Brute force t55

Ima_Wana_Be · March 11, 2021, 9:41pm

So I’ve got what was supposed to be a 26bit HID tag and it read exactly as expected the first time I put it on my proxmark. The second time I messed with it the client identified it as a t55 so naturally I tried writing a different card number to it. It failed now I’m trying to brute force the password on it because it wasn’t one of the defaults listed in the dictionary file that came when I downloaded the proxmark client.

That being said if I’m doing my math right here, it could take up to 34 years to finish this task. It’s working at about 4 tries per second.

I’m open to other ideas, side note it says valuprox on the back of the card in case anyone has unlocked one before.

amal · March 11, 2021, 9:51pm

test mode?

Ima_Wana_Be · March 11, 2021, 9:55pm

Not sure I understand the question, can you elaborate?

Most of what I’ve done with the proxmark had been fairly simple up to this point.

amal · March 11, 2021, 10:05pm

ah sorry, so the T5577 has “test mode” commands that basically backdoor the thing… I think they are your typical “security through obscurity” type of thing, so naturally the test mode commands were discovered and they let you like totally work around and reset the T5577 completely… search the forums here for test mode commands… there have been a few threads about it… @TomHarkness was first on the scene I think with the test most stuff.

Ima_Wana_Be · March 11, 2021, 10:08pm

Sounds a lot better than waiting around for 34 years, I also kind of wanted to know what password they were using but if I could reset it that would at least unlock the full potential of the chip. Thank you for the tip, I’ll start looking.

Ima_Wana_Be · March 11, 2021, 11:15pm

Well I may have made a mistake. I’m still looking through the forum trying to make it work but at the moment it seems to be locked into an indala ID and isn’t showing up when I try to do a t55 detect.

@TomHarkness rescue me please

anon7067117 · March 11, 2021, 11:32pm

Just FYI, Harkness hasn’t been seen around here since August 2020. Maybe somebody else can lend you a hand.
How is the coupling with the antenna?

Ima_Wana_Be · March 11, 2021, 11:42pm

What a ride these last few minutes have been, I’ve no idea what for sure worked but the last command I sent was “lf t55 deviceconfig -z” and that seems to have set me straight.

Thought for a moment I’d have to toss my card, thank you @anon7067117 I hadn’t even thought to check the profile page to see that last active date.

Pilgrimsmaster · March 12, 2021, 5:49am

This one from @fraggersparks also helped out somebody else recently ( Also based on @TomHarkness ’ work )