Bricking (and unbricking) the 125khz t5577 part in my magic ring

Just sharing this experience here since SEO didn’t immediately lead me to the solution I needed.

I noticed my magic ring was acting a little funky with one of the elevator readers in my building, so I decided to check it out and rewrite.

1. I ran the reader command, lf hid reader and verified it was spitting out the correct info.
2. Then I ran the exact same clone command (i literally used ctrl-r reverse-i-search) of lf hid clone --fc xxxx --cn yyyyy -w C1k35s.
3. Finally ran lf hid reader again just for good measure to check that it wrote correctly… instead I got nothing back.

A bit of searching later, and looking at solutions in various forum posts, I finally landed on this one that worked for me. Specifically, this part:

lf t55 write -b 0 -d 000880E0 -t
lf t55 write -b 0 -d 000880E0 --r0 -t
lf t55 write -b 0 -d 000880E0 --r1 -t
lf t55 write -b 0 -d 000880E0 --r2 -t
lf t55 write -b 0 -d 000880E0 --r3 -t

I re-ran the clone command and… it worked!

My guess is what happened is, I had the ring at a slight angle and some of the bits died in transit. I heard T55 chips were temperamental, now I see why.

Protip (also from that forum post): run lf tune before writing to test the voltage drop and find the best angle instead of just guessing.

make sure you’re doing lf t55 detect before doing any memory modification commands IE a write, clone etc. this is to prime the proxmark for the correct config currently on your t5577. failing to do so can cause exactly this to happen.