13.56mhz HID smart cards wiping

Hi all,

Looking for advice/assistance with a card reading problem.

I have some HID 13.56mhz iclass smart cards that control access to a portable office.
The office is in a new location over the last 6 months and randomly, it stops reading cards.
If we re-programme the cards, they then start working again for a random amount of time (weeks/months)

I can only presume, something environmental is wiping the cards, as they work again when reprogrammed, therefore not damaged.

Can anyone advise how I will go about finding out the cause and also help me with questions below, apologies upfront if the questions are ā€˜stupidā€™ as I really donā€™t know about this stuff.

I have checked online for a RF frequency detector that I could take to site and investigate interference, the ones I found only seem to detect from RF 50mhz-3Ghz? Therefore I presume these are no good as the cards operation on 13.56mhz is lower than this range?

What frequency range could erase the smart cards? I presume the cards inside are just a copper ring with a chip?

The building is now situated very close to pylons, could this be the cause?

Anything to advise would be helpful, as Iā€™m really at a dead end with my knowledge!

Many thanks to all who take the time on this to assist

I have an idea, but firstly, could you scan a card with your phone using TagInfo
and share with a reply ( Hide the UID if you feel you need to )

How may swipes can you do get per card before failing? or how long ( in time ) do they work for after reprogramming?

Also, could you share your access system info, Make, model and software etc

Hi, Iā€™ve downloaded the app and tried to scan the card but it doesnā€™t read.

Do I need to ā€œadd keyā€ first? It only gives me one option ā€œMIFARE CLASSICā€ ?

The cards are
HID 3004PGGMN
|Frequency|13.56 MHZ|
|Memory|32K BITS|
|Product Type|CLAMSHELL CARD|
|Read Format|SMART CARD|
|Sales Category|ELECTRIC CARDS AND FOBS|
|UNSPSC Code|43211700|

Number of Swipes, itā€™s honestly just a random number, 10 times or 50 times, nothing that stands out as a pattern.
Yes, the cards work again after reprogramming.

Thanks for your reply, I appreciate it.

Ok so this looks like a 4k Mifare ā€œclassicā€ card. Usually these types of larger memory cards are used over the more common 1k versions is to enable some kind of time fence. For example, hotel key cards have a time fence written to the card itself because the door locks themselves are not connected to any kind of network and must operate independentlyā€¦ so they are ā€œenrolledā€ with a specific date and time within they will work (renting the room for 3 days, for example) and the lock only needs tonl have a realtime clock chip on board.

Because you mentioned the office is portable, it makes me think the access control might not be connected to the main system and may employ some sort of time fence method like this during enrollment.

If you want to try to confirm, I would get a dngr.us/proxmark3 diagnostic tool and you can crack keys on it to read out the memoryā€¦ then next time you enroll the card do it again and see if the memory contents changes to accommodate a new time and date.

2 Likes

Hi,

Sorry I did not make it clear (my fault assuming you knew it was a fingerprint on the office!)

The cards store fingerprint templates, I have contacted the supplier, but just get the generic ā€œitā€™s not happening anywhere elseā€ , which is why I am thinking an environmental issue is wiping the data contents on the card.

When card presented to HID reader module, it compares the fingerprint data stored on the card, to the fingerprint presented, if the match rate is high enough, it enables access (or not)

Basically, when you present a card, it should beep to say its reading the card, this is the issue I am having, it randomly stops reading cards, its like the card is invisible.
Personally canā€™t see it being an equipment issue as when a new/other/re-programmed card is presented, it beeps and reads fine.
So it is like the cards data is getting corrupted.

Thanks for the advice on proxmark3 , I will give it a go, regarding memory content change.

Just really lost on why its happening :frowning:

Soā€¦ I really canā€™t imagine the cards getting wiped by anything in the environmentā€¦ we blasted our chips with an EMP so strong it was physically launched into the airā€¦ still read fine. Iā€™ve never heard of chip eeprom being wiped eitherā€¦ not even in an MRI.

The only possiblity might be that your cards donā€™t use legit chips but shitty Chinese magic chips which do have really shitty memory blocks that are rickety like a 100 year old rope bridge in the Amazon.

Can you use those same exact cards with other locks at the facility? You need to come up with a test that attempts to determine if itā€™s the cards or lock / locks.

Hi Amal
Thanks for your feedback.
Sorry for the delay I needed it to fault, before I could testā€¦

We have determined that it is the cards which are the problem, whether or not the locks are causing it, we donā€™t know yet.
Basically a lock stopped working with a card, we got a different user to come over and use their card, which was not in the proximity at the time of the initial fault, and the card worked and the door lock released.
We tried the first card again, and it still did not work. We re-programmed the card, and it started working again.

So we know that something is wiping the cards (what part of the card I have no idea)
The cards are HID, so cant imagine the chips are not a decent quality?

Would be interesting to see a dump of a working card and one of a non working card. Was it the same card thats failed multiple times or is it different cards? Same card owner?

well, i mean you canā€™t really know that for sure based on the testing youā€™ve done. it might be like i said, the cards are being programmed with some kind of time fence or use counter or some other feature that HID is cooking into their enrollment process. I just donā€™t know enough about their systems to point you in the right directionā€¦ only speculate as to what might be the cause.

I only comment on this because I have definitely seen many systems that limit uses or put time fences on cards and those cards must be re-enrolled (reprogrammed) to work againā€¦ but this is by design and these cards are not ā€œbeing wipedā€, they are functioning just as designed. This, coupled with the fact that I have never in my life heard of commercial cards just ā€œlosing their mindsā€ so to speak, I still think this is some sort of feature that is turned into a bug for you.

The only other option could be that a card manufacturer that was thinking they were getting cards with HID chips inside maybe got ā€œchinaā€™dā€ and got cards made with far lesser buggy chips that do indeed lose their minds from time to timeā€¦ but thatā€™s somewhat unlikely.

  1. How many locks are at the facility?

  2. How many locks are having this problem?

  3. How many cards are showing signs of this problem with this specific lock or locks?

As a corollary to that, are the locks and readers all tied into a single controller system?

Rereading the first post, this is a system in a ā€œportable officeā€ I assume that that is what I would call a portacabin. Think office space as a shipping container. There are only a limited number of doors, and they may only have one RFID controlled ingress door.

1 Like