Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
I've got a card that I'm having trouble cloning. It looks to me to be an HID H10301 format card, but when I clone it to a t5577 card it doesn't open the door. Both my proxmark3 easy and my white chinese hand held cloner think they have cloned it. I suspect that there is something that should be obvious that I've missed and would appreciate a shove in the right direction.
Hardware:
proxmark3> hw version
Prox/RFID mark3 RFID instrument
bootrom: master/v3.1.0-123-g5a446cb-suspect 2019-08-01 19:13:08
os: master/v3.1.0-123-g5a446cb-suspect 2019-08-01 19:13:11
fpga_lf.bit built for 2s30vq100 on 2015/03/06 at 07:38:04
fpga_hf.bit built for 2s30vq100 on 2019/03/20 at 08:08:07
SmartCard Slot: not available
uC: AT91SAM7S256 Rev D
Embedded Processor: ARM7TDMI
Nonvolatile Program Memory Size: 256K bytes. Used: 207212 bytes (79%). Free: 54932 bytes (21%).
Second Nonvolatile Program Memory Size: None
Internal SRAM Size: 64K bytes
Architecture Identifier: AT91SAM7Sxx Series
Nonvolatile Program Memory Type: Embedded Flash Memory
I verified that the card was only 125KHz with the "hw tune" command, and only saw a voltage drop on 125KHz when the original card was placed on either the lf or hf antenna.
I did an "lf read" and a "data save" command on both the original and the clone cards. The .pm3 files are:
original: https://drive.google.com/open?id=19hbJHRCopTR3rmjct6_uOJ6O06jUPUiY
clone: https://drive.google.com/open?id=107xkwlBWUmJJqp_TrNJx40lIPDXnM9dX
"lf search u" on the original card gives:
proxmark3> lf search u
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
HID Prox TAG ID: 200618341f
--------------------------------------------------
Format: H10301 (HID H10301 26-bit)
Facility Code: 12
Card Number: 6671
Parity: Valid
--------------------------------------------------
"lf search u" on the cloned card gives:
proxmark3> lf search u
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
HID Prox TAG ID: 200618341f
--------------------------------------------------
Format: H10301 (HID H10301 26-bit)
Facility Code: 12
Card Number: 6671
Parity: Valid
--------------------------------------------------
Valid HID Prox ID Found!
Valid T55xx Chip Found
Try lf t55xx ... commands
The number printed on the original card matches the Card Number (06671).
So that is what I know about the cards. Can someone please give me a point in the right direction on what to look for next?
Last edited by StanSimmons (2019-08-17 20:24:22)
An interesting note. The clone card will open the parking garage and the perimeter security doors, but not the room door.
I tore apart the door handle and found the problem with my cards...
These darn door readers are Magstripe only! So the parking garage and security perimeter are HID 10301 and the doors are Magstripe only. No wonder they were giving me fits.
They have non standard format code on track 3 only. I was able to do a raw copy and have functioning spare keys. I've ordered some t5577 cards with hi-co stripes so I don't have to have two cards for her door.
Sorry for bringing you guys down this rabbit hole!