hello. how can i clone a em 410x tag to a FlexMT with the pm3 easy? it dont works. here is the log.
[usb] pm3 → lf em 410x reader
[+] EM 410x ID 01083E049F
move to implant
[usb] pm3 → lf em 410x clone --id 01083E049F
[+] Preparing to clone EM4102 to T55x7 tag with ID 01083E049F (RF/64)
[#] Clock rate: 64
[#] Tag T55x7 written with 0xff806089ba04cbcc
[+] Done
[?] Hint: try lf em 410x reader to verify
[usb] pm3 → lf em 410x reader
[+] EM 410x ID 0005397FB1
My question is, does the T5577 chip ID seem to change if you try other IDs in your clone statement, or is it more that the ID of the T5577 is not changing at all?
Also what firmware are you using? Post hw ver command output.
[ CLIENT ]
client: RRG/Iceman/master/fde48cd 2021-04-15 20:46:27
compiled with Clang/LLVM Apple LLVM 12.0.0 (clang-1200.0.32.29) OS:OSX ARCH:x86_64
[ PROXMARK3 ]
firmware… PM3 GENERIC
[ ARM ]
bootrom: RRG/Iceman/master/fde48cd 2021-04-15 20:46:52
os: RRG/Iceman/master/fde48cd 2021-04-15 20:47:07
compiled with GCC 10.2.1 20201103 (release)
[ FPGA ]
LF image built for 2s30vq100 on 2020-07-08 at 23: 8: 7
HF image built for 2s30vq100 on 2020-07-08 at 23: 8:19
HF FeliCa image built for 2s30vq100 on 2020-07-08 at 23: 8:30
Hmm ok and where are you placing your t5577 disc on the proxmark3? Have you also tried putting some space between like 2cm to 5cm during the write process?
ok hmm… I think maybe its time to explore a wipe command on the T5577 to see if it can be wiped / changed
lf t5 wipe
Once run succesfully, the lf search command should fail to return anything… but the lf t5 detect should detect a T5577 chip. Keep in mind that write commands to the T5577 chip do not check themselves… the RF is output but the chip is not checked to confirm the write process succeeded… so you can’t assume a successful command execution means the chip has been successfully written to.
first possibility is the setting of a password on the T5577… the white cloners will often set a password… i think there is such a password that is basically universal across the white cloners which has been documented here on this forum, but I have no idea where… @Pilgrimsmaster might recall… he holds the entirety of this forum in his librarian mind
the other issue with the white cloner is that it is known to some how “alter” the configuration of the T5577 in a way that is definitely not for the better… but I think (think) the wipe command may fix that… but you will need to use the wipe command with the password to actually wipe it.
it looks like it’s the wrong password. none of the lf t5 detect commands works.
i get the error
[!] Could not detect modulation automatically. Try setting it manually with ‘lf t55xx config’
i can’t detect it at all now after success wipe and clone. i sniffed the password from the cloner but now no device detects it.
the passwords i found is
19920427
002F8F8F