Alright, my blank t5577 cards arrived (same chip as the xEM and NExT). I was able to clone a Kantech ioProx card to a t5577 card with minimal difficulty. I have not been able to write the same information to my NExT with my original proxmark3 using the stock antenna. If I am able to roll my own cylindrical antenna, I’ll come back and update this thread. Here is the rundown of how to perform the operation using the base repo found on this page:
-
Install and configure proxmark3 software/drivers
I set everything up on an up-to-date Ubuntu installation using this guide. -
Read ioProx card ID
Place the ioProx card on your proxmark antenna and run
lf search
The output will look something like this
Checking for known tags:00000000 0
11110000 1
01100110 1 facility
00000001 1 version
01100010 1 code1
11111110 1 code2
01001000 11 checksum
IO Prox XSF(01)66:25342 (007859a0362ff523) [48 crc ok]Valid IO Prox ID Found!Save the information in parentheses (007859a0362ff523) for later
-
Provision t5577 as an ioProx card
You need to configure block 0 on the t5577 chip to make it act like an ioProx card. Here is the data you’re going to write to that block.
00147040
I retrieved that from the page linked in my earlier post. You can break it down if you want. I started to, but I’m lazy and we’re splitting bytes here.Place your t5577 card on your proxmark antenna and run
lf t55xx write b 0 d 00147040 -
Clone ioProx card ID to t5577
Now you can clone the ID information. Copy that bit in the parentheses from earlier and run
lf io clone 007859a0362ff523
replace “007859a0362ff523” with your information
After that you’re done. I verified that it worked with the Kantech access control system at my work. The “security” on these things is atrocious. We pay like $8 for the damn ioProx cards, whereas I paid $1.25 for each of these blank t5577s.