I recently bought a Magic Ring and I fear I’ve broken it. A few days ago I cloned an HID Prox card to it. When it failed to read today I ran lf t5 wipe
to start fresh and try again. Now lf t5 detect returns nothing.
lf t5 info output:
[=] --- T55x7 Configuration & Information ---------
[=] Safer key : 8
[=] reserved : 0
[=] Data bit rate : 3 - RF/8
[=] eXtended mode : Yes - Warning
[=] Modulation : 0x1F (Unknown)
[=] PSK clock frequency : 3 - (Unknown)
[=] AOR - Answer on Request : No
[=] OTP - One Time Pad : Yes - Warning
[=] Max block : 7
[=] Password mode : Yes
[=] Sequence Start Marker : No
[=] Fast Write : No
[=] Inverse data : No
[=] POR-Delay : No
[=] -------------------------------------------------------------
[=] Raw Data - Page 0, block 0
[=] 800FFDF0 - .0000000000000...0.00.000...0000
[=] --- Fingerprint ------------
I’m no expert but that dump output doesn’t seem right. Any ideas where I went wrong? lf t5 wipe does not change the dump output at all, and writing manually to any block has no effect. I’ve seen people mentioning test mode, but I haven’t seen any explanation of what that is and the danger next to the option in proxmark 3 is scary.
I have noticed that lf t5 info doesn’t seem to work on a blank t5577. Try cloning a chip onto it (you can just use one of the examples in the help output)
Can you try lf t5 info on a known working chip, attempt to clone to the ring and then try lf t5 info on that?
Are you sure you have the ring oriented the right way over the right antenna? Is hw tune showing both antennas are working ok? Does the firmware/software match?
I am assuming you have tried cloning to a test card and it worked?
So lf t5 info doesn’t work with blank T5577s, good to know, I know I have the ring on the LF antenna but I’m not sure how to orient it optimally… I’ve just noticed every time I get a dump on the ring, I get completely different data back. This doesn’t happen with any other card I have. No form of writing to the ring is working either.
EDIT: I just restarted the proxmark and now the ring is consistently dumping as entirely FF. Progress?
The single dot marks the t5577 so you will want that down. I think you will want the ring itself at right angles to the part of the antenna, but if that doesn’t work turn it 90 degrees and try again.
Even with the single dot down, at all angles I am reading seemingly random data every dump. Also, in most reads it is missing at least one block.
EDIT: I ran lf search -u, which told me that the ring is FSK modulated. After setting t5577 confg modulation to FSK, I am now consistently reading all zeros from the ring. Writing and cloning still not working.
Try " lf t55xx write -b 0 -d 000880E8 -p 00000000 "as a recovery
or if you have access to a blue cloner or something similar, sometimes they can force a t55 in a normal state
I have access to the white cloner, but I found it to be one that did not work on HID Prox so I have no card to clone. Should I try manually inputting an ID and writing it to the T55 with the white cloner?
Do the stuff that Amal asked first, but can you answer this AFTER you have tried that?
Firstly, I don’t know of this would be causing you the issues you are experiencing.
Did you try to use the white cloner on the ring?
if so
check out this.
The syntax may have changed due to the updates on the proxmark between then and now, but the principle will be the same and you should be able to follow it through to get the same result.
Sorry it took me a while but midterm season at school
This clone was successful! The ring now reads as an EM410x ID on lf search! When I get to the bottom of cloning my access card I will see if it works on this ring. Thank you so much for your help!
Bad news, today when I tried an lf search on the ring, I got
[=] NOTE: some demods output possible binary
[=] if it finds something that looks like a tag
[=] False Positives ARE possible
[=]
[=] Checking for known tags...
[=]
[-] No known 125/134 kHz tags found!
[+] Chipset detection: T55xx
[?] Hint: try `lf t55xx` commands
And no cloning is working again. I’ve checked the logs from last night and I haven’t made a single write to the chip since it last worked. What? I’m holding the ring on the proxmark as in the video(vertically with single dot side down)
With distance or cardboard writes are still doing nothing. I’ve noticed that lf t5 dump is mostly empty, except randomly a block of nonsense will be read.
When I put the ring sideways on the reader (so the dots are facing outward and the ring is parallel to the coil), I consistently get a read from every block but the contents of those blocks is still inconsistent.
UPDATE: okay I just ran lf t55xx write -b 0 -d 000880E8 -p 00000000 as iahimsogard recommended a while ago and now my ring is successfully reading as an EM410x ID. Baffling, I won’t touch it until I’m ready to clone my credential to it now.