Proxmark3 developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2019-07-24 22:58:53

batman192
Contributor
Registered: 2019-07-16
Posts: 12

Tinkering with AWID- any ideas appreciated

Hi all,

I've got a key fob that returns the following with "lf search" (This is a Proxmark3 RDV2 with Iceman's fork):

Checking for known tags:
AWID Found - BitLength: 37, FC: 2593, Card: 172082 - Wiegand: 510d4065f, Raw: 012244841db11727e1111111          
          
[+] Valid AWID ID Found!
          

Valid T55xx Chip Found
Try `lf t55xx` commands

Theoretically, if  I run the "lf awid clone" command with the proper parameters (37 2593 172082), this would/could be cloned onto other t55xx cards.

However, after carrying out the experiment, the new card returns the following:

AWID Found - BitLength: 37, FC: 2593, Card: 172082 - Wiegand: 1510d40640, Raw: 012274841db1172111111111          
          
[+] Valid AWID ID Found!
          

Valid T55xx Chip Found
Try `lf t55xx` commands

         
Everything is right except that damn Wiegand and trailing binary.

HOWEVER, I've been successful with cloning the fob, I just had to run "lf t55xx dump" and then manually write each block to the t55xx card.

I'm hoping someone here can assist with cloning an AWID with just a Bit Length, Facility Code, and Card Number.

Any ideas, friends?

Last edited by batman192 (2019-07-25 13:56:20)

Offline

#2 2019-08-12 21:57:42

batman192
Contributor
Registered: 2019-07-16
Posts: 12

Re: Tinkering with AWID- any ideas appreciated

Okay, I'm back from DEF CON with an answer!

I spoke to someone incredibly knowledgeable on Proxmark and RFID hacking, and got my answer.

Short answer: We aren't there yet in terms of RFID research in terms of being able to clone an AWID with an identical Wiegand value from just a simple touch with the proxmark, UNLESS we do one of two things:

1. Dump the contents of the entire card in raw data as I did above and write it to a blank T55xx card (Requires either continous access to a badge or a long-distance LF antenna, which is in the works for mass distribution)
2. Obtain an AWID reader and understand/decode the signal sent to the reader from the key fob/badge and compare it to the Proxmark. The reader in this case is a CanProx reader by Cansec (https://www.cansec.com/products/access- … x-one.html). If anyone has one (or would like to donate one as I'm not sure how to go about purchasing a single reader) please don't hesitate to reach out.

Last edited by batman192 (2019-08-12 21:58:37)

Offline

Board footer

Powered by FluxBB