Chameleon TINY PRO HELP!

So I’m a noob that’s 15 months and about 1100$ into my RFID hobby. I finally got a chameleon tiny pro that works and a phone that can talk to it. I’ve been through one proxmark 3 easy that was either bricked or Idk, two chinameleon minis and a myriad of devices trying to find comparability with firmware that really was never really. Anyway I stuck to it and now can sniff and crack some keys (get a couple uids) after about a week of looking sketchy in front of door readers and although I am proud of my progress, without the ability to send the keys back to the readers they’re just numbers. My phone can only do very minimal RFID and NFC work (it can’t emulate or send at all). Can someone wall me through the commands for the chameleon tiny to emulate keys? Do I need to get a phone or a watch to send these keys back? Also a little bird told me you can use the chameleons to gain access to lime/bird skooters, was that a bunch of hooey? Anyway if someone can help a poor noon start crawling I’m sure I’ll be sprinting in no time. Thanks in advance! —T


The Chameleon Mini / Tiny will only replay UIDs, which will open dumb door locks, but not those that check the memory content or do encryption of any kind.

I highly doubt the Lime scooters work only with UIDs (didn’t even know they did NFC in fact).

The UID that gets replayed is the one stored in the current slot you have selected, provided it is set in emulation mode and not reader mode. It happens automatically when the Chameleon detects a reader.

Actually the chameleon can do more complicated reading but you have to have access to the card and reader for it to work. Basically you read the card, then play that back to the reader, capture the commands from the reader, play those back to the card, and so on. See This crash course

That’s how you edit your post


So setting the emulation task to the button is my only issue I guess, because thee isn’t an emulation option to set it to (its not worded like that at least). One last thing, what frequency (what portion of the RFID spectrum) would you specify as “dumb locks”. Sorry for the noob ass questions, this stuff doesn’t come easy to me, why I chose such a challenging " hobby" I have no idea, to be honest its more of a compulsive obsession now.

It’s not that they use a certain frequency, it’s more that they simply look at the UID of the card/fob/implant presented to them and check it against a list of approved UIDs.
There is no further validation done besides checking that number.

Think of it as using an simple password for login vs a more complex alphanumeric passward with 2FA on top.

I’ll just add that @anon3825968 has some crazy access setups so his bar for “dumb locks” might be much higher than mine.

1 Like

Actually my bar is very low: by dumb lock, I mean any lock that works by authenticating the UID alone - be it LF or HF (kind of a given for most LF locks). And there is also the odd ultra-dumb locks that only authenticates PART or the UID :slight_smile:

How to recognize them without even buying the lock? Easy: if the specs say “compatible with Mifare, NTAG and DESfire” or any combination thereof, there’s a very high chance it’s using only the common denominator of all those technologies, i.e. the UID alone.

The Chameleon too uses the common denominator. It would be nice if it fully emulated all of them standards, but it only has a teeny tiny processor and a bit of RAM, and it’s just not that smart (and yes, it does do replay, but that’s kind of dumb too).

Let me dig it out tomorrow, I’ll have a look at exactly what you need to set. I don’t have it around right now, and if I start rummaging around the house in the middle of the night, someone will get very pissed off with me :slight_smile:

Oh OK so it doesn’t matter what the mechanism is just if I the keys have been encrypted?

OK so with a surprisingly large amount of readers when in mifare 1k mode if you press toggle it will make the reader beep and flash green (was red) really quickly. It doesn’t seem like it unlocks tho, any one know what this means? Do I need to just pull the door the same time I press toggle? Usually when a key unlocks one of these doors it is for 3 seconds, and my chameleon seems to be providing 1 sec if that. Anyone??