Pyramid to t5577

Apt-Get · 2016-01-25 07:34:05

HI guys.
I'm just trying to figure out the lf t55 config command and write commands for cloning my Pyramid tag.
Im not sure what LF t55 config command to use.

Heres the tag
Pyramid ID Found - BitLength: 26, FC: 9, Card: 33278 - Wiegand: 21303fd, Raw: 000101010101010101010161980efb6e
Checksum 6e passed

i wrote these to my t55 card and bricked it lol

proxmark3> lf t55xx write b 1 d 00010101
proxmark3> lf t55xx write b 2 d 01010101
proxmark3> lf t55xx write b 3 d 01010161
proxmark3> lf t55xx write b 0 d 980efb6e

what did i do wrong? and can i fix my t55 so i can still use it ?

Tried a lf t55 wipe and
All i get from the t5577 is No Known Tags Found!

Still learning guys. sorry if this seems basic. Any help is much appreciated.

Last edited by Apt-Get (2016-01-25 07:50:15)

iceman · 2016-01-25 09:10:15

you wrote a bad block 0...

and if you were unlucky you enabled the pwd bit.

Try writing a default block 0 with all zeros pwd. or a all 0xff pwd.

Apt-Get · 2016-01-25 09:45:29

iceman wrote:

you wrote a bad block 0...
and if you were unlucky you enabled the pwd bit.
Try writing a default block 0 with all zeros pwd. or a all 0xff pwd.

lf t55xx write b 0 d 0x00088040 p 0x00000000
or
lf t55xx write b 0 d 0x00088040 p 0xffffffff

still bad tag..

thats what i copied from the wipe command..

Im not heartbroken that i bricked a $1 tag no biggie.

What should the block0 should have been? Am i reading that raw data wrong?

Last edited by Apt-Get (2016-01-25 09:45:44)

iceman · 2016-01-25 10:09:17

Don't use 0x in the command.

-- try first
lf t55xx write b 0 d 00088040

--test with
lf t55 detect

- try second.
lf t55xx write b 0 d 00088040 p 00000000
lf t55 detect

lf t55xx write b 0 d 00088040 p ffffffff
lf t55 detect

iceman · 2016-01-25 10:11:14

The wiegand raw data is what your t55xx tag must repeat.

b0 ... here goes a maxblock 4, pyramid config block..
b1 00010101
b2 01010101
b3 01010161
b4 980efb6e

Apt-Get · 2016-01-25 19:09:59

rem

Last edited by Apt-Get (2016-01-26 10:35:21)

iceman · 2016-01-25 19:11:35

search this forum or the source code.

Apt-Get · 2016-01-25 19:13:40

iceman wrote:

search this forum or the source code.

IM trying lol.

Danz · 2016-01-25 19:58:47

here you go

lf t55xx write b 0 d 00107080

what to do if checksum failed though ?

marshmellow · 2016-01-25 20:10:58

Danz wrote:

what to do if checksum failed though ?

probably just means you have a tag that isn't the 26 bit format. example?

Apt-Get · 2016-01-25 20:15:54

rem

Last edited by Apt-Get (2016-01-26 10:34:59)

Apt-Get · 2016-01-25 21:55:41

Pyramid ID Found - BitLength: 26, FC: 9, Card: 33278 - Wiegand: 21303fd, Raw: 000101010101010101010161980efb6e
Checksum 6e passed

lf t55xx write b 0 d 00107080
lf t55xx write b 1 d 00010101
lf t55xx write b 2 d 01010101
lf t55xx write b 3 d 01010161
lf t55xx write b 4 d 980efb6e

Last edited by Apt-Get (2016-01-26 10:32:58)

iceman · 2016-01-25 22:02:28

what does your "lf seach" look like with your clone? Compare the plot between org and clone..

Apt-Get · 2016-01-25 22:16:09

after those writes i still get
no known tags found. this is on a new t5577 fob

Apt-Get · 2016-01-25 22:30:25

rem

Last edited by Apt-Get (2016-01-26 10:34:27)

iceman · 2016-01-25 22:48:23

just do a "lf read / data samp / data plot".. and look at it.

Apt-Get · 2016-01-25 22:52:18

rem

Last edited by Apt-Get (2016-01-26 10:34:11)

iceman · 2016-01-25 23:01:40

Go for @marshmellow 's fork, he has some fixes that isn't in Pm3 master.
His fork is more similar to pm3 master too.

if you wanna go experimental, try out mine.

Apt-Get · 2016-01-25 23:51:02

removed

Last edited by Apt-Get (2016-01-26 08:01:39)

Apt-Get · 2016-01-26 08:02:13

rem

Last edited by Apt-Get (2016-01-26 10:33:54)

iceman · 2016-01-26 08:17:00

marshmellow42 is his githubname, you can find him via the commit list on pm3 master.

Apt-Get · 2016-01-26 08:44:58

rem

Last edited by Apt-Get (2016-01-26 10:33:42)

Apt-Get · 2016-01-26 08:59:18

Flashed Marshmellows fork.
Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2015-11-04 22:15:34
os: master/v1.1.0-657-gc4c3af7-suspect 2016-01-26 07:48:55
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8

I drop a fob on the reader and run these commands.. they only work intermittently as you can see. i didn't even touch the fob. i just left it sitting on the antenna.

proxmark3> lf t55 det
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'
proxmark3> lf t55 det
Chip Type : T55x7
Modulation : ASK
Bit Rate : 5 - RF/64
Inverted : No
Offset : 33
Block0 : 0x00148040

proxmark3> lf t55 det
Could not detect modulation automatically. Try setting it manually with 'lf t55xx config'

Apt-Get · 2016-01-26 09:26:08

removed

Last edited by Apt-Get (2016-01-26 10:32:19)

iceman · 2016-01-26 09:47:22

You don't.

Apt-Get · 2016-01-26 09:52:42

iceman wrote:

You don't.

ok i get this from a dump after setting the config

proxmark3> lf t55 dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
0 | FFFFFFFF | 11111111111111111111111111111111
1 | 00000000 | 00000000000000000000000000000000
2 | 00000000 | 00000000000000000000000000000000
3 | FFFFFFFF | 11111111111111111111111111111111
4 | 00000000 | 00000000000000000000000000000000
5 | FFFFFFFF | 11111111111111111111111111111111
6 | FFFFFFFF | 11111111111111111111111111111111
7 | FFFFFFFF | 11111111111111111111111111111111
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
0 | 00000000 | 00000000000000000000000000000000
1 | FFFFFFFF | 11111111111111111111111111111111
2 | FFFFFFFF | 11111111111111111111111111111111
3 | FFFFFFFF | 11111111111111111111111111111111

iceman · 2016-01-26 10:18:36

That looks like an invalid block0, so its not a good dump, or config settings.

Look at your data plot, post a pic of it here.

Apt-Get · 2016-01-26 10:36:52

if one of the mods wants to delete this thread thats ok with me. it got way off track. i ended up getting the pyramid tag working on a different t5577. the generic key fobs i have are not easy to read/write. i might just need more time with them in the config.

iceman · 2016-01-26 10:59:33

It could be Q5 tag.. Which is different then t55x7 when sending commands.

Apt-Get · 2016-01-26 11:15:30

ice I'm on a mac. is there anything i could save and send you to look at?

iceman · 2016-01-26 11:29:17

get the best read you can get.

data plot
lf read
data samples

-when the signal in the plot is centern around the middle line and has good peaks.

then,

data save keyfob.pm3

That file you can post here.

Apt-Get · 2016-01-26 19:25:58

1453832858_screen_shot_2016-01-26_at_11.27.01_am.jpg

Heres the file. Im thinking this is a bad read.

https://www.dropbox.com/s/r775vyjjca1wng3/fob.pm3?dl=0

Here is the actual tag i bought.
http://www.phidgets.com/products.php?category=14&product_id=3916_0

Last edited by Apt-Get (2016-01-26 19:29:50)

iceman · 2016-01-26 21:13:53

It looks like a very good read.

iceman · 2016-01-26 21:19:19

ASK/Manchester, 32, with STT which makes your demod not work.. STT get demoded to 0x77.

Where the actual start offset is doubtful, but this is your repeating pattern

0010010001101000101011001111
0x2468ACF
38177487

iceman · 2016-01-26 21:21:19

rotate the bin pattern, and you get:

10010001101000101011001111000
0x12345678

iceman · 2016-01-26 21:22:53

According to your link, you should be able to get the "LF T55xx" commands to work.

Use: ASK, 32 and play with the offset...

Apt-Get · 2016-01-27 00:44:53

After trial and error. Here is what lets me wipe and write to the these tags.
Thanks for all your Guidance Iceman. These tags were tough and will not respond to a t55 det or dump until you set this mod.
staying on topic i was able to clone a pyramid tag to both of these.

Prox/RFID mark3 RFID instrument
bootrom: /-suspect 2015-11-04 22:15:34
os: master/v1.1.0-657-gc4c3af7-suspect 2016-01-26 07:48:55
LF FPGA image built for 2s30vq100 on 2015/03/06 at 07:38:04
HF FPGA image built for 2s30vq100 on 2015/11/ 2 at 9: 8: 8

Chip Type : T55x7
Modulation : FSK2a
Bit Rate : 4 - RF/50
Inverted : Yes
Offset : 30

Last edited by Apt-Get (2016-01-27 00:59:22)

iceman · 2016-01-27 01:03:26

Glad that you made it!

Apt-Get · 2016-01-27 02:14:49

iceman wrote:

Glad that you made it!

well now the keyfob is not writing again.. with that config... ugh.. its very intermittent.

will not dump With ASK/32

Proxmark3 community

Announcement

#1 2016-01-25 07:34:05

Pyramid to t5577

#2 2016-01-25 09:10:15

Re: Pyramid to t5577

#3 2016-01-25 09:45:29

Re: Pyramid to t5577

#4 2016-01-25 10:09:17

Re: Pyramid to t5577

#5 2016-01-25 10:11:14

Re: Pyramid to t5577

#6 2016-01-25 19:09:59

Re: Pyramid to t5577

#7 2016-01-25 19:11:35

Re: Pyramid to t5577

#8 2016-01-25 19:13:40

Re: Pyramid to t5577

#9 2016-01-25 19:58:47

Re: Pyramid to t5577

#10 2016-01-25 20:10:58

Re: Pyramid to t5577

#11 2016-01-25 20:15:54

Re: Pyramid to t5577

#12 2016-01-25 21:55:41

Re: Pyramid to t5577

#13 2016-01-25 22:02:28

Re: Pyramid to t5577

#14 2016-01-25 22:16:09

Re: Pyramid to t5577

#15 2016-01-25 22:30:25

Re: Pyramid to t5577

#16 2016-01-25 22:48:23

Re: Pyramid to t5577

#17 2016-01-25 22:52:18

Re: Pyramid to t5577

#18 2016-01-25 23:01:40

Re: Pyramid to t5577

#19 2016-01-25 23:51:02

Re: Pyramid to t5577

#20 2016-01-26 08:02:13

Re: Pyramid to t5577

#21 2016-01-26 08:17:00

Re: Pyramid to t5577

#22 2016-01-26 08:44:58

Re: Pyramid to t5577

#23 2016-01-26 08:59:18

Re: Pyramid to t5577

#24 2016-01-26 09:26:08

Re: Pyramid to t5577

#25 2016-01-26 09:47:22

Re: Pyramid to t5577

#26 2016-01-26 09:52:42

Re: Pyramid to t5577

#27 2016-01-26 10:18:36

Re: Pyramid to t5577

#28 2016-01-26 10:36:52

Re: Pyramid to t5577

#29 2016-01-26 10:59:33

Re: Pyramid to t5577

#30 2016-01-26 11:15:30

Re: Pyramid to t5577

#31 2016-01-26 11:29:17

Re: Pyramid to t5577

#32 2016-01-26 19:25:58

Re: Pyramid to t5577

#33 2016-01-26 21:13:53

Re: Pyramid to t5577

#34 2016-01-26 21:19:19

Re: Pyramid to t5577

#35 2016-01-26 21:21:19

Re: Pyramid to t5577

#36 2016-01-26 21:22:53

Re: Pyramid to t5577

#37 2016-01-27 00:44:53

Re: Pyramid to t5577

#38 2016-01-27 01:03:26

Re: Pyramid to t5577

#39 2016-01-27 02:14:49

Re: Pyramid to t5577