Re-formating of T55x7 Card.

Erictsk · 2015-05-28 11:07:10

I have successfully clone a HID card to a T55x7. Is it possible to "re-format" the cloned T55x7 card because I want to make use of that T55x7 card to clone a EM410x card. Since the 2 cards are using different kind of modulation techniques, is this possible?

Is there a command or script being written that can perform the above mentioned?

marshmellow · 2015-05-28 12:25:23

Just send new write commands to it. No need to wipe it.

iceman · 2015-05-31 19:15:00

indeed, the t55x7 is very easy,.. just write to it, even if the config block is screwed up.

broken_bad · 2015-12-30 13:01:39

I have three cards that are somewhat broken - they don't react to any read or write command, the only thing I can do is to read Traceability block (64 bits in page 1) - data are correct and all parities are good. Any ideas how to make those cards working again? Even if I try to write factory-defaults to block 0 it doesn't wake up. Every command ends up with no data:

lf t55xx read b 0

These are Q5Bs, maybe not 100% compatible to T55xx, but I still don't get the fact it can be broken like this by writing (any) specific configuration.

marshmellow · 2015-12-30 17:06:04

if you wrote an invalid block 0 then it is possible you permanently locked it, and no fix is possible. (lock bit set) (or sent a read command with password when the tag wasn't configured with a password....)

that seems to be the case if you cannot overwrite it.

broken_bad · 2015-12-31 08:50:45

Actually I am pretty sure what has done that. I have activated only Page select bit. Everything else corresponds to card's factory defaults. I am using Q5S, so the config word that destroyed the card was definitely 60 09 F0 04 (at least this is what was meant to be sent, I didn't scan the RF communication which could differ).

Writing factory defaults (60 01 F0 04) didn't have any effect.

Last edited by broken_bad (2015-12-31 19:43:24)

Danz · 2015-12-31 16:41:47

write this,

lf t55 wr 0 00148040 00000000

then rewrite

most welcome but am pretty sure the credit for Iceman for this ..

iceman · 2016-01-02 18:33:53

Not sure what the page select mode is, but we only use blockread in the source code.

try rewrite a default block with a direct write.

Last edited by iceman (2016-01-03 14:06:53)

iceman · 2016-01-03 14:08:39

If you use the fork from @marshmellow or mine, the latest fixes for Q5 is there. I don't think @marshmellow pushed a PR for his changes yet to PM3 master. Maybe time for a new release afterwards.

broken_bad · 2016-01-06 21:17:04

Yes, it did the trick! My Q5Bs are back!

lf t55xx wr b 0 d 00148040 p 00000000

broken_bad · 2016-01-06 21:22:24

iceman wrote:

Not sure what the page select mode is, but we only use blockread in the source code.

Q5B specification:

The data rate is binary programmable to operate
at any bit rate between RF/2 and RF/128. If
the “page select” bit is set, the data encoding
and bit rate is fixed to Manchester RF/64

iceman · 2016-01-06 23:39:26

aha, I see, thanks for the info, it was not what I thought it meant.

Danz · 2016-01-06 23:47:32

broken_bad wrote:

Yes, it did the trick! My Q5Bs are back!
lf t55xx wr b 0 d 00148040 p 00000000

Glad it worked, t55 = t55xx , which version you are using ? (win 2.5?)

marshmellow · 2016-01-07 03:34:10

if writing your block 0 to 00148040 worked then your tag is not a Q5, but a T55x7.

iceman · 2016-01-07 09:19:14

I wonder if 00148040 is a working configblock for Q5 and if the detection code would detect it as Q5. The default ones I've seen starts with 60..

Proxmark3 community

Announcement

#1 2015-05-28 11:07:10

Re-formating of T55x7 Card.

#2 2015-05-28 12:25:23

Re: Re-formating of T55x7 Card.

#3 2015-05-31 19:15:00

Re: Re-formating of T55x7 Card.

#4 2015-12-30 13:01:39

Re: Re-formating of T55x7 Card.

#5 2015-12-30 17:06:04

Re: Re-formating of T55x7 Card.

#6 2015-12-31 08:50:45

Re: Re-formating of T55x7 Card.

#7 2015-12-31 16:41:47

Re: Re-formating of T55x7 Card.

#8 2016-01-02 18:33:53

Re: Re-formating of T55x7 Card.

#9 2016-01-03 14:08:39

Re: Re-formating of T55x7 Card.

#10 2016-01-06 21:17:04

Re: Re-formating of T55x7 Card.

#11 2016-01-06 21:22:24

Re: Re-formating of T55x7 Card.

#12 2016-01-06 23:39:26

Re: Re-formating of T55x7 Card.

#13 2016-01-06 23:47:32

Re: Re-formating of T55x7 Card.

#14 2016-01-07 03:34:10

Re: Re-formating of T55x7 Card.

#15 2016-01-07 09:19:14

Re: Re-formating of T55x7 Card.

Board footer