[SOLVED] Help to identify tag from gallagher.co

trazodone · 2018-07-11 10:04:56

Hello,

I have tag that cannot found using command both "lf search" and "hf search"
This tag was issued by gallagher.co you can see pictures below

FluxBB bbcode test

Does anyone familiar with this kind of tag?

Thanks

Last edited by trazodone (2018-08-11 15:51:40)

marshmellow · 2018-07-11 12:53:48

You can use the hw tune cmd to see which antenna the tag draws power from. (Narrow down which frequency)

And we can go from there

trazodone · 2018-07-11 17:31:58

Thanks for replied. Below picture captured from hw tune command

FluxBB bbcode test

And here is the reader of this tag

FluxBB bbcode test

I use Chinese handheld machine reading tag and found it is 125kHz

marshmellow · 2018-07-11 17:35:40

You did not use hw tune properly to test the frequency.

Did you try 'lf search u'

trazodone · 2018-07-11 17:41:09

lf search u

==============
pm3 --> lf search u
NOTE: some demods output possible binary
if it finds something that looks like a tag

False Positives ARE possible

Checking for known tags:

Signal looks just like noise. Looking for Hitag signal now.
#db# Starting Hitag reader family
#db# Error, unknown function: 26
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
timeout while waiting for reply.
#db# unknown command:: 0x0225
Waiting for a response from the proxmark...
You can cancel this operation by pressing the pm3 button
command execution time out
pm3 -->
==============

I put tag on PM3 antenna then run command hw tune. Is is not correct?

marshmellow · 2018-07-11 17:44:03

I see you are using icemans build. I suggest testing the official repo's latest firmware.

trazodone · 2018-07-11 18:13:35

One moment

Last edited by trazodone (2018-07-11 18:32:05)

trazodone · 2018-07-11 18:25:41

Prox/RFID mark3 RFID instrument
bootrom: master/v3.0.1-378-g577b1c2-suspect 2018-07-09 08:02:01
os: master/v3.0.1-378-g577b1c2-suspect 2018-07-09 08:02:05
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2017/10/27 at 08:30:59

uC: AT91SAM7S512 Rev B
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 512K bytes. Used: 199763 bytes (38%). Free: 324525 bytes (62%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
proxmark3> ls search u
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

No Known Tags Found!

Checking for Unknown tags:

Possible Auto Correlation of 1 repeating samples

Using Clock:32, Invert:0, Bits Found:937
ASK/Manchester - Clock: 32 - Decoded bitstream:
0000011111111110
1010101000110000
1110101001110010
1001100110100011
0100000010101000
1100011100010010
0000011111111110
1010101000110000
1110101001110010
1001100110100011
0100000010101000
1100011100010010
0000011111111110
1010101000110000
1110101001110010
1001100110100011
0100000010101000
1100011100010010
0000011111111110
1010101000110000
1110101001110010
1001100110100011
0100000010101000
1100011100010010
0000011111111110
1010101000110000
1110101001110010
1001100110100011
0100000010101000
1100011100010010
0000011111111110
1010101000110000

Unknown ASK Modulated and Manchester encoded Tag Found!

if it does not look right it could instead be ASK/Biphase - try 'data rawdemod ab'
proxmark3>

===========================

Look better

trazodone · 2018-07-12 07:04:03

Someone please help to suggest what should I do next because I have to return this card by tomorrow.
Thanks in advance.

Sentinel · 2018-07-12 08:03:47

hi trazodone!

00000111 11111110 10101010 00110000 11101010 01110010 10011001 10100011 01000000 10101000 11000111 00010010

Try this
0x00088060
0x07FEAA30
0xEA7299A3
0x40A8C712

trazodone · 2018-07-12 08:30:46

Sentinel wrote:

hi trazodone!
00000111 11111110 10101010 00110000 11101010 01110010 10011001 10100011 01000000 10101000 11000111 00010010
Try this
0x00088060
0x07FEAA30
0xEA7299A3
0x40A8C712

@Sentinel Sorry I don't understand how to try what you mentioned. Will you please suggest?
Thanks

trazodone · 2018-07-12 11:14:21

At least I need to dump raw data from this card So once card returned I can go on for further analysis.
Thanks

trazodone · 2018-07-12 14:03:26

seems it is T55XX

trazodone · 2018-07-12 14:27:27

I tried to write block 1 data (0x7FEAA30E) to blank T5577 card but block 1 data did not changed. What should I do?

proxmark3> lf t5 write b 1 d 7FEAA30E p 00000000
Writing page 0 block: 01 data: 0x7FEAA30E pwd: 0x00000000
proxmark3> lf t5 read b 1
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
1 | 00050004 | 00000000000001010000000000000100
proxmark3>

trazodone · 2018-07-20 18:23:30

Anybody help please

Danz · 2018-07-21 11:09:57

Block 0 is written yet ? Try to write blk 0 with 00088060 after success do blk 1.

Last edited by Danz (2018-07-21 11:11:25)

trazodone · 2018-07-30 18:50:30

Sentinel wrote:

hi trazodone!
00000111 11111110 10101010 00110000 11101010 01110010 10011001 10100011 01000000 10101000 11000111 00010010
Try this
0x00088060
0x07FEAA30
0xEA7299A3
0x40A8C712

proxmark3> lf t5 write b 0 d 00088060
Writing page 0 block: 00 data: 0x00088060
proxmark3> lf t5 write b 1 d 07FEAA30
Writing page 0 block: 01 data: 0x07FEAA30
proxmark3> lf t5 write b 2 d EA7299A3
Writing page 0 block: 02 data: 0xEA7299A3
proxmark3> lf t5 write b 3 d 40A8C712
Writing page 0 block: 03 data: 0x40A8C712
proxmark3> lf search u
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

No Known Tags Found!

Checking for Unknown tags:

Possible Auto Correlation of 1 repeating samples

Using Clock:32, Invert:0, Bits Found:513
ASK/Manchester - Clock: 32 - Decoded bitstream:
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001

I have got

0x903FF551
0x875394CD
0x1A054638

Which is different from original data

0x07FEAA30
0xEA7299A3
0x40A8C712

I don't think clone data will work. Correct me please if I was wrong.

Thanks

trazodone · 2018-07-30 19:22:54

Hello,

After trying to write many time I have got the same data

proxmark3> lf t5 dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 00088060 | 00000000000010001000000001100000
1 | 07FEAA30 | 00000111111111101010101000110000
2 | EA7299A3 | 11101010011100101001100110100011
3 | 40A8C712 | 01000000101010001100011100010010
4 | FFFFFFFF | 11111111111111111111111111111111
5 | FFFFFFFF | 11111111111111111111111111111111
6 | FFFFFFFF | 11111111111111111111111111111111
7 | FFFFFFFF | 11111111111111111111111111111111
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
0 | 00088060 | 00000000000010001000000001100000
1 | E03900D0 | 11100000001110010000000011010000
2 | 28727B61 | 00101000011100100111101101100001
3 | 00A00003 | 00000000101000000000000000000011
proxmark3>

I don't know why data writing to tag is inconsistency.

trazodone · 2018-07-30 19:27:31

This data from lf search u command

proxmark3> lf search u
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible

Checking for known tags:

No Known Tags Found!

Checking for Unknown tags:

Possible Auto Correlation of 3072 repeating samples

Using Clock:32, Invert:0, Bits Found:513
ASK/Manchester - Clock: 32 - Decoded bitstream:
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001
1000011101010011
1001010011001101
0001101000000101
0100011000111000
1001000000111111
1111010101010001

trazodone · 2018-08-11 15:50:33

Hello,

I could clone this card successfully. Thank you for everyone to help this work success.
@Danz Thanks so much to trig me how to write on sector 0 first.
@Sentinel Thanks for exact solution that I did not understand at first.
@Marshmellow I ask me to flash new FW.

iceman · 2018-08-11 16:04:44

Maybe a short write-up, which will shine some light for ppl who find this thread ?

trazodone · 2018-08-11 16:33:09

OK let me describe of this case.

I have got this card from my friend. Using PM3 LF and HF search is not possible to detect card. I used flashlight to see through card's antenna and it is LF. Regarding the replies in this topic I upgrade firmware to the latest official version. Then I use command "lf search u" and I can get some raw dump data from card. Next I assumed this card is possible to be T55XX then I was looking to the way I can clone block data by searching the forum and I have got answer from this topic again by using command as following

lf t5 de #to detect T55xx card first, without which you cannot see anything next command
lf t5 config
proxmark3> lf t5 write b 0 d 00088060
Writing page 0 block: 00 data: 0x00088060
proxmark3> lf t5 write b 1 d 07FEAA30
Writing page 0 block: 01 data: 0x07FEAA30
proxmark3> lf t5 write b 2 d EA7299A3
Writing page 0 block: 02 data: 0xEA7299A3
proxmark3> lf t5 write b 3 d 40A8C712
Writing page 0 block: 03 data: 0x40A8C712

when you tried to command "lf t5 du" you will see dump data which is difference from the original card's dump data.
*** I still don't know why

BTW this case work after trying to punch this card to its reader.

Last edited by trazodone (2018-08-11 16:34:34)

Proxmark3 community

Announcement

#1 2018-07-11 10:04:56

[SOLVED] Help to identify tag from gallagher.co

#2 2018-07-11 12:53:48

Re: [SOLVED] Help to identify tag from gallagher.co

#3 2018-07-11 17:31:58

Re: [SOLVED] Help to identify tag from gallagher.co

#4 2018-07-11 17:35:40

Re: [SOLVED] Help to identify tag from gallagher.co

#5 2018-07-11 17:41:09

Re: [SOLVED] Help to identify tag from gallagher.co

#6 2018-07-11 17:44:03

Re: [SOLVED] Help to identify tag from gallagher.co

#7 2018-07-11 18:13:35

Re: [SOLVED] Help to identify tag from gallagher.co

#8 2018-07-11 18:25:41

Re: [SOLVED] Help to identify tag from gallagher.co

#9 2018-07-12 07:04:03

Re: [SOLVED] Help to identify tag from gallagher.co

#10 2018-07-12 08:03:47

Re: [SOLVED] Help to identify tag from gallagher.co

#11 2018-07-12 08:30:46

Re: [SOLVED] Help to identify tag from gallagher.co

#12 2018-07-12 11:14:21

Re: [SOLVED] Help to identify tag from gallagher.co

#13 2018-07-12 14:03:26

Re: [SOLVED] Help to identify tag from gallagher.co

#14 2018-07-12 14:27:27

Re: [SOLVED] Help to identify tag from gallagher.co

#15 2018-07-20 18:23:30

Re: [SOLVED] Help to identify tag from gallagher.co

#16 2018-07-21 11:09:57

Re: [SOLVED] Help to identify tag from gallagher.co

#17 2018-07-30 18:50:30

Re: [SOLVED] Help to identify tag from gallagher.co

#18 2018-07-30 19:22:54

Re: [SOLVED] Help to identify tag from gallagher.co

#19 2018-07-30 19:27:31

Re: [SOLVED] Help to identify tag from gallagher.co

#20 2018-08-11 15:50:33

Re: [SOLVED] Help to identify tag from gallagher.co

#21 2018-08-11 16:04:44

Re: [SOLVED] Help to identify tag from gallagher.co

#22 2018-08-11 16:33:09

Re: [SOLVED] Help to identify tag from gallagher.co

Board footer