125Khz with "clone protect" flag?

One thing that can help: the fob that I overwrote, now does not open the door anymore as I expected, but it can be read by the flipper… here is what the flipper shows: (see attached picture)

The most important thing is, you don’t get yourself locked out.

After that, is the challange of “beating” the system.

I think the safest approach is contacting the lock manufacturer, or reseller, and asking for help.

There is mention of software and USB to plug in, ( my guess is for card management for a site, so multiple cards ) but there also looks to be programming cards ( my guess is for individual locks and occasional proramming )

My guess is, If you buy the programming cards

Since you have a working fob, I think you should be able to make a copy so you at least have a spare.

And you couldthen try and re-enrol your other fob.

Again, best to speak to somebody who Actually knows what the fuck they are talking about, I am just guessing here.

This is what I would do

Buy a red and green card set
Buy a spare Blue car and / or fob

Then, this is how I think it could work

With you Fob that still works, swipe that, unlock the door.
Swipe the Green card, then swipe the new Blue card/ fob.
Either time out or swipe the green card again
This new blue card should now be enrolled
Test it on the lock.

If it works, try the same process with you “soft bricked” blue fob.

Then start again with “hacking the system”

In fact the fob is used to open the gate of the main entrance of the condominium, the condominium regulation requires two fobs per family, it is not possible to have more, I wanted to have 3 because I live alone and I wanted that in case of emergency a friend could enter my house, now a fob has been destroyed and I don’t want to go to the condominium administrator to ask for another one…

Thank you very much, really congratulations, this seems like a great idea to me… why hadn’t I thought of it before? now I’ll see if they also sell the green and red cards to an “unknown” customer who doesn’t have a programmer…

1 Like

the thing is, these fobs are clearly based on the T5577 chip, and no password has been set… the T5577 is known for losing its mind from time to time, even with a read process that’s gone bad it can lose memory configuration. Just present the fob to them and say it’s not working anymore and you need a new one. They should replace without question… probably after they try to test it themselves. I guarantee that unless you’ve been telling them you have been tinkering around with your fobs, they will just test it and see that it doesn’t work with the system there, and they should replace it without question.

Now, since we know your fobs are T5577 chips, making a clone of them to another T5577 device is very easy if you have a proxmark3. You will need to do a T5577 DUMP command followed by a T5577 RESTORE command to the new device. You will have a perfect clone.

Thanks… How can you tell that no password has been entered? Bear in mind that this one of the screenshot is the fob that has been overwritten with the contents of an empty one, using one of those blue “cloner guns” found on Amazon, perhaps the password was there and has been deleted as well as its data!
I saw on Youtube that there are other firmwares for flipper, called “xtreme”, they have many functions dedicated to the T5577, but I’m new to flipper and I don’t know where to go to get these firmwares and how to install them…

Because you accidentally overwrote one of your fobs. If a password had been set it would not have been possible without a test mode reset.

If it would be possible to simply overwrite the password then what good would the password feature be? It would be like a deadbolt lock that you can turn but it doesn’t actually extend the bolt.

I have no idea what the various flipper firmwares can do. What I’m suggesting is you get a proxmark3 because I know that will work by using the dump and restore commands.

I just ordered this

XGOIENZI Proxmark3 RDV2 NFC IC/ID RFID Card Cloner Duplicator Reader Writer Copier UID Copier : Amazon.it: Informatica

Hope it’s the correct one, I ordered here in Italy because I have one month I can return it… and been refunded…

Well, “bad news” and good news.

BAD NEWS (not really)
The one you bought is an older version of the latest (RDV4)
Yours is the RDV2

GOOD NEWS
The one that will do what you want, is only ⅓ the price

https://www.amazon.it/s?k=proxmark3+easy&crid=1DGCPLCZQUII6&sprefix=proxmar%2Caps%2C405&ref=nb_sb_ss_ts-doa-p_5_7

The one you bought, will probably do what you want, I am not really familiar with the RDV2, but generally you will find MOST people will have either the
Proxmark3 Easy ~$50
Proxmark3 RDV4 ~$300

As I mentioned, there is probably no reason the RDV2 wouldn’t do what you want, but you could save yourself €100

Whatever you decide

here’s a setup guide

here’s a more simple version of it:

Hi, many thanks, I hope I got it right this time:

https://www.amazon.com/gp/product/B0BCHPCZBS/ref=ppx_yo_dt_b_asin_image_o00_s00?ie=UTF8&psc=1

Well, you weren’t “wrong” last time, but yes, I think that is a better option for you

1 Like

Hi, finally I got a PM3 easy, I know nothing about it, so I started following the article “getting started with Proxmark 3 easy” at this URL :

Getting started with the proxmark3 easy - DT Info - Dangerous Things Forum

things went well till making the build, after some work, everything frose with the message “ccx proxmark3” i waited for half an hour, then I restarted the PC

now, if I type again the command “make clean make -j8 all” as siggested in the article, that’s what it shows … (see picture)

How can I go on? thanks

you missed your ampersands

&&

make clean && make -j8 all

2 Likes

you are right, I missed “&&”, but I only did it the second attempt, after restarting the PC…
The first time I typed the command correctly but the process froze…, now I have recreated the situation and


the job freezes always at the same point (see attached)

Have you tried running it as administrator?

1 Like

Also what path are you using in windows? Where did you unzip proxspace?

1 Like

well, I made it, the only way was tu use the “make clean && make all” command without the -j8 parameter, i don’t know what this is for but it did freeze the building process… now the client is up & running,

1 Like

Thanks, now that the PM3 seems to be ready for work, (I also tested the antennas with the “hw tune” command), can you please guide me through the correct commands to type in -->pm3 environment to perform the dump and restore?, this would be very appreciated, bear in mind I only have ONE source fob, I cant risk breaking it…

1 Like

The -j parameter (for jobs) controls the degree of parallelism when building the target. Essentially it is the maximum number of build steps that can run at the same time.

If you omit the -j argument, the build will only operate on one file/step at a time (essentially as if it was -j 1). If you are getting freezes with -j 8, then you might be oversubscribing your processor. My general rule of thumb with make is to use a jobs value that is one less than the number of logical cores my system has. You can find this number by running the command nproc in Linux, or echo $env:NUMBER_OF_PROCESSORS in Windows (Power Shell).

As long as you stick to reading data from the FOB, there is no way the PM3 can break or brick it. I don’t have my PM3 connected and its been a while since I used it, but essentially your next step is to read the tag in two ways. One, using the auto detect features of the PM3 to see if it can read/detect the FOB and tell you what chip/protocol it thinks it is, and then also a raw read/save command to dump the full contents of the tag.

I wouldn’t try writing/cloning it until you have successfully done the above.

2 Likes

I’ve been using -j without any numbers, is there a downside to that?

1 Like