:
Possible Auto Correlation of 2560 repeating samples          
Using Clock:40, Invert:0, Bits Found:513          
ASK/Manchester - Clock: 40 - Decoded bitstream:          
0000000000000000
0001101100100010
1001100111011111
1111000000000000
0000000000000000
0001101100100010
1001100111011111
1111000000000000
0000000000000000
0001101100100010
1001100111011111
1111000000000000
0000000000000000
0001101100100010
1001100111011111
1111000000000000
0000000000000000
0001101100100010
1001100111011111
1111000000000000
0000000000000000
0001101100100010
1001100111011111
1111000000000000
0000000000000000
0001101100100010
1001100111011111
1111000000000000
0000000000000000
0001101100100010
1001100111011111
1111000000000000

I know im just off by a bit but cant figure out how to adjust.

Any suggestions?

Offline

#70 2018-01-17 06:18:18

Charlie
Contributor
Registered: 2017-01-27
Posts: 129

Re: RadioKey ( Secura key) Tags ??

I'm an idiot.... disregard my last message

Offline

#71 2019-06-18 00:03:48

dygos2
Contributor
Registered: 2019-06-08
Posts: 6

Re: RadioKey ( Secura key) Tags ??

Does anybody got to clone RadioKey ?
I've copied page 0 blocks 0 to 3 and no luck.

Offline

Pages: 1 2

Board footer

Powered by FluxBB