Clone em410x tag with pm3 easy


yes that is a problem.

first possibility is the setting of a password on the T5577… the white cloners will often set a password… i think there is such a password that is basically universal across the white cloners which has been documented here on this forum, but I have no idea where… @Pilgrimsmaster might recall… he holds the entirety of this forum in his librarian mind :slight_smile:

the other issue with the white cloner is that it is known to some how “alter” the configuration of the T5577 in a way that is definitely not for the better… but I think (think) the wipe command may fix that… but you will need to use the wipe command with the password to actually wipe it.

1 Like

you could check this out and try it

the syntax may have changed since @TomHarkness found it, but the principle should be the same

1 Like



it looks like it’s the wrong password. none of the lf t5 detect commands works.
i get the error
[!] :warning: Could not detect modulation automatically. Try setting it manually with ‘lf t55xx config’

Here, try the Blue Cloner Password…Just incase

Again, the syntax may have changed, just follow through the prompts as the Proxmark steps you through it


I just had another thought :bulb:

Test mode !!!

@fraggersparks has a short guide here, It definitely may be worth a try on both the White Cloner AND the blue cloner passwords

it don’t works. i found a guide but is there a way to do the same without a gui?

Did we confirm that you don’t have mismatched firmware?

You are running this on a iOS correct?

no on a mac

if i follow the link i posted and saved the data i get this. i don’t have a gui and can’t analyse the waveform. can someone with a gui do that? here is the files

1 Like

@ Pilgrimsmaster
i reinstalled the pm3 client with gui. i get this image. how can i get the hex-data from the image?

Hi @jens you don’t need to do all that, just try using the commands @Pilgrimsmaster quoted;

Try and rewrite the bare config block 0 data using this command:

lf t55xx write b 0 d 000880E0 p 51243648 t

Then run a:

lf t55xx wipe

After this, see if you can run a:

lf t55 detect

and report back.


i can’t detect it at all now after success wipe and clone. i sniffed the password from the cloner but now no device detects it.
the passwords i found is

Ok so now try to write with a clone command

nothing happens

If you’d like to try doing a remote session we can see if your t5577 is recoverable…

Yes pls. how do we solve it in the best way? should I open up an ssh connection

Is that the latest version of iceman on your PM3 easy? If so, I believe they changed the command adding a (-) before the p.

Example: lf t55xx detect -p 12345678

Try that command with your different cloner passwords and see if anything happens.


@amal I have sent ssh account details to you And put the antenna.

1 Like

I just SSH’d to the machine and the firmware is compiled for an RDV4 not the PM3OTHER version… that could definitely be causing some problems.