Proxmark3 community
Research, development and trades concerning the powerful Proxmark3 device.
Remember; sharing is caring. Bring something back to the community.
"Learn the tools of the trade the hard way." +Fravia
You are not logged in.
Announcement
Time changes and with it the technology
Proxmark3 @ discord
Users of this forum, please be aware that information stored on this site is not private.
#1 2018-03-06 18:27:57
- homer2320776
- Contributor
- Registered: 2018-01-30
- Posts: 7
Trying to 'clone' xceedID 37-bit to T55x7.
Hello,
I've been able to use the Proxmark to clone tags that I physically have access to with no issues. We have an employee who lost her fob and I've been trying to write her credentials to a T55x7. I don't have a dump of her card but I was able to determine what the tag ID should have been by reading through some spares.
All of the spares that I read I can clone perfectly to the T55 fobs, but when I try to "guess" her info, it won't work.
Any advise?
Offline
#2 2018-03-06 18:45:42
- iceman
- Administrator
- Registered: 2013-04-25
- Posts: 9,537
- Website
Re: Trying to 'clone' xceedID 37-bit to T55x7.
Too broad question. If possible specify details like how you convert xceedID 37b FC/CN to hex, and how you built the t55x7 blocks needed. Then we can look at the sought after credential and see where it went wrong.
Offline
#3 2018-03-06 19:31:48
- homer2320776
- Contributor
- Registered: 2018-01-30
- Posts: 7
Re: Trying to 'clone' xceedID 37-bit to T55x7.
When I did a search on my fob, it showed:
HID Prox TAG ID: 054693527 (39571) - Format Len: 37bit - FC: 1350 - Card: 301715Detecting and Dumping my fob shows:
proxmark3> lf t55 det
Chip Type : T55x7
Modulation : FSK2a
Bit Rate : 4 - RF/50
Inverted : Yes
Offset : 32
Seq. Term. : No
Block0 : 0x60107C60
proxmark3> lf t55 dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 60107C60 | 01100000000100000111110001100000
1 | 1D555555 | 00011101010101010101010101010101
2 | 66656996 | 01100110011001010110100110010110
3 | 5A66596A | 01011010011001100101100101101010
4 | 00000000 | 00000000000000000000000000000000
5 | 00000000 | 00000000000000000000000000000000
6 | 00000000 | 00000000000000000000000000000000
7 | 00000000 | 00000000000000000000000000000000
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
0 | 60107C60 | 01100000000100000111110001100000
1 | C02A1499 | 11000000001010100001010010011001
2 | 991B238F | 10011001000110110010001110001111
3 | 00000000 | 00000000000000000000000000000000Cloning my fob to a T55x7, detect & dump:
proxmark3> lf hid clone 054693527
Cloning tag with ID 054693527
#db# DONE!
proxmark3> lf t55 det
Chip Type : T55x7
Modulation : FSK2a
Bit Rate : 4 - RF/50
Inverted : Yes
Offset : 32
Seq. Term. : No
Block0 : 0x00107060
proxmark3> lf t55 dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 00107060 | 00000000000100000111000001100000
1 | 1D555555 | 00011101010101010101010101010101
2 | 66656996 | 01100110011001010110100110010110
3 | 5A66596A | 01011010011001100101100101101010
4 | 00000000 | 00000000000000000000000000000000
5 | 00000000 | 00000000000000000000000000000000
6 | 00000000 | 00000000000000000000000000000000
7 | 00000000 | 00000000000000000000000000000000
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
0 | 00107060 | 00000000000100000111000001100000
1 | C02A14DB | 11000000001010100001010011011011
2 | 173081EC | 00010111001100001000000111101100
3 | 00000000 | 00000000000000000000000000000000
proxmark3> lf search
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
HID Prox TAG ID: 054693527 (39571) - Format Len: 37bit - FC: 1350 - Card: 301715
Valid HID Prox ID Found!
Valid T55xx Chip Found
Try lf t55xx ... commandsThis cloned card works perfectly on every system I try, the same cannot be said for my attempted clone of the missing fob.
I know that her fob number is 301755
I started counting up from my TAG ID and got to 054693576 , which when I did an:
proxmark3> lf hid clone 054693576
Cloning tag with ID 054693576
#db# DONE!
proxmark3> lf search
NOTE: some demods output possible binary
if it finds something that looks like a tag
False Positives ARE possible
Checking for known tags:
HID Prox TAG ID: 054693576 (39611) - Format Len: 37bit - FC: 1350 - Card: 301755
Valid HID Prox ID Found!
Valid T55xx Chip Found
Try lf t55xx ... commandsThis fob as it is show an invalid card format on the readers I try to use it on.
Here is the dump of the cloned card that does not work:
proxmark3> lf t55 dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | 00107060 | 00000000000100000111000001100000
1 | 1D555555 | 00011101010101010101010101010101
2 | 66656996 | 01100110011001010110100110010110
3 | 5A666A69 | 01011010011001100110101001101001
4 | 00000000 | 00000000000000000000000000000000
5 | 00000000 | 00000000000000000000000000000000
6 | 00000000 | 00000000000000000000000000000000
7 | 00000000 | 00000000000000000000000000000000
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
0 | 00107060 | 00000000000100000111000001100000
1 | C02A14DB | 11000000001010100001010011011011
2 | 173081EC | 00010111001100001000000111101100
3 | 00000000 | 00000000000000000000000000000000
proxmark3>Offline
#4 2018-03-09 21:50:29
- homer2320776
- Contributor
- Registered: 2018-01-30
- Posts: 7
Re: Trying to 'clone' xceedID 37-bit to T55x7.
Is this what was needed? Or do I need to post something else?
Offline
#5 2018-04-06 19:08:34
- homer2320776
- Contributor
- Registered: 2018-01-30
- Posts: 7
Re: Trying to 'clone' xceedID 37-bit to T55x7.
Finally was able to figure this out. I was apparently 1 digit off on the TAG ID.
I was trying to use
HID Prox TAG ID: 054693576 (39611) - Format Len: 37bit - FC: 1350 - Card: 301755But ended up having to use
HID Prox TAG ID: 054693577 (39611) - Format Len: 37bit - FC: 1350 - Card: 301755I only determined this as I was using my own FOB as a test, and noticed that the result the wiegand caluclator didn't match the scan
pm3 --> lf search
HID Prox TAG ID: 054693527 (39571) - Format Len: 37bit - FC: 1350 - Card: 301715
Valid HID Prox ID Found!
Valid T55xx Chip Found
Try `lf t55xx` commands
pm3 --> lf hid wiegand 0 1350 301715
HID | OEM | FC | CN | Wiegand | HID Formatted
----+-----+------+---------+-----------+--------------------
37 | 000 | 1350 | 301715 | 54693526 | 3000000000000000
0 49a93Dunno what difference this made but the cloned card works perfectly!
Offline