Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2022-07-06 06:10:47
- snagpole
- Contributor
- Registered: 2022-07-06
- Posts: 3
Attempting to clone ioProx card to EM4305
Hey guys! Still very new to the community, trying to use my ProxMark3 to clone my apartment’s ioProx keyfob to my shiny new key organizer, which has an EM4305 chip built-in. I think i’m roughly halfway there, but completely out of my depth.
I’ve started by running lf io clone --vn x --fc xx --cn xxxxx --em. This gives a successful output, but when running lf search it doesn’t detect anything. I know that when cloning this fob to a T55xx series card, the blank card has to be formatted first by running lf t55xx write -b 0 -d 00147040
I’ve tried running lf em 4x05 write -a 0 -d 00147040 as my caveman-brain translation to the EM format, but it still isn’t being detected as a valid ioprox card on lf search.
What confuses me more is when running lf em 4x05 info it outputs
[=] ConfigWord: 0001825F ( IOPROX )
[=] Data Rate: 31 | RF/64
[=] Encoder: 9 | FSK2
[=] LastWordR: 06 | Address of last word for default read - meaning 2 blocks are output
[=] ReadLogin: 0 | Read login is not required
[=] WriteLogin: 0 | Write login is not required
[=] Disable: 0 | Disable command is not accepted
[=] R.T.F.: 0 | Reader talk first is disabled
Which makes it seem like it should be configured as an IOPROX card? based off of the configword
Further more, comparing the config of my ioprox and E4305 chip, I noticed that the Data rate is set to RF/64 on my target card, and RF/8 on my ioprox.
I can see that the data rate is set by the config word in address 4, but I can’t for the life of me figure out what I need to change that address 4 text to in order to change the data rate and/or FSK version.
Currently address 4 reads as: 0001825F
It’s also entirely possible that i’m completely offtrack, and missing something simple somewhere. Any help or assistance with this would be greatly appreciated!
Offline
#2 2022-07-06 19:40:12
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Attempting to clone ioProx card to EM4305
don't count that the "--em" parameter / em4305 cloning works well. Its quite unfinished.
I recommend you use the standard T5577 tags instead
Offline
#3 2022-07-06 22:24:28
- snagpole
- Contributor
- Registered: 2022-07-06
- Posts: 3
Re: Attempting to clone ioProx card to EM4305
That's disheartening. I would love to use a T5577, but i'm trying to clone to a product that has an EM4305 built in. I think i've narrowed down the issue to an incorrect Data Rate and encoding version, but can't for the life of me figure out how to change theme on the EM4305.
Offline
#4 2022-07-07 15:39:52
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Attempting to clone ioProx card to EM4305
if you have a read in the em4305 datasheet it should be pretty clear to you.
Offline