Proxmark3 community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

Announcement

Time changes and with it the technology
Proxmark3 @ discord

Users of this forum, please be aware that information stored on this site is not private.

#1 2017-10-14 08:38:51

Blackhawks
Contributor
Registered: 2017-09-20
Posts: 21

[SOLVED] 125kHz AWID 40 Bit Clone Help

Does anyone know how to clone a 40 bit AWID card onto a T5577 card (or one of those blue tear drop keychain tags)? I have read several posts but my brain is overloaded with the information.

This is what my card says on the front: 033 04360 HCC40.

I also cant figure out how to share my MINGW32 proxmark screen info so I''ll have to type it manually. sad Using my newly installed proxmark, a "lf search" gives me:

AWID Found - BitLength: 40 -unknown BitLength-  (13514)  -  Wiegand:  a276186994,  Raw: 01242422dd1d1d8d48111111

Based on what is printed on the card, is my FC = 033 and CN = 04360?

What do I do next?

Any info would be much appreciated!

B.

Last edited by Blackhawks (2017-10-19 03:43:59)

Offline

#2 2017-10-14 16:38:22

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

The answer is in the raw. Read up on the other post related to Secura & pyramid and other posts on AWID.

Find the default block 0 for the 5577 write.

You will get there.

Offline

#3 2017-10-15 20:24:14

Blackhawks
Contributor
Registered: 2017-09-20
Posts: 21

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

Thanks Dot.com but I am a confused what I am doing.

I am following this thread (http://www.proxmark.org/forum/viewtopic.php?id=4679). I used this command "lf t55 dump"and got:

proxmark3> lf t55 dump
Reading Page 0:
blk | hex data | binary
----+----------+---------------------------------
  0 | 00107060 | 00000000000100000111000001100000
  1 | 01242422 | 00000001001001000010010000100010
  2 | BA3A3B1B | 10111010001110100011101100011011
  3 | 48111111 | 01001000000100010001000100010001
  4 | 00000000 | 00000000000000000000000000000000
  5 | 00000000 | 00000000000000000000000000000000
  6 | 00000000 | 00000000000000000000000000000000
  7 | 00000000 | 00000000000000000000000000000000
Reading Page 1:
blk | hex data | binary
----+----------+---------------------------------
  0 | 00107060 | 00000000000100000111000001100000
  1 | C02A02AD | 11000000001010100000001010101101
  2 | 138330A5 | 00010011100000110011000010100101
  3 | 00000000 | 00000000000000000000000000000000

So I think I need to write Blocks 0-3, but as per the original user's question, which ones do I use?

0 | 00107060 |
  1 | 01242422 |
  2 | BA3A3B1B |
  3 | 48111111 |

OR

0 | 00107060 |
  1 | C02A02AD |
  2 | 138330A5 |
  3 | 00000000 |

What does iceman mean by: "I suggest you use the raw hex output from lf search  when positive identification of AWID tag is done."???

I am really sorry if I am asking stupid questions as I am not the most literate when it comes to reading, writing and interpreting code. What can I do with this raw code? What functions exist to use raw code? What would be the difference of trying to write the 0-3 blocks vs. using the raw code?

Any help would be much appreciated.

B.

Offline

#4 2017-10-15 22:32:06

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

Don't double post, please.

Offline

#5 2017-10-16 00:25:15

Blackhawks
Contributor
Registered: 2017-09-20
Posts: 21

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

Sorry Ice ... no offense intended.

I thought I break this request into smaller chunks as I learn more and more thinking some people might want to answer the easier questions.

B.

Offline

#6 2017-10-16 05:35:22

Dot.Com
Contributor
From: Hong Kong
Registered: 2016-10-05
Posts: 180
Website

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

Read. smile

There is page 0 and page 1. You got to write both for it to work.

If you don't understand, use the command help on the build envt.

Type 'lf t55 wr' to see more about that command

Once you are done, put solved to the title. This should be pretty straightforward

Last edited by Dot.Com (2017-10-16 05:35:51)

Offline

#7 2017-10-16 08:56:17

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

Just read the atmel 5557 / 5577 full data sheet.  It will help your understanding in what you are actually trying to do.
PM3 client commands just hides it for you.  Usually we just write to page0.

Offline

#8 2017-10-16 21:40:09

mnelson
Contributor
From: Outside Denver, CO, USA
Registered: 2015-06-05
Posts: 33

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

Grab your tablet or laptop and find a nice, comfortable place (next to a warm fire, on the beach, swinging in your favorite hammock in the shade, etc...) and read/ reread the Atmel 5577 data sheet.  I learn something new almost every time I have to review it.

Offline

#9 2017-10-18 04:10:28

Blackhawks
Contributor
Registered: 2017-09-20
Posts: 21

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

SOLVED! Not sure how I edit the title to state this has been solved but put this one in the win column, baby.

For the records, in case there are other dummies out there like me, simply do:

1) LF SEARCH original AWID card
2) You should get something like this:
    AWID Found - BitLength: 40 -unknown BitLength-  (13514)  -  Wiegand:  a276186994,  Raw: 01242422dd1d1d8d48111111
3) You need to write 4 blocks of hexadecimal characters on to a blank T55XX card - each block will be 8 characters long. AWID cards will have Block 0 written as 00107060. You can verify this by using anyone of these commands: LF T55XX DETECT, LF T55XX INFO, or LF T55XX DUMP.
4) The other 3 blocks of code are simply in the long Raw string shown above in the LF SEARCH command. There are 24 digits - the first 8 characters belong to Block 1, the middle 8 characters to Block 2 and the last 8 characters to Block 0.
5) To write the blocks, use the LF T55XX WRITE command. In my example above, it would be 4 separate commands done one by one:
LF T55XX WRITE b 0 d 00107060
LF T55XX WRITE b 1 d 01242422
LF T55XX WRITE b 2 d dd1d1d8d
LF T55XX WRITE b 3 d 48111111
6) Lastly, run LF SEARCH on the new card and verify if it has been identified as an AWID card.

Props out go to to Marshmellow, Iceman and Dot.com ... I seen all the work you guys have been doing over the years so thanks for making it easier for us dummies. This is pretty interesting stuff so I think I'll learn it the old fashion way and continue doing some tests.

Thanks again everyone!

B.

Offline

#10 2017-10-18 08:26:54

iceman
Administrator
Registered: 2013-04-25
Posts: 9,538
Website

Re: [SOLVED] 125kHz AWID 40 Bit Clone Help

Congrats!
May I ask that you edit your first post and add the prefix  [solved] to your subject line

Offline

Board footer

Powered by FluxBB