amal
April 20, 2021, 8:58pm
8
ahhhhhhhh
yes that is a problem.
first possibility is the setting of a password on the T5577… the white cloners will often set a password… i think there is such a password that is basically universal across the white cloners which has been documented here on this forum, but I have no idea where… @Pilgrimsmaster might recall… he holds the entirety of this forum in his librarian mind
the other issue with the white cloner is that it is known to some how “alter” the configuration of the T5577 in a way that is definitely not for the better… but I think (think) the wipe command may fix that… but you will need to use the wipe command with the password to actually wipe it.
1 Like
amal:
might recall
maybe…
you could check this out and try it
the syntax may have changed since @TomHarkness found it, but the principle should be the same
Hi All,
Very quick post to get this out there.
I’ve been working to figure out the password that gets set by the well known WHITE Chinese cloner when writing to tags. A friend has a locked xEM implanted so there was some real motivation to get this password for him. There is one known pass already on the proxmark forum but unfortunately it is only for some very old models.
If you have an xEM that you have locked with the Cloner pictured and wish to be able to write to it with other devices. Y…
1 Like
jens
April 20, 2021, 10:22pm
11
it looks like it’s the wrong password. none of the lf t5 detect commands works.
i get the error
[!] Could not detect modulation automatically. Try setting it manually with ‘lf t55xx config’
Here, try the Blue Cloner Password…Just incase
Again, the syntax may have changed, just follow through the prompts as the Proxmark steps you through it
There are two changes that need to be made to your chip in order to set or remove a password. These changes are in block 7 (password) and block 0 (configuration data). Writing a password to block 7 does not activate password protection, it is only where the password is stored.
Start off with the command hw tune
[=] Measuring antenna characteristics, please wait...
[/] 9
[+] LF antenna: 36.58 V - 125.00 kHz
[+] LF antenna: 26.68 V - 134.83 kHz
[+] LF optimal: 36.44 V - 123.71 kHz
[+] LF antenn…
2 Likes
I just had another thought
Test mode !!!
@fraggersparks has a short guide here, It definitely may be worth a try on both the White Cloner AND the blue cloner passwords
One thing I see here; you haven’t used test mode to rewrite a config block to this tag? The summary you provided basically shows that, yes, you did the traceability data, but that’s only needed when you, specifically have used test mode. You don’t need to rewrite page 1 without it.
Try and rewrite the bare config block 0 data using this command:
lf t55xx write b 0 d 000880E0 p 51243648 t
Then run a:
lf t55xx wipe
After this, see if you can run a:
lf t55 trace
and report back.
jens
April 20, 2021, 11:56pm
14
Did we confirm that you don’t have mismatched firmware?
You are running this on a iOS correct?
jens
April 21, 2021, 10:06pm
17
if i follow the link i posted and saved the data i get this. i don’t have a gui and can’t analyse the waveform. can someone with a gui do that? here is the files
https://drive.google.com/drive/folders/1cHk0LUXESffEhAGYd4EnXPkQK1FO38rP?usp=sharing
1 Like
jens
April 22, 2021, 10:53pm
18
@ Pilgrimsmaster
i reinstalled the pm3 client with gui. i get this image. how can i get the hex-data from the image?
amal
April 23, 2021, 5:17pm
19
Hi @jens you don’t need to do all that, just try using the commands @Pilgrimsmaster quoted;
Try and rewrite the bare config block 0 data using this command:
lf t55xx write b 0 d 000880E0 p 51243648 t
Then run a:
lf t55xx wipe
After this, see if you can run a:
lf t55 detect
and report back.
2 Likes
jens
April 23, 2021, 7:55pm
20
amal:
51243648
i can’t detect it at all now after success wipe and clone. i sniffed the password from the cloner but now no device detects it.
the passwords i found is
19920427
002F8F8F
amal
April 23, 2021, 8:30pm
21
Ok so now try to write with a clone command
amal
April 23, 2021, 11:34pm
23
If you’d like to try doing a remote session we can see if your t5577 is recoverable…
jens
April 24, 2021, 3:46pm
24
Yes pls. how do we solve it in the best way? should I open up an ssh connection
Is that the latest version of iceman on your PM3 easy? If so, I believe they changed the command adding a (-) before the p.
Example: lf t55xx detect -p 12345678
Try that command with your different cloner passwords and see if anything happens.
2 Likes
jens
April 24, 2021, 11:11pm
26
@amal I have sent ssh account details to you And put the antenna.
1 Like
amal
April 27, 2021, 4:24pm
27
I just SSH’d to the machine and the firmware is compiled for an RDV4 not the PM3OTHER version… that could definitely be causing some problems.
2 Likes