Am I in Trouble? (T5577)

I was trying to write to my T5577 using lf t5 dump & lf t5 restore -f filehere.

I noticed I would dump it, and the values wouldn’t be the same as what I read off the original keyfob, so I tried it multiple times and it kept happening so I decided to try and write it line by line rather than a restore.

So I tried this guys instructions and started with t5 det, and proceeded to use “lf t5 write -b 0 -d 00105080” and this is where the problem began. I haven’t been able to get a good read since, or write to it or anything.

This is what it looks like if I try to dump multiple times.


Is this a good sign that there’s still hope?

I have ran through these instructions multiple times and they haven’t resolved my issue.

writing block 0 means reconfiguring the analog frontend settings of the chip, which is basically telling the chip how to communicate over RFID. Changing this changes the way the chip “talks” over the shared magnetic field coupling.

So that is the result every time you dump it? It doesn’t change?

What if you just start with lf search (post outcome) and then lf t5 detect (post outcome)?

2 Likes

Here is what I get.

Now mind you, I have ran through the troubleshooting guide and tried to write it as an EM as well.

The only thing I can think of is to try and change the modulation of block0 in the config to match what I set it as, but I’m not sure how to do that after running 'lf t55xx config'

edit: The dump does change. I’m not sure if I am just not getting a good connection, but my implant is really close to my skin and I’m not moving after running

lf tune

you can see here, the dump changes each time. this is after running the -t commands, with 0 movement from me between dumps.

lf search -u returns the following:

It definitely looks like something is there, but I can’t seem to restore it

yeah… at this point you might be in trouble :confused: What product is it? A NExT or an xEM or ??

NeXT v2 put in 16 days ago😁 the scab hasn’t even fallen off

oh wait… let’s just check the most obvious thing… send a screenshot of your promark client startup data (what shows when you run pm3).

:open_mouth:

out of curiosity, did you try cloning to a test card first?

No I didn’t try to a test card, just solely because I have written to it before with no issue so I assumed I was good but apparently not

AH HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

see that red text? can you copy / paste the entire output of the startup screen text?

2 Likes

Here’s the entire output:

daltonbroaddus@MacBookPro ~ % pm3
[=] Session log /Users/daltonbroaddus/.proxmark3/logs/log_20250723184439.txt
[+] loaded /Users/daltonbroaddus/.proxmark3/preferences.json
[+] Using UART port /dev/tty.usbmodem11301
[+] Communicating with PM3 over USB-CDC

8888888b. 888b d888 .d8888b.
888 Y88b 8888b d8888 d88P Y88b
888 888 88888b.d88888 .d88P
888 d88P 888Y88888P888 8888"
8888888P" 888 Y888P 888 "Y8b.
888 888 Y8P 888 888 888
888 888 " 888 Y88b d88P
888 888 888 “Y8888P”

Release v4.20469 - Daddy Iceman
[ Listen to the Domain! :coffee: ]

[ Proxmark3 ]

MCU....... AT91SAM7S512 Rev A
Memory.... 512 KB ( 77% used )
Target.... device / fw mismatch

Client.... Iceman/master/v4.20469 2025-06-16 16:18:01
Bootrom... Iceman/master/v4.20469-suspect 2025-06-16 16:18:01 72b1b17a3
OS........ Iceman/master/v4.20469-suspect 2025-06-16 16:18:01 72b1b17a3

[usb] pm3

huh odd… expected more data… ok well whatever… basically your stuff is compiled for the wrong hardware. the iceman branch defaults to the RDV4 hardware platform, and this red text is telling you the hardware does not match the firmware / client you’ve got… this will cause a kind of proxmark dementia when it comes to operation.

this must be fixed before you can rely on your proxmark to work properly.

since you’re on mac… eh i need someone else familiar with mac to cover how to fix this.

  • what hardware do you actually have?
1 Like

do not fear, I have it on my windows as well. I am on a Proxmark3 Easy V3.0

ok I have flashed the pm3.

lf t5 info provides me with

ok so now on windows with the proper firmware / client, run through t5577 recovery steps

no dice. but running lf t5 info after running the -t commands brings up

I just don’t understand why we can read data from it if it’s bricked

on windows now what does lf search and lf t5 detect show?