I recently bought a Magic Ring and I fear I’ve broken it. A few days ago I cloned an HID Prox card to it. When it failed to read today I ran lf t5 wipe
to start fresh and try again. Now lf t5 detect returns nothing.
lf t5 info output:
[=] --- T55x7 Configuration & Information ---------
[=] Safer key : 8
[=] reserved : 0
[=] Data bit rate : 3 - RF/8
[=] eXtended mode : Yes - Warning
[=] Modulation : 0x1F (Unknown)
[=] PSK clock frequency : 3 - (Unknown)
[=] AOR - Answer on Request : No
[=] OTP - One Time Pad : Yes - Warning
[=] Max block : 7
[=] Password mode : Yes
[=] Sequence Start Marker : No
[=] Fast Write : No
[=] Inverse data : No
[=] POR-Delay : No
[=] Raw Data - Page 0, block 0
[=] 800FFDF0 - .0000000000000...0.00.000...0000
[=] --- Fingerprint ------------
I’m no expert but that dump output doesn’t seem right. Any ideas where I went wrong? lf t5 wipe does not change the dump output at all, and writing manually to any block has no effect. I’ve seen people mentioning test mode, but I haven’t seen any explanation of what that is and the danger next to the option in proxmark 3 is scary.
So lf t5 info doesn’t work with blank T5577s, good to know, I know I have the ring on the LF antenna but I’m not sure how to orient it optimally… I’ve just noticed every time I get a dump on the ring, I get completely different data back. This doesn’t happen with any other card I have. No form of writing to the ring is working either.
EDIT: I just restarted the proxmark and now the ring is consistently dumping as entirely FF. Progress?
Even with the single dot down, at all angles I am reading seemingly random data every dump. Also, in most reads it is missing at least one block.
EDIT: I ran lf search -u, which told me that the ring is FSK modulated. After setting t5577 confg modulation to FSK, I am now consistently reading all zeros from the ring. Writing and cloning still not working.
I have access to the white cloner, but I found it to be one that did not work on HID Prox so I have no card to clone. Should I try manually inputting an ID and writing it to the T55 with the white cloner?
Bad news, today when I tried an lf search on the ring, I got
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=] Checking for known tags...
[-] No known 125/134 kHz tags found!
[+] Chipset detection: T55xx
[?] Hint: try `lf t55xx` commands
And no cloning is working again. I’ve checked the logs from last night and I haven’t made a single write to the chip since it last worked. What? I’m holding the ring on the proxmark as in the video(vertically with single dot side down)
When I put the ring sideways on the reader (so the dots are facing outward and the ring is parallel to the coil), I consistently get a read from every block but the contents of those blocks is still inconsistent.
UPDATE: okay I just ran lf t55xx write -b 0 -d 000880E8 -p 00000000 as iahimsogard recommended a while ago and now my ring is successfully reading as an EM410x ID. Baffling, I won’t touch it until I’m ready to clone my credential to it now.