Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
- Logged in as ikarus
- Last visit: Today 11:22:42
- Topics: Posted | New | Active | Unanswered
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Pages: 1
#1 2015-05-28 11:07:10
Re-formating of T55x7 Card.
I have successfully clone a HID card to a T55x7. Is it possible to "re-format" the cloned T55x7 card because I want to make use of that T55x7 card to clone a EM410x card. Since the 2 cards are using different kind of modulation techniques, is this possible?
Is there a command or script being written that can perform the above mentioned?
#2 2015-05-28 12:25:23
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: Re-formating of T55x7 Card.
Just send new write commands to it. No need to wipe it.
#4 2015-12-30 13:01:39
- broken_bad
- Contributor
- From: EU
- Registered: 2015-04-07
- Posts: 25
Re: Re-formating of T55x7 Card.
I have three cards that are somewhat broken - they don't react to any read or write command, the only thing I can do is to read Traceability block (64 bits in page 1) - data are correct and all parities are good. Any ideas how to make those cards working again? Even if I try to write factory-defaults to block 0 it doesn't wake up. Every command ends up with no data:
lf t55xx read b 0
These are Q5Bs, maybe not 100% compatible to T55xx, but I still don't get the fact it can be broken like this by writing (any) specific configuration.
#5 2015-12-30 17:06:04
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: Re-formating of T55x7 Card.
if you wrote an invalid block 0 then it is possible you permanently locked it, and no fix is possible. (lock bit set) (or sent a read command with password when the tag wasn't configured with a password....)
that seems to be the case if you cannot overwrite it.
#6 2015-12-31 08:50:45
- broken_bad
- Contributor
- From: EU
- Registered: 2015-04-07
- Posts: 25
Re: Re-formating of T55x7 Card.
Actually I am pretty sure what has done that. I have activated only Page select bit. Everything else corresponds to card's factory defaults. I am using Q5S, so the config word that destroyed the card was definitely 60 09 F0 04 (at least this is what was meant to be sent, I didn't scan the RF communication which could differ).
Writing factory defaults (60 01 F0 04) didn't have any effect.
Last edited by broken_bad (2015-12-31 19:43:24)
#10 2016-01-06 21:17:04
- broken_bad
- Contributor
- From: EU
- Registered: 2015-04-07
- Posts: 25
Re: Re-formating of T55x7 Card.
Yes, it did the trick! My Q5Bs are back!
lf t55xx wr b 0 d 00148040 p 00000000
#11 2016-01-06 21:22:24
- broken_bad
- Contributor
- From: EU
- Registered: 2015-04-07
- Posts: 25
Re: Re-formating of T55x7 Card.
Not sure what the page select mode is, but we only use blockread in the source code.
Q5B specification:
The data rate is binary programmable to operate
at any bit rate between RF/2 and RF/128. If
the “page select” bit is set, the data encoding
and bit rate is fixed to Manchester RF/64
#14 2016-01-07 03:34:10
- marshmellow
- Contributor
- From: US
- Registered: 2013-06-10
- Posts: 2,302
Re: Re-formating of T55x7 Card.
if writing your block 0 to 00148040 worked then your tag is not a Q5, but a T55x7.