Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

gazeranco · 2015-05-13 12:12:37

I bought a cloner from china and as I project what I would like to do is add an LCD to it and then maybe some sort of input to change numbers.

http://www.aliexpress.com/item/Handheld-125Khz-RFID-Honeywell-proximity-card-Copier-portable-Duplicator-Cloner-H-ID-reader-writer-10pcs-cards/1400802056.html

This isn't the link to where I bought it, I got it off ebay but it looks the same as this one. If anyones curious it works perfectly, tested it on my 125Khz HID card in the office.

Can someone advise if it would be possible for me to mount an LCD on the front of this so I can read the numbers? I can take it apart and photograph the inside if that helps???

I am not sure which point would be the best to access data on the board, like during read or write? Also would be cool if I could add some sort of arduino/sdcard type thing and store all the cards I read on a .txt file or something.

iceman · 2015-05-13 12:55:04

Do you know it your cloner sets the password on t55x7 tags? If so, can you sniff the traffic to get the password? or do you know the password?

gazeranco · 2015-05-13 15:24:47

tbh I am not sure, I just know it worked as I cloned my card and it let me in my building. My official card is stamped HID Proximity and the blank cards they came with the cloner worked.

And yes thats my plan, sniff the password off the PCB somehow but tbh I am a programmer not a hardware guy so this is all a bit new to me, is there any encryption or is the HID card singing out details in cleartext?

iceman · 2015-05-13 16:14:25

You are not in the right forum for hardware modification of a chinese cloner, you are in the Proxmark3 forum, where it mainly is about the proxmark3 device.

When it comes to cloners, the community has found that some of them sets a password on your cloned tag. And you can only use the cloner to re-program it. However, with a PM3 you can sniff the traffic and find out the password to unlock the tag again.

I was curious about if your cloner did this, and if it did, I would like to find out the pwd it uses.

I can't help you with your hardware modifications, but I wish you good luck with it.

gazeranco · 2015-05-13 16:48:51

Ok thanks for the info, I will let you know how I get on.

iceman · 2015-10-21 12:43:15

normally you would sniff the traffic between tag and cloner when it tries to program the tag with a PM3.

From that output, you can get a demodulation and the 4byte pwd.

Do you have a PM3?

minivan · 2018-08-30 21:33:13

Iceman, I'm interested in knowing these steps. I've been tinkering around with some T5577 fobs and I can't seem to program them. I've tried ones that have been programmed with the Chinese cloner as well as blank and so far no go. I'm able to get cards to clone but the fobs are rough.

I've tested around with data modulation and the lf Snoop utility but can't seem to get a decent stream with valuable data. Any information to help me keep tinkering would be greatly appreciated!

Last edited by minivan (2018-08-30 21:33:52)

Proxmark3 community

Announcement

#1 2015-05-13 12:12:37

Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

#2 2015-05-13 12:55:04

Re: Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

#3 2015-05-13 15:24:47

Re: Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

#4 2015-05-13 16:14:25

Re: Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

#5 2015-05-13 16:48:51

Re: Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

#6 2015-10-21 12:43:15

Re: Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

#7 2018-08-30 21:33:13

Re: Sorry Guys - Noob Alert. CHinese 125Khz Cloner Help

Board footer