Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
Hello,
I am just starting out playing with RFID and a Proxmark3 Easy I purchased recently. I figured making a backup of a simple HID access key I have would be a good first project, but I'm having a little trouble finding information on how to configure my target chip.
The source chip (the one I'm trying to make a backup of) is an HID 26-bit card. The target chip is an EM4305. I just purchased the EM4305, and I don't believe it has been password-protected, as I can dump all of the blocks without issue. I have heard that one of the great features of the 4x05 series is that it can be configured to behave like many other chips.
My questions are: where can I find information on how to configure the em4x05 to behave in different ways with proxmark and, specifically, how can it be configured to behave like my HID card when queried? I've done some searches on this forum and elsewhere and I haven't found a guide. Actually, I'm starting to see signs that the proxmark doesn't have commands set up yet to write/configure the 4x05. Is this the case, and should I try to find something like the T5577?
Thanks for any and all your input,
Mike F.
Here's the output from the em4305:
proxmark3> lf em 4x05dump
Got Address 00 | 00040072
Got Address 01 | 36DC130E
PWD Address 02 | cannot read
Got Address 03 | 00009A43
Got Address 04 | 0011805F
Got Address 05 | 2000E9FF
Got Address 06 | 23D9DDBD
Got Address 07 | 00000000
Got Address 08 | 00000000
Got Address 09 | 00000000
Got Address 10 | 00000000
Got Address 11 | 00000000
Got Address 12 | 00000000
Got Address 13 | 00000000
Lock Address 14 | 00008002
Lock Address 15 | 00000000Here's the output of my HID card (some of the numbers have been changed to protect the guilty innocent:
proxmark3> lf search
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
HID Prox TAG ID: 0006181B01
--------------------------------------------------
Format: H10301 (HID H10301 26-bit)
Facility Code: 12
Card Number: 3456
Parity: Valid
--------------------------------------------------
Valid HID Prox ID Found!Is there a better way to dump the HID than just a lf search?