Emulation Works, T55x7 Clone Doesn't

moebius · 2017-11-27 18:40:57

Hi all, how is it going?

I'm from Argentina and here there's a company here implementing an entry system for Apartments using LF EM type of tags. The odd thing is that when I'm emulating the ID with the Proxmark3 everything works as expected and the door opens successfully (green light on the reader). When a non-enrolled tag is presented, red light is on.

I clone one of the enrolled tags into a T55X7 card but it doesn't work, and the LED this time is "Orange". Not Green, not Red, Orange. And the door doesn't open, of course.

Any experiences with this kind of situations? What's the difference between the code sent by the emu and the code sent by the clone (emulated inside by the pre-programmed microcontroller)???? Any other tests I can try?

Thank you very much!

Cheers!

marshmellow · 2017-11-27 18:47:15

My guess is your clone is not a good clone. (Did not take programming correctly)

moebius · 2017-11-27 19:50:48

marshmellow wrote:

My guess is your clone is not a good clone. (Did not take programming correctly)

Nope, we tried with different T55x7 tags, with different shapes (because we thought of an antena problem), but nope. All clones gave us this orange light.

iceman · 2017-11-27 20:07:12

Hi Mobieus!

Long time no see, isnt it Troopers now?

Could be t5577 detection in the reader...

marshmellow · 2017-11-27 20:11:32

Well there are different configurations possible for bit rate. Are you certain you cloned it correctly?
Sorry, but Without any clue what exactly you tried and what commands and parameters you are running we are merely guessing.

moebius · 2017-11-27 20:18:00

iceman wrote:

Hi Mobieus!
Long time no see, isnt it Troopers now?

Could be t5577 detection in the reader...

Hey! Yes, Next March! I'm going and will deliver the 2day workshop with Phil. Maybe you can join us! ;-)) Or at least grab some Club Mates over there hehe!....

So... T5577 detection... I wasn't aware of some readers doing that.. do they use any particular command to detect this? Any guess to "bypass" the detection?

See ya' and thank you!

moebius · 2017-11-27 20:22:12

marshmellow wrote:

Well there are different configurations possible for bit rate. Are you certain you cloned it correctly?
Sorry, but Without any clue what exactly you tried and what commands and parameters you are running we are merely guessing.

I used the standard "410xwrite" command to accomplish this. I just cloned it same as I did before for other similar configurations.

Iceman mentioned some "t5577 detection"... maybe that's the thing here... Unfortunately I don't have access to the reader now to do more tests... I'm posting this just to see if anyone here passed over the same situation in the past... I have a friend "near" the reader, so if someone proposes some tests, we can try using him as a proxy. Is it possible to play with the bit rate using standard prox3 commands? My frind won't be able to modify the code, etc., just compile it again and run it...

Thanks!!!!

marshmellow · 2017-11-27 20:56:46

First thing I'd do is lf search the original and take close note what it says. (And if it IDs the bit rate.). Then lf search the clone and see if there are any differences.

I've never seen a reader attempt to detect a t55x7 tag in an attempt to weed out clones. It might be possible tho. One way to possibly avoid this is to password protect the tag after cloning.

Dot.Com · 2017-11-28 06:07:07

Well. Yes Marshmellow. There is such readers in China that differentiate the clones from the original. Some people simply set a password to the clone to lock it down to make it work. Heard it is cloneable in China.

lf t55 wr b 7 d password
lf t55 wr b 0 d 00148050 (to lock down the card and try)

Hope this helps.

Last edited by Dot.Com (2017-11-28 06:07:55)

marshmellow · 2017-11-28 06:10:28

Well if they were smart they would be able to detect even a pwd protected card. But as I mentioned it is one thing to try.

moebius · 2017-11-28 13:40:28

Thanks a lot Dot.com and Marshmellow! I will try those things and update this thread.

It is in Spanish, but the readers are these: http://www.controllock.com.ar/consorcios.html "Proximax II & III".

Also, some pictures:

https://i.imgur.com/83AIoWD.jpg
https://i.imgur.com/Uyk0gh4.jpg

zhuminggang · 2018-02-26 07:06:41

well done!

Proxmark3 community

Announcement

#1 2017-11-27 18:40:57

Emulation Works, T55x7 Clone Doesn't

#2 2017-11-27 18:47:15

Re: Emulation Works, T55x7 Clone Doesn't

#3 2017-11-27 19:50:48

Re: Emulation Works, T55x7 Clone Doesn't

#4 2017-11-27 20:07:12

Re: Emulation Works, T55x7 Clone Doesn't

#5 2017-11-27 20:11:32

Re: Emulation Works, T55x7 Clone Doesn't

#6 2017-11-27 20:18:00

Re: Emulation Works, T55x7 Clone Doesn't

#7 2017-11-27 20:22:12

Re: Emulation Works, T55x7 Clone Doesn't

#8 2017-11-27 20:56:46

Re: Emulation Works, T55x7 Clone Doesn't

#9 2017-11-28 06:07:07

Re: Emulation Works, T55x7 Clone Doesn't

#10 2017-11-28 06:10:28

Re: Emulation Works, T55x7 Clone Doesn't

#11 2017-11-28 13:40:28

Re: Emulation Works, T55x7 Clone Doesn't

#12 2018-02-26 07:06:41

Re: Emulation Works, T55x7 Clone Doesn't

Board footer